Bump astro, @astrojs/cloudflare and @astrojs/mdx

[dependabot]

Bumps astro, @astrojs/cloudflare and @astrojs/mdx. These dependencies needed to be updated together.
Updates astro from 5.16.8 to 6.3.1

Release notes

Sourced from astro's releases.

astro@6.3.1

Patch Changes

• #16646 15fbc41 Thanks @​matthewp! - Fixes local images returning 404 on non-prerendered pages when using the generic image endpoint

astro@6.3.0

Minor Changes

• #16366 d69f858 Thanks @​matthewp! - Adds a new experimental.advancedRouting option that lets you take full control of Astro's request handling pipeline by creating a src/app.ts file in your project.

  Today, Astro handles every incoming request through a fixed internal pipeline: trailing slash normalization, redirects, actions, middleware, page rendering, i18n, and so on. That pipeline works great for most sites, but as projects grow you often want to run your own logic between those steps — an auth check before rendering, a rate limiter before actions, custom logging around the whole stack. Advanced routing gives you that control.

  When enabled, Astro looks for a src/app.ts file in your project. If it finds one, that file becomes the entrypoint for all server-rendered requests. You compose the pipeline yourself using the handlers Astro provides, and you can slot your own logic anywhere in the chain.

  Enabling advanced routing

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  export default defineConfig({
  experimental: {
  advancedRouting: true,
  },
  });

  Two ways to build your pipeline

  Astro ships two entrypoints for advanced routing: astro/fetch and astro/hono.

  astro/fetch is a low-level, framework-free API built on the Web Fetch standard. You create a FetchState from the incoming request, then call handler functions in sequence. Each handler takes the state, does its work, and returns a Response (or undefined to pass through). This is the core primitive that everything else is built on:

  // src/app.ts
  import {
    FetchState,
    trailingSlash,
    redirects,
    actions,
    middleware,
    pages,
    i18n,
  } from 'astro/fetch';
  export default {
  async fetch(request: Request) {
  const state = new FetchState(request);
  // Early exits — these return a Response only when they apply.

... (truncated)

Changelog

Sourced from astro's changelog.

6.3.1

Patch Changes

• #16646 15fbc41 Thanks @​matthewp! - Fixes local images returning 404 on non-prerendered pages when using the generic image endpoint

6.3.0

Minor Changes

• #16366 d69f858 Thanks @​matthewp! - Adds a new experimental.advancedRouting option that lets you take full control of Astro's request handling pipeline by creating a src/app.ts file in your project.

  Today, Astro handles every incoming request through a fixed internal pipeline: trailing slash normalization, redirects, actions, middleware, page rendering, i18n, and so on. That pipeline works great for most sites, but as projects grow you often want to run your own logic between those steps — an auth check before rendering, a rate limiter before actions, custom logging around the whole stack. Advanced routing gives you that control.

  When enabled, Astro looks for a src/app.ts file in your project. If it finds one, that file becomes the entrypoint for all server-rendered requests. You compose the pipeline yourself using the handlers Astro provides, and you can slot your own logic anywhere in the chain.

  Enabling advanced routing

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  export default defineConfig({
  experimental: {
  advancedRouting: true,
  },
  });

  Two ways to build your pipeline

  Astro ships two entrypoints for advanced routing: astro/fetch and astro/hono.

  astro/fetch is a low-level, framework-free API built on the Web Fetch standard. You create a FetchState from the incoming request, then call handler functions in sequence. Each handler takes the state, does its work, and returns a Response (or undefined to pass through). This is the core primitive that everything else is built on:

  // src/app.ts
  import {
    FetchState,
    trailingSlash,
    redirects,
    actions,
    middleware,
    pages,
    i18n,
  } from 'astro/fetch';
  export default {
  async fetch(request: Request) {
  const state = new FetchState(request);

... (truncated)

Commits

• 868892b [ci] release (#16651)
• 8abfc7d [ci] format
• 15fbc41 Skip isRemoteAllowed check for local images in generic endpoint (#16646)
• 4886184 test: merge astro-assets-prefix test files into one (#16645)
• c397908 [ci] format
• 5311b78 test: parallel testing (#16382)
• 2ffa0ba [ci] release (#16596)
• c68a9da fix(docs): missing version and verb tense (#16632)
• f54be80 fix(logger): add flush/close to AstroIntegrationLogger (#16629)
• 9c6efc5 Escape interpolated values in redirect HTML template (#16592)
• Additional commits viewable in compare view

Updates @astrojs/cloudflare from 12.6.12 to 13.5.0

Release notes

Sourced from @​astrojs/cloudflare's releases.

@​astrojs/cloudflare@​13.5.0

Minor Changes

• #16639 4d72482 Thanks @​ematipico! - The adapter now depends on Astro 6.3.0.

@​astrojs/cloudflare@​13.4.0

Minor Changes

• #16519 1b1c218 Thanks @​louisescher! - Adds support for redirecting URLs in remote image optimization.

  Previously, when a remote image URL meant to be optimized by Astro led to a redirect, Astro would fail silently and ignore the redirect. Now, Astro tracks up to 10 redirects for these images. If any of the redirects are not covered by a pattern in image.remotePatterns or a domain in image.domains, Astro will fail with a helpful error message.

  In the following example, the first image would be loaded successfully, while the second would lead to Astro throwing an error:

  export default defineConfig({
    image: {
      domains: ['example.com', 'cdn.example.com'],
    },
  });

  {
    /* Redirects to https://cdn.example.com/assets/image.png: */
  }
  <Image
    src="https://example.com/assets/image.png"
    width="1920"
    height="1080"
    alt="An example image."
  />;
  {
  /* Redirects to https://malicious.com/image.png: */
  }
  <Image
  src="https://example.com/bad-image.png"
  width="1920"
  height="1080"
  alt="An example image."
  />;

  In cases where all redirects to HTTPS hosts should be trusted, the following configuration for image.remotePatterns can be used:

  export default defineConfig({
    image: {
      remotePatterns: [

... (truncated)

Changelog

Sourced from @​astrojs/cloudflare's changelog.

13.5.0

Minor Changes

• #16639 4d72482 Thanks @​ematipico! - The adapter now depends on Astro 6.3.0.

13.4.0

Minor Changes

• #16519 1b1c218 Thanks @​louisescher! - Adds support for redirecting URLs in remote image optimization.

  Previously, when a remote image URL meant to be optimized by Astro led to a redirect, Astro would fail silently and ignore the redirect. Now, Astro tracks up to 10 redirects for these images. If any of the redirects are not covered by a pattern in image.remotePatterns or a domain in image.domains, Astro will fail with a helpful error message.

  In the following example, the first image would be loaded successfully, while the second would lead to Astro throwing an error:

  export default defineConfig({
    image: {
      domains: ['example.com', 'cdn.example.com'],
    },
  });

  {
    /* Redirects to https://cdn.example.com/assets/image.png: */
  }
  <Image
    src="https://example.com/assets/image.png"
    width="1920"
    height="1080"
    alt="An example image."
  />;
  {
  /* Redirects to https://malicious.com/image.png: */
  }
  <Image
  src="https://example.com/bad-image.png"
  width="1920"
  height="1080"
  alt="An example image."
  />;

  In cases where all redirects to HTTPS hosts should be trusted, the following configuration for image.remotePatterns can be used:

  export default defineConfig({

... (truncated)

Commits

• 45e50e4 [ci] release (#16641)
• 4d72482 fix: bump adapters after changes from advanced routing (#16639)
• 2ffa0ba [ci] release (#16596)
• d69f858 Advanced Routing - Experimental (#16366)
• 1b1c218 feat: Support redirects on external image URLs (#16519)
• 5a8cd09 refactor: update tsconfig to use TypeScript project references (#16505)
• 3f67b84 [ci] release (#16545)
• 409f6ef fix(frontmatter): preserve strings and comments when replacing top-le… (#16552)
• 7666bcd fix(cloudflare): fix static assets and prerendered pages 404ing when base i...
• 7746a13 fix(cloudflare): preserve existing KV namespace bindings when injecting SESSI...
• Additional commits viewable in compare view

Updates @astrojs/mdx from 4.3.13 to 5.0.4

Release notes

Sourced from @​astrojs/mdx's releases.

@​astrojs/mdx@​5.0.4

Patch Changes

• Updated dependencies [f3485c3]:
  • @​astrojs/markdown-remark@​7.1.1

@​astrojs/mdx@​5.0.3

Patch Changes

• Updated dependencies [10a1a5a]:
  • @​astrojs/markdown-remark@​7.1.0

Changelog

Sourced from @​astrojs/mdx's changelog.

5.0.4

Patch Changes

• Updated dependencies [f3485c3]:
  • @​astrojs/markdown-remark@​7.1.1

5.0.3

Patch Changes

• Updated dependencies [10a1a5a]:
  • @​astrojs/markdown-remark@​7.1.0

5.0.2

Patch Changes

• #15864 d3c7de9 Thanks @​florian-lefebvre! - Removes temporary support for Node >=20.19.1 because Stackblitz now uses Node 22 by default

• Updated dependencies []:

  • @​astrojs/markdown-remark@​7.0.1

5.0.1

Patch Changes

• #15934 6f8f0bc Thanks @​ematipico! - Updates the Astro peerDependencies#astro to be 6.0.0.

5.0.0

Major Changes

• #14494 727b0a2 Thanks @​florian-lefebvre! - Updates Markdown heading ID generation - (v6 upgrade guidance)

• #14427 e131261 Thanks @​florian-lefebvre! - Increases minimum Node.js version to 22.12.0 - (v6 upgrade guidance)

• #14445 ecb0b98 Thanks @​florian-lefebvre! - Astro v6.0 upgrades to Vite v7.0 as the development server and production bundler - (v6 upgrade guidance)

Patch Changes

• #15187 bbb5811 Thanks @​matthewp! - Update to Astro 6 beta

• #15475 36fc0e0 Thanks @​delucis! - Fixes edge cases where an export const components = {...} declaration would fail to be detected with the optimize option enabled

• #15264 11efb05 Thanks @​florian-lefebvre! - Lower the Node version requirement to allow running on Stackblitz until it supports v22

• Updated dependencies [bbb5811, cb99214, 80f0225, 727b0a2, 1fa4177, 7c55f80, 6f19ecc, f94d3c5]:

  • @​astrojs/markdown-remark@​7.0.0

... (truncated)

Commits

• 21ca872 [ci] release (#16399)
• 99464ed Bump vite, picomatch, and unstorage to latest patch versions (#16448)
• f7566b8 refactor: unify test setup (#16445)
• 8e13469 refactor(mdx): add SpyIntegrationLogger for test (#16384)
• 50f0dce refactor(mdx): migrate tests to typescript (#16359)
• 7454854 fix(astro): Fix isHTMLString check failing in multi-realm environments (#16...
• ade6f51 refactor(mdx): more unit tests, less integrations (#16158)
• 88fcc98 fix integrations links across docs (#16098)
• 4a6ff2a [ci] release (#16020)
• a2c15bb fix(deps): update astro dependencies (#15913)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
❌ Deployment failed View logs	mock	5c04a41	May 13 2026, 11:20 AM

[dependabot]

Superseded by #20.