Update May 14, 2026 tracked by Updatify astro@6.3.3 Patch Changes #16737 bd84f33 Thanks @matthewp! - Fixes a reflected XSS vulnerability where slot names on hydrated components were not HTML-escaped in SSR output Read the original release on Astro ↗