chore(deps): update npm-minor by renovate[bot] · Pull Request #15 · guildkit/website

renovate · 2026-05-19T01:56:44Z

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
@astrojs/mdx (source)	`5.0.4` → `5.0.6`
@cloudflare/workers-types	`4.20260501.1` → `4.20260519.1`
@iconify-json/lucide	`1.2.105` → `1.2.108`
@tailwindcss/vite (source)	`4.2.4` → `4.3.0`
@types/node (source)	`24.12.2` → `24.12.4`
astro (source)	`6.2.1` → `6.3.5`
sanitize-html (source)	`2.17.3` → `2.17.4`
tailwindcss (source)	`4.2.4` → `4.3.0`
wrangler (source)	`4.87.0` → `4.92.0`

Release Notes

withastro/astro (@astrojs/mdx)

`v5.0.6`

Compare Source

Patch Changes

#16579 49e10e3 Thanks @igor-koop! - Fixes an issue where the smartypants option was ignored.

`v5.0.5`

Compare Source

Patch Changes

Updated dependencies [9256345]:
- @astrojs/markdown-remark@7.1.2

cloudflare/workerd (@cloudflare/workers-types)

tailwindlabs/tailwindcss (@tailwindcss/vite)

`v4.3.0`

Compare Source

Added

Add @container-size utility (#18901)
Add scrollbar-{auto,thin,none} utilities for scrollbar-width, and scrollbar-thumb-* / scrollbar-track-* color utilities for scrollbar-color (#19981, #20019)
Add scrollbar-gutter-* utilities (#20018)
Add zoom-* utilities (#20020)
Add tab-* utilities (#20022)
Allow using @variant with stacked variants (e.g. @variant hover:focus { … }) (#19996)
Allow using @variant with compound variants (e.g. @variant hover, focus { … }) (#19996)
Support --default(…) in --value(…) and --modifier(…) for functional @utility definitions (#19989)

Fixed

Ensure @plugin resolves package JavaScript entries instead of browser CSS entries when using @tailwindcss/vite (#19949)
Fix relative @import and @plugin paths resolving from the wrong directory when using @tailwindcss/vite (#19965)
Ensure CSS files containing @variant are processed by @tailwindcss/vite (#19966)
Resolve imports relative to base when result.opts.from is not provided when using @tailwindcss/postcss (#19980)
Canonicalization: preserve significant _ whitespace in arbitrary values (#19986)
Canonicalization: add parentheses when removing whitespace from arbitrary values would hurt readability (e.g. w-[calc(100%---spacing(60))] → w-[calc(100%-(--spacing(60)))]) (#19986)
Canonicalization: preserve the original unit in arbitrary values instead of normalizing to base units (e.g. -mt-[20in] → mt-[-20in], not mt-[-1920px]) (#19988)
Canonicalization: migrate arbitrary :has() variants from [&:has(…)] to has-[…] (#19991)
Upgrade: don’t migrate inline style attributes (e.g. style="flex-grow: 1" → style="flex-grow: 1", not style="grow: 1") (#19918)
Allow multiple @utility definitions with the same name but different value types (#19777)
Export missing PluginWithConfig type from tailwindcss/plugin to fix errors when inferring plugin config types (#19707)
Ensure start and end legacy utilities without values do not generate CSS (#20003)
Ensure --value(…) is required in functional @utility definitions (#20005)
Canonicalization: preserve required whitespace around operators in negated arbitrary values (e.g. -left-[(var(--a)+var(--b))]) (#20011)

withastro/astro (astro)

`v6.3.5`

Compare Source

Patch Changes

#16771 07c8805 Thanks @ematipico! - Fixes position prop on <Image> and <Picture> components breaking Content Security Policy (CSP).
#16593 50924ce Thanks @yanthomasdev! - Improves error messages with more consistent and correct writing.
#16757 5d661cd Thanks @astrobot-houston! - Fixes dev server serving stale content when SSR-only modules change (e.g. .astro files outside the project root in a monorepo, or dynamically imported components).

Previously, the astro:hmr-reload plugin returned an empty array after detecting SSR-only module changes, which prevented Vite's updateModules from propagating the invalidation to the SSR module runner. The runner's evaluated module cache stayed stale, so subsequent requests continued returning old content.

Now the plugin returns the SSR-only modules so Vite can process them through updateModules, which properly invalidates the module runner's cache and ensures fresh content on the next request.

`v6.3.4`

Compare Source

Patch Changes

#16723 0f10bfe Thanks @matthewp! - Adds fetchFile option to experimental.advancedRouting to customize or disable the entrypoint file

export default defineConfig({
  experimental: {
    advancedRouting: {
      fetchFile: 'fetch.ts',
    },
  },
});

#16723 0f10bfe Thanks @matthewp! - Fixes Hono cache() middleware to follow the standard wrapper pattern

#16723 0f10bfe Thanks @matthewp! - Adds App.Providers interface for typing custom context providers on Astro and ctx

declare namespace App {
  interface Providers {
    oauth: import('./lib/oauth').OAuthSession;
  }
}

#16723 0f10bfe Thanks @matthewp! - Adds FetchState.response property, set automatically after pages() or middleware() completes
```
const response = await middleware(state, (s) => pages(s));
console.log(state.response === response); // true
```

#16723 0f10bfe Thanks @matthewp! - Adds Fetchable type export for typing the advanced routing entrypoint

import type { Fetchable } from 'astro';

export default {
  async fetch(request) {
    return new Response('ok');
  },
} satisfies Fetchable;

#16572 4a5a077 Thanks @DORI2001! - Suppresses [WARN] Vite warning: unused imports from "@astrojs/internal-helpers/remote" during prerender builds. The package is now bundled alongside astro in the prerender environment, matching how it is handled in the SSR environment.
#16756 b6ee23d Thanks @astrobot-houston! - Fixes styles from Markdoc/MDX custom components not being extracted to <head> in the dev server when using the Cloudflare adapter with prerenderEnvironment: 'node' and rendering content through a wrapper component.
#16747 904d19a Thanks @astrobot-houston! - Fixes Astro action requests failing in astro dev when using the Cloudflare adapter with prerenderEnvironment: 'node' alongside a prerendered catch-all route such as [...page].astro.

Actions and other SSR POST endpoints now continue to work in dev instead of returning an HTTP 500 error.
#16701 3495ce4 Thanks @demaisj! - Fix Map and Set instances saved in a content collection being broken when retrieving entries.
#16614 fca1c32 Thanks @Eptagone! - Fixes entry.data type inference when a live collection is configured without a schema.
#16661 03b8f7f Thanks @ocavue! - Updates typescript to v6. No changes are needed from users.
#16681 c22770a Thanks @dotnetCarpenter! - Fixes an issue where SVG images with width="0" or height="0" incorrectly threw a NoImageMetadata error instead of being treated as valid dimensions.

`v6.3.3`

Compare Source

Patch Changes

#16737 bd84f33 Thanks @matthewp! - Fixes a reflected XSS vulnerability where slot names on hydrated components were not HTML-escaped in SSR output

`v6.3.2`

Compare Source

Patch Changes

#16675 11d4592 Thanks @ascorbic! - Fixes a regression where Astro.cache was undefined when experimental.cache was not configured.

The previous documented behavior is for Astro.cache to always be defined as a no-op shim: cache.set() warns once, cache.invalidate() throws and cache.enabled can be used to gate. This allows library and user code can call cache methods without conditional checks. The cache provider registration was being gated at the call site on experimental.cache being configured, which meant the disabled shim branch inside the provider was unreachable and the Astro.cache getter was never attached to the context.
#16691 0f0a4ce Thanks @matthewp! - Fixes HTMLElement is not defined error during HMR when using components with client-side scripts (e.g. Starlight <Tabs>) and the Cloudflare adapter
#16562 07529ec Thanks @matthewp! - Fixes non-prerendered routes failing when a dynamic prerendered route exists in the same project with prerenderEnvironment: 'node'
#16638 272185b Thanks @ematipico! - Fixes a bug where the Astro compiler wasn't freed at the end of the build. After the fix, the memory used by the compiler is now correctly freed at the end of the build.
#16544 d365c97 Thanks @matthewp! - Tightens isRemotePath() to reject control characters after a leading slash and fixes the dev image endpoint origin check
#16685 889e748 Thanks @farrosfr! - Improve validation messages for security.csp.directives when script-src or style-src are incorrectly placed in the directives array.
#16605 772f13a Thanks @rururux! - Fixes assetsPrefix not being available on build from astro:config/server.
#16556 f38dec7 Thanks @matthewp! - Rejects double-encoded URL paths with a 400 response instead of silently falling back to partial decoding
#16659 38bcb25 Thanks @jsparkdev! - Fixes & characters appearing as raw entity strings (e.g. &#38;) in <meta> tags when viewed in link previews or raw HTML.
Updated dependencies [d365c97, 9256345]:
- @astrojs/internal-helpers@0.9.1
- @astrojs/markdown-remark@7.1.2

`v6.3.1`

Compare Source

Patch Changes

#16646 15fbc41 Thanks @matthewp! - Fixes local images returning 404 on non-prerendered pages when using the generic image endpoint

`v6.3.0`

Compare Source

Minor Changes

#16366 d69f858 Thanks @matthewp! - Adds a new experimental.advancedRouting option that lets you take full control of Astro's request handling pipeline by creating a src/app.ts file in your project.

Today, Astro handles every incoming request through a fixed internal pipeline: trailing slash normalization, redirects, actions, middleware, page rendering, i18n, and so on. That pipeline works great for most sites, but as projects grow you often want to run your own logic between those steps — an auth check before rendering, a rate limiter before actions, custom logging around the whole stack. Advanced routing gives you that control.

When enabled, Astro looks for a src/app.ts file in your project. If it finds one, that file becomes the entrypoint for all server-rendered requests. You compose the pipeline yourself using the handlers Astro provides, and you can slot your own logic anywhere in the chain.

Enabling advanced routing

// astro.config.mjs
import { defineConfig } from 'astro/config';

export default defineConfig({
  experimental: {
    advancedRouting: true,
  },
});

Two ways to build your pipeline

Astro ships two entrypoints for advanced routing: astro/fetch and astro/hono.

astro/fetch is a low-level, framework-free API built on the Web Fetch standard. You create a FetchState from the incoming request, then call handler functions in sequence. Each handler takes the state, does its work, and returns a Response (or undefined to pass through). This is the core primitive that everything else is built on:

// src/app.ts
import {
  FetchState,
  trailingSlash,
  redirects,
  actions,
  middleware,
  pages,
  i18n,
} from 'astro/fetch';

export default {
  async fetch(request: Request) {
    const state = new FetchState(request);

    // Early exits — these return a Response only when they apply.
    const slash = trailingSlash(state);
    if (slash) return slash;

    const redirect = redirects(state);
    if (redirect) return redirect;

    const action = await actions(state);
    if (action) return action;

    // Middleware wraps page rendering; i18n post-processes the response.
    const response = await middleware(state, () => pages(state));
    return i18n(state, response);
  },
};

astro/hono wraps the same handlers as Hono middleware, so you can mix Astro's pipeline with Hono's ecosystem of middleware (logger, CORS, JWT, rate limiting, etc.) using the app.use() pattern you already know:

// src/app.ts
import { Hono } from 'hono';
import { getCookie } from 'hono/cookie';
import { logger } from 'hono/logger';
import { actions, middleware, pages, i18n } from 'astro/hono';

const app = new Hono();

app.use(logger());

// Auth gate — only runs for /dashboard routes.
app.use('/dashboard/*', async (c, next) => {
  const session = getCookie(c, 'session');
  if (!session) return c.redirect('/login');
  return next();
});

app.use(actions());
app.use(middleware());
app.use(pages());
app.use(i18n());

export default app;

Both approaches give you the same power — pick whichever fits your project. If you don't need a framework, astro/fetch keeps things minimal. If you want a rich middleware ecosystem, astro/hono gets you there with one import.

For more information on enabling and using this feature in your project, see the experimental advanced routing docs. To give feedback, or to keep up with its development, see the advanced routing RFC for more information and discussion.

#16366 d69f858 Thanks @matthewp! - Adds a consume() instance method to AstroCookies. This method marks the cookies as consumed and returns the Set-Cookie header values. After consumption, any subsequent set() calls will log a warning, since the headers have already been sent.

Previously this was only available as a static method AstroCookies.consume(cookies). The static method is now deprecated but kept for backward compatibility with existing adapters.
#16412 ba2d2e3 Thanks @0xbejaxer! - Add retry and error event handling for astro-island hydration import failures to reduce unrecoverable hydration errors on transient network failures.
#16582 885cd31 Thanks @Princesseuh! - Adds a new image.dangerouslyProcessSVG flag to optionally enable processing SVG inputs. For security reasons, Astro will no longer rasterizes SVG image sources by default in its default image service and endpoint.

Set image.dangerouslyProcessSVG: true to opt back into processing SVG inputs.
```
// astro.config.mjs
import { defineConfig } from 'astro/config';

export default defineConfig({
  // ...
  image: {
    dangerouslyProcessSVG: true,
  },
});
```
Note that this is a breaking change for users who were previously relying on Astro's default image service to rasterize SVG inputs, but it is a necessary change to improve security and prevent potential vulnerabilities.
#16519 1b1c218 Thanks @louisescher! - Adds support for redirecting URLs in remote image optimization.

Previously, when a remote image URL meant to be optimized by Astro led to a redirect, Astro would fail silently and ignore the redirect. Now, Astro tracks up to 10 redirects for these images. If any of the redirects are not covered by a pattern in image.remotePatterns or a domain in image.domains, Astro will fail with a helpful error message.

In the following example, the first image would be loaded successfully, while the second would lead to Astro throwing an error:
```
export default defineConfig({
  image: {
    domains: ['example.com', 'cdn.example.com'],
  },
});
```
```
{
  /* Redirects to https://cdn.example.com/assets/image.png: */
}
<Image
  src="https://example.com/assets/image.png"
  width="1920"
  height="1080"
  alt="An example image."
/>;

{
  /* Redirects to https://malicious.com/image.png: */
}
<Image
  src="https://example.com/bad-image.png"
  width="1920"
  height="1080"
  alt="An example image."
/>;
```
In cases where all redirects to HTTPS hosts should be trusted, the following configuration for image.remotePatterns can be used:
```
export default defineConfig({
  image: {
    remotePatterns: [
      {
        protocol: 'https',
      },
    ],
  },
});
```

Patch Changes

#16592 9c6efc5 Thanks @matthewp! - Escapes interpolated values in the dev server redirect HTML template, consistent with how the 404 template already handles them
#16585 78f305e Thanks @web-dev0521! - Fixes z.array(z.boolean()) in form actions incorrectly coercing the string "false" to true. Boolean array elements now use the same 'true'/'false' string comparison as single z.boolean() fields, so submitting ["false", "true", "false"] correctly parses as [false, true, false].
#16567 12a03f2 Thanks @matthewp! - Fixes deleted content collection entries persisting in getCollection() results during dev
#16595 ce9b25c Thanks @web-dev0521! - Fixes pushDirective in the CSP runtime duplicating the new directive once per existing non-matching directive. Calling insertDirective() (or otherwise pushing a directive whose name is not yet in the list) now appends it exactly once, and a directive that merges with a later existing entry no longer leaves an unmerged copy behind.
#16600 94e4b7c Thanks @web-dev0521! - Fixes Astro.preferredLocale returning the wrong value when i18n.locales mixes object-form entries ({ path, codes }) with string entries that normalize to the same locale. The first matching code in the configured locales order is now selected, matching the documented behavior.
#16591 cce20f7 Thanks @matthewp! - Uses a consistent generic error message in the image endpoint across all adapters
#16629 f54be80 Thanks @g-taki! - Fixes a bug where SSR responses in astro dev could crash with TypeError: this.logger.flush is not a function.
#16589 3740b24 Thanks @ArmandPhilippot! - Fixes an outdated code snippet in the documentation for session storage configuration.
Updated dependencies [354e231]:
- @astrojs/telemetry@3.3.2

`v6.2.2`

Compare Source

Patch Changes

#16292 00f48ee Thanks @p-linnane! - Fixes head metadata propagation in dev for adapters that load modules in the prerender Vite environment, such as @astrojs/cloudflare. The astro:head-metadata plugin previously only tracked the ssr environment, so maybeRenderHead() could fire inside an unrelated component's <template> element, trapping subsequent hoisted <style> blocks.
#16451 778865f Thanks @maximslo! - Fixes build crash when processing animated AVIF images. Sharp now gracefully passes through unsupported image formats instead of crashing during the build.
#16548 7214d3e Thanks @senutpal! - Fixes scoped styles applying to the wrong element when vite.css.transformer is set to 'lightningcss' and a selector uses a nested & inside :where(...), such as Tailwind v4's space-x-*, space-y-*, and divide-* utilities.
#16566 9ac96b4 Thanks @web-dev0521! - Fixes data-astro-prefetch="tap" not triggering when clicking nested elements (e.g. <span>, <img>, <svg>) inside an anchor tag.
#15994 1e70d18 Thanks @ossaidqadri! - Fix <style> compilation failure when importing Astro components via tsconfig path aliases
#16144 1cd6650 Thanks @fkatsuhiro! - Fixed a regression where .html was unexpectedly stripped from dynamic route parameters on non-page routes (.ts endpoints and redirects). This caused endpoints like /some/[...id].ts returning id: 'file.html' on getStaticPaths to not serve that file because the generated route (/some/file.html) would get matched as id: file that is not part of the list returned by getStaticPaths.
#16415 559c0fd Thanks @0xbejaxer! - Fix CSS traversal boundaries so pages with export const partial = true still contribute styles when imported as components by other pages.
#16516 17f1867 Thanks @fkatsuhiro! - Fixes an issue where the index route would return a 404 error when using a custom base path combined with trailingSlash: 'never'. This ensures that the home page and internal rewrites are correctly matched under these configurations.
#16515 280ec88 Thanks @jp-knj! - Fixes an issue where i18n.fallback pages with fallbackType: 'rewrite' were emitted with empty bodies during astro build.
#16565 7959798 Thanks @enjoyandlove! - Fixes session persistence when session.delete() is the first mutation in a request (no prior get, set, has, or keys). The session was marked dirty in memory, but persistence skipped the save because #data stayed undefined, so the backing store could still return the deleted key on the next request.
#16527 86fd80d Thanks @enjoyandlove! - Prevents script deduplication state from being consumed while rendering inert <template> contexts.
#16540 e59c637 Thanks @ascorbic! - Skips session storage reads when no session cookie is present. Previously, calling session.get() on a request without a session cookie would initialize the storage driver and make a read that was guaranteed to miss. On network-backed drivers this added latency and resource usage to every anonymous request.
#16517 6ab0b3c Thanks @adamchal! - Removes inline CSS for prerendered routes from the SSR manifest. The static HTML on disk already inlines those styles, and the SSR worker never renders prerendered routes, so the data was dead weight. Builds with many prerendered routes and build.inlineStylesheets: "always" (or "auto" with small stylesheets) will see a smaller SSR entry chunk, which reduces cold-start parse time on platforms like Cloudflare Workers.
#16509 d3d3557 Thanks @cyphercodes! - Fix conditional named slot callbacks receiving arguments from Astro.slots.render().
#16236 c6b068e Thanks @fkatsuhiro! - Fixes the position prop on <Image /> and <Picture /> components to correctly apply object-position styles
#16018 d14f47c Thanks @felmonon! - Fix defineLiveCollection() so LiveLoader data types declared as interfaces are accepted.

apostrophecms/apostrophe (sanitize-html)

`v2.17.4`

Changes

sanitize-html and launder now share a single implementation of naughtyHref, based on that which previously existed in sanitize-html.

Security

Security vulnerability: the xmp tag could be used to pass forbidden markup through sanitize-html, even when xmp itself is not explicitly allowed All users of sanitize-html should update immediately. Thanks to Vincenzo Turturro for reporting the vulnerability.

cloudflare/workers-sdk (wrangler)

`v4.92.0`

Compare Source

Minor Changes

#13670 506aa02 Thanks @elithrar! - Add wrangler artifacts commands for managing Artifacts repos and repo tokens.

This adds CLI support for the Artifacts control-plane workflows that were previously only available through the API. You can now list and inspect namespaces, create, list, inspect, and delete repos, and issue repo-scoped tokens when you need to authenticate git access.

The new commands support both human-readable output and --json output so they fit existing Wrangler automation patterns.
#13916 be8a98c Thanks @emily-shen! - Add --keep-vars flag to wrangler versions upload, matching the existing behavior in wrangler deploy. When set, environment variables configured via the dashboard are preserved rather than being deleted before the upload.

Patch Changes

#13926 19ed49a Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

The following dependency versions have been updated:

Dependency From To

workerd 1.20260511.1 1.20260515.1
#11471 3ff0a50 Thanks @HW13! - Improve wrangler types --env-interface for multi-worker projects.

Custom env interfaces generated by wrangler types no longer expand from Cloudflare.Env, avoiding some unintended type expansion when multiple workers' generated types are used together.
#13910 bf688f7 Thanks @timoconnellaus! - Fix Failed to fetch auth token: 401 Unauthorized from sibling-rotated refresh tokens

refreshToken previously used the refresh token from module-level localState, which is populated once at startup and never re-read. OAuth refresh tokens are single-use, so when a sibling wrangler process (in another repo, another shell, or a parallel script) refreshes first, it rotates the token server-side and writes the new value to the shared config file (~/Library/Preferences/.wrangler/config/default.toml on macOS). The long-lived process — typically wrangler dev — then sends its stale in-memory token on the next refresh and gets 401 Unauthorized from https://dash.cloudflare.com/oauth2/token, falling through to interactive login and timing out unattended.

refreshToken now calls reinitialiseAuthTokens() before exchanging, picking up the latest refresh token written by any sibling process. The previously empty catch {} also now logs the underlying error at debug level so future refresh failures are diagnosable without source-diving.
#13843 2e72c83 Thanks @nzws! - Fix wrangler versions secret put/delete/bulk to preserve the existing version's placement settings

When creating a new version via wrangler versions secret, the previous code only re-emitted a bare { mode: "smart" } placement when the API reported placement_mode === "smart", dropping any other placement entirely. The new version is now created with the placement settings returned by the API, so placement settings survive a secret put/delete/bulk round-trip.
#13908 802eaf4 Thanks @shiminshen! - fix: stop rewriting query strings that happen to contain the request Host

wrangler dev previously rewrote occurrences of the outer host inside request.url's query string. For example, a request to ?echo=https%3A%2F%2Fdevelopment.test%2Fpath with Host: development.test would be seen by the user worker as ?echo=https%3A%2F%2Fproduction.test%2Fpath, silently mutating opaque application data such as redirect_uri values in OAuth flows.

The proxy worker now sets the internal MF-Original-URL header after its blanket host-rewriting pass over request headers, so the URL passed to the user worker preserves the original query string.
#13827 8f5cdb1 Thanks @greyvugrin! - Fix multi-environment warning when CLOUDFLARE_ENV is set

Commands that warn when multiple environments are configured but none is specified (e.g. wrangler deploy, wrangler secret put) were not accounting for the CLOUDFLARE_ENV environment variable when deciding whether to show the warning. This caused a misleading warning to appear even when the target environment was correctly specified via CLOUDFLARE_ENV.
Updated dependencies [19ed49a]:
- miniflare@4.20260515.0

`v4.91.0`

Compare Source

Minor Changes

#13822 c8be316 Thanks @edmundhung! - Add named tunnel support and tunnel shortcuts to wrangler dev

You can now use wrangler dev --tunnel --tunnel-name <name> to start a dev session with an existing named Cloudflare Tunnel, or set --tunnel-name ahead of time and start it later by pressing t to start or close the tunnel. This gives you a stable public hostname for local development instead of the temporary trycloudflare.com URL used by Quick Tunnels.

Patch Changes

#13848 d4794a8 Thanks @MattieTK! - Condense repeated environment configuration warnings

Wrangler now summarises repeated missing vars and define entries in environment configuration warnings. Experimental unsafe warnings are also only emitted once when the field appears at both the top level and in the active environment.
#13894 58b4403 Thanks @dependabot! - Update dependencies of "miniflare", "wrangler"

The following dependency versions have been updated:

Dependency From To

workerd 1.20260508.1 1.20260511.1
#13780 4352f87 Thanks @matingathani! - Normalize legacy instance type aliases (standard → standard-1, dev → lite) to prevent phantom EDIT diffs on every deploy
#13834 a9e6741 Thanks @matingathani! - fix: hotkeys now work with Caps Lock enabled

Wrangler's dev server hotkeys (e.g. b to open browser and x to exit) did not respond when Caps Lock was enabled. These hotkeys now work consistently whether or not Caps Lock is on.
[#13750](https://redirect

✂ Note

PR body was truncated to here.

Configuration

📅 Schedule: (in timezone Asia/Tokyo)

Branch creation
- Between 09:00 AM and 09:59 AM, on day 1 of the month (* 9 1 * *)
Automerge
- At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

cloudflare-workers-and-pages · 2026-05-19T01:56:49Z

Deploying with Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	guildkit-website	`687a45f`	Commit Preview URL Branch Preview URL	May 19 2026, 02:03 AM

chore(deps): update npm-minor

687a45f

renovate Bot requested a review from phanect as a code owner May 19, 2026 01:56

renovate Bot added the deps label May 19, 2026

renovate Bot assigned phanect May 19, 2026

phanect merged commit 8c417b0 into main May 19, 2026
3 checks passed

phanect deleted the renovate/npm-minor branch May 19, 2026 02:15

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): update npm-minor#15

chore(deps): update npm-minor#15
phanect merged 1 commit into
mainfrom
renovate/npm-minor

renovate Bot commented May 19, 2026

Uh oh!

cloudflare-workers-and-pages Bot commented May 19, 2026 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

renovate Bot commented May 19, 2026

Release Notes

Patch Changes

Patch Changes

Added

Fixed

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Minor Changes

Enabling advanced routing

Two ways to build your pipeline

Patch Changes

Patch Changes

Changes

Security

Minor Changes

Patch Changes

Minor Changes

Patch Changes

Configuration

Uh oh!

cloudflare-workers-and-pages Bot commented May 19, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Deploying with Cloudflare Workers

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

cloudflare-workers-and-pages Bot commented May 19, 2026 •

edited

Loading