[Snyk] Upgrade astro from 3.0.13 to 4.11.5

[WontonSam]

Snyk has created this PR to upgrade astro from 3.0.13 to 4.11.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

• The recommended version is 137 versions ahead of your current version.

• The recommended version was released on a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Access Control Bypass SNYK-JS-VITE-6182924	412	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ZOD-5925617	412	Proof of Concept
	Cross-Site Scripting (XSS) SNYK-JS-VITE-6098386	412	Proof of Concept
	Improper Access Control SNYK-JS-VITE-6531286	412	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	412	Proof of Concept
	Improper Input Validation SNYK-JS-POSTCSS-5926692	412	No Known Exploit
	Heap-based Buffer Overflow SNYK-JS-SHARP-5922108	412	Mature
	Information Exposure SNYK-JS-UNDICI-5962466	412	No Known Exploit
	Permissive Cross-domain Policy with Untrusted Domains SNYK-JS-UNDICI-6252336	412	No Known Exploit
	Improper Access Control SNYK-JS-UNDICI-6564963	412	No Known Exploit
	Improper Authorization SNYK-JS-UNDICI-6564964	412	No Known Exploit

Release notes

Package name: astro

• 4.11.5 - 2024-07-03
• 4.11.4 - 2024-07-03
• 4.11.3 - 2024-06-26
• 4.11.2 - 2024-06-26
• 4.11.1 - 2024-06-24
• 4.11.0 - 2024-06-20
• 4.10.3 - 2024-06-17
• 4.10.2 - 2024-06-11
• 4.10.1 - 2024-06-08
• 4.10.0 - 2024-06-06
• 4.9.3 - 2024-06-05
• 4.9.2 - 2024-05-27
• 4.9.1 - 2024-05-23
• 4.9.0 - 2024-05-23
• 4.8.7 - 2024-05-22
• 4.8.6 - 2024-05-17
• 4.8.5 - 2024-05-16
• 4.8.4 - 2024-05-15
• 4.8.3 - 2024-05-13
• 4.8.2 - 2024-05-09
• 4.8.1 - 2024-05-09
  

  Patch Changes

  • #11567 d27cf6d Thanks @ ascorbic! - Logs underlying error when a template cannot be downloaded
• 4.8.0 - 2024-05-09
• 4.7.1 - 2024-05-02
• 4.7.0 - 2024-04-25
• 4.6.4 - 2024-04-23
• 4.6.3 - 2024-04-18
• 4.6.2 - 2024-04-16
• 4.6.1 - 2024-04-12
• 4.6.0 - 2024-04-11
• 4.5.18 - 2024-04-10
• 4.5.17 - 2024-04-09
• 4.5.16 - 2024-04-04
• 4.5.15 - 2024-04-03
• 4.5.14 - 2024-04-02
• 4.5.13 - 2024-04-02
• 4.5.12 - 2024-03-28
• 4.5.11 - 2024-03-28
• 4.5.10 - 2024-03-26
• 4.5.9 - 2024-03-22
• 4.5.8 - 2024-03-20
• 4.5.7 - 2024-03-20
• 4.5.6 - 2024-03-18
• 4.5.5 - 2024-03-15
• 4.5.4 - 2024-03-14
• 4.5.3 - 2024-03-13
• 4.5.2 - 2024-03-12
• 4.5.1 - 2024-03-11
• 4.5.0 - 2024-03-11
• 4.4.15 - 2024-03-08
• 4.4.14 - 2024-03-07
• 4.4.13 - 2024-03-06
• 4.4.12 - 2024-03-06
• 4.4.11 - 2024-03-04
• 4.4.10 - 2024-03-04
• 4.4.9 - 2024-03-02
• 4.4.8 - 2024-03-01
• 4.4.7 - 2024-03-01
• 4.4.6 - 2024-02-28
• 4.4.5 - 2024-02-26
• 4.4.4 - 2024-02-23
• 4.4.3 - 2024-02-22
• 4.4.2 - 2024-02-21
• 4.4.1 - 2024-02-20
• 4.4.0 - 2024-02-15
• 4.3.7 - 2024-02-13
• 4.3.6 - 2024-02-12
• 4.3.5 - 2024-02-07
• 4.3.4 - 2024-02-07
• 4.3.3 - 2024-02-06
• 4.3.2 - 2024-02-02
• 4.3.1 - 2024-02-01
• 4.3.0 - 2024-02-01
• 4.2.8 - 2024-01-31
• 4.2.7 - 2024-01-30
• 4.2.6 - 2024-01-26
• 4.2.5 - 2024-01-26
• 4.2.4 - 2024-01-24
• 4.2.3 - 2024-01-22
• 4.2.2 - 2024-01-22
• 4.2.1 - 2024-01-18
• 4.2.0 - 2024-01-18
• 4.1.3 - 2024-01-16
• 4.1.2 - 2024-01-11
• 4.1.1 - 2024-01-05
• 4.1.0 - 2024-01-04
• 4.0.9 - 2024-01-02
• 4.0.8 - 2023-12-27
• 4.0.7 - 2023-12-20
• 4.0.6 - 2023-12-15
• 4.0.5 - 2023-12-14
• 4.0.4 - 2023-12-11
• 4.0.3 - 2023-12-06
• 4.0.2 - 2023-12-06
• 4.0.1 - 2023-12-05
• 4.0.0 - 2023-12-05
• 4.0.0-beta.7 - 2023-12-04
• 4.0.0-beta.6 - 2023-12-04
• 4.0.0-beta.5 - 2023-12-04
• 4.0.0-beta.4 - 2023-12-01
• 4.0.0-beta.3 - 2023-12-01
• 4.0.0-beta.2 - 2023-11-29
• 4.0.0-beta.1 - 2023-11-28
• 4.0.0-beta.0 - 2023-11-27
• 3.6.5 - 2024-03-01
• 3.6.4 - 2023-11-30
• 3.6.3 - 2023-11-28
• 3.6.2 - 2023-11-28
• 3.6.1 - 2023-11-27
  

  Patch Changes

  • #11571 1c3265a Thanks @ bholmesdev! - BREAKING CHANGE to the experimental Actions API only. Install the latest @ astrojs/react integration as well if you're using React 19 features.

    Make .safe() the default return value for actions. This means { data, error } will be returned when calling an action directly. If you prefer to get the data while allowing errors to throw, chain the .orThrow() modifier.

    import { actions } from 'astro:actions';

    // Before
    const { data, error } = await actions.like.safe();
    // After
    const { data, error } = await actions.like();

    // Before
    const newLikes = await actions.like();
    // After
    const newLikes = await actions.like.orThrow();

    Migration

    To migrate your existing action calls:

    • Remove .safe from existing safe action calls
    • Add .orThrow to existing unsafe action calls

  • #11570 84189b6 Thanks @ bholmesdev! - BREAKING CHANGE to the experimental Actions API only. Install the latest @ astrojs/react integration as well if you're using React 19 features.

    Updates the Astro Actions fallback to support action={actions.name} instead of using getActionProps(). This will submit a form to the server in zero-JS scenarios using a search parameter:

    ---
    import { actions } from 'astro:actions';
    ---

    <form action={actions.logOut}>
    <!--output: action="?_astroAction=logOut"-->
    <button>Log Out</button>
    </form>

    You may also construct form action URLs using string concatenation, or by using the URL() constructor, with the an action's .queryString property:

    ---
    import { actions } from 'astro:actions';
    
    const confirmationUrl = new URL('/confirmation', Astro.url);
    confirmationUrl.search = actions.queryString;
    ---

    <form method="POST" action={confirmationUrl.pathname}>
    <button>Submit</button>
    </form>

    Migration

    getActionProps() is now deprecated. To use the new fallback pattern, remove the getActionProps() input from your form and pass your action function to the form action attribute:

    ---
    import {
    actions,
    - getActionProps,
    } from 'astro:actions';
    ---

  + <form method="POST" action={actions.logOut}>
  - <form method="POST">
  - <input {...getActionProps(actions.logOut)} />
  <button>Log Out</button>
  </form>

3.6.0 - 2023-11-22

3.5.7 - 2023-11-21

3.5.6 - 2023-11-21

3.5.5 - 2023-11-16

3.5.4 - 2023-11-14

3.5.3 - 2023-11-12

3.5.2 - 2023-11-10

3.5.1 - 2023-11-10

3.5.0 - 2023-11-09

3.4.4 - 2023-11-08

3.4.3 - 2023-11-02

3.4.2 - 2023-11-01

3.4.1 - 2023-11-01

3.4.0 - 2023-10-26

3.3.4 - 2023-10-24

3.3.3 - 2023-10-23

3.3.2 - 2023-10-18

3.3.1 - 2023-10-16

3.3.0 - 2023-10-12

3.2.4 - 2023-10-10

3.2.3 - 2023-10-05

3.2.2 - 2023-10-02

3.2.1 - 2023-10-02

3.2.0 - 2023-09-28

3.1.4 - 2023-09-25

3.1.3 - 2023-09-25

Patch Changes

• Updated dependencies [49b5145]:
  • @ astrojs/markdown-remark@5.2.0

3.1.2 - 2023-09-21

3.1.1 - 2023-09-19

3.1.0 - 2023-09-14

3.0.13 - 2023-09-12

from astro GitHub release notes

---

Important

• Warning: This PR contains a major version upgrade, and may be a breaking change.
• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.