build(deps): bump astro from 5.18.1 to 6.1.8 in /docs in the npm_and_yarn group across 1 directory#812
Conversation
Bumps the npm_and_yarn group with 1 update in the /docs directory: [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro). Updates `astro` from 5.18.1 to 6.1.8 - [Release notes](https://github.com/withastro/astro/releases) - [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md) - [Commits](https://github.com/withastro/astro/commits/astro@6.1.8/packages/astro) --- updated-dependencies: - dependency-name: astro dependency-version: 6.1.8 dependency-type: direct:production dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
Codecov Results 📊✅ 138 passed | Total: 138 | Pass Rate: 100% | Execution Time: 0ms 📊 Comparison with Base Branch
✨ No test changes detected All tests are passing successfully. ✅ Patch coverage is 100.00%. Project has 1950 uncovered lines. Coverage diff@@ Coverage Diff @@
## main #PR +/-##
==========================================
- Coverage 95.20% 95.19% -0.01%
==========================================
Files 282 282 —
Lines 40577 40577 —
Branches 0 0 —
==========================================
+ Hits 38633 38627 -6
- Misses 1944 1950 +6
- Partials 0 0 —Generated by Codecov Action |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 2 potential issues.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 84f272f. Configure here.
| "@astrojs/starlight": "^0.31.1", | ||
| "@sentry/astro": "^10.38.0", | ||
| "astro": "^5.1.1", | ||
| "astro": "^6.1.8", |
There was a problem hiding this comment.
Starlight 0.31 incompatible with Astro 6 major upgrade
High Severity
Bumping astro to ^6.1.8 without upgrading @astrojs/starlight from ^0.31.1 breaks compatibility. Starlight 0.31 only supports Astro 5.x; Astro 6 support was introduced in Starlight 0.38.0. This will cause the docs build to fail because the Starlight integration cannot work with the new major version of Astro.
Additional Locations (1)
Reviewed by Cursor Bugbot for commit 84f272f. Configure here.
| "@astrojs/starlight": "^0.31.1", | ||
| "@sentry/astro": "^10.38.0", | ||
| "astro": "^5.1.1", | ||
| "astro": "^6.1.8", |
There was a problem hiding this comment.
Lockfile not updated, still resolves Astro 5.x
Medium Severity
The bun.lock file was not updated alongside the package.json change. The lockfile still records "astro": "^5.1.1" and resolves to astro@5.16.15, leaving the dependency tree completely out of sync with the new ^6.1.8 specifier. This happens because Dependabot is configured for npm_and_yarn but the project uses bun, so the lockfile is never regenerated. Running bun install will encounter a mismatch and attempt to re-resolve, but without updating the locked companion packages (@astrojs/mdx, astro-expressive-code, etc.) that also need Astro 6–compatible versions.
Reviewed by Cursor Bugbot for commit 84f272f. Configure here.
|
Superseded by #816, which does the full coordinated Astro 5 → 6 upgrade (bumps |
|
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests. To ignore these dependencies, configure ignore rules in dependabot.yml |
dependabot
Bot
deleted the
dependabot/npm_and_yarn/docs/npm_and_yarn-0f5eb44cbf
branch
## Summary - Supersedes #812 with the full coordinated Astro 5 → 6 upgrade for the docs site. - Bumps `astro` (`^5.1.1` → `^6.1.8`) and `@astrojs/starlight` (`^0.31.1` → `^0.38.3`) together, regenerates `docs/bun.lock`. - Applies the breaking-change migrations required by the new major versions. ## Why #812 can't land on its own Dependabot's PR only bumps `astro` in isolation. That breaks two ways: 1. **Immediate**: Dependabot regenerates `package-lock.json`, not `bun.lock`, so `bun install --frozen-lockfile` fails in the `Build Docs` CI job. 2. **Actual**: `@astrojs/starlight@0.31.1` pins `peerDependencies.astro` to `^5.1.5`, and Astro 6 [removes the automatic legacy content-collections backwards-compat layer](https://docs.astro.build/en/guides/upgrade-to/v6/#legacy-content-collections-backwards-compatibility). Starlight must move along with Astro. ## Changes ### Dependencies - `astro`: `^5.1.1` → `^6.1.8` - `@astrojs/starlight`: `^0.31.1` → `^0.38.3` - `@sentry/astro`, `sharp`, `shiki` unchanged (already compatible) ### Content Layer API migration Moved `docs/src/content/config.ts` → `docs/src/content.config.ts` and rewrote it to pair `docsSchema()` with `docsLoader()`. Astro 6 removes the automatic legacy content-collections backwards-compat layer, so every collection must now go through the Content Layer API. ### Starlight config changes - `social` config: deprecated object shorthand → array-of-entries form (Starlight 0.33 breaking change). - `PageTitle.astro` override: reads sidebar/entry from `Astro.locals.starlightRoute` instead of `Astro.props` (the `Props` type from `@astrojs/starlight/props` is deprecated and no longer populated by Starlight). - `Header.astro` override: same route-data migration; `slug` is now `starlightRoute.id` (empty string on the landing page, per Starlight's `normalizeIndexSlug`). ### Build scripts (Astro 6 Node engine) Astro 6 enforces `engines.node >= 22.12.0` at runtime, but the GitHub-hosted Ubuntu runner ships Node 20.20.2 and `astro`'s bin has `#!/usr/bin/env node`. `docs/package.json` scripts (`dev`, `build`, `preview`) now invoke astro via `bun --bun` so the build runs under Bun and bypasses the Node shebang. Works transparently in CI and on local machines stuck on Node 20.x. ## Out of scope - No CLI code / repo-root lockfile changes — strictly `docs/`. - No Tailwind migration (site has no Tailwind integration). ## Verification ```sh cd docs rm -rf node_modules bun install --frozen-lockfile # clean install, 538 packages bun run build # 29 pages built, no errors ``` Closes #812
1 participant
Bumps the npm_and_yarn group with 1 update in the /docs directory: astro.
Updates
astrofrom 5.18.1 to 6.1.8Release notes
Sourced from astro's releases.
... (truncated)
Changelog
Sourced from astro's changelog.
... (truncated)
Commits
63c5c85[ci] release (#16356)71c93ca[ci] format5a84551Improves Vue scoped style handling in DEV mode during client router navigatio...ba2dbf1refactor(astro): correct Fixture type signatures in test-utils (#16380)217c5b3perf(core): cache crawl result (#16381)6e5bc17chore: absorb tests into others (#16365)dc8a01dchore: reduce fixtures by merging them (#16364)bb0ff91refactor(astro): migrate error tests to typescript (#16377)a6866a7fix(core): clean chunk name (#16367)811015dchore: remove lone fixtures (#16363)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsYou can disable automated security fix PRs for this repo from the Security Alerts page.