Skip to content

chore(deps): bump the npm group across 1 directory with 3 updates#3089

Merged
frdomovic merged 3 commits into
masterfrom
dependabot/npm_and_yarn/docs-site/npm-a24c5441a4
Jul 13, 2026
Merged

chore(deps): bump the npm group across 1 directory with 3 updates#3089
frdomovic merged 3 commits into
masterfrom
dependabot/npm_and_yarn/docs-site/npm-a24c5441a4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm group with 3 updates in the /docs-site directory: @astrojs/starlight, astro and sharp.

Updates @astrojs/starlight from 0.36.3 to 0.41.3

Release notes

Sourced from @​astrojs/starlight's releases.

@​astrojs/starlight@​0.41.3

Patch Changes

  • #3911 1686ecc Thanks @​timothyjordan! - Keeps keyboard focus inside the mobile menu while it is open, preventing focus moving to hidden interactive elements in page content.

@​astrojs/starlight@​0.41.2

Patch Changes

  • #4008 58a3520 Thanks @​FrancoKaddour! - Fixes the table of contents overflowing the right edge of the viewport when a custom --sl-content-width value exceeds available space

  • #4015 bdbfffc Thanks @​delucis! - Fixes an issue where aside icons were rendered incorrectly in projects where Astro’s MDX integration had optimization disabled

@​astrojs/starlight@​0.41.1

Patch Changes

@​astrojs/starlight@​0.41.0

Minor Changes

  • #3951 1202dd4 Thanks @​HiDeoo! - Adds support for Astro v7, drops support for Astro v6.

    Upgrade Astro and dependencies

    ⚠️ BREAKING CHANGE: Astro v6 is no longer supported. Make sure you update Astro and any other official integrations at the same time as updating Starlight:

    npx @astrojs/upgrade

    Community Starlight plugins and Astro integrations may also need to be manually updated to work with Astro v7. If you encounter any issues, please reach out to the plugin or integration author to see if it is a known issue or if an updated version is being worked on.

    ⚠️ BREAKING CHANGE: This release drops official support for Chromium-based browsers prior to version 111 (released 07 March 2023) and Safari-based browsers prior to version 16.4 (released 27 March 2023). You can find a list of currently supported browsers and their versions using this browserslist query.

Patch Changes

  • #3953 a935d33 Thanks @​HiDeoo! - Fixes Starlight Markdown processing being potentially applied to files that should not be processed.

@​astrojs/starlight@​0.40.0

Minor Changes

... (truncated)

Changelog

Sourced from @​astrojs/starlight's changelog.

0.41.3

Patch Changes

  • #3911 1686ecc Thanks @​timothyjordan! - Keeps keyboard focus inside the mobile menu while it is open, preventing focus moving to hidden interactive elements in page content.

0.41.2

Patch Changes

  • #4008 58a3520 Thanks @​FrancoKaddour! - Fixes the table of contents overflowing the right edge of the viewport when a custom --sl-content-width value exceeds available space

  • #4015 bdbfffc Thanks @​delucis! - Fixes an issue where aside icons were rendered incorrectly in projects where Astro’s MDX integration had optimization disabled

0.41.1

Patch Changes

0.41.0

Minor Changes

  • #3951 1202dd4 Thanks @​HiDeoo! - Adds support for Astro v7, drops support for Astro v6.

    Upgrade Astro and dependencies

    ⚠️ BREAKING CHANGE: Astro v6 is no longer supported. Make sure you update Astro and any other official integrations at the same time as updating Starlight:

    npx @astrojs/upgrade

    Community Starlight plugins and Astro integrations may also need to be manually updated to work with Astro v7. If you encounter any issues, please reach out to the plugin or integration author to see if it is a known issue or if an updated version is being worked on.

    ⚠️ BREAKING CHANGE: This release drops official support for Chromium-based browsers prior to version 111 (released 07 March 2023) and Safari-based browsers prior to version 16.4 (released 27 March 2023). You can find a list of currently supported browsers and their versions using this browserslist query.

Patch Changes

  • #3953 a935d33 Thanks @​HiDeoo! - Fixes Starlight Markdown processing being potentially applied to files that should not be processed.

0.40.0

Minor Changes

... (truncated)

Commits

Updates astro from 5.18.2 to 7.0.6

Release notes

Sourced from astro's releases.

astro@7.0.6

Patch Changes

  • #17261 79aa99c Thanks @​astrobot-houston! - Fixes a false deprecation warning for markdown.gfm and markdown.smartypants when using the Container API

  • #17247 f94280d Thanks @​chatman-media! - Fixes route generation throwing "Missing parameter" (or silently dropping the segment) when a dynamic param's value is 0. The generator used truthy checks instead of checking for undefined, so paginate(posts, { params: { categoryId: 0 } }) would crash even though 0 is a perfectly valid param value.

  • #17278 6f11739 Thanks @​astrobot-houston! - Fixes missing CSS for virtual style modules (e.g., responsive image layout styles) in dev mode when JavaScript is disabled

  • #17250 0b30b35 Thanks @​matthewp! - Fixes the security.checkOrigin check so it is applied consistently to Astro Actions and on-demand endpoints, regardless of how the request pipeline is composed. Previously, the origin check could be skipped in the composable astro/hono pipeline depending on the order of the middleware() primitive (or when it was omitted).

  • #17274 8c3579b Thanks @​astrobot-houston! - Fixes missing render() type overload for live collection entries. Previously, calling render() on a LiveDataEntry produced a TypeScript error when using only live.config.ts without a content.config.ts.

  • #17257 4208297 Thanks @​astrobot-houston! - Fixes astro check failing to find @astrojs/check and typescript when astro is installed in a directory outside the project tree (e.g. pnpm virtual store)

  • #17272 b428648 Thanks @​matthewp! - Fixes island component paths so that extensionless imports (e.g. import { Counter } from '../components/Counter') resolve to the real file on disk, matching Vite's extension order and directory index resolution. This makes the include/exclude options of JSX renderer integrations (React, Preact, Solid) match components imported without a file extension, and removes the spurious React 19 "Invalid hook call" warning logged on every request in dev when include was set alongside another JSX renderer

  • #17279 2aeaa44 Thanks @​astrobot-houston! - Fixes a bug where <Picture inferSize> with a remote image could fail with FailedToFetchRemoteImageDimensions when the image server rate-limits requests (e.g. HTTP 429). Remote dimensions are now resolved once per render instead of once per output format.

  • #17251 5240e26 Thanks @​matthewp! - Hardens the handling of attribute rendering when using with custom elements.

  • #17248 429bd62 Thanks @​astrobot-houston! - Fixes a crash when using Astro's getViteConfig with Vitest browser mode (e.g., Storybook vitest runner). Astro now skips dev server setup inside Vitest, preventing errors.

  • #17260 14524c0 Thanks @​matthewp! - Fixes a regression where a <script> inside a component rendered through Astro.slots.render() was hoisted out of its original position instead of staying next to its component content

  • Updated dependencies [eb6f97e]:

    • @​astrojs/internal-helpers@​0.10.1
    • @​astrojs/markdown-remark@​7.2.1
    • @​astrojs/markdown-satteri@​0.3.3

astro@7.0.5

Patch Changes

  • #17242 9c05ba4 Thanks @​matthewp! - Fixes an error that could occur after the dev server restarts when using an adapter such as @astrojs/cloudflare, where a request would fail with a 500 referencing a missing pre-bundled dependency:

    The file does not exist at "node_modules/.vite/deps_ssr/astro_compiler-runtime.js?v=6419660d" which is in the optimize deps directory. The dependency might be incompatible with the dep optimizer. Try adding it to `optimizeDeps.exclude`.
    
  • #17202 c6d254d Thanks @​matthewp! - Refactors path alias resolution to use Vite's native tsconfigPaths option

    This is an internal change with no expected impact on user projects. Astro now defers tsconfig and jsconfig paths alias resolution to Vite, keeping a small fallback for a few CSS cases Vite does not yet handle.

  • #17123 72e29bd Thanks @​martrapp! - Fixes an issue where the ClientRouter wipes head elements after page transitions if the <head> contains a server:defer component.

  • #17232 257505e Thanks @​matthewp! - Fixes a bug where <style> tags from components such as a content collection's Content could be silently dropped from the output when an await appeared before the component in an .astro file's markup.

  • #17193 a7352fd Thanks @​jan-kubica! - Fixes the background dev server failing to start when astro is hoisted outside the project's node_modules (for example bun workspaces). The background process is now spawned from Astro's own resolved location instead of a path assumed under the project root.

  • #17255 581d171 Thanks @​astrobot-houston! - Fixes prefetch not working for links inside server:defer components

astro@7.0.4

... (truncated)

Changelog

Sourced from astro's changelog.

7.0.6

Patch Changes

  • #17261 79aa99c Thanks @​astrobot-houston! - Fixes a false deprecation warning for markdown.gfm and markdown.smartypants when using the Container API

  • #17247 f94280d Thanks @​chatman-media! - Fixes route generation throwing "Missing parameter" (or silently dropping the segment) when a dynamic param's value is 0. The generator used truthy checks instead of checking for undefined, so paginate(posts, { params: { categoryId: 0 } }) would crash even though 0 is a perfectly valid param value.

  • #17278 6f11739 Thanks @​astrobot-houston! - Fixes missing CSS for virtual style modules (e.g., responsive image layout styles) in dev mode when JavaScript is disabled

  • #17250 0b30b35 Thanks @​matthewp! - Fixes the security.checkOrigin check so it is applied consistently to Astro Actions and on-demand endpoints, regardless of how the request pipeline is composed. Previously, the origin check could be skipped in the composable astro/hono pipeline depending on the order of the middleware() primitive (or when it was omitted).

  • #17274 8c3579b Thanks @​astrobot-houston! - Fixes missing render() type overload for live collection entries. Previously, calling render() on a LiveDataEntry produced a TypeScript error when using only live.config.ts without a content.config.ts.

  • #17257 4208297 Thanks @​astrobot-houston! - Fixes astro check failing to find @astrojs/check and typescript when astro is installed in a directory outside the project tree (e.g. pnpm virtual store)

  • #17272 b428648 Thanks @​matthewp! - Fixes island component paths so that extensionless imports (e.g. import { Counter } from '../components/Counter') resolve to the real file on disk, matching Vite's extension order and directory index resolution. This makes the include/exclude options of JSX renderer integrations (React, Preact, Solid) match components imported without a file extension, and removes the spurious React 19 "Invalid hook call" warning logged on every request in dev when include was set alongside another JSX renderer

  • #17279 2aeaa44 Thanks @​astrobot-houston! - Fixes a bug where <Picture inferSize> with a remote image could fail with FailedToFetchRemoteImageDimensions when the image server rate-limits requests (e.g. HTTP 429). Remote dimensions are now resolved once per render instead of once per output format.

  • #17251 5240e26 Thanks @​matthewp! - Hardens the handling of attribute rendering when using with custom elements.

  • #17248 429bd62 Thanks @​astrobot-houston! - Fixes a crash when using Astro's getViteConfig with Vitest browser mode (e.g., Storybook vitest runner). Astro now skips dev server setup inside Vitest, preventing errors.

  • #17260 14524c0 Thanks @​matthewp! - Fixes a regression where a <script> inside a component rendered through Astro.slots.render() was hoisted out of its original position instead of staying next to its component content

  • Updated dependencies [eb6f97e]:

    • @​astrojs/internal-helpers@​0.10.1
    • @​astrojs/markdown-remark@​7.2.1
    • @​astrojs/markdown-satteri@​0.3.3

7.0.5

Patch Changes

  • #17242 9c05ba4 Thanks @​matthewp! - Fixes an error that could occur after the dev server restarts when using an adapter such as @astrojs/cloudflare, where a request would fail with a 500 referencing a missing pre-bundled dependency:

    The file does not exist at "node_modules/.vite/deps_ssr/astro_compiler-runtime.js?v=6419660d" which is in the optimize deps directory. The dependency might be incompatible with the dep optimizer. Try adding it to `optimizeDeps.exclude`.
    
  • #17202 c6d254d Thanks @​matthewp! - Refactors path alias resolution to use Vite's native tsconfigPaths option

    This is an internal change with no expected impact on user projects. Astro now defers tsconfig and jsconfig paths alias resolution to Vite, keeping a small fallback for a few CSS cases Vite does not yet handle.

  • #17123 72e29bd Thanks @​martrapp! - Fixes an issue where the ClientRouter wipes head elements after page transitions if the <head> contains a server:defer component.

  • #17232 257505e Thanks @​matthewp! - Fixes a bug where <style> tags from components such as a content collection's Content could be silently dropped from the output when an await appeared before the component in an .astro file's markup.

  • #17193 a7352fd Thanks @​jan-kubica! - Fixes the background dev server failing to start when astro is hoisted outside the project's node_modules (for example bun workspaces). The background process is now spawned from Astro's own resolved location instead of a path assumed under the project root.

... (truncated)

Commits

Updates sharp from 0.34.5 to 0.35.3

Release notes

Sourced from sharp's releases.

v0.35.3

  • Tighten verification of text dimensions, TIFF tile dimensions and extend values.

  • Improve code bundler support by resolving path to libvips binary.

  • Increase default concurrency when use of MALLOC_ARENA_MAX is detected.

  • Emit warning about binaries provided by Electron for use on Linux.

  • Add hasAlpha property to output info. #4500

  • TypeScript: Return more precise Buffer<ArrayBuffer> from toBuffer. #4520 @​Andarist

  • Bound clahe width and height to avoid signed overflow. #4551 @​metsw24-max

  • Bound trim margin to avoid signed overflow. #4552 @​metsw24-max

  • Reject infinite values when validating numbers. #4553 @​metsw24-max

  • Bound extract region to libvips coordinate limit. #4555 @​metsw24-max

  • Verify background colour values are numbers. #4556 @​metsw24-max

  • Bound create and raw input dimensions to coordinate limit. #4558 @​metsw24-max

  • Tighten recomb and affine matrix verification. #4560 @​chatman-media

  • Verify cache memory limit to avoid overflow. #4561 @​metsw24-max

v0.35.3-rc.2

  • Tighten verification of text dimensions, TIFF tile dimensions and extend values.

... (truncated)

Commits
  • 1018449 Release v0.35.3
  • ba303a7 Prerelease v0.35.3-rc.2
  • 4f94fc5 Upgrade to sharp-libvips v1.3.2
  • c5e7a3f Bump devDeps, fix Deno/Windows smoke tests
  • 9a8d002 Docs: Add changelog entry and note about transferable #4520
  • 8694db0 TypeScript: Return more precise Buffer\<ArrayBuffer> from toBuffer (#4520)
  • e000d0b Prerelease v0.35.3-rc.1
  • 9554ca9 Prerelease v0.35.3-rc.0
  • 6a29fd5 Emit warning about native binaries on Linux Electron
  • 540d2ea Increase default concurrency when use of MALLOC_ARENA_MAX detected
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 30, 2026
@cursor

cursor Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bugbot is paused — on-demand spend limit reached

Bugbot uses usage-based billing for this team and has hit its on-demand spend limit.

A team admin can raise the spend limit in the Cursor dashboard, or wait for the next billing cycle to continue.

@meroreviewer meroreviewer Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 AI Code Reviewer

Reviewed by 3 agents | Quality score: 75% | Review time: 281.5s


🟡 Warning (2)

1. Major version bump of astro (v5 → v7) is a breaking change requiring manual verification

File: docs-site/package.json (line 14-16) | Consensus: 1/3 agents

The astro dependency jumps from ^5.14.0 to ^7.0.4, skipping an entire major version. Astro v7 drops support for Astro v6 (and by extension v5) APIs, upgrades to Vite v8, and changes compressHTML defaults. The lock file shows the new @astrojs/compiler-rs and rolldown bundler (replacing Rollup) as transitive deps. This PR only updates package.json and package-lock.json — there is no evidence that astro.config.mjs or any MDX/Astro component files were audited for breaking-change compatibility. The Starlight v0.41 changelog explicitly states: 'Make sure you update Astro and any other official integrations at the same time as updating Starlight.' A silent build failure or runtime regression is possible if the config or components use deprecated v5/v6 APIs.

Suggested fix:

Before merging, run `npm run build` (or the CI `check` script) in `docs-site/` and confirm the output is clean. Review the Astro v6→v7 migration guide (https://docs.astro.build/en/guides/upgrade-to/v7/) for any config or component changes needed in `astro.config.mjs` and `src/`.

Found by: patterns-reviewer

2. Major version bump of astro (v5→v7) may break the site without config migration

File: docs-site/package.json (line 14-16) | Consensus: 1/3 agents

The astro dependency jumps from ^5.14.0 to ^7.0.4, which is a two-major-version leap. Astro v7 is a breaking release (drops Astro v6 support, upgrades to Vite v8, changes compressHTML default to 'jsx', and drops support for older browsers). The astro.config.mjs in the repo has not been updated to account for any of these breaking changes. If the CI check script (astro build && node scripts/check-links.mjs) is not run as part of this PR, the breakage will only be discovered after merge. The lock file resolves astro@7.0.4 and vite@8.1.1, confirming the jump is real.

Suggested fix:

Run `npm run check` (or `astro build`) locally against the new versions before merging. Review the Astro v6→v7 migration guide (https://docs.astro.build/en/guides/upgrade-to/v7/) and update `astro.config.mjs` if any deprecated options are used. Also verify the `@astrojs/starlight` 0.41.x peer-dependency requirement (`astro: ^7.0.2`) is satisfied — it is, but the intermediate v6 peer requirement from the old starlight is now gone.

Found by: logic-reviewer

💡 Suggestion (2)

1. Node engine constraint tightened to >=22.12.0 by transitive deps — CI/CD environment may need updating

File: docs-site/package.json (line 14-16) | Consensus: 1/3 agents

The new astro@7 and its transitive dependencies (@astrojs/compiler-binding, @astrojs/compiler-rs, @astrojs/prism, rolldown, readdirp, chokidar, yargs-parser) all declare engines: { node: '^20.19.0 || >=22.12.0' }. If the CI pipeline or any developer machine runs Node 20 < 20.19.0 or Node 21, builds will fail with an engine mismatch. The previous astro@5 supported Node 18+.

Suggested fix:

Verify that the CI Node version (check `.github/workflows/`) is `>=20.19.0` or `>=22.12.0`. Update the workflow matrix if needed.

Found by: patterns-reviewer

2. @astrojs/starlight jumps 5 minor versions (0.36→0.41) including a breaking change

File: docs-site/package.json (line 13-13) | Consensus: 1/3 agents

Starlight 0.41.0 drops support for Astro v6 and introduces a breaking browser-support change (Chrome/Edge <111, Safari <16.4 no longer supported). While the lock file resolves to 0.41.1 (which fixes a dependency resolution bug introduced in 0.41.0), the intermediate releases (0.37–0.40) also contain minor breaking changes and new required peer dependencies (@astrojs/markdown-satteri). The lock file shows @astrojs/markdown-satteri@0.3.2 is now pulled in as a direct dependency of starlight, which was not present before. This is handled automatically by npm, but any custom Starlight plugin or integration in the project should be verified for compatibility.

Suggested fix:

Check the Starlight changelog from 0.36.x to 0.41.1 for any configuration changes that affect the `astro.config.mjs` starlight integration options used in this project (e.g., `expressiveCode`, `sidebar`, `editLink`). The `astro-expressive-code` package is now at 0.44.0 — verify `styleOverrides` keys are still valid.

Found by: logic-reviewer


🤖 Generated by AI Code Reviewer | Review ID: review-9c6553ed

@meroreviewer

meroreviewer Bot commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

Documentation Review

The following documentation may need updates based on the changes in this PR:

  • 🟡 AGENTS.md: AGENTS.md exists but was not updated — consider updating it to reflect the architecture changes in this PR.
  • 🟡 CONTRIBUTING.md: CONTRIBUTING.md exists but was not updated — consider updating it to reflect the architecture changes in this PR.
  • 🟡 docs/: Static HTML docs in docs/ may need updating — architecture-impacting changes detected. On merge, update-docs will scan this directory and open a PR if any pages need to change.

@dependabot dependabot Bot changed the title chore(deps): bump the npm group in /docs-site with 3 updates chore(deps): bump the npm group across 1 directory with 3 updates Jul 1, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/docs-site/npm-a24c5441a4 branch from 31dfdef to 611dd57 Compare July 1, 2026 03:56

@meroreviewer meroreviewer Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 AI Code Reviewer

Reviewed by 3 agents | Quality score: 72% | Review time: 71.9s


🟡 Warning (3)

1. Major version bump of astro (v5→v7) includes breaking changes

File: docs-site/package.json (line 14-16) | Consensus: 1/3 agents

The astro package jumps from ^5.14.0 to ^7.0.4, which is a two-major-version leap. Astro v7 drops support for Astro v6 (and by extension v5), upgrades to Vite v8, changes the default compressHTML value to 'jsx', and raises the minimum Node.js requirement to >=22.12.0. The lock file confirms the new engine constraint ("node": ">=22.12.0"). If the CI/CD environment or any developer machine runs Node 20.x, builds will fail. The astro.config.mjs uses several integration APIs (Starlight, expressive-code) that may have changed behaviour under Astro v7. Verify the Node version in CI and all deployment environments before merging.

Suggested fix:

Pin the Node version in CI to >=22.12.0 (e.g. in `.nvmrc`, `engines` field, or the workflow matrix). Run `npm run build` and `npm run check` in CI against the new versions to confirm no regressions before merging.

Found by: patterns-reviewer

2. Major version bump of astro (v5→v7) is a breaking change requiring config/content validation

File: docs-site/package.json (line 14-16) | Consensus: 1/3 agents

The astro dependency jumps from ^5.14.0 to ^7.0.4, which is a two-major-version leap. Astro v7 drops support for Astro v6 (and by extension v5) APIs, upgrades to Vite v8, and changes the default compressHTML value to 'jsx'. The astro.config.mjs in this repo uses Starlight-specific configuration that may be affected. Additionally, the @astrojs/starlight bump from 0.36.x to 0.41.x includes a breaking change (0.41.0) that drops Astro v6 support and requires Astro v7. While the lockfile resolves consistently, the astro.config.mjs has not been updated to account for any v7 breaking changes (e.g., compressHTML default change, Vite v8 plugin API changes). The PR description and diff show only dependency version bumps with no corresponding config or content changes, which is a risk for a two-major-version jump.

Suggested fix:

Verify the docs site builds successfully after this bump by running `npm run build` in `docs-site/`. Check the Astro v6→v7 migration guide (https://docs.astro.build/en/guides/upgrade-to/v7/) for any required config changes, particularly around `compressHTML`, Vite v8 plugin compatibility, and the new Node.js engine requirement (>=22.12.0 per the lockfile entries).

