Skip to content

build(deps): bump the npm-root group with 12 updates#124

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-root-09413cfde6
Closed

build(deps): bump the npm-root group with 12 updates#124
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/npm-root-09413cfde6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 26, 2026

Copy link
Copy Markdown

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.


Bumps the npm-root group with 12 updates:

Package From To
@docusaurus/faster 3.10.0 3.10.1
@easyops-cn/docusaurus-search-local 0.55.1 0.55.2
docusaurus-markdown-source-plugin 2.2.4 2.2.5
docusaurus-plugin-mcp-server 0.11.0 0.13.0
react 19.2.4 19.2.7
react-dom 19.2.4 19.2.7
sass 1.98.0 1.101.0
@apidevtools/json-schema-ref-parser 15.3.5 15.4.0
@docusaurus/tsconfig 3.10.0 3.10.1
@docusaurus/types 3.10.0 3.10.1
docusaurus-theme-openapi-docs 5.0.0 5.1.0
typescript 6.0.2 6.0.3

Updates @docusaurus/faster from 3.10.0 to 3.10.1

Release notes

Sourced from @​docusaurus/faster's releases.

3.10.1 (2026-04-30)

🐛 Bug Fix

  • docusaurus-bundler
    • #11981 fix(bundler): fix v3 webpackbar bug due to webpack breaking change (@​slorber)

🔧 Maintenance

  • docusaurus

Committers: 1

Changelog

Sourced from @​docusaurus/faster's changelog.

3.10.1 (2026-04-30)

🐛 Bug Fix

  • docusaurus-bundler
    • #11981 fix(bundler): fix v3 webpackbar bug due to webpack breaking change (@​slorber)

🔧 Maintenance

  • docusaurus

Committers: 1

Commits

Updates @easyops-cn/docusaurus-search-local from 0.55.1 to 0.55.2

Release notes

Sourced from @​easyops-cn/docusaurus-search-local's releases.

v0.55.2

0.55.2 (2026-05-31)

Bug Fixes

  • some languages need lunr wordcut (1e60641)
  • some languages need lunr wordcut (d871555), closes #438
Commits

Updates docusaurus-markdown-source-plugin from 2.2.4 to 2.2.5

Release notes

Sourced from docusaurus-markdown-source-plugin's releases.

v2.2.5 — ultrareview fixes

Bundle of seven correctness fixes surfaced by an independent ultrareview of 2.2.4. Semver-patch — no public API changes. Behavior changes are limited to outputs that were previously buggy: collision overwrites, mangled fenced code, silent broken images, dropped Tabs blocks, malformed-hash crashes, and the auto-closing dropdown.

Fixed

  • intro.md collision on slug: '/' routes — sites with both docs/intro.md and a doc routed to /docs/ had their build output collide on intro.md, with the second route silently overwriting the first. Trailing-slash routes now resolve to index.md.
  • Code fences corrupted by MDX/Docusaurus transforms — docs demonstrating Docusaurus syntax inside fenced code blocks had imports stripped and <Tabs> rewritten right out of their own examples. Added a fence-aware protection pass that handles backtick and tilde fences (length ≥ 3, ≤3 leading spaces, supports CRLF and unclosed fences), and supports legitimate <Tabs> blocks containing fenced code.
  • Image dirs only copied to the first route's destination — sibling docs in the same source dir routed to different URL spaces had silent broken images. Switched to Map<src, Set<dest>> so each source dir is copied to every destination it serves.
  • <TabItem> and YouTube iframe regexes rejected valid attribute orders — reverse-order TabItems silently emptied the entire <Tabs> block; reverse-order YouTube iframes survived as raw HTML. Both now parse attrs independently with single- or double-quote support.
  • Multi-line and side-effect imports now stripped (.*? couldn't cross newlines, import './x.css'; wasn't matched).
  • Component scrubber now backreferences the opening tag so siblings like <Outer><Inner>x</Inner></Outer> no longer leave an orphan </Outer>. (Deeply nested same-name components remain a known regex limitation.)
  • <details> allows attributes on the opening tag and mixed-content summaries; body cleanup only trims outer blank padding so 4-space indents and intentional blank lines survive.
  • Root.js decodeURIComponent crash — malformed hashes like #%foo no longer crash the scroll-to-anchor effect.
  • Root.js scroll-to-anchor timer/listener leaks — quickly clicking different hash links no longer piles up timers that could scroll the page out from under the user.
  • Dropdown copy-reset timer no longer auto-closes the menu or leaks on unmount.

Internal

  • Added a node --test suite (zero new dependencies). Run with npm test.
  • Extracted cleanMarkdownForDisplay, fence protection, image mapping, URL building, and hash decoding into focused lib/ modules for testability.

PR: #9

Changelog

Sourced from docusaurus-markdown-source-plugin's changelog.

[2.2.5] - 2026-05-03

Fixed

  • intro.md collision on slug: '/' routes — sites with both docs/intro.md and a doc routed to /docs/ had their build output collide on intro.md, with the second route silently overwriting the first. Trailing-slash routes now resolve to index.md in both the build writer and the dropdown URL.
  • Code fences corrupted by MDX/Docusaurus transformscleanMarkdownForDisplay ran every regex over raw content with no fence awareness, so docs demonstrating Docusaurus syntax inside fenced code blocks had imports stripped, <Tabs> blocks rewritten, and components removed from their own examples. Transforms now skip backtick and tilde fences (length ≥ 3, ≤3 leading spaces, supports CRLF and unclosed fences) via a placeholder-based protection that also handles legitimate <Tabs> blocks containing fenced code.
  • Image directories only copied to the first route's destination — when sibling docs in the same source dir routed to different URL spaces (e.g. via slug:), imgDirsToCopy locked the destination from the first route, leaving silent broken images on other routes. Switched to Map<src, Set<dest>> so each source dir is copied to every destination it serves.
  • <TabItem> and YouTube iframe regexes rejected valid attribute orders<TabItem> required value before label; reverse-order items silently emptied the entire <Tabs> block. YouTube iframe required src before title. Both now capture the attribute string and parse fields independently with single- or double-quote support. If no <TabItem>s parse, the original <Tabs> block is preserved instead of being silently deleted.
  • Multi-line and side-effect imports survived stripping — the import stripper used .*? which cannot cross newlines, so import {\n Foo\n} from './x'; survived. Side-effect imports like import './x.css'; weren't matched. Both are now removed.
  • Component scrubber left orphan close tags — the closing-tag alternation matched any uppercase tag, so siblings like <Outer><Inner>x</Inner></Outer> left </Outer> orphaned. Added a backreference so paired tags must share a name. Deeply nested same-name components remain a known regex limitation.
  • <details> regex was too strict and destroyed body whitespace — rejected attributes on the opening tag (<details open>), rejected mixed-content summaries, and the body cleanup trimmed every line and dropped blanks, breaking 4-space indents in code and intentional blank-line separators. Now allows attrs on <details>/<summary>, strips inline tags from the summary text, and only trims outer blank padding from the body.
  • Root.js decodeURIComponent crash on malformed hash — a URL with malformed percent encoding like #%foo threw URIError synchronously and silently lost the anchor scroll. Now wrapped in a decodeHashSafely helper that returns null and short-circuits the scroll attempt.
  • Root.js scroll-to-anchor timer and listener leaks — four setTimeouts and a window 'load' listener were never cleaned up. Quickly clicking different hash links piled up timers, and stale timers could scroll the page out from under the user after navigation. The effect now returns a cleanup that clears every scheduled timer and removes the listener.
  • Dropdown copy-reset timer auto-closed the menu — the 2 s reset timer unconditionally called setIsOpen(false), so a user who reopened the dropdown during the cooldown saw it close again with no input. The timer was also never cleared on unmount or before a new copy. Now tracked in a useRef, cleared on unmount and at the top of each new copy, and only resets the "Copied!" label.

Internal

  • Added a node --test based test suite (zero new dependencies). Run with npm test.
  • Extracted cleanMarkdownForDisplay, getMarkdownUrl, fence-protection, image-mapping, and hash-decoding into focused lib/ modules for testability.
Commits
  • 6a871f0 chore: release 2.2.5
  • e025370 fix: track copy-reset timer in a ref and stop auto-closing the dropdown
  • 9a7ba92 fix: guard decodeURIComponent and clean up scroll-to-anchor effect
  • 33cb9c9 fix: copy image dirs to every route destination, not just the first
  • 6060488 fix: harden cleanMarkdownForDisplay regexes against valid MDX
  • 45e9a64 fix: protect fenced code blocks from MDX/Docusaurus transforms
  • 1095a3b fix: resolve trailing-slash routes to index.md to avoid intro.md collision
  • See full diff in compare view

Updates docusaurus-plugin-mcp-server from 0.11.0 to 0.13.0

Release notes

Sourced from docusaurus-plugin-mcp-server's releases.

Release 0.13.0

💥 Breaking Change

  • #75 refactor(adapters)!: consolidate to a single generic web-standard handler (@​scalvert)

🚀 Enhancement

  • #78 feat: configurable FlexSearch and SearchProvider instances (@​mokevnin)
  • #76 chore(agents): adopt agent baseline + deploy skill (@​scalvert)
  • #75 refactor(adapters)!: consolidate to a single generic web-standard handler (@​scalvert)
  • #74 refactor(adapters): rename createCloudflareHandler to createWebRequestHandler (@​scalvert)
  • #63 feat: support server instructions and custom tool descriptions (@​scalvert)

🏠 Internal

Committers: 3

Release 0.12.0

💥 Breaking Change

🐛 Bug Fix

  • #27 fix: improve adapter correctness and safety (@​scalvert)
  • #26 fix: improve McpDocsServer concurrency, lifecycle, and error handling (@​scalvert)

📝 Documentation

🏠 Internal

  • #25 test: add unit tests for McpDocsServer and formatPageContent (@​scalvert)
  • #29 chore: narrow MCP SDK range, add dependabot, coverage thresholds, CONTRIBUTING.md (@​scalvert)

Committers: 1

Changelog

Sourced from docusaurus-plugin-mcp-server's changelog.

v0.13.0 (2026-06-19)

💥 Breaking Change

  • #75 refactor(adapters)!: consolidate to a single generic web-standard handler (@​scalvert)

🚀 Enhancement

  • #78 feat: configurable FlexSearch and SearchProvider instances (@​mokevnin)
  • #76 chore(agents): adopt agent baseline + deploy skill (@​scalvert)
  • #75 refactor(adapters)!: consolidate to a single generic web-standard handler (@​scalvert)
  • #74 refactor(adapters): rename createCloudflareHandler to createWebRequestHandler (@​scalvert)
  • #63 feat: support server instructions and custom tool descriptions (@​scalvert)

🏠 Internal

Committers: 3

v0.12.0 (2026-04-12)

💥 Breaking Change

🐛 Bug Fix

  • #27 fix: improve adapter correctness and safety (@​scalvert)
  • #26 fix: improve McpDocsServer concurrency, lifecycle, and error handling (@​scalvert)

📝 Documentation

🏠 Internal

  • #25 test: add unit tests for McpDocsServer and formatPageContent (@​scalvert)
  • #29 chore: narrow MCP SDK range, add dependabot, coverage thresholds, CONTRIBUTING.md (@​scalvert)

Committers: 1

Commits
  • 0ce6a2f Release 0.13.0
  • 6371376 chore(deps-dev): update @​release-it-plugins/lerna-changelog to v9
  • 7a2bb74 feat: configurable FlexSearch and SearchProvider instances (#78)
  • c8086e7 fix(route-collector): discover sibling .html files (trailingSlash: false) (#77)
  • b1907ca chore(agents): adopt gleanwork agent baseline + author deploy skill (#76)
  • 1d5bc4b refactor(adapters)!: consolidate to a single generic web-standard handler (#75)
  • 6d5fddc chore(deps): apply npm audit fix (js-yaml, ws)
  • 6412e1b refactor(adapters): rename createCloudflareHandler to createWebRequestHandler...
  • 3c36a42 chore(deps-dev): bump zod from 4.3.6 to 4.4.3 (#61)
  • d5c0e51 chore(deps-dev): bump prettier from 3.8.3 to 3.8.4 (#71)
  • Additional commits viewable in compare view

Updates react from 19.2.4 to 19.2.7

Release notes

Sourced from react's releases.

19.2.7 (June 1st, 2026)

React Server Components

19.2.6 (May 6th, 2026)

React Server Components

19.2.5 (April 8th, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react since your current version.


Updates react-dom from 19.2.4 to 19.2.7

Release notes

Sourced from react-dom's releases.

19.2.7 (June 1st, 2026)

React Server Components

19.2.6 (May 6th, 2026)

React Server Components

19.2.5 (April 8th, 2026)

React Server Components

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for react-dom since your current version.


Updates sass from 1.98.0 to 1.101.0

Release notes

Sourced from sass's releases.

Dart Sass 1.101.0

To install Sass 1.101.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

  • Potentially breaking bug fix: The Node package importer now properly supports resolving import-only variants of Sass files declared in the exports, sass, and style fields of package.json. Previously, these files were ignored even when loaded via @import, so any code relying on loading module-system-only files this way may break.

See the full changelog for changes in earlier releases.

Dart Sass 1.100.0

To install Sass 1.100.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

  • Writing two compound selectors adjacent to one another without any whitespace between them, such as [class]a, is now deprecated. This was always an error in CSS and Sass only supported it by mistake.

    See the Sass website for details.

See the full changelog for changes in earlier releases.

Dart Sass 1.99.0

To install Sass 1.99.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

  • Add support for parent selectors (&) at the root of the document. These are emitted as-is in the CSS output, where they're interpreted as the scoping root.

  • User-defined functions named calc or clamp are no longer forbidden. If such a function exists without a namespace in the current module, it will be used instead of the built-in calc() or clamp() function.

  • User-defined functions whose names begin with - and end with -expression, -url, -and, -or, or -not are no longer forbidden. These were originally intended to match vendor prefixes, but in practice no vendor prefixes for these functions ever existed in real browsers.

  • User-defined functions named EXPRESSION, URL, and ELEMENT, those that begin with - and end with -ELEMENT, as well as the same names with some lowercase letters are now deprecated, These are names conflict with plain CSS functions that have special syntax.

    See the Sass website for details.

  • In a future release, calls to functions whose names begin with - and end with -expression and -url will no longer have special parsing. For now, these calls are deprecated if their behavior will change in the future.

    See the Sass website for details.

... (truncated)

Changelog

Sourced from sass's changelog.

1.101.0

  • Potentially breaking bug fix: The Node package importer now properly supports resolving import-only variants of Sass files declared in the exports, sass, and style fields of package.json. Previously, these files were ignored even when loaded via @import, so any code relying on loading module-system-only files this way may break.

1.100.0

  • Writing two compound selectors adjacent to one another without any whitespace between them, such as [class]a, is now deprecated. This was always an error in CSS and Sass only supported it by mistake.

    See the Sass website for details.

1.99.0

  • Add support for parent selectors (&) at the root of the document. These are emitted as-is in the CSS output, where they're interpreted as the scoping root.

  • User-defined functions named calc or clamp are no longer forbidden. If such a function exists without a namespace in the current module, it will be used instead of the built-in calc() or clamp() function.

  • User-defined functions whose names begin with - and end with -expression, -url, -and, -or, or -not are no longer forbidden. These were originally intended to match vendor prefixes, but in practice no vendor prefixes for these functions ever existed in real browsers.

  • User-defined functions named EXPRESSION, URL, and ELEMENT, those that begin with - and end with -ELEMENT, as well as the same names with some lowercase letters are now deprecated, These are names conflict with plain CSS functions that have special syntax.

    See the Sass website for details.

  • In a future release, calls to functions whose names begin with - and end with -expression and -url will no longer have special parsing. For now, these calls are deprecated if their behavior will change in the future.

    See the Sass website for details.

  • Calls to functions whose names begin with - and end with -progid:... are deprecated.

... (truncated)

Commits
  • 63b9922 Load import-only files through package.json exports (#2772)
  • c7e9947 Migrate from bufbuild/buf-setup-action to bufbuild/buf-action (#2773)
  • 7674a4c Bump postcss from 8.5.13 to 8.5.15 in /pkg/sass-parser (#2774)
  • 5fd18c7 Bump node engine requirement to >=20.19.0 and chokidar requirement to ^5.0.0 ...
  • 8c1d984 Deprecate adjacent compound selectors (#2765)
  • 8e5f718 Bump postcss from 8.5.12 to 8.5.13 in /pkg/sass-parser (#2767)
  • 1447f9b Bump postcss from 8.5.8 to 8.5.12 in /pkg/sass-parser (#2766)
  • 83c39fe Support the top-level parent selector (#2758)
  • ec85871 Bump EndBug/add-and-commit from 9 to 10 (#2756)
  • a604acd [Function Name] Implement changes (#2731)
  • See full diff in compare view

Updates @apidevtools/json-schema-ref-parser from 15.3.5 to 15.4.0

Release notes

Sourced from @​apidevtools/json-schema-ref-parser's releases.

v15.4.0

15.4.0 (2026-06-19)

Features

  • preserve compound schema refs when bundling (fa3cccb)

v15.3.6

15.3.6 (2026-06-11)

Bug Fixes

  • block unsafe pointer set tokens (a786bc6)
  • harden safe URL resolver (dea50b0)
Commits

Updates @docusaurus/tsconfig from 3.10.0 to 3.10.1

Release notes

Sourced from @​docusaurus/tsconfig's releases.

3.10.1 (2026-04-30)

🐛 Bug Fix

  • docusaurus-bundler
    • #11981 fix(bundler): fix v3 webpackbar bug due to webpack breaking change (@​slorber)

🔧 Maintenance

  • docusaurus

Committers: 1

Changelog

Sourced from @​docusaurus/tsconfig's changelog.

3.10.1 (2026-04-30)

🐛 Bug Fix

  • docusaurus-bundler
    • #11981 fix(bundler): fix v3 webpackbar bug due to webpack breaking change (@​slorber)

🔧 Maintenance

  • docusaurus

Committers: 1

Commits

Updates @docusaurus/types from 3.10.0 to 3.10.1

Release notes

Sourced from @​docusaurus/types's releases.

3.10.1 (2026-04-30)

🐛 Bug Fix

  • docusaurus-bundler
    • #11981 fix(bundler): fix v3 webpackbar bug due to webpack breaking change (@​slorber)

🔧 Maintenance

  • docusaurus

Committers: 1

Changelog

Sourced from @​docusaurus/types's changelog.

3.10.1 (2026-04-30)

🐛 Bug Fix

  • docusaurus-bundler
    • #11981 fix(bundler): fix v3 webpackbar bug due to webpack breaking change (@​slorber)

🔧 Maintenance

  • docusaurus

Committers: 1

Commits

Updates docusaurus-theme-openapi-docs from 5.0.0 to 5.1.0

Release notes

Sourced from docusaurus-theme-openapi-docs's releases.

v5.1.0

5.1.0 (2026-06-24)

Minor release adding configurable schema expansion depth, numerous schema rendering fixes, improved i18n support, Docusaurus v4 readiness work, and a batch of dependency updates. Also fixes the version script to ensure create-docusaurus-openapi-docs is always bumped in lockstep with the plugin and theme.

🚀 New Feature

  • feat(theme): configurable schema expansion level (#1222) (#1449)

🐛 Bug Fix

  • fix(theme): vendor theme-common/internal usages ahead of Docusaurus v4 (#1140) (#1502)
  • fix(theme): make i18n strings extractable by write-translations (#1499)
  • fix(plugin): render OpenAPI 3.1 type unions in schema names (#950) (#1475)
  • fix(theme): prefill Send API Request from example fields (#544, #1079) (#1476)
  • fix(plugin): restore menu__list-item--deprecated class on sidebar items (#1474)
  • fix(theme): align CodeSnippets outer tab with Docusaurus storage slot (#1464)
  • fix: render nested arrays as Type[][] in Schema tab (#1114) (#1465)
  • fix: render allOf schemas with additionalProperties:false on every member (#1119) (#1463)
  • fix(theme): support multiple x-codeSamples per language (#1204) (#1459)
  • fix(theme): preserve large integer precision in response panel (#1208) (#1458)
  • fix: dedupe properties when allOf override redefines nested array items (#1218) (#1457)
  • fix(theme): pre-populate parameter defaults in API explorer form (#1226) (#1448)
  • fix: skip vendor extensions at the path level (#891) (#1440)
  • fix(demo): use bracketed admonition title syntax for Docusaurus 3.10 (#1445)

📝 Documentation

  • docs: document themeConfig.api.schemaExpansion option
  • docs: correct categoryLinkSource supported values (#1447)
  • docs: harmonize top-level README with plugin README (#1446)

🤖 Dependencies

  • chore(deps): bump ws from 7.5.10 to 7.5.11 (#1514)
  • chore(deps): bump @​redocly/openapi-core from 2.32.2 to 2.33.0 (#1515)
  • chore(deps): bump react-hook-form from 7.75.0 to 7.79.0 (#1517)
  • chore(deps): bump the react group across 1 directory with 2 updates (#1503)
  • chore(deps): bump sass from 1.99.0 to 1.101.0 (#1504)
  • chore(deps): bump @​redocly/openapi-core from 2.31.5 to 2.32.2 (#1505)
  • chore(deps): bump http-proxy-middleware from 2.0.9 to 2.0.10 (#1511)
  • chore(deps): bump webpack-dev-server from 5.2.4 to 5.2.5 (#1512)
  • chore(deps): bump github/codeql-action from 4.36.1 to 4.36.2 (#1506)
  • chore(deps): bump launch-editor from 2.12.0 to 2.14.1 (#1510)
  • chore(deps): bump @​redocly/openapi-core from 2.30.6 to 2.31.5 (#1497)
  • chore(deps): bump github/codeql-action from 4.35.5 to 4.36.1 (#1501)
  • chore(deps): bump @​reduxjs/toolkit from 2.11.2 to 2.12.0 (#1498)
  • chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#1500)
  • chore(deps): bump tmp from 0.2.5 to 0.2.7 (#1490)
  • chore(deps): bump github/codeql-action from 4.35.4 to 4.35.5 (#1489)

... (truncated)

Changelog

Sourced from docusaurus-theme-openapi-docs's changelog.

5.1.0 (2026-06-24)

Minor release adding configurable schema expansion depth, numerous schema rendering fixes, improved i18n support, Docusaurus v4 readiness work, and a batch of dependency updates. Also fixes the version script to ensure create-docusaurus-openapi-docs is always bumped in lockstep with the plugin and theme.

🚀 New Feature

  • feat(theme): configurable schema expansion level (#1222) (#1449)

🐛 Bug Fix

  • fix(theme): vendor theme-common/internal usages ahead of Docusaurus v4 (#1140) (#1502)
  • fix(theme): make i18n strings extractable by write-translations (#1499)
  • fix(plugin): render OpenAPI 3.1 type unions in schema names (#950) (#1475)
  • fix(theme): prefill Send API Request from example fields (#544, #1079) (#1476)
  • fix(plugin): restore menu__list-item--deprecated class on sidebar items (#1474)
  • fix(theme): align CodeSnippets outer tab with Docusaurus storage slot (#1464)
  • fix: render nested arrays as Type[][] in Schema tab (#1114) (#1465)
  • fix: render allOf schemas with additionalProperties:false on every member (#1119) (#1463)
  • fix(theme): support multiple x-codeSamples per language (#1204) (#1459)
  • fix(theme): preserve large integer precision in response panel (#1208) (#1458)
  • fix: dedupe properties when allOf override redefines nested array items (#1218) (#1457)
  • fix(theme): pre-populate parameter defaults in API explorer form (#1226) (#1448)
  • fix: skip vendor extensions at the path level (#891) (#1440)
  • fix(demo): use bracketed admonition title syntax for Docusaurus 3.10 (#1445)

📝 Documentation

  • docs: document themeConfig.api.schemaExpansion option
  • docs: correct categoryLinkSource supported values (#1447)
  • docs: harmonize top-level README with plugin README (#1446)

🤖 Dependencies

  • chore(deps): bump ws from 7.5.10 to 7.5.11 (#1514)
  • chore(deps): bump @​redocly/openapi-core from 2.32.2 to 2.33.0 (#1515)
  • chore(deps): bump react-hook-form from 7.75.0 to 7.79.0 (#1517)
  • chore(deps): bump the react group across 1 directory with 2 updates (#1503)
  • chore(deps): bump sass from 1.99.0 to 1.101.0 (#1504)
  • chore(deps): bump @​redocly/openapi-core from 2.31.5 to 2.32.2 (#1505)
  • chore(deps): bump http-proxy-middleware from 2.0.9 to 2.0.10 (#1511)
  • chore(deps): bump webpack-dev-server from 5.2.4 to 5.2.5 (#1512)
  • chore(deps): bump github/codeql-action from 4.36.1 to 4.36.2 (#1506)
  • chore(deps): bump launch-editor from 2.12.0 to 2.14.1 (#1510)
  • chore(deps): bump @​redocly/openapi-core from 2.30.6 to 2.31.5 (#1497)
  • chore(deps): bump github/codeql-action from 4.35.5 to 4.36.1 (#1501)
  • chore(deps): bump @​reduxjs/toolkit from 2.11.2 to 2.12.0 (#1498)
  • chore(deps): bump actions/checkout from 6.0.2 to 6.0.3 (#1500)
  • chore(deps): bump tmp from 0.2.5 to 0.2.7 (#1490)
  • chore(deps): bump github/codeql-action from 4.35.4 to 4.35.5 (#1489)
  • chore(deps): bump sass-loader from 16.0.7 to 16.0.8 (#1486)

... (truncated)

Commits
  • 977ec41 Prepare release v5.1.0 (#1522)
  • 21de028 fix(theme): vendor theme-common/internal usages ahead of Docusaurus v4 (#1140...
  • b33113d chore(deps-dev): bump concurrently from 9.2.1 to 10.0.3 (#1508)
  • 1f75440 fix(theme): make i18n strings extractable by write-tran...

    Description has been truncated

Bumps the npm-root group with 12 updates:

| Package | From | To |
| --- | --- | --- |
| [@docusaurus/faster](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-faster) | `3.10.0` | `3.10.1` |
| [@easyops-cn/docusaurus-search-local](https://github.com/easyops-cn/docusaurus-search-local/tree/HEAD/packages/docusaurus-search-local) | `0.55.1` | `0.55.2` |
| [docusaurus-markdown-source-plugin](https://github.com/FlyNumber/markdown_docusaurus_plugin) | `2.2.4` | `2.2.5` |
| [docusaurus-plugin-mcp-server](https://github.com/scalvert/docusaurus-plugin-mcp-server) | `0.11.0` | `0.13.0` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.4` | `19.2.7` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.4` | `19.2.7` |
| [sass](https://github.com/sass/dart-sass) | `1.98.0` | `1.101.0` |
| [@apidevtools/json-schema-ref-parser](https://github.com/APIDevTools/json-schema-ref-parser) | `15.3.5` | `15.4.0` |
| [@docusaurus/tsconfig](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-tsconfig) | `3.10.0` | `3.10.1` |
| [@docusaurus/types](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-types) | `3.10.0` | `3.10.1` |
| [docusaurus-theme-openapi-docs](https://github.com/PaloAltoNetworks/docusaurus-openapi-docs/tree/HEAD/packages/docusaurus-theme-openapi-docs) | `5.0.0` | `5.1.0` |
| [typescript](https://github.com/microsoft/TypeScript) | `6.0.2` | `6.0.3` |


Updates `@docusaurus/faster` from 3.10.0 to 3.10.1
- [Release notes](https://github.com/facebook/docusaurus/releases)
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus-faster)

Updates `@easyops-cn/docusaurus-search-local` from 0.55.1 to 0.55.2
- [Release notes](https://github.com/easyops-cn/docusaurus-search-local/releases)
- [Commits](https://github.com/easyops-cn/docusaurus-search-local/commits/v0.55.2/packages/docusaurus-search-local)

Updates `docusaurus-markdown-source-plugin` from 2.2.4 to 2.2.5
- [Release notes](https://github.com/FlyNumber/markdown_docusaurus_plugin/releases)
- [Changelog](https://github.com/FlyNumber/markdown_docusaurus_plugin/blob/main/CHANGELOG.md)
- [Commits](FlyNumber/markdown_docusaurus_plugin@v2.2.4...v2.2.5)

Updates `docusaurus-plugin-mcp-server` from 0.11.0 to 0.13.0
- [Release notes](https://github.com/scalvert/docusaurus-plugin-mcp-server/releases)
- [Changelog](https://github.com/scalvert/docusaurus-plugin-mcp-server/blob/main/CHANGELOG.md)
- [Commits](scalvert/docusaurus-plugin-mcp-server@v0.11.0...v0.13.0)

Updates `react` from 19.2.4 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react)

Updates `react-dom` from 19.2.4 to 19.2.7
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/react/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.7/packages/react-dom)

Updates `sass` from 1.98.0 to 1.101.0
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](sass/dart-sass@1.98.0...1.101.0)

Updates `@apidevtools/json-schema-ref-parser` from 15.3.5 to 15.4.0
- [Release notes](https://github.com/APIDevTools/json-schema-ref-parser/releases)
- [Commits](APIDevTools/json-schema-ref-parser@v15.3.5...v15.4.0)

Updates `@docusaurus/tsconfig` from 3.10.0 to 3.10.1
- [Release notes](https://github.com/facebook/docusaurus/releases)
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus-tsconfig)

Updates `@docusaurus/types` from 3.10.0 to 3.10.1
- [Release notes](https://github.com/facebook/docusaurus/releases)
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus-types)

Updates `docusaurus-theme-openapi-docs` from 5.0.0 to 5.1.0
- [Release notes](https://github.com/PaloAltoNetworks/docusaurus-openapi-docs/releases)
- [Changelog](https://github.com/PaloAltoNetworks/docusaurus-openapi-docs/blob/main/CHANGELOG.md)
- [Commits](https://github.com/PaloAltoNetworks/docusaurus-openapi-docs/commits/v5.1.0/packages/docusaurus-theme-openapi-docs)

Updates `typescript` from 6.0.2 to 6.0.3
- [Release notes](https://github.com/microsoft/TypeScript/releases)
- [Commits](microsoft/TypeScript@v6.0.2...v6.0.3)

---
updated-dependencies:
- dependency-name: "@docusaurus/faster"
  dependency-version: 3.10.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-root
- dependency-name: "@easyops-cn/docusaurus-search-local"
  dependency-version: 0.55.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-root
- dependency-name: docusaurus-markdown-source-plugin
  dependency-version: 2.2.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-root
- dependency-name: docusaurus-plugin-mcp-server
  dependency-version: 0.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-root
- dependency-name: react
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-root
- dependency-name: react-dom
  dependency-version: 19.2.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: npm-root
- dependency-name: sass
  dependency-version: 1.101.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: npm-root
- dependency-name: "@apidevtools/json-schema-ref-parser"
  dependency-version: 15.4.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-root
- dependency-name: "@docusaurus/tsconfig"
  dependency-version: 3.10.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-root
- dependency-name: "@docusaurus/types"
  dependency-version: 3.10.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-root
- dependency-name: docusaurus-theme-openapi-docs
  dependency-version: 5.1.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: npm-root
- dependency-name: typescript
  dependency-version: 6.0.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: npm-root
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jun 26, 2026
@jab3z

jab3z commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

⚠️ Do not merge as-is. This group bumps docusaurus-plugin-mcp-server 0.11.0 → 0.13.0, which silently breaks the version-pinned patch-package patch and would ship the plugin's OOM-prone FlexSearch defaults (~290MB index) to production.

That package is handled separately in #125 (proper 0.13.0 upgrade + config-based index tuning), which also adds it to the dependabot ignore list. After #125 merges, recreate this PR (@dependabot recreate) — it will rebase onto main, drop the now-ignored/already-upgraded package, and reduce to the 11 routine root bumps (react, sass, docusaurus 3.10.1, etc.), which are safe to verify + merge.

@dependabot @github

dependabot Bot commented on behalf of github Jun 26, 2026

Copy link
Copy Markdown
Author

Looks like these dependencies are no longer being updated by Dependabot, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 26, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/npm-root-09413cfde6 branch June 26, 2026 16:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant