Skip to content

chore: npm audit fix for dev tooling vulnerabilities#556

Open
mesutoezdil wants to merge 2 commits into
Project-HAMi:masterfrom
mesutoezdil:chore/npm-audit-fix
Open

chore: npm audit fix for dev tooling vulnerabilities#556
mesutoezdil wants to merge 2 commits into
Project-HAMi:masterfrom
mesutoezdil:chore/npm-audit-fix

Conversation

@mesutoezdil

@mesutoezdil mesutoezdil commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

Depends on #545, merge that first. This branch is stacked on top of it, so this diff includes that commit too until #545 merges.

Ran npm audit fix (no --force) on top of the docusaurus 3.10.1 bump. Cuts vulnerabilities from 43 to 27, no breaking changes, package.json untouched, only package-lock.json transitive resolutions changed.

Skipped the remaining 27: fixing those needs npm audit fix --force, which would downgrade @easyops-cn/docusaurus-search-local to 0.26.1, a real breaking change and a downgrade, not doing that here.

Tried running audit fix directly against plain master first: it silently bumped @docusaurus/plugin-content-pages to 3.10.1 as a transitive resolution while core stayed on 3.10.0, and docusaurus enforces that all its packages match exactly, so the build broke. That is why this is stacked on the docusaurus bump branch instead of plain master.

Summary by CodeRabbit

  • Chores
    • Updated several Docusaurus packages to the latest 3.10.1 patch release.
    • Bumped the related build tool to match the same version line.
    • These updates should help keep the documentation site current and may include stability improvements.

Signed-off-by: mesutoezdil <mesudozdil@gmail.com>
Signed-off-by: mesutoezdil <mesudozdil@gmail.com>
@netlify

netlify Bot commented Jul 5, 2026

Copy link
Copy Markdown

Deploy Preview for project-hami ready!

Name Link
🔨 Latest commit 0cc4693
🔍 Latest deploy log https://app.netlify.com/projects/project-hami/deploys/6a4a6aabe828640008b9618f
😎 Deploy Preview https://deploy-preview-556--project-hami.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
🤖 Make changes Run an agent on this branch

To edit notification comments on pull requests, go to your Netlify project configuration.

@hami-robot hami-robot Bot requested review from rootsongjc and windsonsea July 5, 2026 14:31
@hami-robot

hami-robot Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: mesutoezdil
Once this PR has been reviewed and has the lgtm label, please assign wawa0210 for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@hami-robot hami-robot Bot added the size/XXL label Jul 5, 2026
@coderabbitai

coderabbitai Bot commented Jul 5, 2026

Copy link
Copy Markdown

Review Change Stack

📝 Walkthrough

Walkthrough

This PR updates package.json to bump Docusaurus-related dependency and devDependency versions from 3.10.0 to ^3.10.1, affecting @docusaurus/core, content/plugin/preset packages, sitemap, theme-mermaid, and @docusaurus/faster.

Changes

Dependency version bump

Layer / File(s) Summary
Bump Docusaurus package versions
package.json
Updates @docusaurus/* dependencies and @docusaurus/faster devDependency from 3.10.0 to ^3.10.1.

Estimated code review effort: 1 (Trivial) | ~2 minutes

Poem

Hop, hop, version bump so neat,
3.10.1, a tiny treat 🐇
No logic changed, just numbers spun,
A rabbit's chore, quickly done!

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check ✅ Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check ✅ Passed Check skipped because no linked issues were found for this pull request.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title matches the PR’s dependency and audit-fix intent, even though it is broader than the specific Docusaurus version bumps.
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Comment @coderabbitai help to get the list of available commands.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant