-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Upgrade @docusaurus/core from 2.1.0 to 3.4.0 #826
base: main
Are you sure you want to change the base?
Conversation
Snyk has created this PR to upgrade @docusaurus/core from 2.1.0 to 3.4.0. See this package in npm: @docusaurus/core See this project in Snyk: https://app.snyk.io/org/q1blue-rxw/project/5b430cad-b455-40c7-a7ff-af5a8804e8ca?utm_source=github&utm_medium=referral&page=upgrade-pr
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an install script?Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
Snyk has created this PR to upgrade @docusaurus/core from 2.1.0 to 3.4.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 20 versions ahead of your current version.
The recommended version was released on 3 months ago.
Issues fixed by the recommended upgrade:
SNYK-JS-SERIALIZEJAVASCRIPT-6147607
SNYK-JS-BABELTRAVERSE-5962462
SNYK-JS-WEBPACK-3358798
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555
SNYK-JS-EXPRESS-6474509
SNYK-JS-HTTPCACHESEMANTICS-3248783
SNYK-JS-JSON5-3182856
SNYK-JS-POSTCSS-5926692
SNYK-JS-SIDEWAYFORMULA-3317169
Release notes
Package name: @docusaurus/core
3.4.0 (2024-05-31)
🚀 New Feature
create-docusaurus
,docusaurus-plugin-content-blog
,docusaurus-plugin-content-docs
,docusaurus-theme-classic
,docusaurus-utils-validation
,docusaurus-utils
tags.yml
, predefined list of tags (@ OzakIOne)docusaurus-theme-translations
docusaurus-plugin-client-redirects
,docusaurus-plugin-content-blog
,docusaurus-plugin-pwa
,docusaurus-plugin-sitemap
,docusaurus-theme-search-algolia
,docusaurus-types
,docusaurus-utils
,docusaurus
docusaurus-module-type-aliases
,docusaurus-theme-classic
,docusaurus-theme-common
,docusaurus-types
,docusaurus
🐛 Bug Fix
docusaurus-plugin-content-blog
,docusaurus-plugin-content-docs
,docusaurus-utils
docusaurus-theme-search-algolia
contextualSearch: false
setting (@ ncoughlin)docusaurus-mdx-loader
,docusaurus-plugin-content-blog
,docusaurus-plugin-content-docs
,docusaurus-plugin-content-pages
,docusaurus-utils
docusaurus-theme-translations
docusaurus
docusaurus serve
broken for assets when using trailingSlash (@ slorber)docusaurus-theme-classic
,docusaurus-theme-common
docusaurus-plugin-content-docs
,docusaurus
configurePostCss()
should run afterconfigureWebpack()
(@ slorber)docusaurus-utils
,docusaurus
docusaurus-theme-classic
,docusaurus-theme-translations
📝 Documentation
<details>
(@ tats-u){<...>...</...>}
if don't use Markdown in migra… (@ tats-u)🤖 Dependencies
Committers: 11
v3.3.2
v3.3.1
3.3.0 (2024-05-03)
🚀 New Feature
docusaurus-plugin-sitemap
docusaurus-mdx-loader
,docusaurus-types
,docusaurus
siteConfig.markdown.anchors.maintainCase
(@ iAdramelk)docusaurus
docusaurus-plugin-content-blog
,docusaurus-plugin-content-docs
,docusaurus-plugin-content-pages
,docusaurus-plugin-debug
,docusaurus-types
,docusaurus
docusaurus-plugin-content-pages
,docusaurus-theme-classic
,docusaurus-theme-common
🐛 Bug Fix
docusaurus-cssnano-preset
,docusaurus-utils
,docusaurus
docusaurus-theme-classic
<Tabs>
props should allow overriding defaults (@ gagdiez)<Admonition>
should render properly without heading/icon (@ andrmaz)docusaurus
docusaurus serve
redirects should include the site/baseUrl/
prefix (@ slorber)docusaurus-module-type-aliases
,docusaurus-preset-classic
,docusaurus-theme-classic
,docusaurus-theme-live-codeblock
,docusaurus
docusaurus-theme-translations
docusaurus-theme-search-algolia
docusaurus-plugin-content-docs
,docusaurus
docusaurus-plugin-content-docs
docusaurus-utils
log.showSignature=true
(@ slorber)🏃♀️ Performance
docusaurus
💅 Polish
docusaurus-theme-classic
docusaurus-theme-common
📝 Documentation
déja
todéjà
inswizzling.mdx
(@ Zwyx)ThemedImage
example work out of the box (@ lebalz)🤖 Dependencies
🔧 Maintenance
create-docusaurus
,docusaurus-cssnano-preset
,docusaurus-logger
,docusaurus-mdx-loader
,docusaurus-plugin-client-redirects
,docusaurus-plugin-content-blog
,docusaurus-plugin-content-docs
,docusaurus-plugin-content-pages
,docusaurus-plugin-debug
,docusaurus-plugin-google-analytics
,docusaurus-plugin-google-gtag
,docusaurus-plugin-google-tag-manager
,docusaurus-plugin-ideal-image
,docusaurus-plugin-pwa
,docusaurus-plugin-sitemap
,docusaurus-plugin-vercel-analytics
,docusaurus-preset-classic
,docusaurus-remark-plugin-npm2yarn
,docusaurus-theme-classic
,docusaurus-theme-common
,docusaurus-theme-live-codeblock
,docusaurus-theme-mermaid
,docusaurus-theme-search-algolia
,docusaurus-theme-translations
,docusaurus-utils-common
,docusaurus-utils-validation
,docusaurus-utils
,docusaurus
,eslint-plugin
,lqip-loader
,stylelint-copyright
Committers: 20
3.2.1 (2024-04-04)
🐛 Bug Fix
docusaurus
📝 Documentation
🤖 Dependencies
Committers: 2
3.2.0 (2024-03-29)
🚀 New Feature
docusaurus-plugin-content-blog
,docusaurus-plugin-content-docs
,docusaurus-plugin-content-pages
,docusaurus-plugin-sitemap
,docusaurus-types
,docusaurus-utils
,docusaurus
docusaurus-plugin-content-blog
,docusaurus-plugin-content-docs
,docusaurus-theme-classic
,docusaurus-theme-common
,docusaurus-utils-validation
,docusaurus-utils
docusaurus-plugin-debug
,docusaurus-types
,docusaurus
docusaurus-theme-translations
docusaurus-plugin-content-blog
docusaurus
create-docusaurus
,docusaurus-utils
docusaurus-plugin-vercel-analytics
docusaurus-mdx-loader
🐛 Bug Fix
docusaurus-mdx-loader
docusaurus-theme-search-algolia
docusaurus-plugin-content-blog
docusaurus-theme-classic
docusaurus-theme-translations
docusaurus-utils
docusaurus
docusaurus-remark-plugin-npm2yarn
docusaurus-theme-classic
,docusaurus-theme-translations
🏃♀️ Performance
docusaurus-types
,docusaurus-utils
,docusaurus
docusaurus-types
,docusaurus
docusaurus-plugin-content-docs
,docusaurus-plugin-content-pages
,docusaurus-types
,docusaurus
docusaurus-plugin-content-blog
,docusaurus-plugin-content-docs
,docusaurus-utils
docusaurus
💅 Polish
docusaurus-plugin-content-blog
,docusaurus-plugin-content-docs
,docusaurus-theme-classic
,docusaurus-theme-common
docusaurus-plugin-content-blog
,docusaurus-theme-classic
,docusaurus-theme-common
,docusaurus-types
docusaurus-plugin-content-docs
📝 Documentation
🤖 Dependencies
🔧 Maintenance
docusaurus-plugin-client-redirects
,docusaurus-plugin-content-docs
,docusaurus-utils-common
,docusaurus-utils-validation
,docusaurus-utils
,docusaurus
docusaurus-plugin-content-blog
,docusaurus-plugin-content-docs
,docusaurus-theme-classic
,docusaurus-theme-common
,docusaurus-utils
Committers: 22
3.1.1 (2024-01-26)
🐛 Bug Fix
docusaurus-types
,docusaurus
docusaurus
hostname
parameter when using… (@ jack-robson)docusaurus-utils
mdx-code-block
info string (@ eitsupi)create-docusaurus
docusaurus-theme-common
docusaurus-theme-classic
,docusaurus-theme-mermaid
docusaurus-module-type-aliases
,docusaurus-theme-classic
,docusaurus-theme-common
,docusaurus-utils
,docusaurus
🏃♀️ Performance
docusaurus
💅 Polish
docusaurus-theme-classic
Committers: 6
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"","from":"docusaurus/core","to":"docusaurus/core"}],"env":"prod","hasFixes":true,"isBreakingChange":true,"isMajorUpgrade":true,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-SERIALIZEJAVASCRIPT-6147607","issue_id":"SNYK-JS-SERIALIZEJAVASCRIPT-6147607","priority_score":109,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.01055},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Jan 09 2024 12:13:57 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":4.54},{"name":"likelihood","value":2.39},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Cross-site Scripting (XSS)"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BABELTRAVERSE-5962462","issue_id":"SNYK-JS-BABELTRAVERSE-5962462","priority_score":235,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"high"},{"name":"availability","value":"high"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"local"},{"name":"epss","value":0.0006},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Oct 13 2023 06:39:08 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"critical"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":10.1},{"name":"likelihood","value":2.33},{"name":"scoreVersion","value":"V5"}],"severity":"critical","title":"Incomplete List of Disallowed Inputs"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WEBPACK-3358798","issue_id":"SNYK-JS-WEBPACK-3358798","priority_score":165,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"low"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00246},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon Mar 13 2023 09:02:43 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":6.22},{"name":"likelihood","value":2.65},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Sandbox Bypass"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","issue_id":"SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555","priority_score":158,"priority_score_factors":[{"name":"confidentiality","value":"high"},{"name":"integrity","value":"none"},{"name":"availability","value":"none"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00044},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Fri Mar 22 2024 08:05:13 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":6.65},{"name":"likelihood","value":2.36},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Path Traversal"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-EXPRESS-6474509","issue_id":"SNYK-JS-EXPRESS-6474509","priority_score":74,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00044},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Mar 26 2024 07:34:23 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"na...