Skip to content

Develop#584

Merged
jondricek merged 16 commits into
masterfrom
develop
May 28, 2026
Merged

Develop#584
jondricek merged 16 commits into
masterfrom
develop

Conversation

@jondricek
Copy link
Copy Markdown
Contributor

@jondricek jondricek commented May 28, 2026

This pull request introduces several improvements to the dependency management and documentation for both the attack-search and attack-style packages. The most significant changes include enhanced Dependabot configuration for better update control, the addition of comprehensive style documentation for the attack-style package, and minor dependency updates.

Dependency management improvements:

  • .github/dependabot.yml: Refactored and expanded Dependabot configuration to use absolute paths, add a new entry for attack-style, set update schedules, group minor and patch updates, and ignore major version bumps for both attack-search and attack-style.
  • attack-search/package.json: Updated terser-webpack-plugin and webpack-dev-server to newer versions for improved security and compatibility.
  • attack-style/package.json: Removed sassdoc and the related doc script, simplifying dependencies and scripts. [1] [2]

Documentation enhancements:

  • attack-style/README.md: Added a section describing the new Markdown-based style documentation system, with guidance for maintaining documentation alongside SCSS changes.
  • attack-style/abstracts/README.md, attack-style/base/README.md, attack-style/layout/README.md, attack-style/components/README.md, attack-style/themes/README.md: Introduced detailed documentation for each major style folder, outlining their purpose, file structure, usage guidelines, and conventions.

dependabot Bot and others added 16 commits May 27, 2026 20:23
@dependabot
chore(deps): bump fast-uri from 3.0.3 to 3.1.2 in /attack-style
67ca94b 
Bumps [fast-uri](https://github.com/fastify/fast-uri) from 3.0.3 to 3.1.2.
- [Release notes](https://github.com/fastify/fast-uri/releases)
- [Commits](fastify/fast-uri@v3.0.3...v3.1.2)

---
updated-dependencies:
- dependency-name: fast-uri
  dependency-version: 3.1.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump qs and express in /attack-search
1f7d367 
Bumps [qs](https://github.com/ljharb/qs) and [express](https://github.com/expressjs/express). These dependencies needed to be updated together.

Updates `qs` from 6.14.0 to 6.15.2
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.14.0...v6.15.2)

Updates `express` from 4.22.1 to 4.22.2
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/v4.22.2/History.md)
- [Commits](expressjs/express@v4.22.1...v4.22.2)

---
updated-dependencies:
- dependency-name: qs
  dependency-version: 6.15.2
  dependency-type: indirect
- dependency-name: express
  dependency-version: 4.22.2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps-dev): bump webpack-dev-server in /attack-search
f945374 
Bumps [webpack-dev-server](https://github.com/webpack/webpack-dev-server) from 5.2.2 to 5.2.4.
- [Release notes](https://github.com/webpack/webpack-dev-server/releases)
- [Changelog](https://github.com/webpack/webpack-dev-server/blob/main/CHANGELOG.md)
- [Commits](webpack/webpack-dev-server@v5.2.2...v5.2.4)

---
updated-dependencies:
- dependency-name: webpack-dev-server
  dependency-version: 5.2.4
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump postcss from 8.5.6 to 8.5.15 in /attack-style
8b719ed 
Bumps [postcss](https://github.com/postcss/postcss) from 8.5.6 to 8.5.15.
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.6...8.5.15)

---
updated-dependencies:
- dependency-name: postcss
  dependency-version: 8.5.15
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps-dev): bump @babel/plugin-transform-modules-systemjs
f6f9038 
Bumps [@babel/plugin-transform-modules-systemjs](https://github.com/babel/babel/tree/HEAD/packages/babel-plugin-transform-modules-systemjs) from 7.20.11 to 7.29.7.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.29.7/packages/babel-plugin-transform-modules-systemjs)

---
updated-dependencies:
- dependency-name: "@babel/plugin-transform-modules-systemjs"
  dependency-version: 7.29.7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
chore(deps): bump serialize-javascript and terser-webpack-plugin
29ff651 
Removes [serialize-javascript](https://github.com/yahoo/serialize-javascript). It's no longer used after updating ancestor dependency [terser-webpack-plugin](https://github.com/webpack/minimizer-webpack-plugin). These dependencies need to be updated together.


Removes `serialize-javascript`

Updates `terser-webpack-plugin` from 5.3.15 to 5.6.1
- [Release notes](https://github.com/webpack/minimizer-webpack-plugin/releases)
- [Changelog](https://github.com/webpack/minimizer-webpack-plugin/blob/main/CHANGELOG.md)
- [Commits](webpack/minimizer-webpack-plugin@v5.3.15...v5.6.1)

---
updated-dependencies:
- dependency-name: serialize-javascript
  dependency-version:
  dependency-type: indirect
- dependency-name: terser-webpack-plugin
  dependency-version: 5.6.1
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@jondricek
chore: update dependabot config
2c106b1
@jondricek
Merge remote-tracking branch 'origin/master' into develop
a141767
@jondricek
Merge pull request #582 from mitre-attack/dependabot/npm_and_yarn/att…
b2a68b9 
…ack-search/multi-1a088c7599

chore(deps): bump serialize-javascript and terser-webpack-plugin in /attack-search
@jondricek
Merge pull request #581 from mitre-attack/dependabot/npm_and_yarn/att…
45b457f 
…ack-search/babel/plugin-transform-modules-systemjs-7.29.7

chore(deps-dev): bump @babel/plugin-transform-modules-systemjs from 7.20.11 to 7.29.7 in /attack-search
@jondricek
Merge pull request #580 from mitre-attack/dependabot/npm_and_yarn/att…
f0b5647 
…ack-search/multi-f792d6d6d9

chore(deps): bump qs and express in /attack-search
@jondricek
Merge pull request #579 from mitre-attack/dependabot/npm_and_yarn/att…
8a54d6e 
…ack-search/webpack-dev-server-5.2.4

chore(deps-dev): bump webpack-dev-server from 5.2.2 to 5.2.4 in /attack-search
@jondricek
Merge pull request #578 from mitre-attack/dependabot/npm_and_yarn/att…
2666927 
…ack-style/postcss-8.5.15

chore(deps): bump postcss from 8.5.6 to 8.5.15 in /attack-style
@jondricek
Merge pull request #577 from mitre-attack/dependabot/npm_and_yarn/att…
437290c 
…ack-style/fast-uri-3.1.2

chore(deps): bump fast-uri from 3.0.3 to 3.1.2 in /attack-style
@jondricek
docs: remove sassdoc from package.json and add README for theme-speci…
7396ded 
…fic Sass
@jondricek
Merge branch 'develop' of https://github.com/mitre-attack/attack-website
7b939b4 
 into develop

# Conflicts:
#	attack-style/package-lock.json
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 28, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@jondricek jondricek merged commit d672949 into master May 28, 2026
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jondricek