Skip to content

Commit

Permalink
Upgrade docusaurus to 2.4.0 (#3936)
Browse files Browse the repository at this point in the history 
### Motivation
There are many CVEs in docusaurus 2.0.0-beta.17 version. 
#### [CVE-2023-2251](https://www.cve.org/CVERecord?id=CVE-2023-2251)
Detailed paths
Introduced through: site-3@0.0.0 › @docusaurus/core@2.0.0-beta.17 › cssnano@5.1.0 › yaml@1.10.2
Fix: No remediation path available.
Introduced through: site-3@0.0.0 › @docusaurus/core@2.0.0-beta.17 › postcss-loader@6.2.1 › cosmiconfig@7.0.1 › yaml@1.10.2
Fix: [Upgrade](https://app.snyk.io/org/streamnative-org/fix/b453ecf3-1fc1-4ac1-a9e6-7c4cc6a8b4a1?vuln=SNYK-JS-YAML-5458867) to @docusaurus/core@2.0.0 
Introduced through: site-3@0.0.0 › @docusaurus/core@2.0.0-beta.17 › css-minimizer-webpack-plugin@3.4.1 › cssnano@5.1.0 › yaml@1.10.2
Fix: No remediation path available.

#### [CVE-2022-25967](https://www.cve.org/CVERecord?id=CVE-2022-25967)
Detailed paths and remediation
Introduced through: site-3@0.0.0 › @docusaurus/core@2.0.0-beta.17 › eta@1.12.3
Fix: [Upgrade](https://app.snyk.io/org/streamnative-org/fix/b453ecf3-1fc1-4ac1-a9e6-7c4cc6a8b4a1?vuln=SNYK-JS-ETA-2936803) to @docusaurus/core@2.3.1 
Introduced through: site-3@0.0.0 › @docusaurus/preset-classic@2.0.0-beta.17 › @docusaurus/core@2.0.0-beta.17 › eta@1.12.3
Fix: [Upgrade](https://app.snyk.io/org/streamnative-org/fix/b453ecf3-1fc1-4ac1-a9e6-7c4cc6a8b4a1?vuln=SNYK-JS-ETA-2936803) to @docusaurus/preset-classic@2.3.1 
Introduced through: site-3@0.0.0 › @docusaurus/preset-classic@2.0.0-beta.17 › @docusaurus/theme-search-algolia@2.0.0-beta.17 › eta@1.12.3
Fix: [Upgrade](https://app.snyk.io/org/streamnative-org/fix/b453ecf3-1fc1-4ac1-a9e6-7c4cc6a8b4a1?vuln=SNYK-JS-ETA-2936803) to @docusaurus/preset-classic@2.3.1

### Changes
Upgrade the docusaurus to 2.4.0 to resolve those CVEs
  • Loading branch information
@hangc0276
hangc0276 committed May 4, 2023
1 parent fffcca0 commit 93fc917
Show file tree
Hide file tree
Showing 4 changed files with 2,436 additions and 1,304 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/website-deploy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ jobs:
- name: Setup NodeJS
uses: actions/setup-node@v2
with:
node-version: '14'
node-version: '16'

- name: Setup yarn
run: npm install -g yarn
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/website-pr-validation.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ jobs:
- name: Setup NodeJS
uses: actions/setup-node@v2
with:
node-version: '14'
node-version: '16'

- name: Setup yarn
run: npm install -g yarn
Expand Down
4 changes: 2 additions & 2 deletions site3/website/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@
"write-heading-ids": "docusaurus write-heading-ids"
},
"dependencies": {
"@docusaurus/core": "2.0.0-beta.17",
"@docusaurus/preset-classic": "2.0.0-beta.17",
"@docusaurus/core": "2.4.0",
"@docusaurus/preset-classic": "2.4.0",
"@mdx-js/react": "^1.6.22",
"clsx": "^1.1.1",
"docusaurus-plugin-sass": "^0.2.2",
Expand Down
Loading

0 comments on commit 93fc917

Please sign in to comment.