chore(deps): bump the dependencies group in /website with 2 updates

[dependabot]

Bumps the dependencies group in /website with 2 updates: astro and sharp.

Updates astro from 5.15.7 to 5.15.8

Release notes

Sourced from astro's releases.

astro@5.15.8

Patch Changes

• #14772 00c579a Thanks @​matthewp! - Improves the security of Server Islands slots by encrypting them before transmission to the browser, matching the security model used for props. This improves the integrity of slot content and prevents injection attacks, even when component templates don't explicitly support slots.

  Slots continue to work as expected for normal usage—this change has no breaking changes for legitimate requests.

• #14771 6f80081 Thanks @​matthewp! - Fix middleware pathname matching by normalizing URL-encoded paths

  Middleware now receives normalized pathname values, ensuring that encoded paths like /%61dmin are properly decoded to /admin before middleware checks. This prevents potential security issues where middleware checks might be bypassed through URL encoding.

Changelog

Sourced from astro's changelog.

5.15.8

Patch Changes

• #14772 00c579a Thanks @​matthewp! - Improves the security of Server Islands slots by encrypting them before transmission to the browser, matching the security model used for props. This improves the integrity of slot content and prevents injection attacks, even when component templates don't explicitly support slots.

  Slots continue to work as expected for normal usage—this change has no breaking changes for legitimate requests.

• #14771 6f80081 Thanks @​matthewp! - Fix middleware pathname matching by normalizing URL-encoded paths

  Middleware now receives normalized pathname values, ensuring that encoded paths like /%61dmin are properly decoded to /admin before middleware checks. This prevents potential security issues where middleware checks might be bypassed through URL encoding.

Commits

• 60af4d0 [ci] release (#14773)
• 9874fcc [ci] format
• 00c579a server islands - encrypted slots (#14772)
• 6f80081 Fix middleware pathname matching by normalizing URL-encoded paths (#14771)
• See full diff in compare view

Updates sharp from 0.34.4 to 0.34.5

Release notes

Sourced from sharp's releases.

v0.34.5

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag. #4458

• Add support for BigTIFF output. #4459 @​throwbi

• Improve error messaging when only warnings issued. #4465

• Simplify ICC processing when retaining input profiles. #4468

v0.34.5-rc.1

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag. #4458

• Add support for BigTIFF output. #4459 @​throwbi

• Improve error messaging when only warnings issued. #4465

• Simplify ICC processing when retaining input profiles. #4468

v0.34.5-rc.0

• Upgrade to libvips v8.17.3 for upstream bug fixes.

• Add experimental support for prebuilt Linux RISC-V 64-bit binaries.

• Support building from source with npm v12+, deprecate --build-from-source flag. #4458

• Add support for BigTIFF output. #4459 @​throwbi

• Improve error messaging when only warnings issued. #4465

... (truncated)

Commits

• e062456 Release v0.34.5
• 6450c70 Prerelease v0.34.5-rc.1
• f7c95d1 TypeScript: consolidate a few enum-like properties
• ef86a75 Prerelease v0.34.5-rc.0
• 6c1e840 Use structured binding for tuples where possible
• e1628d8 Simplify ICC processing when retaining input profiles #4468
• 4f9f817 Linter: apply all recommended biome settings
• 09d5aa8 Docs: update internal and libvips doc links
• 040b73c Upgrade to libvips v8.17.3
• 1f2f33d Ensure licensing headers are retained by code bundlers
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[cloudflare-workers-and-pages]

Deploying htmlhint with    Cloudflare Pages

Latest commit:	df806dd
Status:	⚡️  Build in progress...

View logs