[Aikido] Fix 7 security issues in devalue, astro

[aikido-autofix]

Upgrade devalue and Astro to fix memory exhaustion, host header injection, XSS via unescaped slots, script tag bypass, and encrypted prop replay vulnerabilities.

✅ Code not affected by breaking changes.

✅ No breaking changes from the Astro 5.18.1 to 6.4.6 upgrade affect this codebase.

The codebase is a simple documentation site that:

• Uses basic Astro features (.astro components, layouts, pages)

• Has a modern ESM-based configuration file (astro.config.mjs)

• Uses import.meta.env.BASE_URL (not the deprecated ASSETS_PREFIX)

• Uses TypeScript with extends: "astro/tsconfigs/strict"

• Has no content collections, no API endpoints, no adapters, no integrations beyond React

• Has no custom build hooks, no session drivers, no Actions, no i18n configuration

• Already uses Vite (configured in astro.config.mjs)

The breaking changes that could theoretically affect similar projects (Node.js version requirement, Vite 7 upgrade, Shiki v4, TypeScript configuration changes) are already satisfied in this codebase as it's using Astro 6.4.6 with all compatible dependencies already in place.

All breaking changes by upgrading astro from version 5.18.1 to 6.4.8 (CHANGELOG)

Version	Description
6.0.0	Removes entryPoints on astro:build:ssr hook (Integration API)
6.0.0	Deprecates loadManifest() and loadApp() from astro/app/node (Adapter API)
6.0.0	Removes session test driver
6.0.0	Renames entryType to entrypointResolution in Adapter API and updates possible values: legacy-dynamic becomes explicit, self becomes auto
6.0.0	Removes the deprecated emitESMImage() function
6.0.0	Deprecates session driver string signature
6.0.0	Adds support for converting SVGs to raster images (PNGs, WebP, etc) to the default Sharp image service
6.0.0	Removes routes on astro:build:done hook (Integration API)
6.0.0	Throws an error when getImage() from astro:assets is called on the client
6.0.0	Removes the old app.render() signature (Adapter API)
6.0.0	Upgrades to Zod v4 for schema validation
6.0.0	Updates how schema types are inferred for content loaders with schemas (Loader API)
6.0.0	Removes support for CommonJS config files
6.0.0	Removes prefetch() with option
6.0.0	Removes support for routes with percent-encoded percent signs (e.g. %25)
6.0.0	Deprecates Astro in getStaticPaths()
6.0.0	Removes the option to define dynamic schemas in content loaders as functions and adds a new equivalent createSchema() property (Loader API)
6.0.0	Updates trailing slash behavior of endpoint URLs
6.0.0	Updates Markdown heading ID generation
6.0.0	Deprecates import.meta.env.ASSETS_PREFIX
6.0.0	Changes the values allowed in params returned by getStaticPaths()
6.0.0	Changes TypeScript configuration
6.0.0	Removes the previously deprecated Astro.glob()
6.0.0	Removes the ability to render Astro components in Vitest client environments
6.0.0	Deprecates createExports() and start() (Adapter API)
6.0.0	Deprecates NodeApp from astro/app/node (Adapter API)
6.0.0	Removes the handleForms prop for the <ClientRouter /> component
6.0.0	Increases minimum Node.js version to 22.12.0
6.0.0	Adds frontmatter parsing support to renderMarkdown in content loaders - frontmatter is now extracted and excluded from HTML output
6.0.0	Removes the deprecated <ViewTransitions /> component
6.0.0	Removes RouteData.generate from the Integration API
6.0.0	Changes the default routing configuration value of i18n.routing.redirectToDefaultLocale from true to false
6.0.0	Deprecates exposed astro:transitions internals
6.0.0	Updates dependency shiki to v4
6.0.0	Removes the setManifestData method from App and NodeApp (Adapter API)
6.0.0	Removes rewrite() from Actions context
6.0.0	Removes the experimental.failOnPrerenderConflict flag and replaces it with a new configuration option prerenderConflictBehavior
6.0.0	Deprecates astro:schema and z from astro:content in favor of astro/zod
6.0.0	Removes exposed astro:actions internals
6.0.0	Changes the shape of SSRManifest properties and adds several new required properties in the Adapter API
6.0.0	Allows Astro.csp and context.csp to be undefined instead of throwing errors when csp: true is not configured - methods must now be accessed conditionally
6.0.0	Upgrades to Vite v7.0 as the development server and production bundler
6.0.0	Changes how styles of responsive images are emitted
6.0.0	Changes integration hooks and HMR access patterns in the Integration API
6.0.0	Removes the unused astro:ssr-manifest virtual module
6.0.0	Updates import.meta.env values to always be inlined
6.0.0	Updates <script> and <style> tags to render in the order they are defined
6.0.0	Removes legacy content collection support
6.0.0	Removes the experimental.fonts flag and replaces it with a new configuration option fonts
6.0.0	Removes the experimental.csp flag and replaces it with a new configuration option security.csp

✅ 7 CVEs resolved by this upgrade

This PR will resolve the following CVEs:

Issue	Severity	Description
CVE-2026-42570	HIGH	[devalue] Deserialization of sparse arrays causes excessive memory allocation due to JavaScript engine quirks, leading to denial of service through memory exhaustion.
CVE-2026-54299	HIGH	[astro] SSR apps with prerendered error pages fetch them via HTTP using an unvalidated Host header, allowing attackers to redirect requests to arbitrary hosts and read responses, enabling information disclosure.
AIKIDO-2026-10849	MEDIUM	[astro] Unescaped slot names in server-rendered hydrated components allow attackers to inject HTML/JavaScript into SSR responses, enabling reflected XSS attacks when user-controlled input is used as slot names.
CVE-2026-41067	MEDIUM	[astro] A case-sensitive regex in the defineScriptVars function fails to sanitize script tag closures, allowing attackers to bypass sanitization using case variations or whitespace (e.g., </Script>, </script >) to inject arbitrary HTML/JavaScript via the define:vars directive.
CVE-2026-45028	MEDIUM	[astro] Encryption replay vulnerability in server island props and slots allows attackers to swap encrypted values between components, potentially leading to XSS when slots containing unescaped HTML are substituted with user-controlled props.
CVE-2026-50146	MEDIUM	[astro] Unescaped slot names in client directives allow attackers to break out of data attributes and inject arbitrary HTML, enabling reflected XSS attacks during server-side rendering.
CVE-2026-54298	MEDIUM	[astro] A server-side rendering vulnerability in the spreadAttributes function fails to escape object keys when spreading props onto HTML elements, allowing attackers to inject arbitrary HTML attributes and event handlers when keys come from untrusted sources like APIs or URL parameters.

🤖 Remediation details

Fix security vulnerabilities in astro and devalue

Short summary

This PR remediates multiple high- and medium-severity vulnerabilities in two npm packages: astro (direct dependency) and devalue (transitive dependency pulled in by astro). The fix required a semver-major bump to astro in the root package.json, with package-lock.json updated accordingly via npm install --package-lock-only. No overrides were needed.

astro

astro is declared as a direct dependency in the root package.json. The installed version (5.18.1) was affected by multiple vulnerabilities requiring a minimum of 6.4.6 to fully remediate. Because the required fix crossed a major version boundary, the declared spec was updated from ^5.7.10 to ^6.4.6; npm install --package-lock-only resolved it to 6.4.8 in the lockfile.

devalue

devalue is a transitive dependency introduced by astro and was pinned at 5.7.1, below the patched floor of 5.8.1. Because astro@6.4.8 declares devalue: "^5.8.1", bumping astro to the ^6.4.6 range was sufficient to pull devalue up to 5.8.1 automatically — no separate manifest edit or override was required.

Version changes

Package	From	To	Why updated
astro	^5.7.10 (resolved 5.18.1)	^6.4.6 (resolved 6.4.8)	Direct CVE fix — major bump required to reach patched versions
devalue	5.7.1	5.8.1	Transitive CVE fix — semver resolution after parent (astro) bump