Bump the minor group across 5 directories with 7 updates by dependabot[bot] · Pull Request #378 · dmno-dev/varlock

dependabot · 2026-03-12T04:46:34Z

Bumps the minor group with 7 updates in the / directory:

Package	From	To
@changesets/get-github-info	`0.7.0`	`0.8.0`
gunshi	`0.28.2`	`0.29.3`
@modelcontextprotocol/sdk	`1.20.2`	`1.27.1`
agents	`0.2.35`	`0.7.6`
@astrojs/starlight	`0.37.7`	`0.38.1`
astro-og-canvas	`0.7.2`	`0.10.1`
starlight-llms-txt	`0.6.1`	`0.7.0`

Bumps the minor group with 1 update in the /packages/changeset-changelog directory: @changesets/get-github-info.
Bumps the minor group with 1 update in the /packages/varlock directory: gunshi.
Bumps the minor group with 2 updates in the /packages/varlock-docs-mcp directory: @modelcontextprotocol/sdk and agents.
Bumps the minor group with 3 updates in the /packages/varlock-website directory: @astrojs/starlight, astro-og-canvas and starlight-llms-txt.

Updates @changesets/get-github-info from 0.7.0 to 0.8.0

Release notes

Sourced from @changesets/get-github-info's releases.

@changesets/get-github-info@0.8.0

Minor Changes

#1758 e462d89 Thanks @jdeniau! - Add scopes automatically in the GitHub new token link in the printed error message

Patch Changes

#1781 d4b8ad8 Thanks @bluwy! - Improve error messages when fail to fetch data from GitHub

Commits

See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @changesets/get-github-info since your current version.

Updates gunshi from 0.28.2 to 0.29.3

Release notes

Sourced from gunshi's releases.

v0.29.3

Full Changelog: kazupon/gunshi@v0.29.2...v0.29.3

v0.29.2

Full Changelog: kazupon/gunshi@v0.29.1...v0.29.2

v0.29.1

Full Changelog: kazupon/gunshi@v0.29.0...v0.29.1

v0.29.0

What's Changed

🌟 Features

feat(gunshi): support parser combinators for argment schema (experimental) by @kazupon in kazupon/gunshi#496

Full Changelog: kazupon/gunshi@v0.28.2...v0.29.0

Changelog

Sourced from gunshi's changelog.

v0.29.3 (2026-03-11T08:53:31Z)

This changelog is generated by GitHub Releases

Full Changelog: kazupon/gunshi@v0.29.2...v0.29.3

v0.29.2 (2026-02-21T14:05:58Z)

This changelog is generated by GitHub Releases

Full Changelog: kazupon/gunshi@v0.29.1...v0.29.2

v0.29.1 (2026-02-21T14:00:47Z)

This changelog is generated by GitHub Releases

Full Changelog: kazupon/gunshi@v0.29.0...v0.29.1

v0.29.0 (2026-02-21T13:53:41Z)

This changelog is generated by GitHub Releases

What's Changed

🌟 Features

feat(gunshi): support parser combinators for argment schema (experimental) by @kazupon in kazupon/gunshi#496

Full Changelog: kazupon/gunshi@v0.28.2...v0.29.0

Commits

c90a2a3 release: v0.29.3
3b4277b chore: bump deps
b4ea0b2 release: v0.29.2
f165be2 release: v0.29.1
9e3341b release: v0.29.0
a95db15 feat(gunshi): support parser combinators for argment schema (experimental) (#...
See full diff in compare view

Updates @modelcontextprotocol/sdk from 1.20.2 to 1.27.1

Release notes

Sourced from @modelcontextprotocol/sdk's releases.

v1.27.1

What's Changed

feat: implement auth/pre-registration conformance scenario by @felixweinberger in modelcontextprotocol/typescript-sdk#1545

docs: add governance documentation for SEP-1730 by @felixweinberger in modelcontextprotocol/typescript-sdk#1547

docs: comprehensive feature documentation for SEP-1730 Tier 1 by @felixweinberger in modelcontextprotocol/typescript-sdk#1548

fix: prevent command injection in example URL opening (v1.x backport) by @maxisbey in modelcontextprotocol/typescript-sdk#1579

fix: call onerror for silently swallowed transport errors by @qing-ant in modelcontextprotocol/typescript-sdk#1580

chore: bump version to 1.27.1 by @felixweinberger in modelcontextprotocol/typescript-sdk#1581

New Contributors

@qing-ant made their first contribution in modelcontextprotocol/typescript-sdk#1580

Full Changelog: modelcontextprotocol/typescript-sdk@v1.27.0...v1.27.1

v1.27.0

What's Changed

feat: add conformance test infrastructure for v1.x by @felixweinberger in modelcontextprotocol/typescript-sdk#1518

feat: backport discoverOAuthServerInfo() and discovery caching to v1.x by @felixweinberger in modelcontextprotocol/typescript-sdk#1533

feat: add url property to RequestInfo interface by @valentinbeggi in modelcontextprotocol/typescript-sdk#1353

[v1.x] feat(tasks): add streaming methods for elicitation and sampling by @LucaButBoring in modelcontextprotocol/typescript-sdk#1528

chore: bump version for v1.27.0 by @felixweinberger in modelcontextprotocol/typescript-sdk#1541

New Contributors

@valentinbeggi made their first contribution in modelcontextprotocol/typescript-sdk#1353

Full Changelog: modelcontextprotocol/typescript-sdk@v1.26.0...v1.27.0

v1.26.0

Addresses "Sharing server/transport instances can leak cross-client response data" in this GHSA GHSA-345p-7cg4-v4c7

What's Changed

chore: bump v1.25.3 for backport fixes by @pcarleton in modelcontextprotocol/typescript-sdk#1412

fix(deps): resolve npm audit vulnerabilities and bump dependencies (v1.x backport) by @samuv in modelcontextprotocol/typescript-sdk#1382

Fix #1430: Client Credentials providers scopes support (backported) by @NSeydoux in modelcontextprotocol/typescript-sdk#1442

chore: bump version to 1.26.0 by @pcarleton in modelcontextprotocol/typescript-sdk#1479

New Contributors

@samuv made their first contribution in modelcontextprotocol/typescript-sdk#1382

@NSeydoux made their first contribution in modelcontextprotocol/typescript-sdk#1442

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.3...v1.26.0

v1.25.3

What's Changed

[v1.x backport] Use correct schema for client sampling validation when tools are present by @olaservo in modelcontextprotocol/typescript-sdk#1407

fix: prevent Hono from overriding global Response object (v1.x) by @mattzcarey in modelcontextprotocol/typescript-sdk#1411

Full Changelog: modelcontextprotocol/typescript-sdk@v1.25.2...v1.25.3

... (truncated)

Commits

4faa8c8 chore: bump version to 1.27.1 (#1581)
09a85a8 fix: call onerror for silently swallowed transport errors (#1580)
e79d14a fix: prevent command injection in example URL opening (v1.x backport) (#1579)
342ea39 docs: comprehensive feature documentation for SEP-1730 Tier 1 (#1548)
2084a22 docs: add governance documentation for SEP-1730 (#1547)
f2d2145 feat: implement auth/pre-registration conformance scenario (#1545)
8cbc658 chore: bump version for v1.27.0 (#1541)
5c16ae3 [v1.x] feat(tasks): add streaming methods for elicitation and sampling (#1528)
97ab379 feat: add url property to RequestInfo interface (#1353)
825e9ab feat: backport discoverOAuthServerInfo() and discovery caching to v1.x (#1533)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by pcarleton, a new releaser for @modelcontextprotocol/sdk since your current version.

Updates agents from 0.2.35 to 0.7.6

Release notes

Sourced from agents's releases.

agents@0.7.6

Patch Changes

#1090 a91b598 Thanks @threepointone! - Allow MCP clients to connect to localhost and loopback URLs again for local development while continuing to block private, link-local, and metadata endpoints.

#1088 16e2833 Thanks @threepointone! - Embed sub-agent (facet) API into the Agent base class. Adds subAgent(), abortSubAgent(), and deleteSubAgent() methods directly on Agent, replacing the experimental withSubAgents mixin. Uses composite facet keys for class-aware naming, guards scheduling and keepAlive in facets, and persists the facet flag to storage so it survives hibernation.

#1085 0b73a74 Thanks @threepointone! - Remove unnecessary storage operations in McpAgent:

Fix redundant props read in onStart: skip storage.get("props") when props are passed directly (only read from storage on hibernation recovery)

Replace elicitation storage polling with in-memory Promise/resolver: eliminates repeated storage.get/put/delete calls (up to 6 per elicitation) in favor of zero-storage in-memory signaling

#1086 e8195e7 Thanks @threepointone! - Simplify Agent storage: schema version gating and single-row state

Skip redundant DDL migrations on established DOs by tracking schema version in cf_agents_state

Eliminate STATE_WAS_CHANGED row — state persistence now uses a single row with row-existence check, correctly handling falsy values (null, 0, false, "")

Clean up legacy STATE_WAS_CHANGED rows during migration

Add schema DDL snapshot test that breaks if table definitions change without bumping CURRENT_SCHEMA_VERSION

Fix corrupted state test helper that was using incorrect row IDs

#1081 933b00f Thanks @threepointone! - Add default console.error logging to onWorkflowError() so unhandled workflow errors are visible in logs

#1089 a1eab1d Thanks @threepointone! - Add Workspace class — durable file storage for any Agent with hybrid SQLite+R2 backend and optional just-bash shell execution. Usage: new Workspace(this, { r2, idPrefix }). Import from agents/workspace.

agents@0.7.5

Patch Changes

#1071 6312684 Thanks @threepointone! - Fix missing await on _workflow_updateState RPC calls in AgentWorkflow._wrapStep() for updateAgentState, mergeAgentState, and resetAgentState, which could cause state updates to be silently lost.

#1069 b5238de Thanks @threepointone! - Add Workspace class — durable file storage for any Agent with hybrid SQLite+R2 backend and optional just-bash shell execution. Includes BashSession for multi-step shell workflows with persistent cwd and env across exec calls, and cwd option on bash(). Usage: new Workspace(this, { r2, r2Prefix }). Import from agents/experimental/workspace.

agents@0.7.4

Patch Changes

#1063 4ace1d4 Thanks @threepointone! - Fix CHECK constraint migration for cf_agents_schedules table to include 'interval' type, allowing scheduleEvery() and keepAlive() to work on DOs created with older SDK versions.

agents@0.7.3

Patch Changes

#1057 c804c73 Thanks @threepointone! - Updated dependencies.

#1057 c804c73 Thanks @threepointone! - Fix workflow RPC callbacks bypassing Agent initialization. The _workflow_handleCallback, _workflow_broadcast, and _workflow_updateState methods now call __unsafe_ensureInitialized() before executing, ensuring this.name is hydrated and onStart() has been called even when the Durable Object wakes via native RPC.

agents@0.7.2

Patch Changes

#1050 6157741 Thanks @ask-bonk! - Fix Agent alarm() bypassing PartyServer's initialization

The Agent class defined alarm as a public readonly arrow function property, which completely shadowed PartyServer's alarm() prototype method. This meant #ensureInitialized() was never called when a Durable Object woke via alarm (e.g. from scheduleEvery), causing this.name to throw and onStart to never run.

Converted alarm from an arrow function property to a regular async method that calls super.alarm() before processing scheduled tasks. Also added an onAlarm() no-op override to suppress PartyServer's default warning log.

... (truncated)

Changelog

Sourced from agents's changelog.

0.7.6

Patch Changes

#1090 a91b598 Thanks @threepointone! - Allow MCP clients to connect to localhost and loopback URLs again for local development while continuing to block private, link-local, and metadata endpoints.

#1088 16e2833 Thanks @threepointone! - Embed sub-agent (facet) API into the Agent base class. Adds subAgent(), abortSubAgent(), and deleteSubAgent() methods directly on Agent, replacing the experimental withSubAgents mixin. Uses composite facet keys for class-aware naming, guards scheduling and keepAlive in facets, and persists the facet flag to storage so it survives hibernation.

#1085 0b73a74 Thanks @threepointone! - Remove unnecessary storage operations in McpAgent:

Fix redundant props read in onStart: skip storage.get("props") when props are passed directly (only read from storage on hibernation recovery)

Replace elicitation storage polling with in-memory Promise/resolver: eliminates repeated storage.get/put/delete calls (up to 6 per elicitation) in favor of zero-storage in-memory signaling

#1086 e8195e7 Thanks @threepointone! - Simplify Agent storage: schema version gating and single-row state

Skip redundant DDL migrations on established DOs by tracking schema version in cf_agents_state

Eliminate STATE_WAS_CHANGED row — state persistence now uses a single row with row-existence check, correctly handling falsy values (null, 0, false, "")

Clean up legacy STATE_WAS_CHANGED rows during migration

Add schema DDL snapshot test that breaks if table definitions change without bumping CURRENT_SCHEMA_VERSION

Fix corrupted state test helper that was using incorrect row IDs

#1081 933b00f Thanks @threepointone! - Add default console.error logging to onWorkflowError() so unhandled workflow errors are visible in logs

#1089 a1eab1d Thanks @threepointone! - Add Workspace class — durable file storage for any Agent with hybrid SQLite+R2 backend and optional just-bash shell execution. Usage: new Workspace(this, { r2, idPrefix }). Import from agents/workspace.

0.7.5

Patch Changes

#1071 6312684 Thanks @threepointone! - Fix missing await on _workflow_updateState RPC calls in AgentWorkflow._wrapStep() for updateAgentState, mergeAgentState, and resetAgentState, which could cause state updates to be silently lost.

#1069 b5238de Thanks @threepointone! - Add Workspace class — durable file storage for any Agent with hybrid SQLite+R2 backend and optional just-bash shell execution. Includes BashSession for multi-step shell workflows with persistent cwd and env across exec calls, and cwd option on bash(). Usage: new Workspace(this, { r2, r2Prefix }). Import from agents/experimental/workspace.

0.7.4

Patch Changes

#1063 4ace1d4 Thanks @threepointone! - Fix CHECK constraint migration for cf_agents_schedules table to include 'interval' type, allowing scheduleEvery() and keepAlive() to work on DOs created with older SDK versions.

0.7.3

Patch Changes

#1057 c804c73 Thanks @threepointone! - Updated dependencies.

#1057 c804c73 Thanks @threepointone! - Fix workflow RPC callbacks bypassing Agent initialization. The _workflow_handleCallback, _workflow_broadcast, and _workflow_updateState methods now call __unsafe_ensureInitialized() before executing, ensuring this.name is hydrated and onStart() has been called even when the Durable Object wakes via native RPC.

0.7.2

Patch Changes

#1050 6157741 Thanks @ask-bonk! - Fix Agent alarm() bypassing PartyServer's initialization

... (truncated)

Commits

e8aa938 Version Packages (#1082)
0b73a74 fix(mcp): remove unnecessary storage operations in McpAgent (#1085)
e8195e7 feat(agents): schema version gating and single-row state optimization (#1086)
c6151a0 Merge PR #1090: Allow localhost MCP client URLs + fix IPv4-mapped IPv6 SSRF b...
95c9b33 fix(mcp): block IPv4-mapped IPv6 addresses in SSRF check
a20b77d refactor(tests): migrate to SELF.fetch and remove unnecessary @callable decor...
a91b598 Allow localhost MCP client URLs
a1eab1d feat: @cloudflare/think — opinionated agent base class with fibers, sessions,...
16e2833 Embed sub-agent API into Agent base class with hibernation-safe facet flag (#...
e98f123 Add @cloudflare/voice: real-time voice pipeline for Agents (#1087)
Additional commits viewable in compare view

Updates @astrojs/starlight from 0.37.7 to 0.38.1

Release notes

Sourced from @astrojs/starlight's releases.

@astrojs/starlight@0.38.1

Patch Changes

#3751 fb955ff Thanks @pyxelr! - Fixes a regression causing global tableOfContents config to be ignored

@astrojs/starlight@0.38.0

Minor Changes
#3644 0d2e7ed Thanks @HiDeoo! - Adds support for Astro v6, drops support for Astro v5.

Upgrade Astro and dependencies

⚠️ BREAKING CHANGE: Astro v5 is no longer supported. Make sure you update Astro and any other official integrations at the same time as updating Starlight:
npx @astrojs/upgrade
Community Starlight plugins and Astro integrations may also need to be manually updated to work with Astro v6. If you encounter any issues, please reach out to the plugin or integration author to see if it is a known issue or if an updated version is being worked on.

Update your collections

⚠️ BREAKING CHANGE: Drops support for content collections backwards compatibility.

In Astro 5.x, projects could delay upgrading to the new Content Layer API introduced for content collections because of some existing automatic backwards compatibility that was not previously behind a flag. This meant that it was possible to upgrade from Astro 4 to Astro 5 without updating your content collections, even if you had not enabled the legacy.collections flag. Projects would continue to build, and no errors or warnings would be displayed.

Astro v6.0 now removes this automatic legacy content collections support, along with the legacy.collections flag.

If you experience content collections errors after updating to v6, check your project for any removed legacy features that may need updating to the Content Layer API. See the Starlight v0.30.0 upgrade guide for detailed instructions on upgrading legacy collections to the new Content Layer API.

If you are unable to make any changes to your collections at this time, including Starlight's default docs and i18n collections, you can enable the legacy.collectionsBackwardsCompat flag to upgrade to v6 without updating your collections. This temporary flag preserves some legacy v4 content collections features, and will allow you to keep your collections in their current state until the legacy flag is no longer supported.
#3704 375edcc Thanks @florian-lefebvre! - Fixes autocomplete for components exported from @astrojs/starlight/components/*

⚠️ Potentially breaking change: This change moves some files used in Starlight’s component internals out of the components/ directory. Direct use of these files was not and is not officially supported. If you previously imported TableOfContents/starlight-toc.ts, TableOfContents/TableOfContentsList.astro, Icons.ts, or SidebarPersistState.ts, please review your code when updating.
#3729 3642625 Thanks @delucis! - Improves Starlight’s default body font stack to better support languages such as Chinese, Japanese, and Korean on Windows. For most users there should be no visible change.

If you would prefer to keep the previous font stack, you can add the following custom CSS to your site:
:root {
  --sl-font-system: ui-sans-serif, system-ui, 'Segoe UI', Roboto,
    'Helvetica Neue', Arial, 'Noto Sans', sans-serif, 'Apple Color Emoji',
    'Segoe UI Emoji', 'Segoe UI Symbol', 'Noto Color Emoji';
}
#3598 fff38d5 Thanks @HiDeoo! - Makes hover styles consistent in Starlight’s navigation bar

... (truncated)

Changelog

Sourced from @astrojs/starlight's changelog.

0.38.1

Patch Changes

#3751 fb955ff Thanks @pyxelr! - Fixes a regression causing global tableOfContents config to be ignored

0.38.0

Minor Changes
#3644 0d2e7ed Thanks @HiDeoo! - Adds support for Astro v6, drops support for Astro v5.

Upgrade Astro and dependencies

⚠️ BREAKING CHANGE: Astro v5 is no longer supported. Make sure you update Astro and any other official integrations at the same time as updating Starlight:
npx @astrojs/upgrade
Community Starlight plugins and Astro integrations may also need to be manually updated to work with Astro v6. If you encounter any issues, please reach out to the plugin or integration author to see if it is a known issue or if an updated version is being worked on.

Update your collections

⚠️ BREAKING CHANGE: Drops support for content collections backwards compatibility.

In Astro 5.x, projects could delay upgrading to the new Content Layer API introduced for content collections because of some existing automatic backwards compatibility that was not previously behind a flag. This meant that it was possible to upgrade from Astro 4 to Astro 5 without updating your content collections, even if you had not enabled the legacy.collections flag. Projects would continue to build, and no errors or warnings would be displayed.

Astro v6.0 now removes this automatic legacy content collections support, along with the legacy.collections flag.

If you experience content collections errors after updating to v6, check your project for any removed legacy features that may need updating to the Content Layer API. See the Starlight v0.30.0 upgrade guide for detailed instructions on upgrading legacy collections to the new Content Layer API.

If you are unable to make any changes to your collections at this time, including Starlight's default docs and i18n collections, you can enable the legacy.collectionsBackwardsCompat flag to upgrade to v6 without updating your collections. This temporary flag preserves some legacy v4 content collections features, and will allow you to keep your collections in their current state until the legacy flag is no longer supported.
#3704 375edcc Thanks @florian-lefebvre! - Fixes autocomplete for components exported from @astrojs/starlight/components/*

⚠️ Potentially breaking change: This change moves some files used in Starlight’s component internals out of the components/ directory. Direct use of these files was not and is not officially supported. If you previously imported TableOfContents/starlight-toc.ts, TableOfContents/TableOfContentsList.astro, Icons.ts, or SidebarPersistState.ts, please review your code when updating.
#3729 3642625 Thanks @delucis! - Improves Starlight’s default body font stack to better support languages such as Chinese, Japanese, and Korean on Windows. For most users there should be no visible change.

If you would prefer to keep the previous font stack, you can add the following custom CSS to your site:
:root {
  --sl-font-system: ui-sans-serif, system-ui, 'Segoe UI', Roboto,
    'Helvetica Neue', Arial, 'Noto Sans', sans-serif, 'Apple Color Emoji',
    'Segoe UI Emoji', 'Segoe UI Symbol', 'Noto Color Emoji';
}

... (truncated)

Commits

ac64c72 [ci] release (#3752)
fb955ff fix: respect global tableOfContents config with zod v4 (#3751)
eb7abe2 [ci] release (#3745)
fff38d5 Tweak header hover effects (#3598)
375edcc feat: improve components exports with wildcard (#3704)
047dd32 [ci] format
3642625 Update default system font stack to better handle CJK locales on Windows (#3729)
924070d Pin to old Prettier version to unblock release (#3747)
a43ee44 [ci] format
0d2e7ed Astro 6 support (#3644)
See full diff in compare view

Updates astro-og-canvas from 0.7.2 to 0.10.1

Release notes

Sourced from astro-og-canvas's releases.

astro-og-canvas@0.10.1

Patch Changes

#128 dd829f9 Thanks @renovate! - Updates dependency entities to ^7.0.1

astro-og-canvas@0.10.0

Minor Changes
#119 151edd2 Thanks @delucis! - Makes OGImageRoute() asynchronous.

⚠️ BREAKING CHANGE: You must now await the result of OGImageRoute():
import { OGImageRoute } from 'astro-og-canvas';

export const { getStaticPaths, GET } = OGImageRoute({


export const { getStaticPaths, GET } = await OGImageRoute({
Patch Changes

#119 151edd2 Thanks @delucis! - Fixes using the built-in getSlug() for OG images with format: "JPEG" or format: "WEBP"

astro-og-canvas@0.9.0

Minor Changes
#117 b94a123 Thanks @delucis! - Adds type safety to OGImageRoute. The page parameter in getSlug() and getImageOptions() is now correctly inferred from the value passed to pages instead of being typed as any.
OGImageRoute({
  pages: {
    example: {
      title: 'Example Page',
      description: 'Description of this page shown in smaller text',
    },
  },
  getImageOptions: (path, page) => {
    page;
    // ^? { title: string; description: string }
  },
});
⚠️ Potentially breaking change: If you are type checking your code base, you may see type errors if you are accessing page in getSlug() or getImageOptions() in a non-type-safe way and will need to either update that code or add some additional types.
#117 b94a123 Thanks @delucis! - Exports OGImageOptions type
astro-og-canvas@0.8.0

Minor Changes

... (truncated)

Changelog

Sourced from astro-og-canvas's changelog.

0.10.1

Patch Changes

#128 dd829f9 Thanks @renovate! - Updates dependency entities to ^7.0.1

0.10.0

Minor Changes
#119 151edd2 Thanks @delucis! - Makes OGImageRoute() asynchronous.

⚠️ BREAKING CHANGE: You must now await the result of OGImageRoute():
import { OGImageRoute } from 'astro-og-canvas';

export const { getStaticPaths, GET } = OGImageRoute({


export const { getStaticPaths, GET } = await OGImageRoute({
Patch Changes

#119 151edd2 Thanks @delucis! - Fixes using the built-in getSlug() for OG images with format: "JPEG" or format: "WEBP"

0.9.0

Minor Changes
#117 b94a123 Thanks @delucis! - Adds type safety to OGImageRoute. The page parameter in getSlug() and getImageOptions() is now correctly inferred from the value passed to pages instead of being typed as any.
OGImageRoute({
  pages: {
    example: {
      title: 'Example Page',
      description: 'Description of this page shown in smaller text',
    },
  },
  getImageOptions: (path, page) => {
    page;
    // ^? { title: string; description: string }
  },
});
⚠️ Potentially breaking change: If you are type checking your code base, you may see type errors if you are accessing page in getSlug() or getImageOptions() in a non-type-safe way and will need to either update that code or add some additional types.
#117 b94a123 Thanks @delucis! - Exports OGImageOptions type

... (truncated)

Commits

9ec89cf Version Packages (#131)
dd829f9 Update dependency entities to ^7.0.1 (#128)
9f8a1fd Update dependency astro to ^5.16.15 (#127)
4bf4c8d Update dependency astro to ^5.16.9 (#124)
83dba33 Update dependency astro to ^5.16.8 (#122)
e316dc1 Version Packages (#120)
151edd2 Fix default getSlug() for non-PNG image formats (#119)
6f50853 Version Packages (#118)
b94a123 Improve OGImageRoute typing (#117)
c5e0a30 Add type checking to CI (#116)
Additional commits viewable in compare view

Updates starlight-llms-txt from 0.6.1 to 0.7.0

Release notes

Sourced from starlight-llms-txt's releases.

starlight-llms-txt@0.7.0

Minor Changes

#43 1db4591 Thanks @sanscontext! - Enforces llms.txt files to be prerendered at build time. Previously, sites using Astro’s output: server configuration would generate llms.txt files on-demand, which can be slow, and additionally was incompatible with the custom sets feature. This change means that llms.txt files are statically generated even for sites using output: server.

⚠️ Potentially breaking change: If you were relying on on-demand rendered llms.txt files, for example by using middleware to gate access, this may be a breaking change. Please share your use case to let us know if you need this.

Changelog

Sourced from starlight-llms-txt's changelog.

0.7.0

Minor Changes

#43 1db4591 Thanks @sanscontext! - Enforces llms.txt files to be prerendered at build time. Previously, sites using Astro’s output: server configuration would generate llms.txt files on-demand, which can be slow, and additionally was incompatible with the custom sets feature. This change means that llms.txt files are statically generated even for sites using output: server.

⚠️ Potentially breaking change: If you were relying on on-demand rendered llms.txt files, for example by using middleware to gate access, this may be a breaking change. Please share your use case to let us know if you need this.

Commits

44f2d1f [ci] release (#52)
608f6f5 fix(deps): update astro (#54)
1db4591 Add explicit prerender instruction so this can be used by SSR instances (#43)
048a071 fix(deps): update unified (#47)
dd7079d fix(deps): update dependency @types/micromatch to ^4.0.10 (#46)
See full diff in

Bumps the minor group with 7 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@changesets/get-github-info](https://github.com/changesets/changesets) | `0.7.0` | `0.8.0` | | [gunshi](https://github.com/kazupon/gunshi/tree/HEAD/packages/gunshi) | `0.28.2` | `0.29.3` | | [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) | `1.20.2` | `1.27.1` | | [agents](https://github.com/cloudflare/agents/tree/HEAD/packages/agents) | `0.2.35` | `0.7.6` | | [@astrojs/starlight](https://github.com/withastro/starlight/tree/HEAD/packages/starlight) | `0.37.7` | `0.38.1` | | [astro-og-canvas](https://github.com/delucis/astro-og-canvas/tree/HEAD/packages/astro-og-canvas) | `0.7.2` | `0.10.1` | | [starlight-llms-txt](https://github.com/delucis/starlight-llms-txt/tree/HEAD/packages/starlight-llms-txt) | `0.6.1` | `0.7.0` | Bumps the minor group with 1 update in the /packages/changeset-changelog directory: [@changesets/get-github-info](https://github.com/changesets/changesets). Bumps the minor group with 1 update in the /packages/varlock directory: [gunshi](https://github.com/kazupon/gunshi/tree/HEAD/packages/gunshi). Bumps the minor group with 2 updates in the /packages/varlock-docs-mcp directory: [@modelcontextprotocol/sdk](https://github.com/modelcontextprotocol/typescript-sdk) and [agents](https://github.com/cloudflare/agents/tree/HEAD/packages/agents). Bumps the minor group with 3 updates in the /packages/varlock-website directory: [@astrojs/starlight](https://github.com/withastro/starlight/tree/HEAD/packages/starlight), [astro-og-canvas](https://github.com/delucis/astro-og-canvas/tree/HEAD/packages/astro-og-canvas) and [starlight-llms-txt](https://github.com/delucis/starlight-llms-txt/tree/HEAD/packages/starlight-llms-txt). Updates `@changesets/get-github-info` from 0.7.0 to 0.8.0 - [Release notes](https://github.com/changesets/changesets/releases) - [Commits](https://github.com/changesets/changesets/commits/@changesets/get-github-info@0.8.0) Updates `gunshi` from 0.28.2 to 0.29.3 - [Release notes](https://github.com/kazupon/gunshi/releases) - [Changelog](https://github.com/kazupon/gunshi/blob/main/CHANGELOG.md) - [Commits](https://github.com/kazupon/gunshi/commits/v0.29.3/packages/gunshi) Updates `@modelcontextprotocol/sdk` from 1.20.2 to 1.27.1 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.20.2...v1.27.1) Updates `agents` from 0.2.35 to 0.7.6 - [Release notes](https://github.com/cloudflare/agents/releases) - [Changelog](https://github.com/cloudflare/agents/blob/main/packages/agents/CHANGELOG.md) - [Commits](https://github.com/cloudflare/agents/commits/agents@0.7.6/packages/agents) Updates `@astrojs/starlight` from 0.37.7 to 0.38.1 - [Release notes](https://github.com/withastro/starlight/releases) - [Changelog](https://github.com/withastro/starlight/blob/main/packages/starlight/CHANGELOG.md) - [Commits](https://github.com/withastro/starlight/commits/@astrojs/starlight@0.38.1/packages/starlight) Updates `astro-og-canvas` from 0.7.2 to 0.10.1 - [Release notes](https://github.com/delucis/astro-og-canvas/releases) - [Changelog](https://github.com/delucis/astro-og-canvas/blob/latest/packages/astro-og-canvas/CHANGELOG.md) - [Commits](https://github.com/delucis/astro-og-canvas/commits/astro-og-canvas@0.10.1/packages/astro-og-canvas) Updates `starlight-llms-txt` from 0.6.1 to 0.7.0 - [Release notes](https://github.com/delucis/starlight-llms-txt/releases) - [Changelog](https://github.com/delucis/starlight-llms-txt/blob/main/packages/starlight-llms-txt/CHANGELOG.md) - [Commits](https://github.com/delucis/starlight-llms-txt/commits/starlight-llms-txt@0.7.0/packages/starlight-llms-txt) Updates `@modelcontextprotocol/sdk` from 1.20.2 to 1.27.1 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.20.2...v1.27.1) Updates `@changesets/get-github-info` from 0.7.0 to 0.8.0 - [Release notes](https://github.com/changesets/changesets/releases) - [Commits](https://github.com/changesets/changesets/commits/@changesets/get-github-info@0.8.0) Updates `gunshi` from 0.28.2 to 0.29.3 - [Release notes](https://github.com/kazupon/gunshi/releases) - [Changelog](https://github.com/kazupon/gunshi/blob/main/CHANGELOG.md) - [Commits](https://github.com/kazupon/gunshi/commits/v0.29.3/packages/gunshi) Updates `@modelcontextprotocol/sdk` from 1.20.2 to 1.27.1 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.20.2...v1.27.1) Updates `agents` from 0.2.35 to 0.7.6 - [Release notes](https://github.com/cloudflare/agents/releases) - [Changelog](https://github.com/cloudflare/agents/blob/main/packages/agents/CHANGELOG.md) - [Commits](https://github.com/cloudflare/agents/commits/agents@0.7.6/packages/agents) Updates `@modelcontextprotocol/sdk` from 1.20.2 to 1.27.1 - [Release notes](https://github.com/modelcontextprotocol/typescript-sdk/releases) - [Commits](modelcontextprotocol/typescript-sdk@1.20.2...v1.27.1) Updates `@astrojs/starlight` from 0.37.7 to 0.38.1 - [Release notes](https://github.com/withastro/starlight/releases) - [Changelog](https://github.com/withastro/starlight/blob/main/packages/starlight/CHANGELOG.md) - [Commits](https://github.com/withastro/starlight/commits/@astrojs/starlight@0.38.1/packages/starlight) Updates `astro-og-canvas` from 0.7.2 to 0.10.1 - [Release notes](https://github.com/delucis/astro-og-canvas/releases) - [Changelog](https://github.com/delucis/astro-og-canvas/blob/latest/packages/astro-og-canvas/CHANGELOG.md) - [Commits](https://github.com/delucis/astro-og-canvas/commits/astro-og-canvas@0.10.1/packages/astro-og-canvas) Updates `starlight-llms-txt` from 0.6.1 to 0.7.0 - [Release notes](https://github.com/delucis/starlight-llms-txt/releases) - [Changelog](https://github.com/delucis/starlight-llms-txt/blob/main/packages/starlight-llms-txt/CHANGELOG.md) - [Commits](https://github.com/delucis/starlight-llms-txt/commits/starlight-llms-txt@0.7.0/packages/starlight-llms-txt) --- updated-dependencies: - dependency-name: "@changesets/get-github-info" dependency-version: 0.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: gunshi dependency-version: 0.29.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.27.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: agents dependency-version: 0.7.6 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: "@astrojs/starlight" dependency-version: 0.38.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: astro-og-canvas dependency-version: 0.10.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: starlight-llms-txt dependency-version: 0.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.27.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: "@changesets/get-github-info" dependency-version: 0.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: gunshi dependency-version: 0.29.3 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.27.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: agents dependency-version: 0.7.6 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: "@modelcontextprotocol/sdk" dependency-version: 1.27.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: "@astrojs/starlight" dependency-version: 0.38.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: astro-og-canvas dependency-version: 0.10.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor - dependency-name: starlight-llms-txt dependency-version: 0.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor ... Signed-off-by: dependabot[bot] <support@github.com>

changeset-bot · 2026-03-12T04:46:38Z

⚠️ No Changeset found

Latest commit: ef28642

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

cloudflare-workers-and-pages · 2026-03-12T04:46:41Z

Deploying with Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
❌ Deployment failed View logs	varlock-website	`ef28642`	Mar 12 2026, 04:46 AM

cloudflare-workers-and-pages · 2026-03-12T04:46:41Z

Deploying with Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
🔵 In progress View logs	varlock-docs-mcp	`ef28642`	Mar 12 2026, 04:46 AM

socket-security · 2026-03-12T04:47:40Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Package	Supply Chain Security	Quality	Maintenance
remark-custom-header-id@1.0.0
starlight-llms-txt@0.7.0
@astrojs/starlight@0.37.7 ⏵ 0.38.1		⁺¹	⁺¹
astro-og-canvas@0.7.2 ⏵ 0.10.1	^-2		⁺³

View full report

socket-security · 2026-03-12T04:47:42Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		Obfuscated code: npm `vite` is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: `?` → `npm/@astrojs/vue@5.1.4` → `npm/vite@6.4.1` ℹ Read more on: This package \| This alert \| What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore npm/vite@6.4.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 12, 2026

github-actions bot added community docs varlock labels Mar 12, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the minor group across 5 directories with 7 updates#378

Bump the minor group across 5 directories with 7 updates#378
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/minor-c7f6ed6e2a

dependabot bot commented on behalf of github Mar 12, 2026

Upgrade Astro and dependencies

Update your collections

Upgrade Astro and dependencies

Update your collections

Uh oh!

changeset-bot bot commented Mar 12, 2026

Uh oh!

cloudflare-workers-and-pages bot commented Mar 12, 2026 •

edited

Loading

Uh oh!

cloudflare-workers-and-pages bot commented Mar 12, 2026

Uh oh!

socket-security bot commented Mar 12, 2026

Uh oh!

socket-security bot commented Mar 12, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 12, 2026

@​changesets/get-github-info@​0.8.0

Minor Changes

Patch Changes

v0.29.3

v0.29.2

v0.29.1

v0.29.0

What's Changed

🌟 Features

v0.29.3 (2026-03-11T08:53:31Z)

v0.29.2 (2026-02-21T14:05:58Z)

v0.29.1 (2026-02-21T14:00:47Z)

v0.29.0 (2026-02-21T13:53:41Z)

What's Changed

🌟 Features

v1.27.1

What's Changed

New Contributors

v1.27.0

What's Changed

New Contributors

v1.26.0

What's Changed

New Contributors

v1.25.3

What's Changed

agents@0.7.6

Patch Changes

agents@0.7.5

Patch Changes

agents@0.7.4

Patch Changes

agents@0.7.3

Patch Changes

agents@0.7.2

Patch Changes

0.7.6

Patch Changes

0.7.5

Patch Changes

0.7.4

Patch Changes

0.7.3

Patch Changes

0.7.2

Patch Changes

@​astrojs/starlight@​0.38.1

Patch Changes

@​astrojs/starlight@​0.38.0

Minor Changes

Upgrade Astro and dependencies

Update your collections

0.38.1

Patch Changes

0.38.0

Minor Changes

Upgrade Astro and dependencies

Update your collections

astro-og-canvas@0.10.1

Patch Changes

astro-og-canvas@0.10.0

Minor Changes

Patch Changes

astro-og-canvas@0.9.0

Minor Changes

astro-og-canvas@0.8.0

Minor Changes

0.10.1

Patch Changes

0.10.0

Minor Changes

Patch Changes

0.9.0

Minor Changes

starlight-llms-txt@0.7.0

Minor Changes

0.7.0

Minor Changes

`@changesets/get-github-info@0`.8.0

`@astrojs/starlight@0`.38.1

`@astrojs/starlight@0`.38.0

cloudflare-workers-and-pages bot commented Mar 12, 2026 •

edited

Loading