Skip to content

chore: npm audit fix for dev tooling vulnerabilities#556

Open
mesutoezdil wants to merge 1 commit into
Project-HAMi:masterfrom
mesutoezdil:chore/npm-audit-fix
Open

chore: npm audit fix for dev tooling vulnerabilities#556
mesutoezdil wants to merge 1 commit into
Project-HAMi:masterfrom
mesutoezdil:chore/npm-audit-fix

Conversation

@mesutoezdil

@mesutoezdil mesutoezdil commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

Depends on #545, merge that first. This branch is stacked on top of it, so this diff includes that commit too until #545 merges.

Ran npm audit fix (no --force) on top of the docusaurus 3.10.1 bump. Cuts vulnerabilities from 43 to 27, no breaking changes, package.json untouched, only package-lock.json transitive resolutions changed.

Skipped the remaining 27: fixing those needs npm audit fix --force, which would downgrade @easyops-cn/docusaurus-search-local to 0.26.1, a real breaking change and a downgrade, not doing that here.

Tried running audit fix directly against plain master first: it silently bumped @docusaurus/plugin-content-pages to 3.10.1 as a transitive resolution while core stayed on 3.10.0, and docusaurus enforces that all its packages match exactly, so the build broke. That is why this is stacked on the docusaurus bump branch instead of plain master.

Summary by CodeRabbit

  • Chores
    • Updated several Docusaurus packages to the latest 3.10.1 patch release.
    • Bumped the related build tool to match the same version line.
    • These updates should help keep the documentation site current and may include stability improvements.

@netlify

netlify Bot commented Jul 5, 2026

Copy link
Copy Markdown

Deploy Preview for project-hami ready!

Name Link
🔨 Latest commit 8d22762
🔍 Latest deploy log https://app.netlify.com/projects/project-hami/deploys/6a55deec449ed700081b0a60
😎 Deploy Preview https://deploy-preview-556--project-hami.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
🤖 Make changes Run an agent on this branch

To edit notification comments on pull requests, go to your Netlify project configuration.

@hami-robot hami-robot Bot requested review from rootsongjc and windsonsea July 5, 2026 14:31
@hami-robot

hami-robot Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: mesutoezdil
Once this PR has been reviewed and has the lgtm label, please assign wawa0210 for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@hami-robot hami-robot Bot added the size/XXL label Jul 5, 2026
@coderabbitai

coderabbitai Bot commented Jul 5, 2026

Copy link
Copy Markdown

Review Change Stack

Important

Review skipped

Review was skipped due to path filters

⛔ Files ignored due to path filters (1)
  • package-lock.json is excluded by !**/package-lock.json

CodeRabbit blocks several paths by default. You can override this behavior by explicitly including those paths in the path filters. For example, including **/dist/** will override the default block on the dist directory, by removing the pattern from both the lists.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro Plus

Run ID: eeb52d9e-bfaa-497f-a800-ff1e34c0da21

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

This PR updates package.json to bump Docusaurus-related dependency and devDependency versions from 3.10.0 to ^3.10.1, affecting @docusaurus/core, content/plugin/preset packages, sitemap, theme-mermaid, and @docusaurus/faster.

Changes

Dependency version bump

Layer / File(s) Summary
Bump Docusaurus package versions
package.json
Updates @docusaurus/* dependencies and @docusaurus/faster devDependency from 3.10.0 to ^3.10.1.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Poem

Hop, hop, version bump so neat,
3.10.1, a tiny treat 🐇
No logic changed, just numbers spun,
A rabbit's chore, quickly done!

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title matches the PR’s dependency and audit-fix intent, even though it is broader than the specific Docusaurus version bumps.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Signed-off-by: mesutoezdil <mesudozdil@gmail.com>
@mesutoezdil mesutoezdil force-pushed the chore/npm-audit-fix branch from 0cc4693 to 8d22762 Compare July 14, 2026 07:02
@hami-robot hami-robot Bot added size/L and removed size/XXL labels Jul 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant