Skip to content

chore: bump the minor-and-patch group across 2 directories with 4 updates#569

Merged
Aureliolo merged 1 commit intomainfrom
dependabot/npm_and_yarn/site/minor-and-patch-1e680d80cd
Mar 19, 2026
Merged

chore: bump the minor-and-patch group across 2 directories with 4 updates#569
Aureliolo merged 1 commit intomainfrom
dependabot/npm_and_yarn/site/minor-and-patch-1e680d80cd

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 19, 2026
edited
Loading

Bumps the minor-and-patch group with 2 updates in the /site directory: @tailwindcss/vite and astro.
Bumps the minor-and-patch group with 1 update in the /web directory: vite.

Updates @tailwindcss/vite from 4.2.1 to 4.2.2

Release notes

Sourced from @​tailwindcss/vite's releases.

v4.2.2

Added

  • Support Vite 8 in @tailwindcss/vite (#19790)

Fixed

  • Don't crash when candidates contain prototype properties like row-constructor (#19725)
  • Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#19769)
  • Fix crash in canonicalization step when handling utilities containing @property at-rules (e.g. shadow-sm border) (#19727)
  • Skip full reload for server only modules scanned by client CSS when using @tailwindcss/vite (#19745)
  • Improve canonicalization for bare values exceeding default spacing scale suggestions (e.g. w-1234 h-1234size-1234) (#19809)
  • Fix canonicalization resulting in empty list (e.g. w-5 h-5 size-5'' instead of size-5) (#19812)
Changelog

Sourced from @​tailwindcss/vite's changelog.

[4.2.2] - 2026-03-18

Fixed

  • Don't crash when candidates contain prototype properties like row-constructor (#19725)
  • Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#19769)
  • Fix crash in canonicalization step when handling utilities containing @property at-rules (e.g. shadow-sm border) (#19727)
  • Skip full reload for server only modules scanned by client CSS when using @tailwindcss/vite (#19745)
  • Add support for Vite 8 in @tailwindcss/vite (#19790)
  • Improve canonicalization for bare values exceeding default spacing scale suggestions (e.g. w-1234 h-1234size-1234) (#19809)
  • Fix canonicalization resulting in empty list (e.g. w-5 h-5 size-5'' instead of size-5) (#19812)
Commits

Updates astro from 6.0.5 to 6.0.6

Release notes

Sourced from astro's releases.

astro@6.0.6

Patch Changes

  • #15965 2dca307 Thanks @​matthewp! - Fixes client hydration for components imported through Node.js subpath imports (package.json#imports, e.g. #components/*), for example when using the Cloudflare adapter in development.

  • #15770 6102ca2 Thanks @​jpc-ae! - Updates the create astro welcome message to highlight the graceful dev/preview server quit command rather than the kill process shortcut

  • #15953 7eddf22 Thanks @​Desel72! - fix(hmr): eagerly recompile on style-only change to prevent stale slots render

  • #15916 5201ed4 Thanks @​trueberryless! - Fixes InferLoaderSchema type inference for content collections defined with a loader that includes a schema

  • #15864 d3c7de9 Thanks @​florian-lefebvre! - Removes temporary support for Node >=20.19.1 because Stackblitz now uses Node 22 by default

  • #15944 a5e1acd Thanks @​fkatsuhiro! - Fixes SSR dynamic routes with .html extension (e.g. [slug].html.astro) not working

  • #15937 d236245 Thanks @​ematipico! - Fixes an issue where HMR didn't correctly work on Windows when adding/changing/deleting routes in pages/.

  • #15931 98dfb61 Thanks @​Strernd! - Fix skew protection query params not being applied to island hydration component-url and renderer-url, and ensure query params are appended safely for asset URLs with existing search/hash parts.

  • Updated dependencies []:

    • @​astrojs/markdown-remark@​7.0.1
Changelog

Sourced from astro's changelog.

6.0.6

Patch Changes

  • #15965 2dca307 Thanks @​matthewp! - Fixes client hydration for components imported through Node.js subpath imports (package.json#imports, e.g. #components/*), for example when using the Cloudflare adapter in development.

  • #15770 6102ca2 Thanks @​jpc-ae! - Updates the create astro welcome message to highlight the graceful dev/preview server quit command rather than the kill process shortcut

  • #15953 7eddf22 Thanks @​Desel72! - fix(hmr): eagerly recompile on style-only change to prevent stale slots render

  • #15916 5201ed4 Thanks @​trueberryless! - Fixes InferLoaderSchema type inference for content collections defined with a loader that includes a schema

  • #15864 d3c7de9 Thanks @​florian-lefebvre! - Removes temporary support for Node >=20.19.1 because Stackblitz now uses Node 22 by default

  • #15944 a5e1acd Thanks @​fkatsuhiro! - Fixes SSR dynamic routes with .html extension (e.g. [slug].html.astro) not working

  • #15937 d236245 Thanks @​ematipico! - Fixes an issue where HMR didn't correctly work on Windows when adding/changing/deleting routes in pages/.

  • #15931 98dfb61 Thanks @​Strernd! - Fix skew protection query params not being applied to island hydration component-url and renderer-url, and ensure query params are appended safely for asset URLs with existing search/hash parts.

  • Updated dependencies []:

    • @​astrojs/markdown-remark@​7.0.1
Commits

Updates tailwindcss from 4.2.1 to 4.2.2

Release notes

Sourced from tailwindcss's releases.

v4.2.2

Added

  • Support Vite 8 in @tailwindcss/vite (#19790)

Fixed

  • Don't crash when candidates contain prototype properties like row-constructor (#19725)
  • Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#19769)
  • Fix crash in canonicalization step when handling utilities containing @property at-rules (e.g. shadow-sm border) (#19727)
  • Skip full reload for server only modules scanned by client CSS when using @tailwindcss/vite (#19745)
  • Improve canonicalization for bare values exceeding default spacing scale suggestions (e.g. w-1234 h-1234size-1234) (#19809)
  • Fix canonicalization resulting in empty list (e.g. w-5 h-5 size-5'' instead of size-5) (#19812)
Changelog

Sourced from tailwindcss's changelog.

[4.2.2] - 2026-03-18

Fixed

  • Don't crash when candidates contain prototype properties like row-constructor (#19725)
  • Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#19769)
  • Fix crash in canonicalization step when handling utilities containing @property at-rules (e.g. shadow-sm border) (#19727)
  • Skip full reload for server only modules scanned by client CSS when using @tailwindcss/vite (#19745)
  • Add support for Vite 8 in @tailwindcss/vite (#19790)
  • Improve canonicalization for bare values exceeding default spacing scale suggestions (e.g. w-1234 h-1234size-1234) (#19809)
  • Fix canonicalization resulting in empty list (e.g. w-5 h-5 size-5'' instead of size-5) (#19812)
Commits
  • d596b0c 4.2.2 (#19821)
  • 2228a57 Bump Lightning CSS (#19771)
  • f302fce Fix canonicalization resulting in empty list (#19812)
  • bb2f170 Improve canonicalization for bare values exceeding default spacing scale sugg...
  • faa5e88 Cleanup inconsistencies related to (regex) escapes (#19804)
  • d5717f2 run prettier
  • 51aa9d7 fix(canonicalize): handle utilities with empty property maps in collapse (#19...
  • c586bd6 Canonicalize calc(var(--spacing)*…) expressions into --spacing(…) (#19769)
  • 9ded4a2 Guard object lookups against inherited prototype properties (#19725)
  • See full diff in compare view

Updates vite from 8.0.0 to 8.0.1

Release notes

Sourced from vite's releases.

create-vite@8.0.1

Please refer to CHANGELOG.md for details.

v8.0.1

Please refer to CHANGELOG.md for details.

Changelog

Sourced from vite's changelog.

8.0.1 (2026-03-19)

Features

Bug Fixes

  • bundled-dev: properly disable inlineConst optimization (#21865) (6d97142)
  • css: lightningcss minify failed when build.target: 'es6' (#21933) (5fcce46)
  • deps: update all non-major dependencies (#21878) (6dbbd7f)
  • dev: always use ESM Oxc runtime (#21829) (d323ed7)
  • dev: handle concurrent restarts in _createServer (#21810) (40bc729)
  • handle + symbol in package subpath exports during dep optimization (#21886) (86db93d)
  • improve no-cors request block error (#21902) (5ba688b)
  • use precise regexes for transform filter to avoid backtracking (#21800) (dbe41bd)
  • worker: require(json) result should not be wrapped (#21847) (0672fd2)
  • worker: make worker output consistent with client and SSR (#21871) (69454d7)

Miscellaneous Chores

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added the type:chore Maintenance, cleanup, dependency updates label Mar 19, 2026
@dependabot dependabot bot requested a review from Aureliolo as a code owner March 19, 2026 06:10
@dependabot dependabot bot added the type:chore Maintenance, cleanup, dependency updates label Mar 19, 2026
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Mar 19, 2026
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 2 package(s) with unknown licenses.
See the Details below.

License Issues

site/package-lock.json

PackageVersionLicenseIssue Type
@types/debug4.1.13NullUnknown License

web/package-lock.json

PackageVersionLicenseIssue Type
vite8.0.1NullUnknown License
Allowed Licenses: MIT, MIT-0, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, MPL-2.0, PSF-2.0, Unlicense, 0BSD, CC0-1.0, Python-2.0, Python-2.0.1, LicenseRef-scancode-free-unknown, LicenseRef-scancode-protobuf, LicenseRef-scancode-google-patent-license-golang, ZPL-2.1, LGPL-2.0-only, LGPL-2.1-only, LGPL-3.0-only, LGPL-3.0-or-later, BlueOak-1.0.0
Excluded from license check: pkg:pypi/mem0ai@1.0.5, pkg:pypi/numpy@2.4.3, pkg:pypi/qdrant-client@1.17.0, pkg:pypi/posthog@7.9.12, pkg:npm/@img/sharp-wasm32@0.33.5, pkg:npm/@img/sharp-win32-ia32@0.33.5, pkg:npm/@img/sharp-win32-x64@0.33.5

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@astrojs/markdown-remark 7.0.1 UnknownUnknown
npm/@astrojs/prism 4.0.1 UnknownUnknown
npm/@tailwindcss/node 4.2.2 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 4Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@tailwindcss/oxide 4.2.2 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 4Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@tailwindcss/oxide-android-arm64 4.2.2 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 4Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@tailwindcss/oxide-darwin-arm64 4.2.2 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 4Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@tailwindcss/oxide-darwin-x64 4.2.2 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 4Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@tailwindcss/oxide-freebsd-x64 4.2.2 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 4Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@tailwindcss/oxide-linux-arm-gnueabihf 4.2.2 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 4Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@tailwindcss/oxide-linux-arm64-gnu 4.2.2 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 4Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@tailwindcss/oxide-linux-arm64-musl 4.2.2 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 4Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@tailwindcss/oxide-linux-x64-gnu 4.2.2 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 4Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@tailwindcss/oxide-linux-x64-musl 4.2.2 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 4Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@tailwindcss/oxide-wasm32-wasi 4.2.2 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 4Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@tailwindcss/oxide-win32-arm64-msvc 4.2.2 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 4Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@tailwindcss/oxide-win32-x64-msvc 4.2.2 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 4Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@tailwindcss/vite 4.2.2 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 4Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@types/debug 4.1.13 UnknownUnknown
npm/astro 6.0.6 UnknownUnknown
npm/enhanced-resolve 5.20.1 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 4Found 12/26 approved changesets -- score normalized to 4
Maintained🟢 1012 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 3dependency not pinned by hash detected -- score normalized to 3
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/lightningcss 1.32.0 UnknownUnknown
npm/lightningcss-android-arm64 1.32.0 UnknownUnknown
npm/lightningcss-darwin-arm64 1.32.0 UnknownUnknown
npm/lightningcss-darwin-x64 1.32.0 UnknownUnknown
npm/lightningcss-freebsd-x64 1.32.0 UnknownUnknown
npm/lightningcss-linux-arm-gnueabihf 1.32.0 UnknownUnknown
npm/lightningcss-linux-arm64-gnu 1.32.0 UnknownUnknown
npm/lightningcss-linux-arm64-musl 1.32.0 UnknownUnknown
npm/lightningcss-linux-x64-gnu 1.32.0 UnknownUnknown
npm/lightningcss-linux-x64-musl 1.32.0 UnknownUnknown
npm/lightningcss-win32-arm64-msvc 1.32.0 UnknownUnknown
npm/lightningcss-win32-x64-msvc 1.32.0 UnknownUnknown
npm/oniguruma-to-es 4.3.5 UnknownUnknown
npm/tailwindcss 4.2.2 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 4Found 10/25 approved changesets -- score normalized to 4
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Fuzzing🟢 10project is fuzzed
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@oxc-project/types 0.120.0 UnknownUnknown
npm/@rolldown/binding-android-arm64 1.0.0-rc.10 UnknownUnknown
npm/@rolldown/binding-darwin-arm64 1.0.0-rc.10 UnknownUnknown
npm/@rolldown/binding-darwin-x64 1.0.0-rc.10 UnknownUnknown
npm/@rolldown/binding-freebsd-x64 1.0.0-rc.10 UnknownUnknown
npm/@rolldown/binding-linux-arm-gnueabihf 1.0.0-rc.10 UnknownUnknown
npm/@rolldown/binding-linux-arm64-gnu 1.0.0-rc.10 UnknownUnknown
npm/@rolldown/binding-linux-arm64-musl 1.0.0-rc.10 UnknownUnknown
npm/@rolldown/binding-linux-ppc64-gnu 1.0.0-rc.10 UnknownUnknown
npm/@rolldown/binding-linux-s390x-gnu 1.0.0-rc.10 UnknownUnknown
npm/@rolldown/binding-linux-x64-gnu 1.0.0-rc.10 UnknownUnknown
npm/@rolldown/binding-linux-x64-musl 1.0.0-rc.10 UnknownUnknown
npm/@rolldown/binding-openharmony-arm64 1.0.0-rc.10 UnknownUnknown
npm/@rolldown/binding-wasm32-wasi 1.0.0-rc.10 UnknownUnknown
npm/@rolldown/binding-win32-arm64-msvc 1.0.0-rc.10 UnknownUnknown
npm/@rolldown/binding-win32-x64-msvc 1.0.0-rc.10 UnknownUnknown
npm/@rolldown/pluginutils 1.0.0-rc.10 UnknownUnknown
npm/rolldown 1.0.0-rc.10 UnknownUnknown
npm/vite 8.0.1 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 4Found 12/29 approved changesets -- score normalized to 4
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 5detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 5binaries present in source code
License🟢 10license file detected
Pinned-Dependencies🟢 6dependency not pinned by hash detected -- score normalized to 6
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Fuzzing⚠️ 0project is not fuzzed
Security-Policy🟢 10security policy file detected
Signed-Releases⚠️ -1no releases found
SAST🟢 4SAST tool is not run on all commits -- score normalized to 4

Scanned Files

  • site/package-lock.json
  • web/package-lock.json

@socket-security
Copy link
Copy Markdown

socket-security bot commented Mar 19, 2026
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatednpm/​astro@​6.0.5 ⏵ 6.0.69710088 +198100
Updatednpm/​vite@​8.0.0 ⏵ 8.0.1100 +7100100 +19100 +2100

View full report

@dependabot dependabot bot had a problem deploying to cloudflare-preview March 19, 2026 06:11 Failure
@Aureliolo Aureliolo temporarily deployed to cloudflare-preview March 19, 2026 07:15 — with GitHub Actions Inactive
Aureliolo
Aureliolo previously approved these changes Mar 19, 2026
View reviewed changes
Copy link
Copy Markdown
Owner

@Aureliolo Aureliolo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changelog reviewed. Clean patch bumps across 3 packages:

  • @tailwindcss/vite 4.2.1->4.2.2: Vite 8 support, crash fixes
  • astro 6.0.5->6.0.6: Windows HMR fix, style-only HMR fix, SSR route fix
  • vite 8.0.0->8.0.1: rolldown update, concurrent restart fix, regex perf fix

CI Pass green. Docker Build Web failure is pre-existing (CVE-2026-32767 in libexpat -- unrelated). No config changes needed.

Note: Will likely need Dependabot rebase after PR #570 merges (overlapping web/package-lock.json).

@Aureliolo
Copy link
Copy Markdown
Owner

Aureliolo commented Mar 19, 2026

@dependabot rebase

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 19, 2026

Looks like this PR has been edited by someone other than Dependabot. That means Dependabot can't rebase it - sorry!

If you're happy for Dependabot to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

@Aureliolo Aureliolo temporarily deployed to cloudflare-preview March 19, 2026 07:24 — with GitHub Actions Inactive
@Aureliolo
Copy link
Copy Markdown
Owner

Aureliolo commented Mar 19, 2026

@dependabot recreate

@dependabot
chore: bump the minor-and-patch group across 2 directories with 4 upd…
8c5ff82 
…ates

Bumps the minor-and-patch group with 2 updates in the /site directory: [@tailwindcss/vite](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-vite) and [astro](https://github.com/withastro/astro/tree/HEAD/packages/astro).
Bumps the minor-and-patch group with 1 update in the /web directory: [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite).


Updates `@tailwindcss/vite` from 4.2.1 to 4.2.2
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.2/packages/@tailwindcss-vite)

Updates `astro` from 6.0.5 to 6.0.6
- [Release notes](https://github.com/withastro/astro/releases)
- [Changelog](https://github.com/withastro/astro/blob/main/packages/astro/CHANGELOG.md)
- [Commits](https://github.com/withastro/astro/commits/astro@6.0.6/packages/astro)

Updates `tailwindcss` from 4.2.1 to 4.2.2
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.2.2/packages/tailwindcss)

Updates `vite` from 8.0.0 to 8.0.1
- [Release notes](https://github.com/vitejs/vite/releases)
- [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md)
- [Commits](https://github.com/vitejs/vite/commits/create-vite@8.0.1/packages/vite)

---
updated-dependencies:
- dependency-name: "@tailwindcss/vite"
  dependency-version: 4.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: astro
  dependency-version: 6.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: tailwindcss
  dependency-version: 4.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: vite
  dependency-version: 8.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/site/minor-and-patch-1e680d80cd branch from d0421f9 to 8c5ff82 Compare March 19, 2026 07:28
@dependabot dependabot bot had a problem deploying to cloudflare-preview March 19, 2026 07:29 Failure
@Aureliolo Aureliolo merged commit 3295168 into main Mar 19, 2026
24 of 26 checks passed
@Aureliolo Aureliolo deleted the dependabot/npm_and_yarn/site/minor-and-patch-1e680d80cd branch March 19, 2026 07:33
@Aureliolo Aureliolo temporarily deployed to cloudflare-preview March 19, 2026 07:33 — with GitHub Actions Inactive
@Aureliolo Aureliolo mentioned this pull request Mar 19, 2026
Merged
Aureliolo added a commit that referenced this pull request Mar 19, 2026
@Aureliolo @github-actions
chore(main): release 0.3.6 (#573)
a1bedb8 
🤖 I have created a release *beep* *boop*
---


##
[0.3.6](v0.3.5...v0.3.6)
(2026-03-19)


### Features

* **cli:** add backup subcommands (backup, backup list, backup restore)
([#568](#568))
([4c06b1d](4c06b1d))
* **engine:** implement execution loop auto-selection based on task
complexity ([#567](#567))
([5bfc2c6](5bfc2c6))


### Bug Fixes

* activate structured logging pipeline -- wire 8-sink system, integrate
Uvicorn, suppress spam
([#572](#572))
([9b6bf33](9b6bf33))
* **cli:** bump grpc-go v1.79.3 -- CVE-2026-33186 auth bypass
([#574](#574))
([f0171c9](f0171c9))
* resolve OpenAPI schema validation warnings for union/optional fields
([#558](#558))
([5d96b2b](5d96b2b))


### CI/CD

* bump codecov/codecov-action from 5.5.2 to 5.5.3 in the minor-and-patch
group ([#571](#571))
([267f685](267f685))
* ignore chainguard/python in Dependabot docker updates
([#575](#575))
([1935eaa](1935eaa))


### Maintenance

* bump the major group across 1 directory with 2 updates
([#570](#570))
([b98f82c](b98f82c))
* bump the minor-and-patch group across 2 directories with 4 updates
([#569](#569))
([3295168](3295168))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Aureliolo Aureliolo Aureliolo approved these changes

Assignees

No one assigned

Labels

type:chore Maintenance, cleanup, dependency updates

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Aureliolo