chore(deps): bump the npm_and_yarn group across 1 directory with 3 updates

[dependabot]

Bumps the npm_and_yarn group with 3 updates in the / directory: astro, devalue and form-data.

Updates astro from 5.11.0 to 5.13.3

Release notes

Sourced from astro's releases.

astro@5.13.3

Patch Changes

• #14239 d7d93e1 Thanks @​wtchnm! - Fixes a bug where the types for the live content collections were not being generated correctly in dev mode

• #14221 eadc9dd Thanks @​delucis! - Fixes JSON schema support for content collections using the file() loader

• #14229 1a9107a Thanks @​jonmichaeldarby! - Ensures Astro.currentLocale returns the correct locale during SSG for pages that use a locale param (such as [locale].astro or [locale]/index.astro, which produce [locale].html)

astro@5.13.2

Patch Changes

• 4d16de7 Thanks @​ematipico! - Improves the detection of remote paths in the _image endpoint. Now href parameters that start with // are considered remote paths.

• Updated dependencies [4d16de7]:

  • @​astrojs/internal-helpers@​0.7.2
  • @​astrojs/markdown-remark@​6.3.6

astro@5.13.1

Patch Changes

• #14225 f2490ab Thanks @​delucis! - Fixes the experimental.chromeDevtoolsWorkspace feature.

astro@5.13.0

Minor Changes

• #14173 39911b8 Thanks @​florian-lefebvre! - Adds an experimental flag staticImportMetaEnv to disable the replacement of import.meta.env values with process.env calls and their coercion of environment variable values. This supersedes the rawEnvValues experimental flag, which is now removed.

  Astro allows you to configure a type-safe schema for your environment variables, and converts variables imported via astro:env into the expected type. This is the recommended way to use environment variables in Astro, as it allows you to easily see and manage whether your variables are public or secret, available on the client or only on the server at build time, and the data type of your values.

  However, you can still access environment variables through process.env and import.meta.env directly when needed. This was the only way to use environment variables in Astro before astro:env was added in Astro 5.0, and Astro's default handling of import.meta.env includes some logic that was only needed for earlier versions of Astro.

  The experimental.staticImportMetaEnv flag updates the behavior of import.meta.env to align with Vite's handling of environment variables and for better ease of use with Astro's current implementations and features. This will become the default behavior in Astro 6.0, and this early preview is introduced as an experimental feature.

  Currently, non-public import.meta.env environment variables are replaced by a reference to process.env. Additionally, Astro may also convert the value type of your environment variables used through import.meta.env, which can prevent access to some values such as the strings "true" (which is converted to a boolean value), and "1" (which is converted to a number).

  The experimental.staticImportMetaEnv flag simplifies Astro's default behavior, making it easier to understand and use. Astro will no longer replace any import.meta.env environment variables with a process.env call, nor will it coerce values.

  To enable this feature, add the experimental flag in your Astro config and remove rawEnvValues if it was enabled:

  // astro.config.mjs
  import { defineConfig } from "astro/config";
  export default defineConfig({
  
  experimental: {
  staticImportMetaEnv: true
  
  
  rawEnvValues: false
  
  
  }
  });

... (truncated)

Changelog

Sourced from astro's changelog.

5.13.3

Patch Changes

• #14239 d7d93e1 Thanks @​wtchnm! - Fixes a bug where the types for the live content collections were not being generated correctly in dev mode

• #14221 eadc9dd Thanks @​delucis! - Fixes JSON schema support for content collections using the file() loader

• #14229 1a9107a Thanks @​jonmichaeldarby! - Ensures Astro.currentLocale returns the correct locale during SSG for pages that use a locale param (such as [locale].astro or [locale]/index.astro, which produce [locale].html)

5.13.2

Patch Changes

• 4d16de7 Thanks @​ematipico! - Improves the detection of remote paths in the _image endpoint. Now href parameters that start with // are considered remote paths.

• Updated dependencies [4d16de7]:

  • @​astrojs/internal-helpers@​0.7.2
  • @​astrojs/markdown-remark@​6.3.6

5.13.1

Patch Changes

• #14225 f2490ab Thanks @​delucis! - Fixes the experimental.chromeDevtoolsWorkspace feature.

5.13.0

Minor Changes

• #14173 39911b8 Thanks @​florian-lefebvre! - Adds an experimental flag staticImportMetaEnv to disable the replacement of import.meta.env values with process.env calls and their coercion of environment variable values. This supersedes the rawEnvValues experimental flag, which is now removed.

  Astro allows you to configure a type-safe schema for your environment variables, and converts variables imported via astro:env into the expected type. This is the recommended way to use environment variables in Astro, as it allows you to easily see and manage whether your variables are public or secret, available on the client or only on the server at build time, and the data type of your values.

  However, you can still access environment variables through process.env and import.meta.env directly when needed. This was the only way to use environment variables in Astro before astro:env was added in Astro 5.0, and Astro's default handling of import.meta.env includes some logic that was only needed for earlier versions of Astro.

  The experimental.staticImportMetaEnv flag updates the behavior of import.meta.env to align with Vite's handling of environment variables and for better ease of use with Astro's current implementations and features. This will become the default behavior in Astro 6.0, and this early preview is introduced as an experimental feature.

  Currently, non-public import.meta.env environment variables are replaced by a reference to process.env. Additionally, Astro may also convert the value type of your environment variables used through import.meta.env, which can prevent access to some values such as the strings "true" (which is converted to a boolean value), and "1" (which is converted to a number).

  The experimental.staticImportMetaEnv flag simplifies Astro's default behavior, making it easier to understand and use. Astro will no longer replace any import.meta.env environment variables with a process.env call, nor will it coerce values.

  To enable this feature, add the experimental flag in your Astro config and remove rawEnvValues if it was enabled:

  // astro.config.mjs
  import { defineConfig } from "astro/config";
  export default defineConfig({
  
  experimental: {

... (truncated)

Commits

• d471be5 [ci] release (#14242)
• d7d93e1 fix(sync): add missing live check for generating content collections types (#...
• 682d8b8 [ci] format
• 1a9107a Properly compute currentLocale when path segment contains .html (#14229)
• eadc9dd Fix file() loader JSON schema (#14221)
• d95fbaf [ci] format
• dd481c8 chore(assets): compose source URL later (#14237)
• 9288133 [ci] release (#14232)
• 1040510 [ci] format
• 4d16de7 Merge commit from fork
• Additional commits viewable in compare view

Updates devalue from 5.1.1 to 5.3.2

Release notes

Sourced from devalue's releases.

v5.3.2

Patch Changes

• 0623a47: fix: disallow array method access when parsing
• 0623a47: fix: disallow __proto__ properties on objects

v5.3.1

Patch Changes

• ae904c5: fix: correctly differentiate between +0 and -0

v5.3.0

Minor Changes

• 2896e7b: feat: support Temporal
• fec694d: feat: support URL and URLSearchParams objects

Changelog

Sourced from devalue's changelog.

5.3.2

Patch Changes

• 0623a47: fix: disallow array method access when parsing
• 0623a47: fix: disallow __proto__ properties on objects

5.3.1

Patch Changes

• ae904c5: fix: correctly differentiate between +0 and -0

5.3.0

Minor Changes

• 2896e7b: feat: support Temporal
• fec694d: feat: support URL and URLSearchParams objects

5.2.1

Patch Changes

• e46f4c8: fix: handle repeated array buffers and subarrays
• 2dfa504: fix: handle custom classes with null proto as pojo

5.2.0

• Handle custom classes with null proto as pojo (#95)

Commits

• 86a6a66 Version Packages (#109)
• 0623a47 Merge commit from fork
• 02d20e8 Version Packages (#108)
• ae904c5 fix stringify not picking up negative zero if a normal zero has appeared befo...
• e95b87a fix pkg.repository
• 8300172 fix changeset config
• 434d8ae Version Packages (#106)
• 67c8334 mention support for URL/URLSearchParams/Temporal in README
• fec694d feat: support URL and URLSearchParams (#92)
• 2896e7b Add support for Temporal objects (#98)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by svelte-admin, a new releaser for devalue since your current version.

Updates form-data from 4.0.3 to 4.0.4

Release notes

Sourced from form-data's releases.

v4.0.4

v4.0.4 - 2025-07-16

Commits

• [meta] add auto-changelog 811f682
• [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
• [Fix] Switch to using crypto random for boundary values 3d17230
• [Tests] fix linting errors 5e34080
• [meta] actually ensure the readme backup isn’t published 316c82b
• [Dev Deps] update @ljharb/eslint-config 58c25d7
• [meta] fix readme capitalization 2300ca1

Changelog

Sourced from form-data's changelog.

v4.0.4 - 2025-07-16

Commits

• [meta] add auto-changelog 811f682
• [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 1d11a76
• [Fix] Switch to using crypto random for boundary values 3d17230
• [Tests] fix linting errors 5e34080
• [meta] actually ensure the readme backup isn’t published 316c82b
• [Dev Deps] update @ljharb/eslint-config 58c25d7
• [meta] fix readme capitalization 2300ca1

Commits

• 41996f5 v4.0.4
• 316c82b [meta] actually ensure the readme backup isn’t published
• 2300ca1 [meta] fix readme capitalization
• 811f682 [meta] add auto-changelog
• 5e34080 [Tests] fix linting errors
• 1d11a76 [Tests] handle predict-v8-randomness failures in node < 17 and node > 23
• 58c25d7 [Dev Deps] update @ljharb/eslint-config
• 3d17230 [Fix] Switch to using crypto random for boundary values
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.