Bump the patch-updates group across 1 directory with 12 updates

[dependabot]

Bumps the patch-updates group with 12 updates in the / directory:

Package	From	To
@astrojs/check	0.9.7	0.9.9
@astrojs/rss	4.0.17	4.0.18
@astrojs/sitemap	3.7.1	3.7.3
@fancyapps/ui	6.1.13	6.1.14
dayjs	1.11.19	1.11.21
sanitize-html	2.17.1	2.17.4
@types/sanitize-html	2.16.0	2.16.1
@astrojs/ts-plugin	1.10.7	1.10.9
@iconify-json/material-symbols	1.2.63	1.2.76
@iconify-json/simple-icons	1.2.74	1.2.85
prettier	3.8.1	3.8.3
prettier-plugin-svelte	3.5.1	3.5.2

Updates @astrojs/check from 0.9.7 to 0.9.9

Release notes

Sourced from @​astrojs/check's releases.

@​astrojs/check@​0.9.9

Patch Changes

• #16471 f56bb3f Thanks @​delucis! - Adds support for TypeScript v6 to peer dependencies range

• Updated dependencies [8c62159]:

  • @​astrojs/language-server@​2.16.7

Changelog

Sourced from @​astrojs/check's changelog.

0.9.9

Patch Changes

• #16471 f56bb3f Thanks @​delucis! - Adds support for TypeScript v6 to peer dependencies range

• Updated dependencies [8c62159]:

  • @​astrojs/language-server@​2.16.7

0.9.8

Patch Changes

• #15892 a2f597d Thanks @​Princesseuh! - Fixes Astro not being able to find astro check sometimes

• Updated dependencies [7b4b254]:

  • @​astrojs/language-server@​2.16.5

Commits

• c1f2e4f [ci] release (#16467)
• f56bb3f Widen typescript peer dependency range to allow v6 (#16471)
• 184700c fix(deps): update language tools (#16230)
• 88fcc98 fix integrations links across docs (#16098)
• b9e96da fix(deps): update dependency vitest to v4 (#15372)
• 09ecdd7 [ci] release (#15889)
• a2f597d fix(check): Revert publint lint fix (#15892)
• See full diff in compare view

Updates @astrojs/rss from 4.0.17 to 4.0.18

Release notes

Sourced from @​astrojs/rss's releases.

@​astrojs/yaml2ts@​0.2.4

Patch Changes

• #16661 03b8f7f Thanks @​ocavue! - Updates typescript to v6. No changes are needed from users.

Changelog

Sourced from @​astrojs/rss's changelog.

4.0.18

Patch Changes

• #16037 fdd2c5a Thanks @​blimmer! - Unpin fast-xml-parser to ^5.5.7 to resolve entity expansion CVEs

Commits

• 4a6ff2a [ci] release (#16020)
• fdd2c5a fix(rss): unpin fast-xml-parser to resolve entity expansion CVEs (#16037)
• See full diff in compare view

Updates @astrojs/sitemap from 3.7.1 to 3.7.3

Release notes

Sourced from @​astrojs/sitemap's releases.

@​astrojs/sitemap@​3.7.3

Patch Changes

• #16837 783c4a6 Thanks @​jdevalk! - Improves <lastmod> accuracy in the sitemap index. Each <sitemap> entry in sitemap-index.xml is now stamped with the most recent lastmod of the URLs in the child sitemap it points to, instead of repeating a single global date on every entry. When a child sitemap has no per-URL lastmod, the entry falls back to the lastmod option as before. This gives search engines a per-file freshness signal, so they can tell which child sitemaps actually changed without refetching all of them.

Changelog

Sourced from @​astrojs/sitemap's changelog.

3.7.3

Patch Changes

• #16837 783c4a6 Thanks @​jdevalk! - Improves <lastmod> accuracy in the sitemap index. Each <sitemap> entry in sitemap-index.xml is now stamped with the most recent lastmod of the URLs in the child sitemap it points to, instead of repeating a single global date on every entry. When a child sitemap has no per-URL lastmod, the entry falls back to the lastmod option as before. This gives search engines a per-file freshness signal, so they can tell which child sitemaps actually changed without refetching all of them.

3.7.2

Patch Changes

• #15455 babf57f Thanks @​AhmadYasser1! - Fixes i18n fallback pages missing from the generated sitemap when using fallbackType: 'rewrite'.

Commits

• 1e49163 [ci] release (#16832)
• 783c4a6 Stamp sitemap index entries with per-file lastmod (#16837)
• 5a8cd09 refactor: update tsconfig to use TypeScript project references (#16505)
• 5c543c5 refactor(astro): add internal entry points for test (#16473)
• f7566b8 refactor: unify test setup (#16445)
• ba2dbf1 refactor(astro): correct Fixture type signatures in test-utils (#16380)
• 245f300 refactor: migrate sitemap tests to typescript (#16353)
• 88fcc98 fix integrations links across docs (#16098)
• 4a6ff2a [ci] release (#16020)
• 28079e9 [ci] format
• Additional commits viewable in compare view

Updates @fancyapps/ui from 6.1.13 to 6.1.14

Release notes

Sourced from @​fancyapps/ui's releases.

v6.1.14

Please refer to CHANGELOG.md for details.

Changelog

Sourced from @​fancyapps/ui's changelog.

6.1.14 (2026-04-29)

Bug Fixes

• Panzoom Fix an issue where a vertical image could not be dragged correctly after rotating
• Panzoom Fix pin positioning in some cases

Features

• Carousel Add support for external controls

Commits

• 70177db 6.1.14
• See full diff in compare view

Updates dayjs from 1.11.19 to 1.11.21

Release notes

Sourced from dayjs's releases.

v1.11.21

1.11.21 (2026-05-26)

Bug Fixes

• preserve unsupported year tokens in format (#3015) (#3016) (8fda602)

v1.11.20

1.11.20 (2026-03-12)

Bug Fixes

• Update locale km.js to support meridiem (#3017) (9d2b6a1)
• update updateLocale plugin to merge nested object properties instead of replacing (#3012) (99691c5), closes #1118

Changelog

Sourced from dayjs's changelog.

1.11.21 (2026-05-26)

Bug Fixes

• preserve unsupported year tokens in format (#3015) (#3016) (8fda602)

1.11.20 (2026-03-12)

Bug Fixes

• Update locale km.js to support meridiem (#3017) (9d2b6a1)
• update updateLocale plugin to merge nested object properties instead of replacing (#3012) (99691c5), closes #1118

Commits

• a25f01e chore(release): 1.11.21 [skip ci]
• ee75cc2 Merge pull request #3113 from iamkun/dev
• 1a8bf27 chore: update doc
• 51ef048 chore: support window os test execution using cross-env (#3064)
• 7bb06f8 chore: add download chart (#3045)
• f6d72ce docs: fix documentation (#3044)
• dcae6d7 chore: update doc
• b84592f chore: update doc
• ea2929d chore: update doc
• 523007d chore: update doc
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for dayjs since your current version.

Updates sanitize-html from 2.17.1 to 2.17.4

Changelog

Sourced from sanitize-html's changelog.

2.17.4

Changes

• sanitize-html and launder now share a single implementation of naughtyHref, based on that which previously existed in sanitize-html.

Security

• Security vulnerability: the xmp tag could be used to pass forbidden markup through sanitize-html, even when xmp itself is not explicitly allowed All users of sanitize-html should update immediately. Thanks to Vincenzo Turturro for reporting the vulnerability.

2.17.3 (2026-04-15)

Security

• Fix vulnerability introduced in version 2.17.2 that allowed XSS attacks if the developer chose to permit option tags. There was no vulnerability when not explicitly allowing option tags.

2.17.2 (2026-03-19)

Changes

• Upgrade htmlparser2 from 8.x to 10.1.0. This improves security by correctly decoding zero-padded numeric character references (e.g., &[#0000001](https://github.com/apostrophecms/apostrophe/tree/HEAD/packages/sanitize-html/issues/0000001)) that previously bypassed javascript: URL detection. Also fixes double-encoding of entities inside raw text elements like textarea and option.

Commits

• See full diff in compare view

Updates @types/sanitize-html from 2.16.0 to 2.16.1

Commits

• See full diff in compare view

Updates @astrojs/ts-plugin from 1.10.7 to 1.10.9

Release notes

Sourced from @​astrojs/ts-plugin's releases.

@​astrojs/ts-plugin@​1.10.9

Patch Changes

• #16661 03b8f7f Thanks @​ocavue! - Updates typescript to v6. No changes are needed from users.

• Updated dependencies [03b8f7f]:

  • @​astrojs/yaml2ts@​0.2.4

@​astrojs/ts-plugin@​1.10.8

Patch Changes

• #16716 04fdbb2 Thanks @​delucis! - Drops support for versions of VS Code below 1.101.0 [May 2025]

Changelog

Sourced from @​astrojs/ts-plugin's changelog.

1.10.9

Patch Changes

• #16661 03b8f7f Thanks @​ocavue! - Updates typescript to v6. No changes are needed from users.

• Updated dependencies [03b8f7f]:

  • @​astrojs/yaml2ts@​0.2.4

1.10.8

Patch Changes

• #16716 04fdbb2 Thanks @​delucis! - Drops support for versions of VS Code below 1.101.0 [May 2025]

Commits

• See full diff in compare view

Updates @iconify-json/material-symbols from 1.2.63 to 1.2.76

Commits

• See full diff in compare view

Updates @iconify-json/simple-icons from 1.2.74 to 1.2.85

Commits

• See full diff in compare view

Updates @types/sanitize-html from 2.16.0 to 2.16.1

Commits

• See full diff in compare view

Updates prettier from 3.8.1 to 3.8.3

Release notes

Sourced from prettier's releases.

3.8.3

• SCSS: Prevent trailing comma in if() function (prettier/prettier#18471 by @​kovsu)

🔗 Changelog

3.8.2

• Support Angular v21.2

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.3

diff

SCSS: Prevent trailing comma in if() function (#18471 by @​kovsu)

// Input
$value: if(sass(false): 1; else: -1);
// Prettier 3.8.2
$value: if(
sass(false): 1; else: -1,
);
// Prettier 3.8.3
$value: if(sass(false): 1; else: -1);

3.8.2

diff

Angular: Support Angular v21.2 (#18722, #19034 by @​fisker)

Exhaustive typechecking with @default never;

<!-- Input -->
@switch (foo) {
  @case (1) {}
  @default never;
}
<!-- Prettier 3.8.1 -->
SyntaxError: Incomplete block "default never". If you meant to write the @ character, you should use the "&#64;" HTML entity instead. (3:3)
<!-- Prettier 3.8.2 -->
@​switch (foo) {
@​case (1) {}
@​default never;
}

arrow function and instanceof expressions.

</tr></table> 

... (truncated)

Commits

• d7108a7 Release 3.8.3
• 177f908 Prevent trailing comma in SCSS if() function (#18471)
• 1cd4066 Release @​prettier/plugin-oxc@​0.1.4
• a8700e2 Update oxc-parser to v0.125.0
• 752157c Fix tests
• 053fd41 Bump Prettier dependency to 3.8.2
• 904c636 Clean changelog_unreleased
• dc1f7fc Update dependents count
• b31557c Release 3.8.2
• 96bbaed Support Angular v21.2 (#18722)
• Additional commits viewable in compare view

Updates prettier-plugin-svelte from 3.5.1 to 3.5.2

Changelog

Sourced from prettier-plugin-svelte's changelog.

3.5.2

• (fix) Preserve non-breaking spaces
• (fix) handle comments in bind: get/set tuple
• (fix) handle computed properties in e.g. {#each} blocks

Commits

• 44dda20 chore: release 3.5.2
• ccaaf35 fix: handle computed properties in e.g. {#each} blocks (#519)
• 1e2adf9 fix: handle comments in bind: get/set tuple (#518)
• 287b98c fix: preserve non-breaking spaces (#517)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
blog	Ready	Preview, Comment	Jun 3, 2026 3:22am