[Snyk] Upgrade @docusaurus/core from 3.3.2 to 3.4.0 #18

somixyz · 2024-07-20T05:42:09Z

This PR was automatically created by Snyk using the credentials of a real user.

![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade @docusaurus/core from 3.3.2 to 3.4.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 1 version ahead of your current version.
The recommended version was released on 2 months ago.

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	676	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	676	Proof of Concept
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	676	Proof of Concept
Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	676	Proof of Concept
Denial of Service (DoS) SNYK-JS-WS-7266574	676	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	676	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	676	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	676	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	676	Proof of Concept
Sandbox Bypass SNYK-JS-WEBPACK-3358798	676	Proof of Concept
Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	676	Proof of Concept
Denial of Service (DoS) SNYK-JS-WS-7266574	676	Proof of Concept
Open Redirect SNYK-JS-EXPRESS-6474509	676	No Known Exploit
Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	676	Proof of Concept
Improper Input Validation SNYK-JS-POSTCSS-5926692	676	No Known Exploit
Open Redirect SNYK-JS-GOT-2932019	676	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	676	Proof of Concept

Release notes

Package name: @docusaurus/core

3.4.0 - 2024-05-31
3.4.0 (2024-05-31)

🚀 New Feature
- create-docusaurus, docusaurus-plugin-content-blog, docusaurus-plugin-content-docs, docusaurus-theme-classic, docusaurus-utils-validation, docusaurus-utils
  - #10137 feat(docs, blog): add support for tags.yml, predefined list of tags (@ OzakIOne)
- docusaurus-theme-translations
  - #10151 feat(theme-translations): Added Turkmen (tk) default theme translations (@ ilmedova)
  - #10111 feat(theme-translations): Add Bulgarian default theme translations (bg) (@ PetarMc1)
- docusaurus-plugin-client-redirects, docusaurus-plugin-content-blog, docusaurus-plugin-pwa, docusaurus-plugin-sitemap, docusaurus-theme-search-algolia, docusaurus-types, docusaurus-utils, docusaurus
  - #9859 feat(core): hash router option - browse site offline (experimental) (@ slorber)
- docusaurus-module-type-aliases, docusaurus-theme-classic, docusaurus-theme-common, docusaurus-types, docusaurus
  - #10121 feat(core): site storage config options (experimental) (@ slorber)
🐛 Bug Fix
- docusaurus-plugin-content-blog, docusaurus-plugin-content-docs, docusaurus-utils
  - #10185 fix(docs, blog): Markdown link resolution does not support hot reload (@ slorber)
- docusaurus-theme-search-algolia
  - #10178 fix(theme): SearchPage should respect contextualSearch: false setting (@ ncoughlin)
  - #10164 fix(search): fix algolia search container bug (@ slorber)
- docusaurus-mdx-loader, docusaurus-plugin-content-blog, docusaurus-plugin-content-docs, docusaurus-plugin-content-pages, docusaurus-utils
  - #10168 fix(mdx-loader): resolve Markdown/MDX links with Remark instead of RegExp (@ slorber)
- docusaurus-theme-translations
  - #10165 fix(theme-translation): add missing Korean (ko) theme translations (@ revi)
  - #10157 fix(theme-translations): complete Vietnamese theme translations (@ namnguyenthanhwork)
- docusaurus
  - #10145 fix(core): fix serve workaround regexp (@ slorber)
  - #10142 fix(core): fix docusaurus serve broken for assets when using trailingSlash (@ slorber)
  - #10130 fix(core): the broken anchor checker should not be sensitive pathname trailing slashes (@ slorber)
- docusaurus-theme-classic, docusaurus-theme-common
  - #10144 fix(theme): fix announcement bar layout shift due to missing storage key namespace (@ slorber)
- docusaurus-plugin-content-docs, docusaurus
  - #10132 fix(core): configurePostCss() should run after configureWebpack() (@ slorber)
- docusaurus-utils, docusaurus
  - #10131 fix(core): codegen should generate unique route prop filenames (@ slorber)
- docusaurus-theme-classic, docusaurus-theme-translations
  - #10118 fix(theme-translations): fix missing pluralization for label DocCard.categoryDescription.plurals (@ slorber)
📝 Documentation
- #10176 docs: add community plugin docusaurus-graph (@ Arsero)
- #10173 docs: improve how to use <details> (@ tats-u)
- #10167 docs: suggest using {<...>...</...>} if don't use Markdown in migra… (@ tats-u)
- #10143 docs: recommend users to remove hast-util-is-element in migration to v3 (@ tats-u)
- #10124 docs: v3 prepare your site blog post should point users to the upgrade guide (@ homotechsual)
🤖 Dependencies
- #10155 chore(deps): bump peaceiris/actions-gh-pages from 3 to 4 (@ dependabot[bot])
- #10154 chore(deps): bump github/codeql-action from 2.13.4 to 3.25.6 (@ dependabot[bot])
- #10112 chore(deps): bump actions/dependency-review-action from 4.3.1 to 4.3.2 (@ dependabot[bot])
Committers: 11
- Azzedine E. (@ Arsero)
- CodeDoctor (@ CodeDoctorDE)
- Mahri Ilmedova (@ ilmedova)
- Mikey O'Toole (@ homotechsual)
- Nguyễn Thành Nam (@ namnguyenthanhwork)
- Nick Coughlin (@ ncoughlin)
- Petar_mc (@ PetarMc1)
- Sébastien Lorber (@ slorber)
- Tatsunori Uchino (@ tats-u)
- Yongmin (@ revi)
- ozaki (@ OzakIOne)
3.3.2 - 2024-05-03
v3.3.2

from @docusaurus/core GitHub release notes

Important

Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade @docusaurus/core from 3.3.2 to 3.4.0. See this package in npm: @docusaurus/core See this project in Snyk: https://app.snyk.io/org/somixyz/project/8a851ea6-0218-4d00-89dd-0d1ecff37123?utm_source=github&utm_medium=referral&page=upgrade-pr

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade @docusaurus/core from 3.3.2 to 3.4.0 #18

[Snyk] Upgrade @docusaurus/core from 3.3.2 to 3.4.0 #18

somixyz commented Jul 20, 2024

3.4.0 (2024-05-31)

🚀 New Feature

🐛 Bug Fix

📝 Documentation

🤖 Dependencies

Committers: 11

[Snyk] Upgrade @docusaurus/core from 3.3.2 to 3.4.0 #18

Are you sure you want to change the base?

[Snyk] Upgrade @docusaurus/core from 3.3.2 to 3.4.0 #18

Conversation

somixyz commented Jul 20, 2024

Snyk has created this PR to upgrade @docusaurus/core from 3.3.2 to 3.4.0.

Issues fixed by the recommended upgrade:

3.4.0 (2024-05-31)

🚀 New Feature

🐛 Bug Fix

📝 Documentation

🤖 Dependencies

Committers: 11