fix(deps): update dependency astro to v6.3.5

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
astro (source)	6.3.4 → 6.3.5

---

Release Notes

withastro/astro (astro)

v6.3.5

Compare Source

Patch Changes

• #​16771 07c8805 Thanks @​ematipico! - Fixes position prop on <Image> and <Picture> components breaking Content Security Policy (CSP).

• #​16593 50924ce Thanks @​yanthomasdev! - Improves error messages with more consistent and correct writing.

• #​16757 5d661cd Thanks @​astrobot-houston! - Fixes dev server serving stale content when SSR-only modules change (e.g. .astro files outside the project root in a monorepo, or dynamically imported components).

  Previously, the astro:hmr-reload plugin returned an empty array after detecting SSR-only module changes, which prevented Vite's updateModules from propagating the invalidation to the SSR module runner. The runner's evaluated module cache stayed stale, so subsequent requests continued returning old content.

  Now the plugin returns the SSR-only modules so Vite can process them through updateModules, which properly invalidates the module runner's cache and ensures fresh content on the next request.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Renovate PR Review Results

⚖️ Safety Assessment: ✅ Safe

🔍 Release Content Analysis

This is a patch release (6.3.4 → 6.3.5) with three bug fixes only — no breaking changes or new features:

• CSP fix: position prop on <Image> and <Picture> components was breaking Content Security Policy headers (PR #16771). Now fixed.
• Error message improvements: More consistent and correct wording in Astro error messages (PR #16593). No behavioral change.
• HMR stale content fix: Dev server was serving stale content when SSR-only modules changed (e.g., .astro files outside project root in a monorepo, or dynamically imported components). The astro:hmr-reload plugin now correctly returns SSR-only modules so Vite can invalidate the module runner cache (PR #16757).

No migration steps required.

🎯 Impact Scope Investigation

• Diff contents: Only package.json and pnpm-lock.yaml are modified — version string changed from 6.3.4 to 6.3.5, integrity hash updated.
• <Image>/<Picture> with position prop: Searched the codebase — no usage of the position prop on Astro's <Image> or <Picture> components. The CSP fix is not relevant to this project, but harmless.
• SSR/HMR: The project uses @astrojs/node adapter for Cloud Run SSR. The HMR fix improves dev-server accuracy but has no production impact.
• Peer dependencies: @astrojs/node@10.1.1 peer-resolves to the new astro@6.3.5 without version conflicts.
• No transitive dependency changes: All other packages remain at identical versions.

💡 Recommended Actions

• No code changes required.
• Safe to merge as-is.

🔗 Reference Links

• astro v6.3.5 CHANGELOG
• PR #16771 — CSP position prop fix
• PR #16757 — HMR stale content fix
• PR #16593 — Error message improvements

Generated by koki-develop/claude-renovate-review

[github-actions]

🚀 Preview deployment ready!

✅ Preview URL: https://pr-1708---web-njpdbbjcea-an.a.run.app
📝 Commit SHA: bc4457b (view commit)

This comment was automatically generated by the deploy-preview workflow.