chore(deps): bump astro from 6.3.1 to 6.3.5 in /docs

[dependabot]

Bumps astro from 6.3.1 to 6.3.5.

Release notes

Sourced from astro's releases.

astro@6.3.5

Patch Changes

• #16771 07c8805 Thanks @​ematipico! - Fixes position prop on <Image> and <Picture> components breaking Content Security Policy (CSP).

• #16593 50924ce Thanks @​yanthomasdev! - Improves error messages with more consistent and correct writing.

• #16757 5d661cd Thanks @​astrobot-houston! - Fixes dev server serving stale content when SSR-only modules change (e.g. .astro files outside the project root in a monorepo, or dynamically imported components).

  Previously, the astro:hmr-reload plugin returned an empty array after detecting SSR-only module changes, which prevented Vite's updateModules from propagating the invalidation to the SSR module runner. The runner's evaluated module cache stayed stale, so subsequent requests continued returning old content.

  Now the plugin returns the SSR-only modules so Vite can process them through updateModules, which properly invalidates the module runner's cache and ensures fresh content on the next request.

astro@6.3.4

Patch Changes

• #16723 0f10bfe Thanks @​matthewp! - Adds fetchFile option to experimental.advancedRouting to customize or disable the entrypoint file

  export default defineConfig({
    experimental: {
      advancedRouting: {
        fetchFile: 'fetch.ts',
      },
    },
  });

• #16723 0f10bfe Thanks @​matthewp! - Fixes Hono cache() middleware to follow the standard wrapper pattern

• #16723 0f10bfe Thanks @​matthewp! - Adds App.Providers interface for typing custom context providers on Astro and ctx

  declare namespace App {
    interface Providers {
      oauth: import('./lib/oauth').OAuthSession;
    }
  }

• #16723 0f10bfe Thanks @​matthewp! - Adds FetchState.response property, set automatically after pages() or middleware() completes

  const response = await middleware(state, (s) => pages(s));
  console.log(state.response === response); // true

• #16723 0f10bfe Thanks @​matthewp! - Adds Fetchable type export for typing the advanced routing entrypoint

... (truncated)

Changelog

Sourced from astro's changelog.

6.3.5

Patch Changes

• #16771 07c8805 Thanks @​ematipico! - Fixes position prop on <Image> and <Picture> components breaking Content Security Policy (CSP).

• #16593 50924ce Thanks @​yanthomasdev! - Improves error messages with more consistent and correct writing.

• #16757 5d661cd Thanks @​astrobot-houston! - Fixes dev server serving stale content when SSR-only modules change (e.g. .astro files outside the project root in a monorepo, or dynamically imported components).

  Previously, the astro:hmr-reload plugin returned an empty array after detecting SSR-only module changes, which prevented Vite's updateModules from propagating the invalidation to the SSR module runner. The runner's evaluated module cache stayed stale, so subsequent requests continued returning old content.

  Now the plugin returns the SSR-only modules so Vite can process them through updateModules, which properly invalidates the module runner's cache and ensures fresh content on the next request.

6.3.4

Patch Changes

• #16723 0f10bfe Thanks @​matthewp! - Adds fetchFile option to experimental.advancedRouting to customize or disable the entrypoint file

  export default defineConfig({
    experimental: {
      advancedRouting: {
        fetchFile: 'fetch.ts',
      },
    },
  });

• #16723 0f10bfe Thanks @​matthewp! - Fixes Hono cache() middleware to follow the standard wrapper pattern

• #16723 0f10bfe Thanks @​matthewp! - Adds App.Providers interface for typing custom context providers on Astro and ctx

  declare namespace App {
    interface Providers {
      oauth: import('./lib/oauth').OAuthSession;
    }
  }

• #16723 0f10bfe Thanks @​matthewp! - Adds FetchState.response property, set automatically after pages() or middleware() completes

  const response = await middleware(state, (s) => pages(s));
  console.log(state.response === response); // true

• #16723 0f10bfe Thanks @​matthewp! - Adds Fetchable type export for typing the advanced routing entrypoint

... (truncated)

Commits

• 5b4122e [ci] release (#16772)
• 5d661cd Fix dev server serving stale content for files outside project root (#16757)
• be5ad21 [ci] format
• 50924ce Overhaul errors for consistency and correctness (#16593)
• 23c0bda [ci] format
• 07c8805 fix: position prop with CSP (#16771)
• 45b7fa9 [ci] release (#16742)
• 67a1016 [ci] format
• 0f10bfe feat: advanced routing types and config gaps (#16723)
• 904d19a Fix actions and server islands in dev mode with prerendered catch-all routes ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

❌ Smoke Temporary ID encountered failures. Check the logs for details.

[github-actions]

❌ Smoke Project encountered failures. Check the logs for details.

[github-actions]

❌ Smoke Multi PR failed to create multiple PRs. Check the logs.

[github-actions]

Hey @dependabot 👋 — thanks for keeping dependencies up to date! However, this PR doesn't align with our contribution model:

This project uses an agentic contribution workflow — we don't accept traditional pull requests from outside the core team (including automated bot PRs). Instead, the preferred workflow is:

1. Create an issue with a detailed agentic plan describing what should be updated and why
2. Discuss with the team to ensure the change aligns with project priorities
3. A core team member then creates and implements the PR using Copilot or a local coding agent

For dependency updates like this one, the core team should either:

• Configure Dependabot to create issues instead of PRs, or
• Have a core team member review Dependabot's suggested updates and create agent-driven PRs manually

This ensures all changes follow the same agentic development workflow and maintain consistency with how the project is built.

What needs to happen:

• Close this automated PR
• Create an issue describing the astro upgrade (6.3.1 → 6.3.5) with context about the bug fixes and improvements in the new version
• A core team member can then use their coding agent to implement the update

Since you're a bot, a human maintainer will need to handle this workflow adjustment. The actual dependency update looks good (focused, safe patch version bump with bug fixes), but the delivery mechanism doesn't match the project's contribution model.

Warning

Firewall blocked 1 domain

The following domain was blocked by the firewall during workflow execution:

• patchdiff.githubusercontent.com

To allow these domains, add them to the network.allowed list in your workflow frontmatter:

network:
  allowed:
    - defaults
    - "patchdiff.githubusercontent.com"

See Network Configuration for more information.

Generated by ✅ Contribution Check · ◷

[dependabot]

Looks like astro is up-to-date now, so this is no longer needed.