chore(deps): bump the npm-deps group with 7 updates

[dependabot]

Bumps the npm-deps group with 7 updates:

Package	From	To
@astrojs/check	0.9.7	0.9.8
@astrojs/starlight	0.38.1	0.38.2
@lavamoat/preinstall-always-fail	2.1.1	3.0.0
@tailwindcss/vite	4.2.1	4.2.2
astro	6.0.4	6.0.8
tailwindcss	4.2.1	4.2.2
@lavamoat/allow-scripts	3.4.3	4.0.0

Updates @astrojs/check from 0.9.7 to 0.9.8

Release notes

Sourced from @​astrojs/check's releases.

@​astrojs/check@​0.9.8

Patch Changes

• #15892 a2f597d Thanks @​Princesseuh! - Fixes Astro not being able to find astro check sometimes

• Updated dependencies [7b4b254]:

  • @​astrojs/language-server@​2.16.5

Changelog

Sourced from @​astrojs/check's changelog.

0.9.8

Patch Changes

• #15892 a2f597d Thanks @​Princesseuh! - Fixes Astro not being able to find astro check sometimes

• Updated dependencies [7b4b254]:

  • @​astrojs/language-server@​2.16.5

Commits

• 09ecdd7 [ci] release (#15889)
• a2f597d fix(check): Revert publint lint fix (#15892)
• See full diff in compare view

Updates @astrojs/starlight from 0.38.1 to 0.38.2

Release notes

Sourced from @​astrojs/starlight's releases.

@​astrojs/starlight@​0.38.2

Patch Changes

• #3759 f24ce99 Thanks @​MilesChou! - Fixes an issue where monolingual sites using a region-specific locale (e.g., zh-TW) as the default would incorrectly display base language translations (e.g., zh Simplified Chinese) instead of the region-specific ones (e.g., zh-TW Traditional Chinese).

• #3768 a4c6c20 Thanks @​delucis! - Improves performance of sidebar generation for sites with very large sidebars

Changelog

Sourced from @​astrojs/starlight's changelog.

0.38.2

Patch Changes

• #3759 f24ce99 Thanks @​MilesChou! - Fixes an issue where monolingual sites using a region-specific locale (e.g., zh-TW) as the default would incorrectly display base language translations (e.g., zh Simplified Chinese) instead of the region-specific ones (e.g., zh-TW Traditional Chinese).

• #3768 a4c6c20 Thanks @​delucis! - Improves performance of sidebar generation for sites with very large sidebars

Commits

• d871021 [ci] release (#3766)
• a4c6c20 Improve performance of sidebar generation logic (#3768)
• f24ce99 fix: use region-specific translations for default locale (#3759)
• 1a87ed4 Update to Vitest 4.1 (#3757)
• See full diff in compare view

Updates @lavamoat/preinstall-always-fail from 2.1.1 to 3.0.0

Release notes

Sourced from @​lavamoat/preinstall-always-fail's releases.

preinstall-always-fail: v3.0.0

3.0.0 (2026-03-20)

⚠ BREAKING CHANGES

• Node.js v18 is no longer supported.

Bug Fixes

• drop Node.js v18 support across the board (#1886) (1190c9b)

Changelog

Sourced from @​lavamoat/preinstall-always-fail's changelog.

3.0.0 (2026-03-20)

⚠ BREAKING CHANGES

• Node.js v18 is no longer supported.

Bug Fixes

• drop Node.js v18 support across the board (#1886) (1190c9b)

Commits

• See full diff in compare view

Updates @tailwindcss/vite from 4.2.1 to 4.2.2

Release notes

Sourced from @​tailwindcss/vite's releases.

v4.2.2

Added

• Support Vite 8 in @tailwindcss/vite (#19790)

Fixed

• Don't crash when candidates contain prototype properties like row-constructor (#19725)
• Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#19769)
• Fix crash in canonicalization step when handling utilities containing @property at-rules (e.g. shadow-sm border) (#19727)
• Skip full reload for server only modules scanned by client CSS when using @tailwindcss/vite (#19745)
• Improve canonicalization for bare values exceeding default spacing scale suggestions (e.g. w-1234 h-1234 → size-1234) (#19809)
• Fix canonicalization resulting in empty list (e.g. w-5 h-5 size-5 → '' instead of size-5) (#19812)

Changelog

Sourced from @​tailwindcss/vite's changelog.

