chore: bump the minor-and-patch group across 2 directories with 3 updates

[dependabot]

Bumps the minor-and-patch group with 1 update in the /site directory: astro.
Bumps the minor-and-patch group with 2 updates in the /web directory: vue-router and jsdom.

Updates astro from 6.0.6 to 6.0.7

Release notes

Sourced from astro's releases.

astro@6.0.7

Patch Changes

• #15950 acce5e8 Thanks @​matthewp! - Fixes a build regression in projects with multiple frontend integrations where server:defer server islands could fail at runtime when all pages are prerendered.

• #15988 c93b4a0 Thanks @​ossaidqadri! - Fix styles from dynamically imported components not being injected on first dev server load.

• #15968 3e7a9d5 Thanks @​chasemccoy! - Fixes renderMarkdown in custom content loaders not resolving images in markdown content. Images referenced in markdown processed by renderMarkdown are now correctly optimized, matching the behavior of the built-in glob() loader.

• #15990 1e6017f Thanks @​ematipico! - Fixes an issue where Astro.currentLocale would always be the default locale instead of the actual one when using a dynamic route like [locale].astro or [locale]/index.astro. It now resolves to the correct locale from the URL.

• #15990 1e6017f Thanks @​ematipico! - Fixes an issue where visiting an invalid locale URL (e.g. /asdf/) would show the content of a dynamic [locale] page with a 404 status code, instead of showing your custom 404 page. Now, the correct 404 page is rendered when the locale in the URL doesn't match any configured locale.

• #15960 1d84020 Thanks @​matthewp! - Fixes Cloudflare dev server islands with prerenderEnvironment: 'node' by sharing the serialized manifest encryption key across dev environments and routing server island requests through the SSR runtime.

• #15735 9685e2d Thanks @​fa-sharp! - Fixes an EventEmitter memory leak when serving static pages from Node.js middleware.

  When using the middleware handler, requests that were being passed on to Express / Fastify (e.g. static files / pre-rendered pages / etc.) weren't cleaning up socket listeners before calling next(), causing a memory leak warning. This fix makes sure to run the cleanup before calling next().

Changelog

Sourced from astro's changelog.

6.0.7

Patch Changes

• #15950 acce5e8 Thanks @​matthewp! - Fixes a build regression in projects with multiple frontend integrations where server:defer server islands could fail at runtime when all pages are prerendered.

• #15988 c93b4a0 Thanks @​ossaidqadri! - Fix styles from dynamically imported components not being injected on first dev server load.

• #15968 3e7a9d5 Thanks @​chasemccoy! - Fixes renderMarkdown in custom content loaders not resolving images in markdown content. Images referenced in markdown processed by renderMarkdown are now correctly optimized, matching the behavior of the built-in glob() loader.

• #15990 1e6017f Thanks @​ematipico! - Fixes an issue where Astro.currentLocale would always be the default locale instead of the actual one when using a dynamic route like [locale].astro or [locale]/index.astro. It now resolves to the correct locale from the URL.

• #15990 1e6017f Thanks @​ematipico! - Fixes an issue where visiting an invalid locale URL (e.g. /asdf/) would show the content of a dynamic [locale] page with a 404 status code, instead of showing your custom 404 page. Now, the correct 404 page is rendered when the locale in the URL doesn't match any configured locale.

• #15960 1d84020 Thanks @​matthewp! - Fixes Cloudflare dev server islands with prerenderEnvironment: 'node' by sharing the serialized manifest encryption key across dev environments and routing server island requests through the SSR runtime.

• #15735 9685e2d Thanks @​fa-sharp! - Fixes an EventEmitter memory leak when serving static pages from Node.js middleware.

  When using the middleware handler, requests that were being passed on to Express / Fastify (e.g. static files / pre-rendered pages / etc.) weren't cleaning up socket listeners before calling next(), causing a memory leak warning. This fix makes sure to run the cleanup before calling next().

