chore(deps): update devdependency @astrojs/react to v6

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@astrojs/react (source)	^4.3.0 → ^6.0.0

---

Release Notes

withastro/astro (@​astrojs/react)

v6.0.0

Compare Source

Major Changes

• #​15819 cafec4e Thanks @​delucis! - Upgrade to Vite v8

Minor Changes

• #​17093 4585fe5 Thanks @​Princesseuh! - Replaces the import entrypoint of getContainerRenderer()

  A new container-renderer entrypoint exporting getContainerRenderer() has been added to the following integrations: React, Preact, Svelte, SolidJS, Vue, and MDX. This prevents bundlers from trying to bundle unrelated exports from the package root when only the Container API is used.

  If you are using the Container API, update your import statements to use the new entrypoint. The following example updates the getContainerRenderer() import for React:

  - import { getContainerRenderer } from '@​astrojs/react';
  + import { getContainerRenderer } from '@​astrojs/react/container-renderer';

  Importing getContainerRenderer() from the package root still works, but is now deprecated and logs a warning.

Patch Changes

• #​17027 241250b Thanks @​ocavue! - Triggers beta prereleases for packages that are still on alpha

v5.0.7

Compare Source

Patch Changes

• #​16900 17a0fbd Thanks @​ocavue! - Bumps devalue dependency to v5.8.1

v5.0.6

Compare Source

Patch Changes

• Updated dependencies [f732f3c]:
  • @​astrojs/internal-helpers@​0.10.0

v5.0.5

Compare Source

Patch Changes

• Updated dependencies [d365c97]:
  • @​astrojs/internal-helpers@​0.9.1

v5.0.4

Compare Source

Patch Changes

• Updated dependencies [99464ed, f3485c3]:
  • @​astrojs/internal-helpers@​0.9.0

v5.0.3

Compare Source

Patch Changes

• #​16224 a2b9eeb Thanks @​fkatsuhiro! - Fix React 19 "Float" mechanism injecting into Astro islands instead of the . This PR adds a filter to @​astrojs/react to strip these auto-generated resource from the island's HTML output, ensuring valid HTML structure.

v5.0.2

Compare Source

Patch Changes

• #​15378 a8a926e Thanks @​dmgawel! - Fix React hydration errors when using conditional slot rendering

• #​15146 f771f75 Thanks @​kedarvartak! - Fixes hydration mismatch when using experimentalReactChildren

• #​14917 769265b Thanks @​sanjaiyan-dev! - Refactors to improve the performance of rendering static HTML content in React

v5.0.1

Compare Source

Patch Changes

• #​15864 d3c7de9 Thanks @​florian-lefebvre! - Removes temporary support for Node >=20.19.1 because Stackblitz now uses Node 22 by default

v5.0.0

Compare Source

Major Changes

• #​14427 e131261 Thanks @​florian-lefebvre! - Increases minimum Node.js version to 22.12.0 - (v6 upgrade guidance)

• #​14445 ecb0b98 Thanks @​florian-lefebvre! - Astro v6.0 upgrades to Vite v7.0 as the development server and production bundler - (v6 upgrade guidance)

Minor Changes

• #​15312 72f7960 Thanks @​ocavue! - Update @vitejs/plugin-react to v5.

Patch Changes

• #​15187 bbb5811 Thanks @​matthewp! - Update to Astro 6 beta

• #​15264 11efb05 Thanks @​florian-lefebvre! - Lower the Node version requirement to allow running on Stackblitz until it supports v22

• #​15700 4e7f3e8 Thanks @​ocavue! - Improves how React components are identified when setting the include and/or exclude options in projects where multiple JSX frameworks are used together

• Updated dependencies [4ebc1e3, 4e7f3e8, a164c77, cf6ea6b, a18d727, 240c317, 745e632]:

  • @​astrojs/internal-helpers@​0.8.0

v4.4.2

Compare Source

Patch Changes

• #​14715 3d55c5d Thanks @​ascorbic! - Adds support for client hydration in getContainerRenderer()

  The getContainerRenderer() function is exported by Astro framework integrations to simplify the process of rendering framework components when using the experimental Container API inside a Vite or Vitest environment. This update adds the client hydration entrypoint to the returned object, enabling client-side interactivity for components rendered using this function. Previously this required users to manually call container.addClientRenderer() with the appropriate client renderer entrypoint.

  See the container-with-vitest demo for a usage example, and the Container API documentation for more information on using framework components with the experimental Container API.

v4.4.1

Compare Source

Patch Changes

• #​14621 e3175d9 Thanks @​GameRoMan! - Updates vite version to fix CVE

v4.4.0

Compare Source

Minor Changes

• #​14386 f75f446 Thanks @​yanthomasdev! - Stabilizes the formerly experimental getActionState() and withState() functions introduced in @astrojs/react v3.4.0 used to integrate Astro Actions with React 19's useActionState() hook.

  This example calls a like action that accepts a postId and returns the number of likes. Pass this action to the withState() function to apply progressive enhancement info, and apply to useActionState() to track the result:

  import { actions } from 'astro:actions';
  import { withState } from '@​astrojs/react/actions';
  import { useActionState } from 'react';
  
  export function Like({ postId }: { postId: string }) {
    const [state, action, pending] = useActionState(
      withState(actions.like),
      0, // initial likes
    );
  
    return (
      <form action={action}>
        <input type="hidden" name="postId" value={postId} />
        <button disabled={pending}>{state} ❤️</button>
      </form>
    );
  }
  

  You can also access the state stored by useActionState() from your action handler. Call getActionState() with the API context, and optionally apply a type to the result:

  import { defineAction } from 'astro:actions';
  import { z } from 'astro:schema';
  import { getActionState } from '@​astrojs/react/actions';
  
  export const server = {
    like: defineAction({
      input: z.object({
        postId: z.string(),
      }),
      handler: async ({ postId }, ctx) => {
        const currentLikes = getActionState<number>(ctx);
        // write to database
        return currentLikes + 1;
      },
    }),
  };
  

  If you were previously using this experimental feature, you will need to update your code to use the new stable exports:

  // src/components/Form.jsx
  import { actions } from 'astro:actions';
  -import { experimental_withState } from '@​astrojs/react/actions';
  +import { withState } from '@​astrojs/react/actions';
  import { useActionState } from "react";

  // src/actions/index.ts
  import { defineAction, type SafeResult } from 'astro:actions';
  import { z } from 'astro:schema';
  -import { experimental_getActionState } from '@​astrojs/react/actions';
  +import { getActionState } from '@​astrojs/react/actions';

v4.3.1

Compare Source

Patch Changes

• #​14326 c24a8f4 Thanks @​jsparkdev! - Updates vite version to fix CVE

---

Configuration

📅 Schedule: (in timezone Europe/Copenhagen)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
❌ Deployment failed View logs	mojis-dev	bb34415	Jun 29 2026, 11:17 AM

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: pnpm-lock.yaml → npm/wrangler@4.59.1 → npm/@astrojs/react@6.0.0 → npm/@tailwindcss/vite@4.1.12 → npm/@astrojs/cloudflare@12.6.7 → npm/unplugin-build-meta@1.0.3 → npm/astro@5.15.9 → npm/@emnapi/runtime@1.11.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​astrojs/​react@​6.0.0

View full report