Skip to content

fix(deps): upgrade many deps #21

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

fix(deps): upgrade many deps #21

wants to merge 5 commits into from

Conversation

@boneskull
Copy link
Member

@boneskull boneskull commented Nov 20, 2025

Upgrades @astrojs/starlight, astro, astro-embed, markdownlint-cli2 and typescript to latest versions.

Moved all dependencies to devDependencies, since there are no actual dependencies.

@boneskull
fix(deps): upgrade @astrojs/starlight, astro, astro-embed, markdownli…
00a9b65 
…nt-cli2 and typescript to latest versions

Moved all dependencies to devDependencies, since there are no actual dependencies.
@boneskull boneskull requested a review from naugtur November 20, 2025 20:40
@boneskull boneskull self-assigned this Nov 20, 2025
@socket-security
Copy link

socket-security bot commented Nov 20, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatedastro-embed@​0.7.2 ⏵ 0.9.293 +610054 +589 +4100
Updated@​astrojs/​check@​0.7.0 ⏵ 0.9.510010080 +1589 +9100
Updated@​astrojs/​starlight@​0.24.4 ⏵ 0.36.29910085 +196 +3100
Updatedastro@​4.11.1 ⏵ 5.16.097100 +508898 +1100
Updatedmarkdownlint-cli2@​0.14.0 ⏵ 0.19.099 +1100100 +188 +6100

View full report

@socket-security
Copy link

socket-security bot commented Nov 20, 2025
edited
Loading

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Warn High
GitHub dependency: npm volar-service-emmet depends on ramya-rao-a/css-parser

Dependency: @emmetio/css-parser@ramya-rao-a/css-parser@#vscode

Location: Package overview

From: package-lock.jsonnpm/@astrojs/[email protected]npm/[email protected]

ℹ Read more on: This package | This alert | What are GitHub dependencies?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Publish the GitHub dependency to npm or a private package repository and consume it from there.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@boneskull
Copy link
Member Author

boneskull commented Nov 21, 2025

  • Updated @astrojs/check to mitigate the problem noted in the nastygram
  • Fixed tsconfig.json with settings recommended by Astro
  • Fixed how we're checking types in CI

@boneskull boneskull force-pushed the boneskull/upgrade-many-deps branch from 6098709 to e628971 Compare November 21, 2025 01:35
@boneskull
Copy link
Member Author

boneskull commented Nov 22, 2025

Having trouble reproducing the failure locally. hmm.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@naugtur naugtur naugtur approved these changes

Assignees

@boneskull boneskull

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@boneskull @naugtur