[dependabot-burndown] Security Alert Burndown: Dependabot bundle — Node.js — docs/package.json (2026-01-29) #12551
Closed as not planned
Description
Context
This issue tracks one Dependabot PR bundle discovered by the Security Alert Burndown campaign.
Bundle
- Runtime: Node.js
- Manifest:
docs/package.json
Bundling Rules
- Group work by runtime. Never mix runtimes.
- Group changes by target dependency file (one manifest + its lockfile).
- Patch/minor updates may be bundled; major updates should be isolated unless tightly coupled.
- Bundled releases must include a research report (packages, versions, breaking changes, migration, risk, tests).
PRs in Bundle
- Bump astro from 5.16.12 to 5.16.15 in /docs #12015 - Bump astro from 5.16.12 to 5.16.15 in /docs (5.16.12 → 5.16.15)
- Bump @astrojs/starlight from 0.37.3 to 0.37.4 in /docs #12013 - Bump
@astrojs/starlightfrom 0.37.3 to 0.37.4 in /docs (0.37.3 → 0.37.4) - Bump @playwright/test from 1.57.0 to 1.58.0 in /docs #12010 - Bump
@playwright/testfrom 1.57.0 to 1.58.0 in /docs (1.57.0 → 1.58.0) — Minor version
Agent Task
- Research each update for breaking changes and summarize risks. Note:
@playwright/test1.57→1.58 is a minor version bump — review for API changes. - Create a single bundled PR (one runtime + one manifest) with title prefix "[dependabot-burndown]".
- Ensure CI passes; run relevant runtime tests.
- Add the research report to the bundled PR.
- Update this issue checklist as PRs are merged.
AI generated by Dependabot Burner Campaign