Found by: logic-reviewer

3. Node.js engine requirement silently raised to >=22.12.0 by transitive dependencies

File: docs-site/package.json (line 14-16) | Consensus: 1/3 agents

The updated lockfile shows that astro@7.0.4, @astrojs/compiler-rs@0.3.0, @astrojs/prism@4.0.2, readdirp@5.0.0, chokidar@5.0.0, and yargs-parser@22.0.0 all require node: '^20.19.0 || >=22.12.0' or node: '>=22.12.0'. The package.json has no engines field, so CI or developer environments running Node 20.x (below 20.19.0) or Node 21.x will silently fail at runtime rather than at install time. The previous astro v5 required Node 18+.

Suggested fix:

Add an `engines` field to `docs-site/package.json` to make the constraint explicit and fail fast: `"engines": { "node": "^20.19.0 || >=22.12.0" }`. Also verify that CI runners and any deployment pipelines use a compatible Node version.

Found by: logic-reviewer

💡 Suggestion (1)

1. Node engine constraint not declared in package.json

File: docs-site/package.json (line 14-16) | Consensus: 1/3 agents

The new astro@7 and its compiler binding require Node ^20.19.0 || >=22.12.0 (visible in the lock file for @astrojs/compiler-binding, @astrojs/prism, etc.), but docs-site/package.json has no engines field. Without it, developers on older Node versions will get cryptic native-binding errors rather than a clear message.

Suggested fix:

Add `"engines": { "node": "^20.19.0 || >=22.12.0" }` to `docs-site/package.json`.

Found by: patterns-reviewer


🤖 Generated by AI Code Reviewer | Review ID: review-61fb7573

@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/docs-site/npm-a24c5441a4 branch from 611dd57 to 6bf14b5 Compare July 1, 2026 07:41
@cursor

cursor Bot commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bugbot is paused — on-demand spend limit reached

Bugbot uses usage-based billing for this team and has hit its on-demand spend limit.

A team admin can raise the spend limit in the Cursor dashboard, or wait for the next billing cycle to continue.

@meroreviewer meroreviewer Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 AI Code Reviewer

Reviewed by 3 agents | Quality score: 81% | Review time: 352.4s


🟡 Warning (1)

1. Major version bump of astro (v5→v7) is a breaking change requiring manual validation

File: docs-site/package.json (line 14-16) | Consensus: 1/3 agents

The astro dependency jumps from ^5.14.0 to ^7.0.4, skipping an entire major version. Astro v7 drops support for Astro v6 (and by extension v5), upgrades to Vite v8, and changes the default compressHTML value. The lock file shows the new compiler requires Node >=22.12.0, while the previous version supported Node >=18. If CI or production runs an older Node version, the build will fail silently or produce unexpected output. The PR description notes this is a breaking change but there is no evidence of CI node version validation or a tested upgrade path.

Suggested fix:

Verify the CI/CD pipeline and any deployment environments use Node >=22.12.0. Check the Astro v7 migration guide (https://docs.astro.build/en/guides/upgrade-to/v7/) for any config changes needed in astro.config.mjs. Consider adding an engines field to package.json: `"engines": { "node": ">=22.12.0" }`.

Found by: patterns-reviewer

💡 Suggestion (1)

1. Node engine constraint in lock file (>=22.12.0) not reflected in package.json

File: docs-site/package-lock.json (line 1-10) | Consensus: 1/3 agents

Multiple packages in the lock file (esbuild, @astrojs/compiler-binding, rolldown, chokidar, readdirp, yargs-parser) require Node ^20.19.0 || >=22.12.0 or >=22.12.0. The root package.json has no engines field, so contributors and CI may unknowingly run on an incompatible Node version and get cryptic errors rather than a clear message.

Suggested fix:

Add to docs-site/package.json: `"engines": { "node": "^20.19.0 || >=22.12.0" }` to match the most restrictive transitive requirement.

Found by: patterns-reviewer


🤖 Generated by AI Code Reviewer | Review ID: review-4e307859

Bumps the npm group with 3 updates in the /docs-site directory: [@astrojs/starlight](https://github.com/withastro/starlight/tree/HEAD/packages/starlight), [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro) and [sharp](https://github.com/lovell/sharp).


Updates `@astrojs/starlight` from 0.36.3 to 0.41.3
- [Release notes](https://github.com/withastro/starlight/releases)
- [Changelog](https://github.com/withastro/starlight/blob/main/packages/starlight/CHANGELOG.md)
- [Commits](https://github.com/withastro/starlight/commits/@astrojs/starlight@0.41.3/packages/starlight)

Updates `astro` from 5.18.2 to 7.0.6
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@7.0.6/packages/astro)

Updates `sharp` from 0.34.5 to 0.35.3
- [Release notes](https://github.com/lovell/sharp/releases)
- [Commits](lovell/sharp@v0.34.5...v0.35.3)

---
updated-dependencies:
- dependency-name: "@astrojs/starlight"
  dependency-version: 0.41.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
- dependency-name: astro
  dependency-version: 7.0.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: npm
- dependency-name: sharp
  dependency-version: 0.35.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/docs-site/npm-a24c5441a4 branch from 6bf14b5 to 05bbe9e Compare July 8, 2026 03:54

@meroreviewer meroreviewer Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 AI Code Reviewer

Reviewed by 3 agents | Quality score: 66% | Review time: 395.1s

🟡 1 warnings. See inline comments.


🤖 Generated by AI Code Reviewer | Review ID: review-4ce17c7b

Comment thread docs-site/package.json
"@astrojs/starlight": "^0.36.0",
"astro": "^5.14.0",
"sharp": "^0.34.0"
"@astrojs/starlight": "^0.41.3",

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🟡 Astro 7 requires Node >=22.12.0, but docs CI pins Node 20

This bump jumps astro from ^5.14.0 straight to ^7.0.6 (skipping v6 entirely). The resolved astro@7.0.6 package in docs-site/package-lock.json declares "engines": {"node": ">=22.12.0", ...}, and several of its transitive deps (e.g. vite@8.1.3, esbuild@0.28.1, @astrojs/compiler-rs) also require modern Node (>=18/>=20/>=22). However, both .github/workflows/docs-ci.yml and .github/workflows/docs-site.yml (the PR-check and GitHub Pages deploy jobs for this exact docs-site/ directory) still pin node-version: 20 via actions/setup-node. Since there is no .npmrc with engine-strict=true in the repo, npm ci will likely only emit an EBADENGINE warning rather than fail outright, but astro build/astro dev may then fail or misbehave at runtime because they were built against Node >=22.12 APIs. This will silently break the docs CI (npm run check) and the Pages deploy workflow the next time either runs against this lockfile.

Suggested fix:

Bump `node-version` to at least 22.12 (or 22 LTS) in .github/workflows/docs-ci.yml and .github/workflows/docs-site.yml alongside this dependency bump, and verify `npm ci && npm run build` succeeds locally/in CI with that Node version before merging.

frdomovic and others added 2 commits July 13, 2026 11:05
Astro now requires Node >=22.12, so bump setup-node to 22 in the docs
workflows. The new compiler also rejects literal braces in template
text; escape them in EntityStorage.astro.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

@meroreviewer meroreviewer Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 AI Code Reviewer

Reviewed by 3 agents | Quality score: 95% | Review time: 485.0s


✅ No Issues Found

All agents reviewed the code and found no issues. LGTM! 🎉


🤖 Generated by AI Code Reviewer | Review ID: review-fd8652a5

@meroreviewer meroreviewer Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 AI Code Reviewer

Reviewed by 3 agents | Quality score: 95% | Review time: 425.2s


✅ No Issues Found

All agents reviewed the code and found no issues. LGTM! 🎉


🤖 Generated by AI Code Reviewer | Review ID: review-ccaf6226

@frdomovic frdomovic merged commit 71d7299 into master Jul 13, 2026
5 checks passed
@frdomovic frdomovic deleted the dependabot/npm_and_yarn/docs-site/npm-a24c5441a4 branch July 13, 2026 09:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file external javascript Pull requests that update Javascript code needs-team-review

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant