chore: npm audit fix for dev tooling vulnerabilities#556
Conversation
✅ Deploy Preview for project-hami ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: mesutoezdil The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Important Review skippedReview was skipped due to path filters ⛔ Files ignored due to path filters (1)
CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including ⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
📝 WalkthroughWalkthroughThis PR updates package.json to bump Docusaurus-related dependency and devDependency versions from 3.10.0 to ^3.10.1, affecting ChangesDependency version bump
Estimated code review effort: 1 (Trivial) | ~2 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Signed-off-by: mesutoezdil <mesudozdil@gmail.com>
0cc4693 to
8d22762
Compare
Depends on #545, merge that first. This branch is stacked on top of it, so this diff includes that commit too until #545 merges.
Ran npm audit fix (no --force) on top of the docusaurus 3.10.1 bump. Cuts vulnerabilities from 43 to 27, no breaking changes, package.json untouched, only package-lock.json transitive resolutions changed.
Skipped the remaining 27: fixing those needs npm audit fix --force, which would downgrade @easyops-cn/docusaurus-search-local to 0.26.1, a real breaking change and a downgrade, not doing that here.
Tried running audit fix directly against plain master first: it silently bumped @docusaurus/plugin-content-pages to 3.10.1 as a transitive resolution while core stayed on 3.10.0, and docusaurus enforces that all its packages match exactly, so the build broke. That is why this is stacked on the docusaurus bump branch instead of plain master.
Summary by CodeRabbit