build: bump astro from 5.8.0 to 5.9.0

[dependabot]

Bumps astro from 5.8.0 to 5.9.0.

Release notes

Sourced from astro's releases.

[email protected]

Minor Changes

• #13802 0eafe14 Thanks @​ematipico! - Adds experimental Content Security Policy (CSP) support

  CSP is an important feature to provide fine-grained control over resources that can or cannot be downloaded and executed by a document. In particular, it can help protect against cross-site scripting (XSS) attacks.

  Enabling this feature adds additional security to Astro's handling of processed and bundled scripts and styles by default, and allows you to further configure these, and additional, content types. This new experimental feature has been designed to work in every Astro rendering environment (static pages, dynamic pages and single page applications), while giving you maximum flexibility and with type-safety in mind.

  It is compatible with most of Astro's features such as client islands, and server islands, although Astro's view transitions using the <ClientRouter /> are not yet fully supported. Inline scripts are not supported out of the box, but you can provide your own hashes for external and inline scripts.

  To enable this feature, add the experimental flag in your Astro config:

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  export default defineConfig({
  experimental: {
  csp: true,
  },
  });

  For more information on enabling and using this feature in your project, see the Experimental CSP docs.

  For a complete overview, and to give feedback on this experimental API, see the Content Security Policy RFC.

• #13850 1766d22 Thanks @​ascorbic! - Provides a Markdown renderer to content loaders

  When creating a content loader, you will now have access to a renderMarkdown function that allows you to render Markdown content directly within your loaders. It uses the same settings and plugins as the renderer used for Markdown files in Astro, and follows any Markdown settings you have configured in your Astro project.

  This allows you to render Markdown content from various sources, such as a CMS or other data sources, directly in your loaders without needing to preprocess the Markdown content separately.

  import type { Loader } from 'astro/loaders';
  import { loadFromCMS } from './cms';
  export function myLoader(settings): Loader {
  return {
  name: 'my-loader',
  async load({ renderMarkdown, store }) {
  const entries = await loadFromCMS();
    store.clear();
  for (const entry of entries) {
  // Assume each entry has a 'content' field with markdown content
  store.set(entry.id, {
  id: entry.id,

... (truncated)

Changelog

Sourced from astro's changelog.

5.9.0

Minor Changes

• #13802 0eafe14 Thanks @​ematipico! - Adds experimental Content Security Policy (CSP) support

  CSP is an important feature to provide fine-grained control over resources that can or cannot be downloaded and executed by a document. In particular, it can help protect against cross-site scripting (XSS) attacks.

  Enabling this feature adds additional security to Astro's handling of processed and bundled scripts and styles by default, and allows you to further configure these, and additional, content types. This new experimental feature has been designed to work in every Astro rendering environment (static pages, dynamic pages and single page applications), while giving you maximum flexibility and with type-safety in mind.

  It is compatible with most of Astro's features such as client islands, and server islands, although Astro's view transitions using the <ClientRouter /> are not yet fully supported. Inline scripts are not supported out of the box, but you can provide your own hashes for external and inline scripts.

  To enable this feature, add the experimental flag in your Astro config:

  // astro.config.mjs
  import { defineConfig } from 'astro/config';
  export default defineConfig({
  experimental: {
  csp: true,
  },
  });

  For more information on enabling and using this feature in your project, see the Experimental CSP docs.

  For a complete overview, and to give feedback on this experimental API, see the Content Security Policy RFC.

• #13850 1766d22 Thanks @​ascorbic! - Provides a Markdown renderer to content loaders

  When creating a content loader, you will now have access to a renderMarkdown function that allows you to render Markdown content directly within your loaders. It uses the same settings and plugins as the renderer used for Markdown files in Astro, and follows any Markdown settings you have configured in your Astro project.

  This allows you to render Markdown content from various sources, such as a CMS or other data sources, directly in your loaders without needing to preprocess the Markdown content separately.

  import type { Loader } from 'astro/loaders';
  import { loadFromCMS } from './cms';
  export function myLoader(settings): Loader {
  return {
  name: 'my-loader',
  async load({ renderMarkdown, store }) {
  const entries = await loadFromCMS();
    store.clear();
  for (const entry of entries) {
  // Assume each entry has a 'content' field with markdown content
  store.set(entry.id, {

... (truncated)

Commits

• 0947a69 [ci] release (#13889)
• 761abb6 [ci] format
• 0eafe14 feat: experimental CSP (#13802)
• 1766d22 feat: adds support for rendering markdown in loaders (#13850)
• 62f0668 Suppress supported features log option (#13887)
• 1d628d5 [ci] release (#13873)
• 50a3788 [ci] format
• 5a7797f fix: request should be properly cloned first then copy to modified in middlew...
• 442b841 Fixes rendering of the download attribute when it has a boolean value (#13872)
• 0c50c31 [ci] release (#13845)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)