Skip to content

[Snyk] Security upgrade @docusaurus/preset-classic from 2.0.0-beta.14 to 3.5.0#757

Open
pushkala-datastax wants to merge 1 commit into
2.10_dsfrom
snyk-fix-9310b09b645a21b01954d4fab9a02fc6
Open

[Snyk] Security upgrade @docusaurus/preset-classic from 2.0.0-beta.14 to 3.5.0#757
pushkala-datastax wants to merge 1 commit into
2.10_dsfrom
snyk-fix-9310b09b645a21b01954d4fab9a02fc6

Conversation

@pushkala-datastax

Copy link
Copy Markdown
Collaborator

snyk-top-banner

Snyk has created this PR to fix 1 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • site2/website-next/package.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Allocation of Resources Without Limits or Throttling
SNYK-JS-WS-17988732
  721  

Breaking Change Risk

Merge Risk: High

Notice: This assessment is enhanced by AI.


Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Allocation of Resources Without Limits or Throttling

@pushkala-datastax

Copy link
Copy Markdown
Collaborator Author

Merge Risk: High

The upgrade from Docusaurus v2 to v3 is a major version change that introduces significant breaking changes, requiring both code and environment updates.

Key Breaking Changes:

  • MDX v1 → v3 Upgrade: This is the most impactful change. MDX v3 has a stricter parser, which will likely cause build failures for existing Markdown and MDX content that uses characters like { and < without proper escaping. Content files will need to be reviewed and potentially refactored. [1, 3, 7] A command-line tool, npx docusaurus-mdx-checker, is available to help identify files that need changes. [1, 8]

  • Environment Requirements: Support for older runtimes and libraries has been dropped. The new requirements are:

    • Node.js: v18.0+ [3, 1]
    • React: v18.0+ [3, 1]
    • TypeScript: v5.1+ [1]
  • Dependency Upgrades: Other core dependencies have been upgraded to new major versions, including prism-react-renderer v2 (for code blocks), which may affect custom styling or swizzled components. [1, 3, 7]

  • Other Notable Changes:

    • The :::caution admonition is deprecated and should be replaced with :::warning. [3]
    • The default number of entries in the blog RSS feed is now 20. [3]

Source: Docusaurus v3 Upgrade Guide

Recommendation: This upgrade requires careful planning. Developers must follow the official migration guide, use the docusaurus-mdx-checker tool to assess the impact on content, and thoroughly test the site after upgrading due to the extensive dependency changes.

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants