You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When set to true, renderable entries (such as Markdown) are not rendered during content sync. Instead, rendering is deferred until the entry is actually rendered in a page, using the same on-demand path that .mdx files already use.
This reduces memory usage during astro build for large collections whose rendered output is much larger than the source — for example, Markdown that uses heavy rehype plugins like rehype-katex. Such builds could previously run out of memory while storing the eagerly-rendered HTML for every entry.
By default deferRender is false, preserving the existing behavior of rendering entries eagerly during sync so their rendered HTML can be cached across builds.
#1729630698a2 Thanks @ematipico! - Adds a new experimental collectionStorage option for controlling how the content layer persists its data store
By default, Astro serializes the entire content layer data store to a single file (.astro/data-store.json). For very large content collections, this file can grow large enough to hit platform file-size limits.
Set experimental.collectionStorage: 'chunked' to instead split the data store across many smaller, content-addressed files inside a .astro/data-store/ directory, described by a manifest:
Because each part file is named by a hash of its contents, unchanged parts keep the same name across builds and are not rewritten, and identical parts are deduplicated. The default value is 'single-file', which preserves the current behavior.
#1721444c4989 Thanks @ematipico! - Adds support for the more specific CSP directives script-src-elem, script-src-attr, style-src-elem, and style-src-attr through a new kind option.
Previously, CSP was only scoped to generic script-src/style-src directives. Now each source or hash can be scoped to a narrower directive — for example, to allow inline style attributes (such as those from define:vars or Shiki) without loosening the policy for your <style> and <link> elements.
Scoping sources and hashes in your config
Each entry in resources and hashes can be an object with a kind property. Depending on whether you use scriptDirective or styleDirective, "element" targets script-src-elem or style-src-elem, "attribute" targets script-src-attr or style-src-attr, and "default" (the same as a bare string or hash) targets script-src or style-src.
#1725884814d4 Thanks @astrobot-houston! - Adds a new format() option to the paginate utility. The format() option is a function that accepts the current URL of the page, and returns a new URL.
For example, when your host only supports URLs using the .html extension, you can use format() to add it to the generated URLs:
---exportasyncfunction getStaticPaths({ paginate }) {// Load your data with fetch(), getCollection(), etc.const response =awaitfetch(`https://pokeapi.co/api/v2/pokemon?limit=150`);const result =awaitresponse.json();const allPokemon =result.results;// Return a paginated collection of paths for all itemsreturnpaginate(allPokemon, { pageSize: 10,format: (url) =>`${url}.html`, });}const { page } =Astro.props;---
#173317db6420 Thanks @matthewp! - Adds a --ignore-lock flag to astro dev for starting a dev server without checking or writing the lock file, so it can run alongside an already-running dev server for the same project.
The new instance is not tracked by astro dev stop, astro dev status, or astro dev logs. --ignore-lock cannot be combined with --background (or an auto-detected AI agent environment, which runs dev servers in the background automatically) or --force, since those rely on the lock file.
#173324407483 Thanks @astrobot-houston! - Fixes the JSON logger crashing with process is not defined in non-Node runtimes like Cloudflare's workerd. The JSON logger now uses console.log/console.error instead of process.stdout/process.stderr, matching the pattern already used by the console logger.
#17286a249317 Thanks @astrobot-houston! - Fixes the first browser visit after astro dev starts triggering an immediate full page reload
#17369a94d4a5 Thanks @adamchal! - Fixes an issue where a client island could permanently fail to hydrate if the first attempt to load its component failed. Islands now reliably recover from transient import failures, which previously did not work for React components during astro dev.
#173633f4efc5 Thanks @astrobot-houston! - Fixes astro preview --open not opening a browser when using an adapter with a custom preview entrypoint, such as @astrojs/cloudflare
#17313e2e319d Thanks @ronits2407! - Exposes the AstroRuntimeLogger interface to allow users to properly type the logger functions at runtime.
#17328025cc74 Thanks @matthewp! - Fixes astro dev --force not replacing an already-running dev server
#173532bba277 Thanks @ematipico! - Updates the Astro compiler to the latest version, which fixes many regressions. Refer to the changelog for more details.
#1734479a41e0 Thanks @adamchal! - Improves rendering performance for pages with many component instances, such as repeated MDX <Content /> components.
#1731823a4120 Thanks @astrobot-houston! - Fixes CSS module scoped-name hash mismatch in astro dev when using vite.css.transformer: 'lightningcss' with content collections. Previously, a component importing a CSS module and rendered via content collection render() would get different class name hashes in the element and the injected <style> tag, causing styles not to apply.
#173234298883 Thanks @ematipico! - Fixes a dev server memory leak which caused Node.js to emit warnings in the console.
#173234298883 Thanks @ematipico! - Fixes a dev server crash when a .html or /index.html suffixed request (such as those netlify dev probes as pretty-URL fallbacks) matched a dynamic endpoint route, causing a TypeError: Missing parameter error
#17325cebc404 Thanks @astrobot-houston! - Fixes a bug where CSS @import rules could end up mid-stylesheet after inline CSS chunks were merged during build, causing browsers to silently ignore them
#173234298883 Thanks @ematipico! - Fixes a build regression that could leave unresolved preload markers in inlined scripts with external dynamic imports
#1726179aa99c Thanks @astrobot-houston! - Fixes a false deprecation warning for markdown.gfm and markdown.smartypants when using the Container API
#17247f94280d Thanks @chatman-media! - Fixes route generation throwing "Missing parameter" (or silently dropping the segment) when a dynamic param's value is 0. The generator used truthy checks instead of checking for undefined, so paginate(posts, { params: { categoryId: 0 } }) would crash even though 0 is a perfectly valid param value.
#172786f11739 Thanks @astrobot-houston! - Fixes missing CSS for virtual style modules (e.g., responsive image layout styles) in dev mode when JavaScript is disabled
#172500b30b35 Thanks @matthewp! - Fixes the security.checkOrigin check so it is applied consistently to Astro Actions and on-demand endpoints, regardless of how the request pipeline is composed. Previously, the origin check could be skipped in the composable astro/hono pipeline depending on the order of the middleware() primitive (or when it was omitted).
#172748c3579b Thanks @astrobot-houston! - Fixes missing render() type overload for live collection entries. Previously, calling render() on a LiveDataEntry produced a TypeScript error when using only live.config.ts without a content.config.ts.
#172574208297 Thanks @astrobot-houston! - Fixes astro check failing to find @astrojs/check and typescript when astro is installed in a directory outside the project tree (e.g. pnpm virtual store)
#17272b428648 Thanks @matthewp! - Fixes island component paths so that extensionless imports (e.g. import { Counter } from '../components/Counter') resolve to the real file on disk, matching Vite's extension order and directory index resolution. This makes the include/exclude options of JSX renderer integrations (React, Preact, Solid) match components imported without a file extension, and removes the spurious React 19 "Invalid hook call" warning logged on every request in dev when include was set alongside another JSX renderer
#172792aeaa44 Thanks @astrobot-houston! - Fixes a bug where <Picture inferSize> with a remote image could fail with FailedToFetchRemoteImageDimensions when the image server rate-limits requests (e.g. HTTP 429). Remote dimensions are now resolved once per render instead of once per output format.
#172515240e26 Thanks @matthewp! - Hardens the handling of attribute rendering when using with custom elements.
#17248429bd62 Thanks @astrobot-houston! - Fixes a crash when using Astro's getViteConfig with Vitest browser mode (e.g., Storybook vitest runner). Astro now skips dev server setup inside Vitest, preventing errors.
#1726014524c0 Thanks @matthewp! - Fixes a regression where a <script> inside a component rendered through Astro.slots.render() was hoisted out of its original position instead of staying next to its component content
#172429c05ba4 Thanks @matthewp! - Fixes an error that could occur after the dev server restarts when using an adapter such as @astrojs/cloudflare, where a request would fail with a 500 referencing a missing pre-bundled dependency:
The file does not exist at "node_modules/.vite/deps_ssr/astro_compiler-runtime.js?v=6419660d" which is in the optimize deps directory. The dependency might be incompatible with the dep optimizer. Try adding it to `optimizeDeps.exclude`.
#17202c6d254d Thanks @matthewp! - Refactors path alias resolution to use Vite's native tsconfigPaths option
This is an internal change with no expected impact on user projects. Astro now defers tsconfig and jsconfig paths alias resolution to Vite, keeping a small fallback for a few CSS cases Vite does not yet handle.
#1712372e29bd Thanks @martrapp! - Fixes an issue where the ClientRouter wipes head elements after page transitions if the <head> contains a server:defer component.
#17232257505e Thanks @matthewp! - Fixes a bug where <style> tags from components such as a content collection's Content could be silently dropped from the output when an await appeared before the component in an .astro file's markup.
#17193a7352fd Thanks @jan-kubica! - Fixes the background dev server failing to start when astro is hoisted outside the project's node_modules (for example bun workspaces). The background process is now spawned from Astro's own resolved location instead of a path assumed under the project root.
#172127ba0bb1 Thanks @matthewp! - Ensures transition directive values are HTML-escaped when rendered on hydrated islands
#17224dc5e52f Thanks @astrobot-houston! - Fixes trailing slash handling for dynamic file endpoints in dev mode. Dynamic file endpoints (e.g., src/pages/api/[name].json.ts) with trailingSlash: "always" incorrectly required a trailing slash in dev mode, returning 404 for /api/bar.json and 200 for /api/bar.json/.
#1706723f9446 Thanks @fkatsuhiro! - Fixed a bug where the development toolbar did not output a warning even though the implicit ARIA role and the manually specified role were duplicated.
#172235970ef4 Thanks @astrobot-houston! - Fixes getCollection() returning empty in dev mode for large content collections (500k+ entries)
#17184799e5cd Thanks @Princesseuh! - Upgrades the Rust compiler to the latest, which fixes some bugs. Refer to its changelog for more information.
#17208da8b573 Thanks @matthewp! - Hardens forwarded header handling so the internal request helper validates X-Forwarded-Host against security.allowedDomains before trusting X-Forwarded-For for clientAddress. Previously it only checked that the header was present, which was inconsistent with the public createRequest helper. This aligns both code paths; behavior is unchanged for correctly configured proxies.
#1718924d2c9e Thanks @astrobot-houston! - Fixes a bug where an error thrown inside one route's getStaticPaths() would prevent other valid routes from being matched in dev mode
#169328f4a3db Thanks @fkatsuhiro! - Fixes HMR for action files during development. Editing files in src/actions/ now takes effect on the next request without requiring a dev server restart.
#17087fb0ab02 Thanks @jp-knj! - Fixes localized custom error pages in i18n projects so routes like /pt/404 are used for missing localized pages and return the correct status code
#17151ccceda3 Thanks @matthewp! - Fixes astro dev incorrectly starting in background mode for Warp terminal users. Hybrid environments like Warp are no longer treated as AI agents for auto-background detection.
#17158164df87 Thanks @ematipico! - Fixes astro dev --background --host not listing the network addresses. The background server start output and astro dev status now show every exposed network URL, matching the foreground dev server.
#17141d785b9d Thanks @astrobot-houston! - Fixes responsive image CSS overriding user styles defined inside CSS @layer blocks. The generated image styles are now wrapped in @layer astro.images, ensuring they have lower cascade priority than user-defined layers.
#171501a61386 Thanks @matthewp! - Fixes astro dev --background failing on Windows with "Failed to spawn background dev server process"
Astro now strips whitespace from your HTML using JSX rules by default, the same way frameworks like React do. Whitespace and line breaks around elements are removed, but meaningful whitespace within a single line — like a space between two inline elements — is preserved. To keep a space that would otherwise be removed, write it explicitly in your source, for example with {" "}.
This can change rendered output where whitespace between inline elements was previously meaningful. To keep Astro's earlier behavior, set compressHTML: true for HTML-aware compression, or compressHTML: false to preserve all whitespace.
