Bump the minor-updates group with 3 updates

[dependabot]

Bumps the minor-updates group with 3 updates: astro, svelte and @biomejs/biome.

Updates astro from 5.10.2 to 5.11.0

Release notes

Sourced from astro's releases.

astro@5.11.0

Minor Changes

• #13972 db8f8be Thanks @​ematipico! - Updates the NodeApp.match() function in the Adapter API to accept a second, optional parameter to allow adapter authors to add headers to static, prerendered pages.

  NodeApp.match(request) currently checks whether there is a route that matches the given Request. If there is a prerendered route, the function returns undefined, because static routes are already rendered and their headers cannot be updated.

  When the new, optional boolean parameter is passed (e.g. NodeApp.match(request, true)), Astro will return the first matched route, even when it's a prerendered route. This allows your adapter to now access static routes and provides the opportunity to set headers for these pages, for example, to implement a Content Security Policy (CSP).

Patch Changes

• #14029 42562f9 Thanks @​ematipico! - Fixes a bug where server islands wouldn't be correctly rendered when they are rendered inside fragments.

  Now the following examples work as expected:

  ---
  import { Cart } from '../components/Cart.astro';
  ---
  <>
  <Cart server:defer />
  </>
  <Fragment slot="rest">
  <Cart server:defer>
  <div slot="fallback">Not working</div>
  </Cart>
  </Fragment>

• #14017 8d238bc Thanks @​dmgawel! - Fixes a bug where i18n fallback rewrites didn't work in dynamic pages.

Changelog

Sourced from astro's changelog.

5.11.0

Minor Changes

• #13972 db8f8be Thanks @​ematipico! - Updates the NodeApp.match() function in the Adapter API to accept a second, optional parameter to allow adapter authors to add headers to static, prerendered pages.

  NodeApp.match(request) currently checks whether there is a route that matches the given Request. If there is a prerendered route, the function returns undefined, because static routes are already rendered and their headers cannot be updated.

  When the new, optional boolean parameter is passed (e.g. NodeApp.match(request, true)), Astro will return the first matched route, even when it's a prerendered route. This allows your adapter to now access static routes and provides the opportunity to set headers for these pages, for example, to implement a Content Security Policy (CSP).

Patch Changes

• #14029 42562f9 Thanks @​ematipico! - Fixes a bug where server islands wouldn't be correctly rendered when they are rendered inside fragments.

  Now the following examples work as expected:

  ---
  import { Cart } from '../components/Cart.astro';
  ---
  <>
  <Cart server:defer />
  </>
  <Fragment slot="rest">
  <Cart server:defer>
  <div slot="fallback">Not working</div>
  </Cart>
  </Fragment>

• #14017 8d238bc Thanks @​dmgawel! - Fixes a bug where i18n fallback rewrites didn't work in dynamic pages.

Commits

• 88b54d3 [ci] release (#14033)
• 42562f9 fix(render): server islands in fragments (#14029)
• db8f8be feat(node): experimental static headers (#13972)
• eb39f8e [ci] format
• 8d238bc fix i18n fallback rewrites failing in server mode (#14017)
• See full diff in compare view

Updates svelte from 5.34.8 to 5.35.6

Release notes

Sourced from svelte's releases.

svelte@5.35.6

Patch Changes

• chore: simplify reaction/source ownership tracking (#16333)

• chore: simplify internal component pop() (#16331)

svelte@5.35.5

Patch Changes

• fix: associate sources in Spring/Tween/SvelteMap/SvelteSet with correct reaction (#16325)

• fix: re-evaluate derived props during teardown (#16278)

svelte@5.35.4

Patch Changes

• fix: abort and reschedule effect processing after state change in user effect (#16280)

svelte@5.35.3

Patch Changes

• fix: account for mounting when select_option in attribute_effect (#16309)

• fix: do not proxify the value assigned to a derived (#16302)

svelte@5.35.2

Patch Changes

• fix: bump esrap (#16295)

svelte@5.35.1

Patch Changes

• feat: add parent hierarchy to __svelte_meta objects (#16255)

svelte@5.35.0

Minor Changes

• feat: add getAbortSignal() (#16266)

Patch Changes

• chore: simplify props (#16270)

svelte@5.34.9

Patch Changes

• fix: ensure unowned deriveds can add themselves as reactions while connected (#16249)

Changelog

Sourced from svelte's changelog.

5.35.6

Patch Changes

• chore: simplify reaction/source ownership tracking (#16333)

• chore: simplify internal component pop() (#16331)

5.35.5

Patch Changes

• fix: associate sources in Spring/Tween/SvelteMap/SvelteSet with correct reaction (#16325)

• fix: re-evaluate derived props during teardown (#16278)

5.35.4

Patch Changes

• fix: abort and reschedule effect processing after state change in user effect (#16280)

5.35.3

Patch Changes

• fix: account for mounting when select_option in attribute_effect (#16309)

• fix: do not proxify the value assigned to a derived (#16302)

5.35.2

Patch Changes

• fix: bump esrap (#16295)

5.35.1

Patch Changes

• feat: add parent hierarchy to __svelte_meta objects (#16255)

5.35.0

Minor Changes

• feat: add getAbortSignal() (#16266)

Patch Changes

... (truncated)

Commits

• ca1eb55 Version Packages (#16334)
• 6f0aec5 chore: simplify source ownership (#16333)
• 8da222f chore: simplify component pop (#16331)
• 0cafe34 chore: DRY out increment logic (#16332)
• c3361bf chore: remove component_context.d (#16330)
• 86b06cb chore: dry out transition get_options (#16329)
• 71ed9e4 chore: simplify/optimize source_ownership occurrence (#16328)
• fab2091 Version Packages (#16314)
• c9098bc fix: use state instead of source in reactive classes (#16239)
• 1404623 fix: re-evaluate derived props during teardown (#16278)
• Additional commits viewable in compare view

Updates @biomejs/biome from 2.0.6 to 2.1.1

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.1.1

2.1.1

Patch Changes

• #6781 9bbd34f Thanks @​siketyan! - Fixed the FileFeaturesResult interface in the WASM API was defined as a mapped object but the actual value was a Map object.

• #6761 cf3c2ce Thanks @​dyc3! - Fixed #6759, a false positive for noFocusedTests that was triggered by calling any function with the name fit on any object.

  The following code will now pass the noFocusedTests rule:

  import foo from "foo";
  foo.fit();

What's Changed

• ci: correct restore path of the artifact by @​siketyan in biomejs/biome#6780
• fix(wasm): serialize map as a plain object by @​siketyan in biomejs/biome#6781
• ci: release by @​github-actions in biomejs/biome#6779
• docs: update contribution guide and pull request template by @​ematipico in biomejs/biome#6664

Full Changelog: https://github.com/biomejs/biome/compare/@​biomejs/js-api@​2.0.1...@​biomejs/biome@​2.1.1

Biome CLI v2.1.0

2.1.0

Minor Changes

• #6512 0c0bf82 Thanks @​arendjr! - The rule noFloatingPromises can now detect floating arrays of Promises.

  Invalid examples

  // This gets flagged because the Promises are not handled.
  [1, 2, 3].map(async (x) => x + 1);

  Valid examples

  await Promise.all([1, 2, 3].map(async (x) => x + 1));

• #6637 6918085 Thanks @​arendjr! - Type inference is now able to handle the sequence operator (,), as well as post- and pre-update operators: ++.

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.1.1

Patch Changes

• #6781 9bbd34f Thanks @​siketyan! - Fixed the FileFeaturesResult interface in the WASM API was defined as a mapped object but the actual value was a Map object.

• #6761 cf3c2ce Thanks @​dyc3! - Fixed #6759, a false positive for noFocusedTests that was triggered by calling any function with the name fit on any object.

  The following code will now pass the noFocusedTests rule:

  import foo from "foo";
  foo.fit();

2.1.0

Minor Changes

• #6512 0c0bf82 Thanks @​arendjr! - The rule noFloatingPromises can now detect floating arrays of Promises.

  Invalid examples

  // This gets flagged because the Promises are not handled.
  [1, 2, 3].map(async (x) => x + 1);

  Valid examples

  await Promise.all([1, 2, 3].map(async (x) => x + 1));

• #6637 6918085 Thanks @​arendjr! - Type inference is now able to handle the sequence operator (,), as well as post- and pre-update operators: ++.

  Example

  let x = 5;
  // We now infer that x++ resolves to a number, while the expression as a whole
  // becomes a Promise:
  x++, new Promise((resolve) => resolve("comma"));

• #6752 c9eaca4 Thanks @​arendjr! - Fixed #6646: .gitignore files are now picked up even when running Biome from a nested directory, or when the ignore file itself is ignored through files.includes.

• #6746 90aeead Thanks @​arendjr! - biome migrate no longer enables style rules that were recommended in v1, because that would be undesirable for users upgrading from 2.0.

... (truncated)

Commits

• eb62b71 ci: release (#6779)
• dcce75a ci: release (#6582)
• 1bfb5bb docs: fix typos in CHANGELOG & CONTRIBUTING (#6721)
• cd4a9bb feat(biome_js_analyse): added new option to rule to ignore unused function pa...
• 43d871e fix(formatter): trailing commas in json files (#6683)
• aee9ec7 fix(biome-js-analyze): move no_secrets options inside biome-rules-opt… (#6672)
• 74d27b9 refactor: share lint rule options (#5543)
• 1804abf Merge branch 'main' into next
• 153eda7 feat(biome_js_analyse): added new rule noMagicNumbers (#6562)
• 392b861 Merge branch 'main' into next
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
blog	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jul 11, 2025 0:47am

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml