Build(deps-dev): Bump the development-dependencies group with 6 updates

[dependabot]

Bumps the development-dependencies group with 6 updates:

Package	From	To
@astrojs/check	0.9.5	0.9.6
@docsearch/js	3.9.0	4.3.2
astro	5.16.0	5.16.3
prettier	3.6.2	3.7.3
stylelint	16.26.0	16.26.1
vnu-jar	25.11.25	25.12.2

Updates @astrojs/check from 0.9.5 to 0.9.6

Release notes

Sourced from @​astrojs/check's releases.

@​astrojs/check@​0.9.6

Patch Changes

• #14740 abfed97 Thanks @​ArmandPhilippot! - Fixes link targets in documentation following repository relocation.

• Updated dependencies [abfed97]:

  • @​astrojs/language-server@​2.16.1

Changelog

Sourced from @​astrojs/check's changelog.

0.9.6

Patch Changes

• #14740 abfed97 Thanks @​ArmandPhilippot! - Fixes link targets in documentation following repository relocation.

• Updated dependencies [abfed97]:

  • @​astrojs/language-server@​2.16.1

Commits

• 7523a1f [ci] release (#14907)
• abfed97 fix: replace withastro/language-tools mentions (#14740)
• f3bc8b2 fix: binary path
• b35983b fix(check): make the binary work in dev mode
• 372b7c3 feat(language-tools): Match monorepo coding style and cleanup
• 820a866 Update from language-tools
• 474f300 fix: tsconfig
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​astrojs/check since your current version.

Updates @docsearch/js from 3.9.0 to 4.3.2

Release notes

Sourced from @​docsearch/js's releases.

v4.3.1

4.3.1 (2025-11-04)

Bug Fixes

• npm: Publish new packages with public access (#2795) (2d045b5)

v4.2.0

4.2.0 (2025-10-06)

Bug Fixes

• askai: Fixes issue with askai state being outside DocSearchModal (#2778) (5d8943b)
• remove hit favorite and hit deletion animations (#2777) (cd9e6fb)
• typo (1ff1198)

Features

• curate AskAI search parameters (#2768) (d8ad7f6)
• dark theme support for Menu (#2776) (01517d9)
• Modal and AskAI UX tweaks (#2765) (0267f55)
• Modal UI/UX fixes and updates (#2780) (a3ab7a8)
• update Ask AI docs (#2775) (9986cbf)

v4.1.0

4.1.0 (2025-09-22)

Bug Fixes

• add docsearch 4 to website (#2767) (9a908b8)

Features

• Split docsearch-react package exports (#2764) (b15f302)

v4.0.1

4.0.1 (2025-09-16)

Bug Fixes

• deps: Adds zod to dependency list (#2759) (4011294)
• modal: Fixes issue with index typings on DocSearchModal (#2760) (55934d8)

v4.0.0

... (truncated)

Changelog

Sourced from @​docsearch/js's changelog.

4.3.2 (2025-11-10)

Bug Fixes

• suggested-questions: Fixes Suggested Questions on dark theme (#2797) (d9c4220)

4.3.1 (2025-11-04)

Bug Fixes

• npm: Publish new packages with public access (#2795) (2d045b5)

4.3.0 (2025-11-04)

Bug Fixes

• docsearch-js: resultsFooterComponent not working in JS CDN version (#2786) (5381e76)
• website: Fix API Reference docs page formatting (#2783) (8980d47)
• website: updated askai markdown documentation (#2788) (f7be2a6)

Features

• Composable API packages versions (#2789) (b91e309)
• composable-api: Document Composable API (#2793) (e5ae33f)
• composable-api: Introduce new Composable API (#2779) (5e9bdfe), closes #2771 #2772 #2774
• suggested-questions: Add suggested questions (#2787) (2b4779a)

4.2.0 (2025-10-06)

Bug Fixes

• askai: Fixes issue with askai state being outside DocSearchModal (#2778) (5d8943b)
• remove hit favorite and hit deletion animations (#2777) (cd9e6fb)
• typo (1ff1198)

Features

• curate AskAI search parameters (#2768) (d8ad7f6)

... (truncated)

Commits

• See full diff in compare view

Updates astro from 5.16.0 to 5.16.3

Release notes

Sourced from astro's releases.

[email protected]

Patch Changes

• #14889 4bceeb0 Thanks @​florian-lefebvre! - Fixes actions types when using specific TypeScript configurations

• #14929 e0f277d Thanks @​matthewp! - Fixes authentication bypass via double URL encoding in middleware

  Prevents attackers from bypassing path-based authentication checks using multi-level URL encoding (e.g., /%2561dmin instead of /%61dmin). Pathnames are now validated after decoding to ensure no additional encoding remains.

[email protected]

Patch Changes

• #14876 b43dc7f Thanks @​florian-lefebvre! - Fixes a vite warning log during builds when using npm

• #14884 10273e0 Thanks @​florian-lefebvre! - Fixes a case where setting the status of a page to 404 in ssr would show an empty page (or 404.astro page if provided) instead of using the current page

[email protected]

Patch Changes

• #14769 b43ee71 Thanks @​adriandlam! - Fixes an unhandled rejection issue when using Astro with Vercel Workflow DevKit

• #14761 345eb22 Thanks @​ooga! - Updates button attributes types to allow command and commandfor

• #14866 65e214b Thanks @​GameRoMan! - Fixes Astro.glob to be correctly marked as deprecated

• #14894 1ad9a5b Thanks @​delucis! - Fixes support for Astro component rendering in Vitest test suites using a “client” environment such as happy-dom or jsdom

• #14782 abed929 Thanks @​florian-lefebvre! - Improves syncing

Changelog

Sourced from astro's changelog.

5.16.3

Patch Changes

• #14889 4bceeb0 Thanks @​florian-lefebvre! - Fixes actions types when using specific TypeScript configurations

• #14929 e0f277d Thanks @​matthewp! - Fixes authentication bypass via double URL encoding in middleware

  Prevents attackers from bypassing path-based authentication checks using multi-level URL encoding (e.g., /%2561dmin instead of /%61dmin). Pathnames are now validated after decoding to ensure no additional encoding remains.

5.16.2

Patch Changes

• #14876 b43dc7f Thanks @​florian-lefebvre! - Fixes a vite warning log during builds when using npm

• #14884 10273e0 Thanks @​florian-lefebvre! - Fixes a case where setting the status of a page to 404 in ssr would show an empty page (or 404.astro page if provided) instead of using the current page

5.16.1

Patch Changes

• #14769 b43ee71 Thanks @​adriandlam! - Fixes an unhandled rejection issue when using Astro with Vercel Workflow DevKit

• #14761 345eb22 Thanks @​ooga! - Updates button attributes types to allow command and commandfor

• #14866 65e214b Thanks @​GameRoMan! - Fixes Astro.glob to be correctly marked as deprecated

• #14894 1ad9a5b Thanks @​delucis! - Fixes support for Astro component rendering in Vitest test suites using a “client” environment such as happy-dom or jsdom

• #14782 abed929 Thanks @​florian-lefebvre! - Improves syncing

Commits

• 33333e8 [ci] release (#14922)
• aa58d05 [ci] format
• e0f277d fix: prevent authentication bypass via double URL encoding in middleware (#14...
• 4bceeb0 fix: actions infer symbol (#14889)
• e82358c [ci] release (#14918)
• 0a2fe43 [ci] format
• b43dc7f fix(astro): assets vite build log (#14876)
• 10273e0 fix: 404 status in ssr (#14884)
• 6751a2e chore(cli): classes (#14897)
• 09bbdbb [ci] release (#14845)
• Additional commits viewable in compare view

Updates prettier from 3.6.2 to 3.7.3

Release notes

Sourced from prettier's releases.

3.7.3

What's Changed

• Fix prettier.getFileInfo() change that breaks VSCode extension by @​fisker in prettier/prettier#18375

🔗 Changelog

3.7.2

What's Changed

• Fix string print when switching quotes by @​fisker in prettier/prettier#18351
• Preserve quote for embedded HTML attribute values by @​kovsu in prettier/prettier#18352
• Fix comment in empty type literal by @​fisker in prettier/prettier#18364

🔗 Changelog

3.7.1

• Fix performance regression in doc printer (#18342 by @​fisker)

🔗 Changelog

3.7.0

diff

🔗 Release note

Changelog

Sourced from prettier's changelog.

3.7.3

diff

API: Fix prettier.getFileInfo() change that breaks VSCode extension (#18375 by @​fisker)

An internal refactor accidentally broke the VSCode extension plugin loading.

3.7.2

diff

JavaScript: Fix string print when switching quotes (#18351 by @​fisker)

// Input
console.log("A descriptor\\'s .kind must be \"method\" or \"field\".")
// Prettier 3.7.1
console.log('A descriptor\'s .kind must be "method" or "field".');
// Prettier 3.7.2
console.log('A descriptor\'s .kind must be "method" or "field".');

JavaScript: Preserve quote for embedded HTML attribute values (#18352 by @​kovsu)

// Input
const html = /* HTML */ ` <div class="${styles.banner}"></div> `;
// Prettier 3.7.1
const html = /* HTML */ &lt;div class=${styles.banner}&gt;&lt;/div&gt;;
// Prettier 3.7.2
const html = /* HTML */ &lt;div class=&quot;${styles.banner}&quot;&gt;&lt;/div&gt;;

TypeScript: Fix comment in empty type literal (#18364 by @​fisker)

// Input
export type XXX = {
  // tbd
};
// Prettier 3.7.1
</tr></table>

... (truncated)

Commits

• fdfa670 Release 3.7.3
• 2dce3ec Fix typo
• 27d6c64 Revert previous change to getFileInfo (#18375)
• f4a7afa Add types for config related functions (#18376)
• 9266e3e Add resolved test cases (#18358)
• 3bfc014 Bump Prettier dependency to 3.7.2
• 081b846 Clean changelog_unreleased
• 03384c9 Release 3.7.2
• 514e51a Release @​prettier/plugin-hermes & @​prettier/plugin-oxc v0.1.2
• 29a11ae Fix comment in empty type literal (#18364)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for prettier since your current version.

Updates stylelint from 16.26.0 to 16.26.1

Release notes

Sourced from stylelint's releases.

16.26.1

It fixes numerous false positive bugs, including many in the declaration-property-value-no-unknown rule for the latest CSS specifications.

• Fixed: *-no-unknown false positives for latest specs by integrating @csstools/css-syntax-patches-for-csstree (#8850) (@​romainmenke).
• Fixed: at-rule-no-unknown false positives for @function (#8851) (@​jeddy3).
• Fixed: declaration-property-value-no-unknown false positives for attr(), if() and custom functions (#8853) (@​jeddy3).
• Fixed: function-url-quotes false positives when URLs require quoting (#8804) (@​taearls).
• Fixed: selector-pseudo-element-no-unknown false positives for ::scroll-button() (#8856) (@​Mouvedia).

Changelog

Sourced from stylelint's changelog.

16.26.1 - 2025-11-28

It fixes numerous false positive bugs, including many in the declaration-property-value-no-unknown rule for the latest CSS specifications.

• Fixed: *-no-unknown false positives for latest specs by integrating @csstools/css-syntax-patches-for-csstree (#8850) (@​romainmenke).
• Fixed: at-rule-no-unknown false positives for @function (#8851) (@​jeddy3).
• Fixed: declaration-property-value-no-unknown false positives for attr(), if() and custom functions (#8853) (@​jeddy3).
• Fixed: function-url-quotes false positives when URLs require quoting (#8804) (@​taearls).
• Fixed: selector-pseudo-element-no-unknown false positives for ::scroll-button() (#8856) (@​Mouvedia).

Commits

• b968143 Release 16.26.1 (#8857)
• 2b24b9c Fix selector-pseudo-element-no-unknown false positives for `::scroll-button...
• f152564 Fix *-no-unknown false positives for latest specs by integrating `@csstools...
• 431cb53 Fix at-rule-no-unknown false positives for @function (#8851)
• 119097e Fix declaration-property-value-no-unknown false positives for attr() and ...
• 4b9c68b Fix function-url-quotes false positives when URLs require quoting (#8804)
• 8cc4ced Bump rollup from 4.52.5 to 4.53.2 (#8848)
• 4383feb Bump file-entry-cache from 11.1.0 to 11.1.1 (#8846)
• a8a7560 Bump the eslint group with 2 updates (#8845)
• 947ad33 Fix patch-package warning about mismatched @types/css-tree version (#8844)
• See full diff in compare view

Updates vnu-jar from 25.11.25 to 25.12.2

Release notes

Sourced from vnu-jar's releases.

latest

[!IMPORTANT] The release named “latest” is “production-ready” and is the only release you want to use. This project no longer does “major” version-numbered releases. Release 20.6.30 (30 June 2020) was the final such release. For a changelog of the latest changes, see https://github.com/validator/validator/commits/latest/.

Commits

• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions