chore(deps-dev): bump @astrojs/starlight from 0.37.7 to 0.38.1

[dependabot]

Bumps @astrojs/starlight from 0.37.7 to 0.38.1.

Release notes

Sourced from @​astrojs/starlight's releases.

@​astrojs/starlight@​0.38.1

Patch Changes

• #3751 fb955ff Thanks @​pyxelr! - Fixes a regression causing global tableOfContents config to be ignored

@​astrojs/starlight@​0.38.0

Minor Changes

• #3644 0d2e7ed Thanks @​HiDeoo! - Adds support for Astro v6, drops support for Astro v5.

  Upgrade Astro and dependencies

  ⚠️ BREAKING CHANGE: Astro v5 is no longer supported. Make sure you update Astro and any other official integrations at the same time as updating Starlight:

  npx @astrojs/upgrade

  Community Starlight plugins and Astro integrations may also need to be manually updated to work with Astro v6. If you encounter any issues, please reach out to the plugin or integration author to see if it is a known issue or if an updated version is being worked on.

  Update your collections

  ⚠️ BREAKING CHANGE: Drops support for content collections backwards compatibility.

  In Astro 5.x, projects could delay upgrading to the new Content Layer API introduced for content collections because of some existing automatic backwards compatibility that was not previously behind a flag. This meant that it was possible to upgrade from Astro 4 to Astro 5 without updating your content collections, even if you had not enabled the legacy.collections flag. Projects would continue to build, and no errors or warnings would be displayed.

  Astro v6.0 now removes this automatic legacy content collections support, along with the legacy.collections flag.

  If you experience content collections errors after updating to v6, check your project for any removed legacy features that may need updating to the Content Layer API. See the Starlight v0.30.0 upgrade guide for detailed instructions on upgrading legacy collections to the new Content Layer API.

  If you are unable to make any changes to your collections at this time, including Starlight's default docs and i18n collections, you can enable the legacy.collectionsBackwardsCompat flag to upgrade to v6 without updating your collections. This temporary flag preserves some legacy v4 content collections features, and will allow you to keep your collections in their current state until the legacy flag is no longer supported.

• #3704 375edcc Thanks @​florian-lefebvre! - Fixes autocomplete for components exported from @astrojs/starlight/components/*

  ⚠️ Potentially breaking change: This change moves some files used in Starlight’s component internals out of the components/ directory. Direct use of these files was not and is not officially supported. If you previously imported TableOfContents/starlight-toc.ts, TableOfContents/TableOfContentsList.astro, Icons.ts, or SidebarPersistState.ts, please review your code when updating.

• #3729 3642625 Thanks @​delucis! - Improves Starlight’s default body font stack to better support languages such as Chinese, Japanese, and Korean on Windows. For most users there should be no visible change.

  If you would prefer to keep the previous font stack, you can add the following custom CSS to your site:

  :root {
    --sl-font-system: ui-sans-serif, system-ui, 'Segoe UI', Roboto,
      'Helvetica Neue', Arial, 'Noto Sans', sans-serif, 'Apple Color Emoji',
      'Segoe UI Emoji', 'Segoe UI Symbol', 'Noto Color Emoji';
  }

• #3598 fff38d5 Thanks @​HiDeoo! - Makes hover styles consistent in Starlight’s navigation bar

... (truncated)

Changelog

Sourced from @​astrojs/starlight's changelog.

0.38.1

Patch Changes

• #3751 fb955ff Thanks @​pyxelr! - Fixes a regression causing global tableOfContents config to be ignored

0.38.0

Minor Changes

• #3644 0d2e7ed Thanks @​HiDeoo! - Adds support for Astro v6, drops support for Astro v5.

  Upgrade Astro and dependencies

  ⚠️ BREAKING CHANGE: Astro v5 is no longer supported. Make sure you update Astro and any other official integrations at the same time as updating Starlight:

  npx @astrojs/upgrade

  Community Starlight plugins and Astro integrations may also need to be manually updated to work with Astro v6. If you encounter any issues, please reach out to the plugin or integration author to see if it is a known issue or if an updated version is being worked on.

  Update your collections

  ⚠️ BREAKING CHANGE: Drops support for content collections backwards compatibility.

  In Astro 5.x, projects could delay upgrading to the new Content Layer API introduced for content collections because of some existing automatic backwards compatibility that was not previously behind a flag. This meant that it was possible to upgrade from Astro 4 to Astro 5 without updating your content collections, even if you had not enabled the legacy.collections flag. Projects would continue to build, and no errors or warnings would be displayed.

  Astro v6.0 now removes this automatic legacy content collections support, along with the legacy.collections flag.

  If you experience content collections errors after updating to v6, check your project for any removed legacy features that may need updating to the Content Layer API. See the Starlight v0.30.0 upgrade guide for detailed instructions on upgrading legacy collections to the new Content Layer API.

  If you are unable to make any changes to your collections at this time, including Starlight's default docs and i18n collections, you can enable the legacy.collectionsBackwardsCompat flag to upgrade to v6 without updating your collections. This temporary flag preserves some legacy v4 content collections features, and will allow you to keep your collections in their current state until the legacy flag is no longer supported.

• #3704 375edcc Thanks @​florian-lefebvre! - Fixes autocomplete for components exported from @astrojs/starlight/components/*

  ⚠️ Potentially breaking change: This change moves some files used in Starlight’s component internals out of the components/ directory. Direct use of these files was not and is not officially supported. If you previously imported TableOfContents/starlight-toc.ts, TableOfContents/TableOfContentsList.astro, Icons.ts, or SidebarPersistState.ts, please review your code when updating.

• #3729 3642625 Thanks @​delucis! - Improves Starlight’s default body font stack to better support languages such as Chinese, Japanese, and Korean on Windows. For most users there should be no visible change.

  If you would prefer to keep the previous font stack, you can add the following custom CSS to your site:

  :root {
    --sl-font-system: ui-sans-serif, system-ui, 'Segoe UI', Roboto,
      'Helvetica Neue', Arial, 'Noto Sans', sans-serif, 'Apple Color Emoji',
      'Segoe UI Emoji', 'Segoe UI Symbol', 'Noto Color Emoji';
  }

... (truncated)

Commits

• ac64c72 [ci] release (#3752)
• fb955ff fix: respect global tableOfContents config with zod v4 (#3751)
• eb7abe2 [ci] release (#3745)
• fff38d5 Tweak header hover effects (#3598)
• 375edcc feat: improve components exports with wildcard (#3704)
• 047dd32 [ci] format
• 3642625 Update default system font stack to better handle CJK locales on Windows (#3729)
• 924070d Pin to old Prettier version to unblock release (#3747)
• a43ee44 [ci] format
• 0d2e7ed Astro 6 support (#3644)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
❌ Deployment failed View logs	synapse-dev	f4b832e	Mar 17 2026, 02:53 PM

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	starlight-changelogs@​0.4.0
	starlight-auto-sidebar@​0.1.4
	@​hugomrdias/​docs@​0.1.11
	expressive-code-twoslash@​0.6.1
	starlight-links-validator@​0.19.2
	typedoc-plugin-missing-exports@​4.1.2
	rehype-external-links@​3.0.0
	typedoc-plugin-mdn-links@​5.1.1
	@​astrojs/​starlight@​0.38.1
	astro-mermaid@​1.3.1
	astro@​5.18.1
	typedoc@​0.28.17
	mermaid@​11.13.0

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/typedoc@0.28.17 → npm/entities@4.5.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@4.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/astro@5.18.1 → npm/@astrojs/starlight@0.38.1 → npm/starlight-links-validator@0.19.2 → npm/entities@6.0.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@6.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm markdown-it is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/typedoc@0.28.17 → npm/markdown-it@14.1.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/markdown-it@14.1.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm vite is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/@hugomrdias/docs@0.1.11 → npm/vite@6.4.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/vite@6.4.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report