Skip to content

chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates#972

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/apps/site/npm_and_yarn-d08254cda0
Closed

chore(deps): bump the npm_and_yarn group across 2 directories with 2 updates#972
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/apps/site/npm_and_yarn-d08254cda0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 21, 2026
edited
Loading

Bumps the npm_and_yarn group with 1 update in the /apps/site directory: astro.
Bumps the npm_and_yarn group with 1 update in the /examples/basic directory: vite.

Updates astro from 5.16.13 to 6.1.6

Release notes

Sourced from astro's releases.

astro@6.1.6

Patch Changes

  • #16202 b5c2fba Thanks @​matthewp! - Fixes Actions failing with ActionsWithoutServerOutputError when using output: 'static' with an adapter

  • #16303 b06eabf Thanks @​matthewp! - Improves handling of special characters in inline <script> content

  • #14924 bb4586a Thanks @​aralroca! - Fixes SCSS and CSS module file changes triggering a full page reload instead of hot-updating styles in place during development

astro@6.1.5

Patch Changes

  • #16171 5bcd03c Thanks @​Desel72! - Fixes a build error that occurred when a pre-rendered page used the <Picture> component and another page called render() on content collection entries.

  • #16239 7c65c04 Thanks @​dataCenter430! - Fixes sync content inside <Fragment> not streaming to the browser until all async sibling expressions have resolved.

  • #16242 686c312 Thanks @​martrapp! - Revives UnoCSS in dev mode when used with the client router.

    This change partly reverts #16089, which in hindsight turned out to be too general. Instead of automatically persisting all style sheets, we now do this only for styles from Vue components.

  • #16192 79d86b8 Thanks @​alexanderniebuhr! - Uses today’s date for Cloudflare compatibility_date in astro add cloudflare

    When creating new projects, astro add cloudflare now sets compatibility_date to the current date. Previously, this date was resolved from locally installed packages, which could be unreliable in some package manager environments. Using today’s date is simpler and more reliable across environments, and is supported by workerd.

  • #16259 34df955 Thanks @​gameroman! - Removed dlv dependency

astro@6.1.4

Patch Changes

  • #16197 21f9fe2 Thanks @​SchahinRohani! - Remove unused re-exports from assets/utils barrel file to fix Vite build warning

  • #16059 6d5469e Thanks @​matthewp! - Fixes Expected 'miniflare' to be defined errors and 404 responses in dev mode when using the Cloudflare adapter and the config file changes. Instead of creating a brand new Vite server on config changes, Astro now performs a Vite in-place restart, allowing the Cloudflare adapter to reuse its existing miniflare instance across restarts.

  • #16154 7610ba4 Thanks @​Desel72! - Fixes pages with dots in their filenames (e.g. hello.world.astro) returning 404 when accessed with a trailing slash in the dev server. The trailingSlashForPath function now only forces trailingSlash: 'never' for endpoints with file extensions, allowing pages to correctly respect the user's trailingSlash config.

  • #16193 23425e2 Thanks @​matthewp! - Fixes trailingSlash: "always" producing redirect HTML instead of the actual response for extensionless endpoints during static builds

astro@6.1.3

Patch Changes

  • #16161 b51f297 Thanks @​matthewp! - Fixes a dev rendering issue with the Cloudflare adapter where head metadata could be missing and dev CSS/scripts could be injected in the wrong place

  • #16110 de669f0 Thanks @​tmimmanuel! - Fixes skew protection query parameters not being appended to inter-chunk JavaScript imports in client bundles, which could cause version mismatches during rolling deployments on Vercel

  • #16162 a0a49e9 Thanks @​rururux! - Fixes an issue where HMR would not trigger when modifying files while using @​astrojs/cloudflare with prerenderEnvironment: 'node' enabled.

  • #16142 7454854 Thanks @​rururux! - Fixes HTML content being incorrectly escaped as plain text when rendering a MDX component using the AstroContainer APIs.

  • #16116 12602a9 Thanks @​riderx! - Fixes a bug where page-level CSS could leak between unrelated pages when traversing style parents across top-level route boundaries

... (truncated)

Changelog

Sourced from astro's changelog.

6.1.6

Patch Changes

  • #16202 b5c2fba Thanks @​matthewp! - Fixes Actions failing with ActionsWithoutServerOutputError when using output: 'static' with an adapter

  • #16303 b06eabf Thanks @​matthewp! - Improves handling of special characters in inline <script> content

  • #14924 bb4586a Thanks @​aralroca! - Fixes SCSS and CSS module file changes triggering a full page reload instead of hot-updating styles in place during development

6.1.5

Patch Changes

  • #16171 5bcd03c Thanks @​Desel72! - Fixes a build error that occurred when a pre-rendered page used the <Picture> component and another page called render() on content collection entries.

  • #16239 7c65c04 Thanks @​dataCenter430! - Fixes sync content inside <Fragment> not streaming to the browser until all async sibling expressions have resolved.

  • #16242 686c312 Thanks @​martrapp! - Revives UnoCSS in dev mode when used with the client router.

    This change partly reverts #16089, which in hindsight turned out to be too general. Instead of automatically persisting all style sheets, we now do this only for styles from Vue components.

  • #16192 79d86b8 Thanks @​alexanderniebuhr! - Uses today’s date for Cloudflare compatibility_date in astro add cloudflare

    When creating new projects, astro add cloudflare now sets compatibility_date to the current date. Previously, this date was resolved from locally installed packages, which could be unreliable in some package manager environments. Using today’s date is simpler and more reliable across environments, and is supported by workerd.

  • #16259 34df955 Thanks @​gameroman! - Removed dlv dependency

6.1.4

Patch Changes

  • #16197 21f9fe2 Thanks @​SchahinRohani! - Remove unused re-exports from assets/utils barrel file to fix Vite build warning

  • #16059 6d5469e Thanks @​matthewp! - Fixes Expected 'miniflare' to be defined errors and 404 responses in dev mode when using the Cloudflare adapter and the config file changes. Instead of creating a brand new Vite server on config changes, Astro now performs a Vite in-place restart, allowing the Cloudflare adapter to reuse its existing miniflare instance across restarts.

  • #16154 7610ba4 Thanks @​Desel72! - Fixes pages with dots in their filenames (e.g. hello.world.astro) returning 404 when accessed with a trailing slash in the dev server. The trailingSlashForPath function now only forces trailingSlash: 'never' for endpoints with file extensions, allowing pages to correctly respect the user's trailingSlash config.

  • #16193 23425e2 Thanks @​matthewp! - Fixes trailingSlash: "always" producing redirect HTML instead of the actual response for extensionless endpoints during static builds

6.1.3

Patch Changes

  • #16161 b51f297 Thanks @​matthewp! - Fixes a dev rendering issue with the Cloudflare adapter where head metadata could be missing and dev CSS/scripts could be injected in the wrong place

  • #16110 de669f0 Thanks @​tmimmanuel! - Fixes skew protection query parameters not being appended to inter-chunk JavaScript imports in client bundles, which could cause version mismatches during rolling deployments on Vercel

  • #16162 a0a49e9 Thanks @​rururux! - Fixes an issue where HMR would not trigger when modifying files while using @​astrojs/cloudflare with prerenderEnvironment: 'node' enabled.

... (truncated)

Commits

Updates vite from 7.2.4 to 7.3.2

Release notes

Sourced from vite's releases.

v7.3.2

Please refer to CHANGELOG.md for details.

v7.3.1

Please refer to CHANGELOG.md for details.

v7.3.0

Please refer to CHANGELOG.md for details.

v7.2.7

Please refer to CHANGELOG.md for details.

v7.2.6

Please refer to CHANGELOG.md for details.

v7.2.5

Please refer to CHANGELOG.md for details.

Note: 7.2.5 failed to publish so it is skipped on npm

Changelog

Sourced from vite's changelog.

7.3.2 (2026-04-06)

Bug Fixes

7.3.1 (2026-01-07)

Features

  • add ignoreOutdatedRequests option to optimizeDeps (#21364) (9d39d37)

7.3.0 (2025-12-15)

Features

  • deps: update esbuild from ^0.25.0 to ^0.27.0 (#21183) (cff26ec)

7.2.7 (2025-12-08)

Bug Fixes

7.2.6 (2025-12-01)

7.2.5 (2025-12-01)

Bug Fixes

Performance Improvements

Documentation

  • clarify manifest.json imports field is JS chunks only (#21136) (46d3077)

Miscellaneous Chores

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by CodeRabbit

  • Chores
    • Updated framework dependencies to newer versions for improved stability and performance.
    • Upgraded build tooling to the latest release for enhanced development experience.

@dependabot
chore(deps): bump the npm_and_yarn group across 2 directories with 2 …
8fcfbb4 
…updates

Bumps the npm_and_yarn group with 1 update in the /apps/site directory: [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro).
Bumps the npm_and_yarn group with 1 update in the /examples/basic directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).


Updates `astro` from 5.16.13 to 6.1.6
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@6.1.6/packages/astro)

Updates `vite` from 7.2.4 to 7.3.2
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/v7.3.2/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/v7.3.2/packages/vite)

---
updated-dependencies:
- dependency-name: astro
  dependency-version: 6.1.6
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: vite
  dependency-version: 7.3.2
  dependency-type: direct:development
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 21, 2026
@dependabot dependabot Bot mentioned this pull request Apr 21, 2026
Closed
@cloudflare-workers-and-pages
Copy link
Copy Markdown

cloudflare-workers-and-pages Bot commented Apr 21, 2026
edited
Loading

Deploying with  Cloudflare Workers  Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status Name Latest Commit Preview URL Updated (UTC)
✅ Deployment successful!
View logs		 samui-wallet-web 8fcfbb4 Commit Preview URL

Branch Preview URL		 Apr 21 2026, 10:26 PM

@coderabbitai
Copy link
Copy Markdown

coderabbitai Bot commented Apr 21, 2026
edited
Loading

📝 Walkthrough

Walkthrough

Two package.json dependency versions were updated: Astro from 5.16.13 to 6.1.6 in apps/site, and Vite devDependency from 7.2.4 to 7.3.2 in examples/basic. No other configuration, scripts, or dependencies were modified.

Changes

Cohort / File(s) Summary
Dependency Version Updates
apps/site/package.json, examples/basic/package.json		 Updated Astro dependency to 6.1.6 and Vite devDependency to 7.3.2.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Poem

🐰 Hops of joy through versions new,
Astro bounces, Vite does too!
Dependencies dance with grace,
Building faster in this space. ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Description check ⚠️ Warning The PR description is a Dependabot-generated update notice that does not follow the required template structure with Description, Screenshots/Video, and Checklist sections. Add a proper description section following the template: include a summary of changes and motivation. Confirm whether tests and docs updates are needed, and update the checklist accordingly.
✅ Passed checks (4 passed)
Check name Status Explanation
Title check ✅ Passed The title accurately summarizes the main change: bumping npm dependencies across 2 directories with 2 updates.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch dependabot/npm_and_yarn/apps/site/npm_and_yarn-d08254cda0

Comment @coderabbitai help to get the list of available commands and usage tips.

@socket-security
Copy link
Copy Markdown

socket-security Bot commented Apr 21, 2026

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedastro@​5.16.13 ⏵ 6.1.698 +1100 +388 +198100

View full report

coderabbitai[bot]
coderabbitai Bot reviewed Apr 21, 2026
View reviewed changes
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents 
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@apps/site/package.json`:
- Line 6: Update the Starlight dependency in apps/site package.json to a version
compatible with Astro 6 (bump `@astrojs/starlight` to 0.38.0 or later) so it
matches the existing "astro": "6.1.6" entry; after bumping `@astrojs/starlight`,
run dependency install and validate the site build, then review content loader
usage (e.g., docsLoader in src/content.config.ts) and any schema/zod usages to
ensure compatibility with Starlight 0.38.0 and Astro 6 before merging.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 8a8e0fa6-aa22-4ccb-b59d-bd90b5a64c92

📥 Commits

Reviewing files that changed from the base of the PR and between 7bc849a and 8fcfbb4.

📒 Files selected for processing (2)
  • apps/site/package.json
  • examples/basic/package.json

Comment thread apps/site/package.json
"@astrojs/starlight-tailwind": "4.0.2",
"@tailwindcss/vite": "catalog:",
"astro": "5.16.13",
"astro": "6.1.6",
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🌐 Web query:

What are the breaking changes in Astro 6 compared to Astro 5 and what migration steps are required?

💡 Result:

Astro 6 introduces several breaking changes compared to Astro 5, primarily documented in the official upgrade guide. Key changes include dependency upgrades, removal of legacy features, changed defaults, and specific API modifications. Migration involves updating Node.js, dependencies, config flags, and code patterns. ## Dependency Upgrades (high impact) - Node.js: Drops support for Node 18 (EOL March 2025) and Node 20 (EOL April 2026). Requires Node 22.12.0+. Update your .nvmrc or deployment env: 22.12.0 - Vite 7.0: As dev server and bundler. Check Vite migration guide if using custom Vite plugins/config. - Zod 4: For content schema validation. Import Zod from astro/zod. Update schemas for Zod 4 breaking changes (e.g., deprecated async schema functions; use static schema property). - Shiki v4: For syntax highlighting. Update integrations like @astrojs adapters (Cloudflare, Netlify, etc.) for compatibility. ## Legacy Features Removed/Deprecated - Legacy Content Collections: Automatic backwards compatibility and legacy.collections flag removed. Migrate all to Content Layer API (src/content.config.ts). Use loaders like glob for filesystem content. - Astro object in getStaticPaths: Deprecated; use astro:config virtual module instead. - ViewTransitions: → ; removed deprecated exports from astro:transitions. - CommonJS config files: ESM-only now. - Removed experimental flags now stable: csp, liveCollections, preserveScriptOrder, headingIdCompat, etc. Remove from astro.config.mjs. ## Changed Defaults - i18n.routing.redirectToDefaultLocale: Now false (was true). - Image service: Cropping always enabled (no fit required); generates styles at build-time (data-astro-fit/pos attributes). - <script> and <style> tags: Render in declaration order (hoisted before). ## Breaking Changes - Endpoints with file extensions (e.g., api/user.json): No trailing slash access (e.g., /api/user.json/ → 404). - import.meta.env: Always inlined strings (no type coercion like "true"→boolean). - Assets: Always crop, never upscale. Remove fit: 'contain' if used for cropping. - Markdown: Heading IDs no longer strip trailing hyphens (e.g., ## Heading-- → heading--). - SSRManifest: Path properties changed. - Adapter/Integration API: Removed hooks like entryPoints/routes; new Adapter API with setAdapter({entryType: 'self'}); deprecated createExports/start. - Removed: emitESMImage, session test driver, prefetch 'with' option. ## Migration Steps 1. Run npx @astrojs/upgrade (automated tool) or npm install astro@latest. 2. Update Node to 22.12.0+ locally and in deployment. 3. Remove legacy/experimental flags from astro.config.mjs. 4. Migrate content collections to Content Layer API if using legacy src/content/. 5. Update Zod schemas: Import from astro/zod; fix async schemas. 6. Check images: Remove unnecessary fit: 'contain'. 7. Update ViewTransitions to ClientRouter. 8. Test i18n routing defaults. 9. Review adapters/integrations changelogs. 10. Run astro check, astro build, astro preview; fix errors. Full details: Official upgrade guide and changelog. Most projects migrate smoothly; content-heavy sites need Content Layer updates. Zod 4 may break third-party loaders.

Citations:

🌐 Web query:

Is @astrojs/starlight version 0.37.4 compatible with Astro 6.1.6?

💡 Result:

No, @astrojs/starlight version 0.37.4 is not compatible with Astro 6.1.6. Starlight 0.37.x requires Astro 5.x, as indicated by its dev dependencies on astro ^5.x and the absence of Astro 6 support announcements in its release notes. Astro 6 support was added in Starlight 0.38.0, which explicitly drops Astro 5 support and requires Astro ^6.0.0. Using Starlight 0.37.4 with Astro 6 may result in compatibility issues due to breaking changes in Astro 6.

Citations:

🏁 Script executed:

#!/bin/bash
# Description: Check for Astro API usage patterns that might be affected by v6 upgrade

echo "=== Checking Content Collections API usage ==="
rg -n --type=ts --type=js "defineCollection|docsLoader|getCollection" apps/site/

echo -e "\n=== Checking Astro config patterns ==="
rg -n --type=js --type=mjs "defineConfig|redirects" apps/site/

echo -e "\n=== Checking Astro runtime API usage ==="
rg -n "Astro\.(locals|props|request|response|cookies)" apps/site/

Repository: samui-build/samui-wallet

Length of output: 623

🏁 Script executed:

#!/bin/bash
# Read astro.config.mjs to check for defineConfig and redirects
echo "=== Checking astro.config.mjs content ==="
if [ -f "apps/site/astro.config.mjs" ]; then
  cat -n "apps/site/astro.config.mjs"
else
  echo "File not found"
  find apps/site -name "astro.config.*" -type f
fi

Repository: samui-build/samui-wallet

Length of output: 2170

🌐 Web query:

Is Astro.locals API still available and compatible in Astro 6?

💡 Result:

Yes, the Astro.locals API is still available and fully compatible in Astro 6.

Citations:

🌐 Web query:

Does Astro 6 with Vite 7 resolve the Vite 6 incompatibility issues?

💡 Result:

Yes, Astro 6 with Vite 7 resolves the Vite 6 incompatibility issues.

Citations:

Starlight 0.37.4 is incompatible with Astro 6.1.6—upgrade to Starlight 0.38.0+ is required.

The codebase cannot upgrade to Astro 6.1.6 while using @astrojs/starlight 0.37.4. Starlight 0.37.x requires Astro 5.x; Astro 6 support was added in Starlight 0.38.0, which drops Astro 5 support and requires astro ^6.0.0. Both dependencies must be updated together.

Beyond the Starlight blocker, Astro 6 introduces extensive breaking changes that require migration:

  • Node.js: Drops support for Node 18 and 20; requires Node 22.12.0+
  • Content Collections: The docsLoader() pattern in src/content.config.ts requires verification against Starlight 0.38.0's loader API
  • Vite upgrade: Astro 6 bundles Vite 7, which resolves the current Vite 6 vs 7 incompatibility flagged in astro.config.mjs line 61 (the @ts-expect-error comment becomes unnecessary)
  • Zod 4: Required for schema validation; may break custom loaders
  • Config defaults: i18n.routing.redirectToDefaultLocale now defaults to false; image cropping behavior changed

Verify that Starlight 0.38.0's loader implementation is compatible with your current content structure before proceeding.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@apps/site/package.json` at line 6, Update the Starlight dependency in
apps/site package.json to a version compatible with Astro 6 (bump
`@astrojs/starlight` to 0.38.0 or later) so it matches the existing "astro":
"6.1.6" entry; after bumping `@astrojs/starlight`, run dependency install and
validate the site build, then review content loader usage (e.g., docsLoader in
src/content.config.ts) and any schema/zod usages to ensure compatibility with
Starlight 0.38.0 and Astro 6 before merging.

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 23, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Apr 23, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/apps/site/npm_and_yarn-d08254cda0 branch April 23, 2026 14:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants