chore(deps): bump astro from 6.4.8 to 7.0.2

[dependabot]

Bumps astro from 6.4.8 to 7.0.2.

Release notes

Sourced from astro's releases.

astro@7.0.2

Patch Changes

• Updated dependencies [3b5e994]:
  • @​astrojs/markdown-satteri@​0.3.2

astro@7.0.1

Patch Changes

• #17151 ccceda3 Thanks @​matthewp! - Fixes astro dev incorrectly starting in background mode for Warp terminal users. Hybrid environments like Warp are no longer treated as AI agents for auto-background detection.

• #17158 164df87 Thanks @​ematipico! - Fixes astro dev --background --host not listing the network addresses. The background server start output and astro dev status now show every exposed network URL, matching the foreground dev server.

• #17141 d785b9d Thanks @​astrobot-houston! - Fixes responsive image CSS overriding user styles defined inside CSS @layer blocks. The generated image styles are now wrapped in @layer astro.images, ensuring they have lower cascade priority than user-defined layers.

• #17150 1a61386 Thanks @​matthewp! - Fixes astro dev --background failing on Windows with "Failed to spawn background dev server process"

astro@7.0.0

Major Changes

• #15819 cafec4e Thanks @​delucis! - Upgrade to Vite v8

• #16965 57ead0d Thanks @​Princesseuh! - Makes 'jsx' the default value for compressHTML

  Astro now strips whitespace from your HTML using JSX rules by default, the same way frameworks like React do. Whitespace and line breaks around elements are removed, but meaningful whitespace within a single line — like a space between two inline elements — is preserved. To keep a space that would otherwise be removed, write it explicitly in your source, for example with {" "}.

  This can change rendered output where whitespace between inline elements was previously meaningful. To keep Astro's earlier behavior, set compressHTML: true for HTML-aware compression, or compressHTML: false to preserve all whitespace.

• #16610 c63e7e4 Thanks @​matthewp! - Adds background dev server management for AI coding agents.

  When an AI coding agent is detected, astro dev now automatically starts the dev server as a detached background process. This prevents the dev server from blocking the agent's terminal and allows it to continue working while the server runs.

  A lock file (.astro/dev.json) is written when the dev server starts, recording the server's URL, port, and PID. This prevents duplicate servers from being started for the same project.

  New flag and subcommands

  • astro dev --background — Start the dev server as a background process (this is what runs automatically when an agent is detected).
  • astro dev stop — Stop a running background dev server.
  • astro dev status — Check if a dev server is running and display its URL, PID, and uptime.
  • astro dev logs — View logs from a background dev server. Use --follow (-f) to stream new output as it's written.

  These allow you to start and manage dev servers programmatically and were designed with AI coding agents in mind.

  What should I do?

  No action is required. If you are not using an AI coding agent, astro dev behaves exactly as before. If you are using an agent, background mode is enabled automatically — the agent will receive the server URL and PID, and can use astro dev stop to shut it down.

  To opt out of automatic background mode when an agent is detected, set the environment variable ASTRO_DEV_BACKGROUND=0 before running astro dev.

• #17010 0606073 Thanks @​ocavue! - Removes the @astrojs/db package as it is no longer maintained.

... (truncated)

Changelog

Sourced from astro's changelog.

7.0.2

Patch Changes

• Updated dependencies [3b5e994]:
  • @​astrojs/markdown-satteri@​0.3.2

7.0.1

Patch Changes

• #17151 ccceda3 Thanks @​matthewp! - Fixes astro dev incorrectly starting in background mode for Warp terminal users. Hybrid environments like Warp are no longer treated as AI agents for auto-background detection.

• #17158 164df87 Thanks @​ematipico! - Fixes astro dev --background --host not listing the network addresses. The background server start output and astro dev status now show every exposed network URL, matching the foreground dev server.

• #17141 d785b9d Thanks @​astrobot-houston! - Fixes responsive image CSS overriding user styles defined inside CSS @layer blocks. The generated image styles are now wrapped in @layer astro.images, ensuring they have lower cascade priority than user-defined layers.

• #17150 1a61386 Thanks @​matthewp! - Fixes astro dev --background failing on Windows with "Failed to spawn background dev server process"

7.0.0

Major Changes

• #15819 cafec4e Thanks @​delucis! - Upgrade to Vite v8

• #16965 57ead0d Thanks @​Princesseuh! - Makes 'jsx' the default value for compressHTML

  Astro now strips whitespace from your HTML using JSX rules by default, the same way frameworks like React do. Whitespace and line breaks around elements are removed, but meaningful whitespace within a single line — like a space between two inline elements — is preserved. To keep a space that would otherwise be removed, write it explicitly in your source, for example with {" "}.

  This can change rendered output where whitespace between inline elements was previously meaningful. To keep Astro's earlier behavior, set compressHTML: true for HTML-aware compression, or compressHTML: false to preserve all whitespace.

• #16610 c63e7e4 Thanks @​matthewp! - Adds background dev server management for AI coding agents.

  When an AI coding agent is detected, astro dev now automatically starts the dev server as a detached background process. This prevents the dev server from blocking the agent's terminal and allows it to continue working while the server runs.

  A lock file (.astro/dev.json) is written when the dev server starts, recording the server's URL, port, and PID. This prevents duplicate servers from being started for the same project.

  New flag and subcommands

  • astro dev --background — Start the dev server as a background process (this is what runs automatically when an agent is detected).
  • astro dev stop — Stop a running background dev server.
  • astro dev status — Check if a dev server is running and display its URL, PID, and uptime.
  • astro dev logs — View logs from a background dev server. Use --follow (-f) to stream new output as it's written.

  These allow you to start and manage dev servers programmatically and were designed with AI coding agents in mind.

  What should I do?

  No action is required. If you are not using an AI coding agent, astro dev behaves exactly as before. If you are using an agent, background mode is enabled automatically — the agent will receive the server URL and PID, and can use astro dev stop to shut it down.

  To opt out of automatic background mode when an agent is detected, set the environment variable ASTRO_DEV_BACKGROUND=0 before running astro dev.

... (truncated)

Commits

• a39b7a8 [ci] release (#17167)
• 2141320 [ci] release (#17152)
• 164df87 fix(cli): background with host (#17158)
• d785b9d fix(assets): wrap responsive image CSS in @​layer to avoid overriding user lay...
• 4766f37 fix(config-alias): resolve tsconfig aliases in CSS url() references\n\nThe as...
• ccceda3 Exclude hybrid environments from agent auto-detection in dev (#17151)
• 1a61386 Spawn node directly for background dev server on Windows (#17150)
• f55ba4c [ci] release (#17132)
• 5f2b16b docs: update v7 docs links (#17143)
• 9a53f77 feat: add CDN cache providers (#16335)
• Additional commits viewable in compare view

[dependabot]

Labels

The following labels could not be found: npm. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[jldeen]

Tested this locally (Node 22) and it can't be merged as a plain bump — it's a real toolchain migration:

1. Vite pin blocks it first. Astro 7 depends on vite@^8.0.13, but package.json has overrides.vite: "^7", which forces Vite 7.3.5. That mismatch produces:
   rollupOptions.input should not be an html file when building for SSR. Please specify a dedicated SSR entry.
2. Bumping the override to ^8 gets past that, but Vite 8 (rolldown) then fails resolving Tailwind v4's @import "tailwindcss" via its built-in postcss-import:
   [postcss] ENOENT: no such file or directory, open '…/tailwindcss'
   This persists with both the object and plugins: [tailwindcss()] forms of postcss.config.mjs.

So Astro 7 needs a coordinated Vite 8 / rolldown + Tailwind migration, not a dependency bump. Leaving this open for that dedicated follow-up. The other three open bumps (#109, #110, #111) were verified and landed via #113.

[jldeen]

Closing in favor of #114, which resolves the underlying Dependabot alert #35 (esbuild GHSA-g7r4-m6w7-qqqr) directly via an overrides pin to esbuild ^0.28.1 — no astro 7 required.

The astro 6→7 upgrade itself remains worthwhile but is a separate, non-security migration: it pulls Vite 8 (rolldown), which needs the Tailwind v4 @import / postcss setup reworked (e.g. move to @tailwindcss/vite). Worth a dedicated effort when we choose to take it on, decoupled from this security fix.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.