chore(deps): bump the patch-updates group across 1 directory with 10 updates

[dependabot]

Bumps the patch-updates group with 10 updates in the / directory:

Package	From	To
@astrojs/check	0.9.8	0.9.9
@astrojs/mdx	5.0.3	5.0.6
@astrojs/sitemap	3.7.2	3.7.3
@astrojs/vercel	10.0.4	10.0.8
@iconify-json/material-symbols	1.2.66	1.2.76
@iconify-json/tabler	1.2.33	1.2.35
@tailwindcss/typography	0.5.19	0.5.20
sanitize-html	2.17.2	2.17.4
@astrojs/ts-plugin	1.10.7	1.10.9
@biomejs/biome	2.4.12	2.4.16

Updates @astrojs/check from 0.9.8 to 0.9.9

Release notes

Sourced from @​astrojs/check's releases.

@​astrojs/check@​0.9.9

Patch Changes

• #16471 f56bb3f Thanks @​delucis! - Adds support for TypeScript v6 to peer dependencies range

• Updated dependencies [8c62159]:

  • @​astrojs/language-server@​2.16.7

Changelog

Sourced from @​astrojs/check's changelog.

0.9.9

Patch Changes

• #16471 f56bb3f Thanks @​delucis! - Adds support for TypeScript v6 to peer dependencies range

• Updated dependencies [8c62159]:

  • @​astrojs/language-server@​2.16.7

Commits

• c1f2e4f [ci] release (#16467)
• f56bb3f Widen typescript peer dependency range to allow v6 (#16471)
• 184700c fix(deps): update language tools (#16230)
• 88fcc98 fix integrations links across docs (#16098)
• b9e96da fix(deps): update dependency vitest to v4 (#15372)
• See full diff in compare view

Updates @astrojs/mdx from 5.0.3 to 5.0.6

Release notes

Sourced from @​astrojs/mdx's releases.

@​astrojs/mdx@​5.0.6

Patch Changes

• #16579 49e10e3 Thanks @​igor-koop! - Fixes an issue where the smartypants option was ignored.

@​astrojs/mdx@​5.0.5

Patch Changes

• Updated dependencies [9256345]:
  • @​astrojs/markdown-remark@​7.1.2

Changelog

Sourced from @​astrojs/mdx's changelog.

5.0.6

Patch Changes

• #16579 49e10e3 Thanks @​igor-koop! - Fixes an issue where the smartypants option was ignored.

5.0.5

Patch Changes

• Updated dependencies [9256345]:
  • @​astrojs/markdown-remark@​7.1.2

5.0.4

Patch Changes

• Updated dependencies [f3485c3]:
  • @​astrojs/markdown-remark@​7.1.1

Commits

• 5ec95d0 [ci] release (#16736)
• 0f868b0 chore: remove redundant server assertions (#16721)
• 49e10e3 fix(mdx): support smartypants option objects (#16579)
• e345bcd [ci] release (#16653)
• 5a8cd09 refactor: update tsconfig to use TypeScript project references (#16505)
• 28fb3e1 feat: experimental logger (#16477)
• 5c543c5 refactor(astro): add internal entry points for test (#16473)
• f1fb559 refactor(astro): migrate test helpers to TypeScript (#16474)
• 21ca872 [ci] release (#16399)
• 99464ed Bump vite, picomatch, and unstorage to latest patch versions (#16448)
• Additional commits viewable in compare view

Updates @astrojs/sitemap from 3.7.2 to 3.7.3

Release notes

Sourced from @​astrojs/sitemap's releases.

@​astrojs/sitemap@​3.7.3

Patch Changes

• #16837 783c4a6 Thanks @​jdevalk! - Improves <lastmod> accuracy in the sitemap index. Each <sitemap> entry in sitemap-index.xml is now stamped with the most recent lastmod of the URLs in the child sitemap it points to, instead of repeating a single global date on every entry. When a child sitemap has no per-URL lastmod, the entry falls back to the lastmod option as before. This gives search engines a per-file freshness signal, so they can tell which child sitemaps actually changed without refetching all of them.

Changelog

Sourced from @​astrojs/sitemap's changelog.

3.7.3

Patch Changes

• #16837 783c4a6 Thanks @​jdevalk! - Improves <lastmod> accuracy in the sitemap index. Each <sitemap> entry in sitemap-index.xml is now stamped with the most recent lastmod of the URLs in the child sitemap it points to, instead of repeating a single global date on every entry. When a child sitemap has no per-URL lastmod, the entry falls back to the lastmod option as before. This gives search engines a per-file freshness signal, so they can tell which child sitemaps actually changed without refetching all of them.

Commits

• 1e49163 [ci] release (#16832)
• 783c4a6 Stamp sitemap index entries with per-file lastmod (#16837)
• 5a8cd09 refactor: update tsconfig to use TypeScript project references (#16505)
• 5c543c5 refactor(astro): add internal entry points for test (#16473)
• f7566b8 refactor: unify test setup (#16445)
• ba2dbf1 refactor(astro): correct Fixture type signatures in test-utils (#16380)
• 245f300 refactor: migrate sitemap tests to typescript (#16353)
• 88fcc98 fix integrations links across docs (#16098)
• See full diff in compare view

Updates @astrojs/vercel from 10.0.4 to 10.0.8

Release notes

Sourced from @​astrojs/vercel's releases.

@​astrojs/vercel@​10.0.8

Patch Changes

• Updated dependencies [f732f3c]:
  • @​astrojs/internal-helpers@​0.10.0

@​astrojs/vercel@​10.0.7

Patch Changes

• Updated dependencies [d365c97]:
  • @​astrojs/internal-helpers@​0.9.1

@​astrojs/vercel@​10.0.6

Patch Changes

• #16486 0bae1a5 Thanks @​cyphercodes! - Fix forwarded serverless requests with streamed bodies by preserving the required duplex: 'half' option when rewriting middleware paths.

Changelog

Sourced from @​astrojs/vercel's changelog.

10.0.8

Patch Changes

• Updated dependencies [f732f3c]:
  • @​astrojs/internal-helpers@​0.10.0

10.0.7

Patch Changes

• Updated dependencies [d365c97]:
  • @​astrojs/internal-helpers@​0.9.1

10.0.6

Patch Changes

• #16486 0bae1a5 Thanks @​cyphercodes! - Fix forwarded serverless requests with streamed bodies by preserving the required duplex: 'half' option when rewriting middleware paths.

10.0.5

Patch Changes

• Updated dependencies [99464ed, f3485c3]:
  • @​astrojs/internal-helpers@​0.9.0

Commits

• c7157e6 [ci] release (#16870)
• e345bcd [ci] release (#16653)
• 5a8cd09 refactor: update tsconfig to use TypeScript project references (#16505)
• c1f2e4f [ci] release (#16467)
• 0bae1a5 fix(vercel): preserve duplex for forwarded request bodies (#16486)
• 5c543c5 refactor(astro): add internal entry points for test (#16473)
• f1fb559 refactor(astro): migrate test helpers to TypeScript (#16474)
• 21ca872 [ci] release (#16399)
• 99464ed Bump vite, picomatch, and unstorage to latest patch versions (#16448)
• c085cb2 refactor(vercel): remove duplicated test files (#16416)
• Additional commits viewable in compare view

Updates @iconify-json/material-symbols from 1.2.66 to 1.2.76

Commits

• See full diff in compare view

Updates @iconify-json/tabler from 1.2.33 to 1.2.35

Commits

• See full diff in compare view

Updates @tailwindcss/typography from 0.5.19 to 0.5.20

Release notes

Sourced from @​tailwindcss/typography's releases.

v0.5.20

Fixed

• Support installing with stable versions of Tailwind CSS v4 (#424)

Changelog

Sourced from @​tailwindcss/typography's changelog.

[0.5.20] - 2026-06-08

Fixed

• Support installing with stable versions of Tailwind CSS v4 (#424)

Commits

• e3714a3 0.5.20
• f34283d Update tailwindcss peer dependency version (#424)
• 543de42 bump Node.js
• 881b048 Setup OIDC (#423)
• 74a3da7 Fix typo in README.md (#413)
• 3963dfe Bump js-yaml from 3.14.1 to 3.14.2 (#410)
• abf85cc className instead of classname (#406)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​tailwindcss/typography since your current version.

Updates sanitize-html from 2.17.2 to 2.17.4

Changelog

Sourced from sanitize-html's changelog.

2.17.4

Changes

• sanitize-html and launder now share a single implementation of naughtyHref, based on that which previously existed in sanitize-html.

Security

• Security vulnerability: the xmp tag could be used to pass forbidden markup through sanitize-html, even when xmp itself is not explicitly allowed All users of sanitize-html should update immediately. Thanks to Vincenzo Turturro for reporting the vulnerability.

2.17.3 (2026-04-15)

Security

• Fix vulnerability introduced in version 2.17.2 that allowed XSS attacks if the developer chose to permit option tags. There was no vulnerability when not explicitly allowing option tags.

Commits

• e9b0ab0 release only (changelogs formatted) (#5408)
• f03fa5b Latest security merge (#5407)
• 96cf174 For release only (#5381)
• 7ca2d16 Merge commit from fork
• 297a422 Bump dependencies (#5376)
• See full diff in compare view

Updates @astrojs/ts-plugin from 1.10.7 to 1.10.9

Release notes

Sourced from @​astrojs/ts-plugin's releases.

@​astrojs/ts-plugin@​1.10.9

Patch Changes

• #16661 03b8f7f Thanks @​ocavue! - Updates typescript to v6. No changes are needed from users.

• Updated dependencies [03b8f7f]:

  • @​astrojs/yaml2ts@​0.2.4

@​astrojs/ts-plugin@​1.10.8

Patch Changes

• #16716 04fdbb2 Thanks @​delucis! - Drops support for versions of VS Code below 1.101.0 [May 2025]

Changelog

Sourced from @​astrojs/ts-plugin's changelog.

1.10.9

Patch Changes

• #16661 03b8f7f Thanks @​ocavue! - Updates typescript to v6. No changes are needed from users.

• Updated dependencies [03b8f7f]:

  • @​astrojs/yaml2ts@​0.2.4

1.10.8

Patch Changes

• #16716 04fdbb2 Thanks @​delucis! - Drops support for versions of VS Code below 1.101.0 [May 2025]

Commits

• See full diff in compare view

Updates @biomejs/biome from 2.4.12 to 2.4.16

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.4.16

2.4.16

Patch Changes

• #10329 ef764d5 Thanks @​Conaclos! - Fixed an issue where diagnostics showed an incorrect location in Astro files.

• #10363 50aa415 Thanks @​dyc3! - Fixed HTML formatting for a case where comments could cause the formatter to split up a closing tag, which would cause the resulting HTML to be syntactically invalid.

  Input:

  <span
    ><!-- 1
  --><span>a</span
    ><!-- 2
  --><span>b</span
    ><!-- 3
  --></span>

  Output:

    <span
  	  ><!-- 1
  - --> <span>a</span<!-- 2
  - --> ><span>b</span><!-- 3
  + --><span>a</span><!-- 2
  + --><span>b</span><!-- 3
    --></span
    >

• #10465 0c718da Thanks @​dfedoryshchev! - Fixed diagnostics emitted by the noUntrustedLicenses rule.

• #10358 05c2617 Thanks @​dyc3! - Fixed #10356: biome rage --linter now displays rules enabled through linter domains in the enabled rules list.

• #10300 950247c Thanks @​dyc3! - Fixed #10265: Svelte function bindings such as bind:value={get, set} are now parsed more precisely, so noCommaOperator won't emit false positives for that syntax anymore.

• #9786 e71f584 Thanks @​MeGaNeKoS! - Fixed #8480: useDestructuring now provides variableDeclarator and assignmentExpression options to control which contexts enforce destructuring, matching ESLint's prefer-destructuring configuration. Both default to {array: true, object: true}. The diagnostic for object destructuring in assignment expressions now instructs users to wrap the assignment in parentheses.

• #10425 1948b72 Thanks @​sjh9714! - Fixed #10244: The useOptionalChain rule now detects negated guard inequality chains like !foo || foo.bar !== "x".

• #10442 001f94f Thanks @​ematipico! - Fixed #10411: noMisusedPromises no longer causes a stack overflow when a nested function returns an object with shorthand properties that shadow destructured variables from an outer scope.

• #10318 9b1577f Thanks @​dyc3! - Added support for formatter.trailingCommas in overrides. This option was previously available in the top-level formatter configuration but missing from formatter overrides.

• #10319 2e37709 Thanks @​dyc3! - Fixed Vue and Svelte formatting for standalone interpolations in inline elements. Biome now preserves existing newlines in cases like:

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.4.16

Patch Changes

• #10329 ef764d5 Thanks @​Conaclos! - Fixed an issue where diagnostics showed an incorrect location in Astro files.

• #10363 50aa415 Thanks @​dyc3! - Fixed HTML formatting for a case where comments could cause the formatter to split up a closing tag, which would cause the resulting HTML to be syntactically invalid.

  Input:

  <span
    ><!-- 1
  --><span>a</span
    ><!-- 2
  --><span>b</span
    ><!-- 3
  --></span>

  Output:

    <span
  	  ><!-- 1
  - --> <span>a</span<!-- 2
  - --> ><span>b</span><!-- 3
  + --><span>a</span><!-- 2
  + --><span>b</span><!-- 3
    --></span
    >

• #10465 0c718da Thanks @​dfedoryshchev! - Fixed diagnostics emitted by the noUntrustedLicenses rule.

• #10358 05c2617 Thanks @​dyc3! - Fixed #10356: biome rage --linter now displays rules enabled through linter domains in the enabled rules list.

• #10300 950247c Thanks @​dyc3! - Fixed #10265: Svelte function bindings such as bind:value={get, set} are now parsed more precisely, so noCommaOperator won't emit false positives for that syntax anymore.

• #9786 e71f584 Thanks @​MeGaNeKoS! - Fixed #8480: useDestructuring now provides variableDeclarator and assignmentExpression options to control which contexts enforce destructuring, matching ESLint's prefer-destructuring configuration. Both default to {array: true, object: true}. The diagnostic for object destructuring in assignment expressions now instructs users to wrap the assignment in parentheses.

• #10425 1948b72 Thanks @​sjh9714! - Fixed #10244: The useOptionalChain rule now detects negated guard inequality chains like !foo || foo.bar !== "x".

• #10442 001f94f Thanks @​ematipico! - Fixed #10411: noMisusedPromises no longer causes a stack overflow when a nested function returns an object with shorthand properties that shadow destructured variables from an outer scope.

• #10318 9b1577f Thanks @​dyc3! - Added support for formatter.trailingCommas in overrides. This option was previously available in the top-level formatter configuration but missing from formatter overrides.

• #10319 2e37709 Thanks @​dyc3! - Fixed Vue and Svelte formatting for standalone interpolations in inline elements. Biome now preserves existing newlines in cases like:

... (truncated)

Commits

• 5f4ea56 ci: release (#10326)
• de2a33c fix(core): regression in emitted types (#10478)
• d835303 docs: remove redundant default phrase in useConsistentObjectDefinitions rul...
• 4f1aaf2 fix: incorrect build when using build or test (#10426)
• dc73b6b refactor: make plugins opt-in via feature gate (#10418)
• e71f584 feat(useDestructuring): add options for assignment/declaration and improve di...
• 9b1577f fix(config): support trailingCommas in overrides (#10318)
• 9dd3271 ci: release (#10210)
• 7b8d4e1 feat(lint/html/vue): add useVueValidVFor (#10195)
• ba3480e feat(lint/js): add useTestHooksInOrder (#9394)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions