chore(deps): bump the major group across 4 directories with 7 updates

[dependabot]

Bumps the major group with 7 updates in the / directory:

Package	From	To
eslint-stylistic-airbnb	2.0.1	3.0.2
ai	5.0.161	6.0.141
typescript	5.9.3	6.0.2
@astrojs/mdx	4.3.14	5.0.3
@astrojs/vue	5.1.4	6.0.1
astro	5.18.1	6.1.1
vite	7.3.1	8.0.3

Bumps the major group with 2 updates in the /packages/varlock-docs-mcp directory: ai and typescript.
Bumps the major group with 3 updates in the /packages/varlock-website directory: @astrojs/mdx, @astrojs/vue and astro.
Bumps the major group with 1 update in the /packages/integrations/vite directory: vite.

Updates eslint-stylistic-airbnb from 2.0.1 to 3.0.2

Release notes

Sourced from eslint-stylistic-airbnb's releases.

v3.0.2

compare changes

🩹 Fixes

• Remove missing config type definitions (4c3e05a)

📖 Documentation

• Add flat/addon-vue-ts config for vuejs+ts example (2878501)
• Add global ignores config to templates (707c609)
• Add IDE configuration and formatting sections (06c0fd9)

❤️ Contributors

• Solant runner62v6@gmail.com

v3.0.1

compare changes

🤖 CI

• Use latest pnpm 10 for publish action (acb6c3e)

❤️ Contributors

• Solant runner62v6@gmail.com

v3.0.0

compare changes

🩹 Fixes

• Remove missing module entries (6078c8e)

📖 Documentation

• Update migration guide (83145cb)
• Fix typos (05b2f85)

🤖 CI

• Enable tests (d2fcea0)
• Add publish action (2d639df)

❤️ Contributors

• Solant runner62v6@gmail.com

v3.0.0-rc.3

... (truncated)

Changelog

Sourced from eslint-stylistic-airbnb's changelog.

v3.0.2

compare changes

🩹 Fixes

• Remove missing config type definitions (4c3e05a)

📖 Documentation

• Add flat/addon-vue-ts config for vuejs+ts example (2878501)
• Add global ignores config to templates (707c609)
• Add IDE configuration and formatting sections (06c0fd9)

❤️ Contributors

• Solant runner62v6@gmail.com

v3.0.1

compare changes

🤖 CI

• Use latest pnpm 10 for publish action (acb6c3e)

❤️ Contributors

• Solant runner62v6@gmail.com

v3.0.0

compare changes

🩹 Fixes

• Remove missing module entries (6078c8e)

📖 Documentation

• Update migration guide (83145cb)
• Fix typos (05b2f85)

🤖 CI

• Enable tests (d2fcea0)
• Add publish action (2d639df)

❤️ Contributors

... (truncated)

Commits

• 709d3e6 chore(release): v3.0.2
• 06c0fd9 docs: add IDE configuration and formatting sections
• 4c3e05a fix: remove missing config type definitions
• 707c609 docs: add global ignores config to templates
• 2878501 docs: add flat/addon-vue-ts config for vuejs+ts example
• 7c82a87 chore(release): v3.0.1
• acb6c3e ci: use latest pnpm 10 for publish action
• 8c7de0f chore(release): v3.0.0
• 2d639df ci: add publish action
• 05b2f85 docs: fix typos
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for eslint-stylistic-airbnb since your current version.

Updates ai from 5.0.161 to 6.0.141

Release notes

Sourced from ai's releases.

ai@6.0.141

Patch Changes

• Updated dependencies [768a9d6]
  • @​ai-sdk/gateway@​3.0.83

ai@6.0.140

Patch Changes

• Updated dependencies [95fedf0]
  • @​ai-sdk/gateway@​3.0.82

ai@6.0.139

Patch Changes

• Updated dependencies [e69062d]
  • @​ai-sdk/gateway@​3.0.81

ai@6.0.138

Patch Changes

• Updated dependencies [0db5cd8]
  • @​ai-sdk/gateway@​3.0.80

Commits

• d1eccb5 Version Packages (#13882)
• 768a9d6 Backport: feat (provider/gateway): add get-generation support (#13870)
• f07a378 Version Packages (#13862)
• 95fedf0 Backport: feat (provider/gateway): add spend reporting support (#13859)
• 78384e9 Version Packages (#13858)
• e69062d Backport: chore(provider/gateway): rename GatewayLanguageModelOptions back to...
• ba97d4b Version Packages (#13812)
• 0db5cd8 Backport: chore(provider/gateway): update gateway model settings files v6 (#1...
• 11ccc8e Backport: docs: add PostHog as an observability provider (#13801)
• e58289e chore: remove repro example for a bug (#13775)
• Additional commits viewable in compare view

Updates typescript from 5.9.3 to 6.0.2

Release notes

Sourced from typescript's releases.

TypeScript 6.0

For release notes, check out the release announcement blog post.

• fixed issues query for TypeScript 6.0.0 (Beta).
• fixed issues query for TypeScript 6.0.1 (RC).
• fixed issues query for TypeScript 6.0.2 (Stable).

Downloads are available on:

• npm

TypeScript 6.0 Beta

For release notes, check out the release announcement.

• fixed issues query for Typescript 6.0.0 (Beta).

Downloads are available on:

• npm

Commits

• 607a22a Bump version to 6.0.2 and LKG
• 9e72ab7 🤖 Pick PR #63239 (Fix missing lib files in reused pro...) into release-6.0 (#...
• 35ff23d 🤖 Pick PR #63163 (Port anyFunctionType subtype fix an...) into release-6.0 (#...
• e175b69 Bump version to 6.0.1-rc and LKG
• af4caac Update LKG
• 8efd7e8 Merge remote-tracking branch 'origin/main' into release-6.0
• 206ed1a Deprecate assert in import() (#63172)
• e688ac8 Update dependencies (#63156)
• 29b300d Bump the github-actions group across 1 directory with 2 updates (#63205)
• 0c2c7a3 DOM update (#63183)
• Additional commits viewable in compare view

Updates @astrojs/mdx from 4.3.14 to 5.0.3

Release notes

Sourced from @​astrojs/mdx's releases.

@​astrojs/mdx@​5.0.3

Patch Changes

• Updated dependencies [10a1a5a]:
  • @​astrojs/markdown-remark@​7.1.0

@​astrojs/mdx@​5.0.2

Patch Changes

• #15864 d3c7de9 Thanks @​florian-lefebvre! - Removes temporary support for Node >=20.19.1 because Stackblitz now uses Node 22 by default

• Updated dependencies []:

  • @​astrojs/markdown-remark@​7.0.1

@​astrojs/mdx@​5.0.1

Patch Changes

• #15934 6f8f0bc Thanks @​ematipico! - Updates the Astro peerDependencies#astro to be 6.0.0.

@​astrojs/mdx@​5.0.0

Major Changes

• #14494 727b0a2 Thanks @​florian-lefebvre! - Updates Markdown heading ID generation - (v6 upgrade guidance)

• #14427 e131261 Thanks @​florian-lefebvre! - Increases minimum Node.js version to 22.12.0 - (v6 upgrade guidance)

• #14445 ecb0b98 Thanks @​florian-lefebvre! - Astro v6.0 upgrades to Vite v7.0 as the development server and production bundler - (v6 upgrade guidance)

Patch Changes

• #15187 bbb5811 Thanks @​matthewp! - Update to Astro 6 beta

• #15475 36fc0e0 Thanks @​delucis! - Fixes edge cases where an export const components = {...} declaration would fail to be detected with the optimize option enabled

• #15264 11efb05 Thanks @​florian-lefebvre! - Lower the Node version requirement to allow running on Stackblitz until it supports v22

• Updated dependencies [bbb5811, cb99214, 80f0225, 727b0a2, 1fa4177, 7c55f80, 6f19ecc, f94d3c5]:

  • @​astrojs/markdown-remark@​7.0.0

Changelog

Sourced from @​astrojs/mdx's changelog.

5.0.3

Patch Changes

• Updated dependencies [10a1a5a]:
  • @​astrojs/markdown-remark@​7.1.0

5.0.2

Patch Changes

• #15864 d3c7de9 Thanks @​florian-lefebvre! - Removes temporary support for Node >=20.19.1 because Stackblitz now uses Node 22 by default

• Updated dependencies []:

  • @​astrojs/markdown-remark@​7.0.1

5.0.1

Patch Changes

• #15934 6f8f0bc Thanks @​ematipico! - Updates the Astro peerDependencies#astro to be 6.0.0.

