Skip to content

build(deps): harden docs site dependencies#528

Open
Rishabh060105 wants to merge 3 commits intoaccordproject:mainfrom
Rishabh060105:Rishabh060105/techdocs-519-dependency-hardening
Open

build(deps): harden docs site dependencies#528
Rishabh060105 wants to merge 3 commits intoaccordproject:mainfrom
Rishabh060105:Rishabh060105/techdocs-519-dependency-hardening

Conversation

@Rishabh060105
Copy link
Copy Markdown

@Rishabh060105 Rishabh060105 commented Apr 11, 2026
edited
Loading

Refs #519

Changes

  • Updated the docs app direct dependency axios from ^0.21.2 to ^1.15.0.
  • Updated the docs app direct dependency qs from ^6.9.6 to ^6.15.1.
  • Regenerated website/package-lock.json while preserving lockfile v2.
  • Left docusaurus, remarkable-admonitions, and jsdoc-to-markdown unchanged.

Flags

  • This PR intentionally references, but does not close, Outdated docs site dependencies create security and maintenance risk #519 because it is an incremental dependency-hardening change.
  • docusaurus@1.14.7 is already the latest Docusaurus v1 package.
  • The remaining Highlight.js v9 EOL warning is inherited through the Docusaurus v1 dependency tree and requires a Docusaurus v3 migration rather than a direct dependency bump.
  • npm audit --omit=dev still reports remaining vulnerabilities: 107 total, including 47 high and 7 critical, mostly through the old Docusaurus v1 dependency tree.
  • The Netlify deploy preview appears to show a generic 404 / asset-path issue, but the local Docusaurus v1 build succeeds and generates the site at website/build/techdocs/index.html. This PR only updates direct dependency metadata and the lockfile; it does not change Docusaurus config, routes, CSS, JS, or docs content. The preview likely needs Netlify to publish website/build/techdocs rather than website/build.

Screenshots or Video

N/A - dependency metadata and lockfile update only.

Related Issues

Verification

  • npm install
  • npm run build
  • npm audit --omit=dev
  • Smoke-checked generated output at website/build/techdocs

Author Checklist

  • Ensure you provide a DCO sign-off for your commits using the --signoff option of git commit.
  • Vital features and changes captured in unit and/or integration tests
  • Commits messages follow AP format
  • Extend the documentation, if necessary
  • Merging to master from fork:branchname
  • Manual accessibility test performed
    • Keyboard-only access, including forms
    • Contrast at least WCAG Level A
    • Appropriate labels, alt text, and instructions

Rishabh Jain added 3 commits April 11, 2026 21:50
build(deps): harden docs site dependencies
7abab52 
Signed-off-by: Rishabh Jain <rishabhj2005@email.com>
build: migrate docs site to Docusaurus v3
f573341 
Signed-off-by: Rishabh Jain <rishabhj2005@email.com>
build: remove orphan root package lock
928dd4e
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Rishabh060105