You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@bookkeeper.apache.org by "hangc0276 (via GitHub)" <gi...@apache.org> on 2023/04/25 07:59:17 UTC

[GitHub] [bookkeeper] hangc0276 opened a new pull request, #3936: Upgrade docusaurus to 2.4.0

hangc0276 opened a new pull request, #3936:
URL: https://github.com/apache/bookkeeper/pull/3936

   ### Motivation
   There are many CVEs in docusaurus 2.0.0-beta.17 version. 
   #### [CVE-2023-2251](https://www.cve.org/CVERecord?id=CVE-2023-2251)
   Detailed paths
   Introduced through: site-3@0.0.0 › @docusaurus/core@2.0.0-beta.17 › cssnano@5.1.0 › yaml@1.10.2
   Fix: No remediation path available.
   Introduced through: site-3@0.0.0 › @docusaurus/core@2.0.0-beta.17 › postcss-loader@6.2.1 › cosmiconfig@7.0.1 › yaml@1.10.2
   Fix: [Upgrade](https://app.snyk.io/org/streamnative-org/fix/b453ecf3-1fc1-4ac1-a9e6-7c4cc6a8b4a1?vuln=SNYK-JS-YAML-5458867) to @docusaurus/core@2.0.0 
   Introduced through: site-3@0.0.0 › @docusaurus/core@2.0.0-beta.17 › css-minimizer-webpack-plugin@3.4.1 › cssnano@5.1.0 › yaml@1.10.2
   Fix: No remediation path available.
   
   #### [CVE-2022-25967](https://www.cve.org/CVERecord?id=CVE-2022-25967)
   Detailed paths and remediation
   Introduced through: site-3@0.0.0 › @docusaurus/core@2.0.0-beta.17 › eta@1.12.3
   Fix: [Upgrade](https://app.snyk.io/org/streamnative-org/fix/b453ecf3-1fc1-4ac1-a9e6-7c4cc6a8b4a1?vuln=SNYK-JS-ETA-2936803) to @docusaurus/core@2.3.1 
   Introduced through: site-3@0.0.0 › @docusaurus/preset-classic@2.0.0-beta.17 › @docusaurus/core@2.0.0-beta.17 › eta@1.12.3
   Fix: [Upgrade](https://app.snyk.io/org/streamnative-org/fix/b453ecf3-1fc1-4ac1-a9e6-7c4cc6a8b4a1?vuln=SNYK-JS-ETA-2936803) to @docusaurus/preset-classic@2.3.1 
   Introduced through: site-3@0.0.0 › @docusaurus/preset-classic@2.0.0-beta.17 › @docusaurus/theme-search-algolia@2.0.0-beta.17 › eta@1.12.3
   Fix: [Upgrade](https://app.snyk.io/org/streamnative-org/fix/b453ecf3-1fc1-4ac1-a9e6-7c4cc6a8b4a1?vuln=SNYK-JS-ETA-2936803) to @docusaurus/preset-classic@2.3.1
   
   ### Changes
   Upgrade the docusaurus to 2.4.0 to resolve those CVEs
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [bookkeeper] nicoloboschi commented on pull request #3936: Upgrade docusaurus to 2.4.0

Posted by "nicoloboschi (via GitHub)" <gi...@apache.org>.

nicoloboschi commented on PR #3936:
URL: https://github.com/apache/bookkeeper/pull/3936#issuecomment-1521341518

   @hangc0276 i think you need to upgrade node version 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [bookkeeper] hangc0276 commented on a diff in pull request #3936: Upgrade docusaurus to 2.4.0

Posted by "hangc0276 (via GitHub)" <gi...@apache.org>.

hangc0276 commented on code in PR #3936:
URL: https://github.com/apache/bookkeeper/pull/3936#discussion_r1176160672


##########
site3/website/package.json:
##########
@@ -39,5 +39,10 @@
   },
   "devDependencies": {
     "replace-in-file": "^6.3.2"
+  },
+
+  "engines": {

Review Comment:
   @nicoloboschi I try to upgrade the node engine, but it doesn't work.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [bookkeeper] hangc0276 merged pull request #3936: Upgrade docusaurus to 2.4.0

Posted by "hangc0276 (via GitHub)" <gi...@apache.org>.

hangc0276 merged PR #3936:
URL: https://github.com/apache/bookkeeper/pull/3936


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [PR] Upgrade docusaurus to 2.4.0 [bookkeeper]

Posted by "zymap (via GitHub)" <gi...@apache.org>.

zymap commented on PR #3936:
URL: https://github.com/apache/bookkeeper/pull/3936#issuecomment-1842200986

   It's a website dependency; it doesn't need to be released.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@bookkeeper.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org