fix(deps): resolve Dependabot security alerts via astro 6 upgrade (#2493)

Clears all 11 open Dependabot alerts on main: - astro 5.18.1 -> 6.4.6, @astrojs/starlight 0.37.5 -> 0.40.0, @astrojs/sitemap 3.6.0 -> 3.7.3 (8 XSS/SSRF advisories) - esbuild pinned to 0.28.1 via override (astro/vite cap at ^0.27; fixes dev-server arbitrary file read on Windows) - markdown-it -> 14.2.0 via override (smartquotes ReDoS) - brace-expansion (under glob) -> 5.0.6 (range DoS) Astro 6 migration for the docs site: - content config moved to src/content.config.ts with loaders - sidebar autogenerate groups wrapped in items[] (Starlight v0.39) - 404 page uses render(entry) instead of entry.render() Verified: docs:build produces an identical page set vs the pre-upgrade baseline; sidebar validation and format checks pass.
2026-06-21 16:52:15 -05:00 · 2026-06-21 16:52:15 -05:00 · db2270c7ea
parent e600181ab8
commit db2270c7ea
6 changed files with 766 additions and 1434 deletions
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -66,6 +66,12 @@
      "markdownlint-cli2"
    ]
  },
+  "overrides": {
+    "esbuild": "^0.28.1",
+    "markdownlint-cli2": {
+      "markdown-it": "^14.2.0"
+    }
+  },
  "dependencies": {
    "@clack/core": "^1.3.1",
    "@clack/prompts": "^1.4.0",
@ -82,10 +88,10 @@
    "yaml": "^2.7.0"
  },
  "devDependencies": {
-    "@astrojs/sitemap": "^3.6.0",
-    "@astrojs/starlight": "^0.37.5",
+    "@astrojs/sitemap": "^3.7.3",
+    "@astrojs/starlight": "^0.40.0",
    "@eslint/js": "^9.33.0",
-    "astro": "^5.16.0",
+    "astro": "^6.4.6",
    "c8": "^10.1.3",
    "eslint": "^9.33.0",
    "eslint-config-prettier": "^10.1.8",
--- a/website/astro.config.mjs
+++ b/website/astro.config.mjs
@ -106,25 +106,25 @@ export default defineConfig({
          label: 'Tutorials',
          translations: { 'vi-VN': 'Hướng dẫn nhập môn', 'zh-CN': '教程', 'fr-FR': 'Tutoriels', 'cs-CZ': 'Tutoriály' },
          collapsed: false,
-          autogenerate: { directory: 'tutorials' },
+          items: [{ autogenerate: { directory: 'tutorials' } }],
        },
        {
          label: 'How-To Guides',
          translations: { 'vi-VN': 'Hướng dẫn tác vụ', 'zh-CN': '操作指南', 'fr-FR': 'Guides pratiques', 'cs-CZ': 'Praktické návody' },
          collapsed: true,
-          autogenerate: { directory: 'how-to' },
+          items: [{ autogenerate: { directory: 'how-to' } }],
        },
        {
          label: 'Explanation',
          translations: { 'vi-VN': 'Giải thích', 'zh-CN': '概念说明', 'fr-FR': 'Explications', 'cs-CZ': 'Vysvětlení' },
          collapsed: true,
-          autogenerate: { directory: 'explanation' },
+          items: [{ autogenerate: { directory: 'explanation' } }],
        },
        {
          label: 'Reference',
          translations: { 'vi-VN': 'Tham chiếu', 'zh-CN': '参考', 'fr-FR': 'Référence', 'cs-CZ': 'Reference' },
          collapsed: true,
-          autogenerate: { directory: 'reference' },
+          items: [{ autogenerate: { directory: 'reference' } }],
        },
        // TEA docs moved to standalone module site; keep BMM sidebar focused.
        {
--- a/website/src/content.config.ts
+++ b/website/src/content.config.ts
@ -0,0 +1,8 @@
+import { defineCollection } from 'astro:content';
+import { docsLoader, i18nLoader } from '@astrojs/starlight/loaders';
+import { docsSchema, i18nSchema } from '@astrojs/starlight/schema';
+
+export const collections = {
+  docs: defineCollection({ loader: docsLoader(), schema: docsSchema() }),
+  i18n: defineCollection({ loader: i18nLoader(), schema: i18nSchema() }),
+};
--- a/website/src/content/config.ts
+++ b/website/src/content/config.ts
@ -1,7 +0,0 @@
-import { defineCollection } from 'astro:content';
-import { docsSchema, i18nSchema } from '@astrojs/starlight/schema';
-
-export const collections = {
-  docs: defineCollection({ schema: docsSchema() }),
-  i18n: defineCollection({ type: 'data', schema: i18nSchema() }),
-};
--- a/website/src/pages/404.astro
+++ b/website/src/pages/404.astro
@ -1,10 +1,10 @@
 ---
 import StarlightPage from '@astrojs/starlight/components/StarlightPage.astro';
-import { getEntry } from 'astro:content';
+import { getEntry, render } from 'astro:content';
 import { translatedLocales } from '../lib/locales.mjs';

 const entry = await getEntry('docs', '404');
-const { Content } = await entry.render();
+const { Content } = await render(entry);
 ---

 <StarlightPage frontmatter={{ title: entry.data.title, template: entry.data.template }}>