fix(docs): upgrade Astro 5 → 6 to resolve CVE-2026-41067

[AnExiledDev]

Summary

• Upgrades Astro 5 → 6 (^5.18.0 → ^6.1.6) to fix CVE-2026-41067 (XSS in define:vars)
• Bumps 13 dependencies to Astro 6-compatible versions (Starlight, plugins, integrations)
• Removes Zod override — Astro 6 ships Zod 4 internally, no custom Zod usage in docs
• Fixes transitive uuid vulnerability (GHSA-w5hq-g745-h8pq) via npm audit fix

Resolves #28, resolves #29

What changed

Package	Before	After
astro	^5.18.0	^6.1.6
@astrojs/starlight	^0.37.6	^0.39.1
@astrojs/starlight-tailwind	^4.0.2	^5.0.0
@astrojs/sitemap	3.7.0	^3.7.2
astro-mermaid	^1.3.1	^2.0.1
starlight-image-zoom	^0.13.2	^0.14.1
starlight-kbd	^0.3.0	^0.4.0
starlight-links-validator	^0.19.2	^0.24.0
starlight-llms-txt	^0.7.0	^0.8.1
starlight-scroll-to-top	^0.4.0	^1.0.1
starlight-sidebar-topics	^0.6.2	^0.7.1
starlight-tags	^0.4.0	^1.0.1
starlight-versions	^0.7.0	^0.8.2

No config or source file changes — dependency-only upgrade.

Test plan

• npm run build passes — 58 pages built, all links valid
• Pagefind search index builds (58 files)
• npm audit reports 0 vulnerabilities
• Verify dependabot alerts Add container runtime pre-flight check #28 and Fix commit-reminder blocking and test-runner tmp file mismatch #29 auto-close after merge

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 68821404-83b4-4557-a941-17345f239c16

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/docs-astro6-cve

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[AnExiledDev]

Superseded by #90 which already merged astro 6.1.6 + full starlight ecosystem bump to staging.