chore(deps): update fontsource monorepo

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@fontsource/fira-mono (source)	^5.1.0 -> ^5.1.1
@typescript-eslint/eslint-plugin (source)	^8.18.1 -> ^8.19.0
@typescript-eslint/parser (source)	^8.18.1 -> ^8.19.0
astro (source)	^5.0.9 -> ^5.1.2
next (source)	^15.1.1 -> ^15.1.3

---

Release Notes

fontsource/font-files (@​fontsource/fira-mono)

v5.1.1

Compare Source

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.19.0

Compare Source

🚀 Features

• eslint-plugin: [strict-boolean-expressions] check array predicate functions' return statements (#​10106)

🩹 Fixes

• eslint-plugin: [member-ordering] ignore method overloading (#​10536)
• eslint-plugin: [consistent-indexed-object-style] don't report on indirect circular references (#​10537)
• eslint-plugin: [array-type] autofix with conditional types needs parentheses (#​10522)
• eslint-plugin: add getConstraintInfo to handle generic constraints better (#​10496)

❤️ Thank You

• Karl Werner
• Kirk Waiblinger @​kirkwaiblinger
• Ronen Amiel
• YeonJuan @​yeonjuan

You can read about our versioning strategy and releases on our website.

v8.18.2

Compare Source

🩹 Fixes

• eslint-plugin: [no-unnecessary-condition] handle noUncheckedIndexedAccess true (#​10514)
• eslint-plugin: [consistent-type-assertions] allow default assertionStyle option (#​10512)
• eslint-plugin: [no-unnecessary-type-arguments] handle type/value context (#​10503)
• eslint-plugin: [no-unsafe-type-assertion] fix for unsafe assertion to a constrained type parameter (#​10461)
• eslint-plugin: [consistent-indexed-object-style] use a suggestion over an auto-fix if can't reliably determine that produced index signature is valid (#​10490)
• eslint-plugin: [no-unnecessary-condition] don't flag values of an unconstrained or valid type parameter (#​10473)
• eslint-plugin: [prefer-reduce-type-parameter] don't report cases in which the fix results in a type error (#​10494)
• eslint-plugin: [no-deprecated] not reporting usages of deprecated declared constants as object value (#​10498)

❤️ Thank You

• Luke Deen Taylor @​controversial
• Ronen Amiel
• Scott O'Hara
• YeonJuan @​yeonjuan
• Yukihiro Hasegawa @​y-hsgw

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.19.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v8.18.2

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

withastro/astro (astro)

v5.1.2

Compare Source

Patch Changes

• #​12798 7b0cb85 Thanks @​ascorbic! - Improves warning logs for invalid content collection configuration

• #​12781 96c4b92 Thanks @​ascorbic! - Fixes a regression that caused default() to not work with reference()

• #​12820 892dd9f Thanks @​ascorbic! - Fixes a bug that caused cookies to not be deleted when destroying a session

• #​12864 440d8a5 Thanks @​kaytwo! - Fixes a bug where the session ID wasn't correctly regenerated

• #​12768 524c855 Thanks @​ematipico! - Fixes an issue where Astro didn't print error logs when Astro Islands were used in incorrect cases.

• #​12814 f12f111 Thanks @​ematipico! - Fixes an issue where Astro didn't log anything in case a file isn't created during the build.

• #​12875 e109002 Thanks @​ascorbic! - Fixes a bug in emulated legacy collections where the entry passed to the getCollection filter function did not include the legacy entry fields.

• #​12768 524c855 Thanks @​ematipico! - Fixes an issue where Astro was printing the incorrect output format when running the astro build command

• #​12810 70a9f0b Thanks @​louisescher! - Fixes server islands failing to check content-type header under certain circumstances

  Sometimes a reverse proxy or similar service might modify the content-type header to include the charset or other parameters in the media type of the response. This previously wasn't handled by the client-side server island script and thus removed the script without actually placing the requested content in the DOM. This fix makes it so the script checks if the header starts with the proper content type instead of exactly matching text/html, so the following will still be considered a valid header: text/html; charset=utf-8

• #​12816 7fb2184 Thanks @​ematipico! - Fixes an issue where an injected route entrypoint wasn't correctly marked because the resolved file path contained a query parameter.

  This fixes some edge case where some injected entrypoint were not resolved when using an adapter.

v5.1.1

Compare Source

Patch Changes

• #​12782 f3d8385 Thanks @​fhiromasa! - update comment in packages/astro/src/types/public/common.ts

• #​12789 f632b94 Thanks @​ascorbic! - Pass raw frontmatter to remark plugins in glob loader

• #​12799 739dbfb Thanks @​ascorbic! - Upgrades Vite to pin esbuild

v5.1.0

Compare Source

Minor Changes

• #​12441 b4fec3c Thanks @​ascorbic! - Adds experimental session support

  Sessions are used to store user state between requests for server-rendered pages, such as login status, shopping cart contents, or other user-specific data.

vercel/next.js (next)

v15.1.3

Compare Source

v15.1.2

Compare Source

---

Configuration

📅 Schedule: Branch creation - "before 3am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate using a curated preset maintained by . View repository job log here

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@fontsource/[email protected]	None	0	427 kB	lotusdevshack
npm/@typescript-eslint/[email protected]	Transitive: environment, filesystem	+36	7.4 MB	bradzacher, jameshenry
npm/@typescript-eslint/[email protected]	Transitive: environment, filesystem	+29	2.83 MB	bradzacher, jameshenry
npm/[email protected]	Transitive: environment, eval, filesystem, network, shell	+271	42.7 MB	fredkschott, matthewp, natemoo-re
npm/[email protected]	Transitive: environment, filesystem	+12	125 MB	rauchg, timneutkens, vercel-release-bot

🚮 Removed packages: npm/@fontsource/[email protected], npm/@typescript-eslint/[email protected], npm/@typescript-eslint/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Alert	Package	Note	Source	CI
License Policy Violation	npm/[email protected]	License: CC-BY-SA-4.0 - Not allowed by license policy (package/dist/compiled/glob/LICENSE, package/dist/compiled/glob/LICENSE)	playground/runtime-next-js/package.json pnpm-lock.yaml	⚠︎
License Policy Violation	npm/@fontsource/[email protected]	License: OFL-1.1 - Not allowed by license policy (npm metadata, package/package.json, package/LICENSE)	playground/runtime-svelte/package.json pnpm-lock.yaml	⚠︎

View full report↗︎

Next steps

What is a license policy violation?

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Find a package that does not violate your license policy or adjust your policy to allow this package's license.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/@fontsource/[email protected]