[4.2.2] - 2026-03-18

Fixed

• Don't crash when candidates contain prototype properties like row-constructor (#19725)
• Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#19769)
• Fix crash in canonicalization step when handling utilities containing @property at-rules (e.g. shadow-sm border) (#19727)
• Skip full reload for server only modules scanned by client CSS when using @tailwindcss/vite (#19745)
• Add support for Vite 8 in @tailwindcss/vite (#19790)
• Improve canonicalization for bare values exceeding default spacing scale suggestions (e.g. w-1234 h-1234 → size-1234) (#19809)
• Fix canonicalization resulting in empty list (e.g. w-5 h-5 size-5 → '' instead of size-5) (#19812)
• Resolve tsconfig paths to allow for @import '@/path/to/file'; when using @tailwindcss/vite (#19803)

Commits

• d596b0c 4.2.2 (#19821)
• faa5e88 Cleanup inconsistencies related to (regex) escapes (#19804)
• 59b0329 Add support for Vite 8 in @tailwindcss/vite (#19790)
• bf441a7 fix(vite): skip full reload for server only modules scanned by client css (#1...
• See full diff in compare view

Updates astro from 6.0.4 to 6.0.8

Release notes

Sourced from astro's releases.

astro@6.0.8

Patch Changes

• #15978 6d182fe Thanks @​seroperson! - Fixes a bug where Astro Actions didn't properly support nested object properties, causing problems when users used zod functions such as superRefine or discriminatedUnion.

• #16011 e752170 Thanks @​matthewp! - Fixes a dev server hang on the first request when using the Cloudflare adapter

• #15997 1fddff7 Thanks @​ematipico! - Fixes Astro.rewrite() failing when the target path contains duplicate slashes (e.g. //about). The duplicate slashes are now collapsed before URL parsing, preventing them from being interpreted as a protocol-relative URL.

astro@6.0.7

Patch Changes

• #15950 acce5e8 Thanks @​matthewp! - Fixes a build regression in projects with multiple frontend integrations where server:defer server islands could fail at runtime when all pages are prerendered.

• #15988 c93b4a0 Thanks @​ossaidqadri! - Fix styles from dynamically imported components not being injected on first dev server load.

• #15968 3e7a9d5 Thanks @​chasemccoy! - Fixes renderMarkdown in custom content loaders not resolving images in markdown content. Images referenced in markdown processed by renderMarkdown are now correctly optimized, matching the behavior of the built-in glob() loader.

• #15990 1e6017f Thanks @​ematipico! - Fixes an issue where Astro.currentLocale would always be the default locale instead of the actual one when using a dynamic route like [locale].astro or [locale]/index.astro. It now resolves to the correct locale from the URL.

• #15990 1e6017f Thanks @​ematipico! - Fixes an issue where visiting an invalid locale URL (e.g. /asdf/) would show the content of a dynamic [locale] page with a 404 status code, instead of showing your custom 404 page. Now, the correct 404 page is rendered when the locale in the URL doesn't match any configured locale.

• #15960 1d84020 Thanks @​matthewp! - Fixes Cloudflare dev server islands with prerenderEnvironment: 'node' by sharing the serialized manifest encryption key across dev environments and routing server island requests through the SSR runtime.

• #15735 9685e2d Thanks @​fa-sharp! - Fixes an EventEmitter memory leak when serving static pages from Node.js middleware.

  When using the middleware handler, requests that were being passed on to Express / Fastify (e.g. static files / pre-rendered pages / etc.) weren't cleaning up socket listeners before calling next(), causing a memory leak warning. This fix makes sure to run the cleanup before calling next().

astro@6.0.6

Patch Changes

• #15965 2dca307 Thanks @​matthewp! - Fixes client hydration for components imported through Node.js subpath imports (package.json#imports, e.g. #components/*), for example when using the Cloudflare adapter in development.

• #15770 6102ca2 Thanks @​jpc-ae! - Updates the create astro welcome message to highlight the graceful dev/preview server quit command rather than the kill process shortcut

• #15953 7eddf22 Thanks @​Desel72! - fix(hmr): eagerly recompile on style-only change to prevent stale slots render

• #15916 5201ed4 Thanks @​trueberryless! - Fixes InferLoaderSchema type inference for content collections defined with a loader that includes a schema

• #15864 d3c7de9 Thanks @​florian-lefebvre! - Removes temporary support for Node >=20.19.1 because Stackblitz now uses Node 22 by default

• #15944 a5e1acd Thanks @​fkatsuhiro! - Fixes SSR dynamic routes with .html extension (e.g. [slug].html.astro) not working

• #15937 d236245 Thanks @​ematipico! - Fixes an issue where HMR didn't correctly work on Windows when adding/changing/deleting routes in pages/.

• #15931 98dfb61 Thanks @​Strernd! - Fix skew protection query params not being applied to island hydration component-url and renderer-url, and ensure query params are appended safely for asset URLs with existing search/hash parts.

• Updated dependencies []:

  • @​astrojs/markdown-remark@​7.0.1

... (truncated)

Changelog

Sourced from astro's changelog.

6.0.8

Patch Changes

• #15978 6d182fe Thanks @​seroperson! - Fixes a bug where Astro Actions didn't properly support nested object properties, causing problems when users used zod functions such as superRefine or discriminatedUnion.

• #16011 e752170 Thanks @​matthewp! - Fixes a dev server hang on the first request when using the Cloudflare adapter

• #15997 1fddff7 Thanks @​ematipico! - Fixes Astro.rewrite() failing when the target path contains duplicate slashes (e.g. //about). The duplicate slashes are now collapsed before URL parsing, preventing them from being interpreted as a protocol-relative URL.

6.0.7

Patch Changes

• #15950 acce5e8 Thanks @​matthewp! - Fixes a build regression in projects with multiple frontend integrations where server:defer server islands could fail at runtime when all pages are prerendered.

• #15988 c93b4a0 Thanks @​ossaidqadri! - Fix styles from dynamically imported components not being injected on first dev server load.

• #15968 3e7a9d5 Thanks @​chasemccoy! - Fixes renderMarkdown in custom content loaders not resolving images in markdown content. Images referenced in markdown processed by renderMarkdown are now correctly optimized, matching the behavior of the built-in glob() loader.

• #15990 1e6017f Thanks @​ematipico! - Fixes an issue where Astro.currentLocale would always be the default locale instead of the actual one when using a dynamic route like [locale].astro or [locale]/index.astro. It now resolves to the correct locale from the URL.

• #15990 1e6017f Thanks @​ematipico! - Fixes an issue where visiting an invalid locale URL (e.g. /asdf/) would show the content of a dynamic [locale] page with a 404 status code, instead of showing your custom 404 page. Now, the correct 404 page is rendered when the locale in the URL doesn't match any configured locale.

• #15960 1d84020 Thanks @​matthewp! - Fixes Cloudflare dev server islands with prerenderEnvironment: 'node' by sharing the serialized manifest encryption key across dev environments and routing server island requests through the SSR runtime.

• #15735 9685e2d Thanks @​fa-sharp! - Fixes an EventEmitter memory leak when serving static pages from Node.js middleware.

  When using the middleware handler, requests that were being passed on to Express / Fastify (e.g. static files / pre-rendered pages / etc.) weren't cleaning up socket listeners before calling next(), causing a memory leak warning. This fix makes sure to run the cleanup before calling next().

6.0.6

Patch Changes

• #15965 2dca307 Thanks @​matthewp! - Fixes client hydration for components imported through Node.js subpath imports (package.json#imports, e.g. #components/*), for example when using the Cloudflare adapter in development.

• #15770 6102ca2 Thanks @​jpc-ae! - Updates the create astro welcome message to highlight the graceful dev/preview server quit command rather than the kill process shortcut

• #15953 7eddf22 Thanks @​Desel72! - fix(hmr): eagerly recompile on style-only change to prevent stale slots render

• #15916 5201ed4 Thanks @​trueberryless! - Fixes InferLoaderSchema type inference for content collections defined with a loader that includes a schema

• #15864 d3c7de9 Thanks @​florian-lefebvre! - Removes temporary support for Node >=20.19.1 because Stackblitz now uses Node 22 by default

• #15944 a5e1acd Thanks @​fkatsuhiro! - Fixes SSR dynamic routes with .html extension (e.g. [slug].html.astro) not working

• #15937 d236245 Thanks @​ematipico! - Fixes an issue where HMR didn't correctly work on Windows when adding/changing/deleting routes in pages/.

• #15931 98dfb61 Thanks @​Strernd! - Fix skew protection query params not being applied to island hydration component-url and renderer-url, and ensure query params are appended safely for asset URLs with existing search/hash parts.

... (truncated)

Commits

• b47897c [ci] release (#15998)
• e752170 fix(css): skip dev-css virtual modules in ensureModulesLoaded to prevent Clou...
• 6d182fe fix(actions): support for nested objects in form (#15978)
• 1fddff7 fix(rewrite): collapse leading slashes when doing a redirect (#15997)
• 878791f [ci] release (#15985)
• 3e7a9d5 fix(content-layer): populate imagePaths in renderMarkdown metadata (#15968)
• acce5e8 Preserve renderers for discovered server islands (#15950)
• 1e6017f Refactor/unit tests part2 (#15990)
• 4741b09 test: actions, params and csrf to unit test (#15984)
• c93b4a0 Inject styles from dynamically imported components on first dev server load (...
• Additional commits viewable in compare view

Updates tailwindcss from 4.2.1 to 4.2.2

Release notes

Sourced from tailwindcss's releases.

v4.2.2

Added

• Support Vite 8 in @tailwindcss/vite (#19790)

Fixed

• Don't crash when candidates contain prototype properties like row-constructor (#19725)
• Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#19769)
• Fix crash in canonicalization step when handling utilities containing @property at-rules (e.g. shadow-sm border) (#19727)
• Skip full reload for server only modules scanned by client CSS when using @tailwindcss/vite (#19745)
• Improve canonicalization for bare values exceeding default spacing scale suggestions (e.g. w-1234 h-1234 → size-1234) (#19809)
• Fix canonicalization resulting in empty list (e.g. w-5 h-5 size-5 → '' instead of size-5) (#19812)

Changelog

Sourced from tailwindcss's changelog.

[4.2.2] - 2026-03-18

Fixed

• Don't crash when candidates contain prototype properties like row-constructor (#19725)
• Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#19769)
• Fix crash in canonicalization step when handling utilities containing @property at-rules (e.g. shadow-sm border) (#19727)
• Skip full reload for server only modules scanned by client CSS when using @tailwindcss/vite (#19745)
• Add support for Vite 8 in @tailwindcss/vite (#19790)
• Improve canonicalization for bare values exceeding default spacing scale suggestions (e.g. w-1234 h-1234 → size-1234) (#19809)
• Fix canonicalization resulting in empty list (e.g. w-5 h-5 size-5 → '' instead of size-5) (#19812)
• Resolve tsconfig paths to allow for @import '@/path/to/file'; when using @tailwindcss/vite (#19803)

Commits

• d596b0c 4.2.2 (#19821)
• 2228a57 Bump Lightning CSS (#19771)
• f302fce Fix canonicalization resulting in empty list (#19812)
• bb2f170 Improve canonicalization for bare values exceeding default spacing scale sugg...
• faa5e88 Cleanup inconsistencies related to (regex) escapes (#19804)
• d5717f2 run prettier
• 51aa9d7 fix(canonicalize): handle utilities with empty property maps in collapse (#19...
• c586bd6 Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#19769)
• 9ded4a2 Guard object lookups against inherited prototype properties (#19725)
• See full diff in compare view

Updates @lavamoat/allow-scripts from 3.4.3 to 4.0.0

Release notes

Sourced from @​lavamoat/allow-scripts's releases.

allow-scripts: v4.0.0

4.0.0 (2026-03-20)

⚠ BREAKING CHANGES

• Node.js v18 is no longer supported.

Bug Fixes

• drop Node.js v18 support across the board (#1886) (1190c9b)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​lavamoat/aa bumped from ^4.3.6 to ^5.0.0

Changelog

Sourced from @​lavamoat/allow-scripts's changelog.

4.0.0 (2026-03-20)

⚠ BREAKING CHANGES

• Node.js v18 is no longer supported.

Bug Fixes

• drop Node.js v18 support across the board (#1886) (1190c9b)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • @​lavamoat/aa bumped from ^4.3.6 to ^5.0.0

Commits

• 1868d7b chore: release main
• f10ac68 fix(allow-scripts): update types (#649)
• d8d5996 feat(aa): ship generated types (#638)
• 10c667b fix!: drop Node.js v14 (#729)
• 3f7c381 feat(allow-scripts): generate & ship typescript declarations (#675)
• b026356 chore: format all files
• 2b899aa chore: add extension to depcheckrc
• 5fb4a88 chore: release main
• 0800c11 fix: normalize all package versions
• 1b61289 chore: consolidate eslint config (#627)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions