Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Upgrade @docusaurus/core from 2.1.0 to 3.5.2 #8

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Upgrade @docusaurus/core from 2.1.0 to 3.5.2 #8

wants to merge 1 commit into from

Conversation

InfiniteLove2020
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade @docusaurus/core from 2.1.0 to 3.5.2.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

⚠️ Warning: This PR contains major version upgrade(s), and may be a breaking change.

  • The recommended version is 23 versions ahead of your current version.

  • The recommended version was released on 2 months ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574		 646 Proof of Concept
high severity Asymmetric Resource Consumption (Amplification)
SNYK-JS-BODYPARSER-7926860		 646 No Known Exploit
high severity Prototype Pollution
SNYK-JS-LOADERUTILS-3043105		 646 No Known Exploit
high severity Improper Handling of Extra Parameters
SNYK-JS-FOLLOWREDIRECTS-6141137		 646 Proof of Concept
high severity Sandbox Bypass
SNYK-JS-WEBPACK-3358798		 646 Proof of Concept
high severity Path Traversal
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555		 646 Proof of Concept
high severity Denial of Service (DoS)
SNYK-JS-WS-7266574		 646 Proof of Concept
medium severity Information Exposure
SNYK-JS-FOLLOWREDIRECTS-6444610		 646 Proof of Concept
medium severity Cross-site Scripting (XSS)
SNYK-JS-SERIALIZEJAVASCRIPT-6147607		 646 Proof of Concept
medium severity Open Redirect
SNYK-JS-EXPRESS-6474509		 646 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SIDEWAYFORMULA-3317169		 646 No Known Exploit
low severity Cross-site Scripting
SNYK-JS-SEND-7926862		 646 No Known Exploit
critical severity Incomplete List of Disallowed Inputs
SNYK-JS-BABELTRAVERSE-5962462		 646 Proof of Concept
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HTTPCACHESEMANTICS-3248783		 646 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-JSON5-3182856		 646 Proof of Concept
medium severity Improper Input Validation
SNYK-JS-POSTCSS-5926692		 646 No Known Exploit
medium severity Cross-site Scripting
SNYK-JS-EXPRESS-7926867		 646 No Known Exploit
medium severity Cross-site Scripting (XSS)
SNYK-JS-WEBPACK-7840298		 646 Proof of Concept
low severity Cross-site Scripting
SNYK-JS-SERVESTATIC-7926865		 646 No Known Exploit
Release notes
Package name: @docusaurus/core
  • 3.5.2 - 2024-08-13

    3.5.2 (2024-08-13)

    🐛 Bug Fix

    • docusaurus-theme-common
      • #10397 fix(theme-common): restore useContextualSearchFilters public API for retrocompatibility (@ slorber)
    • docusaurus
      • #10391 fix(core): always alias React/ReactDOM to site dependency so that importing MDX from anywhere works (@ slorber)
    • create-docusaurus, docusaurus-plugin-content-blog
      • #10392 fix(create-docusaurus): Improve init templates blog setup + fix warnings (@ slorber)
    • docusaurus-theme-classic
      • #10390 fix(theme): Adjust blog authors line height to show descenders in lowercase letters (g, j, p, q, and y) (@ josh-wong)

    💅 Polish

    • docusaurus-theme-classic, docusaurus-theme-common, docusaurus-theme-translations

    📝 Documentation

    🤖 Dependencies

    Committers: 4

  • 3.5.1 - 2024-08-09

    3.5.1 (2024-08-09)

    🐛 Bug Fix

    • docusaurus-plugin-content-blog, docusaurus-theme-search-algolia
    • docusaurus-theme-search-algolia

    Committers: 2

  • 3.5.0 - 2024-08-09

    3.5.0 (2024-08-09)

    🚀 New Feature

    • docusaurus-plugin-content-blog
    • docusaurus-theme-classic, docusaurus-theme-common, docusaurus-theme-translations
    • create-docusaurus, docusaurus-plugin-content-blog
      • #9252 feat(blog): add feed xlst options to render beautiful RSS and Atom feeds (@ Xebec19)
    • docusaurus-plugin-content-blog, docusaurus-theme-classic, docusaurus-theme-common, docusaurus-theme-translations, docusaurus-utils
    • docusaurus-theme-translations
    • docusaurus-mdx-loader
      • #10335 feat(mdx-loader): wrap mdx content title (# Title) in <header> for concistency (@ OzakIOne)
    • create-docusaurus, docusaurus-plugin-content-blog, docusaurus-theme-classic, docusaurus-utils
    • docusaurus-plugin-client-redirects, docusaurus-plugin-google-analytics, docusaurus-plugin-google-gtag, docusaurus-plugin-google-tag-manager, docusaurus-plugin-pwa, docusaurus-plugin-sitemap, docusaurus-plugin-vercel-analytics, docusaurus-types, docusaurus
      • #10286 feat(core): allow plugins to self-disable by returning null (@ slorber)
    • docusaurus-plugin-content-blog, docusaurus-theme-classic, docusaurus-theme-common
    • docusaurus-plugin-content-blog, docusaurus-utils
    • docusaurus-mdx-loader, docusaurus-plugin-content-blog, docusaurus-plugin-content-docs, docusaurus-plugin-content-pages, docusaurus-utils-validation

    🐛 Bug Fix

    • docusaurus-theme-translations
      • #10344 fix(translations): fix wrong Estonian (et) translations and typos (@ Gekd)
      • #10360 fix(translations): Fix and Improve Spanish translations (@ sergioalmela)
      • #10235 fix(theme-translation): add missing German (de) theme.admonition translations (@ franzd1)
    • docusaurus-theme-search-algolia
      • #10342 fix(search): fix algolia search ignore ctrl + F in search input (@ mxschmitt)
    • docusaurus-plugin-content-docs
      • #10324 fix(docs): the category.json description attribute should display on generated index pages (@ bharateshwq)
      • #10309 fix(theme): docsVersionDropdown navbar item not showing the appropriate version (@ OzakIOne)
    • docusaurus
    • docusaurus-theme-classic
      • #10288 fix(theme): fix DocsVersionDropdownNavbarItem version link target (@ slorber)
      • #10219 fix(theme): ignored className attribute on lazy loaded TabItem (@ lebalz)
    • docusaurus-utils
      • #10240 fix(markdown): mdx-code-block should support intentation (@ slorber)

    💅 Polish

    • docusaurus-theme-translations
      • #10257 chore(theme-translations): add more Traditional Chinese(zh-Hant) translations (@ pjchender)

    📝 Documentation

    🤖 Dependencies

    🔧 Maintenance

    • Other
    • docusaurus-theme-classic
    • docusaurus-plugin-content-blog, docusaurus-plugin-content-docs, docusaurus-theme-classic, docusaurus-theme-common, docusaurus-theme-search-algolia
      • #10316 refactor(docs): theme-common shouldn't depend on docs content (@ slorber)
    • docusaurus-plugin-content-blog, docusaurus-theme-classic, docusaurus-theme-common
      • #10313 refactor(blog): theme-common shouldn't depend on blog content plugins (@ slorber)
    • create-docusaurus, docusaurus-cssnano-preset, docusaurus-logger, docusaurus-mdx-loader, docusaurus-plugin-client-redirects, docusaurus-plugin-content-blog, docusaurus-plugin-content-docs, docusaurus-plugin-content-pages, docusaurus-plugin-debug, docusaurus-plugin-google-analytics, docusaurus-plugin-google-gtag, docusaurus-plugin-google-tag-manager, docusaurus-plugin-ideal-image, docusaurus-plugin-pwa, docusaurus-plugin-sitemap, docusaurus-plugin-vercel-analytics, docusaurus-preset-classic, docusaurus-remark-plugin-npm2yarn, docusaurus-theme-classic, docusaurus-theme-common, docusaurus-theme-live-codeblock, docusaurus-theme-mermaid, docusaurus-theme-search-algolia, docusaurus-theme-translations, docusaurus-utils-common, docusaurus-utils-validation, docusaurus-utils, docusaurus, eslint-plugin, lqip-loader, stylelint-copyright
      • #10256 chore: simplify TypeScript configs, use TS 5.5 configDir placeholder (@ slorber)

    Committers: 25

  • 3.4.0 - 2024-05-31

    3.4.0 (2024-05-31)

    🚀 New Feature

    • create-docusaurus, docusaurus-plugin-content-blog, docusaurus-plugin-content-docs, docusaurus-theme-classic, docusaurus-utils-validation, docusaurus-utils
      • #10137 feat(docs, blog): add support for tags.yml, predefined list of tags (@ OzakIOne)
    • docusaurus-theme-translations
      • #10151 feat(theme-translations): Added Turkmen (tk) default theme translations (@ ilmedova)
      • #10111 feat(theme-translations): Add Bulgarian default theme translations (bg) (@ PetarMc1)
    • docusaurus-plugin-client-redirects, docusaurus-plugin-content-blog, docusaurus-plugin-pwa, docusaurus-plugin-sitemap, docusaurus-theme-search-algolia, docusaurus-types, docusaurus-utils, docusaurus
      • #9859 feat(core): hash router option - browse site offline (experimental) (@ slorber)
    • docusaurus-module-type-aliases, docusaurus-theme-classic, docusaurus-theme-common, docusaurus-types, docusaurus
      • #10121 feat(core): site storage config options (experimental) (@ slorber)

    🐛 Bug Fix

    • docusaurus-plugin-content-blog, docusaurus-plugin-content-docs, docusaurus-utils
      • #10185 fix(docs, blog): Markdown link resolution does not support hot reload (@ slorber)
    • docusaurus-theme-search-algolia
    • docusaurus-mdx-loader, docusaurus-plugin-content-blog, docusaurus-plugin-content-docs, docusaurus-plugin-content-pages, docusaurus-utils
      • #10168 fix(mdx-loader): resolve Markdown/MDX links with Remark instead of RegExp (@ slorber)
    • docusaurus-theme-translations
    • docusaurus
      • #10145 fix(core): fix serve workaround regexp (@ slorber)
      • #10142 fix(core): fix docusaurus serve broken for assets when using trailingSlash (@ slorber)
      • #10130 fix(core): the broken anchor checker should not be sensitive pathname trailing slashes (@ slorber)
    • docusaurus-theme-classic, docusaurus-theme-common
      • #10144 fix(theme): fix announcement bar layout shift due to missing storage key namespace (@ slorber)
    • docusaurus-plugin-content-docs, docusaurus
      • #10132 fix(core): configurePostCss() should run after configureWebpack() (@ slorber)
    • docusaurus-utils, docusaurus
      • #10131 fix(core): codegen should generate unique route prop filenames (@ slorber)
    • docusaurus-theme-classic, docusaurus-theme-translations
      • #10118 fix(theme-translations): fix missing pluralization for label DocCard.categoryDescription.plurals (@ slorber)

    📝 Documentation

    • #10176 docs: add community plugin docusaurus-graph (@ Arsero)
    • #10173 docs: improve how to use <details> (@ tats-u)
    • #10167 docs: suggest using {<...>...</...>} if don't use Markdown in migra… (@ tats-u)
    • #10143 docs: recommend users to remove hast-util-is-element in migration to v3 (@ tats-u)
    • #10124 docs: v3 prepare your site blog post should point users to the upgrade guide (@ homotechsual)

    🤖 Dependencies

    Committers: 11

  • 3.3.2 - 2024-05-03

    v3.3.2

  • 3.3.1 - 2024-05-03

    v3.3.1

  • 3.3.0 - 2024-05-03

    3.3.0 (2024-05-03)

    🚀 New Feature

    • docusaurus-plugin-sitemap
    • docusaurus-mdx-loader, docusaurus-types, docusaurus
      • #10064 feat(core): add new site config option siteConfig.markdown.anchors.maintainCase (@ iAdramelk)
    • docusaurus
      • #9767 feat(cli): docusaurus deploy should support a --target-dir option (@ SandPod)
    • docusaurus-plugin-content-blog, docusaurus-plugin-content-docs, docusaurus-plugin-content-pages, docusaurus-plugin-debug, docusaurus-types, docusaurus
    • docusaurus-plugin-content-pages, docusaurus-theme-classic, docusaurus-theme-common
      • #10032 feat(pages): add LastUpdateAuthor & LastUpdateTime & editUrl (@ OzakIOne)

    🐛 Bug Fix

    • docusaurus-cssnano-preset, docusaurus-utils, docusaurus
    • docusaurus-theme-classic
      • #10091 fix(theme): <Tabs> props should allow overriding defaults (@ gagdiez)
      • #10080 fix(theme): <Admonition> should render properly without heading/icon (@ andrmaz)
    • docusaurus
      • #10090 fix(core): docusaurus serve redirects should include the site /baseUrl/ prefix (@ slorber)
    • docusaurus-module-type-aliases, docusaurus-preset-classic, docusaurus-theme-classic, docusaurus-theme-live-codeblock, docusaurus
    • docusaurus-theme-translations
      • #10070 fix(theme-translations): add missing theme translations for pt-BR (@ h3nr1ke)
      • #10051 fix(theme-translations): correct label for tip admonition in italian (@ tomsotte)
    • docusaurus-theme-search-algolia
      • #10048 fix(algolia): add insights property on Algolia Theme Config object TS definition (@ Virgil993)
    • docusaurus-plugin-content-docs, docusaurus
      • #10054 fix(core): sortRoutes shouldn't have a default baseUrl value, this led to a bug (@ slorber)
    • docusaurus-plugin-content-docs
    • docusaurus-utils
      • #10022 fix(utils): getFileCommitDate should support log.showSignature=true (@ slorber)

    🏃‍♀️ Performance

    • docusaurus
      • #10060 refactor(core): optimize App entrypoint, it should not re-render when navigating (@ slorber)

    💅 Polish

    • docusaurus-theme-classic
      • #10061 refactor(theme): simplify CSS solution to solve empty search container (@ slorber)
    • docusaurus-theme-common

    📝 Documentation

    🤖 Dependencies

    🔧 Maintenance

    • create-docusaurus, docusaurus-cssnano-preset, docusaurus-logger, docusaurus-mdx-loader, docusaurus-plugin-client-redirects, docusaurus-plugin-content-blog, docusaurus-plugin-content-docs, docusaurus-plugin-content-pages, docusaurus-plugin-debug, docusaurus-plugin-google-analytics, docusaurus-plugin-google-gtag, docusaurus-plugin-google-tag-manager, docusaurus-plugin-ideal-image, docusaurus-plugin-pwa, docusaurus-plugin-sitemap, docusaurus-plugin-vercel-analytics, docusaurus-preset-classic, docusaurus-remark-plugin-npm2yarn, docusaurus-theme-classic, docusaurus-theme-common, docusaurus-theme-live-codeblock, docusaurus-theme-mermaid, docusaurus-theme-search-algolia, docusaurus-theme-translations, docusaurus-utils-common, docusaurus-utils-validation, docusaurus-utils, docusaurus, eslint-plugin, lqip-loader, stylelint-copyright
      • #10065 refactor: extract base TS client config + upgrade TS + refactor TS setup (@ slorber)
    • Other
      • #10063 test(e2e): TypeCheck website/starter in min/max range of TS versions (@ slorber)
      • #10049 fix(website): fix website manifest.json name "Docusaurus v2" to just "Docusaurus" (@ volcanofr)

    Committers: 20

  • 3.2.1 - 2024-04-04

    3.2.1 (2024-04-04)

    🐛 Bug Fix

    • docusaurus

    📝 Documentation

    🤖 Dependencies

    Committers: 2

  • 3.2.0 - 2024-03-29

    3.2.0 (2024-03-29)

    🚀 New Feature

    • docusaurus-plugin-content-blog, docusaurus-plugin-content-docs, docusaurus-plugin-content-pages, docusaurus-plugin-sitemap, docusaurus-types, docusaurus-utils, docusaurus
    • docusaurus-plugin-content-blog, docusaurus-plugin-content-docs, docusaurus-theme-classic, docusaurus-theme-common, docusaurus-utils-validation, docusaurus-utils
    • docusaurus-plugin-debug, docusaurus-types, docusaurus
      • #9931 feat(core): add new plugin allContentLoaded lifecycle (@ slorber)
    • docusaurus-theme-translations
    • docusaurus-plugin-content-blog
      • #9886 feat(blog): allow processing blog posts through a processBlogPosts function (@ OzakIOne)
      • #9838 feat(blog): add blog pageBasePath plugin option (@ ilg-ul)
    • docusaurus
      • #9681 feat(swizzle): ask user preferred language if no language CLI option provided (@ yixiaojiu)
    • create-docusaurus, docusaurus-utils
      • #9442 feat(create-docusaurus): ask user for preferred language when no language CLI option provided (@ Rafael-Martins)
    • docusaurus-plugin-vercel-analytics
      • #9687 feat(plugin-vercel-analytics): add new vercel analytics plugin (@ OzakIOne)
    • docusaurus-mdx-loader
      • #9684 feat(mdx-loader): the table-of-contents should display toc/headings of imported MDX partials (@ anatolykopyl)

    🐛 Bug Fix

    • docusaurus-mdx-loader
      • #9999 fix(mdx-loader): Ignore contentTitle coming after Markdown thematicBreak (@ slorber)
    • docusaurus-theme-search-algolia
      • #9945 fix(a11y): move focus algolia-search focus back to search input on Escape (@ mxschmitt)
    • docusaurus-plugin-content-blog

@snyk-bot
feat: upgrade @docusaurus/core from 2.1.0 to 3.5.2
68e4418 
Snyk has created this PR to upgrade @docusaurus/core from 2.1.0 to 3.5.2.

See this package in npm:
@docusaurus/core

See this project in Snyk:
https://app.snyk.io/org/stephndevo/project/88b8c0e5-ac4a-4e6f-96e8-330bf759d598?utm_source=github&utm_medium=referral&page=upgrade-pr
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@InfiniteLove2020 @snyk-bot