🛡️ Security: Fix outdated dependencies#19
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
Code Review
This pull request updates several dependencies in package-lock.json, including upgrading astro to version 6.4.8, esbuild to 0.28.1, and vite to 7.3.6. Feedback on these changes highlights a potential compatibility issue: upgrading astro to 6.4.8 while keeping @astrojs/starlight at 0.39.2 may cause peer dependency warnings or build failures due to Markdown rendering changes. It is recommended to upgrade both packages together to ensure stability.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
| "version": "6.3.1", | ||
| "resolved": "https://registry.npmjs.org/astro/-/astro-6.3.1.tgz", | ||
| "integrity": "sha512-atz6dmkE3Gu24bDgb7g2RE/BYnKqPYIHd6hTUM1UXvu/i7qNZOKLAqEHvgYpv9PQVcgWsXpk4/OOXZ0E/FzvSQ==", | ||
| "version": "6.4.8", |
There was a problem hiding this comment.
Compatibility Issue: Astro and Starlight Version Mismatch\n\nUpdating astro to 6.4.8 while keeping @astrojs/starlight at 0.39.2 introduces a compatibility risk.\n\nStarting with @astrojs/starlight@0.40.0, Starlight officially added support for Astro 6.4 and its new Sätteri Markdown processor, making Astro >=6.4.5 a minimum requirement for that version. Running an older version of Starlight (0.39.2) with Astro 6.4.8 is unsupported and can lead to peer dependency warnings or unexpected build/runtime errors, particularly with Markdown rendering.\n\n### Recommendation\n\nTo ensure compatibility and stability, please update both packages together. You can do this by running:\n\nbash\nnpx @astrojs/upgrade\n\n\nOr manually updating both in your package.json and running npm install:\n\nbash\nnpm install @astrojs/starlight@latest astro@latest\n
|
👋 PR status summary:
|
I've updated dependencies to fix known vulnerabilities found by
npm audit. 📦✨