Skip to content

Bump @astrojs/node from 8.3.2 to 10.0.5#80

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/astrojs/node-10.0.5
Open

Bump @astrojs/node from 8.3.2 to 10.0.5#80
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/astrojs/node-10.0.5

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 23, 2026

Bumps @astrojs/node from 8.3.2 to 10.0.5.

Release notes

Sourced from @​astrojs/node's releases.

@​astrojs/node@​10.0.5

Patch Changes

  • #16319 940afd5 Thanks @​matthewp! - Fixes static asset error responses incorrectly including immutable cache headers. Conditional request failures (e.g. If-Match mismatch) now return the correct status code without far-future cache directives.

@​astrojs/node@​10.0.4

Patch Changes

  • #16002 846f27f Thanks @​buley! - Fixes file descriptor leaks from read streams that were not destroyed on client disconnect or read errors

  • #15941 f41584a Thanks @​ematipico! - Fixes an infinite loop in resolveClientDir() when the server entry point is bundled with esbuild or similar tools. The function now throws a descriptive error instead of hanging indefinitely when the expected server directory segment is not found in the file path.

@​astrojs/node@​10.0.3

Patch Changes

  • #15735 9685e2d Thanks @​fa-sharp! - Fixes an EventEmitter memory leak when serving static pages from Node.js middleware.

    When using the middleware handler, requests that were being passed on to Express / Fastify (e.g. static files / pre-rendered pages / etc.) weren't cleaning up socket listeners before calling next(), causing a memory leak warning. This fix makes sure to run the cleanup before calling next().

@​astrojs/node@​10.0.2

Patch Changes

@​astrojs/node@​10.0.1

Patch Changes

Changelog

Sourced from @​astrojs/node's changelog.

10.0.5

Patch Changes

  • #16319 940afd5 Thanks @​matthewp! - Fixes static asset error responses incorrectly including immutable cache headers. Conditional request failures (e.g. If-Match mismatch) now return the correct status code without far-future cache directives.

10.0.4

Patch Changes

  • #16002 846f27f Thanks @​buley! - Fixes file descriptor leaks from read streams that were not destroyed on client disconnect or read errors

  • #15941 f41584a Thanks @​ematipico! - Fixes an infinite loop in resolveClientDir() when the server entry point is bundled with esbuild or similar tools. The function now throws a descriptive error instead of hanging indefinitely when the expected server directory segment is not found in the file path.

10.0.3

Patch Changes

  • #15735 9685e2d Thanks @​fa-sharp! - Fixes an EventEmitter memory leak when serving static pages from Node.js middleware.

    When using the middleware handler, requests that were being passed on to Express / Fastify (e.g. static files / pre-rendered pages / etc.) weren't cleaning up socket listeners before calling next(), causing a memory leak warning. This fix makes sure to run the cleanup before calling next().

10.0.2

Patch Changes

10.0.1

Patch Changes

10.0.0

Major Changes

  • #15654 a32aee6 Thanks @​florian-lefebvre! - Removes the experimentalErrorPageHost option

    This option allowed fetching a prerendered error page from a different host than the server is currently running on.

    However, there can be security implications with prefetching from other hosts, and often more customization was required to do this safely. This has now been removed as a built-in option so that you can implement your own secure solution as needed and appropriate for your project via middleware.

    What should I do?

    If you were previously using this feature, you must remove the option from your adapter configuration as it no longer exists:

    // astro.config.mjs

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​astrojs/node since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump @astrojs/node from 8.3.2 to 10.0.5
a7d6ee2 
Bumps [@astrojs/node](https://github.com/withastro/astro/tree/HEAD/packages/integrations/node) from 8.3.2 to 10.0.5.
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/integrations/node/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/@astrojs/node@10.0.5/packages/integrations/node)

---
updated-dependencies:
- dependency-name: "@astrojs/node"
  dependency-version: 10.0.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 23, 2026
@dependabot dependabot Bot mentioned this pull request Apr 23, 2026
Closed
cursor[bot]
cursor Bot reviewed Apr 23, 2026
View reviewed changes
Copy link
Copy Markdown

@cursor cursor Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit a7d6ee2. Configure here.

Comment thread apps/astro/package.json
"dependencies": {
"@astrojs/check": "^0.5.10",
"@astrojs/node": "^8.2.5",
"@astrojs/node": "^10.0.5",
Copy link
Copy Markdown

@cursor cursor Bot Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Incompatible peer dependency: astro 4.x vs required 6.x

High Severity

@astrojs/node is bumped to ^10.0.5 (resolves to 10.0.6), which declares a peer dependency of astro: ^6.0.0. However, astro remains at ^4.7.0 (resolves to 4.12.2). This is a major version mismatch — @astrojs/node 10.x was specifically released alongside Astro 6.x and is not compatible with Astro 4.x. This will likely cause build or runtime failures.

Additional Locations (1)
Fix in Cursor Fix in Web

Reviewed by Cursor Bugbot for commit a7d6ee2. Configure here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants