fix: resolve docs Dependabot advisories#519
Conversation
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
❌ Deploy Preview for canarychecker failed. Why did it fail? →
|
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: Organization UI Review profile: CHILL Plan: Pro Run ID: ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (2)
🚧 Files skipped from review as they are similar to previous changes (2)
WalkthroughThis PR upgrades Docusaurus dependencies to 3.10.1 in canary-checker and mission-control, removes image-webpack-loader and browserify-fs from webpack-related setup, pins the Prettier version in Taskfile, inlines a CopyButton component with clipboard fallback logic, and adjusts the shared Layout theme component. ChangesDependency upgrade and build configuration
CopyButton inlining and Layout theme adjustments
Sequence Diagram(s)sequenceDiagram
participant User
participant CopyButton
participant ClipboardAPI
User->>CopyButton: click copy
CopyButton->>ClipboardAPI: navigator.clipboard.writeText(code)
ClipboardAPI-->>CopyButton: success or failure
CopyButton->>CopyButton: fallback execCommand('copy') if needed
CopyButton->>CopyButton: set copied state, schedule reset timeout
Possibly related PRs
Suggested labels: dependencies, build Suggested reviewers: None identified. 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✨ Finishing Touches📝 Generate docstrings
🧪 Generate unit tests (beta)
✨ Simplify code
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@canary-checker/docs/scripting/_functions.md`:
- Around line 3-12: The table in _functions.md has a column layout mismatch: the
header/body are using three columns, but the separator row still reflects the
old wider schema. Update the markdown table definition for the function list so
the separator row matches the actual columns used by the rows, keeping the
formatting consistent with the entries like len, index, and print.
In `@common/src/components/TerminalOutput.jsx`:
- Around line 28-29: The copied-state timeout in TerminalOutput is being
replaced without cancelling any previously scheduled timeout, so rapid clicks
can let an older timer clear copied too early. Update the click handling around
the copied state and timeoutRef.current to clear any existing timeout before
scheduling a new one, and make sure the timer is consistently managed in the
same component logic that sets copied true and false.
- Around line 11-30: The copyToClipboard function in TerminalOutput.jsx awaits
navigator.clipboard.writeText without handling rejection, so a failed clipboard
write can escape as an unhandled promise and skip the copied state update. Wrap
the async clipboard write in copyToClipboard with error handling, and if the
navigator.clipboard path fails, fall back to the existing
textarea/document.execCommand copy logic before setting copied state and
scheduling the timeout.
In `@mission-control/docs/guide/config-db/scrapers/azure.md`:
- Around line 67-86: Fix the Markdown table formatting in the resource types
section by removing the unintended extra separator column and the stray trailing
“+” cell in the final row. Update the table rows around the resource type
mappings so they all follow the same two-column structure as the other entries,
keeping the alignment consistent for the Azure docs table.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 774ec39c-4159-4aef-9443-5ccae86683c2
⛔ Files ignored due to path filters (4)
Pipfile.lockis excluded by!**/*.lockcanary-checker/package-lock.jsonis excluded by!**/package-lock.jsonmission-control/package-lock.jsonis excluded by!**/package-lock.jsonscripts/mdx-renderer/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (16)
canary-checker/docs/concepts/secret-management.mdcanary-checker/docs/scripting/_functions.mdcanary-checker/netlify.tomlcanary-checker/package.jsoncanary-checker/plugins/my-loaders/index.jscommon/src/components/TerminalOutput.jsxmission-control/docs/guide/config-db/scrapers/azure.mdmission-control/docs/guide/notifications/channels/index.mdmission-control/docs/guide/views/concepts/templating.mdmission-control/docs/guide/views/queries/changes.mdmission-control/docs/integrations/kubernetes/playbooks.mdmission-control/docusaurus.config.tsmission-control/netlify.tomlmission-control/package.jsonmission-control/src/plugins/my-loaders/index.jsnetlify.toml
💤 Files with no reviewable changes (3)
- canary-checker/netlify.toml
- mission-control/netlify.toml
- netlify.toml
Refresh the docs lockfiles so fast-xml-parser and shell-quote resolve to patched releases for the critical Dependabot reports in canary-checker and mission-control.
Upgrade Docusaurus and webpack, pin serialize-javascript to a patched release, and drop the vulnerable image-webpack-loader/browserify-fs dependency chains. Update the swizzled Docusaurus components for the 3.10 theme internals.
6599382 to
6218ae8
Compare
Pin uuid to a patched release, refresh js-yaml in the MDX renderer lockfile, and update the Pipfile lock to Jinja2 3.1.6. npm audit now reports zero vulnerabilities for canary-checker, mission-control, and scripts/mdx-renderer. Pin the Prettier version used by the formatting task so CI does not drift to newer formatter output and require unrelated markdown changes.
6218ae8 to
786c2de
Compare
There was a problem hiding this comment.
🧹 Nitpick comments (1)
Taskfile.yml (1)
81-86: 📐 Maintainability & Code Quality | 🔵 Trivial | ⚡ Quick winConsider pinning Prettier as a devDependency instead of via npx.
Pinning the version in the
npxcommand fixes CI drift, but each invocation still resolves/downloadsprettier@3.8.1from the registry (unless already cached) rather than using a lockfile-pinned local install. Prettier's own docs recommend installing an exact version locally for consistency and speed rather than relying onnpxto fetch the version.♻️ Suggested alternative: add prettier as a pinned devDependency
fmt: desc: Format all markdown files with prettier cmds: - - npx --yes prettier@3.8.1 --write "**/*.md" --ignore-path .prettierignore + - npx prettier --write "**/*.md" --ignore-path .prettierignore fmt:check: desc: Check markdown formatting without making changes cmds: - - npx --yes prettier@3.8.1 --check --log-level=debug "**/*.md" --ignore-path .prettierignore + - npx prettier --check --log-level=debug "**/*.md" --ignore-path .prettierignoreThen add
"prettier": "3.8.1"to apackage.json/lockfile that's installed before these tasks run.🤖 Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the rest with a brief reason, keep changes minimal, and validate. In `@Taskfile.yml` around lines 81 - 86, The markdown formatting tasks still invoke Prettier through npx in Taskfile.yml, which bypasses a lockfile-pinned local install. Update the fmt/fmt:check commands to use a locally installed exact Prettier version by adding prettier@3.8.1 as a devDependency and then calling the project-local binary from the Taskfile commands. Use the existing fmt and fmt:check task names as the anchor when updating these commands.
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Nitpick comments:
In `@Taskfile.yml`:
- Around line 81-86: The markdown formatting tasks still invoke Prettier through
npx in Taskfile.yml, which bypasses a lockfile-pinned local install. Update the
fmt/fmt:check commands to use a locally installed exact Prettier version by
adding prettier@3.8.1 as a devDependency and then calling the project-local
binary from the Taskfile commands. Use the existing fmt and fmt:check task names
as the anchor when updating these commands.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: fae8edcf-5a75-4f26-90de-4d83c9b190a7
⛔ Files ignored due to path filters (4)
Pipfile.lockis excluded by!**/*.lockcanary-checker/package-lock.jsonis excluded by!**/package-lock.jsonmission-control/package-lock.jsonis excluded by!**/package-lock.jsonscripts/mdx-renderer/package-lock.jsonis excluded by!**/package-lock.json
📒 Files selected for processing (8)
Taskfile.ymlcanary-checker/package.jsoncanary-checker/plugins/my-loaders/index.jscommon/src/components/TerminalOutput.jsxcommon/src/theme/Layout/index.tsxmission-control/docusaurus.config.tsmission-control/package.jsonmission-control/src/plugins/my-loaders/index.js
✅ Files skipped from review due to trivial changes (1)
- mission-control/src/plugins/my-loaders/index.js
🚧 Files skipped from review as they are similar to previous changes (4)
- canary-checker/plugins/my-loaders/index.js
- mission-control/docusaurus.config.ts
- canary-checker/package.json
- mission-control/package.json
Docusaurus 3.10 packages require Node >=20, but the canary-checker site did not publish an engine constraint. Add the engine metadata to package.json and lockfile so unsupported Node 18 builds are rejected early. Also sync the swizzled Layout wrapper with the 3.10 theme class names by restoring the new theme-layout-main class.
4c37921 to
ebe458d
Compare
Dependabot reported critical, high, and medium dependency advisories across the docs sites.
Refresh vulnerable npm/Pipfile locks, upgrade Docusaurus/webpack-related dependencies, remove vulnerable image/browser fs dependency chains, and pin patched transitive packages where needed.
The Docusaurus upgrade also updates the local swizzled components that referenced moved internal theme APIs. The formatting task now pins Prettier to avoid CI drifting to newer formatter output and forcing unrelated markdown changes.
Summary by CodeRabbit
New Features
Bug Fixes
fsusage by disabling the previous client-side polyfill.Chores