Skip to content

build(deps): Bump the npm-minor-patch group across 1 directory with 4 updates#191

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/docs/site/npm-minor-patch-47c878e989
Open

build(deps): Bump the npm-minor-patch group across 1 directory with 4 updates#191
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/docs/site/npm-minor-patch-47c878e989

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 4, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm-minor-patch group with 4 updates in the /docs/site directory: @astrojs/starlight, astro, @astrojs/markdown-remark and @redocly/cli.

Updates @astrojs/starlight from 0.41.2 to 0.41.3

Release notes

Sourced from @​astrojs/starlight's releases.

@​astrojs/starlight@​0.41.3

Patch Changes

  • #3911 1686ecc Thanks @​timothyjordan! - Keeps keyboard focus inside the mobile menu while it is open, preventing focus moving to hidden interactive elements in page content.
Changelog

Sourced from @​astrojs/starlight's changelog.

0.41.3

Patch Changes

  • #3911 1686ecc Thanks @​timothyjordan! - Keeps keyboard focus inside the mobile menu while it is open, preventing focus moving to hidden interactive elements in page content.
Commits

Updates astro from 7.0.2 to 7.1.0

Release notes

Sourced from astro's releases.

astro@7.1.0

Minor Changes

  • #17302 5f4dc03 Thanks @​astrobot-houston! - Adds a new deferRender option to the glob() content loader

    When set to true, renderable entries (such as Markdown) are not rendered during content sync. Instead, rendering is deferred until the entry is actually rendered in a page, using the same on-demand path that .mdx files already use.

    This reduces memory usage during astro build for large collections whose rendered output is much larger than the source — for example, Markdown that uses heavy rehype plugins like rehype-katex. Such builds could previously run out of memory while storing the eagerly-rendered HTML for every entry.

    // src/content.config.ts
    import { defineCollection } from 'astro:content';
    import { glob } from 'astro/loaders';
    const docs = defineCollection({
    loader: glob({ pattern: '**/*.md', base: 'src/content/docs', deferRender: true }),
    });

    By default deferRender is false, preserving the existing behavior of rendering entries eagerly during sync so their rendered HTML can be cached across builds.

  • #17296 30698a2 Thanks @​ematipico! - Adds a new experimental collectionStorage option for controlling how the content layer persists its data store

    By default, Astro serializes the entire content layer data store to a single file (.astro/data-store.json). For very large content collections, this file can grow large enough to hit platform file-size limits.

    Set experimental.collectionStorage: 'chunked' to instead split the data store across many smaller, content-addressed files inside a .astro/data-store/ directory, described by a manifest:

    // astro.config.mjs
    import { defineConfig } from 'astro/config';
    export default defineConfig({
    experimental: {
    collectionStorage: 'chunked',
    },
    });

    Because each part file is named by a hash of its contents, unchanged parts keep the same name across builds and are not rewritten, and identical parts are deduplicated. The default value is 'single-file', which preserves the current behavior.

  • #17214 44c4989 Thanks @​ematipico! - Adds support for the more specific CSP directives script-src-elem, script-src-attr, style-src-elem, and style-src-attr through a new kind option.

    Previously, CSP was only scoped to generic script-src/style-src directives. Now each source or hash can be scoped to a narrower directive — for example, to allow inline style attributes (such as those from define:vars or Shiki) without loosening the policy for your <style> and <link> elements.

    Scoping sources and hashes in your config

    Each entry in resources and hashes can be an object with a kind property. Depending on whether you use scriptDirective or styleDirective, "element" targets script-src-elem or style-src-elem, "attribute" targets script-src-attr or style-src-attr, and "default" (the same as a bare string or hash) targets script-src or style-src.

    // astro.config.mjs

... (truncated)

Changelog

Sourced from astro's changelog.

7.1.0

Minor Changes

  • #17302 5f4dc03 Thanks @​astrobot-houston! - Adds a new deferRender option to the glob() content loader

    When set to true, renderable entries (such as Markdown) are not rendered during content sync. Instead, rendering is deferred until the entry is actually rendered in a page, using the same on-demand path that .mdx files already use.

    This reduces memory usage during astro build for large collections whose rendered output is much larger than the source — for example, Markdown that uses heavy rehype plugins like rehype-katex. Such builds could previously run out of memory while storing the eagerly-rendered HTML for every entry.

    // src/content.config.ts
    import { defineCollection } from 'astro:content';
    import { glob } from 'astro/loaders';
    const docs = defineCollection({
    loader: glob({ pattern: '**/*.md', base: 'src/content/docs', deferRender: true }),
    });

    By default deferRender is false, preserving the existing behavior of rendering entries eagerly during sync so their rendered HTML can be cached across builds.

  • #17296 30698a2 Thanks @​ematipico! - Adds a new experimental collectionStorage option for controlling how the content layer persists its data store

    By default, Astro serializes the entire content layer data store to a single file (.astro/data-store.json). For very large content collections, this file can grow large enough to hit platform file-size limits.

    Set experimental.collectionStorage: 'chunked' to instead split the data store across many smaller, content-addressed files inside a .astro/data-store/ directory, described by a manifest:

    // astro.config.mjs
    import { defineConfig } from 'astro/config';
    export default defineConfig({
    experimental: {
    collectionStorage: 'chunked',
    },
    });

    Because each part file is named by a hash of its contents, unchanged parts keep the same name across builds and are not rewritten, and identical parts are deduplicated. The default value is 'single-file', which preserves the current behavior.

  • #17214 44c4989 Thanks @​ematipico! - Adds support for the more specific CSP directives script-src-elem, script-src-attr, style-src-elem, and style-src-attr through a new kind option.

    Previously, CSP was only scoped to generic script-src/style-src directives. Now each source or hash can be scoped to a narrower directive — for example, to allow inline style attributes (such as those from define:vars or Shiki) without loosening the policy for your <style> and <link> elements.

    Scoping sources and hashes in your config

    Each entry in resources and hashes can be an object with a kind property. Depending on whether you use scriptDirective or styleDirective, "element" targets script-src-elem or style-src-elem, "attribute" targets script-src-attr or style-src-attr, and "default" (the same as a bare string or hash) targets script-src or style-src.

... (truncated)

Commits

Updates @astrojs/markdown-remark from 7.2.0 to 7.2.1

Release notes

Sourced from @​astrojs/markdown-remark's releases.

@​astrojs/markdown-remark@​7.2.1

Patch Changes

  • Updated dependencies [eb6f97e]:
    • @​astrojs/internal-helpers@​0.10.1
Changelog

Sourced from @​astrojs/markdown-remark's changelog.

7.2.1

Patch Changes

  • Updated dependencies [eb6f97e]:
    • @​astrojs/internal-helpers@​0.10.1
Commits

Updates @redocly/cli from 2.36.0 to 2.39.0

Release notes

Sourced from @​redocly/cli's releases.

@​redocly/cli@​2.39.0

Minor Changes

  • Added support for AsyncAPI 3.1.0 descriptions.
  • Fixed the struct rule to validate the contents of AsyncAPI protocol-specific bindings. Added typed definitions for the sns, sqs, ibmmq, googlepubsub, pulsar and ros2 bindings.

Patch Changes

  • Updated @​redocly/openapi-core to v2.39.0.

@​redocly/cli@​2.38.0

Minor Changes

  • Added an experimental drift command that compares recorded HTTP traffic (HAR, Kong, Nginx/Apache JSON, NDJSON) against an OpenAPI description and reports undocumented endpoints, schema mismatches, and security findings.
  • Added an experimental proxy command that captures live HTTP traffic through a reverse proxy into a HAR file and optionally validates it against an OpenAPI description in real time.

Patch Changes

  • Updated @​redocly/openapi-core to v2.38.0.

@​redocly/cli@​2.37.0

Minor Changes

  • Added experimental support for linting GraphQL SDL schema files (.graphql / .gql).

Patch Changes

  • Updated @​redocly/openapi-core to v2.37.0.
Commits
  • f4592cb chore: 🔖 release new versions (#2942)
  • f10449a chore: update redocly-config to v0.51.0 (#2948)
  • d3f9dc9 chore: adjust codeowners for drift and proxy commands (#2944)
  • 9d00c88 docs(contribution): add experimental features policy, clarify ai contribution...
  • 4026840 feat: add AsyncAPI 3.1 support (#2929)
  • 2054553 chore: add rules and skills for AI (#2935)
  • 1192323 chore: 🔖 release new versions (#2939)
  • 21475a7 chore: update redocly config version to 0.50.1 (#2941)
  • 7faca0c feat: experimental traffic analysis (#2848)
  • 51b1d15 docs: document --continue-on-deploy-failures option for push and push-status ...
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 4, 2026
@dependabot
dependabot Bot requested a review from jeremi as a code owner July 4, 2026 09:02
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 4, 2026
@dependabot dependabot Bot changed the title chore(deps): bump the npm-minor-patch group across 1 directory with 4 updates build(deps): Bump the npm-minor-patch group across 1 directory with 4 updates Jul 9, 2026
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/docs/site/npm-minor-patch-47c878e989 branch 2 times, most recently from dabb188 to f25c350 Compare July 10, 2026 02:04
@dependabot dependabot Bot changed the title build(deps): Bump the npm-minor-patch group across 1 directory with 4 updates chore(deps): Bump the npm-minor-patch group across 1 directory with 4 updates Jul 11, 2026
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/docs/site/npm-minor-patch-47c878e989 branch from f25c350 to b26c595 Compare July 11, 2026 13:55

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: b26c595e18

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread docs/site/package.json
"dependencies": {
"@astrojs/sitemap": "^3.7.3",
"@astrojs/starlight": "^0.41.2",
"@astrojs/starlight": "^0.41.3",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Add the required DCO sign-off

The repo root AGENTS.md says “Every commit needs a DCO sign-off,” but git log -1 --format=%B fb4bcac5e5e8027a9edbf4ae676392f9b8e43b20 contains no Signed-off-by: trailer. In any DCO-enforced review or merge context, this dependency update will be rejected until the commit is recreated with git commit -s or an equivalent sign-off trailer.

Useful? React with 👍 / 👎.

@dependabot dependabot Bot changed the title chore(deps): Bump the npm-minor-patch group across 1 directory with 4 updates build(deps): Bump the npm-minor-patch group across 1 directory with 4 updates Jul 14, 2026
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/docs/site/npm-minor-patch-47c878e989 branch from b26c595 to f055c60 Compare July 14, 2026 20:16
… updates

Bumps the npm-minor-patch group with 4 updates in the /docs/site directory: [@astrojs/starlight](https://github.com/withastro/starlight/tree/HEAD/packages/starlight), [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro), [@astrojs/markdown-remark](https://github.com/withastro/astro/tree/HEAD/packages/markdown/remark) and [@redocly/cli](https://github.com/Redocly/redocly-cli).


Updates `@astrojs/starlight` from 0.41.2 to 0.41.3
- [Release notes](https://github.com/withastro/starlight/releases)
- [Changelog](https://github.com/withastro/starlight/blob/main/packages/starlight/CHANGELOG.md)
- [Commits](https://github.com/withastro/starlight/commits/@astrojs/starlight@0.41.3/packages/starlight)

Updates `astro` from 7.0.2 to 7.1.0
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@7.1.0/packages/astro)

Updates `@astrojs/markdown-remark` from 7.2.0 to 7.2.1
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/markdown/remark/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/@astrojs/markdown-remark@7.2.1/packages/markdown/remark)

Updates `@redocly/cli` from 2.36.0 to 2.39.0
- [Release notes](https://github.com/Redocly/redocly-cli/releases)
- [Commits](https://github.com/Redocly/redocly-cli/compare/@redocly/cli@2.36.0...@redocly/cli@2.39.0)

---
updated-dependencies:
- dependency-name: "@astrojs/markdown-remark"
  dependency-version: 7.2.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-minor-patch
- dependency-name: "@astrojs/starlight"
  dependency-version: 0.41.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-patch
- dependency-name: "@redocly/cli"
  dependency-version: 2.37.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-minor-patch
- dependency-name: astro
  dependency-version: 7.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/npm_and_yarn/docs/site/npm-minor-patch-47c878e989 branch from f055c60 to 2f49bbe Compare July 16, 2026 17:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants