chore: npm audit fix for dev tooling vulnerabilities#556
Conversation
Signed-off-by: mesutoezdil <mesudozdil@gmail.com>
Signed-off-by: mesutoezdil <mesudozdil@gmail.com>
✅ Deploy Preview for project-hami ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: mesutoezdil The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
📝 WalkthroughWalkthroughThis PR updates package.json to bump Docusaurus-related dependency and devDependency versions from 3.10.0 to ^3.10.1, affecting ChangesDependency version bump
Estimated code review effort: 1 (Trivial) | ~2 minutes Poem
🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches🧪 Generate unit tests (beta)
Comment |
Depends on #545, merge that first. This branch is stacked on top of it, so this diff includes that commit too until #545 merges.
Ran npm audit fix (no --force) on top of the docusaurus 3.10.1 bump. Cuts vulnerabilities from 43 to 27, no breaking changes, package.json untouched, only package-lock.json transitive resolutions changed.
Skipped the remaining 27: fixing those needs npm audit fix --force, which would downgrade @easyops-cn/docusaurus-search-local to 0.26.1, a real breaking change and a downgrade, not doing that here.
Tried running audit fix directly against plain master first: it silently bumped @docusaurus/plugin-content-pages to 3.10.1 as a transitive resolution while core stayed on 3.10.0, and docusaurus enforces that all its packages match exactly, so the build broke. That is why this is stacked on the docusaurus bump branch instead of plain master.
Summary by CodeRabbit