[Snyk] Security upgrade @docusaurus/preset-classic from 2.4.1 to 3.5.0

[naiba4]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • docs/package.json
  • docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	828/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.7	Denial of Service (DoS) SNYK-JS-HTTPPROXYMIDDLEWARE-8229906	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @docusaurus/preset-classic

The new version differs by 250 commits.

• cb5829f v3.5.0
• a19d54f Merge remote-tracking branch 'origin/slorber/docusaurus-v3.5' into slorber/docusaurus-v3.5
• ea49177 3.5 docs
• 55a58ee changelog
• 8f8f7f2 Merge branch 'main' into slorber/docusaurus-v3.5
• a096bbc feat(blog): add `onUntruncatedBlogPosts` blog options (build(deps): bump github.com/tendermint/tendermint from 0.34.13 to 0.34.14 (backport #10357) cosmos/cosmos-sdk#10375)
• 2611aa1 refactor: apply lint autofix
• f9e5adb v3.5 blog post
• c3af215 v3.5 blog post
• af24976 v3.5 blog post
• 2028ca4 v3.5 blog post
• f43be85 fix(translations): fix wrong Estonian (et) translations and typos (docs: add invariants to module specs cosmos/cosmos-sdk#10344)
• a2e30be fix(search): fix algolia search ignore ctrl + F in search input (fix: null guard for tx fee amounts (backport #10327) cosmos/cosmos-sdk#10342)
• 44ddada fix(docs): the _category_.json description attribute should display on generated index pages (Add load tests to verify no race condition exists in app gRPC queries cosmos/cosmos-sdk#10324)
• 95ab9f8 feat(theme): show unlisted/draft banners in dev mode (build(deps): bump github.com/tendermint/tendermint from 0.34.13 to 0.34.14 (backport #10357) cosmos/cosmos-sdk#10376)
• c58fcbd feat(ci): continuous releases for main and PRs with pkg.pr.new (changelog v0.44.2 cosmos/cosmos-sdk#10369)
• 087a329 fix(cli): Fix bad docusaurus CLI behavior on for --version, -V, --help, -h (Protobuf Any Interface Redesign cosmos/cosmos-sdk#10368)
• 7be1fea feat(blog): add feed xlst options to render beautiful RSS and Atom feeds (Fix genesis supply handling (backport #8930) cosmos/cosmos-sdk#9252)
• 08a893a chore: add prettier-xml plugin (perf: avoid unnecessary byteslice->string before fmt %s verb cosmos/cosmos-sdk#10364)
• f356e29 feat(blog): authors page (Empty amount delegation stored after unbonding/redelegation cosmos/cosmos-sdk#10216)
• 50f9fce docs: rename @ getcanary/docusaurus-pagefind in docs (perf: Only do memory allocation when zero coin is found (backport #10339) cosmos/cosmos-sdk#10361)
• 347070b fix(translations): Fix and Improve Spanish translations (ADR-40 Implementation cosmos/cosmos-sdk#10360)
• 95990c6 docs: Add @ getcanary/docusaurus-pagefind in docs (chore: Cosmos SDK v0.44.1 release notes cosmos/cosmos-sdk#10345)
• 40676cd chore(deps): update infima npm dependency to version 0.2.0-alpha.44 (fix: null guard for tx fee amounts (backport #10327) cosmos/cosmos-sdk#10343)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)

[codesandbox]

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

[changeset-bot]

⚠️ No Changeset found

Latest commit: 069a6ca

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[socket-security]

New and removed dependencies detected. Learn more about Socket for GitHub ↗︎

Package	New capabilities	Transitives	Size	Publisher
npm/@docusaurus/[email protected]	environment Transitive: eval, filesystem, network, shell, unsafe	+527	72.6 MB	slorber
npm/[email protected]	environment Transitive: filesystem	+4	2.61 MB	ai

🚮 Removed packages: npm/@docusaurus/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected], npm/[email protected]

View full report↗︎

[socket-security]

Report is too large to display inline.
View full report↗︎

Next steps

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of ecosystem/package-name@version specifiers. e.g. @SocketSecurity ignore npm/[email protected] or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/@sideway/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/@docusaurus/[email protected]
• @SocketSecurity ignore npm/@docusaurus/[email protected]
• @SocketSecurity ignore npm/@pnpm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/[email protected]
• @SocketSecurity ignore npm/@docsearch/[email protected]
• @SocketSecurity ignore npm/@babel/[email protected]
• @SocketSecurity ignore npm/@babel/[email protected]
• @SocketSecurity ignore npm/@babel/[email protected]
• @SocketSecurity ignore npm/@algolia/[email protected]

[guardrails]

⚠️ We detected 1 security issue in this pull request:

Vulnerable Libraries (1)

Severity	Details
High	pkg:npm/@docusaurus/[email protected] upgrade to: > 3.5.0

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.