When an AI coding agent is detected, astro dev now automatically starts the dev server as a detached background process. This prevents the dev server from blocking the agent's terminal and allows it to continue working while the server runs.
A lock file (.astro/dev.json) is written when the dev server starts, recording the server's URL, port, and PID. This prevents duplicate servers from being started for the same project.
New flag and subcommands
astro dev --background — Start the dev server as a background process (this is what runs automatically when an agent is detected).
astro dev stop — Stop a running background dev server.
astro dev status — Check if a dev server is running and display its URL, PID, and uptime.
astro dev logs — View logs from a background dev server. Use --follow (-f) to stream new output as it's written.
These allow you to start and manage dev servers programmatically and were designed with AI coding agents in mind.
What should I do?
No action is required. If you are not using an AI coding agent, astro dev behaves exactly as before. If you are using an agent, background mode is enabled automatically — the agent will receive the server URL and PID, and can use astro dev stop to shut it down.
To opt out of automatic background mode when an agent is detected, set the environment variable ASTRO_DEV_BACKGROUND=0 before running astro dev.
#170100606073 Thanks @ocavue! - Removes the @astrojs/db package as it is no longer maintained.
The @astrojs/db package were deprecated in v6.4.5 and is now removed. This means the astro db, astro login, astro logout, astro link, and astro init CLI commands have also been removed.
If you were using Astro DB in your project, remove @astrojs/db from your project's dependencies and replace it with one of the following alternatives:
Node.js built-in SQLite: Node.js now includes a built-in node:sqlite module (available since Node.js v22.5.0). This is a good option if you are using the Node.js adapter and were using @astrojs/db for local SQLite storage.
Drizzle ORM: If you were using @astrojs/db for its Drizzle-based schema and query API, you can use Drizzle directly with any supported database.
Other database libraries: Use any database library that suits your deployment platform (e.g. Turso, PlanetScale, Neon).
The Rust-based Astro compiler (@astrojs/compiler-rs) is now the default compiler. This new compiler is faster and more reliable, leading to faster build times and iteration cycles during development.
This new compiler is more strict regarding invalid syntax. For example, unclosed HTML tags will now throw an error instead of being ignored. It also does not attempt to correct semantically invalid HTML anymore, instead leaving it to the browser to handle, similar to other tools or document.write() in JavaScript.
The previous Go-based compiler has been removed, along with the experimental.rustCompiler flag used to opt into the Rust compiler. If you were setting experimental.rustCompiler in your astro.config.mjs, you can now remove it. No other action is required.
Astro now renders .md files with satteri() from @astrojs/markdown-satteri, its native Markdown pipeline, instead of the remark/rehype pipeline. @astrojs/markdown-remark is no longer installed by default.
To keep using the remark/rehype pipeline, install @astrojs/markdown-remark and set it as your processor:
The deprecated markdown.remarkPlugins, markdown.rehypePlugins, and markdown.remarkRehype options still work, but now require @astrojs/markdown-remark to be used.
The advanced routing feature introduced behind a flag in v6.3.0 is no longer experimental and is now enabled by default.
This gives full control over how requests flow through your application, with first-class support for frameworks like Hono.
Advanced routing now uses src/fetch.ts as default entrypoint instead of src/app.ts.
If you were previously using this feature without a custom entrypoint, please configure fetchFile or rename your entrypoint to src/fetch.ts, and then remove the experimental flag from your Astro config:
import { defineConfig } from 'astro/config';
export default defineConfig({
experimental {
- advancedRouting: true,
},
+ fetchFile: 'app.ts' // optional, you only need this if you cannot rename your entrypoint.
});
fetchFile is now a top-level config option instead of being nested under experimental.advancedRouting. If you were using a custom entrypoint, please update your Astro config to move its configuration:
The getFetchState() function retrieves or lazily creates a FetchState from a Hono context object. This allows third-party packages to build Hono middleware that interacts with Astro's per-request state, giving the astro/hono API the same extensibility as astro/fetch.
import{Hono}from'hono';import{getFetchState,pages}from'astro/hono';constapp=newHono();app.use(async(context,next)=>{conststate=getFetchState(context);state.locals.message='Hello from custom middleware';awaitnext();});app.use(pages());exportdefaultapp;
#16996300641e Thanks @florian-lefebvre! - Adds a subset field to the FontData type exposed via fontData from astro:assets. When using multiple font subsets (e.g., subsets: ["latin", "korean"]), each font data entry now includes the subset name, making it possible to distinguish between font entries for different subsets that share the same weight and style.
#16745f864a80 Thanks @ematipico! - The custom logger feature introduced behind a flag in v6.2.0 is no longer experimental and is available for general use.
This feature provides better control over Astro's logging infrastructure by allowing you to replace the default console output with custom logging implementations (e.g., structured JSON). This is particularly useful for on-demand rendering when connecting to log aggregation services such as Kibana, Logstash, CloudWatch, Grafana, or Loki.
Astro provides three built-in log handlers (json, node, and console), and you can also create your own.
If you have been waiting for stabilization before using custom loggers, you can now do so.
Please see the Logger docs for more about this feature.
#169810d6d644 Thanks @ematipico! - Removes the setting experimental.queuedRendering. The new rendering engine is now stable and replaces the old one.
As part of the stabilization, the queued rendering has been improved, and some features have been removed:
The construction of the queue has been removed, instead now Astro uses a streaming approach where components are rendered and flushed as they are encountered.
The node polling feature has been removed because it doesn't yield concrete savings.
The content cache has been descoped, and how only tag names are cached.
If you were previously using this experimental feature, you must remove this experimental flag from your configuration as it no longer exists:
#17116f95e58e Thanks @ascorbic! - Stabilizes route caching, removing the experimental.cache and experimental.routeRules flags and replacing them with the top-level cache and routeRules configuration options.
Route caching, introduced experimentally in v6.0.0, is now stable. It gives you a platform-agnostic way to cache responses from on-demand rendered pages and endpoints, based on standard HTTP caching semantics.
Update your config to move cache and routeRules out of the experimental block:
Set caching directives in your routes with Astro.cache (in .astro pages) or context.cache (in API routes and middleware), and Astro translates them into the appropriate headers or runtime behavior depending on your configured cache provider. You can also define cache rules for routes declaratively in your config using routeRules, without modifying route code.
#169801f07343 Thanks @matthewp! - Removes state.provide(), state.resolve(), state.finalizeAll(), and App.Providers from the public advanced routing API. These context provider extension points are now internal-only. If you were using them in an integration, use locals to share per-request state instead.
#169821e000e2 Thanks @matthewp! - Improves the warning when accessing Astro.session without session storage configured. The session property is now always defined on the context object, and accessing it without configuration logs a helpful message instead of silently returning undefined.
Exports astro/cache/provider-utils with helpers for building platform-specific cache-control headers, generating path-based invalidation tags, and normalizing invalidation options. These are used internally by the first-party Netlify, Vercel, and Cloudflare cache providers.
#17095e84ebc0 Thanks @matthewp! - Improves build performance by removing an unfiltered transform hook from the astro:head-metadata-build plugin. Head propagation modules are now identified by their module ID (?astroPropagatedAssets) instead of scanning every module's source code.
#170414c4a91c Thanks @iseraph-dev! - Fixes a bug where the advanced routing astro/hono / astro/fetchpages() handler returned the host framework's default Internal Server Error response instead of rendering the custom 500.astro page when a page threw during render. Unmatched requests with a prerendered (or absent) custom 404 page now render the 404 error page instead of failing the same way.
#170975e340d7 Thanks @iseraph-dev! - Fixes a bug where the advanced routing astro/hono / astro/fetchmiddleware() handler returned the host framework's default Internal Server Error response instead of rendering the custom 500.astro page when middleware threw. Unmatched requests with a prerendered (or absent) custom 404 page now render the 404 error page instead of failing the same way. Errors surfaced through next (the host framework's downstream chain) still propagate to the host's own error handler.
#15819cafec4e Thanks @delucis! - Fixes --port flag being ignored after a Vite-triggered server restart (e.g. when a .env file changes)
#17104b074a37 Thanks @iseraph-dev! - Fixes the custom 500.astro page receiving an empty error prop when the error originated in middleware.
#1707804547ec Thanks @astrobot-houston! - Fixes a spurious Astro.request.headers warning on prerendered pages when security.allowedDomains is configured. The internal allowedDomains header validation now skips prerendered routes, since they use synthetic requests with no real headers.
#16603deaaf3f Thanks @alexanderniebuhr! - Removes the warning that Astro does not support vite v8, since Astro v7 does support vite v8
Cache providers now receive the incoming Request as a second argument to setHeaders(options, request). This allows CDN providers to read the request URL, headers, and other properties when generating cache response headers, for example to auto-tag responses with their pathname for path-based invalidation.
#17098637a1b6 Thanks @matthewp! - Fixes internal Astro headers leaking from direct pages() handler responses
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
[email protected].
Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/@emnapi/[email protected]. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
Warn
Obfuscated code: npm astro is 90.0% likely obfuscated
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
[email protected].
Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/[email protected]. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
Warn
Obfuscated code: npm node-fetch-native is 90.0% likely obfuscated
Next steps: Take a moment to review the security alert above. Review
the linked package source code to understand the potential risk. Ensure the
package is not malicious before proceeding. If you're unsure how to proceed,
reach out to your security team or ask the Socket team for help at
[email protected].
Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.
Mark the package as acceptable risk. To ignore this alert only
in this pull request, reply with the comment
@SocketSecurity ignore npm/[email protected]. You can
also ignore all packages with @SocketSecurity ignore-all.
To ignore an alert for all future pull requests, use Socket's Dashboard to
change the triage state of this alert.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^4.0.0→^7.0.0Release Notes
withastro/astro (astro)
v7.1.1Compare Source
Patch Changes
4b03702Thanks @matthewp! - Fixes encoded request paths being routed incorrectly when using domain-based i18nv7.1.0Compare Source
Minor Changes
#17302
5f4dc03Thanks @astrobot-houston! - Adds a newdeferRenderoption to theglob()content loaderWhen set to
true, renderable entries (such as Markdown) are not rendered during content sync. Instead, rendering is deferred until the entry is actually rendered in a page, using the same on-demand path that.mdxfiles already use.This reduces memory usage during
astro buildfor large collections whose rendered output is much larger than the source — for example, Markdown that uses heavy rehype plugins likerehype-katex. Such builds could previously run out of memory while storing the eagerly-rendered HTML for every entry.By default
deferRenderisfalse, preserving the existing behavior of rendering entries eagerly during sync so their rendered HTML can be cached across builds.#17296
30698a2Thanks @ematipico! - Adds a new experimentalcollectionStorageoption for controlling how the content layer persists its data storeBy default, Astro serializes the entire content layer data store to a single file (
.astro/data-store.json). For very large content collections, this file can grow large enough to hit platform file-size limits.Set
experimental.collectionStorage: 'chunked'to instead split the data store across many smaller, content-addressed files inside a.astro/data-store/directory, described by a manifest:Because each part file is named by a hash of its contents, unchanged parts keep the same name across builds and are not rewritten, and identical parts are deduplicated. The default value is
'single-file', which preserves the current behavior.#17214
44c4989Thanks @ematipico! - Adds support for the more specific CSP directivesscript-src-elem,script-src-attr,style-src-elem, andstyle-src-attrthrough a newkindoption.Previously,
CSPwas only scoped to genericscript-src/style-srcdirectives. Now each source or hash can be scoped to a narrower directive — for example, to allow inlinestyleattributes (such as those fromdefine:varsor Shiki) without loosening the policy for your<style>and<link>elements.Scoping sources and hashes in your config
Each entry in
resourcesandhashescan be an object with akindproperty. Depending on whether you usescriptDirectiveorstyleDirective,"element"targetsscript-src-elemorstyle-src-elem,"attribute"targetsscript-src-attrorstyle-src-attr, and"default"(the same as a bare string or hash) targetsscript-srcorstyle-src.Scoping at runtime
The same
kindoption is available on the runtime CSP API, where the existing methods now also accept an object:#17258
84814d4Thanks @astrobot-houston! - Adds a newformat()option to thepaginateutility. Theformat()option is a function that accepts the current URL of the page, and returns a new URL.For example, when your host only supports URLs using the
.htmlextension, you can useformat()to add it to the generated URLs:#17331
7db6420Thanks @matthewp! - Adds a--ignore-lockflag toastro devfor starting a dev server without checking or writing the lock file, so it can run alongside an already-running dev server for the same project.The new instance is not tracked by
astro dev stop,astro dev status, orastro dev logs.--ignore-lockcannot be combined with--background(or an auto-detected AI agent environment, which runs dev servers in the background automatically) or--force, since those rely on the lock file.#17389
16de021Thanks @florian-lefebvre! - Allows passing URL entrypoints when configuring the loggerMatching other APIs like session drivers or font providers, the logger entrypoint can now be a URL:
Patch Changes
#17332
4407483Thanks @astrobot-houston! - Fixes the JSON logger crashing withprocess is not definedin non-Node runtimes like Cloudflare's workerd. The JSON logger now usesconsole.log/console.errorinstead ofprocess.stdout/process.stderr, matching the pattern already used by the console logger.#17391
186a1e7Thanks @florian-lefebvre! - Fixes a case where an integration could not update the logger withupdateConfig()#17394
d9f99e1Thanks @matthewp! - Fixes element-specific CSP directives to preserve the existing behavior of configured script and style resources#17374
b2d1b3eThanks @astrobot-houston! - Fixes dev server returning 404 for?urlimported assets when accessed via browser navigation#17390
ed71eafThanks @florian-lefebvre! - Removes an unused and undocumented generic from theAstroLoggerDestinationtype#17393
092da56Thanks @matthewp! - Hardens generated transition styles, development metadata, and server island URLs when embedding dynamic valuesv7.0.9Compare Source
Patch Changes
#17286
a249317Thanks @astrobot-houston! - Fixes the first browser visit afterastro devstarts triggering an immediate full page reload#17369
a94d4a5Thanks @adamchal! - Fixes an issue where a client island could permanently fail to hydrate if the first attempt to load its component failed. Islands now reliably recover from transient import failures, which previously did not work for React components duringastro dev.v7.0.8Compare Source
Patch Changes
#17363
3f4efc5Thanks @astrobot-houston! - Fixesastro preview --opennot opening a browser when using an adapter with a custom preview entrypoint, such as@astrojs/cloudflare#17313
e2e319dThanks @ronits2407! - Exposes theAstroRuntimeLoggerinterface to allow users to properly type the logger functions at runtime.#17328
025cc74Thanks @matthewp! - Fixesastro dev --forcenot replacing an already-running dev server#17353
2bba277Thanks @ematipico! - Updates the Astro compiler to the latest version, which fixes many regressions. Refer to the changelog for more details.#17344
79a41e0Thanks @adamchal! - Improves rendering performance for pages with many component instances, such as repeated MDX<Content />components.Updated dependencies [
64b0d66]:v7.0.7Compare Source
Patch Changes
#17318
23a4120Thanks @astrobot-houston! - Fixes CSS module scoped-name hash mismatch inastro devwhen usingvite.css.transformer: 'lightningcss'with content collections. Previously, a component importing a CSS module and rendered via content collectionrender()would get different class name hashes in the element and the injected<style>tag, causing styles not to apply.#17323
4298883Thanks @ematipico! - Fixes a dev server memory leak which caused Node.js to emit warnings in the console.#17323
4298883Thanks @ematipico! - Fixes a dev server crash when a.htmlor/index.htmlsuffixed request (such as thosenetlify devprobes as pretty-URL fallbacks) matched a dynamic endpoint route, causing aTypeError: Missing parametererror#17325
cebc404Thanks @astrobot-houston! - Fixes a bug where CSS@importrules could end up mid-stylesheet after inline CSS chunks were merged during build, causing browsers to silently ignore them#17323
4298883Thanks @ematipico! - Fixes a build regression that could leave unresolved preload markers in inlined scripts with external dynamic importsUpdated dependencies [
4298883,4298883]:v7.0.6Compare Source
Patch Changes
#17261
79aa99cThanks @astrobot-houston! - Fixes a false deprecation warning formarkdown.gfmandmarkdown.smartypantswhen using the Container API#17247
f94280dThanks @chatman-media! - Fixes route generation throwing "Missing parameter" (or silently dropping the segment) when a dynamic param's value is0. The generator used truthy checks instead of checking forundefined, sopaginate(posts, { params: { categoryId: 0 } })would crash even though0is a perfectly valid param value.#17278
6f11739Thanks @astrobot-houston! - Fixes missing CSS for virtual style modules (e.g., responsive image layout styles) in dev mode when JavaScript is disabled#17250
0b30b35Thanks @matthewp! - Fixes thesecurity.checkOrigincheck so it is applied consistently to Astro Actions and on-demand endpoints, regardless of how the request pipeline is composed. Previously, the origin check could be skipped in the composableastro/honopipeline depending on the order of themiddleware()primitive (or when it was omitted).#17274
8c3579bThanks @astrobot-houston! - Fixes missingrender()type overload for live collection entries. Previously, callingrender()on aLiveDataEntryproduced a TypeScript error when using onlylive.config.tswithout acontent.config.ts.#17257
4208297Thanks @astrobot-houston! - Fixesastro checkfailing to find@astrojs/checkandtypescriptwhen astro is installed in a directory outside the project tree (e.g. pnpm virtual store)#17272
b428648Thanks @matthewp! - Fixes island component paths so that extensionless imports (e.g.import { Counter } from '../components/Counter') resolve to the real file on disk, matching Vite's extension order and directoryindexresolution. This makes theinclude/excludeoptions of JSX renderer integrations (React, Preact, Solid) match components imported without a file extension, and removes the spurious React 19 "Invalid hook call" warning logged on every request in dev whenincludewas set alongside another JSX renderer#17279
2aeaa44Thanks @astrobot-houston! - Fixes a bug where<Picture inferSize>with a remote image could fail withFailedToFetchRemoteImageDimensionswhen the image server rate-limits requests (e.g. HTTP 429). Remote dimensions are now resolved once per render instead of once per output format.#17251
5240e26Thanks @matthewp! - Hardens the handling of attribute rendering when using with custom elements.#17248
429bd62Thanks @astrobot-houston! - Fixes a crash when using Astro'sgetViteConfigwith Vitest browser mode (e.g., Storybook vitest runner). Astro now skips dev server setup inside Vitest, preventing errors.#17260
14524c0Thanks @matthewp! - Fixes a regression where a<script>inside a component rendered throughAstro.slots.render()was hoisted out of its original position instead of staying next to its component contentUpdated dependencies [
eb6f97e]:v7.0.5Compare Source
Patch Changes
#17242
9c05ba4Thanks @matthewp! - Fixes an error that could occur after the dev server restarts when using an adapter such as@astrojs/cloudflare, where a request would fail with a500referencing a missing pre-bundled dependency:#17202
c6d254dThanks @matthewp! - Refactors path alias resolution to use Vite's nativetsconfigPathsoptionThis is an internal change with no expected impact on user projects. Astro now defers tsconfig and jsconfig
pathsalias resolution to Vite, keeping a small fallback for a few CSS cases Vite does not yet handle.#17123
72e29bdThanks @martrapp! - Fixes an issue where the ClientRouter wipes head elements after page transitions if the<head>contains aserver:defercomponent.#17232
257505eThanks @matthewp! - Fixes a bug where<style>tags from components such as a content collection'sContentcould be silently dropped from the output when anawaitappeared before the component in an.astrofile's markup.#17193
a7352fdThanks @jan-kubica! - Fixes the background dev server failing to start whenastrois hoisted outside the project'snode_modules(for example bun workspaces). The background process is now spawned from Astro's own resolved location instead of a path assumed under the project root.#17255
581d171Thanks @astrobot-houston! - Fixes prefetch not working for links insideserver:defercomponentsv7.0.4Compare Source
Patch Changes
#17212
7ba0bb1Thanks @matthewp! - Ensures transition directive values are HTML-escaped when rendered on hydrated islands#17224
dc5e52fThanks @astrobot-houston! - Fixes trailing slash handling for dynamic file endpoints in dev mode. Dynamic file endpoints (e.g.,src/pages/api/[name].json.ts) withtrailingSlash: "always"incorrectly required a trailing slash in dev mode, returning 404 for/api/bar.jsonand 200 for/api/bar.json/.#17067
23f9446Thanks @fkatsuhiro! - Fixed a bug where the development toolbar did not output a warning even though the implicit ARIA role and the manually specified role were duplicated.#17234
d5fbee8Thanks @ocavue! - Adds support forsharpv0.35. pnpm users no longer need to approvesharp's build script (seeallowBuilds) when on v0.35.#17223
5970ef4Thanks @astrobot-houston! - FixesgetCollection()returning empty in dev mode for large content collections (500k+ entries)#17184
799e5cdThanks @Princesseuh! - Upgrades the Rust compiler to the latest, which fixes some bugs. Refer to its changelog for more information.#17208
da8b573Thanks @matthewp! - Hardens forwarded header handling so the internal request helper validatesX-Forwarded-Hostagainstsecurity.allowedDomainsbefore trustingX-Forwarded-ForforclientAddress. Previously it only checked that the header was present, which was inconsistent with the publiccreateRequesthelper. This aligns both code paths; behavior is unchanged for correctly configured proxies.v7.0.3Compare Source
Patch Changes
#17189
24d2c9eThanks @astrobot-houston! - Fixes a bug where an error thrown inside one route'sgetStaticPaths()would prevent other valid routes from being matched in dev mode#16932
8f4a3dbThanks @fkatsuhiro! - Fixes HMR for action files during development. Editing files insrc/actions/now takes effect on the next request without requiring a dev server restart.#17087
fb0ab02Thanks @jp-knj! - Fixes localized custom error pages in i18n projects so routes like/pt/404are used for missing localized pages and return the correct status codev7.0.2Compare Source
Patch Changes
3b5e994]:v7.0.1Compare Source
Patch Changes
#17151
ccceda3Thanks @matthewp! - Fixesastro devincorrectly starting in background mode for Warp terminal users. Hybrid environments like Warp are no longer treated as AI agents for auto-background detection.#17158
164df87Thanks @ematipico! - Fixesastro dev --background --hostnot listing the network addresses. The background server start output andastro dev statusnow show every exposed network URL, matching the foreground dev server.#17141
d785b9dThanks @astrobot-houston! - Fixes responsive image CSS overriding user styles defined inside CSS@layerblocks. The generated image styles are now wrapped in@layer astro.images, ensuring they have lower cascade priority than user-defined layers.#17150
1a61386Thanks @matthewp! - Fixesastro dev --backgroundfailing on Windows with "Failed to spawn background dev server process"v7.0.0Compare Source
Major Changes
#15819
cafec4eThanks @delucis! - Upgrade to Vite v8#16965
57ead0dThanks @Princesseuh! - Makes'jsx'the default value forcompressHTMLAstro now strips whitespace from your HTML using JSX rules by default, the same way frameworks like React do. Whitespace and line breaks around elements are removed, but meaningful whitespace within a single line — like a space between two inline elements — is preserved. To keep a space that would otherwise be removed, write it explicitly in your source, for example with
{" "}.This can change rendered output where whitespace between inline elements was previously meaningful. To keep Astro's earlier behavior, set
compressHTML: truefor HTML-aware compression, orcompressHTML: falseto preserve all whitespace.#16610
c63e7e4Thanks @matthewp! - Adds background dev server management for AI coding agents.When an AI coding agent is detected,
astro devnow automatically starts the dev server as a detached background process. This prevents the dev server from blocking the agent's terminal and allows it to continue working while the server runs.A lock file (
.astro/dev.json) is written when the dev server starts, recording the server's URL, port, and PID. This prevents duplicate servers from being started for the same project.New flag and subcommands
astro dev --background— Start the dev server as a background process (this is what runs automatically when an agent is detected).astro dev stop— Stop a running background dev server.astro dev status— Check if a dev server is running and display its URL, PID, and uptime.astro dev logs— View logs from a background dev server. Use--follow(-f) to stream new output as it's written.These allow you to start and manage dev servers programmatically and were designed with AI coding agents in mind.
What should I do?
No action is required. If you are not using an AI coding agent,
astro devbehaves exactly as before. If you are using an agent, background mode is enabled automatically — the agent will receive the server URL and PID, and can useastro dev stopto shut it down.To opt out of automatic background mode when an agent is detected, set the environment variable
ASTRO_DEV_BACKGROUND=0before runningastro dev.#17010
0606073Thanks @ocavue! - Removes the@astrojs/dbpackage as it is no longer maintained.The
@astrojs/dbpackage were deprecated in v6.4.5 and is now removed. This means theastro db,astro login,astro logout,astro link, andastro initCLI commands have also been removed.If you were using Astro DB in your project, remove
@astrojs/dbfrom your project's dependencies and replace it with one of the following alternatives:node:sqlitemodule (available since Node.js v22.5.0). This is a good option if you are using the Node.js adapter and were using@astrojs/dbfor local SQLite storage.@astrojs/dbfor its Drizzle-based schema and query API, you can use Drizzle directly with any supported database.#16462
c30a778Thanks @Princesseuh! - Replaces the Go compiler with a Rust-based version.The Rust-based Astro compiler (
@astrojs/compiler-rs) is now the default compiler. This new compiler is faster and more reliable, leading to faster build times and iteration cycles during development.This new compiler is more strict regarding invalid syntax. For example, unclosed HTML tags will now throw an error instead of being ignored. It also does not attempt to correct semantically invalid HTML anymore, instead leaving it to the browser to handle, similar to other tools or
document.write()in JavaScript.The previous Go-based compiler has been removed, along with the
experimental.rustCompilerflag used to opt into the Rust compiler. If you were settingexperimental.rustCompilerin yourastro.config.mjs, you can now remove it. No other action is required.#16966
6650ec2Thanks @Princesseuh! - Makes Sätteri the default Markdown processorAstro now renders
.mdfiles withsatteri()from@astrojs/markdown-satteri, its native Markdown pipeline, instead of the remark/rehype pipeline.@astrojs/markdown-remarkis no longer installed by default.To keep using the remark/rehype pipeline, install
@astrojs/markdown-remarkand set it as your processor:The deprecated
markdown.remarkPlugins,markdown.rehypePlugins, andmarkdown.remarkRehypeoptions still work, but now require@astrojs/markdown-remarkto be used.#16877
3b7d76eThanks @matthewp! - Enables advanced routing by default.The advanced routing feature introduced behind a flag in v6.3.0 is no longer experimental and is now enabled by default.
This gives full control over how requests flow through your application, with first-class support for frameworks like Hono.
Advanced routing now uses
src/fetch.tsas default entrypoint instead ofsrc/app.ts.If you were previously using this feature without a custom entrypoint, please configure
fetchFileor rename your entrypoint tosrc/fetch.ts, and then remove the experimental flag from your Astro config:import { defineConfig } from 'astro/config'; export default defineConfig({ experimental { - advancedRouting: true, }, + fetchFile: 'app.ts' // optional, you only need this if you cannot rename your entrypoint. });fetchFileis now a top-level config option instead of being nested underexperimental.advancedRouting. If you were using a custom entrypoint, please update your Astro config to move its configuration:// astro.config.mjs export default defineConfig({ - experimental: { - advancedRouting: { - fetchFile: 'my-custom-entrypoint.ts', - }, - }, + fetchFile: 'my-custom-entrypoint.ts', })You can also set
fetchFile: nullto disable the entrypoint if you are usingsrc/fetch.tsfor another purpose, or don’t need advanced routing features.If you have been waiting for stabilization before using advanced routing, you can now do so.
Please see the advanced routing guide in docs for more about this feature.
#16725
10229f7Thanks @ArmandPhilippot! - Removes deprecated APIs exported fromastro:transitions.In Astro 6.x, some helpers available in
astro:transitionsandastro:transitions/clientwere deprecated.In Astro 7.0, the following APIs can no longer be used in your project:
TRANSITION_BEFORE_PREPARATIONTRANSITION_AFTER_PREPARATIONTRANSITION_BEFORE_SWAPTRANSITION_AFTER_SWAPTRANSITION_PAGE_LOADisTransitionBeforePreparationEvent()isTransitionBeforeSwapEvent()createAnimationScope()What should I do?
Remove any occurrence of
createAnimationScope():-import { createAnimationScope } from 'astro:transitions';Replace any occurrence of the other APIs using the lifecycle event names directly:
Learn more about all utilities available in the View Transitions Router API Reference.
Minor Changes
#16998
57dcc31Thanks @matthewp! - ExposesgetFetchState()fromastro/honoas a public APIThe
getFetchState()function retrieves or lazily creates aFetchStatefrom a Hono context object. This allows third-party packages to build Hono middleware that interacts with Astro's per-request state, giving theastro/honoAPI the same extensibility asastro/fetch.#16996
300641eThanks @florian-lefebvre! - Adds asubsetfield to theFontDatatype exposed viafontDatafromastro:assets. When using multiple font subsets (e.g.,subsets: ["latin", "korean"]), each font data entry now includes the subset name, making it possible to distinguish between font entries for different subsets that share the same weight and style.#16745
f864a80Thanks @ematipico! - The custom logger feature introduced behind a flag in v6.2.0 is no longer experimental and is available for general use.This feature provides better control over Astro's logging infrastructure by allowing you to replace the default console output with custom logging implementations (e.g., structured JSON). This is particularly useful for on-demand rendering when connecting to log aggregation services such as Kibana, Logstash, CloudWatch, Grafana, or Loki.
Astro provides three built-in log handlers (
json,node, andconsole), and you can also create your own.JSON logging
Custom logger
Additionally,
context.loggeris now always available in API routes and middleware, even without a custom logger configured.If you were previously using this feature, please remove the experimental flag from your Astro config:
import { defineConfig } from 'astro/config'; export default defineConfig({ - experimental: { - logger: { - entrypoint: '@​org/custom-logger', - }, - }, + logger: { + entrypoint: '@​org/custom-logger', + }, });If you have been waiting for stabilization before using custom loggers, you can now do so.
Please see the Logger docs for more about this feature.
#16981
0d6d644Thanks @ematipico! - Removes the settingexperimental.queuedRendering. The new rendering engine is now stable and replaces the old one.As part of the stabilization, the queued rendering has been improved, and some features have been removed:
If you were previously using this experimental feature, you must remove this experimental flag from your configuration as it no longer exists:
// astro.config.mjs import { defineConfig } from "astro/config"; export default defineConfig({ experimental: { - queuedRendering: {} } });#17116
f95e58eThanks @ascorbic! - Stabilizes route caching, removing theexperimental.cacheandexperimental.routeRulesflags and replacing them with the top-levelcacheandrouteRulesconfiguration options.Route caching, introduced experimentally in v6.0.0, is now stable. It gives you a platform-agnostic way to cache responses from on-demand rendered pages and endpoints, based on standard HTTP caching semantics.
Update your config to move
cacheandrouteRulesout of theexperimentalblock:// astro.config.mjs import { defineConfig, memoryCache } from 'astro/config'; export default defineConfig({ - experimental: { - cache: { - provider: memoryCache(), - }, - routeRules: { - '/blog/[...path]': { maxAge: 300, swr: 60 }, - }, - }, + cache: { + provider: memoryCache(), + }, + routeRules: { + '/blog/[...path]': { maxAge: 300, swr: 60 }, + }, });Set caching directives in your routes with
Astro.cache(in.astropages) orcontext.cache(in API routes and middleware), and Astro translates them into the appropriate headers or runtime behavior depending on your configured cache provider. You can also define cache rules for routes declaratively in your config usingrouteRules, without modifying route code.See the route caching guide for more information.
Patch Changes
#16980
1f07343Thanks @matthewp! - Removesstate.provide(),state.resolve(),state.finalizeAll(), andApp.Providersfrom the public advanced routing API. These context provider extension points are now internal-only. If you were using them in an integration, uselocalsto share per-request state instead.#17111
c0f33edThanks @ematipico! - Harden the limits on the number of decoding on the URL.#16982
1e000e2Thanks @matthewp! - Improves the warning when accessingAstro.sessionwithout session storage configured. Thesessionproperty is now always defined on the context object, and accessing it without configuration logs a helpful message instead of silently returningundefined.#16335
9a53f77Thanks @ascorbic! - Adds shared helper utilities for CDN cache provider authors for route cachingExports
astro/cache/provider-utilswith helpers for building platform-specific cache-control headers, generating path-based invalidation tags, and normalizing invalidation options. These are used internally by the first-party Netlify, Vercel, and Cloudflare cache providers.#17095
e84ebc0Thanks @matthewp! - Improves build performance by removing an unfiltered transform hook from theastro:head-metadata-buildplugin. Head propagation modules are now identified by their module ID (?astroPropagatedAssets) instead of scanning every module's source code.#17041
4c4a91cThanks @iseraph-dev! - Fixes a bug where the advanced routingastro/hono/astro/fetchpages()handler returned the host framework's defaultInternal Server Errorresponse instead of rendering the custom500.astropage when a page threw during render. Unmatched requests with a prerendered (or absent) custom 404 page now render the 404 error page instead of failing the same way.#17097
5e340d7Thanks @iseraph-dev! - Fixes a bug where the advanced routingastro/hono/astro/fetchmiddleware()handler returned the host framework's defaultInternal Server Errorresponse instead of rendering the custom500.astropage when middleware threw. Unmatched requests with a prerendered (or absent) custom 404 page now render the 404 error page instead of failing the same way. Errors surfaced throughnext(the host framework's downstream chain) still propagate to the host's own error handler.#15819
cafec4eThanks @delucis! - Fixes--portflag being ignored after a Vite-triggered server restart (e.g. when a.envfile changes)#17104
b074a37Thanks @iseraph-dev! - Fixes the custom500.astropage receiving an emptyerrorprop when the error originated in middleware.#17078
04547ecThanks @astrobot-houston! - Fixes a spuriousAstro.request.headerswarning on prerendered pages whensecurity.allowedDomainsis configured. The internalallowedDomainsheader validation now skips prerendered routes, since they use synthetic requests with no real headers.#16603
deaaf3fThanks @alexanderniebuhr! - Removes the warning that Astro does not support vite v8, since Astro v7 does support vite v8#16335
9a53f77Thanks @ascorbic! - Passes theRequestobject toCacheProvider.setHeaders()for route cachingCache providers now receive the incoming
Requestas a second argument tosetHeaders(options, request). This allows CDN providers to read the request URL, headers, and other properties when generating cache response headers, for example to auto-tag responses with their pathname for path-based invalidation.#17098
637a1b6Thanks @matthewp! - Fixes internal Astro headers leaking from directpages()handler responses#17090
3cf76c0Thanks @matthewp! - Fixes Vite and Rolldown build warnings#16434
ee079d4Thanks @ematipico! - Fixes an issue where i18n domains would return 404 whentrailingSlashis set tonever.Updated dependencies [
7e7ab87,ff7b718,241250b]:Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.