Bumps [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) from 5.16.3 to 5.16.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/withastro/astro/releases">astro's releases</a>.</em></p>
<blockquote>
<h2>astro@5.16.4</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a href="https://redirect.github.com/withastro/astro/pull/14940">#14940</a> <a href="https://github.com/withastro/astro/commit/2cf79c23c23e3364b0e6a86394b6584112786c5b"><code>2cf79c2</code></a> Thanks <a href="https://github.com/ematipico"><code>@​ematipico</code></a>! - Fixes a bug where Astro didn't properly combine CSP resources from the <code>csp</code> configuration with those added using the runtime API (<code>Astro.csp.insertDirective()</code>) to form grammatically correct CSP headers</p>
<p>Now Astro correctly deduplicate CSP resources. For example, if you have a global resource in the configuration file, and then you add a
a new one using the runtime APIs.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md">astro's changelog</a>.</em></p>
<blockquote>
<h2>5.16.4</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a href="https://redirect.github.com/withastro/astro/pull/14940">#14940</a> <a href="https://github.com/withastro/astro/commit/2cf79c23c23e3364b0e6a86394b6584112786c5b"><code>2cf79c2</code></a> Thanks <a href="https://github.com/ematipico"><code>@​ematipico</code></a>! - Fixes a bug where Astro didn't properly combine CSP resources from the <code>csp</code> configuration with those added using the runtime API (<code>Astro.csp.insertDirective()</code>) to form grammatically correct CSP headers</p>
<p>Now Astro correctly deduplicate CSP resources. For example, if you have a global resource in the configuration file, and then you add a
a new one using the runtime APIs.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/withastro/astro/commit/141c676df141d805aecad290c2417ff5951a0573"><code>141c676</code></a> [ci] release (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/14930">#14930</a>)</li>
<li><a href="https://github.com/withastro/astro/commit/d9a43e12e0880870b9cacc01e9adcf82bd7fec06"><code>d9a43e1</code></a> [ci] format</li>
<li><a href="https://github.com/withastro/astro/commit/2cf79c23c23e3364b0e6a86394b6584112786c5b"><code>2cf79c2</code></a> fix(csp): deduplicate CSP resources (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/14940">#14940</a>)</li>
<li><a href="https://github.com/withastro/astro/commit/c8ac8e5eed7fa8db7111878ada787243cedc09b7"><code>c8ac8e5</code></a> chore(fonts): classes (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/14920">#14920</a>)</li>
<li>See full diff in <a href="https://github.com/withastro/astro/commits/astro@5.16.4/packages/astro">compare view</a></li>
</ul>
</details>
<br />


[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Bumps [katex](https://github.com/KaTeX/KaTeX) from 0.16.25 to 0.16.27.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/KaTeX/KaTeX/releases">katex's releases</a>.</em></p>
<blockquote>
<h2>v0.16.27</h2>
<h2><a href="https://github.com/KaTeX/KaTeX/compare/v0.16.26...v0.16.27">0.16.27</a> (2025-12-07)</h2>
<h3>Features</h3>
<ul>
<li>support equals sign and surrounding whitespace in \htmlData attribute values (<a href="https://redirect.github.com/KaTeX/KaTeX/issues/4112">#4112</a>) (<a href="https://github.com/KaTeX/KaTeX/commit/c77aaec00c766f5bb02e332a1dc416b82a65fe8f">c77aaec</a>)</li>
</ul>
<h2>v0.16.26</h2>
<h2><a href="https://github.com/KaTeX/KaTeX/compare/v0.16.25...v0.16.26">0.16.26</a> (2025-12-07)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>\mathop followed by integral symbol (<a href="https://github.com/KaTeX/KaTeX/commit/6fbad18857351e4d2a88ed3e3348bd76caad9be3">6fbad18</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/KaTeX/KaTeX/blob/main/CHANGELOG.md">katex's changelog</a>.</em></p>
<blockquote>
<h2><a href="https://github.com/KaTeX/KaTeX/compare/v0.16.26...v0.16.27">0.16.27</a> (2025-12-07)</h2>
<h3>Features</h3>
<ul>
<li>support equals sign and surrounding whitespace in \htmlData attribute values (<a href="https://redirect.github.com/KaTeX/KaTeX/issues/4112">#4112</a>) (<a href="https://github.com/KaTeX/KaTeX/commit/c77aaec00c766f5bb02e332a1dc416b82a65fe8f">c77aaec</a>)</li>
</ul>
<h2><a href="https://github.com/KaTeX/KaTeX/compare/v0.16.25...v0.16.26">0.16.26</a> (2025-12-07)</h2>
<h3>Bug Fixes</h3>
<ul>
<li>\mathop followed by integral symbol (<a href="https://github.com/KaTeX/KaTeX/commit/6fbad18857351e4d2a88ed3e3348bd76caad9be3">6fbad18</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/KaTeX/KaTeX/commit/cc5eee50117495051bbd2646d32bd304b8fbe100"><code>cc5eee5</code></a> chore(release): 0.16.27 [ci skip]</li>
<li><a href="https://github.com/KaTeX/KaTeX/commit/c77aaec00c766f5bb02e332a1dc416b82a65fe8f"><code>c77aaec</code></a> feat: support equals sign and surrounding whitespace in \htmlData attribute v...</li>
<li><a href="https://github.com/KaTeX/KaTeX/commit/9151d5eece9121f5f92749a56ce3d4397b5f3a78"><code>9151d5e</code></a> chore(release): 0.16.26 [ci skip]</li>
<li><a href="https://github.com/KaTeX/KaTeX/commit/6fbad18857351e4d2a88ed3e3348bd76caad9be3"><code>6fbad18</code></a> fix: \mathop followed by integral symbol</li>
<li><a href="https://github.com/KaTeX/KaTeX/commit/785315c0f630f65347cac14b3ec72629cfe7631e"><code>785315c</code></a> chore(deps): update dependency js-yaml to v4.1.1 [security] (<a href="https://redirect.github.com/KaTeX/KaTeX/issues/4106">#4106</a>)</li>
<li>See full diff in <a href="https://github.com/KaTeX/KaTeX/compare/v0.16.25...v0.16.27">compare view</a></li>
</ul>
</details>
<br />


[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Bumps [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) from 8.48.0 to 8.48.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/releases"><code>@​typescript-eslint/parser</code>'s releases</a>.</em></p>
<blockquote>
<h2>v8.48.1</h2>
<h2>8.48.1 (2025-12-02)</h2>
<h3>⏪ Reverts</h3>
<ul>
<li><strong>eslint-plugin:</strong> revert &quot;[no-redundant-type-constituents] use assignability checking for redundancy checks (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/10744">#10744</a>)&quot; (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11812">#11812</a>)</li>
</ul>
<h3>🩹 Fixes</h3>
<ul>
<li><strong>eslint-plugin:</strong> [consistent-type-exports] check value flag before resolving alias (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11769">#11769</a>)</li>
<li><strong>eslint-plugin:</strong> honor ignored base types on generic classes (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11767">#11767</a>)</li>
<li><strong>eslint-plugin:</strong> [restrict-template-expressions] check base types in allow list (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11764">#11764</a>, <a href="https://redirect.github.com/typescript-eslint/typescript-eslint/issues/11759">#11759</a>)</li>
</ul>
<h3>❤️ Thank You</h3>
<ul>
<li>Josh Goldberg</li>
<li>OleksandraKordonets</li>
<li>SangheeSon <a href="https://github.com/Higangssh"><code>@​Higangssh</code></a></li>
<li>tao</li>
</ul>
<p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md"><code>@​typescript-eslint/parser</code>'s changelog</a>.</em></p>
<blockquote>
<h2>8.48.1 (2025-12-02)</h2>
<p>This was a version bump only for parser to align it with other projects, there were no code changes.</p>
<p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/typescript-eslint/typescript-eslint/commit/8fe34456f75c1d1e8a4dc518306d5ab93422efec"><code>8fe3445</code></a> chore(release): publish 8.48.1</li>
<li>See full diff in <a href="https://github.com/typescript-eslint/typescript-eslint/commits/v8.48.1/packages/parser">compare view</a></li>
</ul>
</details>
<br />


[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Bumps [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) from 5.16.0 to 5.16.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/withastro/astro/releases">astro's releases</a>.</em></p>
<blockquote>
