Sourced from astro's releases.

astro@5.9.3

Patch Changes

• #13923 a9ac5ed Thanks @​ematipico! - BREAKING CHANGE to the experimental Content Security Policy (CSP) only

  Changes the behavior of experimental Content Security Policy (CSP) to now serve hashes differently depending on whether or not a page is prerendered:

  • Via the <meta> element for static pages.
  • Via the Response header content-security-policy for on-demand rendered pages.

  This new strategy allows you to add CSP content that is not supported in a <meta> element (e.g. report-uri, frame-ancestors, and sandbox directives) to on-demand rendered pages.

  No change to your project code is required as this is an implementation detail. However, this will result in a different HTML output for pages that are rendered on demand. Please check your production site to verify that CSP is working as intended.

  To keep up to date with this developing feature, or to leave feedback, visit the CSP Roadmap proposal.

• #13926 953a249 Thanks @​ematipico! - Adds a new Astro Adapter Feature called experimentalStaticHeaders to allow your adapter to receive the Headers for rendered static pages.

  Adapters that enable support for this feature can access header values directly, affecting their handling of some Astro features such as Content Security Policy (CSP). For example, Astro will no longer serve the CSP <meta http-equiv="content-security-policy"> element in static pages to adapters with this support.

  Astro will serve the value of the header inside a map that can be retrieved from the hook astro:build:generated. Adapters can read this mapping and use their hosting headers capabilities to create a configuration file.

  A new field called experimentalRouteToHeaders will contain a map of Map<IntegrationResolvedRoute, Headers> where the Headers type contains the headers emitted by the rendered static route.

  To enable support for this experimental Astro Adapter Feature, add it to your adapterFeatures in your adapter config:

  // my-adapter.mjs
  export default function createIntegration() {
    return {
      name: '@example/my-adapter',
      hooks: {
        'astro:config:done': ({ setAdapter }) => {
          setAdapter({
            name: '@example/my-adapter',
            serverEntrypoint: '@example/my-adapter/server.js',
            adapterFeatures: {
              experimentalStaticHeaders: true,
            },
          });
        },
      },
    };
  }
  

  See the Adapter API docs for more information about providing adapter features.

• #13697 af83b85 Thanks @​benosmac! - Fixes issues with fallback route pattern matching when i18n.routing.fallbackType is rewrite.

... (truncated)

Sourced from astro's changelog.

5.9.3

Patch Changes

• #13923 a9ac5ed Thanks @​ematipico! - BREAKING CHANGE to the experimental Content Security Policy (CSP) only

  Changes the behavior of experimental Content Security Policy (CSP) to now serve hashes differently depending on whether or not a page is prerendered:

  • Via the <meta> element for static pages.
  • Via the Response header content-security-policy for on-demand rendered pages.

  This new strategy allows you to add CSP content that is not supported in a <meta> element (e.g. report-uri, frame-ancestors, and sandbox directives) to on-demand rendered pages.

  No change to your project code is required as this is an implementation detail. However, this will result in a different HTML output for pages that are rendered on demand. Please check your production site to verify that CSP is working as intended.

  To keep up to date with this developing feature, or to leave feedback, visit the CSP Roadmap proposal.

• #13926 953a249 Thanks @​ematipico! - Adds a new Astro Adapter Feature called experimentalStaticHeaders to allow your adapter to receive the Headers for rendered static pages.

  Adapters that enable support for this feature can access header values directly, affecting their handling of some Astro features such as Content Security Policy (CSP). For example, Astro will no longer serve the CSP <meta http-equiv="content-security-policy"> element in static pages to adapters with this support.

  Astro will serve the value of the header inside a map that can be retrieved from the hook astro:build:generated. Adapters can read this mapping and use their hosting headers capabilities to create a configuration file.

  A new field called experimentalRouteToHeaders will contain a map of Map<IntegrationResolvedRoute, Headers> where the Headers type contains the headers emitted by the rendered static route.

  To enable support for this experimental Astro Adapter Feature, add it to your adapterFeatures in your adapter config:

  // my-adapter.mjs
  export default function createIntegration() {
    return {
      name: '@example/my-adapter',
      hooks: {
        'astro:config:done': ({ setAdapter }) => {
          setAdapter({
            name: '@example/my-adapter',
            serverEntrypoint: '@example/my-adapter/server.js',
            adapterFeatures: {
              experimentalStaticHeaders: true,
            },
          });
        },
      },
    };
  }
  

  See the Adapter API docs for more information about providing adapter features.

• #13697 af83b85 Thanks @​benosmac! - Fixes issues with fallback route pattern matching when i18n.routing.fallbackType is rewrite.

... (truncated)

• 0644b40 [ci] release (#13925)
• 337ace6 [ci] format
• 953a249 feat(csp): add static header adapter function (#13926)
• af83b85 fix: fallback and rewrite dynamic route pattern matching (#13697)
• 77ceb42 [ci] format
• a9ac5ed refactor(csp): change CSP behaviour (#13923)
• 1cd8c3b fix: isPrerendered now set correctly in static configured redirects. (#13924)
• 4d96bda [ci] release (#13915)
• d002995 [ci] format
• 423fe60 fix(csp): quotes and resources (#13919)
• Additional commits viewable in compare view

Sourced from eslint's releases.

v9.29.0

Features

• f686fcb feat: add ecmaVersion: 2026, parsing using and await using (#19832) (Milos Djermanovic)
• 19cdd22 feat: prune suppressions for non-existent files (#19825) (TKDev7)
• b3d720f feat: add ES2025 globals (#19835) (fisker Cheung)
• 677a283 feat: add auto-accessor fields support to class-methods-use-this (#19789) (sethamus)
• dbba058 feat: allow global type declaration in no-var (#19714) (Remco Haszing)
• 342bd29 feat: ignore type annotations in no-restricted-globals (#19781) (sethamus)
• 786bcd1 feat: add allowProperties option to no-restricted-properties (#19772) (sethamus)
• 05b66d0 feat: add sourceCode.isGlobalReference(node) method (#19695) (Nitin Kumar)

Bug Fixes

• 85c082c fix: explicit matching behavior with negated patterns and arrays (#19845) (Milos Djermanovic)
• 9bda4a9 fix: fix LintOptions.filterCodeBlock types (#19837) (ntnyq)
• 7ab77a2 fix: correct breaking deprecation of FlatConfig type (#19826) (Logicer)
• 1ba3318 fix: add language and dialects to no-use-before-define (#19808) (Francesco Trotta)

Documentation

• 00e3e6a docs: add support for custom name parameter to includeIgnoreFile (#19795) (루밀LuMir)
• 3aed075 docs: Update README (GitHub Actions Bot)
• a2f888d docs: enhance documentation with links and fix typos (#19761) (루밀LuMir)
• 53c3235 docs: update to clarify prompt usage (#19748) (Jennifer Davis)

Chores

• 5c114c9 chore: upgrade @​eslint/js@​9.29.0 (#19851) (Milos Djermanovic)
• acf2201 chore: package.json update for @​eslint/js release (Jenkins)
• a806994 refactor: Remove eslintrc from flat config functionality (#19833) (Nicholas C. Zakas)
• 152ed51 test: switch to flat config mode in code path analysis tests (#19824) (Milos Djermanovic)
• b647239 chore: Update first-party dependencies faster with Renovate (#19822) (Nicholas C. Zakas)
• 7abe42e refactor: SafeEmitter -> SourceCodeVisitor (#19708) (Nicholas C. Zakas)
• e392895 perf: improve time complexity of getLocFromIndex (#19782) (루밀LuMir)
• 0ed289c chore: remove accidentally committed file (#19807) (Francesco Trotta)

Sourced from eslint's changelog.

v9.29.0 - June 13, 2025

• 5c114c9 chore: upgrade @​eslint/js@​9.29.0 (#19851) (Milos Djermanovic)
• acf2201 chore: package.json update for @​eslint/js release (Jenkins)
• f686fcb feat: add ecmaVersion: 2026, parsing using and await using (#19832) (Milos Djermanovic)
• 85c082c fix: explicit matching behavior with negated patterns and arrays (#19845) (Milos Djermanovic)
• 00e3e6a docs: add support for custom name parameter to includeIgnoreFile (#19795) (루밀LuMir)
• 9bda4a9 fix: fix LintOptions.filterCodeBlock types (#19837) (ntnyq)
• a806994 refactor: Remove eslintrc from flat config functionality (#19833) (Nicholas C. Zakas)
• 19cdd22 feat: prune suppressions for non-existent files (#19825) (TKDev7)
• b3d720f feat: add ES2025 globals (#19835) (fisker Cheung)
• 677a283 feat: add auto-accessor fields support to class-methods-use-this (#19789) (sethamus)
• 3aed075 docs: Update README (GitHub Actions Bot)
• 7ab77a2 fix: correct breaking deprecation of FlatConfig type (#19826) (Logicer)
• a2f888d docs: enhance documentation with links and fix typos (#19761) (루밀LuMir)
• dbba058 feat: allow global type declaration in no-var (#19714) (Remco Haszing)
• 152ed51 test: switch to flat config mode in code path analysis tests (#19824) (Milos Djermanovic)
• b647239 chore: Update first-party dependencies faster with Renovate (#19822) (Nicholas C. Zakas)
• 7abe42e refactor: SafeEmitter -> SourceCodeVisitor (#19708) (Nicholas C. Zakas)
• 342bd29 feat: ignore type annotations in no-restricted-globals (#19781) (sethamus)
• e392895 perf: improve time complexity of getLocFromIndex (#19782) (루밀LuMir)
• 1ba3318 fix: add language and dialects to no-use-before-define (#19808) (Francesco Trotta)
• 786bcd1 feat: add allowProperties option to no-restricted-properties (#19772) (sethamus)
• 05b66d0 feat: add sourceCode.isGlobalReference(node) method (#19695) (Nitin Kumar)
• 53c3235 docs: update to clarify prompt usage (#19748) (Jennifer Davis)
• 0ed289c chore: remove accidentally committed file (#19807) (Francesco Trotta)

• edf232b 9.29.0
• c2414b6 Build: changelog update for 9.29.0
• 5c114c9 chore: upgrade @​eslint/js@​9.29.0 (#19851)
• acf2201 chore: package.json update for @​eslint/js release
• f686fcb feat: add ecmaVersion: 2026, parsing using and await using (#19832)
• 85c082c fix: explicit matching behavior with negated patterns and arrays (#19845)
• 00e3e6a docs: add support for custom name parameter to includeIgnoreFile (#19795)
• 9bda4a9 fix: fix LintOptions.filterCodeBlock types (#19837)
• a806994 refactor: Remove eslintrc from flat config functionality (#19833)
• 19cdd22 feat: prune suppressions for non-existent files (#19825)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions