chore(deps): bump the github-actions group across 1 directory with 6 updates

[dependabot]

Bumps the github-actions group with 6 updates in the / directory:

Package	From	To
@astrojs/check	0.9.8	0.9.9
@astrojs/starlight	0.38.3	0.38.4
@astrojs/vercel	10.0.4	10.0.6
astro	6.1.8	6.1.10
starlight-links-validator	0.23.0	0.24.0
vercel	52.0.0	52.2.1

Updates @astrojs/check from 0.9.8 to 0.9.9

Release notes

Sourced from @​astrojs/check's releases.

@​astrojs/check@​0.9.9

Patch Changes

• #16471 f56bb3f Thanks @​delucis! - Adds support for TypeScript v6 to peer dependencies range

• Updated dependencies [8c62159]:

  • @​astrojs/language-server@​2.16.7

Changelog

Sourced from @​astrojs/check's changelog.

0.9.9

Patch Changes

• #16471 f56bb3f Thanks @​delucis! - Adds support for TypeScript v6 to peer dependencies range

• Updated dependencies [8c62159]:

  • @​astrojs/language-server@​2.16.7

Commits

• c1f2e4f [ci] release (#16467)
• f56bb3f Widen typescript peer dependency range to allow v6 (#16471)
• 184700c fix(deps): update language tools (#16230)
• 88fcc98 fix integrations links across docs (#16098)
• b9e96da fix(deps): update dependency vitest to v4 (#15372)
• See full diff in compare view

Updates @astrojs/starlight from 0.38.3 to 0.38.4

Release notes

Sourced from @​astrojs/starlight's releases.

@​astrojs/starlight@​0.38.4

Patch Changes

• #3828 342038b Thanks @​MangelMaxime! - Fixes aside styling when used without any content

• #3853 563e11b Thanks @​delucis! - Fixes a type-checking issue for users on newer versions of TypeScript

Changelog

Sourced from @​astrojs/starlight's changelog.

0.38.4

Patch Changes

• #3828 342038b Thanks @​MangelMaxime! - Fixes aside styling when used without any content

• #3853 563e11b Thanks @​delucis! - Fixes a type-checking issue for users on newer versions of TypeScript

Commits

• d986558 [ci] release (#3844)
• 563e11b Ignore type error in i18n util with newer TypeScript versions (#3853)
• 04fcec0 [ci] format
• 342038b fix: empty aside alignment (#3828)
• See full diff in compare view

Updates @astrojs/vercel from 10.0.4 to 10.0.6

Release notes

Sourced from @​astrojs/vercel's releases.

@​astrojs/vercel@​10.0.6

Patch Changes

• #16486 0bae1a5 Thanks @​cyphercodes! - Fix forwarded serverless requests with streamed bodies by preserving the required duplex: 'half' option when rewriting middleware paths.

@​astrojs/vercel@​10.0.5

Patch Changes

• Updated dependencies [99464ed, f3485c3]:
  • @​astrojs/internal-helpers@​0.9.0

Changelog

Sourced from @​astrojs/vercel's changelog.

10.0.6

Patch Changes

• #16486 0bae1a5 Thanks @​cyphercodes! - Fix forwarded serverless requests with streamed bodies by preserving the required duplex: 'half' option when rewriting middleware paths.

10.0.5

Patch Changes

• Updated dependencies [99464ed, f3485c3]:
  • @​astrojs/internal-helpers@​0.9.0

Commits

• c1f2e4f [ci] release (#16467)
• 0bae1a5 fix(vercel): preserve duplex for forwarded request bodies (#16486)
• 5c543c5 refactor(astro): add internal entry points for test (#16473)
• f1fb559 refactor(astro): migrate test helpers to TypeScript (#16474)
• 21ca872 [ci] release (#16399)
• 99464ed Bump vite, picomatch, and unstorage to latest patch versions (#16448)
• c085cb2 refactor(vercel): remove duplicated test files (#16416)
• 9ed6b75 refactor: remove PRERENDER env variable in tests (#16391)
• fad154f refactor(vercel): migrate tests to typescript (#16360)
• 5557dca feat: erasableSyntaxOnly (#15719)
• See full diff in compare view

Updates astro from 6.1.8 to 6.1.10

Release notes

Sourced from astro's releases.

astro@6.1.10

Patch Changes

• #16479 1058428 Thanks @​matthewp! - Fixes a spurious [WARN] [content] Content config not loaded warning during astro dev for projects that don't use content collections

• #16457 3d82220 Thanks @​matthewp! - Hardens server island encryption to prevent encrypted data from one island component being replayed against a different one

• #16481 152700e Thanks @​matthewp! - Fixes a spurious 404 request for a dev toolbar sourcemap during astro dev caused by the browser mis-resolving a relative sourceMappingURL from the /@id/ URL prefix

• #16480 1bcb43b Thanks @​matthewp! - Fixes an unnecessary full page reload on first navigation during dev

astro@6.1.9

Patch Changes

• #16448 99464ed Thanks @​matthewp! - Updates vite, picomatch, and unstorage to latest patch versions

• #16422 a3951d7 Thanks @​matthewp! - Hardens astro-island export resolution and hydration error handling for malformed component metadata

• #16420 e21de1d Thanks @​matthewp! - Hardens Astro's error overlay and server logging paths to avoid unsafe HTML insertion and format-string interpolation

• #16419 f3485c3 Thanks @​matthewp! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding

• #16022 a002540 Thanks @​mathieumaf! - Fixes an issue where i18n domains would return 404 when trailingSlash is set to never.

• Updated dependencies [99464ed, f3485c3]:

  • @​astrojs/internal-helpers@​0.9.0
  • @​astrojs/markdown-remark@​7.1.1

Changelog

Sourced from astro's changelog.

6.1.10

Patch Changes

• #16479 1058428 Thanks @​matthewp! - Fixes a spurious [WARN] [content] Content config not loaded warning during astro dev for projects that don't use content collections

• #16457 3d82220 Thanks @​matthewp! - Hardens server island encryption to prevent encrypted data from one island component being replayed against a different one

• #16481 152700e Thanks @​matthewp! - Fixes a spurious 404 request for a dev toolbar sourcemap during astro dev caused by the browser mis-resolving a relative sourceMappingURL from the /@id/ URL prefix

• #16480 1bcb43b Thanks @​matthewp! - Fixes an unnecessary full page reload on first navigation during dev

6.1.9

Patch Changes

• #16448 99464ed Thanks @​matthewp! - Updates vite, picomatch, and unstorage to latest patch versions

• #16422 a3951d7 Thanks @​matthewp! - Hardens astro-island export resolution and hydration error handling for malformed component metadata

• #16420 e21de1d Thanks @​matthewp! - Hardens Astro's error overlay and server logging paths to avoid unsafe HTML insertion and format-string interpolation

• #16419 f3485c3 Thanks @​matthewp! - Hardens nested object and package metadata lookups to ignore prototype keys in content handling and project scaffolding

• #16022 a002540 Thanks @​mathieumaf! - Fixes an issue where i18n domains would return 404 when trailingSlash is set to never.

• Updated dependencies [99464ed, f3485c3]:

  • @​astrojs/internal-helpers@​0.9.0
  • @​astrojs/markdown-remark@​7.1.1

Commits

• c1f2e4f [ci] release (#16467)
• 345fb9e chore: fix flaky dev toolbar render time test (#16500)
• 5120ecd [ci] format
• 3d82220 Add AEAD context binding to server island encryption (#16457)
• 1bcb43b Prebundle dev toolbar entrypoint in client environment (#16480)
• 93101cc [ci] format
• 152700e fix: strip sourceMappingURL from dev toolbar entrypoint during dep optimizati...
• bc83041 refactor(astro): migrate test utils to typescript (#16492)
• 5c543c5 refactor(astro): add internal entry points for test (#16473)
• 1058428 Suppress content config warning for projects without content collections (#16...
• Additional commits viewable in compare view

Updates starlight-links-validator from 0.23.0 to 0.24.0

Release notes

Sourced from starlight-links-validator's releases.

starlight-links-validator@0.24.0

Minor Changes

• #157 e7663be Thanks @​HiDeoo! - Adds support for validating links to Astro redirects.

Changelog

Sourced from starlight-links-validator's changelog.

0.24.0

Minor Changes

• #157 e7663be Thanks @​HiDeoo! - Adds support for validating links to Astro redirects.

Commits

• 1c779e3 ci: release (#158)
• e7663be Add support for redirects (#157)
• See full diff in compare view

Updates vercel from 52.0.0 to 52.2.1

Release notes

Sourced from vercel's releases.

vercel@52.2.1

Patch Changes

• bf07448: Revert "auth: Make it possible to store CLI credentials in OS keychain (#16083)"
• a00740e: vc whoami now shows both the logged-in user and the active team, and surfaces when the active team is set by a local project link rather than the globally-selected team.
• Updated dependencies [894e7d4]
  • @​vercel/python@​6.36.1
  • @​vercel/node@​5.7.13

vercel@52.2.0

Minor Changes

• 24686d0: Add configurable auth token storage with keyring-backed persistence and file fallback support.

Patch Changes

• Updated dependencies [24686d0]
• Updated dependencies [d36ee35]
• Updated dependencies [56c9f89]
  • @​vercel/cli-auth@​0.1.0
  • @​vercel/node@​5.7.13

Changelog

Sourced from vercel's changelog.

52.2.1

Patch Changes

• bf07448: Revert "auth: Make it possible to store CLI credentials in OS keychain (#16083)"
• a00740e: vc whoami now shows both the logged-in user and the active team, and surfaces when the active team is set by a local project link rather than the globally-selected team.
• Updated dependencies [894e7d4]
  • @​vercel/python@​6.36.1
  • @​vercel/node@​5.7.13

52.2.0

Minor Changes

• 24686d0: Add configurable auth token storage with keyring-backed persistence and file fallback support.

Patch Changes

• Updated dependencies [24686d0]
• Updated dependencies [d36ee35]
• Updated dependencies [56c9f89]
  • @​vercel/cli-auth@​0.1.0
  • @​vercel/node@​5.7.13

52.1.0

Minor Changes

• ae90f00: vercel edge-config tokens --remove <ID_OR_TOKEN> now accepts either a token id (as shown in the id column of vercel edge-config tokens <id-or-slug>) or a plaintext token string. The CLI transparently consults the store's own token list to classify each value and sends { ids }, { tokens }, or both to DELETE /v1/edge-config/:id/tokens accordingly.

  • Backward compatible: existing scripts passing plaintext tokens keep working.
  • Forward compatible: once plaintext is no longer listed server-side, users can revoke by id with no CLI changes.
  • No new flag: everything stays on --remove, which is repeatable.

  vercel edge-config tokens my-store --remove <token-id> --yes
  vercel edge-config tokens my-store --remove <plaintext-token> --yes
  vercel edge-config tokens my-store --remove <id-1> --remove <plaintext-2> --yes

Patch Changes

• 8d6cfde: Improve CLI unit test portability and argument fixture handling by replacing a POSIX-only mkdir -p call with Node's cross-platform mkdirSync(..., { recursive: true }), and by passing a token fixture as --token=<value> so values beginning with - are parsed correctly in non-interactive token tests.
• 0252860: Prevent non-interactive next.command suggestions from echoing auth tokens across CLI flows, not just tokens add. The CLI now strips --token / -t flags (including inline =value forms) before building suggested rerun commands, so automation output cannot leak credentials copied from invocation args; VERCEL_TOKEN from environment variables was not affected.
• Fail fast on SAML / missing-scope re-authentication when the device-code flow cannot succeed, so commands no longer hang waiting for a browser approval that will never come. reauthenticate now bails with an actionable error message when the token was supplied via --token, when it was supplied via the VERCEL_TOKEN environment variable, or when stdin is non-interactive (e.g. CI). In all three cases the user is told which token source needs a token authorized for the requested scope, instead of silently kicking off performDeviceCodeFlow.
  • @​vercel/static-build@​2.9.21

Commits

• 40d32a8 Version Packages (#16155)
• bf07448 Revert "auth: Make it possible to store CLI credentials in OS keychain (#1608...
• a00740e feat(cli): show active team in vc whoami (#16051)
• 02c78f5 Version Packages (#16151)
• 68edb7a Version Packages (#16138)
• 24686d0 auth: Make it possible to store CLI credentials in OS keychain (#16083)
• 8d6cfde test(cli): fix windows and non-interactive token unit test regressions (#16134)
• 0252860 fix(cli): prevent token leaks in non-interactive next commands (#16113)
• ae90f00 feat(cli): edge-config tokens --remove accepts ids or plaintext tokens (#16...
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
openresource-dev	Ready	Preview, Comment	Apr 30, 2026 7:24am

[dependabot]

Looks like these dependencies are no longer updatable, so this is no longer needed.