chore(deps): bump the patch-and-minor group across 1 directory with 5 updates

[dependabot]

Bumps the patch-and-minor group with 5 updates in the / directory:

Package	From	To
@anthropic-ai/sdk	0.103.0	0.104.2
@sentry/astro	10.57.0	10.58.0
astro	6.4.6	6.4.7
@supabase/supabase-js	2.108.1	2.108.2
typescript-eslint	8.61.0	8.61.1

Updates @anthropic-ai/sdk from 0.103.0 to 0.104.2

Release notes

Sourced from @​anthropic-ai/sdk's releases.

sdk: v0.104.2

0.104.2 (2026-06-15)

Full Changelog: sdk-v0.104.1...sdk-v0.104.2

Chores

• api: remove retired models from API and SDKs (a942876)

sdk: v0.104.1

0.104.1 (2026-06-09)

Full Changelog: sdk-v0.104.0...sdk-v0.104.1

Bug Fixes

• api: add frontier_llm refusal category (465e686)

sdk: v0.104.0

0.104.0 (2026-06-09)

Full Changelog: sdk-v0.103.0...sdk-v0.104.0

Features

• api: add support for Managed Agents deployments and environment variable credentials (d01e38b)

Changelog

Sourced from @​anthropic-ai/sdk's changelog.

0.104.2 (2026-06-15)

Full Changelog: sdk-v0.104.1...sdk-v0.104.2

Chores

• api: remove retired models from API and SDKs (a942876)

0.104.1 (2026-06-09)

Full Changelog: sdk-v0.104.0...sdk-v0.104.1

Bug Fixes

• api: add frontier_llm refusal category (465e686)

0.104.0 (2026-06-09)

Full Changelog: sdk-v0.103.0...sdk-v0.104.0

Features

• api: add support for Managed Agents deployments and environment variable credentials (d01e38b)

Commits

• fbee0d1 chore: release main
• e984ba4 chore(api): remove retired models from API and SDKs
• 9a0442d chore: release main
• 1ccd401 fix(api): add frontier_llm refusal category
• 8be0232 chore: release main
• 813af32 feat(api): add support for Managed Agents deployments and environment variabl...
• See full diff in compare view

Updates @sentry/astro from 10.57.0 to 10.58.0

Release notes

Sourced from @​sentry/astro's releases.

10.58.0

Important Changes

• feat(hono): Add support for the Deno runtime (#21450)

  @sentry/hono now supports the Deno runtime via a new @sentry/hono/deno entry point. Install @sentry/deno as a peer dependency and initialize Sentry through the sentry() middleware:

  import { Hono } from 'hono';
  import { sentry } from '@sentry/hono/deno';
  const app = new Hono();
  app.use(
  sentry(app, {
  dsn: 'DSN', // or Deno.env.get('SENTRY_DSN')
  tracesSampleRate: 1.0,
  }),
  );
  Deno.serve(app.fetch);

• feat(core): Extract objects as structured logs in consoleLoggingIntegration (#21385)

  The consoleLoggingIntegration now extracts structured log attributes when the first argument is a plain object.

  // Object keys become log attributes
  console.log({ userId: 123, action: 'login' }, 'User logged in');
  // → attributes: { userId: 123, action: "login" }
  // Non-object first args use template + parameters (unchanged)
  console.log('Hello', 'world', 123);
  // → sentry.message.template: "Hello {} {}"

• feat(react-router): Stabilize the instrumentation API (#21470)

  React Router's instrumentation API is now stable — the @experimental markers have been removed from createSentryServerInstrumentation, createSentryClientInstrumentation, and the related helpers and types. The manual server wrappers wrapServerLoader and wrapServerAction are now deprecated in favor of it. Export instrumentations = [Sentry.createSentryServerInstrumentation()] from your entry.server.tsx to instrument all loaders and actions without wrapping them individually.

Other Changes

• feat(hono): Add HTTP connection info to server spans (#21408)
• feat(node-core): Attach log message and fields to pino error events (#21422)
• feat(react-router): Always build client instrumentation and deprecate useInstrumentationAPI (#21432)
• feat(react-router): Rename client navigation roots from the route pattern (#21463)
• fix(astro): Resolve middleware export types (#21414)

... (truncated)

Changelog

Sourced from @​sentry/astro's changelog.

10.58.0

Important Changes

• feat(hono): Add support for the Deno runtime (#21450)

  @sentry/hono now supports the Deno runtime via a new @sentry/hono/deno entry point. Install @sentry/deno as a peer dependency and initialize Sentry through the sentry() middleware:

  import { Hono } from 'hono';
  import { sentry } from '@sentry/hono/deno';
  const app = new Hono();
  app.use(
  sentry(app, {
  dsn: 'DSN', // or Deno.env.get('SENTRY_DSN')
  tracesSampleRate: 1.0,
  }),
  );
  Deno.serve(app.fetch);

• feat(core): Extract objects as structured logs in consoleLoggingIntegration (#21385)

  The consoleLoggingIntegration now extracts structured log attributes when the first argument is a plain object.

  // Object keys become log attributes
  console.log({ userId: 123, action: 'login' }, 'User logged in');
  // → attributes: { userId: 123, action: "login" }
  // Non-object first args use template + parameters (unchanged)
  console.log('Hello', 'world', 123);
  // → sentry.message.template: "Hello {} {}"

• feat(react-router): Stabilize the instrumentation API (#21470)

  React Router's instrumentation API is now stable — the @experimental markers have been removed from createSentryServerInstrumentation, createSentryClientInstrumentation, and the related helpers and types. The manual server wrappers wrapServerLoader and wrapServerAction are now deprecated in favor of it. Export instrumentations = [Sentry.createSentryServerInstrumentation()] from your entry.server.tsx to instrument all loaders and actions without wrapping them individually.

Other Changes

• feat(hono): Add HTTP connection info to server spans (#21408)
• feat(node-core): Attach log message and fields to pino error events (#21422)
• feat(react-router): Always build client instrumentation and deprecate useInstrumentationAPI (#21432)
• feat(react-router): Rename client navigation roots from the route pattern (#21463)

... (truncated)

Commits

• 29a6f45 release: 10.58.0
• 7fa42c9 Merge pull request #21530 from getsentry/prepare-release/10.58.0
• 0486221 meta(changelog): Update changelog for 10.58.0
• 66b04b6 chore(deps): Bump nx to 22.7.5 (#21527)
• d8dcc45 ref(node): Migrate vendored generic-pool instrumentation to Sentry APIs (#21523)
• b35c4de test(node): Replace lru-memoizer fake unit test with integration coverage (#2...
• 0d3f1b1 fix(nextjs): Mark redirect server actions as ok instead of internal_error...
• 1bf2bad ref(node): Streamline dataloader instrumentation (#21475)
• 0a6e864 test: Skip nuxt-5 E2E test (#21524)
• 73024d4 test(astro): Add Astro 7 e2e app (#21471)
• Additional commits viewable in compare view

Updates astro from 6.4.6 to 6.4.7

Release notes

Sourced from astro's releases.

astro@6.4.7

Patch Changes

• #17035 197e50e Thanks @​astrobot-houston! - Fixes getRelativeLocaleUrl, getAbsoluteLocaleUrl, and getAbsoluteLocaleUrlList to strip trailing slashes when trailingSlash: 'never' is configured

• #16967 3719765 Thanks @​astrobot-houston! - Fixes double URL-encoded paths returning 400 Bad Request on on-demand routes

  Previously, any URL containing a double-encoded character (like %255B, which is [ encoded twice) was unconditionally rejected with a 400 Bad Request before middleware or route handlers could run. This broke embedded tools like Sanity Studio whose client-side router legitimately produces double-encoded URLs.

  The fix replaces the rejection approach with iterative decoding — multi-level percent-encoding is now fully resolved to its canonical form before being passed to middleware and route matching. This preserves the security fix for CVE-2025-66202 (middleware authorization bypass via double encoding) because middleware now always sees the fully decoded path, making bypass impossible. For example, /api/%2561dmin is decoded to /api/admin, which middleware can correctly block.

• #17066 2f4d92a Thanks @​matthewp! - Fixes prerendered redirect targets being incorrectly bundled into the SSR function in hybrid mode, causing massive bundle size inflation

• #16882 621beb7 Thanks @​jettwayio! - fix(render): honour compressHTML when joining head elements

• #16892 8d753b0 Thanks @​astrobot-houston! - Fixes custom elements in MDX having their children's slot attribute stripped by the JSX runtime

  When custom elements (tags with hyphens like <my-element>) are used in MDX files, the slot HTML attribute on their children is now correctly preserved. Previously, the shared JSX runtime would treat slot as an Astro slot assignment and remove it from the output, breaking Shadow DOM named slot distribution for web components.

• #16957 544ee76 Thanks @​thelazylamaGit! - Fixes stale inline CSS in server-rendered HTML after CSS file edits during dev

  When editing a CSS file (.css, .scss, etc.) during development, the inline <style> tags in server-rendered HTML would retain old CSS content instead of updating. This caused a brief flash of old CSS (FOUC) on fresh page loads before Vite's client-side HMR corrected the styles.

  The fix ensures that Astro's per-route dev CSS virtual modules are invalidated in both the SSR module graph and the module runner's evaluation cache when a style file changes, so the next page render picks up the fresh CSS.

• #17044 2220d22 Thanks @​astrobot-houston! - Fixes CSS from client:only islands leaking to unrelated pages when Rollup bundles non-CSS-importing modules into the same chunk as CSS-importing modules

• #17040 7c4763d Thanks @​astrobot-houston! - Fixes HMR not triggering for files inside the src/middleware/ directory during dev

• #16672 52fc862 Thanks @​martinheidegger! - Fixes support for numeric IDs in YAML frontmatter when using content collection references

• #16762 9de80ae Thanks @​alexanderdombroski! - Adds a JSON schema to the Wrangler configuration file generated when running astro add cloudflare

• #17046 ef771ec Thanks @​ematipico! - Improves the diagnostics emitted when Astro parses incorrect .astro files.

Changelog

Sourced from astro's changelog.

6.4.7

Patch Changes

• #17035 197e50e Thanks @​astrobot-houston! - Fixes getRelativeLocaleUrl, getAbsoluteLocaleUrl, and getAbsoluteLocaleUrlList to strip trailing slashes when trailingSlash: 'never' is configured

• #16967 3719765 Thanks @​astrobot-houston! - Fixes double URL-encoded paths returning 400 Bad Request on on-demand routes

  Previously, any URL containing a double-encoded character (like %255B, which is [ encoded twice) was unconditionally rejected with a 400 Bad Request before middleware or route handlers could run. This broke embedded tools like Sanity Studio whose client-side router legitimately produces double-encoded URLs.

  The fix replaces the rejection approach with iterative decoding — multi-level percent-encoding is now fully resolved to its canonical form before being passed to middleware and route matching. This preserves the security fix for CVE-2025-66202 (middleware authorization bypass via double encoding) because middleware now always sees the fully decoded path, making bypass impossible. For example, /api/%2561dmin is decoded to /api/admin, which middleware can correctly block.

• #17066 2f4d92a Thanks @​matthewp! - Fixes prerendered redirect targets being incorrectly bundled into the SSR function in hybrid mode, causing massive bundle size inflation

• #16882 621beb7 Thanks @​jettwayio! - fix(render): honour compressHTML when joining head elements

• #16892 8d753b0 Thanks @​astrobot-houston! - Fixes custom elements in MDX having their children's slot attribute stripped by the JSX runtime

  When custom elements (tags with hyphens like <my-element>) are used in MDX files, the slot HTML attribute on their children is now correctly preserved. Previously, the shared JSX runtime would treat slot as an Astro slot assignment and remove it from the output, breaking Shadow DOM named slot distribution for web components.

• #16957 544ee76 Thanks @​thelazylamaGit! - Fixes stale inline CSS in server-rendered HTML after CSS file edits during dev

  When editing a CSS file (.css, .scss, etc.) during development, the inline <style> tags in server-rendered HTML would retain old CSS content instead of updating. This caused a brief flash of old CSS (FOUC) on fresh page loads before Vite's client-side HMR corrected the styles.

  The fix ensures that Astro's per-route dev CSS virtual modules are invalidated in both the SSR module graph and the module runner's evaluation cache when a style file changes, so the next page render picks up the fresh CSS.

• #17044 2220d22 Thanks @​astrobot-houston! - Fixes CSS from client:only islands leaking to unrelated pages when Rollup bundles non-CSS-importing modules into the same chunk as CSS-importing modules

• #17040 7c4763d Thanks @​astrobot-houston! - Fixes HMR not triggering for files inside the src/middleware/ directory during dev

• #16672 52fc862 Thanks @​martinheidegger! - Fixes support for numeric IDs in YAML frontmatter when using content collection references

• #16762 9de80ae Thanks @​alexanderdombroski! - Adds a JSON schema to the Wrangler configuration file generated when running astro add cloudflare

• #17046 ef771ec Thanks @​ematipico! - Improves the diagnostics emitted when Astro parses incorrect .astro files.

Commits

• 910e121 [ci] release (#17036)
• ef771ec fix: improve diagnostics (#17046)
• 0537f5c [ci] format
• 2f4d92a Fix prerendered redirect targets inflating SSR bundle in hybrid mode (#17066)
• 360fa3f docs: fix grammar in container API JSDoc comments (#16984)
• bbe0e54 [ci] format
• 52fc862 Supporting numeric id references (#16672)
• 9de80ae feat(cli): Adds wrangler schema to generated wrangler.jsonc file when running...
• 3719765 fix(security): iteratively decode multi-level URL encoding instead of rejecti...
• ff59fcd fix(assets): use getClientOutputDirectory in image generation for static buil...
• Additional commits viewable in compare view

Updates @supabase/supabase-js from 2.108.1 to 2.108.2

Release notes

Sourced from @​supabase/supabase-js's releases.

v2.108.2

2.108.2 (2026-06-15)

🩹 Fixes

• auth: preserve valid session on refresh failure and cooldown repeat failures (#2436)
• realtime: clarify httpSend() 404 error and server migration note (#2444)
• release: pin Deno and bound JSR publish to survive stranded-task hangs (#2439)
• release: restore JSR publish flags and enable for beta (#2440)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.108.2-canary.5

2.108.2-canary.5 (2026-06-15)

This was a version bump only, there were no code changes.

v2.108.2-canary.4

2.108.2-canary.4 (2026-06-12)

🩹 Fixes

• realtime: clarify httpSend() 404 error and server migration note (#2444)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.108.2-canary.3

2.108.2-canary.3 (2026-06-11)

This was a version bump only, there were no code changes.

v2.108.2-canary.2

2.108.2-canary.2 (2026-06-11)

🩹 Fixes

• release: restore JSR publish flags and enable for beta (#2440)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

v2.108.2-canary.1

2.108.2-canary.1 (2026-06-11)

🩹 Fixes

... (truncated)

Changelog

Sourced from @​supabase/supabase-js's changelog.

2.108.2 (2026-06-15)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.108.0 (2026-06-08)

This was a version bump only for @​supabase/supabase-js to align it with other projects, there were no code changes.

2.107.0 (2026-06-02)

🚀 Features

• auth: remove navigator.locks-based mutex; introduce commit guard + dispose() (#2392)
• supabase: update X-Client-Info to structured metadata format (#2359)
• realtime: allow httpSend to send binary payload (#2400)

❤️ Thank You

• Claude Sonnet 4.6
• Eduardo Gurgel
• Guilherme Souza
• Katerina Skroumpelou @​mandarini
• Omar Al Matar @​Bewinxed

2.106.2 (2026-05-25)

🩹 Fixes

• misc: add react-native export condition for Hermes-safe resolution (#2393)

❤️ Thank You

• Myroslav Hryhschenko @​BLOCKMATERIAL

2.106.1 (2026-05-20)

🩹 Fixes

• misc: hide dynamic import from hermesc (#2381)

❤️ Thank You

• Katerina Skroumpelou @​mandarini

2.106.0 (2026-05-18)

🚀 Features

• supabase: W3C/OpenTelemetry trace context propagation (#2163)

... (truncated)

Commits

• 76f3f02 test(auth): add passkey unit and e2e coverage (#2442)
• See full diff in compare view

Updates typescript-eslint from 8.61.0 to 8.61.1

Release notes

Sourced from typescript-eslint's releases.

v8.61.1

8.61.1 (2026-06-15)

🩹 Fixes

• eslint-plugin: [consistent-indexed-object-style] do not remove comments when fixing (#12396, #10577)
• eslint-plugin: [no-unnecessary-type-assertion] avoid false positive for template literal expressions (#12281)
• eslint-plugin: [no-unnecessary-type-assertion] wrap object literal in parens when removing TSTypeAssertion in arrow body (#12394, #12393)
• eslint-plugin: [no-unnecessary-boolean-literal-compare] fix precedence bug in autofix (#12413)
• eslint-plugin: [no-unnecessary-template-expression] respect ECMAScript line terminators (#12388)

❤️ Thank You

• Anas @​anasm266
• Deftera @​Deftera186
• Kirk Waiblinger @​kirkwaiblinger
• lumir
• Sarath Francis @​sarathfrancis90

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from typescript-eslint's changelog.

8.61.1 (2026-06-15)

This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

• aaad718 chore(release): publish 8.61.1
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[netlify]

✅ Deploy Preview for dertown ready!

Name	Link
🔨 Latest commit	3f32a9c
🔍 Latest deploy log	https://app.netlify.com/projects/dertown/deploys/6a305e59d4d0700008192368
😎 Deploy Preview	https://deploy-preview-47--dertown.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.