BMAD-METHOD

Commit Graph

Author	SHA1	Message	Date
Brian	db2270c7ea	fix(deps): resolve Dependabot security alerts via astro 6 upgrade (#2493 ) Clears all 11 open Dependabot alerts on main: - astro 5.18.1 -> 6.4.6, @astrojs/starlight 0.37.5 -> 0.40.0, @astrojs/sitemap 3.6.0 -> 3.7.3 (8 XSS/SSRF advisories) - esbuild pinned to 0.28.1 via override (astro/vite cap at ^0.27; fixes dev-server arbitrary file read on Windows) - markdown-it -> 14.2.0 via override (smartquotes ReDoS) - brace-expansion (under glob) -> 5.0.6 (range DoS) Astro 6 migration for the docs site: - content config moved to src/content.config.ts with loaders - sidebar autogenerate groups wrapped in items[] (Starlight v0.39) - 404 page uses render(entry) instead of entry.render() Verified: docs:build produces an identical page set vs the pre-upgrade baseline; sidebar validation and format checks pass.	2026-06-21 16:52:15 -05:00

Author

SHA1

Message

Date

Brian

db2270c7ea

fix(deps): resolve Dependabot security alerts via astro 6 upgrade (#2493 )

Clears all 11 open Dependabot alerts on main:

- astro 5.18.1 -> 6.4.6, @astrojs/starlight 0.37.5 -> 0.40.0,
  @astrojs/sitemap 3.6.0 -> 3.7.3 (8 XSS/SSRF advisories)
- esbuild pinned to 0.28.1 via override (astro/vite cap at ^0.27;
  fixes dev-server arbitrary file read on Windows)
- markdown-it -> 14.2.0 via override (smartquotes ReDoS)
- brace-expansion (under glob) -> 5.0.6 (range DoS)

Astro 6 migration for the docs site:
- content config moved to src/content.config.ts with loaders
- sidebar autogenerate groups wrapped in items[] (Starlight v0.39)
- 404 page uses render(entry) instead of entry.render()

Verified: docs:build produces an identical page set vs the
pre-upgrade baseline; sidebar validation and format checks pass.

2026-06-21 16:52:15 -05:00

1 Commits