[Snyk] Fix for 2 vulnerabilities

[q1blue]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	696
	Regular Expression Denial of Service (ReDoS) SNYK-JS-OCTOKITREQUEST-8730853	666

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

---

EntelligenceAI PR Summary

Major dependency upgrade to Docusaurus v3 and Octokit v3 with modernized build toolchain and enhanced search capabilities.

• Upgraded @docusaurus/preset-classic from v2.4.1 to v3.0.0
• Upgraded octokit from v2.0.14 to v3.0.0
• Updated build infrastructure: Babel 7.29, Webpack 5.105, MDX v3
• Enhanced markdown processing with new remark and micromark plugins for GFM and frontmatter
• Expanded Algolia search integration with A/B testing, insights, and monitoring clients
• Updated @docsearch/react to version 3.9.0

[gemini-code-assist]

Summary of Changes

Hello @q1blue, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request, automatically generated by Snyk, aims to enhance the project's security posture by updating key dependencies. The primary goal is to remediate known Regular Expression Denial of Service (ReDoS) vulnerabilities present in older versions of these packages, ensuring a more robust and secure application environment.

Highlights

• Dependency Upgrades: Upgraded @docusaurus/preset-classic from ^2.4.1 to ^3.0.0 and octokit from ^2.0.14 to ^3.0.0.
• Vulnerability Fixes: These dependency upgrades address two Regular Expression Denial of Service (ReDoS) vulnerabilities: SNYK-JS-TRIM-1017038 (high severity) and SNYK-JS-OCTOKITREQUEST-8730853 (medium severity).

Changelog

• package.json
  • Updated @docusaurus/preset-classic dependency from ^2.4.1 to ^3.0.0.
  • Updated octokit dependency from ^2.0.14 to ^3.0.0.

Activity

• This pull request was automatically created by Snyk to address identified vulnerabilities.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	@​docusaurus/​preset-classic@​2.4.1 ⏵ 3.0.0				+1

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		License policy violation: npm caniuse-lite under CC-BY-4.0 License: CC-BY-4.0 - the applicable license policy does not allow this license (4) (npm metadata) License: CC-BY-4.0 - the applicable license policy does not allow this license (4) (package/LICENSE) License: CC-BY-4.0 - the applicable license policy does not allow this license (4) (package/package.json) From: package-lock.json → npm/@svgr/webpack@6.5.1 → npm/@docusaurus/preset-classic@3.0.0 → npm/@docusaurus/core@2.4.1 → npm/@docusaurus/plugin-content-docs@2.4.1 → npm/caniuse-lite@1.0.30001769 ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/caniuse-lite@1.0.30001769. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm html-minifier-terser is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: package-lock.json → npm/@docusaurus/preset-classic@3.0.0 → npm/html-minifier-terser@7.2.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/html-minifier-terser@7.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[gemini-code-assist]

Code Review

This pull request from Snyk aims to fix two security vulnerabilities by upgrading @docusaurus/preset-classic and octokit. However, both of these are major version upgrades which introduce significant breaking changes. Specifically, upgrading @docusaurus/preset-classic to v3 requires an upgrade to React 18, but the project is currently on React 17. This will cause the build to fail. The octokit upgrade also contains breaking changes. These automated changes will break the project, and manual intervention is required to update the code to be compatible with the new versions.

[gemini-code-assist]

These automated dependency upgrades introduce major version changes that will break the application.

• @docusaurus/preset-classic to v3.0.0: Docusaurus v3 requires React 18, but this project's dependencies are still on React 17 (react and react-dom are ^17.0.1). This version mismatch will cause the build to fail. You will need to upgrade react and react-dom to ^18.0.0 and follow the Docusaurus v3 migration guide to resolve this.

• octokit to v3.0.0: This is also a major upgrade with breaking changes. All code that uses octokit must be updated to work with the new API.

While fixing security vulnerabilities is important, major version upgrades should be handled with care. It is highly recommended to review the migration guides for both libraries and manually update the code to be compatible with these new versions.

[entelligence-ai-pr-reviews]

Walkthrough

This PR performs a major dependency upgrade for the Docusaurus documentation framework and GitHub API client. The update transitions the project to Docusaurus v3 (@docusaurus/preset-classic 3.0.0) and Octokit v3, bringing significant modernization to the dependency tree. Key infrastructure updates include Babel 7.29, Webpack 5.105, and MDX v3 with enhanced remark and micromark plugins for GFM and frontmatter support. The Algolia search integration has been expanded with additional clients for A/B testing, insights, and monitoring capabilities, while @docsearch/react moves to version 3.9.0. These changes align the project with current framework standards and unlock improved performance and features.

Changes

File(s)	Summary
package.json	Upgraded @docusaurus/preset-classic from ^2.4.1 to ^3.0.0 and octokit from ^2.0.14 to ^3.0.0, representing major version bumps for both dependencies.
package-lock.json	Updated dependency tree to reflect major version upgrades including Babel 7.29, Webpack 5.105, MDX v3 with remark/micromark plugins for GFM and frontmatter, @docsearch/react 3.9.0, and expanded Algolia search integration with new clients for A/B testing, insights, and monitoring.

Sequence Diagram

This diagram shows the interactions between components:

sequenceDiagram
    participant User as User/Browser
    participant Doc as Docusaurus Core (v3)
    participant MDX as MDX Loader (v3)
    participant Search as DocSearch (Algolia)
    participant Octo as Octokit (v3)
    participant GH as GitHub API

    Note over Doc, GH: Documentation Rendering Flow
    User->>Doc: Request Page
    activate Doc
    Doc->>MDX: Process .mdx Content
    activate MDX
    MDX->>MDX: Parse via Unified/Remark
    MDX-->>Doc: Return React Component
    deactivate MDX
    Doc-->>User: Serve Rendered Page
    deactivate Doc

    Note over User, Search: Search Interaction Flow
    User->>Search: Input Search Query
    activate Search
    Search->>Search: Autocomplete Core Logic
    Search->>Search: Algolia Search Client (v4/v5)
    Search-->>User: Display Results
    deactivate Search

    Note over Doc, GH: GitHub Data Integration Flow
    Doc->>Octo: Initialize Client (Auth)
    activate Octo
    Octo->>Octo: Load Plugins (Paginate/Retry)
    
    alt REST Request
        Octo->>GH: Send REST API Call
        GH-->>Octo: JSON Response
    else GraphQL Request
        Octo->>GH: Send GraphQL Query
        GH-->>Octo: Schema Data
    end

    Octo-->>Doc: Return Processed Data
    deactivate Octo
    Doc-->>User: Update UI with GitHub Data

Loading

▶️ ⚡ AI Code Reviews for VS Code, Cursor, Windsurf
Install the extension

Note for Windsurf

Please change the default marketplace provider to the following in the windsurf settings:

Marketplace Extension Gallery Service URL: https://marketplace.visualstudio.com/_apis/public/gallery

Marketplace Gallery Item URL: https://marketplace.visualstudio.com/items

Entelligence.ai can learn from your feedback. Simply add 👍 / 👎 emojis to teach it your preferences. More shortcuts below

Emoji Descriptions:

• ⚠️ Potential Issue - May require further investigation.
• 🔒 Security Vulnerability - Fix to ensure system safety.
• 💻 Code Improvement - Suggestions to enhance code quality.
• 🔨 Refactor Suggestion - Recommendations for restructuring code.
• ℹ️ Others - General comments and information.

Interact with the Bot:

• Send a message or request using the format:
  @entelligenceai + *your message*

Example: @entelligenceai Can you suggest improvements for this code?

• Help the Bot learn by providing feedback on its responses.
  @entelligenceai + *feedback*

Example: @entelligenceai Do not comment on `save_auth` function !

Also you can trigger various commands with the bot by doing
@entelligenceai command

The current supported commands are

1. config - shows the current config
2. retrigger_review - retriggers the review

More commands to be added soon.

[entelligence-ai-pr-reviews]

Correctness: ⚠️ @docusaurus/preset-classic was bumped to v3 while @docusaurus/core remains v2.4.1. Major-version mismatch in Docusaurus packages typically breaks the build due to peer dependency/API incompatibilities. Either upgrade all Docusaurus packages to v3 together or keep this preset at v2.4.1 to match core.

🤖 AI Agent Prompt for Cursor/Windsurf

📋 Copy this prompt to your AI coding assistant (Cursor, Windsurf, etc.) to get help fixing this issue

In `package.json` line 21, align `@docusaurus/preset-classic` with the existing Docusaurus core version. Either revert it to `^2.4.1` or upgrade all Docusaurus packages (core + plugins + preset) to v3 consistently to avoid peer dependency/API breakage.

[cloudflare-workers-and-pages]

Deploying with    Cloudflare Workers

The latest updates on your project. Learn more about integrating Git with Workers.

Status	Name	Latest Commit	Updated (UTC)
❌ Deployment failed View logs	crystal-alchemist-blue-block-1596	14991aa	Feb 08 2026, 05:34 AM