5.0.0

Major Changes

• #14494 727b0a2 Thanks @​florian-lefebvre! - Updates Markdown heading ID generation - (v6 upgrade guidance)

• #14427 e131261 Thanks @​florian-lefebvre! - Increases minimum Node.js version to 22.12.0 - (v6 upgrade guidance)

• #14445 ecb0b98 Thanks @​florian-lefebvre! - Astro v6.0 upgrades to Vite v7.0 as the development server and production bundler - (v6 upgrade guidance)

Patch Changes

• #15187 bbb5811 Thanks @​matthewp! - Update to Astro 6 beta

• #15475 36fc0e0 Thanks @​delucis! - Fixes edge cases where an export const components = {...} declaration would fail to be detected with the optimize option enabled

• #15264 11efb05 Thanks @​florian-lefebvre! - Lower the Node version requirement to allow running on Stackblitz until it supports v22

• Updated dependencies [bbb5811, cb99214, 80f0225, 727b0a2, 1fa4177, 7c55f80, 6f19ecc, f94d3c5]:

  • @​astrojs/markdown-remark@​7.0.0

5.0.0-beta.12

Patch Changes

• Updated dependencies []:
  • @​astrojs/markdown-remark@​7.0.0-beta.11

... (truncated)

Commits

• 4a6ff2a [ci] release (#16020)
• a2c15bb fix(deps): update astro dependencies (#15913)
• efcd607 [ci] release (#15938)
• d3c7de9 feat: drop node 20 support (#15864)
• 09ecdd7 [ci] release (#15889)
• 6f8f0bc fix: update peer dependency range (#15934)
• 48e5c4d [ci] release (#15808)
• 2ce9e74 chore: update docs links (#15732)
• 25560db [ci] release (beta) (#15773)
• 6414732 Spelling (#15601)
• Additional commits viewable in compare view

Updates @astrojs/vue from 5.1.4 to 6.0.1

Release notes

Sourced from @​astrojs/vue's releases.

@​astrojs/vue@​6.0.1

Patch Changes

• #15934 6f8f0bc Thanks @​ematipico! - Updates the Astro peerDependencies#astro to be 6.0.0.

@​astrojs/vue@​6.0.0

Major Changes

• #14445 ecb0b98 Thanks @​florian-lefebvre! - Astro v6.0 upgrades to Vite v7.0 as the development server and production bundler - (v6 upgrade guidance)

Minor Changes

• #15425 0317e99 Thanks @​ocavue! - Updates @vitejs/plugin-vue to v6, @vitejs/plugin-vue-jsx to v5, and vite-plugin-vue-devtools to v8. No changes are needed from users.

Patch Changes

• #15125 6feb0d7 Thanks @​florian-lefebvre! - Adds support for arbitrary HTML attributes on Vue components

• #15045 31074fc Thanks @​ematipico! - Fixes an issue where using the Vue integration with the Cloudflare adapter resulted in some runtime errors.

Changelog

Sourced from @​astrojs/vue's changelog.

6.0.1

Patch Changes

• #15934 6f8f0bc Thanks @​ematipico! - Updates the Astro peerDependencies#astro to be 6.0.0.

6.0.0

Major Changes

• #14445 ecb0b98 Thanks @​florian-lefebvre! - Astro v6.0 upgrades to Vite v7.0 as the development server and production bundler - (v6 upgrade guidance)

Minor Changes

• #15425 0317e99 Thanks @​ocavue! - Updates @vitejs/plugin-vue to v6, @vitejs/plugin-vue-jsx to v5, and vite-plugin-vue-devtools to v8. No changes are needed from users.

Patch Changes

• #15125 6feb0d7 Thanks @​florian-lefebvre! - Adds support for arbitrary HTML attributes on Vue components

• #15045 31074fc Thanks @​ematipico! - Fixes an issue where using the Vue integration with the Cloudflare adapter resulted in some runtime errors.

6.0.0-beta.1

Minor Changes

• #15425 0317e99 Thanks @​ocavue! - Updates @vitejs/plugin-vue to v6, @vitejs/plugin-vue-jsx to v5, and vite-plugin-vue-devtools to v8. No changes are needed from users.

6.0.0-beta.0

Patch Changes

• #15125 6feb0d7 Thanks @​florian-lefebvre! - Adds support for arbitrary HTML attributes on Vue components

6.0.0-alpha.1

Patch Changes

• #15045 31074fc Thanks @​ematipico! - Fixes an issue where using the Vue integration with the Cloudflare adapter resulted in some runtime errors.

6.0.0-alpha.0

Major Changes

• #14445 ecb0b98 Thanks @​florian-lefebvre! - Astro v6.0 upgrades to Vite v7.0 as the development server and production bundler - (v6 upgrade guidance)

Patch Changes

• Updated dependencies [ece667a, 861b9cc, ece667a, 9fdfd4c, 91780cf, 9fdfd4c, b1d87ec, 049da87, 727b0a2, 55a1a91, 669ca5b, df6d2d7, 9fdfd4c, e131261, c69c7de, 666d5a7, 4f11510, 25fe093, 9c282b5, ecb0b98, 6f67c6e, 36a461b, 3bda3ce]:
  • astro@6.0.0-alpha.0

Commits

• 09ecdd7 [ci] release (#15889)
• 6f8f0bc fix: update peer dependency range (#15934)
• 48e5c4d [ci] release (#15808)
• 2ce9e74 chore: update docs links (#15732)
• 3963855 fix(deps): update astro client runtimes (#15720)
• 1118ac4 feat: update tsconfig template to prepare for TS 6 (#15668)
• b958dc9 chore: move vue jsx test (#15666)
• 6c93201 fix(deps): update astro client runtimes (#15530)
• f6ebad7 [ci] release (beta) (#15426)
• 2440f3e fix(deps): lock file maintenance astro client runtimes (#15404)
• Additional commits viewable in compare view

Updates astro from 5.18.1 to 6.1.1

Release notes

Sourced from astro's releases.

astro@6.1.1

Patch Changes

• #16105 23d60de Thanks @​matthewp! - Fix dev toolbar audit crash when encountering the image ARIA role

• #16089 999c875 Thanks @​martrapp! - Fixes an issue with the client router where Vue's :deep() notation was ignored in dev mode.

astro@6.1.0

Minor Changes

• #15804 a5e7232 Thanks @​merlinnot! - Allows setting codec-specific defaults for Astro's built-in Sharp image service via image.service.config.

  You can now configure encoder-level options such as jpeg.mozjpeg, webp.effort, webp.alphaQuality, avif.effort, avif.chromaSubsampling, and png.compressionLevel when using astro/assets/services/sharp for compile-time image generation.

  These settings apply as defaults for the built-in Sharp pipeline, while per-image quality still takes precedence when set on <Image />, <Picture />, or getImage().

• #15455 babf57f Thanks @​AhmadYasser1! - Adds fallbackRoutes to the IntegrationResolvedRoute type, exposing i18n fallback routes to integrations via the astro:routes:resolved hook for projects using fallbackType: 'rewrite'.

  This allows integrations such as the sitemap integration to properly include generated fallback routes in their output.

  {
    'astro:routes:resolved': ({ routes }) => {
      for (const route of routes) {
        for (const fallback of route.fallbackRoutes) {
          console.log(fallback.pathname) // e.g. /fr/about/
        }
      }
    }
  }

• #15340 10a1a5a Thanks @​trueberryless! - Adds support for advanced configuration of SmartyPants in Markdown.

  You can now pass an options object to markdown.smartypants in your Astro configuration to fine-tune how punctuation, dashes, and quotes are transformed.

  This is helpful for projects that require specific typographic standards, such as "oldschool" dash handling or localized quotation marks.

  // astro.config.mjs
  export default defineConfig({
    markdown: {
      smartypants: {
        backticks: 'all',
        dashes: 'oldschool',
        ellipses: 'unspaced',
        openingQuotes: { double: '«', single: '‹' },
        closingQuotes: { double: '»', single: '›' },
        quotes: false,
      },

... (truncated)

Changelog

Sourced from astro's changelog.

6.1.1

Patch Changes

• #16105 23d60de Thanks @​matthewp! - Fix dev toolbar audit crash when encountering the image ARIA role

• #16089 999c875 Thanks @​martrapp! - Fixes an issue with the client router where Vue's :deep() notation was ignored in dev mode.

6.1.0

Minor Changes

• #15804 a5e7232 Thanks @​merlinnot! - Allows setting codec-specific defaults for Astro's built-in Sharp image service via image.service.config.

  You can now configure encoder-level options such as jpeg.mozjpeg, webp.effort, webp.alphaQuality, avif.effort, avif.chromaSubsampling, and png.compressionLevel when using astro/assets/services/sharp for compile-time image generation.

  These settings apply as defaults for the built-in Sharp pipeline, while per-image quality still takes precedence when set on <Image />, <Picture />, or getImage().

• #15455 babf57f Thanks @​AhmadYasser1! - Adds fallbackRoutes to the IntegrationResolvedRoute type, exposing i18n fallback routes to integrations via the astro:routes:resolved hook for projects using fallbackType: 'rewrite'.

  This allows integrations such as the sitemap integration to properly include generated fallback routes in their output.

  {
    'astro:routes:resolved': ({ routes }) => {
      for (const route of routes) {
        for (const fallback of route.fallbackRoutes) {
          console.log(fallback.pathname) // e.g. /fr/about/
        }
      }
    }
  }

• #15340 10a1a5a Thanks @​trueberryless! - Adds support for advanced configuration of SmartyPants in Markdown.

  You can now pass an options object to markdown.smartypants in your Astro configuration to fine-tune how punctuation, dashes, and quotes are transformed.

  This is helpful for projects that require specific typographic standards, such as "oldschool" dash handling or localized quotation marks.

  // astro.config.mjs
  export default defineConfig({
    markdown: {
      smartypants: {
        backticks: 'all',
        dashes: 'oldschool',
        ellipses: 'unspaced',
        openingQuotes: { double: '«', single: '‹' },
        closingQuotes: { double: '»', single: '›' },

... (truncated)

Commits

• f649ae0 [ci] release (#16108)
• 10c3a47 [ci] format
• 999c875 fix(transitions): auto-persist styles with data-vite-dev-id (#16089)
• 23d60de fix(dev-toolbar): normalize aria-query role aliases to prevent audit crash (#...
• 88fcc98 fix integrations links across docs (#16098)
• 4a6ff2a [ci] release (#16020)
• b9e96da fix(deps): update dependency vitest to v4 (#15372)
• 4fad14a test: strengthen the tests of rendering utilities (#16086)
• f74465a fix(hmr): handle middleware changes during dev (#16054)
• fa5bcde refactor(test): move params encoding to unit tests (#16056)
• Additional commits viewable in compare view

Updates vite from 7.3.1 to 8.0.3

Release notes

Sourced from vite's releases.

create-vite@8.0.3

Please refer to CHANGELOG.md for details.

v8.0.3

Please refer to CHANGELOG.md for details.

create-vite@8.0.2

Please refer to CHANGELOG.md for details.

v8.0.2

Please refer to CHANGELOG.md for details.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

v8.0.1

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.1

Please refer to CHANGELOG.md for details.

create-vite@8.0.0

Please refer to CHANGELOG.md for details.

plugin-legacy@8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0

Please refer to CHANGELOG.md for details.

v8.0.0-beta.18

Please refer to CHANGELOG.md for details.

v8.0.0-beta.17

Please refer to CHANGELOG.md for details.

v8.0.0-beta.16

Please refer to CHANGELOG.md for details.

v8.0.0-beta.15

Please refer to CHANGELOG.md for details.

v8.0.0-beta.14

Please refer to CHANGELOG.md for details.

v8.0.0-beta.13

Please refer to CHANGELOG.md for details.

v8.0.0-beta.12

Please refer to CHANGELOG.md for details.

... (truncated)

Changelog

Sourced from vite's changelog.

8.0.3 (2026-03-26)

Features

• update rolldown to 1.0.0-rc.12 (#22024) (84164ef)

Bug Fixes

• html: cache unfiltered CSS list to prevent missing styles across entries (#22017) (5464190)
• module-runner: handle non-ascii characters in base64 sourcemaps (#21985) (77c95bf)
• module-runner: skip re-import if the runner is closed (#22020) (ee2c2cd)
• optimizer: scan is not resolving sub path import if used in a glob import (#22018) (ddfe20d)
• ssr: ssrTransform incorrectly rewrites meta identifier inside import.meta when a binding named meta exists (#22019) (cff5f0c)

Miscellaneous Chores

• deps: bump picomatch from 4.0.3 to 4.0.4 (#22027) (7e56003)

Tests

• html: add tests for getCssFilesForChunk (#22016) (43fbbf9)

8.0.2 (2026-03-23)

Features

• update rolldown to 1.0.0-rc.11 (#21998) (ff91c31)

Bug Fixes

• deps: update all non-major dependencies (#21988) (9b7d150)

Miscellaneous Chores

• deps: update dependency @​vitejs/devtools to ^0.1.5 (#21992) (b2dd65b)

8.0.1 (2026-03-19)

Features

• update rolldown to 1.0.0-rc.10 (#21932) (b3c067d)

Bug Fixes

• bundled-dev: properly disable inlineConst optimization (#21865) (6d97142)
• css: lightningcss minify failed when build.target: 'es6' (#21933) (5fcce46)
• deps: update all non-major dependencies (#21878) (6dbbd7f)
• dev: always use ESM Oxc runtime (#21829) (d323ed7)
• dev: handle concurrent restarts in _createServer (#21810) (40bc729)
• handle + symbol in package subpath exports during dep optimization (#21886) (86db93d)
• improve no-cors request block error (#21902) (5ba688b)
• use precise regexes for transform filter to avoid backtracking (#21800) (dbe41bd)
• worker: require(json) result should not be wrapped (#21847) (0672fd2)

... (truncated)

Commits

• f83264f refactor(build): rename indexOfMatchInSlice to findPreloadMarker (#21054)
• 8293de0 release: v7.2.0
• 2833c55 fix(types): add undefined to optional properties for exactOptionalProperties ...
• e3a6a83 chore(deps): update rolldown-related dependencies (#21047)
• b1fd616 fix(css): fallback to sass when sass-embedded platform binary is missing (#21...
• ad5b3bf fix(module-runner): make getBuiltins response JSON serializable (#21029)
• 793baa2 release: v7.2.0-beta.1
• e5af352 fix(optimizer): externalize virtual modules for html like files (#21001)
• 4f44f22 fix: increase stream reset rate limit for HTTP2 (#21024)
• a2df778 refactor: use fs.cpSync (#21019)
• Additional commits viewable in ...

  Description has been truncated

[changeset-bot]

⚠️ No Changeset found

Latest commit: 71cbc61

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
🔵 In progress View logs	varlock-docs-mcp	71cbc61	Mar 30 2026, 02:42 PM

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
❌ Deployment failed View logs	varlock-website	71cbc61	Mar 30 2026, 02:42 PM

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	remark-custom-header-id@​1.0.0
	starlight-llms-txt@​0.6.1
	astro-iconify@​1.2.0
	ast-matcher@​1.2.0
	astro-robots-txt@​1.0.0
	@​astrojs/​partytown@​2.1.6
	@​astrojs/​vue@​6.0.1
	@​astrojs/​sitemap@​3.7.2
	vite@​8.0.3
	@​astrojs/​mdx@​5.0.3
	@​astrojs/​starlight@​0.37.7
	canvaskit-wasm@​0.40.0
	astro-og-canvas@​0.7.2
	vue@​3.5.31

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm svgo is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/astro-iconify@1.2.0 → npm/svgo@3.3.3 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/svgo@3.3.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm vite is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/starlight-llms-txt@0.6.1 → npm/@astrojs/starlight@0.37.7 → npm/@astrojs/vue@6.0.1 → npm/astro@6.1.1 → npm/astro-og-canvas@0.7.2 → npm/vite@6.4.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/vite@6.4.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm vite is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: packages/integrations/vite/package.json → npm/vite@8.0.3 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/vite@8.0.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[dependabot]

Superseded by #514.