chore(deps): update Astro related dependencies

[marcosmartini]

• Update Astro related dependencies.
• Replaced deprecated labels props.

Summary by CodeRabbit

• New Features

  • Enhanced internationalization for pagination links, allowing dynamic translation based on the current locale.

• Security Enhancements

  • Introduced a new Content Security Policy directive to improve resource loading permissions.
  • Removed the Strict-Transport-Security header, which may affect HTTPS enforcement.

• Dependency Updates

  • Upgraded several dependencies to their latest versions, improving overall functionality and stability.

[coderabbitai]

Walkthrough

The pull request introduces changes to three files: customHttp.yml, package.json, and src/starlight-overrides/Pagination.astro. In customHttp.yml, a new Content Security Policy hash is added, while the Strict-Transport-Security header is removed. The package.json file is updated with newer versions of several dependencies, and the Pagination.astro file modifies how pagination labels are accessed, enhancing internationalization by using a localization function.

Changes

File	Change Summary
customHttp.yml	Added a new CSP hash 'sha256-OizSKqsU+f0G4vojbxNt0Lao3kUpTmCLQSv3y6P7qhQ=' and removed the Strict-Transport-Security header.
package.json	Updated versions of dependencies: @astrojs/mdx to 3.1.7, @astrojs/starlight to 0.28.2, @astrojs/tailwind to 5.1.1, and astro to 4.15.8.
src/starlight-overrides/Pagination.astro	Changed pagination link labels retrieval from labels object to a localization function Astro.locals.t for improved internationalization.

Possibly related PRs

• chore(deps): bump dependencies #177: The changes in customHttp.yml are directly related, as both PRs involve modifications to the customHeaders section, including the removal of the Strict-Transport-Security header and the addition of new hash values for security policies.

Poem

🐇 In the garden of code, changes bloom bright,
New hashes added, a security light.
Dependencies dance, updated with glee,
Pagination sings in a new melody.
HSTS has hopped away, a curious sight,
In this patch, our future feels just right! 🌼✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  -- I pushed a fix in commit <commit_id>, please review it.
  -- Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  -- @coderabbitai generate unit testing code for this file.
  -- @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  -- @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  -- @coderabbitai read src/utils.ts and generate unit testing code.
  -- @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  -- @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[cloudflare-workers-and-pages]

Deploying kinde-docs-previews with    Cloudflare Pages

Latest commit:	3a4f711
Status:	✅  Deploy successful!
Preview URL:	https://8c76ac2c.kinde-docs-previews.pages.dev
Branch Preview URL:	https://update-astro-deps.kinde-docs-previews.pages.dev

View logs

[coderabbitai]

Actionable comments posted: 1

Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

Commits

Files that changed from the base of the PR and between 476e7e7 and 3a4f711.

Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

Files selected for processing (3)

• customHttp.yml (1 hunks)
• package.json (1 hunks)
• src/starlight-overrides/Pagination.astro (3 hunks)

Files skipped from review due to trivial changes (1)

• package.json

Additional comments not posted (3)

src/starlight-overrides/Pagination.astro (2)

4-4: LGTM!

The removal of the labels prop is a valid change, as the component now seems to rely on localization for handling labels.

---

13-13: Great improvement for internationalization!

The switch to using Astro.locals.t for fetching the labels dynamically based on the current locale is a significant enhancement for the internationalization capabilities of the component. This change ensures that the labels are correctly translated for different languages, improving the user experience.

Also applies to: 25-25

customHttp.yml (1)

37-38: LGTM!

The addition of the new CSP hash values for script-src looks good. This is a secure way to allow specific inline scripts without relaxing the CSP policy too much. Just ensure that these hashes correspond to trusted scripts that were intentionally added.

[coderabbitai]

Reconsider removing the Strict-Transport-Security header.

The Strict-Transport-Security header is an important security feature that enforces strict HTTPS usage and prevents downgrade attacks. Removing it relaxes the HTTPS policy and may introduce security risks, especially if the site handles sensitive user data.

Is there a specific reason for removing HSTS? In general, it's recommended to keep HSTS enabled unless there are strong reasons to support HTTP connections. Please provide more context on why this change is necessary.

[marcosmartini]

The Strict-Transport-Security header is still present.

[coderabbitai]

@marcosmartini Thank you for clarifying. I see now that the Strict-Transport-Security header is still present in the customHttp.yml file. Sorry for the oversight.

🐰🤔

---

Learnings added

Learnt from: marcosmartini
PR: kinde-oss/documentation#190
File: customHttp.yml:39-40
Timestamp: 2024-09-20T04:56:23.680Z
Learning: The `Strict-Transport-Security` header remains present in `customHttp.yml`; verify carefully before flagging its removal.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.

[oliwolff1]

LGTM