build(deps): Bump astro and @astrojs/starlight in /docs-site

[dependabot]

Bumps astro and @astrojs/starlight. These dependencies needed to be updated together.
Updates astro from 4.16.19 to 5.16.4

Release notes

Sourced from astro's releases.

[email protected]

Patch Changes

• #14940 2cf79c2 Thanks @​ematipico! - Fixes a bug where Astro didn't properly combine CSP resources from the csp configuration with those added using the runtime API (Astro.csp.insertDirective()) to form grammatically correct CSP headers

  Now Astro correctly deduplicate CSP resources. For example, if you have a global resource in the configuration file, and then you add a a new one using the runtime APIs.

[email protected]

Patch Changes

• #14889 4bceeb0 Thanks @​florian-lefebvre! - Fixes actions types when using specific TypeScript configurations

• #14929 e0f277d Thanks @​matthewp! - Fixes authentication bypass via double URL encoding in middleware

  Prevents attackers from bypassing path-based authentication checks using multi-level URL encoding (e.g., /%2561dmin instead of /%61dmin). Pathnames are now validated after decoding to ensure no additional encoding remains.

[email protected]

Patch Changes

• #14876 b43dc7f Thanks @​florian-lefebvre! - Fixes a vite warning log during builds when using npm

• #14884 10273e0 Thanks @​florian-lefebvre! - Fixes a case where setting the status of a page to 404 in ssr would show an empty page (or 404.astro page if provided) instead of using the current page

[email protected]

Patch Changes

• #14769 b43ee71 Thanks @​adriandlam! - Fixes an unhandled rejection issue when using Astro with Vercel Workflow DevKit

• #14761 345eb22 Thanks @​ooga! - Updates button attributes types to allow command and commandfor

• #14866 65e214b Thanks @​GameRoMan! - Fixes Astro.glob to be correctly marked as deprecated

• #14894 1ad9a5b Thanks @​delucis! - Fixes support for Astro component rendering in Vitest test suites using a “client” environment such as happy-dom or jsdom

• #14782 abed929 Thanks @​florian-lefebvre! - Improves syncing

[email protected]

Minor Changes

• #13880 1a2ed01 Thanks @​azat-io! - Adds experimental SVGO optimization support for SVG assets

  Astro now supports automatic SVG optimization using SVGO during build time. This experimental feature helps reduce SVG file sizes while maintaining visual quality, improving your site's performance.

  To enable SVG optimization with default settings, add the following to your astro.config.mjs:

  import { defineConfig } from 'astro/config';
  export default defineConfig({

... (truncated)

Changelog

Sourced from astro's changelog.

5.16.4

Patch Changes

• #14940 2cf79c2 Thanks @​ematipico! - Fixes a bug where Astro didn't properly combine CSP resources from the csp configuration with those added using the runtime API (Astro.csp.insertDirective()) to form grammatically correct CSP headers

  Now Astro correctly deduplicate CSP resources. For example, if you have a global resource in the configuration file, and then you add a a new one using the runtime APIs.

5.16.3

Patch Changes

• #14889 4bceeb0 Thanks @​florian-lefebvre! - Fixes actions types when using specific TypeScript configurations

• #14929 e0f277d Thanks @​matthewp! - Fixes authentication bypass via double URL encoding in middleware

  Prevents attackers from bypassing path-based authentication checks using multi-level URL encoding (e.g., /%2561dmin instead of /%61dmin). Pathnames are now validated after decoding to ensure no additional encoding remains.

5.16.2

Patch Changes

• #14876 b43dc7f Thanks @​florian-lefebvre! - Fixes a vite warning log during builds when using npm

• #14884 10273e0 Thanks @​florian-lefebvre! - Fixes a case where setting the status of a page to 404 in ssr would show an empty page (or 404.astro page if provided) instead of using the current page

5.16.1

Patch Changes

• #14769 b43ee71 Thanks @​adriandlam! - Fixes an unhandled rejection issue when using Astro with Vercel Workflow DevKit

• #14761 345eb22 Thanks @​ooga! - Updates button attributes types to allow command and commandfor

• #14866 65e214b Thanks @​GameRoMan! - Fixes Astro.glob to be correctly marked as deprecated

• #14894 1ad9a5b Thanks @​delucis! - Fixes support for Astro component rendering in Vitest test suites using a “client” environment such as happy-dom or jsdom

• #14782 abed929 Thanks @​florian-lefebvre! - Improves syncing

5.16.0

Minor Changes

• #13880 1a2ed01 Thanks @​azat-io! - Adds experimental SVGO optimization support for SVG assets

  Astro now supports automatic SVG optimization using SVGO during build time. This experimental feature helps reduce SVG file sizes while maintaining visual quality, improving your site's performance.

  To enable SVG optimization with default settings, add the following to your astro.config.mjs:

... (truncated)

Commits

• 141c676 [ci] release (#14930)
• d9a43e1 [ci] format
• 2cf79c2 fix(csp): deduplicate CSP resources (#14940)
• c8ac8e5 chore(fonts): classes (#14920)
• 33333e8 [ci] release (#14922)
• aa58d05 [ci] format
• e0f277d fix: prevent authentication bypass via double URL encoding in middleware (#14...
• 4bceeb0 fix: actions infer symbol (#14889)
• e82358c [ci] release (#14918)
• 0a2fe43 [ci] format
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for astro since your current version.

Updates @astrojs/starlight from 0.28.6 to 0.37.0

Release notes

Sourced from @​astrojs/starlight's releases.

@​astrojs/starlight@​0.37.0

Minor Changes

• #3491 28810f0 Thanks @​JusticeMatthew! - Changes text overflow styling in Markdown content

  ⚠️ Potentially breaking change: This release switches the overflow-wrap CSS style for common elements to break-word. In most cases, there should be little visual impact, but this change can impact how layouts with implicit sizing (such as tables) look, improving legibility in how words wrap.

  If you want to preserve the previous styling, you can add the following custom CSS to your site:

  p, h1, h2, h3, h4, h5, h6, code {
    overflow-wrap: anywhere;
  }

• #3351 239698c Thanks @​HiDeoo! - Ensures that Starlight CSS layer order is predictable in custom pages using the <StarlightPage> component.

  Previously, due to how import order works in Astro, the <StarlightPage> component had to be the first import in custom pages to set up cascade layers used internally by Starlight to manage the order of its styles.

  With this change, this restriction no longer applies and Starlight’s styles will be applied correctly regardless of the import order of the <StarlightPage> component.

• #3521 ca7b771 Thanks @​shubham-padia! - Fixes an issue where a vertical scrollbar could be displayed on the Starlight <Tabs> component when zooming the page

  ⚠️ Potentially breaking change: The <Tabs> component no longer uses margin-bottom and border-bottom to highlight the current tab. This is now done with a box-shadow. If you have custom styling for your tabs, you may need to update it.

  If you want to preserve the previous styling, you can add the following custom CSS to your site:

  starlight-tabs .tab {
    margin-bottom: -2px;
  }
  starlight-tabs .tab > [role='tab'] {
  border-bottom: 2px solid var(--sl-color-gray-5);
  box-shadow: none;
  }
  starlight-tabs .tab [role='tab'][aria-selected='true'] {
  border-color: var(--sl-color-text-accent);
  }

• #3549 1cf50eb Thanks @​jacobdalamb! - Updates the default sans-serif system font stack, dropping support for the -apple-system and BlinkMacSystemFont font names used in older browsers. These are no longer needed in browsers officially supported by Starlight.

  If you still need to support older browsers, you can add the following custom CSS to your site:

  :root {
    --sl-font-system: ui-sans-serif, system-ui, -apple-system,
      BlinkMacSystemFont, 'Segoe UI', Roboto, 'Helvetica Neue', Arial,

... (truncated)

Changelog

Sourced from @​astrojs/starlight's changelog.

0.37.0

Minor Changes

• #3491 28810f0 Thanks @​JusticeMatthew! - Changes text overflow styling in Markdown content

  ⚠️ Potentially breaking change: This release switches the overflow-wrap CSS style for common elements to break-word. In most cases, there should be little visual impact, but this change can impact how layouts with implicit sizing (such as tables) look, improving legibility in how words wrap.

  If you want to preserve the previous styling, you can add the following custom CSS to your site:

  p,
  h1,
  h2,
  h3,
  h4,
  h5,
  h6,
  code {
    overflow-wrap: anywhere;
  }

• #3351 239698c Thanks @​HiDeoo! - Ensures that Starlight CSS layer order is predictable in custom pages using the <StarlightPage> component.

  Previously, due to how import order works in Astro, the <StarlightPage> component had to be the first import in custom pages to set up cascade layers used internally by Starlight to manage the order of its styles.

  With this change, this restriction no longer applies and Starlight’s styles will be applied correctly regardless of the import order of the <StarlightPage> component.

• #3521 ca7b771 Thanks @​shubham-padia! - Fixes an issue where a vertical scrollbar could be displayed on the Starlight <Tabs> component when zooming the page

  ⚠️ Potentially breaking change: The <Tabs> component no longer uses margin-bottom and border-bottom to highlight the current tab. This is now done with a box-shadow. If you have custom styling for your tabs, you may need to update it.

  If you want to preserve the previous styling, you can add the following custom CSS to your site:

  starlight-tabs .tab {
    margin-bottom: -2px;
  }
  starlight-tabs .tab > [role='tab'] {
  border-bottom: 2px solid var(--sl-color-gray-5);
  box-shadow: none;
  }
  starlight-tabs .tab [role='tab'][aria-selected='true'] {
  border-color: var(--sl-color-text-accent);
  }

... (truncated)

Commits

• 4c0cd60 [ci] release (#3587)
• f61f99d Relax remark/rehype plugins usage (#3332)
• 239698c Ensure CSS layer order in custom pages (#3351)
• 28810f0 Fix: Update overflow property in reset.css (#3491)
• 1cf50eb fix: Update fonts (#3549)
• ca7b771 Tabs: Remove margin-bottom being used to hide border. (#3521)
• 37d0af0 [ci] release (#3516)
• 547dc30 fix: customCSS catch and throw error (#3555)
• b5c972a [i18nIgnore] fix: typos (#3560)
• bf1a9e6 [ci] format
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​astrojs/starlight since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[github-actions]

Test Coverage Report

Metric	Coverage	Covered/Total
Lines	66.72%	704/1055
Statements	66.88%	725/1084
Functions	70.73%	87/123
Branches	61.53%	232/377

Coverage Thresholds

The project has the following coverage thresholds configured:

• Lines: 38%
• Statements: 38%
• Functions: 35%
• Branches: 30%

---

Coverage report generated by `npm run test:coverage`

[github-actions]

📰 BREAKING: Smoke Copilot is now investigating this pull request. Sources say the story is developing...

[github-actions]

💥 WHOOSH! Smoke Claude springs into action on this pull request! [Panel 1 begins...]

[github-actions]

Smoke Test Results

Last 2 Merged PRs:

• docs: streamline README for first-time visitors #111: docs: streamline README for first-time visitors
• feat: add install script with sha256 validation #108: feat: add install script with sha256 validation

Test Results:

• ✅ GitHub MCP (fetched 2 merged PRs)
• ✅ File writing (created test file)
• ✅ Bash tool (verified file contents)

Status: PASS

📰 BREAKING: Report filed by Smoke Copilot fer issue #103 🗺️

[github-actions]

Smoke Test Results:

Last 2 Merged PRs:

• docs: streamline README for first-time visitors #111: docs: streamline README for first-time visitors
• feat: add install script with sha256 validation #108: feat: add install script with sha256 validation

✅ GitHub MCP - list PRs
✅ File Write - test file created
✅ Bash Tool - file read successful
❌ Playwright MCP - tunnel connection failed (page loaded but with errors)

Overall: FAIL (Playwright network connectivity issue)

💥 [THE END] — Illustrated by Smoke Claude fer issue #103 🗺️