Bump the javascript-dependencies group with 9 updates

[dependabot]

Bumps the javascript-dependencies group with 9 updates:

Package	From	To
@astrojs/cloudflare	13.5.4	13.7.0
@astrojs/react	5.0.5	5.0.7
@auth0/auth0-spa-js	2.20.0	2.21.1
react	19.2.6	19.2.7
@types/react	19.2.15	19.2.17
react-dom	19.2.6	19.2.7
@biomejs/biome	2.4.15	2.4.16
@types/node	24.13.2	25.9.2
wrangler	4.95.0	4.99.0

Updates @astrojs/cloudflare from 13.5.4 to 13.7.0

Release notes

Sourced from @​astrojs/cloudflare's releases.

@​astrojs/cloudflare@​13.7.0

Minor Changes

• #16571 d4b0cd1 Thanks @​MA2153! - Sets immutable cache headers for static assets

  Static assets under _astro can be cached to improve performance. The adapter now automatically injects a Cache-Control header at build time when possible.

Patch Changes

• #16968 7a5c001 Thanks @​astrobot-houston! - Fixes a build crash when using experimental.advancedRouting with a custom fetchFile that statically imports cf from @astrojs/cloudflare/fetch. The circular dependency between @astrojs/cloudflare/fetch and astro/app/entrypoint caused createApp or createGetEnv to be undefined at module evaluation time. Initialization is now deferred to the first cf() call, breaking the cycle.

• Updated dependencies []:

  • @​astrojs/underscore-redirects@​1.0.3

@​astrojs/cloudflare@​13.6.1

Patch Changes

• #16914 4bdd240 Thanks @​matthewp! - Fixes astro/fetch and astro/hono being discovered at runtime during dev instead of pre-bundled

• #16693 9e6edc2 Thanks @​ArmandPhilippot! - Fixes a link in the documentation specifying where to open an issue for the adapter.

• Updated dependencies []:

  • @​astrojs/underscore-redirects@​1.0.3

@​astrojs/cloudflare@​13.6.0

13.6.0

Minor Changes

• #16729 01aa164 Thanks @​matthewp! - Adds @astrojs/cloudflare/fetch and @astrojs/cloudflare/hono exports for composing Cloudflare-specific setup with Astro's advanced routing handlers.

  @astrojs/cloudflare/fetch

  For use with astro/fetch in a custom fetch handler:

  import { astro, FetchState } from 'astro/fetch';
  import { cf } from '@astrojs/cloudflare/fetch';
  export default {
  async fetch(request: Request, env: Env, ctx: ExecutionContext) {
  const state = new FetchState(request);
  const asset = await cf(state, env, ctx);
  if (asset) return asset;
  return astro(state);
  },
  };

  @astrojs/cloudflare/hono

... (truncated)

Changelog

Sourced from @​astrojs/cloudflare's changelog.

13.7.0

Minor Changes

• #16571 d4b0cd1 Thanks @​MA2153! - Sets immutable cache headers for static assets

  Static assets under _astro can be cached to improve performance. The adapter now automatically injects a Cache-Control header at build time when possible.

Patch Changes

• #16968 7a5c001 Thanks @​astrobot-houston! - Fixes a build crash when using experimental.advancedRouting with a custom fetchFile that statically imports cf from @astrojs/cloudflare/fetch. The circular dependency between @astrojs/cloudflare/fetch and astro/app/entrypoint caused createApp or createGetEnv to be undefined at module evaluation time. Initialization is now deferred to the first cf() call, breaking the cycle.

• Updated dependencies []:

  • @​astrojs/underscore-redirects@​1.0.3

13.6.1

Patch Changes

• #16914 4bdd240 Thanks @​matthewp! - Fixes astro/fetch and astro/hono being discovered at runtime during dev instead of pre-bundled

• #16693 9e6edc2 Thanks @​ArmandPhilippot! - Fixes a link in the documentation specifying where to open an issue for the adapter.

• Updated dependencies []:

  • @​astrojs/underscore-redirects@​1.0.3

13.6.0

Minor Changes

• #16729 01aa164 Thanks @​matthewp! - Adds @astrojs/cloudflare/fetch and @astrojs/cloudflare/hono exports for composing Cloudflare-specific setup with Astro's advanced routing handlers.

  @astrojs/cloudflare/fetch

  For use with astro/fetch in a custom fetch handler:

  import { astro, FetchState } from 'astro/fetch';
  import { cf } from '@astrojs/cloudflare/fetch';
  export default {
  async fetch(request: Request, env: Env, ctx: ExecutionContext) {
  const state = new FetchState(request);
  const asset = await cf(state, env, ctx);
  if (asset) return asset;
  return astro(state);
  },
  };

... (truncated)

Commits

• 0b879fb [ci] release (#16972)
• ca26d0e [ci] format
• d4b0cd1 fix(cloudflare): inject headers for caching the assets folder (#16571)
• 7a5c001 fix(cloudflare): defer createApp/setGetEnv in fetch.ts to avoid circular impo...
• 75ae5df [ci] release (#16912)
• 272ca61 chore(deps): update pnpm to v11.5.0 (#16903)
• 4bdd240 Pre-bundle astro/fetch and astro/hono in Cloudflare optimizeDeps (#16914)
• 17a0fbd chore(deps): update devalue (#16900)
• 9e6edc2 fix(docs): replace last occurrences of withastro/adapters (#16693)
• da10b9e chore(deps): resolve peer dependency issues (#16894)
• Additional commits viewable in compare view

Updates @astrojs/react from 5.0.5 to 5.0.7

Release notes

Sourced from @​astrojs/react's releases.

@​astrojs/react@​5.0.7

Patch Changes

• #16900 17a0fbd Thanks @​ocavue! - Bumps devalue dependency to v5.8.1

@​astrojs/react@​5.0.6

Patch Changes

• Updated dependencies [f732f3c]:
  • @​astrojs/internal-helpers@​0.10.0

Changelog

Sourced from @​astrojs/react's changelog.

5.0.7

Patch Changes

• #16900 17a0fbd Thanks @​ocavue! - Bumps devalue dependency to v5.8.1

5.0.6

Patch Changes

• Updated dependencies [f732f3c]:
  • @​astrojs/internal-helpers@​0.10.0

Commits

• 75ae5df [ci] release (#16912)
• 17a0fbd chore(deps): update devalue (#16900)
• c7157e6 [ci] release (#16870)
• See full diff in compare view

Updates @auth0/auth0-spa-js from 2.20.0 to 2.21.1

Release notes

Sourced from @​auth0/auth0-spa-js's releases.

v2.21.1

Changed

• fix: parse enrollment id and verify url from location header #1617 (yogeshchoudhary147)

v2.21.0

Added

• feat: add MyAccount API client #1615 (yogeshchoudhary147)
• feat: add passkey authentication support #1614 (yogeshchoudhary147)

Changelog

Sourced from @​auth0/auth0-spa-js's changelog.

v2.21.1 (2026-06-03)

Full Changelog

Changed

• fix: parse enrollment id and verify url from location header #1617 (yogeshchoudhary147)

v2.21.0 (2026-06-01)

Full Changelog

Added

• feat: add MyAccount API client #1615 (yogeshchoudhary147)
• feat: add passkey authentication support #1614 (yogeshchoudhary147)

Commits

• 0e3f99a Release v2.21.1 (#1619)
• df516c7 chore: remove webauthn enroll/verify types from MyAccount (#1618)
• 758a189 fix: parse enrollment id and verify url from location header (#1617)
• 1a230df Release v2.21.0 (#1616)
• 60b7d1b feat: add MyAccount API client (#1615)
• 05581c7 feat: add passkey authentication support (#1614)
• ef80317 docs: add delegation and impersonation example for CTE (#1611)
• See full diff in compare view

Updates react from 19.2.6 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.

Updates @types/react from 19.2.15 to 19.2.17

Commits

• See full diff in compare view

Updates react-dom from 19.2.6 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

• Fixed missing FormData entries in Server Actions which regressed in 19.2.6 (#36566 by @​unstubbable)

Commits

• 6117d7c Version 19.2.7 (#36591)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.

