🚨 [security] Update astro 5.13.5 → 6.3.1 (major)

[depfu]

---

Welcome to Depfu 👋

This is one of the first three pull requests with dependency updates we've sent your way. We tried to start with a few easy patch-level updates. Hopefully your tests will pass and you can merge this pull request without too much risk. This should give you an idea how Depfu works in general.

After you merge your first pull request, we'll send you a few more. We'll never open more than seven PRs at the same time so you're not getting overwhelmed with updates.

Let us know if you have any questions. Thanks so much for giving Depfu a try!

---

---

🚨 Your current dependencies have known security vulnerabilities 🚨

This dependency update fixes known security vulnerabilities. Please see the details below and assess their impact carefully. We recommend to merge and deploy this as soon as possible!

---

Here is everything you need to know about this upgrade. Please take a good look at what changed and the test results before merging this pull request.

What changed?

✳️ astro (5.13.5 → 6.3.1) · Repo · Changelog

Security Advisories 🚨

🚨 Astro: Server island encrypted parameters vulnerable to cross-component replay

More info than we can show here.

🚨 Astro: XSS in define:vars via incomplete </script> tag sanitization

More info than we can show here.

🚨 Astro: Remote allowlist bypass via unanchored matchPathname wildcard

More info than we can show here.

🚨 Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765

More info than we can show here.

🚨 Astro's middleware authentication checks based on url.pathname can be bypassed via url encoded values

More info than we can show here.

🚨 Astro Development Server has Arbitrary Local File Read

More info than we can show here.

🚨 Astro vulnerable to reflected XSS via the server islands feature

More info than we can show here.

🚨 Astro Cloudflare adapter has Stored Cross-site Scripting vulnerability in /_image endpoint

More info than we can show here.

🚨 Astro development server error page is vulnerable to reflected Cross-site Scripting

More info than we can show here.

🚨 Astro vulnerable to URL manipulation via headers, leading to middleware and CVE-2025-61925 bypass

More info than we can show here.

🚨 Astro's bypass of image proxy domain validation leads to SSRF and potential XSS

More info than we can show here.

🚨 Astro's `X-Forwarded-Host` is reflected without validation

More info than we can show here.

Release Notes

Too many releases to show here. View the full release notes.

↗️ @​astrojs/markdown-remark (indirect, 6.3.6 → 7.1.1) · Repo

Sorry, we couldn't find anything useful about this release.

↗️ @​astrojs/prism (indirect, 3.3.0 → 4.0.1) · Repo

Sorry, we couldn't find anything useful about this release.

↗️ @​astrojs/telemetry (indirect, 3.3.0 → 3.3.2) · Repo · Changelog

Release Notes

3.3.2 (from changelog)

More info than we can show here.

3.3.1 (from changelog)

More info than we can show here.

Does any of this look wrong? Please let us know.

↗️ @​babel/parser (indirect, 7.28.5 → 7.29.3) · Repo · Changelog

Release Notes

7.29.3

More info than we can show here.

7.29.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ @​babel/types (indirect, 7.28.5 → 7.29.0) · Repo · Changelog

Release Notes

7.29.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ @​emnapi/runtime (indirect, 1.4.3 → 1.10.0) · Repo

Release Notes

1.10.0

More info than we can show here.

1.9.2

More info than we can show here.

1.9.1

More info than we can show here.

1.9.0

More info than we can show here.

1.8.1

More info than we can show here.

1.8.0

More info than we can show here.

1.7.1

More info than we can show here.

1.7.0

More info than we can show here.

1.6.0

More info than we can show here.

1.5.0

More info than we can show here.

1.4.5

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ @​jridgewell/sourcemap-codec (indirect, 1.5.0 → 1.5.5) · Repo · Changelog

↗️ @​rollup/pluginutils (indirect, 5.2.0 → 5.3.0) · Repo · Changelog

Release Notes

5.3.0 (from changelog)

More info than we can show here.

Does any of this look wrong? Please let us know.

↗️ @​types/debug (indirect, 4.1.12 → 4.1.13) · Repo

Sorry, we couldn't find anything useful about this release.

↗️ ci-info (indirect, 4.2.0 → 4.4.0) · Repo · Changelog

Release Notes

4.4.0

More info than we can show here.

4.3.1

More info than we can show here.

4.3.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ common-ancestor-path (indirect, 1.0.1 → 2.0.0) · Repo

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ cookie (indirect, 1.0.2 → 1.1.1) · Repo · Changelog

Release Notes

1.1.1

More info than we can show here.

1.1.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ cookie-es (indirect, 1.2.2 → 1.2.3) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ defu (indirect, 6.1.4 → 6.1.7) · Repo · Changelog

Security Advisories 🚨

🚨 defu: Prototype pollution via `__proto__` key in defaults argument

More info than we can show here.

Release Notes

6.1.7

More info than we can show here.

6.1.6

More info than we can show here.

6.1.5

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ detect-libc (indirect, 2.0.4 → 2.1.2) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ devalue (indirect, 5.6.0 → 5.8.0) · Repo · Changelog

Security Advisories 🚨

🚨 devalue has prototype pollution in devalue.parse and devalue.unflatten

More info than we can show here.

🚨 Sveltejs devalue's `devalue.parse` and `devalue.unflatten` emit objects with `__proto__` own properties

More info than we can show here.

🚨 devalue `uneval`ed code can create objects with polluted prototypes when `eval`ed

More info than we can show here.

🚨 devalue affected by CPU and memory amplification from sparse arrays

More info than we can show here.

🚨 Devalue is vulnerable to denial of service due to memory exhaustion in devalue.parse

More info than we can show here.

🚨 devalue vulnerable to denial of service due to memory/CPU exhaustion in devalue.parse

More info than we can show here.

Release Notes

5.8.0

More info than we can show here.

5.7.1

More info than we can show here.

5.7.0

More info than we can show here.

5.6.4

More info than we can show here.

5.6.3

More info than we can show here.

5.6.2

More info than we can show here.

5.6.1

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ diff (indirect, 5.2.0 → 8.0.4) · Repo

Security Advisories 🚨

🚨 jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch

More info than we can show here.

🚨 jsdiff has a Denial of Service vulnerability in parsePatch and applyPatch

More info than we can show here.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ es-module-lexer (indirect, 1.7.0 → 2.1.0) · Repo · Changelog

Release Notes

2.1.0

More info than we can show here.

2.0.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

⁉️ estree-walker (downgrade, 3.0.3 → 2.0.2) · Repo · Changelog

Release Notes

3.0.3 (from changelog)

More info than we can show here.

3.0.2 (from changelog)

More info than we can show here.

3.0.1 (from changelog)

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ eventemitter3 (indirect, 5.0.1 → 5.0.4) · Repo

Release Notes

5.0.4

More info than we can show here.

5.0.3

More info than we can show here.

5.0.2

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ h3 (indirect, 1.15.3 → 1.15.11) · Repo · Changelog

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ http-cache-semantics (indirect, 4.1.1 → 4.2.0) · Repo

Sorry, we couldn't find anything useful about this release.

↗️ is-docker (indirect, 3.0.0 → 4.0.0) · Repo

Release Notes

4.0.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ is-wsl (indirect, 3.1.0 → 3.1.1) · Repo

Release Notes

3.1.1

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ magic-string (indirect, 0.30.17 → 0.30.21) · Repo · Changelog

Release Notes

0.30.21

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ magicast (indirect, 0.3.5 → 0.5.2) · Repo · Changelog

Release Notes

0.5.2

More info than we can show here.

0.5.1

More info than we can show here.

0.5.0

More info than we can show here.

0.4.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ mdast-util-from-markdown (indirect, 2.0.2 → 2.0.3) · Repo

Release Notes

2.0.3

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ ofetch (indirect, 1.4.1 → 1.5.1) · Repo · Changelog

Release Notes

1.5.1

More info than we can show here.

1.5.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ p-limit (indirect, 6.2.0 → 7.3.0) · Repo

Release Notes

7.3.0

More info than we can show here.

7.2.0

More info than we can show here.

7.1.1

More info than we can show here.

7.1.0

More info than we can show here.

7.0.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ p-queue (indirect, 8.1.0 → 9.2.0) · Repo

Release Notes

9.2.0

More info than we can show here.

9.1.2

More info than we can show here.

9.1.1

More info than we can show here.

9.1.0

More info than we can show here.

9.0.1

More info than we can show here.

9.0.0

More info than we can show here.

8.1.1

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ p-timeout (indirect, 6.1.4 → 7.0.1) · Repo

Release Notes

7.0.1

More info than we can show here.

7.0.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ semver (indirect, 7.7.2 → 7.8.0) · Repo · Changelog

Release Notes

7.8.0

More info than we can show here.

7.7.4

More info than we can show here.

7.7.3

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ shiki (indirect, 3.12.2 → 4.0.2) · Repo · Changelog

Release Notes

Too many releases to show here. View the full release notes.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ smol-toml (indirect, 1.4.2 → 1.6.1) · Repo

Security Advisories 🚨

🚨 smol-toml: Denial of Service via TOML documents containing thousands of consecutive commented lines

More info than we can show here.

Release Notes

1.6.1

More info than we can show here.

1.6.0

More info than we can show here.

1.5.2

More info than we can show here.

1.5.1

More info than we can show here.

1.5.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ tinyexec (indirect, 0.3.2 → 1.1.2) · Repo

Release Notes

1.1.2

More info than we can show here.

1.1.1

More info than we can show here.

1.0.4

More info than we can show here.

1.0.3

More info than we can show here.

1.0.2

More info than we can show here.

1.0.1

More info than we can show here.

1.0.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ tinyglobby (indirect, 0.2.14 → 0.2.16) · Repo · Changelog

Release Notes

0.2.16

More info than we can show here.

0.2.15

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ ufo (indirect, 1.6.1 → 1.6.4) · Repo · Changelog

Release Notes

1.6.4

More info than we can show here.

1.6.3

More info than we can show here.

1.6.2

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ unist-util-visit (indirect, 5.0.0 → 5.1.0) · Repo

Release Notes

5.1.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ unist-util-visit-parents (indirect, 6.0.1 → 6.0.2) · Repo

Release Notes

6.0.2

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ vitefu (indirect, 1.0.7 → 1.1.3) · Repo · Changelog

Release Notes

1.1.3

More info than we can show here.

1.1.2

More info than we can show here.

1.1.1

More info than we can show here.

1.1.0

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

↗️ yocto-queue (indirect, 1.2.1 → 1.2.2) · Repo

Release Notes

1.2.2

More info than we can show here.

Does any of this look wrong? Please let us know.

Commits

See the full diff on Github. The new version differs by more commits than we can show here.

🆕 @​clack/core (added, 1.3.0)

🆕 @​clack/prompts (added, 1.3.0)

🆕 @​esbuild/openharmony-arm64 (added, 0.27.7)

🆕 @​img/colour (added, 1.1.0)

🆕 @​img/sharp-libvips-linux-ppc64 (added, 1.2.4)

🆕 @​img/sharp-libvips-linux-riscv64 (added, 1.2.4)

🆕 @​img/sharp-linux-ppc64 (added, 0.34.5)

🆕 @​img/sharp-linux-riscv64 (added, 0.34.5)

🆕 @​img/sharp-win32-arm64 (added, 0.34.5)

🆕 @​shikijs/primitive (added, 4.0.2)

🆕 boolbase (added, 1.0.0)

🆕 commander (added, 11.1.0)

🆕 css-select (added, 5.2.2)

🆕 css-tree (added, 3.2.1)

🆕 css-what (added, 6.2.2)

🆕 csso (added, 5.0.5)

🆕 dom-serializer (added, 2.0.0)

🆕 domelementtype (added, 2.3.0)

🆕 domhandler (added, 5.0.3)

🆕 domutils (added, 3.2.2)

🆕 fast-string-truncated-width (added, 3.0.3)

🆕 fast-string-width (added, 3.0.2)

🆕 fast-wrap-ansi (added, 0.2.0)

🆕 fontkitten (added, 1.0.3)

🆕 get-tsconfig (added, 5.0.0-beta.4)

🆕 mdn-data (added, 2.27.1)

🆕 nth-check (added, 2.1.1)

🆕 obug (added, 2.1.1)

🆕 piccolore (added, 0.1.3)

🆕 resolve-pkg-maps (added, 1.0.0)

🆕 sax (added, 1.6.0)

🆕 svgo (added, 4.0.1)

🆕 tinyclip (added, 0.1.12)

🗑️ @​swc/helpers (removed)

🗑️ @​types/fontkit (removed)

🗑️ ansi-align (removed)

🗑️ ansi-regex (removed)

🗑️ base-64 (removed)

🗑️ blob-to-buffer (removed)

🗑️ boxen (removed)

🗑️ brotli (removed)

🗑️ camelcase (removed)

🗑️ cli-boxes (removed)

🗑️ cross-fetch (removed)

🗑️ cssesc (removed)

🗑️ deterministic-object-hash (removed)

🗑️ dfa (removed)

🗑️ dlv (removed)

🗑️ emoji-regex (removed)

🗑️ fontkit (removed)

🗑️ get-east-asian-width (removed)

🗑️ import-meta-resolve (removed)

🗑️ pako (removed)

🗑️ prompts (removed)

🗑️ restructure (removed)

🗑️ string-width (removed)

🗑️ strip-ansi (removed)

🗑️ tsconfck (removed)

🗑️ type-fest (removed)

🗑️ unicode-properties (removed)

🗑️ unicode-trie (removed)

🗑️ unstorage (removed)

🗑️ widest-line (removed)

🗑️ wrap-ansi (removed)

🗑️ yocto-spinner (removed)

🗑️ yoctocolors (removed)

---

Depfu will automatically keep this PR conflict-free, as long as you don't add any commits to this branch yourself. You can also trigger a rebase manually by commenting with @depfu rebase.

All Depfu comment commands

@​depfu rebase

Rebases against your default branch and redoes this update

@​depfu recreate

Recreates this PR, overwriting any edits that you've made to it

@​depfu merge

Merges this PR once your tests are passing and conflicts are resolved

@​depfu cancel merge

Cancels automatic merging of this PR

@​depfu close

Closes this PR and deletes the branch

@​depfu reopen

Restores the branch and reopens this PR (if it's closed)

@​depfu pause

Ignores all future updates for this dependency and closes this PR

@​depfu pause [minor|major]

Ignores all future minor/major updates for this dependency and closes this PR

@​depfu resume

Future versions of this dependency will create PRs again (leaves this PR as is)

[llamapreview]

AI Code Review by LlamaPReview

🎯 TL;DR & Recommendation

Recommendation: Approve with suggestions

This PR updates Astro from 5.13.5 to 6.3.1, addressing multiple security vulnerabilities. However, the major version bump introduces speculative risks regarding define:vars usage, server output configuration, and a downgraded transitive dependency.

🌟 Strengths

• Fixes 11 security advisories, including XSS and authentication bypass.

Priority	File	Category	Impact Summary	Anchors
P2	package.json	Bug	define:vars pattern may break after upgrade	path:src/pages/index.astro
P2	package.json	Architecture	Server output config may cause blank pages	path:astro.config.mjs
P2	package.json	Maintainability	Downgraded estree-walker may break imports	-

🔍 Notable Themes

• Major upgrade verification needed: All three findings are speculative but highlight areas (inline scripts, config, transitive deps) that Astro 6 may affect differently. Manual testing and review of migration guides are recommended.

---

💡 Have feedback? We'd love to hear it in our GitHub Discussions.
✨ This review was generated by LlamaPReview Advanced, which is free for all open-source projects. Learn more.

[llamapreview]

P2 | Confidence: Medium

• Speculative: The major version bump from Astro 5 to 6 includes fixes for an XSS vulnerability in define:vars (GHSA-j687-52p2-xcff). The related context shows that src/pages/index.astro uses <script is:inline define:vars={{ COLLECTION_ID }}>. Astro 6 may have altered the parsing or sanitization of define:vars such that the current pattern (passing an object directly) could produce a different output or even a build error. Without a migration guide in this PR, there is a risk that the inline script will not behave as expected after the upgrade, potentially breaking the embed collection‑ID injection.

• Speculative: The MASTER_GUIDE.md (referenced in related context) shows an astro.config.mjs with output: 'server'. Astro 6 changed the default prerendering behavior and the semantics of the output option (e.g., the server mode now affects which pages are pre‑rendered by default, and the hybrid mode was refined). If the actual astro.config.mjs uses output: 'server' without an explicit adapter configuration or without updating to the new Astro 6 conventions, the deployment may exhibit incorrect server‑side rendering or routing, causing blank pages or 404s in production. This is speculative because the config file itself is not changed in the PR; we only see a reference in documentation.

• Speculative: The indirect dependency estree-walker is downgraded from 3.0.3 to 2.0.2. If any part of the application or its direct dependencies (e.g., a tool or plugin) imports estree-walker directly and uses APIs introduced in version 3 (e.g., baseWalk, asyncWalk), the downgrade may cause runtime errors or missing exports. No imports of estree-walker are found in the provided context, but the risk exists if a transitive dependency of astro itself had relied on the newer API. The downgrade is likely intentional by Astro 6, but a manual check of the lockfile and any custom build scripts is recommended.