chore(deps): bump astro from 4.13.2 to 4.13.4

[dependabot]

Bumps astro from 4.13.2 to 4.13.4.

Release notes

Sourced from astro's releases.

[email protected]

Patch Changes

• #11678 34da907 Thanks @​ematipico! - Fixes a case where omitting a semicolon and line ending with carriage return - CRLF - in the prerender option could throw an error.

• #11535 932bd2e Thanks @​matthewp! - Encrypt server island props

  Server island props are now encrypted with a key generated at build-time. This is intended to prevent accidentally leaking secrets caused by exposing secrets through prop-passing. This is not intended to allow a server island to be trusted to skip authentication, or to protect against any other vulnerabilities other than secret leakage.

  See the RFC for an explanation: https://github.com/withastro/roadmap/blob/server-islands/proposals/server-islands.md#props-serialization

• #11655 dc0a297 Thanks @​billy-le! - Fixes Astro Actions input validation when using default values with a form input.

• #11689 c7bda4c Thanks @​ematipico! - Fixes an issue in the Astro actions, where the size of the generated cookie was exceeding the size permitted by the Set-Cookie header.

[email protected]

Patch Changes

• #11653 32be549 Thanks @​florian-lefebvre! - Updates astro:env docs to reflect current developments and usage guidance

• #11658 13b912a Thanks @​bholmesdev! - Fixes orThrow() type when calling an Action without an input validator.

• #11603 f31d466 Thanks @​bholmesdev! - Improves user experience when render an Action result from a form POST request:

  • Removes "Confirm post resubmission?" dialog when refreshing a result.
  • Removes the ?_astroAction=NAME flag when a result is rendered.

  Also improves the DX of directing to a new route on success. Actions will now redirect to the route specified in your action string on success, and redirect back to the previous page on error. This follows the routing convention of established backend frameworks like Laravel.

  For example, say you want to redirect to a /success route when actions.signup succeeds. You can add /success to your action string like so:

  <form method="POST" action={'/success' + actions.signup}></form>

  • On success, Astro will redirect to /success.
  • On error, Astro will redirect back to the current page.

  You can retrieve the action result from either page using the Astro.getActionResult() function.

  Note on security

  This uses a temporary cookie to forward the action result to the next page. The cookie will be deleted when that page is rendered.

  ⚠ The action result is not encrypted. In general, we recommend returning minimal data from an action handler to a) avoid leaking sensitive information, and b) avoid unexpected render issues once the temporary cookie is deleted. For example, a login function may return a user's session id to retrieve from your Astro frontmatter, rather than the entire user object.

Changelog

Sourced from astro's changelog.

4.13.4

Patch Changes

• #11678 34da907 Thanks @​ematipico! - Fixes a case where omitting a semicolon and line ending with carriage return - CRLF - in the prerender option could throw an error.

• #11535 932bd2e Thanks @​matthewp! - Encrypt server island props

  Server island props are now encrypted with a key generated at build-time. This is intended to prevent accidentally leaking secrets caused by exposing secrets through prop-passing. This is not intended to allow a server island to be trusted to skip authentication, or to protect against any other vulnerabilities other than secret leakage.

  See the RFC for an explanation: https://github.com/withastro/roadmap/blob/server-islands/proposals/server-islands.md#props-serialization

• #11655 dc0a297 Thanks @​billy-le! - Fixes Astro Actions input validation when using default values with a form input.

• #11689 c7bda4c Thanks @​ematipico! - Fixes an issue in the Astro actions, where the size of the generated cookie was exceeding the size permitted by the Set-Cookie header.

4.13.3

Patch Changes

• #11653 32be549 Thanks @​florian-lefebvre! - Updates astro:env docs to reflect current developments and usage guidance

• #11658 13b912a Thanks @​bholmesdev! - Fixes orThrow() type when calling an Action without an input validator.

• #11603 f31d466 Thanks @​bholmesdev! - Improves user experience when render an Action result from a form POST request:

  • Removes "Confirm post resubmission?" dialog when refreshing a result.
  • Removes the ?_astroAction=NAME flag when a result is rendered.

  Also improves the DX of directing to a new route on success. Actions will now redirect to the route specified in your action string on success, and redirect back to the previous page on error. This follows the routing convention of established backend frameworks like Laravel.

  For example, say you want to redirect to a /success route when actions.signup succeeds. You can add /success to your action string like so:

  <form method="POST" action={'/success' + actions.signup}></form>

  • On success, Astro will redirect to /success.
  • On error, Astro will redirect back to the current page.

  You can retrieve the action result from either page using the Astro.getActionResult() function.

  Note on security

  This uses a temporary cookie to forward the action result to the next page. The cookie will be deleted when that page is rendered.

  ⚠ The action result is not encrypted. In general, we recommend returning minimal data from an action handler to a) avoid leaking sensitive information, and b) avoid unexpected render issues once the temporary cookie is deleted. For example, a login function may return a user's session id to retrieve from your Astro frontmatter, rather than the entire user object.

Commits

• 6bb0014 [ci] release (#11686)
• cb98b74 [ci] format
• c7bda4c fix(actions): save error stack trace in memory (#11689)
• 315ec07 fix(deps): update all non-major dependencies (#11674)
• f5616a8 [ci] format
• 932bd2e Encrypt server islands props (#11535)
• 5c9183a [ci] format
• dc0a297 Set action input default values from zod if FormData key is not present (#11655)
• 242be51 [ci] format
• 34da907 fix: make semicolon optional when detecting prerender option (#11678)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
website	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Aug 14, 2024 9:19pm

[semanticdiff-com]

Review changes with SemanticDiff.

Analyzed 1 of 2 files.

	Filename	Status
✔️	package.json	Analyzed
❔	yarn.lock	Unsupported file format

[dependabot]

Superseded by #557.