Updates @biomejs/biome from 2.4.15 to 2.4.16

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.16

2.4.16

Patch Changes

• #10329 ef764d5 Thanks @​Conaclos! - Fixed an issue where diagnostics showed an incorrect location in Astro files.

• #10363 50aa415 Thanks @​dyc3! - Fixed HTML formatting for a case where comments could cause the formatter to split up a closing tag, which would cause the resulting HTML to be syntactically invalid.

  Input:

  <span
    ><!-- 1
  --><span>a</span
    ><!-- 2
  --><span>b</span
    ><!-- 3
  --></span>

  Output:

    <span
  	  ><!-- 1
  - --> <span>a</span<!-- 2
  - --> ><span>b</span><!-- 3
  + --><span>a</span><!-- 2
  + --><span>b</span><!-- 3
    --></span
    >

• #10465 0c718da Thanks @​dfedoryshchev! - Fixed diagnostics emitted by the noUntrustedLicenses rule.

• #10358 05c2617 Thanks @​dyc3! - Fixed #10356: biome rage --linter now displays rules enabled through linter domains in the enabled rules list.

• #10300 950247c Thanks @​dyc3! - Fixed #10265: Svelte function bindings such as bind:value={get, set} are now parsed more precisely, so noCommaOperator won't emit false positives for that syntax anymore.

• #9786 e71f584 Thanks @​MeGaNeKoS! - Fixed #8480: useDestructuring now provides variableDeclarator and assignmentExpression options to control which contexts enforce destructuring, matching ESLint's prefer-destructuring configuration. Both default to {array: true, object: true}. The diagnostic for object destructuring in assignment expressions now instructs users to wrap the assignment in parentheses.

• #10425 1948b72 Thanks @​sjh9714! - Fixed #10244: The useOptionalChain rule now detects negated guard inequality chains like !foo || foo.bar !== "x".

• #10442 001f94f Thanks @​ematipico! - Fixed #10411: noMisusedPromises no longer causes a stack overflow when a nested function returns an object with shorthand properties that shadow destructured variables from an outer scope.

• #10318 9b1577f Thanks @​dyc3! - Added support for formatter.trailingCommas in overrides. This option was previously available in the top-level formatter configuration but missing from formatter overrides.

• #10319 2e37709 Thanks @​dyc3! - Fixed Vue and Svelte formatting for standalone interpolations in inline elements. Biome now preserves existing newlines in cases like:

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.16

Patch Changes

• #10329 ef764d5 Thanks @​Conaclos! - Fixed an issue where diagnostics showed an incorrect location in Astro files.

• #10363 50aa415 Thanks @​dyc3! - Fixed HTML formatting for a case where comments could cause the formatter to split up a closing tag, which would cause the resulting HTML to be syntactically invalid.

  Input:

  <span
    ><!-- 1
  --><span>a</span
    ><!-- 2
  --><span>b</span
    ><!-- 3
  --></span>

  Output:

    <span
  	  ><!-- 1
  - --> <span>a</span<!-- 2
  - --> ><span>b</span><!-- 3
  + --><span>a</span><!-- 2
  + --><span>b</span><!-- 3
    --></span
    >

• #10465 0c718da Thanks @​dfedoryshchev! - Fixed diagnostics emitted by the noUntrustedLicenses rule.

• #10358 05c2617 Thanks @​dyc3! - Fixed #10356: biome rage --linter now displays rules enabled through linter domains in the enabled rules list.

• #10300 950247c Thanks @​dyc3! - Fixed #10265: Svelte function bindings such as bind:value={get, set} are now parsed more precisely, so noCommaOperator won't emit false positives for that syntax anymore.

• #9786 e71f584 Thanks @​MeGaNeKoS! - Fixed #8480: useDestructuring now provides variableDeclarator and assignmentExpression options to control which contexts enforce destructuring, matching ESLint's prefer-destructuring configuration. Both default to {array: true, object: true}. The diagnostic for object destructuring in assignment expressions now instructs users to wrap the assignment in parentheses.

• #10425 1948b72 Thanks @​sjh9714! - Fixed #10244: The useOptionalChain rule now detects negated guard inequality chains like !foo || foo.bar !== "x".

• #10442 001f94f Thanks @​ematipico! - Fixed #10411: noMisusedPromises no longer causes a stack overflow when a nested function returns an object with shorthand properties that shadow destructured variables from an outer scope.

• #10318 9b1577f Thanks @​dyc3! - Added support for formatter.trailingCommas in overrides. This option was previously available in the top-level formatter configuration but missing from formatter overrides.

• #10319 2e37709 Thanks @​dyc3! - Fixed Vue and Svelte formatting for standalone interpolations in inline elements. Biome now preserves existing newlines in cases like:

... (truncated)

Commits

• 5f4ea56 ci: release (#10326)
• de2a33c fix(core): regression in emitted types (#10478)
• d835303 docs: remove redundant default phrase in useConsistentObjectDefinitions rul...
• 4f1aaf2 fix: incorrect build when using build or test (#10426)
• dc73b6b refactor: make plugins opt-in via feature gate (#10418)
• e71f584 feat(useDestructuring): add options for assignment/declaration and improve di...
• 9b1577f fix(config): support trailingCommas in overrides (#10318)
• See full diff in compare view

Updates @types/node from 24.13.2 to 25.9.2

Commits

• See full diff in compare view

Updates wrangler from 4.95.0 to 4.99.0

Release notes

Sourced from wrangler's releases.

wrangler@4.99.0

Minor Changes

• #14169 0706fbf Thanks @​edmundhung! - Introduce createTestHarness() for integration testing Workers

  It runs Workers in a local preview environment using production build output and works with both Wrangler projects and Workers built by the Cloudflare Vite plugin.

  Use it from any Node.js test runner to send requests to individual Workers, trigger scheduled events, reset the server between tests, and mock outbound requests with libraries that intercept globalThis.fetch(), such as MSW.

  You can also capture structured logs from your Workers with getLogs(), or dump out a diagnostic timeline with debug() when tests fail:

  import { createTestHarness } from "wrangler";
  const server = createTestHarness({
  workers: [
  { configPath: "./dist/web_worker/wrangler.json" },
  { configPath: "./dist/api_worker/wrangler.json" },
  ],
  });
  await server.listen();
  await server.fetch("http://example.com");
  const apiWorker = server.getWorker("api-worker");
  await apiWorker.fetch("http://example.com/users/123");
  await apiWorker.scheduled({ cron: "0 0 * * *" });
  server.getLogs();
  if (testFailed) {
  server.debug();
  }
  await server.reset();
  await server.close();

• #14174 8cf8c61 Thanks @​oliy! - Surface pipeline status and failure reasons in wrangler pipelines list and wrangler pipelines get

  wrangler pipelines list now includes a Status column, and when any pipelines are in a failed state it prints a summary of each failing pipeline along with the reason reported by the API.

  wrangler pipelines get now shows the pipeline Status in the general details and, for failed pipelines, highlights the failure with the reason returned by the server so it is clear why a pipeline is not running.

• #14211 a61ac29 Thanks @​james-elicx! - Add --version-tag support to wrangler versions deploy to deploy a version by its tag

  You can now roll out or roll back a version by the tag it was uploaded with (e.g. a commit SHA passed to --tag at upload time) instead of first looking up its Version ID:

  wrangler versions deploy --version-tag <sha>@100%

... (truncated)

Commits

• 8a4bfe5 Version Packages (#14179)
• f8d7700 feat(wrangler): capture runtime logs and print debug timelines with `createTe...
• 4bb572f Bump the workerd-and-workers-types group with 2 updates (#14231)
• dcd116a feat(wrangler): improve createTestHarness() configuration setup (#14227)
• 75e652a Revert "Make Ctrl+C triggered during the skills-install prompt dismiss it per...
• e13b8c0 [C3] Bump @​angular/create from 21.2.13 to 22.0.0 in /packages/create-cloudfla...
• a61ac29 [wrangler] Add --version-tag support to versions deploy (#14211)
• 24497d0 Bump the workerd-and-workers-types group with 2 updates (#14217)
• 0706fbf feat(wrangler): createTestHarness API (#14169)
• 8923f97 Preserve all deployment-affecting CLI flags in the interactive deploy config ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
❌ Deployment failed View logs	letsbuilda-dev	e240fc8	Jun 17 2026, 07:14 PM