<h2>astro@5.16.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a href="https://redirect.github.com/withastro/astro/pull/14889">#14889</a> <a href="https://github.com/withastro/astro/commit/4bceeb0c7183de4db0087316e2fc2d287f27ad01"><code>4bceeb0</code></a> Thanks <a href="https://github.com/florian-lefebvre"><code>@​florian-lefebvre</code></a>! - Fixes actions types when using specific TypeScript configurations</p>
</li>
<li>
<p><a href="https://redirect.github.com/withastro/astro/pull/14929">#14929</a> <a href="https://github.com/withastro/astro/commit/e0f277d9248d2fefbd0234b53f9dea8c9b750adb"><code>e0f277d</code></a> Thanks <a href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Fixes authentication bypass via double URL encoding in middleware</p>
<p>Prevents attackers from bypassing path-based authentication checks using multi-level URL encoding (e.g., <code>/%2561dmin</code> instead of <code>/%61dmin</code>). Pathnames are now validated after decoding to ensure no additional encoding remains.</p>
</li>
</ul>
<h2>astro@5.16.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a href="https://redirect.github.com/withastro/astro/pull/14876">#14876</a> <a href="https://github.com/withastro/astro/commit/b43dc7f28d582f22a4b28aa3a712af247c908dc3"><code>b43dc7f</code></a> Thanks <a href="https://github.com/florian-lefebvre"><code>@​florian-lefebvre</code></a>! - Fixes a vite warning log during builds when using npm</p>
</li>
<li>
<p><a href="https://redirect.github.com/withastro/astro/pull/14884">#14884</a> <a href="https://github.com/withastro/astro/commit/10273e01357e515050f8233442a7252b51cad364"><code>10273e0</code></a> Thanks <a href="https://github.com/florian-lefebvre"><code>@​florian-lefebvre</code></a>! - Fixes a case where setting the status of a page to <code>404</code> in ssr would show an empty page (or <code>404.astro</code> page if provided) instead of using the current page</p>
</li>
</ul>
<h2>astro@5.16.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a href="https://redirect.github.com/withastro/astro/pull/14769">#14769</a> <a href="https://github.com/withastro/astro/commit/b43ee71bd0c3740f41bb641abf01e9cd970d32ee"><code>b43ee71</code></a> Thanks <a href="https://github.com/adriandlam"><code>@​adriandlam</code></a>! - Fixes an unhandled rejection issue when using Astro with Vercel Workflow DevKit</p>
</li>
<li>
<p><a href="https://redirect.github.com/withastro/astro/pull/14761">#14761</a> <a href="https://github.com/withastro/astro/commit/345eb22bbe449bc8aea1ebd4205fef0fc554a10b"><code>345eb22</code></a> Thanks <a href="https://github.com/ooga"><code>@​ooga</code></a>! - Updates <code>button</code> attributes types to allow <code>command</code> and <code>commandfor</code></p>
</li>
<li>
<p><a href="https://redirect.github.com/withastro/astro/pull/14866">#14866</a> <a href="https://github.com/withastro/astro/commit/65e214b07b84b67c4f5fc13646a5d99944bb10c2"><code>65e214b</code></a> Thanks <a href="https://github.com/GameRoMan"><code>@​GameRoMan</code></a>! - Fixes <code>Astro.glob</code> to be correctly marked as deprecated</p>
</li>
<li>
<p><a href="https://redirect.github.com/withastro/astro/pull/14894">#14894</a> <a href="https://github.com/withastro/astro/commit/1ad9a5b3e7301a6c05787879e413b82ca0268003"><code>1ad9a5b</code></a> Thanks <a href="https://github.com/delucis"><code>@​delucis</code></a>! - Fixes support for Astro component rendering in Vitest test suites using a “client” environment such as <code>happy-dom</code> or <code>jsdom</code></p>
</li>
<li>
<p><a href="https://redirect.github.com/withastro/astro/pull/14782">#14782</a> <a href="https://github.com/withastro/astro/commit/abed9294ce698980f22f8a3f6695670151915d9b"><code>abed929</code></a> Thanks <a href="https://github.com/florian-lefebvre"><code>@​florian-lefebvre</code></a>! - Improves syncing</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md">astro's changelog</a>.</em></p>
<blockquote>
<h2>5.16.3</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a href="https://redirect.github.com/withastro/astro/pull/14889">#14889</a> <a href="https://github.com/withastro/astro/commit/4bceeb0c7183de4db0087316e2fc2d287f27ad01"><code>4bceeb0</code></a> Thanks <a href="https://github.com/florian-lefebvre"><code>@​florian-lefebvre</code></a>! - Fixes actions types when using specific TypeScript configurations</p>
</li>
<li>
<p><a href="https://redirect.github.com/withastro/astro/pull/14929">#14929</a> <a href="https://github.com/withastro/astro/commit/e0f277d9248d2fefbd0234b53f9dea8c9b750adb"><code>e0f277d</code></a> Thanks <a href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Fixes authentication bypass via double URL encoding in middleware</p>
<p>Prevents attackers from bypassing path-based authentication checks using multi-level URL encoding (e.g., <code>/%2561dmin</code> instead of <code>/%61dmin</code>). Pathnames are now validated after decoding to ensure no additional encoding remains.</p>
</li>
</ul>
<h2>5.16.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a href="https://redirect.github.com/withastro/astro/pull/14876">#14876</a> <a href="https://github.com/withastro/astro/commit/b43dc7f28d582f22a4b28aa3a712af247c908dc3"><code>b43dc7f</code></a> Thanks <a href="https://github.com/florian-lefebvre"><code>@​florian-lefebvre</code></a>! - Fixes a vite warning log during builds when using npm</p>
</li>
<li>
<p><a href="https://redirect.github.com/withastro/astro/pull/14884">#14884</a> <a href="https://github.com/withastro/astro/commit/10273e01357e515050f8233442a7252b51cad364"><code>10273e0</code></a> Thanks <a href="https://github.com/florian-lefebvre"><code>@​florian-lefebvre</code></a>! - Fixes a case where setting the status of a page to <code>404</code> in ssr would show an empty page (or <code>404.astro</code> page if provided) instead of using the current page</p>
</li>
</ul>
<h2>5.16.1</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a href="https://redirect.github.com/withastro/astro/pull/14769">#14769</a> <a href="https://github.com/withastro/astro/commit/b43ee71bd0c3740f41bb641abf01e9cd970d32ee"><code>b43ee71</code></a> Thanks <a href="https://github.com/adriandlam"><code>@​adriandlam</code></a>! - Fixes an unhandled rejection issue when using Astro with Vercel Workflow DevKit</p>
</li>
<li>
<p><a href="https://redirect.github.com/withastro/astro/pull/14761">#14761</a> <a href="https://github.com/withastro/astro/commit/345eb22bbe449bc8aea1ebd4205fef0fc554a10b"><code>345eb22</code></a> Thanks <a href="https://github.com/ooga"><code>@​ooga</code></a>! - Updates <code>button</code> attributes types to allow <code>command</code> and <code>commandfor</code></p>
</li>
<li>
<p><a href="https://redirect.github.com/withastro/astro/pull/14866">#14866</a> <a href="https://github.com/withastro/astro/commit/65e214b07b84b67c4f5fc13646a5d99944bb10c2"><code>65e214b</code></a> Thanks <a href="https://github.com/GameRoMan"><code>@​GameRoMan</code></a>! - Fixes <code>Astro.glob</code> to be correctly marked as deprecated</p>
</li>
<li>
<p><a href="https://redirect.github.com/withastro/astro/pull/14894">#14894</a> <a href="https://github.com/withastro/astro/commit/1ad9a5b3e7301a6c05787879e413b82ca0268003"><code>1ad9a5b</code></a> Thanks <a href="https://github.com/delucis"><code>@​delucis</code></a>! - Fixes support for Astro component rendering in Vitest test suites using a “client” environment such as <code>happy-dom</code> or <code>jsdom</code></p>
</li>
<li>
<p><a href="https://redirect.github.com/withastro/astro/pull/14782">#14782</a> <a href="https://github.com/withastro/astro/commit/abed9294ce698980f22f8a3f6695670151915d9b"><code>abed929</code></a> Thanks <a href="https://github.com/florian-lefebvre"><code>@​florian-lefebvre</code></a>! - Improves syncing</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/withastro/astro/commit/33333e8ca1d77141312ebc6b1ffa387713cc3994"><code>33333e8</code></a> [ci] release (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/14922">#14922</a>)</li>
<li><a href="https://github.com/withastro/astro/commit/aa58d05a836e25b7c3e9d9a7f35eadd3b340c883"><code>aa58d05</code></a> [ci] format</li>
<li><a href="https://github.com/withastro/astro/commit/e0f277d9248d2fefbd0234b53f9dea8c9b750adb"><code>e0f277d</code></a> fix: prevent authentication bypass via double URL encoding in middleware (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/14">#14</a>...</li>
<li><a href="https://github.com/withastro/astro/commit/4bceeb0c7183de4db0087316e2fc2d287f27ad01"><code>4bceeb0</code></a> fix: actions infer symbol (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/14889">#14889</a>)</li>
<li><a href="https://github.com/withastro/astro/commit/e82358cf7ed9e190efa0d7132b20a1ab80f1d8b9"><code>e82358c</code></a> [ci] release (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/14918">#14918</a>)</li>
<li><a href="https://github.com/withastro/astro/commit/0a2fe4378074fc421db0e6f92d17736c69956629"><code>0a2fe43</code></a> [ci] format</li>
<li><a href="https://github.com/withastro/astro/commit/b43dc7f28d582f22a4b28aa3a712af247c908dc3"><code>b43dc7f</code></a> fix(astro): assets vite build log (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/14876">#14876</a>)</li>
<li><a href="https://github.com/withastro/astro/commit/10273e01357e515050f8233442a7252b51cad364"><code>10273e0</code></a> fix: 404 status in ssr (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/14884">#14884</a>)</li>
<li><a href="https://github.com/withastro/astro/commit/6751a2e4cd4f7260f0f17d6f28bd38e9c9b9a503"><code>6751a2e</code></a> chore(cli): classes (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/14897">#14897</a>)</li>
<li><a href="https://github.com/withastro/astro/commit/09bbdbb1e62c388eb405eeea03554c15e01f2957"><code>09bbdbb</code></a> [ci] release (<a href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/14845">#14845</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/withastro/astro/commits/astro@5.16.3/packages/astro">compare view</a></li>
</ul>
</details>
<br />


[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Bumps [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint) from 8.47.0 to 8.48.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/releases">typescript-eslint's releases</a>.</em></p>
<blockquote>
<h2>v8.48.0</h2>
<h2>8.48.0 (2025-11-24)</h2>
<h3>🚀 Features</h3>
<ul>
<li><strong>eslint-plugin:</strong> [no-redundant-type-constituents] use assignability checking for redundancy checks (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/10744">#10744</a>)</li>
<li><strong>rule-tester:</strong> remove workaround for jest circular structure error (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11772">#11772</a>)</li>
<li><strong>typescript-estree:</strong> gate all errors behind allowInvalidAST (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11693">#11693</a>)</li>
<li><strong>typescript-estree:</strong> replace fast-glob with tinyglobby (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11740">#11740</a>)</li>
</ul>
<h3>🩹 Fixes</h3>
<ul>
<li><strong>eslint-plugin:</strong> [consistent-generic-constructors] ignore when constructor is typed array (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/10477">#10477</a>)</li>
<li><strong>scope-manager:</strong> change unhelpful <code>aaa</code> error message and change <code>analyze</code> to expects <code>Program</code> (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11747">#11747</a>)</li>
<li><strong>typescript-estree:</strong> infers singleRun as true for project service (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11327">#11327</a>)</li>
<li><strong>typescript-estree:</strong> disallow binding patterns in parameter properties (<a href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/11760">#11760</a>)</li>
</ul>
<h3>❤️ Thank You</h3>
<ul>
<li>Ben McCann <a href="https://github.com/benmccann"><code>@​benmccann</code></a></li>
<li>Dima Barabash <a href="https://github.com/dbarabashh"><code>@​dbarabashh</code></a></li>
<li>fisker Cheung <a href="https://github.com/fisker"><code>@​fisker</code></a></li>
<li>James Henry <a href="https://github.com/JamesHenry"><code>@​JamesHenry</code></a></li>
<li>JamesHenry <a href="https://github.com/JamesHenry"><code>@​JamesHenry</code></a></li>
<li>Josh Goldberg</li>
<li>Josh Goldberg ✨</li>
<li>Kirk Waiblinger <a href="https://github.com/kirkwaiblinger"><code>@​kirkwaiblinger</code></a></li>
<li>mdm317 <a href="https://github.com/gen-ip-1"><code>@​gen-ip-1</code></a></li>
<li>Younsang Na <a href="https://github.com/nayounsang"><code>@​nayounsang</code></a></li>
</ul>
<p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md">typescript-eslint's changelog</a>.</em></p>
<blockquote>
<h2>8.48.0 (2025-11-24)</h2>
<p>This was a version bump only for typescript-eslint to align it with other projects, there were no code changes.</p>
<p>You can read about our <a href="https://typescript-eslint.io/users/versioning">versioning strategy</a> and <a href="https://typescript-eslint.io/users/releases">releases</a> on our website.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/typescript-eslint/typescript-eslint/commit/6fb1551634b2ff11718e579098f69e041a2ff92c"><code>6fb1551</code></a> chore(release): publish 8.48.0</li>
<li><a href="https://github.com/typescript-eslint/typescript-eslint/commit/a4dc42ac541139f0da344550bce7accd8f3d366a"><code>a4dc42a</code></a> chore: migrate to nx 22 (<a href="https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint/issues/11780">#11780</a>)</li>
<li>See full diff in <a href="https://github.com/typescript-eslint/typescript-eslint/commits/v8.48.0/packages/typescript-eslint">compare view</a></li>
</ul>
</details>
<br />


[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

Bumps [prettier](https://github.com/prettier/prettier) from 3.6.2 to 3.7.3.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a href="https://github.com/prettier/prettier/releases">prettier's releases</a>.</em></p>
<blockquote>
<h2>3.7.3</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix <code>prettier.getFileInfo()</code> change that breaks VSCode extension by <a href="https://github.com/fisker"><code>@​fisker</code></a> in <a href="https://redirect.github.com/prettier/prettier/pull/18375">prettier/prettier#18375</a></li>
</ul>
<p>🔗 <a href="https://github.com/prettier/prettier/blob/main/CHANGELOG.md#373">Changelog</a></p>
<h2>3.7.2</h2>
<h2>What's Changed</h2>
<ul>
<li>Fix string print when switching quotes by <a href="https://github.com/fisker"><code>@​fisker</code></a> in <a href="https://redirect.github.com/prettier/prettier/pull/18351">prettier/prettier#18351</a></li>
<li>Preserve quote for embedded HTML attribute values by <a href="https://github.com/kovsu"><code>@​kovsu</code></a> in <a href="https://redirect.github.com/prettier/prettier/pull/18352">prettier/prettier#18352</a></li>
<li>Fix comment in empty type literal by <a href="https://github.com/fisker"><code>@​fisker</code></a> in <a href="https://redirect.github.com/prettier/prettier/pull/18364">prettier/prettier#18364</a></li>
</ul>
<p>🔗 <a href="https://github.com/prettier/prettier/blob/main/CHANGELOG.md#372">Changelog</a></p>
<h2>3.7.1</h2>
<ul>
<li>Fix performance regression in doc printer (<a href="https://redirect.github.com/prettier/prettier/pull/18342">#18342</a> by <a href="https://github.com/fisker"><code>@​fisker</code></a>)</li>
</ul>
<p>🔗 <a href="https://github.com/prettier/prettier/blob/main/CHANGELOG.md#371">Changelog</a></p>
<h2>3.7.0</h2>
<p><a href="https://github.com/prettier/prettier/compare/3.6.2...3.7.0">diff</a></p>
<p>🔗 <a href="https://prettier.io/blog/2025/11/27/3.7.0">Release note</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a href="https://github.com/prettier/prettier/blob/main/CHANGELOG.md">prettier's changelog</a>.</em></p>
<blockquote>
<h1>3.7.3</h1>
<p><a href="https://github.com/prettier/prettier/compare/3.7.2...3.7.3">diff</a></p>
<h4>API: Fix <code>prettier.getFileInfo()</code> change that breaks VSCode extension (<a href="https://redirect.github.com/prettier/prettier/pull/18375">#18375</a> by <a href="https://github.com/fisker"><code>@​fisker</code></a>)</h4>
<p>An internal refactor accidentally broke the VSCode extension plugin loading.</p>
<h1>3.7.2</h1>
<p><a href="https://github.com/prettier/prettier/compare/3.7.1...3.7.2">diff</a></p>
<h4>JavaScript: Fix string print when switching quotes (<a href="https://redirect.github.com/prettier/prettier/pull/18351">#18351</a> by <a href="https://github.com/fisker"><code>@​fisker</code></a>)</h4>
<!-- raw HTML omitted -->
<pre lang="jsx"><code>// Input
console.log(&quot;A descriptor\\'s .kind must be \&quot;method\&quot; or \&quot;field\&quot;.&quot;)
<p>// Prettier 3.7.1
console.log('A descriptor\'s .kind must be &quot;method&quot; or &quot;field&quot;.');</p>
<p>// Prettier 3.7.2
console.log('A descriptor\'s .kind must be &quot;method&quot; or &quot;field&quot;.');
</code></pre></p>
<h4>JavaScript: Preserve quote for embedded HTML attribute values (<a href="https://redirect.github.com/prettier/prettier/pull/18352">#18352</a> by <a href="https://github.com/kovsu"><code>@​kovsu</code></a>)</h4>
<!-- raw HTML omitted -->
<pre lang="tsx"><code>// Input
const html = /* HTML */ ` &lt;div class=&quot;${styles.banner}&quot;&gt;&lt;/div&gt; `;
<p>// Prettier 3.7.1
const html = /* HTML */ <code>&amp;lt;div class=${styles.banner}&amp;gt;&amp;lt;/div&amp;gt;</code>;</p>
<p>// Prettier 3.7.2
const html = /* HTML */ <code>&amp;lt;div class=&amp;quot;${styles.banner}&amp;quot;&amp;gt;&amp;lt;/div&amp;gt;</code>;
</code></pre></p>
<h4>TypeScript: Fix comment in empty type literal (<a href="https://redirect.github.com/prettier/prettier/pull/18364">#18364</a> by <a href="https://github.com/fisker"><code>@​fisker</code></a>)</h4>
<!-- raw HTML omitted -->
<pre lang="tsx"><code>// Input
export type XXX = {
// tbd
};
<p>// Prettier 3.7.1
&lt;/tr&gt;&lt;/table&gt;
</code></pre></p>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a href="https://github.com/prettier/prettier/commit/fdfa6701767f5140a85902ecc9fb6444f5b4e3f8"><code>fdfa670</code></a> Release 3.7.3</li>
<li><a href="https://github.com/prettier/prettier/commit/2dce3ec09081427775cc93a8d92cb828a0129e6f"><code>2dce3ec</code></a> Fix typo</li>
<li><a href="https://github.com/prettier/prettier/commit/27d6c645cadeebe86011a195e8058d29888a68f6"><code>27d6c64</code></a> Revert previous change to <code>getFileInfo</code> (<a href="https://redirect.github.com/prettier/prettier/issues/18375">#18375</a>)</li>
<li><a href="https://github.com/prettier/prettier/commit/f4a7afaebfa27b975f6b4e336091cd600b0f5592"><code>f4a7afa</code></a> Add types for config related functions (<a href="https://redirect.github.com/prettier/prettier/issues/18376">#18376</a>)</li>
<li><a href="https://github.com/prettier/prettier/commit/9266e3e85b0dd4c594554cf9a91988e20c006f9b"><code>9266e3e</code></a> Add resolved test cases (<a href="https://redirect.github.com/prettier/prettier/issues/18358">#18358</a>)</li>
<li><a href="https://github.com/prettier/prettier/commit/3bfc014442370ebad42b42e8eceea6d25891148d"><code>3bfc014</code></a> Bump Prettier dependency to 3.7.2</li>
<li><a href="https://github.com/prettier/prettier/commit/081b84695b060651dc221afcda7531f4c7731c2e"><code>081b846</code></a> Clean changelog_unreleased</li>
<li><a href="https://github.com/prettier/prettier/commit/03384c964d99ef26cb1a7fec68e7e5e263220cea"><code>03384c9</code></a> Release 3.7.2</li>
<li><a href="https://github.com/prettier/prettier/commit/514e51afa2046aac7beb651270f0f4ce74a3dafa"><code>514e51a</code></a> Release <code>@​prettier/plugin-hermes</code> &amp; <code>@​prettier/plugin-oxc</code> v0.1.2</li>
<li><a href="https://github.com/prettier/prettier/commit/29a11ae1ae417b8d0fa66d88d656001a6a90e297"><code>29a11ae</code></a> Fix comment in empty type literal (<a href="https://redirect.github.com/prettier/prettier/issues/18364">#18364</a>)</li>
<li>Additional commits viewable in <a href="https://github.com/prettier/prettier/compare/3.6.2...3.7.3">compare view</a></li>
</ul>
</details>
<details>
<summary>Maintainer changes</summary>
<p>This version was pushed to npm by [GitHub Actions](<a href="https://www.npmjs.com/~GitHub">https://www.npmjs.com/~GitHub</a> Actions), a new releaser for prettier since your current version.</p>
</details>
<br />


[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>