[Snyk] Upgrade astro from 3.0.13 to 4.12.2

[snyk-io]

Snyk has created this PR to upgrade astro from 3.0.13 to 4.12.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 141 versions ahead of your current version.

• The recommended version was released on 23 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Access Control Bypass SNYK-JS-VITE-6182924	89	Proof of Concept
	Uncontrolled resource consumption SNYK-JS-BRACES-6838727	89	Proof of Concept
	Inefficient Regular Expression Complexity SNYK-JS-MICROMATCH-6838728	89	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ZOD-5925617	89	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-ASTRO-7547139	89	No Known Exploit
	Cross-Site Scripting (XSS) SNYK-JS-VITE-6098386	89	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	89	Proof of Concept
	Improper Input Validation SNYK-JS-POSTCSS-5926692	89	No Known Exploit
	Heap-based Buffer Overflow SNYK-JS-SHARP-5922108	89	Mature
	Improper Access Control SNYK-JS-VITE-6531286	89	Proof of Concept
	Information Exposure SNYK-JS-UNDICI-5962466	89	No Known Exploit
	Permissive Cross-domain Policy with Untrusted Domains SNYK-JS-UNDICI-6252336	89	No Known Exploit
	Improper Access Control SNYK-JS-UNDICI-6564963	89	No Known Exploit
	Improper Authorization SNYK-JS-UNDICI-6564964	89	No Known Exploit

Release notes

Package name: astro

• 4.12.2 - 2024-07-19
  

  Patch Changes

  • #11505 8ff7658 Thanks @ ematipico! - Enhances the dev server logging when rewrites occur during the lifecycle or rendering.

    The dev server will log the status code before and after a rewrite:

    08:16:48 [404] (rewrite) /foo/about 200ms
    08:22:13 [200] (rewrite) /about 23ms

  • #11506 026e8ba Thanks @ sarah11918! - Fixes typo in documenting the slot="fallback" attribute for Server Islands experimental feature.

  • #11508 ca335e1 Thanks @ cramforce! - Escapes HTML in serialized props

  • #11501 4db78ae Thanks @ martrapp! - Adds the missing export for accessing the getFallback() function of the client site router.

• 4.12.1 - 2024-07-18
• 4.12.0 - 2024-07-18
• 4.11.6 - 2024-07-17
• 4.11.5 - 2024-07-03
• 4.11.4 - 2024-07-03
• 4.11.3 - 2024-06-26
• 4.11.2 - 2024-06-26
• 4.11.1 - 2024-06-24
• 4.11.0 - 2024-06-20
• 4.10.3 - 2024-06-17
• 4.10.2 - 2024-06-11
• 4.10.1 - 2024-06-08
• 4.10.0 - 2024-06-06
• 4.9.3 - 2024-06-05
• 4.9.2 - 2024-05-27
• 4.9.1 - 2024-05-23
• 4.9.0 - 2024-05-23
• 4.8.7 - 2024-05-22
• 4.8.6 - 2024-05-17
• 4.8.5 - 2024-05-16
• 4.8.4 - 2024-05-15
• 4.8.3 - 2024-05-13
• 4.8.2 - 2024-05-09
• 4.8.1 - 2024-05-09
  

  Patch Changes

  • #11567 d27cf6d Thanks @ ascorbic! - Logs underlying error when a template cannot be downloaded
• 4.8.0 - 2024-05-09
• 4.7.1 - 2024-05-02
• 4.7.0 - 2024-04-25
• 4.6.4 - 2024-04-23
• 4.6.3 - 2024-04-18
• 4.6.2 - 2024-04-16
• 4.6.1 - 2024-04-12
• 4.6.0 - 2024-04-11
• 4.5.18 - 2024-04-10
• 4.5.17 - 2024-04-09
• 4.5.16 - 2024-04-04
• 4.5.15 - 2024-04-03
• 4.5.14 - 2024-04-02
• 4.5.13 - 2024-04-02
• 4.5.12 - 2024-03-28
• 4.5.11 - 2024-03-28
• 4.5.10 - 2024-03-26
• 4.5.9 - 2024-03-22
• 4.5.8 - 2024-03-20
• 4.5.7 - 2024-03-20
• 4.5.6 - 2024-03-18
• 4.5.5 - 2024-03-15
• 4.5.4 - 2024-03-14
• 4.5.3 - 2024-03-13
• 4.5.2 - 2024-03-12
• 4.5.1 - 2024-03-11
• 4.5.0 - 2024-03-11
• 4.4.15 - 2024-03-08
• 4.4.14 - 2024-03-07
• 4.4.13 - 2024-03-06
• 4.4.12 - 2024-03-06
• 4.4.11 - 2024-03-04
• 4.4.10 - 2024-03-04
• 4.4.9 - 2024-03-02
• 4.4.8 - 2024-03-01
• 4.4.7 - 2024-03-01
• 4.4.6 - 2024-02-28
• 4.4.5 - 2024-02-26
• 4.4.4 - 2024-02-23
• 4.4.3 - 2024-02-22
• 4.4.2 - 2024-02-21
• 4.4.1 - 2024-02-20
  

  Patch Changes

  • #11624 7adb350 Thanks @ bluwy! - Prevents throwing errors when checking if a component is a Solid component in runtime
• 4.4.0 - 2024-02-15
• 4.3.7 - 2024-02-13
• 4.3.6 - 2024-02-12
• 4.3.5 - 2024-02-07
• 4.3.4 - 2024-02-07
• 4.3.3 - 2024-02-06
• 4.3.2 - 2024-02-02
• 4.3.1 - 2024-02-01
• 4.3.0 - 2024-02-01
• 4.2.8 - 2024-01-31
• 4.2.7 - 2024-01-30
• 4.2.6 - 2024-01-26
• 4.2.5 - 2024-01-26
• 4.2.4 - 2024-01-24
• 4.2.3 - 2024-01-22
• 4.2.2 - 2024-01-22
• 4.2.1 - 2024-01-18
• 4.2.0 - 2024-01-18
• 4.1.3 - 2024-01-16
• 4.1.2 - 2024-01-11
• 4.1.1 - 2024-01-05
• 4.1.0 - 2024-01-04
• 4.0.9 - 2024-01-02
• 4.0.8 - 2023-12-27
• 4.0.7 - 2023-12-20
• 4.0.6 - 2023-12-15
• 4.0.5 - 2023-12-14
• 4.0.4 - 2023-12-11
• 4.0.3 - 2023-12-06
• 4.0.2 - 2023-12-06
• 4.0.1 - 2023-12-05
• 4.0.0 - 2023-12-05
• 4.0.0-beta.7 - 2023-12-04
• 4.0.0-beta.6 - 2023-12-04
• 4.0.0-beta.5 - 2023-12-04
• 4.0.0-beta.4 - 2023-12-01
• 4.0.0-beta.3 - 2023-12-01
• 4.0.0-beta.2 - 2023-11-29
• 4.0.0-beta.1 - 2023-11-28
• 4.0.0-beta.0 - 2023-11-27
• 3.6.5 - 2024-03-01
• 3.6.4 - 2023-11-30
• 3.6.3 - 2023-11-28
• 3.6.2 - 2023-11-28
  

  Patch Changes

  • #11624 7adb350 Thanks @ bluwy! - Prevents throwing errors when checking if a component is a React component in runtime
• 3.6.1 - 2023-11-27
  

  Patch Changes

  • #11571 1c3265a Thanks @ bholmesdev! - BREAKING CHANGE to the experimental Actions API only. Install the latest @ astrojs/react integration as well if you're using React 19 features.

    Make .safe() the default return value for actions. This means { data, error } will be returned when calling an action directly. If you prefer to get the data while allowing errors to throw, chain the .orThrow() modifier.

    import { actions } from 'astro:actions';

    // Before
    const { data, error } = await actions.like.safe();
    // After
    const { data, error } = await actions.like();

    // Before
    const newLikes = await actions.like();
    // After
    const newLikes = await actions.like.orThrow();

    Migration

    To migrate your existing action calls:

    • Remove .safe from existing safe action calls
    • Add .orThrow to existing unsafe action calls

  • #11570 84189b6 Thanks @ bholmesdev! - BREAKING CHANGE to the experimental Actions API only. Install the latest @ astrojs/react integration as well if you're using React 19 features.

    Updates the Astro Actions fallback to support action={actions.name} instead of using getActionProps(). This will submit a form to the server in zero-JS scenarios using a search parameter:

    ---
    import { actions } from 'astro:actions';
    ---

    <form action={actions.logOut}>
    <!--output: action="?_astroAction=logOut"-->
    <button>Log Out</button>
    </form>

    You may also construct form action URLs using string concatenation, or by using the URL() constructor, with the an action's .queryString property:

    ---
    import { actions } from 'astro:actions';
    
    const confirmationUrl = new URL('/confirmation', Astro.url);
    confirmationUrl.search = actions.queryString;
    ---

    <form method="POST" action={confirmationUrl.pathname}>
    <button>Submit</button>
    </form>

    Migration

    getActionProps() is now deprecated. To use the new fallback pattern, remove the getActionProps() input from your form and pass your action function to the form action attribute:

    ---
    import {
    actions,
    - getActionProps,
    } from 'astro:actions';
    ---

  + <form method="POST" action={actions.logOut}>
  - <form method="POST">
  - <input {...getActionProps(actions.logOut)} />
  <button>Log Out</button>
  </form>

3.6.0 - 2023-11-22

3.5.7 - 2023-11-21

3.5.6 - 2023-11-21

3.5.5 - 2023-11-16

3.5.4 - 2023-11-14

3.5.3 - 2023-11-12

3.5.2 - 2023-11-10

3.5.1 - 2023-11-10

3.5.0 - 2023-11-09

3.4.4 - 2023-11-08

3.4.3 - 2023-11-02

3.4.2 - 2023-11-01

3.4.1 - 2023-11-01

3.4.0 - 2023-10-26

3.3.4 - 2023-10-24

3.3.3 - 2023-10-23

3.3.2 - 2023-10-18

3.3.1 - 2023-10-16

3.3.0 - 2023-10-12

3.2.4 - 2023-10-10

3.2.3 - 2023-10-05

3.2.2 - 2023-10-02

3.2.1 - 2023-10-02

3.2.0 - 2023-09-28

3.1.4 - 2023-09-25

3.1.3 - 2023-09-25

3.1.2 - 2023-09-21

3.1.1 - 2023-09-19

3.1.0 - 2023-09-14

3.0.13 - 2023-09-12

from astro GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.