fix(deps): update astro 5.x→6.x to resolve 8 Dependabot security alerts

[agent-cairn]

Summary

• Updated astro from ^5.6.1 to ^6.0.8 (major version bump)
• Resolves all 8 open Dependabot security alerts (3 HIGH, 4 MEDIUM, 1 LOW)

Resolved vulnerabilities

Package	Before	After	Severity	Advisory
h3	≤1.15.8	1.15.10	HIGH	SSE injection, path traversal, double decode bypass
svgo	4.0.0	4.0.1	HIGH	Billion Laughs DoS
rollup	4.0.0	4.60.0	HIGH	Arbitrary file write via path traversal
devalue	≤5.6.3	5.6.4	MEDIUM	Prototype pollution

⚠️ Major version bump

This is a 5.x → 6.x bump for astro. Build passes clean (4 pages, 988ms). Review any Astro 6 breaking changes before merging:

• https://docs.astro.build/en/guides/upgrade-to/v6/

Test plan

• npm audit reports 0 vulnerabilities
• npm run build passes (static build, 4 pages)

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request focuses on a critical dependency update, upgrading the astro framework to its major version 6.x. The primary motivation for this update is to mitigate several security vulnerabilities across various packages, as identified by Dependabot. This ensures the project benefits from the latest security patches and features offered by the new Astro release, while also updating numerous underlying dependencies and adjusting the Node.js engine compatibility.

Highlights

• Major Version Upgrade: The astro framework has been updated from version 5.x to 6.x, incorporating significant changes and improvements.
• Security Vulnerability Resolution: Eight Dependabot security alerts have been resolved, including three HIGH, four MEDIUM, and one LOW severity issues.
• Critical Vulnerabilities Addressed: Specific high-severity vulnerabilities fixed include SSE injection (h3), Billion Laughs DoS (svgo), and Arbitrary file write via path traversal (rollup).
• Node.js Engine Requirement Update: The minimum required Node.js version has been updated to >=22.12.0 to align with the new Astro version.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request upgrades Astro to version 6.0.8, which involves updating numerous dependencies such as @astrojs/compiler, @astrojs/markdown-remark, shiki, vite, and zod, along with the removal of several older packages. A critical aspect of this upgrade is the introduction of a new minimum Node.js version requirement of >=22.12.0 for Astro and its core dependencies, which needs to be ensured in the project's environments to prevent compatibility issues.

[gemini-code-assist]

The upgrade to Astro v6.x introduces a new minimum Node.js version requirement of >=22.12.0 for several core dependencies (e.g., @astrojs/prism, @shikijs/*, vite). Please ensure that the project's development and deployment environments are updated to meet this new requirement to avoid compatibility issues.