⬆️ Update astro monorepo (major)

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
astro (source)	^4.0.0 → ^7.0.0

---

Release Notes

withastro/astro (astro)

v7.0.2

Compare Source

Patch Changes

• Updated dependencies [3b5e994]:
  • @​astrojs/markdown-satteri@​0.3.2

v7.0.1

Compare Source

Patch Changes

• #​17151 ccceda3 Thanks @​matthewp! - Fixes astro dev incorrectly starting in background mode for Warp terminal users. Hybrid environments like Warp are no longer treated as AI agents for auto-background detection.

• #​17158 164df87 Thanks @​ematipico! - Fixes astro dev --background --host not listing the network addresses. The background server start output and astro dev status now show every exposed network URL, matching the foreground dev server.

• #​17141 d785b9d Thanks @​astrobot-houston! - Fixes responsive image CSS overriding user styles defined inside CSS @layer blocks. The generated image styles are now wrapped in @layer astro.images, ensuring they have lower cascade priority than user-defined layers.

• #​17150 1a61386 Thanks @​matthewp! - Fixes astro dev --background failing on Windows with "Failed to spawn background dev server process"

v7.0.0

Compare Source

Major Changes

• #​15819 cafec4e Thanks @​delucis! - Upgrade to Vite v8

• #​16965 57ead0d Thanks @​Princesseuh! - Makes 'jsx' the default value for compressHTML

  Astro now strips whitespace from your HTML using JSX rules by default, the same way frameworks like React do. Whitespace and line breaks around elements are removed, but meaningful whitespace within a single line — like a space between two inline elements — is preserved. To keep a space that would otherwise be removed, write it explicitly in your source, for example with {" "}.

  This can change rendered output where whitespace between inline elements was previously meaningful. To keep Astro's earlier behavior, set compressHTML: true for HTML-aware compression, or compressHTML: false to preserve all whitespace.

• #​16610 c63e7e4 Thanks @​matthewp! - Adds background dev server management for AI coding agents.

  When an AI coding agent is detected, astro dev now automatically starts the dev server as a detached background process. This prevents the dev server from blocking the agent's terminal and allows it to continue working while the server runs.

  A lock file (.astro/dev.json) is written when the dev server starts, recording the server's URL, port, and PID. This prevents duplicate servers from being started for the same project.

New flag and subcommands

• astro dev --background — Start the dev server as a background process (this is what runs automatically when an agent is detected).
• astro dev stop — Stop a running background dev server.
• astro dev status — Check if a dev server is running and display its URL, PID, and uptime.
• astro dev logs — View logs from a background dev server. Use --follow (-f) to stream new output as it's written.

These allow you to start and manage dev servers programmatically and were designed with AI coding agents in mind.

What should I do?

No action is required. If you are not using an AI coding agent, astro dev behaves exactly as before. If you are using an agent, background mode is enabled automatically — the agent will receive the server URL and PID, and can use astro dev stop to shut it down.

To opt out of automatic background mode when an agent is detected, set the environment variable ASTRO_DEV_BACKGROUND=0 before running astro dev.

• #​17010 0606073 Thanks @​ocavue! - Removes the @astrojs/db package as it is no longer maintained.

  The @astrojs/db package were deprecated in v6.4.5 and is now removed. This means the astro db, astro login, astro logout, astro link, and astro init CLI commands have also been removed.

  If you were using Astro DB in your project, remove @astrojs/db from your project's dependencies and replace it with one of the following alternatives:

  • Node.js built-in SQLite: Node.js now includes a built-in node:sqlite module (available since Node.js v22.5.0). This is a good option if you are using the Node.js adapter and were using @astrojs/db for local SQLite storage.
  • Drizzle ORM: If you were using @astrojs/db for its Drizzle-based schema and query API, you can use Drizzle directly with any supported database.
  • Other database libraries: Use any database library that suits your deployment platform (e.g. Turso, PlanetScale, Neon).

• #​16462 c30a778 Thanks @​Princesseuh! - Replaces the Go compiler with a Rust-based version.

  The Rust-based Astro compiler (@astrojs/compiler-rs) is now the default compiler. This new compiler is faster and more reliable, leading to faster build times and iteration cycles during development.

  This new compiler is more strict regarding invalid syntax. For example, unclosed HTML tags will now throw an error instead of being ignored. It also does not attempt to correct semantically invalid HTML anymore, instead leaving it to the browser to handle, similar to other tools or document.write() in JavaScript.

  The previous Go-based compiler has been removed, along with the experimental.rustCompiler flag used to opt into the Rust compiler. If you were setting experimental.rustCompiler in your astro.config.mjs, you can now remove it. No other action is required.

• #​16966 6650ec2 Thanks @​Princesseuh! - Makes Sätteri the default Markdown processor

  Astro now renders .md files with satteri() from @astrojs/markdown-satteri, its native Markdown pipeline, instead of the remark/rehype pipeline. @astrojs/markdown-remark is no longer installed by default.

  To keep using the remark/rehype pipeline, install @astrojs/markdown-remark and set it as your processor:

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  import { unified } from '@​astrojs/markdown-remark';
  
  export default defineConfig({
    markdown: {
      processor: unified(),
    },
  });

  The deprecated markdown.remarkPlugins, markdown.rehypePlugins, and markdown.remarkRehype options still work, but now require @astrojs/markdown-remark to be used.

• #​16877 3b7d76e Thanks @​matthewp! - Enables advanced routing by default.

  The advanced routing feature introduced behind a flag in v6.3.0 is no longer experimental and is now enabled by default.

  This gives full control over how requests flow through your application, with first-class support for frameworks like Hono.

  Advanced routing now uses src/fetch.ts as default entrypoint instead of src/app.ts.

  If you were previously using this feature without a custom entrypoint, please configure fetchFile or rename your entrypoint to src/fetch.ts, and then remove the experimental flag from your Astro config:

  import { defineConfig } from 'astro/config';
  
  export default defineConfig({
    experimental {
  -    advancedRouting: true,
    },
  +  fetchFile: 'app.ts' // optional, you only need this if you cannot rename your entrypoint.
  });

  fetchFile is now a top-level config option instead of being nested under experimental.advancedRouting. If you were using a custom entrypoint, please update your Astro config to move its configuration:

  // astro.config.mjs
  export default defineConfig({
  -  experimental: {
  -    advancedRouting: {
  -      fetchFile: 'my-custom-entrypoint.ts',
  -    },
  -  },
  +  fetchFile: 'my-custom-entrypoint.ts',
  })

  You can also set fetchFile: null to disable the entrypoint if you are using src/fetch.ts for another purpose, or don’t need advanced routing features.

  If you have been waiting for stabilization before using advanced routing, you can now do so.

  Please see the advanced routing guide in docs for more about this feature.

• #​16725 10229f7 Thanks @​ArmandPhilippot! - Removes deprecated APIs exported from astro:transitions.

  In Astro 6.x, some helpers available in astro:transitions and astro:transitions/client were deprecated.

  In Astro 7.0, the following APIs can no longer be used in your project:

  • TRANSITION_BEFORE_PREPARATION
  • TRANSITION_AFTER_PREPARATION
  • TRANSITION_BEFORE_SWAP
  • TRANSITION_AFTER_SWAP
  • TRANSITION_PAGE_LOAD
  • isTransitionBeforePreparationEvent()
  • isTransitionBeforeSwapEvent()
  • createAnimationScope()

What should I do?

Remove any occurrence of createAnimationScope():

-import { createAnimationScope } from 'astro:transitions';

Replace any occurrence of the other APIs using the lifecycle event names directly:

-import {
-	TRANSITION_AFTER_SWAP,
-	isTransitionBeforePreparationEvent,
-} from 'astro:transitions/client';

-console.log(isTransitionBeforePreparationEvent(event));
+console.log(event.type === 'astro:before-preparation');

-console.log(TRANSITION_AFTER_SWAP);
+console.log('astro:after-swap');

Learn more about all utilities available in the View Transitions Router API Reference.

Minor Changes

• #​16998 57dcc31 Thanks @​matthewp! - Exposes getFetchState() from astro/hono as a public API

  The getFetchState() function retrieves or lazily creates a FetchState from a Hono context object. This allows third-party packages to build Hono middleware that interacts with Astro's per-request state, giving the astro/hono API the same extensibility as astro/fetch.

  import { Hono } from 'hono';
  import { getFetchState, pages } from 'astro/hono';
  
  const app = new Hono();
  
  app.use(async (context, next) => {
    const state = getFetchState(context);
    state.locals.message = 'Hello from custom middleware';
    await next();
  });
  
  app.use(pages());
  
  export default app;

• #​16996 300641e Thanks @​florian-lefebvre! - Adds a subset field to the FontData type exposed via fontData from astro:assets. When using multiple font subsets (e.g., subsets: ["latin", "korean"]), each font data entry now includes the subset name, making it possible to distinguish between font entries for different subsets that share the same weight and style.

• #​16745 f864a80 Thanks @​ematipico! - The custom logger feature introduced behind a flag in v6.2.0 is no longer experimental and is available for general use.

  This feature provides better control over Astro's logging infrastructure by allowing you to replace the default console output with custom logging implementations (e.g., structured JSON). This is particularly useful for on-demand rendering when connecting to log aggregation services such as Kibana, Logstash, CloudWatch, Grafana, or Loki.

  Astro provides three built-in log handlers (json, node, and console), and you can also create your own.

JSON logging

import { defineConfig, logHandlers } from 'astro/config';

export default defineConfig({
  logger: logHandlers.json({
    pretty: true,
    level: 'warn',
  }),
});

Custom logger

import { defineConfig } from 'astro/config';

export default defineConfig({
  logger: {
    entrypoint: '@​org/custom-logger',
  },
});

Additionally, context.logger is now always available in API routes and middleware, even without a custom logger configured.

If you were previously using this feature, please remove the experimental flag from your Astro config:

import { defineConfig } from 'astro/config';

export default defineConfig({
-  experimental: {
-    logger: {
-      entrypoint: '@​org/custom-logger',
-    },
-  },
+  logger: {
+    entrypoint: '@​org/custom-logger',
+  },
});

If you have been waiting for stabilization before using custom loggers, you can now do so.

Please see the Logger docs for more about this feature.

• #​16981 0d6d644 Thanks @​ematipico! - Removes the setting experimental.queuedRendering. The new rendering engine is now stable and replaces the old one.

  As part of the stabilization, the queued rendering has been improved, and some features have been removed:

  • The construction of the queue has been removed, instead now Astro uses a streaming approach where components are rendered and flushed as they are encountered.
  • The node polling feature has been removed because it doesn't yield concrete savings.
  • The content cache has been descoped, and how only tag names are cached.
    If you were previously using this experimental feature, you must remove this experimental flag from your configuration as it no longer exists:

  // astro.config.mjs
  import { defineConfig } from "astro/config";
  
  export default defineConfig({
    experimental: {
  -    queuedRendering: {}
    }
  });

• #​17116 f95e58e Thanks @​ascorbic! - Stabilizes route caching, removing the experimental.cache and experimental.routeRules flags and replacing them with the top-level cache and routeRules configuration options.

  Route caching, introduced experimentally in v6.0.0, is now stable. It gives you a platform-agnostic way to cache responses from on-demand rendered pages and endpoints, based on standard HTTP caching semantics.

  Update your config to move cache and routeRules out of the experimental block:

  // astro.config.mjs
  import { defineConfig, memoryCache } from 'astro/config';
  
  export default defineConfig({
  -  experimental: {
  -    cache: {
  -      provider: memoryCache(),
  -    },
  -    routeRules: {
  -      '/blog/[...path]': { maxAge: 300, swr: 60 },
  -    },
  -  },
  +  cache: {
  +    provider: memoryCache(),
  +  },
  +  routeRules: {
  +    '/blog/[...path]': { maxAge: 300, swr: 60 },
  +  },
  });

  Set caching directives in your routes with Astro.cache (in .astro pages) or context.cache (in API routes and middleware), and Astro translates them into the appropriate headers or runtime behavior depending on your configured cache provider. You can also define cache rules for routes declaratively in your config using routeRules, without modifying route code.

  See the route caching guide for more information.

Patch Changes

• #​16980 1f07343 Thanks @​matthewp! - Removes state.provide(), state.resolve(), state.finalizeAll(), and App.Providers from the public advanced routing API. These context provider extension points are now internal-only. If you were using them in an integration, use locals to share per-request state instead.

• #​17111 c0f33ed Thanks @​ematipico! - Harden the limits on the number of decoding on the URL.

• #​16982 1e000e2 Thanks @​matthewp! - Improves the warning when accessing Astro.session without session storage configured. The session property is now always defined on the context object, and accessing it without configuration logs a helpful message instead of silently returning undefined.

• #​16335 9a53f77 Thanks @​ascorbic! - Adds shared helper utilities for CDN cache provider authors for route caching

  Exports astro/cache/provider-utils with helpers for building platform-specific cache-control headers, generating path-based invalidation tags, and normalizing invalidation options. These are used internally by the first-party Netlify, Vercel, and Cloudflare cache providers.

• #​17095 e84ebc0 Thanks @​matthewp! - Improves build performance by removing an unfiltered transform hook from the astro:head-metadata-build plugin. Head propagation modules are now identified by their module ID (?astroPropagatedAssets) instead of scanning every module's source code.

• #​17041 4c4a91c Thanks @​iseraph-dev! - Fixes a bug where the advanced routing astro/hono / astro/fetch pages() handler returned the host framework's default Internal Server Error response instead of rendering the custom 500.astro page when a page threw during render. Unmatched requests with a prerendered (or absent) custom 404 page now render the 404 error page instead of failing the same way.

• #​17097 5e340d7 Thanks @​iseraph-dev! - Fixes a bug where the advanced routing astro/hono / astro/fetch middleware() handler returned the host framework's default Internal Server Error response instead of rendering the custom 500.astro page when middleware threw. Unmatched requests with a prerendered (or absent) custom 404 page now render the 404 error page instead of failing the same way. Errors surfaced through next (the host framework's downstream chain) still propagate to the host's own error handler.

• #​15819 cafec4e Thanks @​delucis! - Fixes --port flag being ignored after a Vite-triggered server restart (e.g. when a .env file changes)

• #​17104 b074a37 Thanks @​iseraph-dev! - Fixes the custom 500.astro page receiving an empty error prop when the error originated in middleware.

• #​17078 04547ec Thanks @​astrobot-houston! - Fixes a spurious Astro.request.headers warning on prerendered pages when security.allowedDomains is configured. The internal allowedDomains header validation now skips prerendered routes, since they use synthetic requests with no real headers.

• #​16603 deaaf3f Thanks @​alexanderniebuhr! - Removes the warning that Astro does not support vite v8, since Astro v7 does support vite v8

• #​16335 9a53f77 Thanks @​ascorbic! - Passes the Request object to CacheProvider.setHeaders() for route caching

  Cache providers now receive the incoming Request as a second argument to setHeaders(options, request). This allows CDN providers to read the request URL, headers, and other properties when generating cache response headers, for example to auto-tag responses with their pathname for path-based invalidation.

• #​17098 637a1b6 Thanks @​matthewp! - Fixes internal Astro headers leaking from direct pages() handler responses

• #​17090 3cf76c0 Thanks @​matthewp! - Fixes Vite and Rolldown build warnings

• #​16434 ee079d4 Thanks @​ematipico! - Fixes an issue where i18n domains would return 404 when trailingSlash is set to never.

• Updated dependencies [7e7ab87, ff7b718, 241250b]:

  • @​astrojs/markdown-satteri@​0.3.1

v6.4.8

Compare Source

Patch Changes

• #​17109 27c80ea Thanks @​ematipico! - Harden the limits on the number of decoding on the URL.

v6.4.7

Compare Source

Patch Changes

• #​17035 197e50e Thanks @​astrobot-houston! - Fixes getRelativeLocaleUrl, getAbsoluteLocaleUrl, and getAbsoluteLocaleUrlList to strip trailing slashes when trailingSlash: 'never' is configured

• #​16967 3719765 Thanks @​astrobot-houston! - Fixes double URL-encoded paths returning 400 Bad Request on on-demand routes

  Previously, any URL containing a double-encoded character (like %255B, which is [ encoded twice) was unconditionally rejected with a 400 Bad Request before middleware or route handlers could run. This broke embedded tools like Sanity Studio whose client-side router legitimately produces double-encoded URLs.

  The fix replaces the rejection approach with iterative decoding — multi-level percent-encoding is now fully resolved to its canonical form before being passed to middleware and route matching. This preserves the security fix for CVE-2025-66202 (middleware authorization bypass via double encoding) because middleware now always sees the fully decoded path, making bypass impossible. For example, /api/%2561dmin is decoded to /api/admin, which middleware can correctly block.

• #​17066 2f4d92a Thanks @​matthewp! - Fixes prerendered redirect targets being incorrectly bundled into the SSR function in hybrid mode, causing massive bundle size inflation

• #​16882 621beb7 Thanks @​jettwayio! - fix(render): honour compressHTML when joining head elements

• #​16892 8d753b0 Thanks @​astrobot-houston! - Fixes custom elements in MDX having their children's slot attribute stripped by the JSX runtime

  When custom elements (tags with hyphens like <my-element>) are used in MDX files, the slot HTML attribute on their children is now correctly preserved. Previously, the shared JSX runtime would treat slot as an Astro slot assignment and remove it from the output, breaking Shadow DOM named slot distribution for web components.

• #​16957 544ee76 Thanks @​thelazylamaGit! - Fixes stale inline CSS in server-rendered HTML after CSS file edits during dev

  When editing a CSS file (.css, .scss, etc.) during development, the inline <style> tags in server-rendered HTML would retain old CSS content instead of updating. This caused a brief flash of old CSS (FOUC) on fresh page loads before Vite's client-side HMR corrected the styles.

  The fix ensures that Astro's per-route dev CSS virtual modules are invalidated in both the SSR module graph and the module runner's evaluation cache when a style file changes, so the next page render picks up the fresh CSS.

• #​17044 2220d22 Thanks @​astrobot-houston! - Fixes CSS from client:only islands leaking to unrelated pages when Rollup bundles non-CSS-importing modules into the same chunk as CSS-importing modules

• #​17040 7c4763d Thanks @​astrobot-houston! - Fixes HMR not triggering for files inside the src/middleware/ directory during dev

• #​16672 52fc862 Thanks @​martinheidegger! - Fixes support for numeric IDs in YAML frontmatter when using content collection references

• #​16762 9de80ae Thanks @​alexanderdombroski! - Adds a JSON schema to the Wrangler configuration file generated when running astro add cloudflare

• #​17046 ef771ec Thanks @​ematipico! - Improves the diagnostics emitted when Astro parses incorrect .astro files.

v6.4.6

Compare Source

Patch Changes

• #​16765 b10e86e Thanks @​fkatsuhiro! - Fixes an issue where renaming an image file while the dev server is running triggers a build error. Now Astro correctly hot-reloads the image without crashing.

• #​17026 add3df1 Thanks @​matthewp! - Hardens addAttribute to drop attribute names containing characters that are invalid per the HTML spec (", ', >, /, =, whitespace)

• #​17033 ffda27b Thanks @​matthewp! - Validates the request origin against allowedDomains before fetching prerendered error pages. When allowedDomains is configured and the Host header matches, the original origin is used. Otherwise, the fetch falls back to localhost.

v6.4.5

Compare Source

Patch Changes

• #​16985 4ecff32 Thanks @​maximslo! - Fixes the experimental.logger destination not being used for the "Server listening on..." startup message. The logger is now resolved before the server starts listening, and adapterLogger re-creates itself when the underlying logger changes so the startup message uses the correct destination.

• #​16947 e0703a6 Thanks @​ematipico! - Fixes Astro.request.url not reflecting validated X-Forwarded-Proto/X-Forwarded-Host headers when security.allowedDomains is configured. Previously, only Astro.url was updated with the forwarded origin while Astro.request.url retained the socket-derived URL, causing the two to diverge behind TLS-terminating proxies.

• #​16997 dc45246 Thanks @​matthewp! - Reverts a change to isNode runtime detection that caused a significant build time regression for Cloudflare adapter users with large prerendered sites

v6.4.4

Compare Source

Patch Changes

• #​16926 1b39ae8 Thanks @​narendraio! - Prevents App.match() from throwing on request paths that contain an invalid percent-sequence.

• #​16924 2c0bc94 Thanks @​astrobot-houston! - Fixes an issue where editing a client-side component (e.g. with client:idle, client:load, etc.) caused an unnecessary full program reload of the backend during development.

• #​16958 2c1d50f Thanks @​fkatsuhiro! - Fixes a bug where static file endpoints using getStaticPaths with .html in dynamic param values (e.g. { path: 'file.html' }) would fail with a NoMatchingStaticPathFound error during build. The .html suffix is no longer incorrectly stripped from endpoint route pathnames.

• #​16855 c610cda Thanks @​astrobot-houston! - Fixes dynamic routes returning 500 "TypeError: Missing parameter" when using domain-based i18n routing in SSR.

• #​16946 606c37b Thanks @​ematipico! - Fixes Astro.routePattern to preserve original casing of dynamic parameter names from filenames. Previously, a file at src/pages/blog/[postId].astro would return /blog/[postid] for Astro.routePattern due to an internal .toLowerCase() call. It now correctly returns /blog/[postId].

• #​16720 16d49b6 Thanks @​thomas-callahan-collibra! - Fix an issue where dynamic routes would return the string [object Object] instead of the expected content, in certain runtimes.

• #​16703 17390a6 Thanks @​henrybrewer00-dotcom! - Fixes styles being stripped when the project root is started with a path whose case differs from the actual filesystem case (e.g. running astro dev from d:\dev\app while the folder on disk is D:\dev\app).

• #​16855 c610cda Thanks @​astrobot-houston! - Fixes Astro.currentLocale returning the default locale instead of the domain's locale on dynamic routes served from a mapped domain.

v6.4.3

Compare Source

Patch Changes

• #​16900 17a0fbd Thanks @​ocavue! - Bumps devalue dependency to v5.8.1

• #​16016 0d85e1b Thanks @​felmonon! - Fix a false positive in the dev toolbar accessibility audit for anchors with text inside closed <details> elements.

• #​16911 79c6c46 Thanks @​astrobot-houston! - Fixes a bug where experimental.advancedRouting with astro/hono handlers threw TypeError: Cannot read properties of undefined (reading 'route') for unmatched routes instead of rendering the custom 404 page.

• #​16899 239c469 Thanks @​matthewp! - Fixes a false "does not call the middleware() handler" warning when using astro() in a custom src/app.ts and the first request is a redirect route.

• #​16887 493acdb Thanks @​astrobot-houston! - Fixes redirectToDefaultLocale not working after the Advanced Routing refactoring.

• #​16908 ef53ab9 Thanks @​florian-lefebvre! - Improves optimized fallbacks generation when using the Fonts API by using better metrics for bold variants

v6.4.2

Patch Changes

• #​16889 b94bcfd Thanks @​Princesseuh! - Fixes a plugins is not iterable crash when using a pre-6.0 @astrojs/mdx alongside integrations (e.g. Starlight) that set markdown.remarkPlugins, markdown.rehypePlugins, or markdown.remarkRehype.

• #​16878 b9f6bb9 Thanks @​fkatsuhiro! - Fixes an issue where on-demand (SSR) dynamic routes would return 404 when a prerendered dynamic route with the same URL pattern was sorted first alphabetically. In production builds with @astrojs/node adapter, if [a_prebuild].astro (prerender=true) came before [b_ssr].astro alphabetically, requests to URLs not in the prerendered route's static paths would 404 instead of falling through to the SSR route. The fix adds fallthrough logic so that when a prerendered dynamic route matches but can't serve the request, Astro tries subsequent matching routes.

v6.4.1

Patch Changes

• #​16883 eeb064c Thanks @​Princesseuh! - Restores the astro/jsx/rehype.js entry point so that older versions of @astrojs/mdx continue to work when used with Astro 6.x. This entry point will be removed in Astro 7.0.

v6.4.0

Compare Source

Minor Changes

• #​16468 4cff3a1 Thanks @​matthewp! - Adds a new preserveBuildServerDir adapter feature

  Adapters can now set preserveBuildServerDir: true in their adapter features to keep the dist/server/ directory structure for static builds, mirroring the existing preserveBuildClientDir option. This is useful for adapters that require a consistent dist/client/ and dist/server/ layout regardless of build output type.

  setAdapter({
    name: 'my-adapter',
    adapterFeatures: {
      buildOutput,
      preserveBuildClientDir: true,
      preserveBuildServerDir: true,
    },
  });

• #​16848 f732f3c Thanks @​Princesseuh! - Adds a new markdown.processor configuration option, allowing you to choose an alternative Markdown processor.

  Websites with many Markdown/MDX files tend to be slow to build because the unified ecosystem (e.g., remark, rehype) is slow to process. This feature introduces the ability to replace this part of the build pipeline with another processor.

  The default processor is unified(). This means that existing configurations remain unchanged and your remark/rehype plugins continue to work.

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  import { unified } from '@​astrojs/markdown-remark';
  import remarkToc from 'remark-toc';
  
  export default defineConfig({
    markdown: {
      processor: unified({
        remarkPlugins: [remarkToc],
      }),
    },
  });

  In addition to this new configuration option, Astro provides a new alternative processor based on Rust: Sätteri. You can choose to use it now by installing @astrojs/markdown-satteri, importing the satteri() processor, and adapting your existing configuration:

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  import { satteri } from '@​astrojs/markdown-satteri';
  
  export default defineConfig({
    markdown: {
      processor: satteri({
        features: { directive: true },
      }),
    },
  });

  This processor does not support the remark and rehype plugins. This means you may need to convert them to MDAST or HAST plugins to retain your current functionality.

  The existing top-level markdown.remarkPlugins, markdown.rehypePlugins, markdown.remarkRehype, markdown.gfm, and markdown.smartypants options still work, but are now deprecated and will be removed in a future major update. The matching remarkPlugins, rehypePlugins, and remarkRehype options on the MDX integration are also deprecated for the same reason. To anticipate their removal, move them onto unified({...}) (or your preferred plugin processor) :

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  import remarkToc from 'remark-toc';
  import rehypeSlug from 'rehype-slug';
  + import { unified } from '@​astrojs/markdown-remark';
  
  export default defineConfig({
    markdown: {
  +    processor: unified({
  +      remarkPlugins: [remarkToc],
  +      rehypePlugins: [rehypeSlug],
  +      remarkRehype: true,
  +      gfm: true,
  +      smartypants: true,
  +    }),
  -    remarkPlugins: [remarkToc],
  -    rehypePlugins: [rehypeSlug],
  -    remarkRehype: true,
  -    gfm: true,
  -    smartypants: true,
    },
  });

  For more information on enabling and using this feature in your project, see our Markdown guide. To give feedback on this new Rust processor, see the Native Markdown / MDX parsing and processing RFC.

