Skip to content

chore(deps): bump the astro group with 2 updates#1124

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/astro-bd5df149ed
Open

chore(deps): bump the astro group with 2 updates#1124
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/bun/astro-bd5df149ed

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 5, 2026

Copy link
Copy Markdown
Contributor

Bumps the astro group with 2 updates: @astrojs/starlight and astro.

Updates @astrojs/starlight from 0.39.2 to 0.41.1

Release notes

Sourced from @​astrojs/starlight's releases.

@​astrojs/starlight@​0.41.1

Patch Changes

@​astrojs/starlight@​0.41.0

Minor Changes

  • #3951 1202dd4 Thanks @​HiDeoo! - Adds support for Astro v7, drops support for Astro v6.

    Upgrade Astro and dependencies

    ⚠️ BREAKING CHANGE: Astro v6 is no longer supported. Make sure you update Astro and any other official integrations at the same time as updating Starlight:

    npx @astrojs/upgrade

    Community Starlight plugins and Astro integrations may also need to be manually updated to work with Astro v7. If you encounter any issues, please reach out to the plugin or integration author to see if it is a known issue or if an updated version is being worked on.

    ⚠️ BREAKING CHANGE: This release drops official support for Chromium-based browsers prior to version 111 (released 07 March 2023) and Safari-based browsers prior to version 16.4 (released 27 March 2023). You can find a list of currently supported browsers and their versions using this browserslist query.

Patch Changes

  • #3953 a935d33 Thanks @​HiDeoo! - Fixes Starlight Markdown processing being potentially applied to files that should not be processed.

@​astrojs/starlight@​0.40.0

Minor Changes

  • #3923 edf2e6b Thanks @​Princesseuh! - Adds support for Astro 6.4 and the new Sätteri Markdown processor.

    It is now possible to opt into using Astro's 6.4 Sätteri Markdown processor by installing the @astrojs/markdown-satteri package and configuring it in your astro.config.mjs file:

    // astro.config.mjs
    import { defineConfig } from 'astro/config';
    import { satteri } from '@​astrojs/markdown-satteri';
    export default defineConfig({
    markdown: {
    processor: satteri(),
    },
    });

... (truncated)

Changelog

Sourced from @​astrojs/starlight's changelog.

0.41.1

Patch Changes

0.41.0

Minor Changes

  • #3951 1202dd4 Thanks @​HiDeoo! - Adds support for Astro v7, drops support for Astro v6.

    Upgrade Astro and dependencies

    ⚠️ BREAKING CHANGE: Astro v6 is no longer supported. Make sure you update Astro and any other official integrations at the same time as updating Starlight:

    npx @astrojs/upgrade

    Community Starlight plugins and Astro integrations may also need to be manually updated to work with Astro v7. If you encounter any issues, please reach out to the plugin or integration author to see if it is a known issue or if an updated version is being worked on.

    ⚠️ BREAKING CHANGE: This release drops official support for Chromium-based browsers prior to version 111 (released 07 March 2023) and Safari-based browsers prior to version 16.4 (released 27 March 2023). You can find a list of currently supported browsers and their versions using this browserslist query.

Patch Changes

  • #3953 a935d33 Thanks @​HiDeoo! - Fixes Starlight Markdown processing being potentially applied to files that should not be processed.

0.40.0

Minor Changes

  • #3923 edf2e6b Thanks @​Princesseuh! - Adds support for Astro 6.4 and the new Sätteri Markdown processor.

    It is now possible to opt into using Astro's 6.4 Sätteri Markdown processor by installing the @astrojs/markdown-satteri package and configuring it in your astro.config.mjs file:

    // astro.config.mjs
    import { defineConfig } from 'astro/config';
    import { satteri } from '@​astrojs/markdown-satteri';
    export default defineConfig({
    markdown: {
    processor: satteri(),
    },

... (truncated)

Commits

Updates astro from 6.3.1 to 7.0.3

Release notes

Sourced from astro's releases.

astro@7.0.3

Patch Changes

  • #17189 24d2c9e Thanks @​astrobot-houston! - Fixes a bug where an error thrown inside one route's getStaticPaths() would prevent other valid routes from being matched in dev mode

  • #16932 8f4a3db Thanks @​fkatsuhiro! - Fixes HMR for action files during development. Editing files in src/actions/ now takes effect on the next request without requiring a dev server restart.

  • #17087 fb0ab02 Thanks @​jp-knj! - Fixes localized custom error pages in i18n projects so routes like /pt/404 are used for missing localized pages and return the correct status code

astro@7.0.2

Patch Changes

  • Updated dependencies [3b5e994]:
    • @​astrojs/markdown-satteri@​0.3.2

astro@7.0.1

Patch Changes

  • #17151 ccceda3 Thanks @​matthewp! - Fixes astro dev incorrectly starting in background mode for Warp terminal users. Hybrid environments like Warp are no longer treated as AI agents for auto-background detection.

  • #17158 164df87 Thanks @​ematipico! - Fixes astro dev --background --host not listing the network addresses. The background server start output and astro dev status now show every exposed network URL, matching the foreground dev server.

  • #17141 d785b9d Thanks @​astrobot-houston! - Fixes responsive image CSS overriding user styles defined inside CSS @layer blocks. The generated image styles are now wrapped in @layer astro.images, ensuring they have lower cascade priority than user-defined layers.

  • #17150 1a61386 Thanks @​matthewp! - Fixes astro dev --background failing on Windows with "Failed to spawn background dev server process"

astro@7.0.0

Major Changes

  • #15819 cafec4e Thanks @​delucis! - Upgrade to Vite v8

  • #16965 57ead0d Thanks @​Princesseuh! - Makes 'jsx' the default value for compressHTML

    Astro now strips whitespace from your HTML using JSX rules by default, the same way frameworks like React do. Whitespace and line breaks around elements are removed, but meaningful whitespace within a single line — like a space between two inline elements — is preserved. To keep a space that would otherwise be removed, write it explicitly in your source, for example with {" "}.

    This can change rendered output where whitespace between inline elements was previously meaningful. To keep Astro's earlier behavior, set compressHTML: true for HTML-aware compression, or compressHTML: false to preserve all whitespace.

  • #16610 c63e7e4 Thanks @​matthewp! - Adds background dev server management for AI coding agents.

    When an AI coding agent is detected, astro dev now automatically starts the dev server as a detached background process. This prevents the dev server from blocking the agent's terminal and allows it to continue working while the server runs.

    A lock file (.astro/dev.json) is written when the dev server starts, recording the server's URL, port, and PID. This prevents duplicate servers from being started for the same project.

    New flag and subcommands

    • astro dev --background — Start the dev server as a background process (this is what runs automatically when an agent is detected).
    • astro dev stop — Stop a running background dev server.
    • astro dev status — Check if a dev server is running and display its URL, PID, and uptime.
    • astro dev logs — View logs from a background dev server. Use --follow (-f) to stream new output as it's written.

... (truncated)

Changelog

Sourced from astro's changelog.

7.0.3

Patch Changes

  • #17189 24d2c9e Thanks @​astrobot-houston! - Fixes a bug where an error thrown inside one route's getStaticPaths() would prevent other valid routes from being matched in dev mode

  • #16932 8f4a3db Thanks @​fkatsuhiro! - Fixes HMR for action files during development. Editing files in src/actions/ now takes effect on the next request without requiring a dev server restart.

  • #17087 fb0ab02 Thanks @​jp-knj! - Fixes localized custom error pages in i18n projects so routes like /pt/404 are used for missing localized pages and return the correct status code

7.0.2

Patch Changes

  • Updated dependencies [3b5e994]:
    • @​astrojs/markdown-satteri@​0.3.2

7.0.1

Patch Changes

  • #17151 ccceda3 Thanks @​matthewp! - Fixes astro dev incorrectly starting in background mode for Warp terminal users. Hybrid environments like Warp are no longer treated as AI agents for auto-background detection.

  • #17158 164df87 Thanks @​ematipico! - Fixes astro dev --background --host not listing the network addresses. The background server start output and astro dev status now show every exposed network URL, matching the foreground dev server.

  • #17141 d785b9d Thanks @​astrobot-houston! - Fixes responsive image CSS overriding user styles defined inside CSS @layer blocks. The generated image styles are now wrapped in @layer astro.images, ensuring they have lower cascade priority than user-defined layers.

  • #17150 1a61386 Thanks @​matthewp! - Fixes astro dev --background failing on Windows with "Failed to spawn background dev server process"

7.0.0

Major Changes

  • #15819 cafec4e Thanks @​delucis! - Upgrade to Vite v8

  • #16965 57ead0d Thanks @​Princesseuh! - Makes 'jsx' the default value for compressHTML

    Astro now strips whitespace from your HTML using JSX rules by default, the same way frameworks like React do. Whitespace and line breaks around elements are removed, but meaningful whitespace within a single line — like a space between two inline elements — is preserved. To keep a space that would otherwise be removed, write it explicitly in your source, for example with {" "}.

    This can change rendered output where whitespace between inline elements was previously meaningful. To keep Astro's earlier behavior, set compressHTML: true for HTML-aware compression, or compressHTML: false to preserve all whitespace.

  • #16610 c63e7e4 Thanks @​matthewp! - Adds background dev server management for AI coding agents.

    When an AI coding agent is detected, astro dev now automatically starts the dev server as a detached background process. This prevents the dev server from blocking the agent's terminal and allows it to continue working while the server runs.

    A lock file (.astro/dev.json) is written when the dev server starts, recording the server's URL, port, and PID. This prevents duplicate servers from being started for the same project.

    New flag and subcommands

    • astro dev --background — Start the dev server as a background process (this is what runs automatically when an agent is detected).
    • astro dev stop — Stop a running background dev server.

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the astro group with 2 updates: [@astrojs/starlight](https://github.com/withastro/starlight/tree/HEAD/packages/starlight) and [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro).


Updates `@astrojs/starlight` from 0.39.2 to 0.41.1
- [Release notes](https://github.com/withastro/starlight/releases)
- [Changelog](https://github.com/withastro/starlight/blob/main/packages/starlight/CHANGELOG.md)
- [Commits](https://github.com/withastro/starlight/commits/@astrojs/starlight@0.41.1/packages/starlight)

Updates `astro` from 6.3.1 to 7.0.3
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@7.0.3/packages/astro)

---
updated-dependencies:
- dependency-name: "@astrojs/starlight"
  dependency-version: 0.41.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: astro
- dependency-name: astro
  dependency-version: 7.0.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: astro
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 5, 2026
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 5, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
samui-wallet-api caa471f Commit Preview URL

Branch Preview URL
Jul 05 2026, 12:08 AM

@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented Jul 5, 2026

Copy link
Copy Markdown

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs
samui-wallet-web caa471f Commit Preview URL

Branch Preview URL
Jul 05 2026, 12:09 AM

@bundlemon

bundlemon Bot commented Jul 5, 2026

Copy link
Copy Markdown

BundleMon

Unchanged files (75)
Status Path Size Limits
apps/web/dist/assets/index-(hash).js
300.58KB -
apps/extension/.output/chrome-mv3/chunks/clie
nt-(hash).js
275.86KB -
apps/web/dist/assets/combobox-(hash).js
45.75KB -
apps/extension/.output/chrome-mv3/chunks/comb
obox-(hash).js
45.74KB -
apps/web/dist/assets/toggle-(hash).js
27.61KB -
apps/extension/.output/chrome-mv3/chunks/togg
le-(hash).js
27.59KB -
apps/extension/.output/chrome-mv3/chunks/sett
ings-(hash).js
26.09KB -
apps/web/dist/assets/settings-(hash).js
26.08KB -
apps/extension/.output/chrome-mv3/chunks/form
-(hash).js
13.17KB -
apps/web/dist/assets/form-(hash).js
13.16KB -
apps/web/dist/assets/select-(hash).js
8.55KB -
apps/extension/.output/chrome-mv3/chunks/sele
ct-(hash).js
8.54KB -
apps/extension/.output/chrome-mv3/chunks/onbo
arding-(hash).js
5.83KB -
apps/web/dist/assets/onboarding-(hash).js
5.83KB -
apps/extension/.output/chrome-mv3/chunks/inde
x.browser-(hash).js
4.65KB -
apps/extension/.output/chrome-mv3/chunks/crea
te-(hash).js
4.56KB -
apps/web/dist/assets/create-(hash).js
4.56KB -
apps/extension/.output/chrome-mv3/chunks/cons
tants-(hash).js
3.6KB -
apps/web/dist/assets/constants-(hash).js
3.6KB -
apps/extension/.output/chrome-mv3/chunks/useQ
uery-(hash).js
3.12KB -
apps/web/dist/assets/useQuery-(hash).js
3.12KB -
apps/extension/.output/chrome-mv3/chunks/requ
est-(hash).js
2.86KB -
apps/web/dist/assets/request-(hash).js
2.85KB -
apps/extension/.output/chrome-mv3/assets/vani
ty-(hash).js
2.79KB -
apps/web/dist/assets/vanity-(hash).js
2.79KB -
apps/web/dist/assets/portfolio-(hash).js
2.69KB -
apps/extension/.output/chrome-mv3/chunks/port
folio-(hash).js
2.69KB -
apps/extension/.output/chrome-mv3/chunks/send
-(hash).js
2.46KB -
apps/web/dist/assets/send-(hash).js
2.46KB -
apps/web/dist/assets/dropdown-(hash).js
2.16KB -
apps/extension/.output/chrome-mv3/chunks/drop
down-(hash).js
2.16KB -
apps/extension/.output/chrome-mv3/chunks/chec
kbox-(hash).js
1.89KB -
apps/web/dist/assets/checkbox-(hash).js
1.89KB -
apps/extension/.output/chrome-mv3/chunks/tool
s-(hash).js
1.85KB -
apps/web/dist/assets/tools-(hash).js
1.85KB -
apps/web/dist/assets/explorer-(hash).js
1.52KB -
apps/extension/.output/chrome-mv3/chunks/expl
orer-(hash).js
1.52KB -
apps/web/dist/assets/index.browser-(hash).js
835B -
apps/extension/.output/chrome-mv3/chunks/badg
e-(hash).js
769B -
apps/web/dist/assets/badge-(hash).js
768B -
apps/web/dist/assets/zod-(hash).js
768B -
apps/extension/.output/chrome-mv3/chunks/zod-
(hash).js
765B -
apps/web/dist/assets/standard-(hash).js
656B -
apps/extension/.output/chrome-mv3/chunks/stan
dard-(hash).js
651B -
apps/extension/.output/chrome-mv3/chunks/tabl
e-(hash).js
595B -
apps/web/dist/assets/table-(hash).js
595B -
apps/web/dist/assets/button-(hash).js
579B -
apps/extension/.output/chrome-mv3/chunks/butt
on-(hash).js
576B -
apps/extension/.output/chrome-mv3/chunks/book
mark-(hash).js
554B -
apps/web/dist/assets/bookmark-(hash).js
552B -
apps/extension/.output/chrome-mv3/chunks/ui-(
hash).js
526B -
apps/web/dist/assets/ui-(hash).js
526B -
apps/extension/.output/chrome-mv3/chunks/text
area-(hash).js
497B -
apps/web/dist/assets/textarea-(hash).js
496B -
apps/extension/.output/chrome-mv3/chunks/dev-
(hash).js
276B -
apps/web/dist/assets/dev-(hash).js
275B -
apps/web/dist/assets/use-(hash).js
227B -
apps/extension/.output/chrome-mv3/chunks/use-
(hash).js
226B -
apps/extension/.output/chrome-mv3/chunks/side
panel-(hash).js
203B -
apps/extension/.output/chrome-mv3/chunks/popu
p-(hash).js
200B -
apps/extension/.output/chrome-mv3/chunks/inde
x-(hash).js
173B -
apps/extension/.output/chrome-mv3/chunks/form
at-(hash).js
166B -
apps/web/dist/assets/format-(hash).js
166B -
apps/web/dist/assets/sol-(hash).js
150B -
apps/extension/.output/chrome-mv3/chunks/sol-
(hash).js
148B -
apps/extension/.output/chrome-mv3/chunks/elli
psify-(hash).js
145B -
apps/web/dist/assets/ellipsify-(hash).js
145B -
apps/extension/.output/chrome-mv3/chunks/chev
ron-(hash).js
142B -
apps/web/dist/assets/chevron-(hash).js
142B -
apps/web/dist/assets/stringify-(hash).js
140B -
apps/web/dist/assets/toast-(hash).js
139B -
apps/extension/.output/chrome-mv3/chunks/stri
ngify-(hash).js
138B -
apps/extension/.output/chrome-mv3/chunks/toas
t-(hash).js
137B -
apps/extension/.output/chrome-mv3/chunks/netw
ork-(hash).js
121B -
apps/web/dist/assets/network-(hash).js
121B -

No change in files bundle size

Unchanged groups (2)
Status Path Size Limits
apps/web/dist/**/*-.js
584.4KB -
apps/extension/.output/chrome-mv3/**/*-
.js
559.08KB -

Final result: ✅

View report in BundleMon website ➡️


Current branch size history | Target branch size history

@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updated@​astrojs/​starlight@​0.39.2 ⏵ 0.41.19810085 +197100
Updatedastro@​6.3.1 ⏵ 7.0.388100 +2388 +198 +1100

View full report

@socket-security

Copy link
Copy Markdown

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
Obfuscated code: npm @emnapi/runtime is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: ?npm/@astrojs/starlight@0.41.1npm/astro@7.0.3npm/@emnapi/runtime@1.11.1

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@emnapi/runtime@1.11.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn High
Obfuscated code: npm astro is 90.0% likely obfuscated

Confidence: 0.90

Location: Package overview

From: apps/site/package.jsonnpm/astro@7.0.3

ℹ Read more on: This package | This alert | What is obfuscated code?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/astro@7.0.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants