[Aikido] Fix 7 security issues in devalue, astro

[aikido-autofix]

Upgrade devalue and Astro to fix memory exhaustion, host header injection, XSS via unescaped slots, script tag bypass, and encrypted prop replay vulnerabilities.

✅ Code not affected by breaking changes.

✅ No breaking changes from the Astro 5.18.1 to 6.4.6 upgrade affect this codebase.

The codebase is a simple Astro project with:

• A basic configuration file (astro.config.mjs) using only standard options (integrations, vite, site, base, trailingSlash)

• Three .astro files that use basic features: component imports, Astro.props, and import.meta.env.BASE_URL

• React integration via @astrojs/react (already upgraded to v6.0.0 in package.json)

• No usage of any deprecated or removed APIs

The breaking changes in Astro 6.0.0 primarily affect:

• Advanced Integration/Adapter APIs (not used in this project)

• Content collections and loaders (not used in this project)

• Deprecated components like <ViewTransitions /> and Astro.glob() (not used in this project)

• Advanced features like sessions, CSP configuration, i18n routing (not configured in this project)

The only consideration is that Astro 6.0.0 requires Node.js 22.12.0 or higher, but this is an infrastructure requirement rather than a code-breaking change. The project should verify the Node.js version in the deployment environment meets this requirement.

All breaking changes by upgrading astro from version 5.18.1 to 6.4.8 (CHANGELOG)

Version	Description
6.0.0	Removes entryPoints on astro:build:ssr hook (Integration API)
6.0.0	Deprecates loadManifest() and loadApp() from astro/app/node (Adapter API)
6.0.0	Removes session test driver
6.0.0	Renames entryType to entrypointResolution in Adapter API and updates possible values: legacy-dynamic becomes explicit, self becomes auto
6.0.0	Removes the deprecated emitESMImage() function
6.0.0	Deprecates session driver string signature
6.0.0	Adds support for converting SVGs to raster images (PNGs, WebP, etc) to the default Sharp image service
6.0.0	Removes routes on astro:build:done hook (Integration API)
6.0.0	Throws an error when getImage() from astro:assets is called on the client
6.0.0	Removes the old app.render() signature (Adapter API)
6.0.0	Upgrades to Zod v4 for schema validation
6.0.0	Updates how schema types are inferred for content loaders with schemas (Loader API)
6.0.0	Removes support for CommonJS config files
6.0.0	Removes prefetch() with option
6.0.0	Removes support for routes with percent-encoded percent signs (e.g. %25)
6.0.0	Deprecates Astro in getStaticPaths()
6.0.0	Removes the option to define dynamic schemas in content loaders as functions and adds a new equivalent createSchema() property (Loader API)
6.0.0	Updates trailing slash behavior of endpoint URLs
6.0.0	Updates Markdown heading ID generation
6.0.0	Deprecates import.meta.env.ASSETS_PREFIX
6.0.0	Changes the values allowed in params returned by getStaticPaths()
6.0.0	Changes TypeScript configuration
6.0.0	Removes the previously deprecated Astro.glob()
6.0.0	Removes the ability to render Astro components in Vitest client environments
6.0.0	Deprecates createExports() and start() (Adapter API)
6.0.0	Deprecates NodeApp from astro/app/node (Adapter API)
6.0.0	Removes the handleForms prop for the <ClientRouter /> component
6.0.0	Increases minimum Node.js version to 22.12.0
6.0.0	Adds frontmatter parsing support to renderMarkdown in content loaders - frontmatter is now extracted and excluded from HTML output
6.0.0	Removes the deprecated <ViewTransitions /> component
6.0.0	Removes RouteData.generate from the Integration API
6.0.0	Changes the default routing configuration value of i18n.routing.redirectToDefaultLocale from true to false
6.0.0	Deprecates exposed astro:transitions internals
6.0.0	Updates dependency shiki to v4
6.0.0	Removes the setManifestData method from App and NodeApp (Adapter API)
6.0.0	Removes rewrite() from Actions context
6.0.0	Removes the experimental.failOnPrerenderConflict flag and replaces it with a new configuration option prerenderConflictBehavior
6.0.0	Deprecates astro:schema and z from astro:content in favor of astro/zod
6.0.0	Removes exposed astro:actions internals
6.0.0	Changes the shape of SSRManifest properties and adds several new required properties in the Adapter API
6.0.0	Allows Astro.csp and context.csp to be undefined instead of throwing errors when csp: true is not configured - methods must now be accessed conditionally
6.0.0	Upgrades to Vite v7.0 as the development server and production bundler
6.0.0	Changes how styles of responsive images are emitted
6.0.0	Changes integration hooks and HMR access patterns in the Integration API
6.0.0	Removes the unused astro:ssr-manifest virtual module
6.0.0	Updates import.meta.env values to always be inlined
6.0.0	Updates <script> and <style> tags to render in the order they are defined
6.0.0	Removes legacy content collection support
6.0.0	Removes the experimental.fonts flag and replaces it with a new configuration option fonts
6.0.0	Removes the experimental.csp flag and replaces it with a new configuration option security.csp

✅ 7 CVEs resolved by this upgrade

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2026-42570	HIGH	[devalue] Deserialization of sparse arrays causes excessive memory allocation due to JavaScript engine quirks, leading to denial of service through memory exhaustion.
CVE-2026-54299	HIGH	[astro] SSR apps with prerendered error pages fetch them via HTTP using an unvalidated Host header, allowing attackers to redirect requests to arbitrary hosts and read responses, enabling information disclosure.
AIKIDO-2026-10849	MEDIUM	[astro] Unescaped slot names in server-rendered hydrated components allow attackers to inject HTML/JavaScript into SSR responses, enabling reflected XSS attacks when user-controlled input is used as slot names.
CVE-2026-41067	MEDIUM	[astro] A case-sensitive regex in the defineScriptVars function fails to sanitize script tag closures, allowing attackers to bypass sanitization using case variations or whitespace (e.g., </Script>, </script >) to inject arbitrary HTML/JavaScript via the define:vars directive.
CVE-2026-45028	MEDIUM	[astro] Encryption replay vulnerability in server island props and slots allows attackers to swap encrypted values between components, potentially leading to XSS when slots containing unescaped HTML are substituted with user-controlled props.
CVE-2026-50146	MEDIUM	[astro] Unescaped slot names in client directives allow attackers to break out of data attributes and inject arbitrary HTML, enabling reflected XSS attacks during server-side rendering.
CVE-2026-54298	MEDIUM	[astro] A server-side rendering vulnerability in the spreadAttributes function fails to escape object keys when spreading props onto HTML elements, allowing attackers to inject arbitrary HTML attributes and event handlers when keys come from untrusted sources like APIs or URL parameters.

🤖 Remediation details

Fix security vulnerabilities in astro and devalue

• Bumps the vulnerable direct dependency astro from 5.18.1 to 6.4.8 in the root package.json and package-lock.json, resolving multiple high- and medium-severity CVEs in that package.
• Resolves the vulnerable transitive dependency devalue from 5.7.1 to 5.8.1 in package-lock.json as a consequence of the astro upgrade.
• Updates @astrojs/react from 4.x to 6.0.0 in the root package.json and package-lock.json solely to maintain compatibility with astro@6.x.

astro

astro is a direct dependency declared in the root package.json. The declared spec was widened from ^5.7.10 to ^6.4.6 to cross the major version boundary required by the patched releases; npm install --package-lock-only resolved it to 6.4.8. The 5.x line has no patched release for the full set of CVEs addressed here — the fixes span 6.1.6, 6.1.10, 6.3.3, and 6.4.6, making a bump to 6.x the minimum viable remediation.

devalue

devalue is a transitive dependency pulled in by astro (declared as ^5.6.2 in astro's own manifest). The previously resolved version 5.7.1 is below the patched floor of 5.8.1. Because astro@6.x declares devalue@^5.8.1, upgrading astro to ^6.4.6 was sufficient to bring devalue up to 5.8.1 in the lockfile without any additional override or direct declaration.

Version changes

Package	From	To	Why updated
astro	^5.7.10 → 5.18.1	^6.4.6 → 6.4.8	Direct CVE fix; major bump required to reach all patched releases
devalue	5.7.1	5.8.1	Transitive CVE fix after astro parent bump
@astrojs/react	^4.2.1 → 4.x	^6.0.0 → 6.0.0	Compatibility with astro@6.x; 4.x is incompatible with astro@6