Patch Changes

• #​16468 4cff3a1 Thanks @​matthewp! - Skips the static preview server when an adapter provides its own previewEntrypoint, allowing the adapter to handle both static and dynamic routes

• #​16811 e0e26db Thanks @​matthewp! - Fixes X-Forwarded-Host and X-Forwarded-Proto headers being ignored when set in a custom src/app.ts fetch handler before creating FetchState

• #​16468 4cff3a1 Thanks @​matthewp! - Fixes the static preview server to respect preserveBuildClientDir, serving files from build.client instead of outDir when the adapter requires it

• #​16770 1e2aa11 Thanks @​matthewp! - Fixes a race condition where the Vite dep optimizer could lose React dependencies in dev mode when using Astro Actions

• #​16468 4cff3a1 Thanks @​matthewp! - Exempts internal routes (e.g. server islands) from getStaticPaths() validation, fixing server island rendering on static sites

• #​16468 4cff3a1 Thanks @​matthewp! - Fixes preview for static sites that contain non-prerendered routes. Previously, the preview command ignored SSR routes discovered during route scanning and always used the static preview server.

• Updated dependencies [f732f3c, f732f3c]:

  • @​astrojs/internal-helpers@​0.10.0
  • @​astrojs/markdown-remark@​7.2.0

v6.3.8

Compare Source

Patch Changes

• #​16830 f2bf3cb Thanks @​matthewp! - Fixes 404s for dynamically imported JS chunks when using an adapter with assetQueryParams (e.g. Vercel skew protection)

• #​16831 ace96ba Thanks @​astrobot-houston! - Fixes a misleading GetStaticPathsRequired error when a redirect is configured from a dynamic route to a static (or less-dynamic) destination. For example, '/project/[slug]': '/' previously produced a confusing error pointing at index.astro. Astro now detects the parameter mismatch at config validation time and throws a clear InvalidRedirectDestination error naming the missing parameters.

• #​16702 b7d1758 Thanks @​matthewp! - Fixes scoped styles from .astro components being dropped when rendered inside MDX content (<Content /> from render(entry)) passed through a named slot using <Fragment slot="X">. The Fragment component now eagerly evaluates its slot contents to ensure propagating components register their styles before head content is flushed.

• #​16823 3df6a45 Thanks @​astrobot-houston! - Fixes missing CSS for conditionally rendered Svelte components in production builds

• #​16836 3d7adfa Thanks @​LongYC! - Document compressHTML: "jsx" config is only available since Astro v6.2.0

• #​16864 334ce13 Thanks @​cheets! - Fixes a false-positive Internal Warning: route cache overwritten logged on every SSR request for dynamic routes

v6.3.7

Compare Source

Patch Changes

• #​16821 9c76b12 Thanks @​astrobot-houston! - Fixes request body handling in the Node adapter when req.body is a Buffer, Uint8Array, or ArrayBuffer. Previously, binary body data was incorrectly JSON-stringified (producing {"type":"Buffer","data":[...]}) instead of being passed through directly. This affected libraries like serverless-http that set req.body to a Buffer.

• #​16785 de96360 Thanks @​astrobot-houston! - Fixes vite.build.minify, vite.build.sourcemap, and vite.build.rollupOptions.output (e.g. compact) being ignored for client-side builds. These top-level Vite build options are now properly forwarded to the client environment, with environment-specific overrides (vite.environments.client.build.*) taking priority when set.

• #​16819 b5dd8f1 Thanks @​astrobot-houston! - Fixes custom elements in MDX files bypassing the renderer pipeline. Custom elements (tags containing hyphens like <my-element>) in .mdx files are now routed through registered renderers for SSR, matching the behavior of .astro files. If no renderer claims the element, it falls back to rendering as raw HTML.

• #​16808 765896c Thank

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
base	Error		Jun 23, 2026 4:10pm

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/astro@7.0.0 → npm/@emnapi/runtime@1.11.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm astro is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: package.json → npm/astro@7.0.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/astro@7.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm css-tree is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/astro@7.0.0 → npm/css-tree@3.2.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/css-tree@3.2.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm js-yaml is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/astro@7.0.0 → npm/js-yaml@4.2.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/js-yaml@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm node-fetch-native is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/astro@7.0.0 → npm/node-fetch-native@1.6.7 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/node-fetch-native@1.6.7. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	astro@​7.0.0

View full report