Commits

• 878791f [ci] release (#15985)
• 3e7a9d5 fix(content-layer): populate imagePaths in renderMarkdown metadata (#15968)
• acce5e8 Preserve renderers for discovered server islands (#15950)
• 1e6017f Refactor/unit tests part2 (#15990)
• 4741b09 test: actions, params and csrf to unit test (#15984)
• c93b4a0 Inject styles from dynamically imported components on first dev server load (...
• 9685e2d fix: EventEmitter memory leak when serving static pages from Node.js middlewa...
• 1d84020 fix(dev): route Cloudflare server islands through SSR runtime (#15960)
• See full diff in compare view

Updates vue-router from 5.0.3 to 5.0.4

Release notes

Sourced from vue-router's releases.

v5.0.4

   🐞 Bug Fixes

• Avoid iterator helpers for Node 20 compat  -  by @​cwandev in vuejs/router#2635 (47130)
• Escape backslahes in string literals  -  by @​posva (71fdb)
• Avoid false duplicate route warning for named views  -  by @​posva (72012)
• Allow pushing to auto routes  -  by @​posva (47f03)
• loaders: Restore context in sequential awaits  -  by @​posva (fce5d)

    View changes on GitHub

Commits

• 7f32e99 release: vue-router@5.0.4
• 9036228 docs: typos (#2651)
• 47f0334 fix: allow pushing to auto routes
• ad6ba73 docs: no auto import section
• f6923a5 build: include link and view in size computation
• fce5d1e fix(loaders): restore context in sequential awaits
• 9ab4cbf refactor: rename var
• d030f2a chore: playground
• 7b3dc27 docs(zh): add file-based routing related configuration documentation (#2643)
• 0a01948 chore: hide route details in playground
• Additional commits viewable in compare view

Updates jsdom from 29.0.0 to 29.0.1

Release notes

Sourced from jsdom's releases.

v29.0.1

• Fixed CSS parsing of border, background, and their sub-shorthands containing keywords or var(). (@​asamuzaK)
• Fixed getComputedStyle() to return a more functional CSSStyleDeclaration object, including indexed access support, which regressed in v29.0.0.

Commits

• 34c7d6e 29.0.1
• 8ffc811 Add benchmark for computed style property access
• 5f2434c Update dependencies and dev dependencies
• 1e8a7ff Handle global keywords in CSS shorthand property handlers
• 0b79509 Wrap getComputedStyle return value for proper indexed access
• d589a8e Fix border shorthand parsing
• e528859 Modernize release infrastructure
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for jsdom since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/astro	6.0.7	Unknown	Unknown
npm/jsdom	29.0.1	🟢 6.6	Details Check Score Reason Code-Review ⚠️ 2 Found 7/29 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Signed-Releases ⚠️ -1 no releases found Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy 🟢 10 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/undici	7.24.5	🟢 7.8	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Dependency-Update-Tool 🟢 10 update tool detected Security-Policy 🟢 9 security policy file detected Code-Review 🟢 4 Found 12/27 approved changesets -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 8 binaries present in source code CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 Vulnerabilities 🟢 10 0 existing vulnerabilities detected SAST 🟢 9 SAST tool detected but not run on all commits Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected License 🟢 10 license file detected CI-Tests 🟢 10 15 out of 15 merged PRs checked by a CI test -- score normalized to 10 Contributors 🟢 10 project has 81 contributing companies or organizations
npm/vue-router	5.0.4	🟢 5	Details Check Score Reason Code-Review ⚠️ 2 Found 6/30 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• site/package-lock.json
• web/package-lock.json

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	npm/​astro@​6.0.6 ⏵ 6.0.7	+1		+1	+1
	npm/​vue-router@​5.0.3 ⏵ 5.0.4	+8		+1
	npm/​jsdom@​29.0.0 ⏵ 29.0.1	+25		+1	+1

View full report