Bump the javascript-dependencies group with 6 updates

[dependabot]

Bumps the javascript-dependencies group with 6 updates:

Package	From	To
astro	5.16.15	5.17.1
preact	10.28.2	10.28.3
@biomejs/biome	2.3.12	2.3.13
@playwright/test	1.58.0	1.58.1
@types/node	25.0.10	25.2.0
wrangler	4.60.0	4.61.1

Updates astro from 5.16.15 to 5.17.1

Release notes

Sourced from astro's releases.

astro@5.17.1

Patch Changes

• #15334 d715f1f Thanks @​florian-lefebvre! - BREAKING CHANGE to the experimental Fonts API only

  Removes the getFontBuffer() helper function exported from astro:assets when using the experimental Fonts API

  This experimental feature introduced in v15.6.13 ended up causing significant memory usage during build. This feature has been removed and will be reintroduced after further exploration and testing.

  If you were relying on this function, you can replicate the previous behavior manually:

  • On prerendered routes, read the file using node:fs
  • On server rendered routes, fetch files using URLs from fontData and context.url

astro@5.17.0

Minor Changes

• #14932 b19d816 Thanks @​patrickarlt! - Adds support for returning a Promise from the parser() option of the file() loader

  This enables you to run asynchronous code such as fetching remote data or using async parsers when loading files with the Content Layer API.

  For example:

  import { defineCollection } from 'astro:content';
  import { file } from 'astro/loaders';
  const blog = defineCollection({
  loader: file('src/data/blog.json', {
  parser: async (text) => {
  const data = JSON.parse(text);
    // Perform async operations like fetching additional data
    const enrichedData = await fetch(`https://api.example.com/enrich`, {
      method: 'POST',
      body: JSON.stringify(data),
    }).then((res) => res.json());
  return enrichedData;
  },
  
  }),
  });
  export const collections = { blog };

  See the parser() reference documentation for more information.

• #15171 f220726 Thanks @​mark-ignacio! - Adds a new, optional kernel configuration option to select a resize algorithm in the Sharp image service

... (truncated)

Changelog

Sourced from astro's changelog.

5.17.1

Patch Changes

• #15334 d715f1f Thanks @​florian-lefebvre! - BREAKING CHANGE to the experimental Fonts API only

  Removes the getFontBuffer() helper function exported from astro:assets when using the experimental Fonts API

  This experimental feature introduced in v15.6.13 ended up causing significant memory usage during build. This feature has been removed and will be reintroduced after further exploration and testing.

  If you were relying on this function, you can replicate the previous behavior manually:

  • On prerendered routes, read the file using node:fs
  • On server rendered routes, fetch files using URLs from fontData and context.url

5.17.0

Minor Changes

• #14932 b19d816 Thanks @​patrickarlt! - Adds support for returning a Promise from the parser() option of the file() loader

  This enables you to run asynchronous code such as fetching remote data or using async parsers when loading files with the Content Layer API.

  For example:

  import { defineCollection } from 'astro:content';
  import { file } from 'astro/loaders';
  const blog = defineCollection({
  loader: file('src/data/blog.json', {
  parser: async (text) => {
  const data = JSON.parse(text);
    // Perform async operations like fetching additional data
    const enrichedData = await fetch(`https://api.example.com/enrich`, {
      method: 'POST',
      body: JSON.stringify(data),
    }).then((res) => res.json());
  return enrichedData;
  },
  
  }),
  });
  export const collections = { blog };

  See the parser() reference documentation for more information.

• #15171 f220726 Thanks @​mark-ignacio! - Adds a new, optional kernel configuration option to select a resize algorithm in the Sharp image service

... (truncated)

Commits

• 1c6c9fc [ci] release (#15339)
• d715f1f fix(fonts): remove getFontBuffer() (#15334)
• 08d38c6 [ci] release (#15325)
• 388818a [ci] format
• f1fce0e feat: add retainBody option to the glob() loader (#15022)
• 928529f adds ImageTransform.background (#15153)
• f220726 feat(sharp): add kernel option to image service config (#15171)
• b19d816 feat: allow for async parsing in file loader (#14932)
• 08e0fd7 Support partitioned cookies (#15063)
• 54f6006 Add devToolbar.placement configuration option (#15015)
• Additional commits viewable in compare view

Updates preact from 10.28.2 to 10.28.3

Release notes

Sourced from preact's releases.

10.28.3

Fixes

• Avoid scheduling suspense state udpates (#5006, thanks @​JoviDeCroock)
• Resolve some suspense crashes (#4999, thanks @​JoviDeCroock)
• Support inheriting namespace through portals (#4993, thanks @​JoviDeCroock)

Maintenance

• Update test with addition of _original (#4989, thanks @​JoviDeCroock)

Commits

• eb1b8c8 10.28.3 (#5007)
• 5023ce8 Avoid scheduling suspense state udpates (#5006)
• 2ac91c4 Resolve some suspense crashes (#4999)
• 4317858 Support inheriting namespace through portals (#4993)
• 25bb34b Update test (#4989)
• See full diff in compare view

Updates @biomejs/biome from 2.3.12 to 2.3.13

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.3.13

2.3.13

Patch Changes

• #8815 f924f23 Thanks @​dyc3! - Improved useVueValidVOn to be more closely aligned with the source rule. It will now properly allow modifiers for all possible keyboard events. It should have better performance when there are no violations of the rule as well.

  Now treated valid:

  <div @keydown.arrow-down="handler"></div>
  <div @keydown.a="handler"></div>
  <div @keydown.b="handler"></div>
  <div @keydown.27="foo"></div>

• #8856 85f81f9 Thanks @​dyc3! - Fixed #8710: Biome now parses Vue dynamic slot shorthand arguments that use template literals in [].

• #8850 2a190e0 Thanks @​dyc3! - Fixed #8708: Tailwind @utility directives now parse functional utility names like px-* when Tailwind directives are enabled.

• #8863 79386e0 Thanks @​dyc3! - Fixed an issue with biome migrate eslint where it couldn't detect rules for CSS, GraphQL, and HTML.

• #8771 6f56b6e Thanks @​lghuahua! - Fix the --reporter=summary output incorrectly merging and displaying wrong issue counts for different rules. Fixes #8730

• #8714 ac3a71f Thanks @​Netail! - Added new nursery rule use-consistent-enum-value-type. This rule disallows enums from having both number and string members.

What's Changed

• fix(dx/codegen): don't insert module into biome_rule_options/src/lib.rs if it already exists by @​dyc3 in biomejs/biome#8847
• feat(js_analyze): implement useConsistentEnumValueType by @​Netail in biomejs/biome#8714
• fix(parse/html/vue): parse dynamic slot directives that contain quotes by @​dyc3 in biomejs/biome#8856
• fix(parse/css): improve parsing of @utility names by @​dyc3 in biomejs/biome#8850
• fix(cli): improve RuleName ordering and update summary snapshots close #8730 by @​lghuahua in biomejs/biome#8771
• fix(useVueValidVOn): align more with source rule, also use phf hash sets for perf by @​dyc3 in biomejs/biome#8815
• fix(migrate): fix migrate command not picking up rules for css, graphql, html by @​dyc3 in biomejs/biome#8863
• chore(deps): update dependency tombi to v0.7.23 by @​renovate[bot] in biomejs/biome#8865
• chore(deps): update pnpm to v10.28.1 by @​renovate[bot] in biomejs/biome#8866
• chore(deps): update rust crate proc-macro2 to 1.0.106 by @​renovate[bot] in biomejs/biome#8867
• chore(deps): update rust crate quote to 1.0.44 by @​renovate[bot] in biomejs/biome#8868
• fix(deps): update @​biomejs packages by @​renovate[bot] in biomejs/biome#8869
• chore(deps): update rust crate schemars to 1.2.0 by @​renovate[bot] in biomejs/biome#8875
• chore(deps): update @​biomejs packages by @​renovate[bot] in biomejs/biome#8872
• chore(deps): update github-actions by @​renovate[bot] in biomejs/biome#8873
• chore(deps): update typescript-eslint monorepo to v8.53.1 by @​renovate[bot] in biomejs/biome#8877
• fix(deps): update dependency prettier to v3.8.1 by @​renovate[bot] in biomejs/biome#8878
• chore(deps): update rust crate tokio to 1.49.0 by @​renovate[bot] in biomejs/biome#8876
• ci: release by @​github-actions[bot] in biomejs/biome#8853

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.3.13

Patch Changes

• #8815 f924f23 Thanks @​dyc3! - Improved useVueValidVOn to be more closely aligned with the source rule. It will now properly allow modifiers for all possible keyboard events. It should have better performance when there are no violations of the rule as well.

  Now treated valid:

  <div @keydown.arrow-down="handler"></div>
  <div @keydown.a="handler"></div>
  <div @keydown.b="handler"></div>
  <div @keydown.27="foo"></div>

• #8856 85f81f9 Thanks @​dyc3! - Fixed #8710: Biome now parses Vue dynamic slot shorthand arguments that use template literals in [].

• #8850 2a190e0 Thanks @​dyc3! - Fixed #8708: Tailwind @utility directives now parse functional utility names like px-* when Tailwind directives are enabled.

• #8863 79386e0 Thanks @​dyc3! - Fixed an issue with biome migrate eslint where it couldn't detect rules for CSS, GraphQL, and HTML.

• #8771 6f56b6e Thanks @​lghuahua! - Fix the --reporter=summary output incorrectly merging and displaying wrong issue counts for different rules. Fixes #8730

• #8714 ac3a71f Thanks @​Netail! - Added new nursery rule use-consistent-enum-value-type. This rule disallows enums from having both number and string members.

Commits

• 2c5e505 ci: release (#8853)
• ac3a71f feat(js_analyze): implement useConsistentEnumValueType (#8714)
• See full diff in compare view

Updates @playwright/test from 1.58.0 to 1.58.1

Release notes

Sourced from @​playwright/test's releases.

v1.58.1

Highlights

#39036 fix(msedge): fix local network permissions #39037 chore: update cft download location #38995 chore(webkit): disable frame sessions on fronzen builds

Browser Versions

• Chromium 145.0.7632.6
• Mozilla Firefox 146.0.1
• WebKit 26.0

Commits

• 97bc385 cherry-pick(#38995): chore(webkit): disable frame sessions on fronzen builds
• ad625fe chore: mark v1.58.1 (#39055)
• f07234d cherry-pick(#39036): fix(msedge): fix local network permissions (#39053)
• ab8136c cherry-pick(#39037): chore: update cft download location (#39052)
• aa6ffeb cherry-pick(#39014): docs: add 1.58 release notes for Java, Python, and C#
• See full diff in compare view

Updates @types/node from 25.0.10 to 25.2.0

Commits

• See full diff in compare view

Updates wrangler from 4.60.0 to 4.61.1

Release notes

Sourced from wrangler's releases.

wrangler@4.61.1

Patch Changes

• #12189 eb8a415 Thanks @​NuroDev! - Fixed Durable Object missing migrations warning message.

  If a Workers project includes some durable_objects in it but no migrations we show a warning to the user to add migrations to their config. However, this warning recommended new_classes for their migrations, but we instead now recommend all users use new_sqlite_classes instead.

• #11804 3b06b18 Thanks @​emily-shen! - fix: allow d1 execute, d1 export, and d1 migrations to work locally without database_id in config.

• #12183 17961bb Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260124.0	1.20260127.0

• #12196 52fdfe7 Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260127.0	1.20260128.0

• #12199 6d8d9cd Thanks @​petebacondarwin! - Prevent wrangler logout from failing when the Wrangler configuration file is invalid

  Previously, if your wrangler.toml or wrangler.json file contained syntax errors or invalid values, the wrangler logout command would fail. Now, configuration parsing errors are caught and logged at debug level, allowing you to log out regardless of the state of your configuration file.

• #12153 cb72c11 Thanks @​petebacondarwin! - Sanitize commands and arguments in telemetry to prevent accidentally capturing sensitive information.

  Changes:

  • Renamed telemetry fields from command/args to sanitizedCommand/sanitizedArgs to distinguish from historical fields that may have contained sensitive data in older versions
  • Command names now come from command definitions rather than user input, preventing accidental capture of sensitive data pasted as positional arguments
  • Sentry breadcrumbs now use the safe command name from definitions
  • Argument values are only included if explicitly allowed via COMMAND_ARG_ALLOW_LIST
  • Argument keys (names) are always included since they come from command definitions, not user input

• Updated dependencies [8a210af, 17961bb, 52fdfe7, 5f060c9]:

  • miniflare@4.20260128.0
  • @​cloudflare/unenv-preset@​2.12.0

wrangler@4.61.0

Minor Changes

• #12008 e414f05 Thanks @​penalosa! - Add support for customising the inspector IP address

  Adds a new --inspector-ip CLI flag and dev.inspector_ip configuration option to allow customising the IP address that the inspector server listens on. Previously, the inspector was hardcoded to listen only on 127.0.0.1.

... (truncated)

Commits

• 95154f5 Version Packages (#12184)
• 6d8d9cd fix(wrangler): prevent logout from failing on invalid config (#12199)
• 8a210af [explorer] add implementation for local KV API (take 2) (#12152)
• 52fdfe7 chore(deps): bump the workerd-and-workers-types group with 2 updates (#12196)
• cb72c11 refactor(wrangler): add safe command/args handling for telemetry (#12153)
• eb8a415 fix(wrangler): Update missing DO migrations message to recommend `new_sqlite_...
• 5f060c9 feat(unenv-preset): add native node:repl module support (#12007)
• 3b06b18 fix: allow D1 local commands to work without database_id (#11804)
• 17961bb chore(deps): bump the workerd-and-workers-types group with 2 updates (#12183)
• 1228dee Version Packages (#12045)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Preview URL	Updated (UTC)
✅ Deployment successful! View logs	dotforge	b5436c0	Commit Preview URL Branch Preview URL	Feb 01 2026, 05:00 PM