Skip to content

docs: Internet Identity authentication guide#38

Merged
marc0olo merged 5 commits into
mainfrom
docs/guides-authentication-internet-identity
Apr 15, 2026
Merged

docs: Internet Identity authentication guide#38
marc0olo merged 5 commits into
mainfrom
docs/guides-authentication-internet-identity

Conversation

@marc0olo
Copy link
Copy Markdown
Member

@marc0olo marc0olo commented Mar 20, 2026
edited
Loading

Summary

  • Full end-to-end II authentication guide: project setup, frontend login flow, backend caller verification, local development, and alternative origins
  • Uses safeGetCanisterEnv() / ic_env cookie for root key handling in browser contexts — no shouldFetchRootKey or environment branching
  • Clarifies Node.js vs browser distinction: fetchRootKey() is acceptable for local-only scripts, never on mainnet
  • Documents both II canister IDs (backend rdmx6-... and frontend uqzsh-...), noting they are identical on local replicas with ii: true
  • Covers --identity flag for CLI testing, alternative origins, common mistakes

Sync recommendation

informed by dfinity/portal — docs/building-apps/authentication/overview.mdx, docs/building-apps/authentication/integrate-internet-identity.mdx, docs/building-apps/authentication/alternative-origins.mdx; dfinity/icskills — skills/internet-identity/SKILL.md

@marc0olo
Copy link
Copy Markdown
Member Author

marc0olo commented Mar 20, 2026

Review: Internet Identity authentication guide

Must fix

  • icp identity use does not exist (lines 247, 250): icp-cli has no use subcommand. The correct command is icp identity default <name>, or use --identity anonymous inline. E.g. icp identity default anonymous instead of icp identity use anonymous.
  • Missing Unity native app integration: The stub's content brief explicitly requires "Include Unity native app integration via deep links" with native-apps/unity_ii_* as source material. The page omits this entirely. At minimum, add a <!-- TODO --> flag so it's tracked.
  • some_async_operation() is undefined (line 224): The Rust async example calls a placeholder function that is not defined in the snippet. This violates the "self-contained and copy-pasteable" rule. Replace with a real canister call pattern or add a clear comment like // Replace with your actual async canister call.

Suggestions

  • whoAmI should be a query: The Motoko whoAmI is an update call, but it's read-only. Adding query would be cheaper and faster: public shared query ({ caller }) func whoAmI() : async Text.
  • Delegation chain depth: The brief asks to "explain the delegation chain and session management." Current coverage is high-level — a paragraph about session persistence (localStorage/IndexedDB) would help developers debug "why am I logged out" issues.
  • fetch: window.fetch.bind(window) tip appears both inline and in common mistakes — consider deduplicating.
  • icp-cli pulling mainnet II wasm: The claim on lines 59-60 couldn't be fully verified against .sources/. Consider adding a <!-- Needs human verification --> flag.

Verified

  • All internal links resolve (../defi/wallet-integration.md, ../frontends/frameworks.md, ../../reference/internet-identity-spec.md, ../../concepts/security.md)
  • No dfx references — all CLI commands use icp
  • Correct Motoko core imports (mo:core/Principal, mo:core/Runtime)
  • persistent actor syntax correct
  • Rust ic_cdk::api::msg_caller() correct (not deprecated ic_cdk::caller())
  • II canister ID rdmx6-jaaaa-aaaaa-aaadq-cai verified
  • Tab order (Motoko first), syncKey="lang", no headings in TabItem — all correct
  • Upstream comment present in correct JSX format
  • Alternative origins section accurate (10 origin limit, .well-known/ii-alternative-origins)
  • External links follow linking rules (https://js.icp.build, no old docs links)
  • Build passes
  • Diataxis how-to compliance confirmed

@marc0olo
Copy link
Copy Markdown
Member Author

marc0olo commented Apr 15, 2026

icskills was bumped to 1d125a9. The following content on this PR may be outdated:

  1. Identity provider URL uses the wrong canister ID locally. The II backend/frontend split landed in icskills#130. The identity provider URL must now point to the frontend canister (uqzsh-gqaaa-aaaaq-qaada-cai), not the backend (rdmx6-jaaaa-aaaaa-aaadq-cai). For local development, the URL should be http://id.ai.localhost:8000 (not http://rdmx6-jaaaa-aaaaa-aaadq-cai.localhost:8000). The getIdentityProviderUrl() function and its surrounding explanation need updating.

  2. shouldFetchRootKey: true pattern. The updated skill recommends passing the root key via the ic_env cookie (IC_ROOT_KEY) to HttpAgent.create() instead of using shouldFetchRootKey or fetchRootKey(). The PR's current approach still works, but the recommended pattern has changed — worth aligning.

  3. derivationOrigin section. The new skill adds a pitfall: do NOT use derivationOrigin / ii-alternative-origins to handle icp0.io vs ic0.app — II now rewrites these automatically. If the section in this PR is showing this specific pattern, it should be removed or reframed. If it's showing a legitimate cross-origin use case (two custom domains sharing a principal), it's fine to keep with a clarifying note.

Please review before merging.

@marc0olo marc0olo force-pushed the docs/guides-authentication-internet-identity branch from 13ac4ff to 3e00088 Compare April 15, 2026 10:21
@marc0olo marc0olo force-pushed the docs/guides-authentication-internet-identity branch from 3e00088 to 2e08dce Compare April 15, 2026 11:27
@marc0olo
Copy link
Copy Markdown
Member Author

marc0olo commented Apr 15, 2026

Feedback addressed:

  • Fixed icp identity useicp identity default
  • Added {/* TODO */} flag for Unity native app integration
  • Added clarifying comment for some_async_operation() placeholder in Rust example
  • Updated identity provider URL to frontend canister (uqzsh-gqaaa-aaaaq-qaada-cai) and local URL to http://id.ai.localhost:8000
  • Updated shouldFetchRootKey section with note about IC_ROOT_KEY recommended pattern
  • Added clarifying note to derivationOrigin/alternative origins section: II now handles icp0.io vs ic0.app automatically; use alternative origins only for genuinely distinct custom domains
  • Changed whoAmI to a query call (public shared query)
  • Deduplicated fetch: window.fetch.bind(window) tip (kept in Common mistakes, removed redundant inline comment)

@marc0olo
fix(internet-identity): use ic_env cookie for root key, clarify Node.…
80674b4 
…js pattern

- Replace shouldFetchRootKey/verifyQuerySignatures with safeGetCanisterEnv()
  pattern; rootKey: canisterEnv?.IC_ROOT_KEY works in both local and production
  without environment branching
- Remove dead II_FRONTEND_CANISTER_ID constant
- Add Node.js note: fetchRootKey() is acceptable for local-only scripts, never mainnet
- Fix CLI test: use --identity flag instead of mutating global default identity
- Mention both II canister IDs (backend + frontend); note they are identical locally
  with ii: true
- Fix .ic-assets.json -> .ic-assets.json5 in alternative origins section
- Update Common mistakes entry with correct nuanced guidance
@marc0olo
Copy link
Copy Markdown
Member Author

marc0olo commented Apr 15, 2026
edited
Loading

Review complete. All findings addressed in commit 80674b4:

Fixed:

  • Replaced shouldFetchRootKey: true / verifyQuerySignatures: false in createAuthenticatedActor with safeGetCanisterEnv() pattern (rootKey: canisterEnv?.IC_ROOT_KEY) — no environment branching needed
  • Removed dead II_FRONTEND_CANISTER_ID constant
  • Added Node.js note: fetchRootKey() is acceptable for local scripts only, never on mainnet
  • Fixed CLI test: --identity anonymous flag instead of mutating global default identity
  • Mentioned both II canister IDs (backend rdmx6-... + frontend uqzsh-...); noted they are identical on local replicas with ii: true
  • .ic-assets.json.ic-assets.json5 in alternative origins section
  • Rewrote "Common mistakes" shouldFetchRootKey entry with correct nuanced guidance for browser vs Node.js contexts

Verified:

  • All internal links resolve; frontmatter correct; Motoko/Rust API calls verified against .sources/; CLI flags verified against .sources/icp-cli/; build passes

@marc0olo marc0olo merged commit 155976c into main Apr 15, 2026
1 check passed
@marc0olo marc0olo deleted the docs/guides-authentication-internet-identity branch April 15, 2026 13:10
marc0olo pushed a commit that referenced this pull request May 15, 2026
@dependabot
chore(deps): bump astro from 6.1.8 to 6.3.2 (#258)
2a262d3 
Bumps
[astro](https://github.com/withastro/astro/tree/HEAD/packages/astro)
from 6.1.8 to 6.3.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/withastro/astro/releases">astro's
releases</a>.</em></p>
<blockquote>
<h2>astro@6.3.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/16675">#16675</a>
<a
href="https://github.com/withastro/astro/commit/11d4592e9498e900b433ba94abed9cd615a9350b"><code>11d4592</code></a>
Thanks <a
href="https://github.com/ascorbic"><code>@​ascorbic</code></a>! - Fixes
a regression where <code>Astro.cache</code> was <code>undefined</code>
when <code>experimental.cache</code> was not configured.</p>
<p>The previous documented behavior is for <code>Astro.cache</code> to
always be defined as a no-op shim: <code>cache.set()</code> warns once,
<code>cache.invalidate()</code> throws and <code>cache.enabled</code>
can be used to gate. This allows library and user code can call cache
methods without conditional checks. The cache provider registration was
being gated at the call site on <code>experimental.cache</code> being
configured, which meant the disabled shim branch inside the provider was
unreachable and the <code>Astro.cache</code> getter was never attached
to the context.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/16691">#16691</a>
<a
href="https://github.com/withastro/astro/commit/0f0a4ce1b28a6d6ec1658c7f59e0e68408935135"><code>0f0a4ce</code></a>
Thanks <a
href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Fixes
<code>HTMLElement is not defined</code> error during HMR when using
components with client-side scripts (e.g. Starlight
<code>&lt;Tabs&gt;</code>) and the Cloudflare adapter</p>
</li>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/16562">#16562</a>
<a
href="https://github.com/withastro/astro/commit/07529eccdaef8727a375475e6d04071b770114a1"><code>07529ec</code></a>
Thanks <a
href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Fixes
non-prerendered routes failing when a dynamic prerendered route exists
in the same project with <code>prerenderEnvironment: 'node'</code></p>
</li>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/16638">#16638</a>
<a
href="https://github.com/withastro/astro/commit/272185bcccf6a4adcd7575f319bf91f2e5306c6d"><code>272185b</code></a>
Thanks <a
href="https://github.com/ematipico"><code>@​ematipico</code></a>! -
Fixes a bug where the Astro compiler wasn't freed at the end of the
build. After the fix, the memory used by the compiler is now correctly
freed at the end of the build.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/16544">#16544</a>
<a
href="https://github.com/withastro/astro/commit/d365c975ba2d88fc1dbdfe698df2bf9e2eafadce"><code>d365c97</code></a>
Thanks <a
href="https://github.com/matthewp"><code>@​matthewp</code></a>! -
Tightens <code>isRemotePath()</code> to reject control characters after
a leading slash and fixes the dev image endpoint origin check</p>
</li>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/16685">#16685</a>
<a
href="https://github.com/withastro/astro/commit/889e748f1546eabc325d5112f95bc78e402fd4f0"><code>889e748</code></a>
Thanks <a
href="https://github.com/farrosfr"><code>@​farrosfr</code></a>! -
Improve validation messages for <code>security.csp.directives</code>
when <code>script-src</code> or <code>style-src</code> are incorrectly
placed in the <code>directives</code> array.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/16605">#16605</a>
<a
href="https://github.com/withastro/astro/commit/772f13a153db235a232a86dc533df3b07a1a09a0"><code>772f13a</code></a>
Thanks <a href="https://github.com/rururux"><code>@​rururux</code></a>!
- Fixes <code>assetsPrefix</code> not being available on
<code>build</code> from <code>astro:config/server</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/16556">#16556</a>
<a
href="https://github.com/withastro/astro/commit/f38dec76a48234ae6919a118f3d626c6ed3d4e80"><code>f38dec7</code></a>
Thanks <a
href="https://github.com/matthewp"><code>@​matthewp</code></a>! -
Rejects double-encoded URL paths with a 400 response instead of silently
falling back to partial decoding</p>
</li>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/16659">#16659</a>
<a
href="https://github.com/withastro/astro/commit/38bcb25282d1f794b7dff349071b089a2737f0aa"><code>38bcb25</code></a>
Thanks <a
href="https://github.com/jsparkdev"><code>@​jsparkdev</code></a>! -
Fixes <code>&amp;</code> characters appearing as raw entity strings
(e.g.
<code>&amp;[#38](https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/38);</code>)
in <code>&lt;meta&gt;</code> tags when viewed in link previews or raw
HTML.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/withastro/astro/commit/d365c975ba2d88fc1dbdfe698df2bf9e2eafadce"><code>d365c97</code></a>,
<a
href="https://github.com/withastro/astro/commit/92563452ce866d9f9b950ad4b2adc808d10e8014"><code>9256345</code></a>]:</p>
<ul>
<li><code>@​astrojs/internal-helpers</code><a
href="https://github.com/0"><code>@​0</code></a>.9.1</li>
<li><code>@​astrojs/markdown-remark</code><a
href="https://github.com/7"><code>@​7</code></a>.1.2</li>
</ul>
</li>
</ul>
<h2>astro@6.3.1</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/withastro/astro/pull/16646">#16646</a>
<a
href="https://github.com/withastro/astro/commit/15fbc41bb2fe64e8aee15acbe01abb4792145e8a"><code>15fbc41</code></a>
Thanks <a
href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Fixes
local images returning 404 on non-prerendered pages when using the
generic image endpoint</li>
</ul>
<h2>astro@6.3.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/16366">#16366</a>
<a
href="https://github.com/withastro/astro/commit/d69f858475bee448d0873df4579e1c635223c248"><code>d69f858</code></a>
Thanks <a
href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Adds a
new <code>experimental.advancedRouting</code> option that lets you take
full control of Astro's request handling pipeline by creating a
<code>src/app.ts</code> file in your project.</p>
<p>Today, Astro handles every incoming request through a fixed internal
pipeline: trailing slash normalization, redirects, actions, middleware,
page rendering, i18n, and so on. That pipeline works great for most
sites, but as projects grow you often want to run your own logic
<em>between</em> those steps — an auth check before rendering, a rate
limiter before actions, custom logging around the whole stack. Advanced
routing gives you that control.</p>
<p>When enabled, Astro looks for a <code>src/app.ts</code> file in your
project. If it finds one, that file becomes the entrypoint for all
server-rendered requests. You compose the pipeline yourself using the
handlers Astro provides, and you can slot your own logic anywhere in the
chain.</p>
<h4>Enabling advanced routing</h4>
<pre lang="js"><code>// astro.config.mjs
import { defineConfig } from 'astro/config';
<p>export default defineConfig({
experimental: {
advancedRouting: true,
</code></pre></p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md">astro's
changelog</a>.</em></p>
<blockquote>
<h2>6.3.2</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/16675">#16675</a>
<a
href="https://github.com/withastro/astro/commit/11d4592e9498e900b433ba94abed9cd615a9350b"><code>11d4592</code></a>
Thanks <a
href="https://github.com/ascorbic"><code>@​ascorbic</code></a>! - Fixes
a regression where <code>Astro.cache</code> was <code>undefined</code>
when <code>experimental.cache</code> was not configured.</p>
<p>The previous documented behavior is for <code>Astro.cache</code> to
always be defined as a no-op shim: <code>cache.set()</code> warns once,
<code>cache.invalidate()</code> throws and <code>cache.enabled</code>
can be used to gate. This allows library and user code can call cache
methods without conditional checks. The cache provider registration was
being gated at the call site on <code>experimental.cache</code> being
configured, which meant the disabled shim branch inside the provider was
unreachable and the <code>Astro.cache</code> getter was never attached
to the context.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/16691">#16691</a>
<a
href="https://github.com/withastro/astro/commit/0f0a4ce1b28a6d6ec1658c7f59e0e68408935135"><code>0f0a4ce</code></a>
Thanks <a
href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Fixes
<code>HTMLElement is not defined</code> error during HMR when using
components with client-side scripts (e.g. Starlight
<code>&lt;Tabs&gt;</code>) and the Cloudflare adapter</p>
</li>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/16562">#16562</a>
<a
href="https://github.com/withastro/astro/commit/07529eccdaef8727a375475e6d04071b770114a1"><code>07529ec</code></a>
Thanks <a
href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Fixes
non-prerendered routes failing when a dynamic prerendered route exists
in the same project with <code>prerenderEnvironment: 'node'</code></p>
</li>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/16638">#16638</a>
<a
href="https://github.com/withastro/astro/commit/272185bcccf6a4adcd7575f319bf91f2e5306c6d"><code>272185b</code></a>
Thanks <a
href="https://github.com/ematipico"><code>@​ematipico</code></a>! -
Fixes a bug where the Astro compiler wasn't freed at the end of the
build. After the fix, the memory used by the compiler is now correctly
freed at the end of the build.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/16544">#16544</a>
<a
href="https://github.com/withastro/astro/commit/d365c975ba2d88fc1dbdfe698df2bf9e2eafadce"><code>d365c97</code></a>
Thanks <a
href="https://github.com/matthewp"><code>@​matthewp</code></a>! -
Tightens <code>isRemotePath()</code> to reject control characters after
a leading slash and fixes the dev image endpoint origin check</p>
</li>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/16685">#16685</a>
<a
href="https://github.com/withastro/astro/commit/889e748f1546eabc325d5112f95bc78e402fd4f0"><code>889e748</code></a>
Thanks <a
href="https://github.com/farrosfr"><code>@​farrosfr</code></a>! -
Improve validation messages for <code>security.csp.directives</code>
when <code>script-src</code> or <code>style-src</code> are incorrectly
placed in the <code>directives</code> array.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/16605">#16605</a>
<a
href="https://github.com/withastro/astro/commit/772f13a153db235a232a86dc533df3b07a1a09a0"><code>772f13a</code></a>
Thanks <a href="https://github.com/rururux"><code>@​rururux</code></a>!
- Fixes <code>assetsPrefix</code> not being available on
<code>build</code> from <code>astro:config/server</code>.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/16556">#16556</a>
<a
href="https://github.com/withastro/astro/commit/f38dec76a48234ae6919a118f3d626c6ed3d4e80"><code>f38dec7</code></a>
Thanks <a
href="https://github.com/matthewp"><code>@​matthewp</code></a>! -
Rejects double-encoded URL paths with a 400 response instead of silently
falling back to partial decoding</p>
</li>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/16659">#16659</a>
<a
href="https://github.com/withastro/astro/commit/38bcb25282d1f794b7dff349071b089a2737f0aa"><code>38bcb25</code></a>
Thanks <a
href="https://github.com/jsparkdev"><code>@​jsparkdev</code></a>! -
Fixes <code>&amp;</code> characters appearing as raw entity strings
(e.g.
<code>&amp;[#38](https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/38);</code>)
in <code>&lt;meta&gt;</code> tags when viewed in link previews or raw
HTML.</p>
</li>
<li>
<p>Updated dependencies [<a
href="https://github.com/withastro/astro/commit/d365c975ba2d88fc1dbdfe698df2bf9e2eafadce"><code>d365c97</code></a>,
<a
href="https://github.com/withastro/astro/commit/92563452ce866d9f9b950ad4b2adc808d10e8014"><code>9256345</code></a>]:</p>
<ul>
<li><code>@​astrojs/internal-helpers</code><a
href="https://github.com/0"><code>@​0</code></a>.9.1</li>
<li><code>@​astrojs/markdown-remark</code><a
href="https://github.com/7"><code>@​7</code></a>.1.2</li>
</ul>
</li>
</ul>
<h2>6.3.1</h2>
<h3>Patch Changes</h3>
<ul>
<li><a
href="https://redirect.github.com/withastro/astro/pull/16646">#16646</a>
<a
href="https://github.com/withastro/astro/commit/15fbc41bb2fe64e8aee15acbe01abb4792145e8a"><code>15fbc41</code></a>
Thanks <a
href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Fixes
local images returning 404 on non-prerendered pages when using the
generic image endpoint</li>
</ul>
<h2>6.3.0</h2>
<h3>Minor Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/withastro/astro/pull/16366">#16366</a>
<a
href="https://github.com/withastro/astro/commit/d69f858475bee448d0873df4579e1c635223c248"><code>d69f858</code></a>
Thanks <a
href="https://github.com/matthewp"><code>@​matthewp</code></a>! - Adds a
new <code>experimental.advancedRouting</code> option that lets you take
full control of Astro's request handling pipeline by creating a
<code>src/app.ts</code> file in your project.</p>
<p>Today, Astro handles every incoming request through a fixed internal
pipeline: trailing slash normalization, redirects, actions, middleware,
page rendering, i18n, and so on. That pipeline works great for most
sites, but as projects grow you often want to run your own logic
<em>between</em> those steps — an auth check before rendering, a rate
limiter before actions, custom logging around the whole stack. Advanced
routing gives you that control.</p>
<p>When enabled, Astro looks for a <code>src/app.ts</code> file in your
project. If it finds one, that file becomes the entrypoint for all
server-rendered requests. You compose the pipeline yourself using the
handlers Astro provides, and you can slot your own logic anywhere in the
chain.</p>
<h4>Enabling advanced routing</h4>
<pre lang="js"><code>// astro.config.mjs
import { defineConfig } from 'astro/config';
<p></code></pre></p>
</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/withastro/astro/commit/e345bcdd8737e42d713c4ab7e4fd9e6d8938dc0b"><code>e345bcd</code></a>
[ci] release (<a
href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16653">#16653</a>)</li>
<li><a
href="https://github.com/withastro/astro/commit/04fdbb29978d5a00acfb956538e54256ae24b486"><code>04fdbb2</code></a>
Update pnpm to v11 (<a
href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16716">#16716</a>)</li>
<li><a
href="https://github.com/withastro/astro/commit/772f13a153db235a232a86dc533df3b07a1a09a0"><code>772f13a</code></a>
fix(astro): correctly export <code>build.assetsPrefix</code> from
<code>astro:config/server</code> ...</li>
<li><a
href="https://github.com/withastro/astro/commit/d1c258aa0521b991ef0309e4ca837473a2e1f30a"><code>d1c258a</code></a>
test: isolate fixture cache dirs for shared fixtures (<a
href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16689">#16689</a>)</li>
<li><a
href="https://github.com/withastro/astro/commit/7e8226eeed7022366884f3053750cb0facaf8f48"><code>7e8226e</code></a>
refactor: address floating promises in tests (<a
href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16687">#16687</a>)</li>
<li><a
href="https://github.com/withastro/astro/commit/9446049b0d8f3245f24ddfe6eb84472481962564"><code>9446049</code></a>
[ci] format</li>
<li><a
href="https://github.com/withastro/astro/commit/889e748f1546eabc325d5112f95bc78e402fd4f0"><code>889e748</code></a>
docs(csp): improve validation messages for directives (<a
href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16685">#16685</a>)</li>
<li><a
href="https://github.com/withastro/astro/commit/cdeae00eecaf6fc06aca3946d5bc3fd634fd527b"><code>cdeae00</code></a>
refactor: remove redudant assertions (<a
href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16694">#16694</a>)</li>
<li><a
href="https://github.com/withastro/astro/commit/38bcb25282d1f794b7dff349071b089a2737f0aa"><code>38bcb25</code></a>
fix: use named HTML entities for attribute escaping (<a
href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16659">#16659</a>)</li>
<li><a
href="https://github.com/withastro/astro/commit/0f0a4ce1b28a6d6ec1658c7f59e0e68408935135"><code>0f0a4ce</code></a>
fix(astro): treat 'astro' vite environment as a server environment (<a
href="https://github.com/withastro/astro/tree/HEAD/packages/astro/issues/16691">#16691</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/withastro/astro/commits/astro@6.3.2/packages/astro">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=astro&package-manager=npm_and_yarn&previous-version=6.1.8&new-version=6.3.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/dfinity/developer-docs/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@marc0olo