chore(deps): bump astro from 4.14.4 to 4.16.3 in /examples/astro

[dependabot]

Bumps astro from 4.14.4 to 4.16.3.

Release notes

Sourced from astro's releases.

[email protected]

Patch Changes

• #12220 b049359 Thanks @​bluwy! - Fixes accidental internal setOnSetGetEnv parameter rename that caused runtime errors

• #12197 2aa2dfd Thanks @​ematipico! - Fix a regression where a port was incorrectly added to the Astro.url

[email protected]

Patch Changes

• #12206 12b0022 Thanks @​bluwy! - Reverts withastro/astro#12173 which caused Can't modify immutable headers warnings and 500 errors on Cloudflare Pages

[email protected]

Patch Changes

• #12177 a4ffbfa Thanks @​matthewp! - Ensure we target scripts for execution in the router

  Using document.scripts is unsafe because if the application has a name="scripts" this will shadow the built-in document.scripts. Fix is to use getElementsByTagName to ensure we're only grabbing real scripts.

• #12173 2d10de5 Thanks @​ematipico! - Fixes a bug where Astro Actions couldn't redirect to the correct pathname when there was a rewrite involved.

[email protected]

Minor Changes

• #12039 710a1a1 Thanks @​ematipico! - Adds a markdown.shikiConfig.langAlias option that allows aliasing a non-supported code language to a known language. This is useful when the language of your code samples is not a built-in Shiki language, but you want your Markdown source to contain an accurate language while also displaying syntax highlighting.

  The following example configures Shiki to highlight cjs code blocks using the javascript syntax highlighter:

  import { defineConfig } from 'astro/config';
  export default defineConfig({
  markdown: {
  shikiConfig: {
  langAlias: {
  cjs: 'javascript',
  },
  },
  },
  });

  Then in your Markdown, you can use the alias as the language for a code block for syntax highlighting:

  ```cjs
  'use strict';
  function commonJs() {
  return 'I am a commonjs file';

... (truncated)

Changelog

Sourced from astro's changelog.

4.16.3

Patch Changes

• #12220 b049359 Thanks @​bluwy! - Fixes accidental internal setOnSetGetEnv parameter rename that caused runtime errors

• #12197 2aa2dfd Thanks @​ematipico! - Fix a regression where a port was incorrectly added to the Astro.url

4.16.2

Patch Changes

• #12206 12b0022 Thanks @​bluwy! - Reverts withastro/astro#12173 which caused Can't modify immutable headers warnings and 500 errors on Cloudflare Pages

4.16.1

Patch Changes

• #12177 a4ffbfa Thanks @​matthewp! - Ensure we target scripts for execution in the router

  Using document.scripts is unsafe because if the application has a name="scripts" this will shadow the built-in document.scripts. Fix is to use getElementsByTagName to ensure we're only grabbing real scripts.

• #12173 2d10de5 Thanks @​ematipico! - Fixes a bug where Astro Actions couldn't redirect to the correct pathname when there was a rewrite involved.

4.16.0

Minor Changes

• #12039 710a1a1 Thanks @​ematipico! - Adds a markdown.shikiConfig.langAlias option that allows aliasing a non-supported code language to a known language. This is useful when the language of your code samples is not a built-in Shiki language, but you want your Markdown source to contain an accurate language while also displaying syntax highlighting.

  The following example configures Shiki to highlight cjs code blocks using the javascript syntax highlighter:

  import { defineConfig } from 'astro/config';
  export default defineConfig({
  markdown: {
  shikiConfig: {
  langAlias: {
  cjs: 'javascript',
  },
  },
  },
  });

  Then in your Markdown, you can use the alias as the language for a code block for syntax highlighting:

  ```cjs

... (truncated)

Commits

• a338041 [ci] release (#12221)
• 59a2fbc [ci] format
• 2aa2dfd fix: revert regression of port computation (#12197)
• b049359 Fix setOnSetGetEnv parameter name (#12220)
• bbc72a1 [ci] release (#12207)
• 12b0022 Revert #12173 (#12206)
• c73d65d [ci] release (#12178)
• 650dd22 Fix VT video test fail in firefox (#12188)
• 58e22bd [ci] format
• 2d10de5 fix(routing): actions should redirect the original pathname (#12173)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[semgrep-code-dotcms-test]

Package dependencies with variant versions may lead to dependency hijack and confusion attacks. Better to specify an exact version or use package-lock.json for a specific version of the package.

_{Ignore this finding from package-dependencies-check.}

[semgrep-code-dotcms-test]

Semgrep Assistant suggests the following fix: Specify exact versions for dependencies in package.json to prevent dependency hijacking.

View step-by-step instructions

1. Open your package.json file.
2. Locate the dependency "astro": "^4.16.3".
3. Replace the caret (^) with an exact version number to ensure a specific version is used. Change it to "astro": "4.16.3".
4. Repeat the same process for any other dependencies using caret (^), tilde (~), or other variant version specifiers to specify exact versions.
5. Run $ npm install to update your package-lock.json with the exact versions specified in package.json.

This change ensures that your project uses the exact version of the dependencies specified, reducing the risk of dependency hijacking and confusion attacks.

This code change should fix the finding:

Suggested change

	"astro": "^4.16.3",
	{
	"name": "dotcms-astro-uve",
	"type": "module",
	"version": "0.0.1",
	"scripts": {
	"dev": "astro dev",
	"start": "astro dev",
	"build": "astro check && astro build",
	"preview": "astro preview",
	"astro": "astro"
	},
	"dependencies": {
	"@astrojs/check": "^0.9.3",
	"@astrojs/react": "^3.6.2",
	"@astrojs/tailwind": "^5.1.0",
	"@astrojs/vercel": "^7.8.0",
	"@dotcms/client": "latest",
	"@dotcms/react": "latest",
	"@types/react": "^18.3.3",
	"@types/react-dom": "^18.3.0",
	"astro": "4.16.3", // Changed to exact version
	"react": "^18.3.1",
	"react-dom": "^18.3.1",
	"tailwindcss": "^3.4.10",
	"typescript": "^5.5.4"
	},
	"devDependencies": {
	"prettier": "^3.3.3",
	"prettier-plugin-astro": "^0.14.1"
	}
	}

_{Leave feedback with a 👍 / 👎. Save a memory with /semgrep remember <your custom instructions>.}

[dependabot]

Looks like astro is up-to-date now, so this is no longer needed.