Skip to content

chore: resolve open dependabot security alerts#1386

Open
jonathannorris wants to merge 1 commit into
mainfrom
chore/dependabot-alerts
Open

chore: resolve open dependabot security alerts#1386
jonathannorris wants to merge 1 commit into
mainfrom
chore/dependabot-alerts

Conversation

@jonathannorris
Copy link
Copy Markdown
Member

@jonathannorris jonathannorris commented May 19, 2026

Summary

Resolved 6 open Dependabot security alerts by adding a scoped resolution to deduplicate mermaid to 11.15.0 across the dependency tree.

Before this change, @docusaurus/theme-mermaid was pulling in mermaid@11.6.0 (via the >=11.6.0 range), while the workspace's direct dependency was pinned to 11.15.0. The lockfile resolved two separate mermaid versions, leaving the older vulnerable copy in the tree. The new scoped resolution @docusaurus/theme-mermaid/mermaid: ^11.15.0 forces the theme to use the patched 11.15.0.

Dependabot Alerts Resolved

Alert Package Severity Fix
#212 mermaid medium Bumped to 11.15.0 via scoped resolution
#211 mermaid medium Bumped to 11.15.0 via scoped resolution
#210 mermaid medium Bumped to 11.15.0 via scoped resolution
#209 mermaid medium Bumped to 11.15.0 via scoped resolution
#108 mermaid medium Bumped to 11.15.0 via scoped resolution
#104 mermaid medium Bumped to 11.15.0 via scoped resolution

Unresolvable

@jonathannorris
chore: resolve open dependabot security alerts
2710f08 
- mermaid: deduplicate to 11.15.0 via scoped resolution under @docusaurus/theme-mermaid (alerts #104, #108, #209, #210, #211, #212)
- .worktrees/ added to .gitignore

Signed-off-by: Jonathan Norris <jonathan.norris@dynatrace.com>
@netlify
Copy link
Copy Markdown

netlify Bot commented May 19, 2026
edited
Loading

Deploy Preview for openfeature ready!

Name Link
🔨 Latest commit 2710f08
🔍 Latest deploy log https://app.netlify.com/projects/openfeature/deploys/6a0c7e69a93e7b0009deb408
😎 Deploy Preview https://deploy-preview-1386--openfeature.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
🤖 Make changes Run an agent on this branch

To edit notification comments on pull requests, go to your Netlify project configuration.

gemini-code-assist[bot]
gemini-code-assist Bot reviewed May 19, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@gemini-code-assist gemini-code-assist Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request adds ".worktrees/" to the .gitignore file and performs an extensive cleanup of the yarn.lock file to deduplicate various transitive dependencies. In package.json, a resolution was added for "@docusaurus/theme-mermaid/mermaid". Feedback was provided to pin this resolution to version "11.15.0" instead of using a caret range, ensuring it matches the workspace's direct dependency and prevents future duplication in the lockfile.

Comment thread package.json
@jonathannorris jonathannorris marked this pull request as ready for review May 19, 2026 16:26
@jonathannorris jonathannorris requested review from a team as code owners May 19, 2026 16:26
@jonathannorris jonathannorris requested review from askpt and beeme1mr May 19, 2026 16:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@beeme1mr beeme1mr beeme1mr approved these changes

@askpt askpt Awaiting requested review from askpt

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jonathannorris @beeme1mr