Skip to content

[pull] main from withastro:main#426

Merged
pull[bot] merged 6 commits intocode:mainfrom
withastro:main
Mar 6, 2026
Merged

[pull] main from withastro:main#426
pull[bot] merged 6 commits intocode:mainfrom
withastro:main

Conversation

@pull
Copy link

@pull pull bot commented Mar 6, 2026
edited
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

matthewp and others added 6 commits March 6, 2026 08:07
@matthewp
Use null-prototype object in AstroCookies fallback path (#15768)
6328f1a 
Co-authored-by: astro-security[bot] <astro-security[bot]@users.noreply.github.com>
@ematipico
refactor(tests): get static paths and redirects (#15737)
e9e3cce
@matthewp @ASTRO-BOT
Add security.serverIslandBodySizeLimit and shared body-reading utility (
f9ee868 
#15755)

* Harden server islands POST endpoint with body size limit

* Add security.serverIslandBodySizeLimit and extract shared body-reading utility

- Introduce security.serverIslandBodySizeLimit config option so server
  islands have their own body size limit separate from actions
- Extract readBodyWithLimit into a shared utility (core/request-body.ts)
  used by both actions and server islands, eliminating code duplication
- Update server islands endpoint to use the new config and shared utility
- Update actions runtime to use the shared utility while preserving
  ActionError behavior

* Fix hanging test: remove reader.cancel() and restore upfront Content-Length check

reader.cancel() hangs in Node.js when reading Request body streams in
the SSR build context. The original actions code never called it — just
throwing from inside the read loop is sufficient. Also restores the
upfront Content-Length check in parseRequestBody to match the original
control flow.

* Improve serverIslandBodySizeLimit JSDoc: fix version, clarify body contents

* Update changeset to minor with expanded description

---------

Co-authored-by: astro-bot <astro-bot@users.noreply.github.com>
@ematipico @sarah11918 @ArmandPhilippot
fix: provide client ip address to edge middlewares (#15781)
2de969d 
Co-authored-by: Sarah Rainsberger <5098874+sarah11918@users.noreply.github.com>
Co-authored-by: Armand Philippot <git@armand.philippot.eu>
@Princesseuh
feat: update basics template for Astro 6 (#15789)
088ae85
@florian-lefebvre
feat: tsconfig types like TS 5 (#15788)
a91da9f
@pull pull bot locked and limited conversation to collaborators Mar 6, 2026
@pull pull bot added the ⤵️ pull label Mar 6, 2026
@pull pull bot merged commit a91da9f into code:main Mar 6, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@matthewp @ematipico @Princesseuh @florian-lefebvre