From 2efc44e88345a8af895369b6e5102e3d008cc93d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9s=20Correa=20Casablanca?= <andreu@kindspells.dev>
Date: Mon, 29 Apr 2024 09:37:47 +0200
Subject: [PATCH 1/2] fix: do not autoquote csp directives

Signed-off-by: Andres Correa Casablanca <andreu@kindspells.dev>
---
 @kindspells/astro-shield/package.json         |  2 +-
 @kindspells/astro-shield/src/headers.mjs      |  7 +++----
 .../astro-shield/tests/headers.test.mts       | 19 +------------------
 3 files changed, 5 insertions(+), 23 deletions(-)

diff --git a/@kindspells/astro-shield/package.json b/@kindspells/astro-shield/package.json
index fe6c5dd..2994c35 100644
--- a/@kindspells/astro-shield/package.json
+++ b/@kindspells/astro-shield/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "@kindspells/astro-shield",
-	"version": "1.3.5",
+	"version": "1.3.6",
 	"description": "Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques.",
 	"private": false,
 	"type": "module",
diff --git a/@kindspells/astro-shield/src/headers.mjs b/@kindspells/astro-shield/src/headers.mjs
index edf1467..46c65c5 100644
--- a/@kindspells/astro-shield/src/headers.mjs
+++ b/@kindspells/astro-shield/src/headers.mjs
@@ -20,10 +20,9 @@ export const serialiseHashes = hashes =>
  * @param {Set<string>} hashes
  * @returns {string}
  */
-export const safeSerialiseHashes = hashes =>
+export const serializeCspDirectiveSources = hashes =>
 	Array.from(hashes)
 		.sort()
-		.map(h => (h.match(/^'[^']+'$/i) ? h : `'${h}'`))
 		.join(' ')
 
 /**
@@ -46,12 +45,12 @@ export const setSrcDirective = (directives, srcType, hashes) => {
 	const baseSrcDirective = directives[srcType]
 	if (baseSrcDirective) {
 		const srcDirective = new Set(
-			baseSrcDirective.split(/\s+/).filter(v => v !== "'self'"),
+			baseSrcDirective.split(/\s+/),
 		)
 		for (const hash of hashes) {
 			srcDirective.add(`'${hash}'`)
 		}
-		directives[srcType] = `'self' ${safeSerialiseHashes(srcDirective)}`
+		directives[srcType] = serializeCspDirectiveSources(srcDirective)
 	} else {
 		directives[srcType] = `'self' ${serialiseHashes(hashes)}`
 	}
diff --git a/@kindspells/astro-shield/tests/headers.test.mts b/@kindspells/astro-shield/tests/headers.test.mts
index 3fed2cf..dbec0b4 100644
--- a/@kindspells/astro-shield/tests/headers.test.mts
+++ b/@kindspells/astro-shield/tests/headers.test.mts
@@ -9,7 +9,6 @@ import { describe, expect, it } from 'vitest'
 import {
 	parseCspDirectives,
 	patchHeaders,
-	safeSerialiseHashes,
 	serialiseCspDirectives,
 	serialiseHashes,
 	setSrcDirective,
@@ -35,22 +34,6 @@ describe('serialiseHashes', () => {
 	})
 })
 
-describe('safeSerialiseHashes', () => {
-	it('returns an empty string for an empty set', () => {
-		expect(safeSerialiseHashes(new Set())).toBe('')
-	})
-
-	it('returns a string with sorted hashes', () => {
-		const hashes = new Set(['d', 'c', 'a', 'b'])
-		expect(safeSerialiseHashes(hashes)).toBe("'a' 'b' 'c' 'd'")
-	})
-
-	it('avoids duplicated single quotes', () => {
-		const hashes = new Set(["'a'", "'b'", "'c'", "'d'"])
-		expect(safeSerialiseHashes(hashes)).toBe("'a' 'b' 'c' 'd'")
-	})
-})
-
 describe('serialiseCspDirectives', () => {
 	it('returns an empty string for an empty object', () => {
 		expect(serialiseCspDirectives({})).toBe('')
@@ -92,7 +75,7 @@ describe('setSrcDirective', () => {
 		)
 
 		expect(directives['script-src']).toBe(
-			"'self' 'abc1' 'abc2' 'dbc1' 'xyz2' 'xyz3'",
+			"'abc1' 'abc2' 'dbc1' 'self' 'xyz2' 'xyz3'",
 		)
 	})
 })

From 3a4882bc537e6f9784a7192c2498ca0c7c0eda99 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9s=20Correa=20Casablanca?= <andreu@kindspells.dev>
Date: Mon, 29 Apr 2024 11:18:09 +0200
Subject: [PATCH 2/2] docs: upgrade website docs

Signed-off-by: Andres Correa Casablanca <andreu@kindspells.dev>
---
 @kindspells/astro-shield/package.json         |   2 +-
 @kindspells/astro-shield/src/headers.mjs      |   8 +-
 docs/astro.config.mjs                         |   8 ++
 docs/package.json                             |   7 +-
 .../content-security-policy.mdx               |   6 +
 docs/sst.config.ts                            |   4 +-
 docs/tsconfig.json                            |   3 +-
 pnpm-lock.yaml                                | 136 +++++++++---------
 8 files changed, 93 insertions(+), 81 deletions(-)

diff --git a/@kindspells/astro-shield/package.json b/@kindspells/astro-shield/package.json
index 2994c35..aacaa57 100644
--- a/@kindspells/astro-shield/package.json
+++ b/@kindspells/astro-shield/package.json
@@ -80,7 +80,7 @@
 			"url": "https://ko-fi.com/coderspirit"
 		}
 	],
-	"packageManager": "pnpm@8.15.6",
+	"packageManager": "pnpm@9.0.6",
 	"engines": {
 		"node": ">= 18.0.0"
 	},
diff --git a/@kindspells/astro-shield/src/headers.mjs b/@kindspells/astro-shield/src/headers.mjs
index 46c65c5..df16aa5 100644
--- a/@kindspells/astro-shield/src/headers.mjs
+++ b/@kindspells/astro-shield/src/headers.mjs
@@ -21,9 +21,7 @@ export const serialiseHashes = hashes =>
  * @returns {string}
  */
 export const serializeCspDirectiveSources = hashes =>
-	Array.from(hashes)
-		.sort()
-		.join(' ')
+	Array.from(hashes).sort().join(' ')
 
 /**
  * @param {CSPDirectives} directives
@@ -44,9 +42,7 @@ export const serialiseCspDirectives = directives =>
 export const setSrcDirective = (directives, srcType, hashes) => {
 	const baseSrcDirective = directives[srcType]
 	if (baseSrcDirective) {
-		const srcDirective = new Set(
-			baseSrcDirective.split(/\s+/),
-		)
+		const srcDirective = new Set(baseSrcDirective.split(/\s+/))
 		for (const hash of hashes) {
 			srcDirective.add(`'${hash}'`)
 		}
diff --git a/docs/astro.config.mjs b/docs/astro.config.mjs
index 2b6305e..be34149 100644
--- a/docs/astro.config.mjs
+++ b/docs/astro.config.mjs
@@ -16,6 +16,10 @@ export default defineConfig({
 	image: {
 		service: passthroughImageService(),
 	},
+	i18n: {
+		locales: ['en'],
+		defaultLocale: 'en',
+	},
 	integrations: [
 		shield({}),
 		starlight({
@@ -26,6 +30,10 @@ export default defineConfig({
 					label: 'English',
 					lang: 'en',
 				},
+				en: {
+					label: 'English',
+					lang: 'en',
+				},
 			},
 			social: {
 				github: 'https://github.com/kindspells/astro-shield',
diff --git a/docs/package.json b/docs/package.json
index 00c4cf3..797aadb 100644
--- a/docs/package.json
+++ b/docs/package.json
@@ -3,11 +3,12 @@
 	"type": "module",
 	"version": "1.4.0",
 	"scripts": {
-		"dev": "sst dev astro dev",
-		"start": "astro dev",
+		"astro": "astro",
 		"build": "moon run build",
+		"deploy":"sst deploy --stage prod",
+		"dev": "sst dev astro dev",
 		"preview": "astro preview",
-		"astro": "astro"
+		"start": "astro dev"
 	},
 	"dependencies": {
 		"astro-sst": "^2.41.5",
diff --git a/docs/src/content/docs/guides/security-headers/content-security-policy.mdx b/docs/src/content/docs/guides/security-headers/content-security-policy.mdx
index 31f254e..79ef04b 100644
--- a/docs/src/content/docs/guides/security-headers/content-security-policy.mdx
+++ b/docs/src/content/docs/guides/security-headers/content-security-policy.mdx
@@ -58,6 +58,12 @@ export default defineConfig({
 `}
 />
 
+<Aside type='tip'>
+  By default, Astro-Shield will add `'self`' to the `script-src` directive. You
+  can override this behavior by setting your own `script-src` directive (which
+  can be an empty string).
+</Aside>
+
 <Aside type="caution">
   When enabling CSP headers, you must also set the `sri.enableMiddleware` option
   to `true`. It is also recommended to set the `sri.hashesModule` option.
diff --git a/docs/sst.config.ts b/docs/sst.config.ts
index e5b22b1..bedd76d 100644
--- a/docs/sst.config.ts
+++ b/docs/sst.config.ts
@@ -17,8 +17,8 @@ export default $config({
   async run() {
     new sst.aws.Astro("AstroShield", {
       domain: {
-        hostedZone: 'kindspells.dev',
-        domainName: 'astro-shield.kindspells.dev'
+        dns: sst.aws.dns(),
+        name: 'astro-shield.kindspells.dev'
       }
     });
   },
diff --git a/docs/tsconfig.json b/docs/tsconfig.json
index 870fc9e..6d0d429 100644
--- a/docs/tsconfig.json
+++ b/docs/tsconfig.json
@@ -4,5 +4,6 @@
 	 *
 	 * SPDX-License-Identifier: MIT
 	 */
-	"extends": "astro/tsconfigs/strictest"
+	"extends": "astro/tsconfigs/strictest",
+	"exclude": ["dist/**/*", "node_modules/**/*"]
 }
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml
index 678732c..f1524dc 100644
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -860,83 +860,83 @@ packages:
     cpu: [x64]
     os: [win32]
 
-  '@rollup/rollup-android-arm-eabi@4.17.0':
-    resolution: {integrity: sha512-nNvLvC2fjC+3+bHYN9uaGF3gcyy7RHGZhtl8TB/kINj9hiOQza8kWJGZh47GRPMrqeseO8U+Z8ElDMCZlWBdHA==}
+  '@rollup/rollup-android-arm-eabi@4.17.1':
+    resolution: {integrity: sha512-P6Wg856Ou/DLpR+O0ZLneNmrv7QpqBg+hK4wE05ijbC/t349BRfMfx+UFj5Ha3fCFopIa6iSZlpdaB4agkWp2Q==}
     cpu: [arm]
     os: [android]
 
-  '@rollup/rollup-android-arm64@4.17.0':
-    resolution: {integrity: sha512-+kjt6dvxnyTIAo7oHeYseYhDyZ7xRKTNl/FoQI96PHkJVxoChldJnne/LzYqpqidoK1/0kX0/q+5rrYqjpth6w==}
+  '@rollup/rollup-android-arm64@4.17.1':
+    resolution: {integrity: sha512-piwZDjuW2WiHr05djVdUkrG5JbjnGbtx8BXQchYCMfib/nhjzWoiScelZ+s5IJI7lecrwSxHCzW026MWBL+oJQ==}
     cpu: [arm64]
     os: [android]
 
-  '@rollup/rollup-darwin-arm64@4.17.0':
-    resolution: {integrity: sha512-Oj6Tp0unMpGTBjvNwbSRv3DopMNLu+mjBzhKTt2zLbDJ/45fB1pltr/rqrO4bE95LzuYwhYn127pop+x/pzf5w==}
+  '@rollup/rollup-darwin-arm64@4.17.1':
+    resolution: {integrity: sha512-LsZXXIsN5Q460cKDT4Y+bzoPDhBmO5DTr7wP80d+2EnYlxSgkwdPfE3hbE+Fk8dtya+8092N9srjBTJ0di8RIA==}
     cpu: [arm64]
     os: [darwin]
 
-  '@rollup/rollup-darwin-x64@4.17.0':
-    resolution: {integrity: sha512-3nJx0T+yptxMd+v93rBRxSPTAVCv8szu/fGZDJiKX7kvRe9sENj2ggXjCH/KK1xZEmJOhaNo0c9sGMgGdfkvEw==}
+  '@rollup/rollup-darwin-x64@4.17.1':
+    resolution: {integrity: sha512-S7TYNQpWXB9APkxu/SLmYHezWwCoZRA9QLgrDeml+SR2A1LLPD2DBUdUlvmCF7FUpRMKvbeeWky+iizQj65Etw==}
     cpu: [x64]
     os: [darwin]
 
-  '@rollup/rollup-linux-arm-gnueabihf@4.17.0':
-    resolution: {integrity: sha512-Vb2e8p9b2lxxgqyOlBHmp6hJMu/HSU6g//6Tbr7x5V1DlPCHWLOm37nSIVK314f+IHzORyAQSqL7+9tELxX3zQ==}
+  '@rollup/rollup-linux-arm-gnueabihf@4.17.1':
+    resolution: {integrity: sha512-Lq2JR5a5jsA5um2ZoLiXXEaOagnVyCpCW7xvlcqHC7y46tLwTEgUSTM3a2TfmmTMmdqv+jknUioWXlmxYxE9Yw==}
     cpu: [arm]
     os: [linux]
 
-  '@rollup/rollup-linux-arm-musleabihf@4.17.0':
-    resolution: {integrity: sha512-Md60KsmC5ZIaRq/bYYDloklgU+XLEZwS2EXXVcSpiUw+13/ZASvSWQ/P92rQ9YDCL6EIoXxuQ829JkReqdYbGg==}
+  '@rollup/rollup-linux-arm-musleabihf@4.17.1':
+    resolution: {integrity: sha512-9BfzwyPNV0IizQoR+5HTNBGkh1KXE8BqU0DBkqMngmyFW7BfuIZyMjQ0s6igJEiPSBvT3ZcnIFohZ19OqjhDPg==}
     cpu: [arm]
     os: [linux]
 
-  '@rollup/rollup-linux-arm64-gnu@4.17.0':
-    resolution: {integrity: sha512-zL5rBFtJ+2EGnMRm2TqKjdjgFqlotSU+ZJEN37nV+fiD3I6Gy0dUh3jBWN0wSlcXVDEJYW7YBe+/2j0N9unb2w==}
+  '@rollup/rollup-linux-arm64-gnu@4.17.1':
+    resolution: {integrity: sha512-e2uWaoxo/rtzA52OifrTSXTvJhAXb0XeRkz4CdHBK2KtxrFmuU/uNd544Ogkpu938BzEfvmWs8NZ8Axhw33FDw==}
     cpu: [arm64]
     os: [linux]
 
-  '@rollup/rollup-linux-arm64-musl@4.17.0':
-    resolution: {integrity: sha512-s2xAyNkJqUdtRVgNK4NK4P9QttS538JuX/kfVQOdZDI5FIKVAUVdLW7qhGfmaySJ1EvN/Bnj9oPm5go9u8navg==}
+  '@rollup/rollup-linux-arm64-musl@4.17.1':
+    resolution: {integrity: sha512-ekggix/Bc/d/60H1Mi4YeYb/7dbal1kEDZ6sIFVAE8pUSx7PiWeEh+NWbL7bGu0X68BBIkgF3ibRJe1oFTksQQ==}
     cpu: [arm64]
     os: [linux]
 
-  '@rollup/rollup-linux-powerpc64le-gnu@4.17.0':
-    resolution: {integrity: sha512-7F99yzVT67B7IUNMjLD9QCFDCyHkyCJMS1dywZrGgVFJao4VJ9szrIEgH67cR+bXQgEaY01ur/WSL6B0jtcLyA==}
+  '@rollup/rollup-linux-powerpc64le-gnu@4.17.1':
+    resolution: {integrity: sha512-UGV0dUo/xCv4pkr/C8KY7XLFwBNnvladt8q+VmdKrw/3RUd3rD0TptwjisvE2TTnnlENtuY4/PZuoOYRiGp8Gw==}
     cpu: [ppc64]
     os: [linux]
 
-  '@rollup/rollup-linux-riscv64-gnu@4.17.0':
-    resolution: {integrity: sha512-leFtyiXisfa3Sg9pgZJwRKITWnrQfhtqDjCamnZhkZuIsk1FXmYwKoTkp6lsCgimIcneFFkHKp/yGLxDesga4g==}
+  '@rollup/rollup-linux-riscv64-gnu@4.17.1':
+    resolution: {integrity: sha512-gEYmYYHaehdvX46mwXrU49vD6Euf1Bxhq9pPb82cbUU9UT2NV+RSckQ5tKWOnNXZixKsy8/cPGtiUWqzPuAcXQ==}
     cpu: [riscv64]
     os: [linux]
 
-  '@rollup/rollup-linux-s390x-gnu@4.17.0':
-    resolution: {integrity: sha512-FtOgui6qMJ4jbSXTxElsy/60LEe/3U0rXkkz2G5CJ9rbHPAvjMvI+3qF0A0fwLQ5hW+/ZC6PbnS2KfRW9JkgDQ==}
+  '@rollup/rollup-linux-s390x-gnu@4.17.1':
+    resolution: {integrity: sha512-xeae5pMAxHFp6yX5vajInG2toST5lsCTrckSRUFwNgzYqnUjNBcQyqk1bXUxX5yhjWFl2Mnz3F8vQjl+2FRIcw==}
     cpu: [s390x]
     os: [linux]
 
-  '@rollup/rollup-linux-x64-gnu@4.17.0':
-    resolution: {integrity: sha512-v6eiam/1w3HUfU/ZjzIDodencqgrSqzlNuNtiwH7PFJHYSo1ezL0/UIzmS2lpSJF1ORNaplXeKHYmmdt81vV2g==}
+  '@rollup/rollup-linux-x64-gnu@4.17.1':
+    resolution: {integrity: sha512-AsdnINQoDWfKpBzCPqQWxSPdAWzSgnYbrJYtn6W0H2E9It5bZss99PiLA8CgmDRfvKygt20UpZ3xkhFlIfX9zQ==}
     cpu: [x64]
     os: [linux]
 
-  '@rollup/rollup-linux-x64-musl@4.17.0':
-    resolution: {integrity: sha512-OUhkSdpM5ofVlVU2k4CwVubYwiwu1a4jYWPpubzN7Vzao73GoPBowHcCfaRSFRz1SszJ3HIsk3dZYk4kzbqjgw==}
+  '@rollup/rollup-linux-x64-musl@4.17.1':
+    resolution: {integrity: sha512-KoB4fyKXTR+wYENkIG3fFF+5G6N4GFvzYx8Jax8BR4vmddtuqSb5oQmYu2Uu067vT/Fod7gxeQYKupm8gAcMSQ==}
     cpu: [x64]
     os: [linux]
 
-  '@rollup/rollup-win32-arm64-msvc@4.17.0':
-    resolution: {integrity: sha512-uL7UYO/MNJPGL/yflybI+HI+n6+4vlfZmQZOCb4I+z/zy1wisHT3exh7oNQsnL6Eso0EUTEfgQ/PaGzzXf6XyQ==}
+  '@rollup/rollup-win32-arm64-msvc@4.17.1':
+    resolution: {integrity: sha512-J0d3NVNf7wBL9t4blCNat+d0PYqAx8wOoY+/9Q5cujnafbX7BmtYk3XvzkqLmFECaWvXGLuHmKj/wrILUinmQg==}
     cpu: [arm64]
     os: [win32]
 
-  '@rollup/rollup-win32-ia32-msvc@4.17.0':
-    resolution: {integrity: sha512-4WnSgaUiUmXILwFqREdOcqvSj6GD/7FrvSjhaDjmwakX9w4Z2F8JwiSP1AZZbuRkPqzi444UI5FPv33VKOWYFQ==}
+  '@rollup/rollup-win32-ia32-msvc@4.17.1':
+    resolution: {integrity: sha512-xjgkWUwlq7IbgJSIxvl516FJ2iuC/7ttjsAxSPpC9kkI5iQQFHKyEN5BjbhvJ/IXIZ3yIBcW5QDlWAyrA+TFag==}
     cpu: [ia32]
     os: [win32]
 
-  '@rollup/rollup-win32-x64-msvc@4.17.0':
-    resolution: {integrity: sha512-ve+D8t1prRSRnF2S3pyDtTXDlvW1Pngbz76tjgYFQW1jxVSysmQCZfPoDAo4WP+Ano8zeYp85LsArZBI12HfwQ==}
+  '@rollup/rollup-win32-x64-msvc@4.17.1':
+    resolution: {integrity: sha512-0QbCkfk6cnnVKWqqlC0cUrrUMDMfu5ffvYMTUHf+qMN2uAb3MKP31LPcwiMXBNsvoFGs/kYdFOsuLmvppCopXA==}
     cpu: [x64]
     os: [win32]
 
@@ -2667,8 +2667,8 @@ packages:
     resolution: {integrity: sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==}
     engines: {iojs: '>=1.0.0', node: '>=0.10.0'}
 
-  rollup@4.17.0:
-    resolution: {integrity: sha512-wZJSn0WMtWrxhYKQRt5Z6GIXlziOoMDFmbHmRfL3v+sBTAshx2DBq1AfMArB7eIjF63r4ocn2ZTAyUptg/7kmQ==}
+  rollup@4.17.1:
+    resolution: {integrity: sha512-0gG94inrUtg25sB2V/pApwiv1lUb0bQ25FPNuzO89Baa+B+c0ccaaBKM5zkZV/12pUUdH+lWCSm9wmHqyocuVQ==}
     engines: {node: '>=18.0.0', npm: '>=8.0.0'}
     hasBin: true
 
@@ -4267,52 +4267,52 @@ snapshots:
   '@pagefind/windows-x64@1.1.0':
     optional: true
 
-  '@rollup/rollup-android-arm-eabi@4.17.0':
+  '@rollup/rollup-android-arm-eabi@4.17.1':
     optional: true
 
-  '@rollup/rollup-android-arm64@4.17.0':
+  '@rollup/rollup-android-arm64@4.17.1':
     optional: true
 
-  '@rollup/rollup-darwin-arm64@4.17.0':
+  '@rollup/rollup-darwin-arm64@4.17.1':
     optional: true
 
-  '@rollup/rollup-darwin-x64@4.17.0':
+  '@rollup/rollup-darwin-x64@4.17.1':
     optional: true
 
-  '@rollup/rollup-linux-arm-gnueabihf@4.17.0':
+  '@rollup/rollup-linux-arm-gnueabihf@4.17.1':
     optional: true
 
-  '@rollup/rollup-linux-arm-musleabihf@4.17.0':
+  '@rollup/rollup-linux-arm-musleabihf@4.17.1':
     optional: true
 
-  '@rollup/rollup-linux-arm64-gnu@4.17.0':
+  '@rollup/rollup-linux-arm64-gnu@4.17.1':
     optional: true
 
-  '@rollup/rollup-linux-arm64-musl@4.17.0':
+  '@rollup/rollup-linux-arm64-musl@4.17.1':
     optional: true
 
-  '@rollup/rollup-linux-powerpc64le-gnu@4.17.0':
+  '@rollup/rollup-linux-powerpc64le-gnu@4.17.1':
     optional: true
 
-  '@rollup/rollup-linux-riscv64-gnu@4.17.0':
+  '@rollup/rollup-linux-riscv64-gnu@4.17.1':
     optional: true
 
-  '@rollup/rollup-linux-s390x-gnu@4.17.0':
+  '@rollup/rollup-linux-s390x-gnu@4.17.1':
     optional: true
 
-  '@rollup/rollup-linux-x64-gnu@4.17.0':
+  '@rollup/rollup-linux-x64-gnu@4.17.1':
     optional: true
 
-  '@rollup/rollup-linux-x64-musl@4.17.0':
+  '@rollup/rollup-linux-x64-musl@4.17.1':
     optional: true
 
-  '@rollup/rollup-win32-arm64-msvc@4.17.0':
+  '@rollup/rollup-win32-arm64-msvc@4.17.1':
     optional: true
 
-  '@rollup/rollup-win32-ia32-msvc@4.17.0':
+  '@rollup/rollup-win32-ia32-msvc@4.17.1':
     optional: true
 
-  '@rollup/rollup-win32-x64-msvc@4.17.0':
+  '@rollup/rollup-win32-x64-msvc@4.17.1':
     optional: true
 
   '@shikijs/core@1.3.0': {}
@@ -6745,26 +6745,26 @@ snapshots:
 
   reusify@1.0.4: {}
 
-  rollup@4.17.0:
+  rollup@4.17.1:
     dependencies:
       '@types/estree': 1.0.5
     optionalDependencies:
-      '@rollup/rollup-android-arm-eabi': 4.17.0
-      '@rollup/rollup-android-arm64': 4.17.0
-      '@rollup/rollup-darwin-arm64': 4.17.0
-      '@rollup/rollup-darwin-x64': 4.17.0
-      '@rollup/rollup-linux-arm-gnueabihf': 4.17.0
-      '@rollup/rollup-linux-arm-musleabihf': 4.17.0
-      '@rollup/rollup-linux-arm64-gnu': 4.17.0
-      '@rollup/rollup-linux-arm64-musl': 4.17.0
-      '@rollup/rollup-linux-powerpc64le-gnu': 4.17.0
-      '@rollup/rollup-linux-riscv64-gnu': 4.17.0
-      '@rollup/rollup-linux-s390x-gnu': 4.17.0
-      '@rollup/rollup-linux-x64-gnu': 4.17.0
-      '@rollup/rollup-linux-x64-musl': 4.17.0
-      '@rollup/rollup-win32-arm64-msvc': 4.17.0
-      '@rollup/rollup-win32-ia32-msvc': 4.17.0
-      '@rollup/rollup-win32-x64-msvc': 4.17.0
+      '@rollup/rollup-android-arm-eabi': 4.17.1
+      '@rollup/rollup-android-arm64': 4.17.1
+      '@rollup/rollup-darwin-arm64': 4.17.1
+      '@rollup/rollup-darwin-x64': 4.17.1
+      '@rollup/rollup-linux-arm-gnueabihf': 4.17.1
+      '@rollup/rollup-linux-arm-musleabihf': 4.17.1
+      '@rollup/rollup-linux-arm64-gnu': 4.17.1
+      '@rollup/rollup-linux-arm64-musl': 4.17.1
+      '@rollup/rollup-linux-powerpc64le-gnu': 4.17.1
+      '@rollup/rollup-linux-riscv64-gnu': 4.17.1
+      '@rollup/rollup-linux-s390x-gnu': 4.17.1
+      '@rollup/rollup-linux-x64-gnu': 4.17.1
+      '@rollup/rollup-linux-x64-musl': 4.17.1
+      '@rollup/rollup-win32-arm64-msvc': 4.17.1
+      '@rollup/rollup-win32-ia32-msvc': 4.17.1
+      '@rollup/rollup-win32-x64-msvc': 4.17.1
       fsevents: 2.3.3
 
   run-parallel@1.2.0:
@@ -7230,7 +7230,7 @@ snapshots:
     dependencies:
       esbuild: 0.20.2
       postcss: 8.4.38
-      rollup: 4.17.0
+      rollup: 4.17.1
     optionalDependencies:
       '@types/node': 20.12.7
       fsevents: 2.3.3