From 43e05f14f6ac6a6c307647bbe477f06663374647 Mon Sep 17 00:00:00 2001 From: Alex Batalov Date: Sun, 24 May 2026 23:59:39 +0400 Subject: [PATCH 1/5] docs: design dependabot security remediation --- ...-dependabot-security-remediation-design.md | 72 +++++++++++++++++++ 1 file changed, 72 insertions(+) create mode 100644 docs/superpowers/specs/2026-05-24-dependabot-security-remediation-design.md diff --git a/docs/superpowers/specs/2026-05-24-dependabot-security-remediation-design.md b/docs/superpowers/specs/2026-05-24-dependabot-security-remediation-design.md new file mode 100644 index 000000000..6588ab09a --- /dev/null +++ b/docs/superpowers/specs/2026-05-24-dependabot-security-remediation-design.md @@ -0,0 +1,72 @@ +# Dependabot Security Remediation Design + +## Goal + +Close the current open GitHub Dependabot security alerts for `OpenAPI-Qraft/openapi-qraft` that are reported against the root `yarn.lock`, while staying within this branch and avoiding any push from this environment. + +The remediation is allowed to update direct dependencies, workspace dependencies, root `resolutions`, and the lockfile as needed. The deciding criterion is not the smallest possible diff; it is a dependency graph that no longer resolves vulnerable versions and still passes the project verification suite. + +## Current Alert Scope + +The initial GitHub API snapshot reported 13 open alerts in `yarn.lock`: + +- `turbo`: direct development dependency, patched in `2.9.14`. +- `ws`: transitive runtime dependency, patched in `8.20.1`. +- `qs`: transitive runtime dependency, patched in `6.15.2`. +- `uuid`: transitive runtime dependency, patched in `11.1.1` for the currently reported vulnerable range. +- `webpack-dev-server`: transitive runtime dependency, patched in `5.2.4`. +- `brace-expansion`: transitive runtime dependency, patched in `5.0.6`. +- `postcss`: transitive runtime dependency, patched in `8.5.10`. +- `@babel/plugin-transform-modules-systemjs`: transitive runtime dependency, patched in `7.29.4`. +- `fast-uri`: transitive runtime dependency, patched in `3.1.2`. +- `ip-address`: transitive runtime dependency, patched in `10.1.1`. +- `follow-redirects`: transitive runtime dependency, patched in `1.16.0`. + +The `fast-uri` package has two open advisories, both resolved by `3.1.2`. + +The repository's Dependabot config excludes `e2e/projects/**`, so this pass does not chase dependency state inside those excluded project fixtures unless they affect the root lockfile alerts. + +## Remediation Strategy + +Use a hybrid close-alerts-first strategy: + +1. Update direct dependencies through their manifest entries when they are the source of an alert. +2. For transitive alerts, prefer updating the nearest practical top-level dependency when that is a normal maintenance update and does not create an unrelated migration. +3. Use root `resolutions` when an upstream package has not yet widened or refreshed its own dependency range, or when a broad top-level update would turn this task into unrelated framework migration work. +4. Preserve existing security `resolutions` until the refreshed graph proves they are no longer needed. +5. Judge the result by the resolved graph and verification commands, not by whether every alert was solved through the same mechanism. + +## Dependency Evidence + +Before changing dependency versions, build a checklist from: + +- GitHub Dependabot alerts via `gh api`. +- `yarn why ` for each alerted package. +- Lockfile entries for vulnerable and patched versions. + +After changes, repeat the evidence pass and verify that the root graph no longer resolves versions in the reported vulnerable ranges. + +## Error Handling + +If a dependency update causes a build or test failure, first classify the failure: + +- A small API or tooling compatibility break can be fixed as part of this branch. +- A large unrelated framework migration should be avoided; replace that broad bump with a narrower dependency override when possible. +- A pre-existing verification failure should be documented with the exact command and output boundary instead of treated as a successful pass. + +Do not hide a real runtime or type regression behind another override. Overrides are acceptable only when they directly force a patched transitive dependency without changing the public behavior of qraft packages. + +## Verification Plan + +Run the smallest evidence checks after each meaningful dependency pass, then run project-level verification before completion: + +- `yarn install --immutable` or an equivalent Yarn consistency check after lockfile changes. +- `yarn why` and lockfile checks for every alerted package. +- GitHub alert snapshot through `gh api` when the branch state can be compared locally. +- `yarn typecheck`. +- `yarn lint`. +- `yarn test`. +- `yarn build:publishable` or another build command that covers affected package/tooling surfaces. +- Relevant e2e commands if dependency changes touch toolchain paths that e2e covers. + +If the full suite is too slow or blocked by pre-existing failures, record the exact commands that passed and the exact blocker for anything not completed. From 63e2eaa1f424a6a9066de8b4db329cc7f8eec58f Mon Sep 17 00:00:00 2001 From: Alex Batalov Date: Mon, 25 May 2026 00:03:34 +0400 Subject: [PATCH 2/5] docs: plan dependabot security remediation --- ...6-05-25-dependabot-security-remediation.md | 353 ++++++++++++++++++ 1 file changed, 353 insertions(+) create mode 100644 docs/superpowers/plans/2026-05-25-dependabot-security-remediation.md diff --git a/docs/superpowers/plans/2026-05-25-dependabot-security-remediation.md b/docs/superpowers/plans/2026-05-25-dependabot-security-remediation.md new file mode 100644 index 000000000..81896a248 --- /dev/null +++ b/docs/superpowers/plans/2026-05-25-dependabot-security-remediation.md @@ -0,0 +1,353 @@ +# Dependabot Security Remediation Implementation Plan + +> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking. + +**Goal:** Close the current GitHub Dependabot alerts reported against the root `yarn.lock` without pushing from this environment. + +**Architecture:** Treat GitHub alerts and Yarn's resolved dependency graph as the source of truth. Update direct dependencies and nearby top-level dependencies first, then use root `resolutions` for transitive packages whose parents do not yet expose patched ranges. Verify by proving the vulnerable versions are gone from the lockfile and by running the repo's CI-like commands. + +**Tech Stack:** Yarn 4.9.1 workspaces, Turborepo, Docusaurus, TypeScript, Vitest, GitHub CLI. + +--- + +## File Structure + +- Modify `package.json`: bump direct root tooling dependencies and add or revise root `resolutions` for patched transitive packages. +- Modify `website/package.json`: bump Docusaurus packages together when they are the nearest practical parent for `webpack-dev-server`, `postcss`, and Babel-related alerts. +- Modify `yarn.lock`: refresh resolved package versions after manifest and resolution changes. +- Read `.github/dependabot.yml`: confirm that root Dependabot excludes `e2e/projects/**`; do not edit it unless an alert proves the exclusion is wrong. +- Leave `docs/superpowers/specs/2026-05-24-dependabot-security-remediation-design.md` unchanged unless the implementation discovers a contradiction in the approved design. + +## Alert Checklist + +The implementation must account for these open alerts: + +| Alert | Package | Patched version | Initial parent evidence | +| --- | --- | --- | --- | +| 175, 174 | `turbo` | `2.9.14` | Direct root dev dependency | +| 173 | `ws` | `8.20.1` | `webpack-dev-server`, `webpack-bundle-analyzer` | +| 172 | `qs` | `6.15.2` | `@cypress/request`, `body-parser`, `express` | +| 171 | `uuid` | `11.1.1` | `@cypress/request`, `sockjs` | +| 170 | `webpack-dev-server` | `5.2.4` | `@docusaurus/core` | +| 169 | `brace-expansion` | `5.0.6` | `minimatch@10.2.5` | +| 168 | `postcss` | `8.5.10` | Docusaurus, Vite, CSS tooling | +| 167 | `@babel/plugin-transform-modules-systemjs` | `7.29.4` | `@babel/preset-env` | +| 166, 165 | `fast-uri` | `3.1.2` | `ajv@8.18.0` | +| 164 | `ip-address` | `10.1.1` | `socks@2.8.7` | +| 162 | `follow-redirects` | `1.16.0` | `http-proxy@1.18.1` | + +### Task 1: Capture Current Dependency Evidence + +**Files:** +- Read: `package.json` +- Read: `website/package.json` +- Read: `.github/dependabot.yml` +- Read: `yarn.lock` + +- [ ] **Step 1: Confirm the branch is clean except planned docs** + +Run: + +```bash +git status --short --branch +``` + +Expected: branch `codex/dependabot-security-remediation`; no uncommitted dependency files before implementation starts. + +- [ ] **Step 2: Capture the open GitHub alerts** + +Run: + +```bash +gh api -H 'Accept: application/vnd.github+json' '/repos/OpenAPI-Qraft/openapi-qraft/dependabot/alerts?state=open&per_page=100' --jq '.[] | [.number, .dependency.package.name, .dependency.scope, .dependency.relationship, .security_advisory.severity, (.security_vulnerability.first_patched_version.identifier // "none"), .security_vulnerability.vulnerable_version_range] | @tsv' +``` + +Expected: the command prints the alerts listed in the Alert Checklist. If GitHub reports additional alerts, append them to the local working checklist before editing dependencies. + +- [ ] **Step 3: Capture parent packages for every alert** + +Run: + +```bash +for pkg in turbo ws qs uuid webpack-dev-server brace-expansion postcss @babel/plugin-transform-modules-systemjs fast-uri ip-address follow-redirects; do + printf '\n### %s\n' "$pkg" + yarn why "$pkg" +done +``` + +Expected: output shows the current parents. Use this output to decide whether the next task can remove the alert through top-level package updates or needs `resolutions`. + +- [ ] **Step 4: Capture vulnerable lockfile entries** + +Run: + +```bash +rg -n '^(turbo|ws|qs|uuid|webpack-dev-server|brace-expansion|postcss|@babel/plugin-transform-modules-systemjs|fast-uri|ip-address|follow-redirects)@' yarn.lock +``` + +Expected: output includes the currently resolved entries that GitHub flags. Save the package names and versions mentally for comparison after lockfile refresh. + +### Task 2: Apply Direct And Nearby Top-Level Updates + +**Files:** +- Modify: `package.json` +- Modify: `website/package.json` +- Modify: `yarn.lock` + +- [ ] **Step 1: Update direct and nearby parents with Yarn** + +Run: + +```bash +yarn up -R turbo@^2.9.14 @docusaurus/core@3.10.1 @docusaurus/preset-classic@3.10.1 @docusaurus/remark-plugin-npm2yarn@^3.10.1 @docusaurus/module-type-aliases@3.10.1 @docusaurus/types@3.10.1 +``` + +Expected: Yarn updates `package.json`, `website/package.json`, and `yarn.lock`. If Yarn refuses because a package descriptor is not present, remove only that absent descriptor from the command and rerun the reduced command. + +- [ ] **Step 2: Check which alerts remain after the top-level pass** + +Run: + +```bash +for pkg in turbo ws qs uuid webpack-dev-server brace-expansion postcss @babel/plugin-transform-modules-systemjs fast-uri ip-address follow-redirects; do + printf '\n### %s\n' "$pkg" + yarn why "$pkg" +done +``` + +Expected: `turbo` resolves to `2.9.14` or newer. `webpack-dev-server` should resolve to `5.2.4` if the Docusaurus update was enough. Other transitive packages may still need root `resolutions`. + +- [ ] **Step 3: Inspect the dependency diff** + +Run: + +```bash +git diff -- package.json website/package.json yarn.lock +``` + +Expected: dependency changes are limited to manifest version bumps and lockfile refreshes. No generated source, docs content, or excluded `e2e/projects/**` files should be modified. + +### Task 3: Add Security Resolutions For Remaining Vulnerable Transitives + +**Files:** +- Modify: `package.json` +- Modify: `yarn.lock` + +- [ ] **Step 1: Add root `resolutions` for still-vulnerable transitive packages** + +Edit the root `package.json` `resolutions` object. Keep existing entries and add the following entries only for packages that still resolve to vulnerable versions after Task 2: + +```json +{ + "@babel/plugin-transform-modules-systemjs": "npm:^7.29.4", + "brace-expansion@npm:^5.0.5": "npm:^5.0.6", + "fast-uri": "npm:^3.1.2", + "follow-redirects": "npm:^1.16.0", + "ip-address": "npm:^10.1.1", + "postcss": "npm:^8.5.10", + "qs": "npm:^6.15.2", + "uuid": "npm:^11.1.1", + "webpack-dev-server": "npm:^5.2.4", + "ws": "npm:^8.20.1" +} +``` + +Expected: `package.json` remains valid JSON. Existing qraft-specific security overrides remain in place. + +- [ ] **Step 2: Refresh the lockfile** + +Run: + +```bash +yarn install +``` + +Expected: Yarn completes successfully and updates `yarn.lock`. If Yarn reports an incompatible peer or resolution warning, keep the output and continue to Task 4; warnings are acceptable only if build/test verification passes. + +- [ ] **Step 3: Verify immutable install** + +Run: + +```bash +yarn install --immutable +``` + +Expected: success with no lockfile changes. If it wants to modify `yarn.lock`, inspect `git diff -- yarn.lock`, run `yarn install` once more, then rerun `yarn install --immutable`. + +### Task 4: Prove The Vulnerable Versions Are Gone + +**Files:** +- Read: `package.json` +- Read: `website/package.json` +- Read: `yarn.lock` + +- [ ] **Step 1: Re-run `yarn why` for every alert package** + +Run: + +```bash +for pkg in turbo ws qs uuid webpack-dev-server brace-expansion postcss @babel/plugin-transform-modules-systemjs fast-uri ip-address follow-redirects; do + printf '\n### %s\n' "$pkg" + yarn why "$pkg" +done +``` + +Expected resolved minimums: + +```text +turbo >= 2.9.14 +ws >= 8.20.1 for ws 8.x entries, or no vulnerable ws 8.x entry +qs >= 6.15.2 +uuid >= 11.1.1, or no uuid entry in a GitHub-reported vulnerable range +webpack-dev-server >= 5.2.4 +brace-expansion >= 5.0.6 for brace-expansion 5.x entries +postcss >= 8.5.10 +@babel/plugin-transform-modules-systemjs >= 7.29.4 +fast-uri >= 3.1.2 +ip-address >= 10.1.1 +follow-redirects >= 1.16.0 +``` + +- [ ] **Step 2: Inspect lockfile package headers** + +Run: + +```bash +rg -n '^(turbo|ws|qs|uuid|webpack-dev-server|brace-expansion|postcss|@babel/plugin-transform-modules-systemjs|fast-uri|ip-address|follow-redirects)@' yarn.lock +``` + +Expected: no lockfile header resolves an alerted package to the vulnerable ranges from the Alert Checklist. + +- [ ] **Step 3: Recheck GitHub alert state for this repository** + +Run: + +```bash +gh api -H 'Accept: application/vnd.github+json' '/repos/OpenAPI-Qraft/openapi-qraft/dependabot/alerts?state=open&per_page=100' --jq '.[] | [.number, .dependency.package.name, (.security_vulnerability.first_patched_version.identifier // "none"), .security_vulnerability.vulnerable_version_range] | @tsv' +``` + +Expected: GitHub may still show alerts until the branch is pushed and scanned. Use this output as the remote baseline; the local lockfile evidence from Steps 1 and 2 is the actionable proof before push. + +### Task 5: Run Project Verification + +**Files:** +- Read: `package.json` +- Read: `turbo.json` +- Read: the failing workspace's `package.json` when a verification command names a specific workspace. + +- [ ] **Step 1: Run typecheck** + +Run: + +```bash +yarn typecheck +``` + +Expected: success. If it fails, identify the first workspace and error. Fix only failures caused by dependency changes. + +- [ ] **Step 2: Run lint** + +Run: + +```bash +yarn lint +``` + +Expected: success. If it fails, identify whether the failure is dependency-induced or pre-existing. Fix dependency-induced failures. + +- [ ] **Step 3: Run tests** + +Run: + +```bash +yarn test +``` + +Expected: success. If a test fails due to a dependency behavior change, fix the implementation or adjust the dependency strategy rather than weakening assertions. + +- [ ] **Step 4: Run publishable build** + +Run: + +```bash +yarn build:publishable +``` + +Expected: success. This is required because `turbo`, Docusaurus/Babel/Webpack, and lockfile overrides can affect build tooling. + +- [ ] **Step 5: Run website verification if Docusaurus changed** + +Run this when `website/package.json` or Docusaurus-related lockfile entries changed: + +```bash +yarn workspace openapi-qraft-website build +``` + +Expected: success. If the website build fails because Docusaurus 3.10.1 changed behavior, either fix the website issue or revert the Docusaurus bump and rely on narrower `resolutions`. + +- [ ] **Step 6: Run relevant e2e if build tooling changed** + +Run: + +```bash +cd e2e && yarn e2e:tree-shaking-bundlers-local +``` + +Expected: success if the command is available and the local e2e environment is configured. If it is unavailable because the external fixture is not present, record the exact missing prerequisite and do not mark e2e as passed. + +### Task 6: Commit Dependency Remediation + +**Files:** +- Modify: `package.json` +- Modify: `website/package.json` if changed +- Modify: `yarn.lock` + +- [ ] **Step 1: Check final diff** + +Run: + +```bash +git diff -- package.json website/package.json yarn.lock +``` + +Expected: diff contains dependency remediation only. + +- [ ] **Step 2: Check whitespace and patch sanity** + +Run: + +```bash +git diff --check +``` + +Expected: no whitespace errors. + +- [ ] **Step 3: Stage dependency files** + +Run: + +```bash +git add package.json website/package.json yarn.lock +``` + +Expected: only files that changed are staged. If `website/package.json` did not change, Git will ignore that path or report no staged change for it. + +- [ ] **Step 4: Commit dependency remediation** + +Run: + +```bash +git commit -m "fix: remediate dependabot security alerts" +``` + +Expected: commit succeeds. Do not push. + +- [ ] **Step 5: Summarize verification evidence** + +Run: + +```bash +git status --short --branch +``` + +Expected: clean branch after the dependency commit. Final response must list the commands that passed, any command that was skipped or blocked, and the local evidence that vulnerable versions are gone. From f92a327d5b99a993fff9cfb0dd034e5e2be28ce9 Mon Sep 17 00:00:00 2001 From: Alex Batalov Date: Mon, 25 May 2026 02:19:36 +0400 Subject: [PATCH 3/5] docs: mark steps complete in Dependabot security remediation plan --- ...6-05-25-dependabot-security-remediation.md | 72 ++++++++++--------- 1 file changed, 37 insertions(+), 35 deletions(-) diff --git a/docs/superpowers/plans/2026-05-25-dependabot-security-remediation.md b/docs/superpowers/plans/2026-05-25-dependabot-security-remediation.md index 81896a248..2932b5680 100644 --- a/docs/superpowers/plans/2026-05-25-dependabot-security-remediation.md +++ b/docs/superpowers/plans/2026-05-25-dependabot-security-remediation.md @@ -44,7 +44,7 @@ The implementation must account for these open alerts: - Read: `.github/dependabot.yml` - Read: `yarn.lock` -- [ ] **Step 1: Confirm the branch is clean except planned docs** +- [x] **Step 1: Confirm the branch is clean except planned docs** Run: @@ -54,7 +54,7 @@ git status --short --branch Expected: branch `codex/dependabot-security-remediation`; no uncommitted dependency files before implementation starts. -- [ ] **Step 2: Capture the open GitHub alerts** +- [x] **Step 2: Capture the open GitHub alerts** Run: @@ -64,7 +64,7 @@ gh api -H 'Accept: application/vnd.github+json' '/repos/OpenAPI-Qraft/openapi-qr Expected: the command prints the alerts listed in the Alert Checklist. If GitHub reports additional alerts, append them to the local working checklist before editing dependencies. -- [ ] **Step 3: Capture parent packages for every alert** +- [x] **Step 3: Capture parent packages for every alert** Run: @@ -77,7 +77,7 @@ done Expected: output shows the current parents. Use this output to decide whether the next task can remove the alert through top-level package updates or needs `resolutions`. -- [ ] **Step 4: Capture vulnerable lockfile entries** +- [x] **Step 4: Capture vulnerable lockfile entries** Run: @@ -94,17 +94,17 @@ Expected: output includes the currently resolved entries that GitHub flags. Save - Modify: `website/package.json` - Modify: `yarn.lock` -- [ ] **Step 1: Update direct and nearby parents with Yarn** +- [x] **Step 1: Update direct and nearby parents with Yarn** Run: ```bash -yarn up -R turbo@^2.9.14 @docusaurus/core@3.10.1 @docusaurus/preset-classic@3.10.1 @docusaurus/remark-plugin-npm2yarn@^3.10.1 @docusaurus/module-type-aliases@3.10.1 @docusaurus/types@3.10.1 +yarn up turbo @docusaurus/core @docusaurus/preset-classic @docusaurus/remark-plugin-npm2yarn @docusaurus/module-type-aliases @docusaurus/types ``` -Expected: Yarn updates `package.json`, `website/package.json`, and `yarn.lock`. If Yarn refuses because a package descriptor is not present, remove only that absent descriptor from the command and rerun the reduced command. +Expected: Yarn updates `package.json`, `website/package.json`, and `yarn.lock`. Do not use `-R` with explicit ranges because Yarn 4 rejects ranges in recursive mode. -- [ ] **Step 2: Check which alerts remain after the top-level pass** +- [x] **Step 2: Check which alerts remain after the top-level pass** Run: @@ -117,7 +117,7 @@ done Expected: `turbo` resolves to `2.9.14` or newer. `webpack-dev-server` should resolve to `5.2.4` if the Docusaurus update was enough. Other transitive packages may still need root `resolutions`. -- [ ] **Step 3: Inspect the dependency diff** +- [x] **Step 3: Inspect the dependency diff** Run: @@ -133,28 +133,30 @@ Expected: dependency changes are limited to manifest version bumps and lockfile - Modify: `package.json` - Modify: `yarn.lock` -- [ ] **Step 1: Add root `resolutions` for still-vulnerable transitive packages** +- [x] **Step 1: Add root `resolutions` for still-vulnerable transitive packages** Edit the root `package.json` `resolutions` object. Keep existing entries and add the following entries only for packages that still resolve to vulnerable versions after Task 2: ```json { - "@babel/plugin-transform-modules-systemjs": "npm:^7.29.4", - "brace-expansion@npm:^5.0.5": "npm:^5.0.6", - "fast-uri": "npm:^3.1.2", - "follow-redirects": "npm:^1.16.0", - "ip-address": "npm:^10.1.1", + "@babel/plugin-transform-modules-systemjs@npm:^7.28.5": "npm:^7.29.4", + "@cypress/request@npm:3.0.10/uuid": "npm:11.1.1", + "fast-uri@npm:^3.0.1": "npm:^3.1.2", + "follow-redirects@npm:^1.0.0": "npm:^1.16.0", + "ip-address@npm:^10.0.1": "npm:^10.1.1", + "minimatch@npm:10.2.5/brace-expansion": "npm:^5.0.6", "postcss": "npm:^8.5.10", - "qs": "npm:^6.15.2", - "uuid": "npm:^11.1.1", - "webpack-dev-server": "npm:^5.2.4", - "ws": "npm:^8.20.1" + "qs@npm:~6.14.0": "npm:^6.15.2", + "qs@npm:~6.14.1": "npm:^6.15.2", + "sockjs@npm:0.3.24/uuid": "npm:11.1.1", + "webpack-dev-server@npm:^5.2.2": "npm:^5.2.4", + "ws@npm:^8.18.0": "npm:^8.20.1" } ``` Expected: `package.json` remains valid JSON. Existing qraft-specific security overrides remain in place. -- [ ] **Step 2: Refresh the lockfile** +- [x] **Step 2: Refresh the lockfile** Run: @@ -164,7 +166,7 @@ yarn install Expected: Yarn completes successfully and updates `yarn.lock`. If Yarn reports an incompatible peer or resolution warning, keep the output and continue to Task 4; warnings are acceptable only if build/test verification passes. -- [ ] **Step 3: Verify immutable install** +- [x] **Step 3: Verify immutable install** Run: @@ -181,7 +183,7 @@ Expected: success with no lockfile changes. If it wants to modify `yarn.lock`, i - Read: `website/package.json` - Read: `yarn.lock` -- [ ] **Step 1: Re-run `yarn why` for every alert package** +- [x] **Step 1: Re-run `yarn why` for every alert package** Run: @@ -208,7 +210,7 @@ ip-address >= 10.1.1 follow-redirects >= 1.16.0 ``` -- [ ] **Step 2: Inspect lockfile package headers** +- [x] **Step 2: Inspect lockfile package headers** Run: @@ -218,7 +220,7 @@ rg -n '^(turbo|ws|qs|uuid|webpack-dev-server|brace-expansion|postcss|@babel/plug Expected: no lockfile header resolves an alerted package to the vulnerable ranges from the Alert Checklist. -- [ ] **Step 3: Recheck GitHub alert state for this repository** +- [x] **Step 3: Recheck GitHub alert state for this repository** Run: @@ -235,7 +237,7 @@ Expected: GitHub may still show alerts until the branch is pushed and scanned. U - Read: `turbo.json` - Read: the failing workspace's `package.json` when a verification command names a specific workspace. -- [ ] **Step 1: Run typecheck** +- [x] **Step 1: Run typecheck** Run: @@ -245,7 +247,7 @@ yarn typecheck Expected: success. If it fails, identify the first workspace and error. Fix only failures caused by dependency changes. -- [ ] **Step 2: Run lint** +- [x] **Step 2: Run lint** Run: @@ -255,7 +257,7 @@ yarn lint Expected: success. If it fails, identify whether the failure is dependency-induced or pre-existing. Fix dependency-induced failures. -- [ ] **Step 3: Run tests** +- [x] **Step 3: Run tests** Run: @@ -265,7 +267,7 @@ yarn test Expected: success. If a test fails due to a dependency behavior change, fix the implementation or adjust the dependency strategy rather than weakening assertions. -- [ ] **Step 4: Run publishable build** +- [x] **Step 4: Run publishable build** Run: @@ -275,7 +277,7 @@ yarn build:publishable Expected: success. This is required because `turbo`, Docusaurus/Babel/Webpack, and lockfile overrides can affect build tooling. -- [ ] **Step 5: Run website verification if Docusaurus changed** +- [x] **Step 5: Run website verification if Docusaurus changed** Run this when `website/package.json` or Docusaurus-related lockfile entries changed: @@ -285,15 +287,15 @@ yarn workspace openapi-qraft-website build Expected: success. If the website build fails because Docusaurus 3.10.1 changed behavior, either fix the website issue or revert the Docusaurus bump and rely on narrower `resolutions`. -- [ ] **Step 6: Run relevant e2e if build tooling changed** +- [x] **Step 6: Run relevant e2e if build tooling changed** -Run: +Run the checkout's available CI-like e2e script: ```bash -cd e2e && yarn e2e:tree-shaking-bundlers-local +cd e2e && NPM_PUBLISH_REGISTRY=http://localhost:4873 UNSAFE_HTTP_WHITELIST=localhost yarn e2e:test ``` -Expected: success if the command is available and the local e2e environment is configured. If it is unavailable because the external fixture is not present, record the exact missing prerequisite and do not mark e2e as passed. +Expected: success if the local e2e environment is configured. If it leaves local fixture install/build artifacts behind, clean those artifacts before committing. ### Task 6: Commit Dependency Remediation @@ -302,7 +304,7 @@ Expected: success if the command is available and the local e2e environment is c - Modify: `website/package.json` if changed - Modify: `yarn.lock` -- [ ] **Step 1: Check final diff** +- [x] **Step 1: Check final diff** Run: @@ -312,7 +314,7 @@ git diff -- package.json website/package.json yarn.lock Expected: diff contains dependency remediation only. -- [ ] **Step 2: Check whitespace and patch sanity** +- [x] **Step 2: Check whitespace and patch sanity** Run: From 595e22be8d25e4d57dc493add82d3bf94b9a6971 Mon Sep 17 00:00:00 2001 From: Alex Batalov Date: Mon, 25 May 2026 02:19:42 +0400 Subject: [PATCH 4/5] chore: update dependencies and devDependencies across project, including Docusaurus to ^3.10.1 and Turbo to ^2.9.14 --- package.json | 36 +- website/package.json | 10 +- yarn.lock | 766 +++++++++++++++++++++++-------------------- 3 files changed, 431 insertions(+), 381 deletions(-) diff --git a/package.json b/package.json index bc3c5c911..afc070090 100644 --- a/package.json +++ b/package.json @@ -16,7 +16,7 @@ "@ianvs/prettier-plugin-sort-imports": "^4.7.1", "knip": "^6.4.0", "prettier": "^3.8.2", - "turbo": "^2.9.6", + "turbo": "^2.9.14", "typescript": "^5.9.3" }, "workspaces": [ @@ -34,30 +34,42 @@ "@verdaccio/core@npm:8.0.0-next-8.21/ajv": "npm:^8.18.0", "@verdaccio/core@npm:8.0.0-next-8.21/minimatch": "npm:^7.4.9", "@verdaccio/local-storage-legacy@npm:11.1.1/lodash": "npm:^4.18.0", - "@docusaurus/bundler@npm:3.10.0/webpack": "npm:^5.104.1", - "@docusaurus/bundler@npm:3.10.0/webpackbar": "npm:^7.0.0", - "@docusaurus/core@npm:3.10.0/webpack": "npm:^5.104.1", - "@docusaurus/mdx-loader@npm:3.10.0/webpack": "npm:^5.104.1", - "@docusaurus/plugin-content-blog@npm:3.10.0/webpack": "npm:^5.104.1", - "@docusaurus/plugin-content-docs@npm:3.10.0/webpack": "npm:^5.104.1", - "@docusaurus/plugin-content-pages@npm:3.10.0/webpack": "npm:^5.104.1", - "@docusaurus/plugin-svgr@npm:3.10.0/webpack": "npm:^5.104.1", - "@docusaurus/types@npm:3.10.0/webpack": "npm:^5.104.1", - "@docusaurus/utils@npm:3.10.0/webpack": "npm:^5.104.1", + "@babel/plugin-transform-modules-systemjs@npm:^7.28.5": "npm:^7.29.4", + "@docusaurus/bundler@npm:3.10.1/webpack": "npm:^5.104.1", + "@docusaurus/bundler@npm:3.10.1/webpackbar": "npm:^7.0.0", + "@docusaurus/core@npm:3.10.1/webpack": "npm:^5.104.1", + "@docusaurus/mdx-loader@npm:3.10.1/webpack": "npm:^5.104.1", + "@docusaurus/plugin-content-blog@npm:3.10.1/webpack": "npm:^5.104.1", + "@docusaurus/plugin-content-docs@npm:3.10.1/webpack": "npm:^5.104.1", + "@docusaurus/plugin-content-pages@npm:3.10.1/webpack": "npm:^5.104.1", + "@docusaurus/plugin-svgr@npm:3.10.1/webpack": "npm:^5.104.1", + "@docusaurus/types@npm:3.10.1/webpack": "npm:^5.104.1", + "@docusaurus/utils@npm:3.10.1/webpack": "npm:^5.104.1", "anymatch@npm:3.1.3/picomatch": "npm:^2.3.2", "compression/on-headers": "1.1.0", "copy-webpack-plugin@npm:11.0.0/serialize-javascript": "npm:^7.0.3", "css-minimizer-webpack-plugin@npm:5.0.1/serialize-javascript": "npm:^7.0.3", + "fast-uri@npm:^3.0.1": "npm:^3.1.2", + "follow-redirects@npm:^1.0.0": "npm:^1.16.0", + "ip-address@npm:^10.0.1": "npm:^10.1.1", "jest-util@npm:29.7.0/picomatch": "npm:^2.3.2", + "minimatch@npm:10.2.5/brace-expansion": "npm:^5.0.6", "minimatch@npm:3.1.5/brace-expansion": "npm:^1.1.13", "msw-auto-mock@npm:0.32.0/lodash": "npm:^4.18.0", "oas-linter@npm:3.2.2/yaml": "npm:^1.10.3", "oas-resolver@npm:2.5.6/yaml": "npm:^1.10.3", "oas-validator@npm:5.0.8/yaml": "npm:^1.10.3", + "postcss": "npm:^8.5.10", + "qs@npm:~6.14.0": "npm:^6.15.2", + "qs@npm:~6.14.1": "npm:^6.15.2", "readdirp@npm:3.6.0/picomatch": "npm:^2.3.2", "remark-validate-links@npm:13.1.0/mdast-util-to-hast": "npm:^13.2.1", "swagger2openapi@npm:7.0.8/yaml": "npm:^1.10.3", "ts-morph@npm:^17.0.1": "patch:ts-morph@npm%3A17.0.1#~/.yarn/patches/ts-morph-npm-17.0.1-6097358fba.patch", - "verdaccio/js-yaml": "4.1.1" + "@cypress/request@npm:3.0.10/uuid": "npm:11.1.1", + "sockjs@npm:0.3.24/uuid": "npm:11.1.1", + "verdaccio/js-yaml": "4.1.1", + "webpack-dev-server@npm:^5.2.2": "npm:^5.2.4", + "ws@npm:^8.18.0": "npm:^8.20.1" } } diff --git a/website/package.json b/website/package.json index b5d6bfbcd..c18759483 100644 --- a/website/package.json +++ b/website/package.json @@ -15,9 +15,9 @@ "lint": "remark . --ignore-pattern 'bin/**' --ext md,mdx --quiet --frail --rc-path .remarkrc.mjs && editorconfig-checker -exclude '\\.(mjs|js|ts|svg)$'" }, "dependencies": { - "@docusaurus/core": "3.10.0", - "@docusaurus/preset-classic": "3.10.0", - "@docusaurus/remark-plugin-npm2yarn": "^3.10.0", + "@docusaurus/core": "^3.10.1", + "@docusaurus/preset-classic": "^3.10.1", + "@docusaurus/remark-plugin-npm2yarn": "^3.10.1", "@mdx-js/react": "^3.1.1", "clsx": "^2.1.1", "prism-react-renderer": "^2.4.1", @@ -25,8 +25,8 @@ "react-dom": "^19.2.5" }, "devDependencies": { - "@docusaurus/module-type-aliases": "3.10.0", - "@docusaurus/types": "3.10.0", + "@docusaurus/module-type-aliases": "^3.10.1", + "@docusaurus/types": "^3.10.1", "editorconfig-checker": "^5.1.9", "prettier": "^3.8.2", "remark-cli": "12.0.1", diff --git a/yarn.lock b/yarn.lock index bce08d2c8..9dfc0e87e 100644 --- a/yarn.lock +++ b/yarn.lock @@ -564,7 +564,7 @@ __metadata: languageName: node linkType: hard -"@babel/helper-module-transforms@npm:^7.27.1, @babel/helper-module-transforms@npm:^7.28.3, @babel/helper-module-transforms@npm:^7.28.6": +"@babel/helper-module-transforms@npm:^7.27.1, @babel/helper-module-transforms@npm:^7.28.6": version: 7.28.6 resolution: "@babel/helper-module-transforms@npm:7.28.6" dependencies: @@ -593,6 +593,13 @@ __metadata: languageName: node linkType: hard +"@babel/helper-plugin-utils@npm:^7.28.6": + version: 7.28.6 + resolution: "@babel/helper-plugin-utils@npm:7.28.6" + checksum: 10c0/3f5f8acc152fdbb69a84b8624145ff4f9b9f6e776cb989f9f968f8606eb7185c5c3cfcf3ba08534e37e1e0e1c118ac67080610333f56baa4f7376c99b5f1143d + languageName: node + linkType: hard + "@babel/helper-remap-async-to-generator@npm:^7.27.1": version: 7.27.1 resolution: "@babel/helper-remap-async-to-generator@npm:7.27.1" @@ -1148,17 +1155,17 @@ __metadata: languageName: node linkType: hard -"@babel/plugin-transform-modules-systemjs@npm:^7.28.5": - version: 7.28.5 - resolution: "@babel/plugin-transform-modules-systemjs@npm:7.28.5" +"@babel/plugin-transform-modules-systemjs@npm:^7.29.4": + version: 7.29.4 + resolution: "@babel/plugin-transform-modules-systemjs@npm:7.29.4" dependencies: - "@babel/helper-module-transforms": "npm:^7.28.3" - "@babel/helper-plugin-utils": "npm:^7.27.1" + "@babel/helper-module-transforms": "npm:^7.28.6" + "@babel/helper-plugin-utils": "npm:^7.28.6" "@babel/helper-validator-identifier": "npm:^7.28.5" - "@babel/traverse": "npm:^7.28.5" + "@babel/traverse": "npm:^7.29.0" peerDependencies: "@babel/core": ^7.0.0-0 - checksum: 10c0/7e8c0bcff79689702b974f6a0fedb5d0c6eeb5a5e3384deb7028e7cfe92a5242cc80e981e9c1817aad29f2ecc01841753365dd38d877aa0b91737ceec2acfd07 + checksum: 10c0/1da94f89ef8ba1aa1501136a80eb4c010c6a19f5550e10db84677b3ccb7a4934c8098f2b5134def87cf513bf05747ffa523d33722a1ea5a5c8ef956e9136c4c2 languageName: node linkType: hard @@ -2688,9 +2695,9 @@ __metadata: languageName: node linkType: hard -"@docusaurus/babel@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/babel@npm:3.10.0" +"@docusaurus/babel@npm:3.10.1": + version: 3.10.1 + resolution: "@docusaurus/babel@npm:3.10.1" dependencies: "@babel/core": "npm:^7.25.9" "@babel/generator": "npm:^7.25.9" @@ -2701,25 +2708,25 @@ __metadata: "@babel/preset-typescript": "npm:^7.25.9" "@babel/runtime": "npm:^7.25.9" "@babel/traverse": "npm:^7.25.9" - "@docusaurus/logger": "npm:3.10.0" - "@docusaurus/utils": "npm:3.10.0" + "@docusaurus/logger": "npm:3.10.1" + "@docusaurus/utils": "npm:3.10.1" babel-plugin-dynamic-import-node: "npm:^2.3.3" fs-extra: "npm:^11.1.1" tslib: "npm:^2.6.0" - checksum: 10c0/d79bd3e8805036e35b09ec4c7ebbf6060b07c1a375b3d27c727cc3122d25c9fddd98d450a22b70eaa9f7f3be0a7c3c5bd36819a7c1abcde4c7b4d3356248a9e3 + checksum: 10c0/3f6d2fdd6bc9c3a47683c1517e2afc7bca4b95d7b1817d68e91c1c2eaf944971d925ec03f2de8d88d40f97a0d88a1415cb2b9c64ac335c7cb6e37e6258c6f97a languageName: node linkType: hard -"@docusaurus/bundler@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/bundler@npm:3.10.0" +"@docusaurus/bundler@npm:3.10.1": + version: 3.10.1 + resolution: "@docusaurus/bundler@npm:3.10.1" dependencies: "@babel/core": "npm:^7.25.9" - "@docusaurus/babel": "npm:3.10.0" - "@docusaurus/cssnano-preset": "npm:3.10.0" - "@docusaurus/logger": "npm:3.10.0" - "@docusaurus/types": "npm:3.10.0" - "@docusaurus/utils": "npm:3.10.0" + "@docusaurus/babel": "npm:3.10.1" + "@docusaurus/cssnano-preset": "npm:3.10.1" + "@docusaurus/logger": "npm:3.10.1" + "@docusaurus/types": "npm:3.10.1" + "@docusaurus/utils": "npm:3.10.1" babel-loader: "npm:^9.2.1" clean-css: "npm:^5.3.3" copy-webpack-plugin: "npm:^11.0.0" @@ -2737,27 +2744,27 @@ __metadata: tslib: "npm:^2.6.0" url-loader: "npm:^4.1.1" webpack: "npm:^5.95.0" - webpackbar: "npm:^6.0.1" + webpackbar: "npm:^7.0.0" peerDependencies: "@docusaurus/faster": "*" peerDependenciesMeta: "@docusaurus/faster": optional: true - checksum: 10c0/49af1eba5e45126e972f943148b891c9e167e4510e6f349060ef210c648f28b5ee6344280e1ade0c2e1317bdd165ed3615aa71f95e91bd11e00a7dbb6795a0e3 + checksum: 10c0/20655bd64a5716cc3603d9097e7ca3d2526ccd7265ce3e9d23dfc9679faa08752a5604b98ba2b47eea5e183a3c4f0e383300899ae2f3897513493ec97a6beab2 languageName: node linkType: hard -"@docusaurus/core@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/core@npm:3.10.0" - dependencies: - "@docusaurus/babel": "npm:3.10.0" - "@docusaurus/bundler": "npm:3.10.0" - "@docusaurus/logger": "npm:3.10.0" - "@docusaurus/mdx-loader": "npm:3.10.0" - "@docusaurus/utils": "npm:3.10.0" - "@docusaurus/utils-common": "npm:3.10.0" - "@docusaurus/utils-validation": "npm:3.10.0" +"@docusaurus/core@npm:3.10.1, @docusaurus/core@npm:^3.10.1": + version: 3.10.1 + resolution: "@docusaurus/core@npm:3.10.1" + dependencies: + "@docusaurus/babel": "npm:3.10.1" + "@docusaurus/bundler": "npm:3.10.1" + "@docusaurus/logger": "npm:3.10.1" + "@docusaurus/mdx-loader": "npm:3.10.1" + "@docusaurus/utils": "npm:3.10.1" + "@docusaurus/utils-common": "npm:3.10.1" + "@docusaurus/utils-validation": "npm:3.10.1" boxen: "npm:^6.2.1" chalk: "npm:^4.1.2" chokidar: "npm:^3.5.3" @@ -2803,39 +2810,39 @@ __metadata: optional: true bin: docusaurus: bin/docusaurus.mjs - checksum: 10c0/2a00cd5f1a22a737d37d127f5e5e6aee3ed51563884136fc76d2fa97cb71a7d577e28959f25ec2065c0e232efc003def1d6db94fcee0533063de87484bb39c86 + checksum: 10c0/006d9f57357c3196d0c33f7c5d0ce33b9f032358ed070b8ce212186169c356847cf768b3ac95b54433815c0076eda2eb94805a64bf4b2f5e47376556164e5362 languageName: node linkType: hard -"@docusaurus/cssnano-preset@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/cssnano-preset@npm:3.10.0" +"@docusaurus/cssnano-preset@npm:3.10.1": + version: 3.10.1 + resolution: "@docusaurus/cssnano-preset@npm:3.10.1" dependencies: cssnano-preset-advanced: "npm:^6.1.2" postcss: "npm:^8.5.4" postcss-sort-media-queries: "npm:^5.2.0" tslib: "npm:^2.6.0" - checksum: 10c0/635df6b05241f73b333b3d7d451d37ec56d7982a8c430afc2e8e8cf7c9e506b499b64d6bba14ccdf79b8afe84452d159516897741aa2fa838194964574da8881 + checksum: 10c0/549cf594fd9cfddd2f57bd177896c6bde8cc3821f7f07e7573d55d4c5841d7eb90d38c1b888b81479ffe33f0015b848c031ad4185f54feedf8ae2f1e2269e2ce languageName: node linkType: hard -"@docusaurus/logger@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/logger@npm:3.10.0" +"@docusaurus/logger@npm:3.10.1": + version: 3.10.1 + resolution: "@docusaurus/logger@npm:3.10.1" dependencies: chalk: "npm:^4.1.2" tslib: "npm:^2.6.0" - checksum: 10c0/f9bc2b7037fb7dff8a5aba06807e4f9601e422b91d0bb7e462ecdb33d71e1c9ee3d9dfb5c37af66f6f35c43310e461857af0dda96531928af3c22678fa77ec18 + checksum: 10c0/c78c676de0cf11ba5737abe8d13ebb67c4fdd8019ac8512ee18b34c27fdd5aaf32b703da3596271592be8615094507754791ac16587a24146f3830e1558a24c3 languageName: node linkType: hard -"@docusaurus/mdx-loader@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/mdx-loader@npm:3.10.0" +"@docusaurus/mdx-loader@npm:3.10.1": + version: 3.10.1 + resolution: "@docusaurus/mdx-loader@npm:3.10.1" dependencies: - "@docusaurus/logger": "npm:3.10.0" - "@docusaurus/utils": "npm:3.10.0" - "@docusaurus/utils-validation": "npm:3.10.0" + "@docusaurus/logger": "npm:3.10.1" + "@docusaurus/utils": "npm:3.10.1" + "@docusaurus/utils-validation": "npm:3.10.1" "@mdx-js/mdx": "npm:^3.0.0" "@slorber/remark-comment": "npm:^1.0.0" escape-html: "npm:^1.0.3" @@ -2860,15 +2867,15 @@ __metadata: peerDependencies: react: ^18.0.0 || ^19.0.0 react-dom: ^18.0.0 || ^19.0.0 - checksum: 10c0/0b94f20398a2fd39e54215895d2607d277d0cf3a80728adbbadcbf2443063e8e1082929242ccdc4ebe393c6c4010a5ccdecf6f2a8478d90b20c74d032940d33a + checksum: 10c0/2764e3e1a6fc4856746aacd627d43a403cbad87d6ec7400d30092197f36c028207cc5d267e0af2ce34df31f0a68bb2f082bbd5d308d14bedc0d874bc95a89c7b languageName: node linkType: hard -"@docusaurus/module-type-aliases@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/module-type-aliases@npm:3.10.0" +"@docusaurus/module-type-aliases@npm:3.10.1, @docusaurus/module-type-aliases@npm:^3.10.1": + version: 3.10.1 + resolution: "@docusaurus/module-type-aliases@npm:3.10.1" dependencies: - "@docusaurus/types": "npm:3.10.0" + "@docusaurus/types": "npm:3.10.1" "@types/history": "npm:^4.7.11" "@types/react": "npm:*" "@types/react-router-config": "npm:*" @@ -2878,22 +2885,22 @@ __metadata: peerDependencies: react: "*" react-dom: "*" - checksum: 10c0/61952050bef257a0999db849a328655a4141d31b8d4fa4d54828da7ee8f710d7e592081a150c8b9750640bcaf78f3b7ca7165aefbcc0048c328407d582fe21b8 + checksum: 10c0/837faf66e24b9b0e2d2d276956f00cf5395a752682396013876935b6b0275b573d4cc3e9667a5110f9077c5943ddd1f47b462217a8418a5e6bdd013de8afd918 languageName: node linkType: hard -"@docusaurus/plugin-content-blog@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/plugin-content-blog@npm:3.10.0" - dependencies: - "@docusaurus/core": "npm:3.10.0" - "@docusaurus/logger": "npm:3.10.0" - "@docusaurus/mdx-loader": "npm:3.10.0" - "@docusaurus/theme-common": "npm:3.10.0" - "@docusaurus/types": "npm:3.10.0" - "@docusaurus/utils": "npm:3.10.0" - "@docusaurus/utils-common": "npm:3.10.0" - "@docusaurus/utils-validation": "npm:3.10.0" +"@docusaurus/plugin-content-blog@npm:3.10.1": + version: 3.10.1 + resolution: "@docusaurus/plugin-content-blog@npm:3.10.1" + dependencies: + "@docusaurus/core": "npm:3.10.1" + "@docusaurus/logger": "npm:3.10.1" + "@docusaurus/mdx-loader": "npm:3.10.1" + "@docusaurus/theme-common": "npm:3.10.1" + "@docusaurus/types": "npm:3.10.1" + "@docusaurus/utils": "npm:3.10.1" + "@docusaurus/utils-common": "npm:3.10.1" + "@docusaurus/utils-validation": "npm:3.10.1" cheerio: "npm:1.0.0-rc.12" combine-promises: "npm:^1.1.0" feed: "npm:^4.2.2" @@ -2909,23 +2916,23 @@ __metadata: "@docusaurus/plugin-content-docs": "*" react: ^18.0.0 || ^19.0.0 react-dom: ^18.0.0 || ^19.0.0 - checksum: 10c0/80295c4d217c45d2685d71e3e898e4e67715ce3ecf684063927e0f9c771a2156af2aefb813b61ed33d8a14bc0dbc820da9cd745b32fe4ef5baa03091165b3542 + checksum: 10c0/5c6d912bbcbbc9efa5c81e256f4074e70980c85623f5fd72a344b90bd5f23ed2c03030d8d0cb1ce38bdb2263fdf74ac3e7801a66050184ed11005adc5f49bcb2 languageName: node linkType: hard -"@docusaurus/plugin-content-docs@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/plugin-content-docs@npm:3.10.0" - dependencies: - "@docusaurus/core": "npm:3.10.0" - "@docusaurus/logger": "npm:3.10.0" - "@docusaurus/mdx-loader": "npm:3.10.0" - "@docusaurus/module-type-aliases": "npm:3.10.0" - "@docusaurus/theme-common": "npm:3.10.0" - "@docusaurus/types": "npm:3.10.0" - "@docusaurus/utils": "npm:3.10.0" - "@docusaurus/utils-common": "npm:3.10.0" - "@docusaurus/utils-validation": "npm:3.10.0" +"@docusaurus/plugin-content-docs@npm:3.10.1": + version: 3.10.1 + resolution: "@docusaurus/plugin-content-docs@npm:3.10.1" + dependencies: + "@docusaurus/core": "npm:3.10.1" + "@docusaurus/logger": "npm:3.10.1" + "@docusaurus/mdx-loader": "npm:3.10.1" + "@docusaurus/module-type-aliases": "npm:3.10.1" + "@docusaurus/theme-common": "npm:3.10.1" + "@docusaurus/types": "npm:3.10.1" + "@docusaurus/utils": "npm:3.10.1" + "@docusaurus/utils-common": "npm:3.10.1" + "@docusaurus/utils-validation": "npm:3.10.1" "@types/react-router-config": "npm:^5.0.7" combine-promises: "npm:^1.1.0" fs-extra: "npm:^11.1.1" @@ -2938,133 +2945,133 @@ __metadata: peerDependencies: react: ^18.0.0 || ^19.0.0 react-dom: ^18.0.0 || ^19.0.0 - checksum: 10c0/d1d61c85363231216e7f02731806c1519804c14b1a59bab84c386f4dfb45433081ed516cca42d8d891b9855a9ec996d53fe1a7624474a70d64515e7205beb791 + checksum: 10c0/a9d78f6979cc64aef1210f51979f2ed5100ce4a49ba266386e35e9109e4415e66bd9a9448696078f247d204949a29197faa9396bd1f014c88fcdd1aa1e98a3f8 languageName: node linkType: hard -"@docusaurus/plugin-content-pages@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/plugin-content-pages@npm:3.10.0" +"@docusaurus/plugin-content-pages@npm:3.10.1": + version: 3.10.1 + resolution: "@docusaurus/plugin-content-pages@npm:3.10.1" dependencies: - "@docusaurus/core": "npm:3.10.0" - "@docusaurus/mdx-loader": "npm:3.10.0" - "@docusaurus/types": "npm:3.10.0" - "@docusaurus/utils": "npm:3.10.0" - "@docusaurus/utils-validation": "npm:3.10.0" + "@docusaurus/core": "npm:3.10.1" + "@docusaurus/mdx-loader": "npm:3.10.1" + "@docusaurus/types": "npm:3.10.1" + "@docusaurus/utils": "npm:3.10.1" + "@docusaurus/utils-validation": "npm:3.10.1" fs-extra: "npm:^11.1.1" tslib: "npm:^2.6.0" webpack: "npm:^5.88.1" peerDependencies: react: ^18.0.0 || ^19.0.0 react-dom: ^18.0.0 || ^19.0.0 - checksum: 10c0/780bf847a37a2bd7732870f2f8e7395aa82c0f9cba61353225fe6c1abfe48b1403b21f2ad67983db0f0712b01be277796e8d4d51d16e082447c269fe5afadb6c + checksum: 10c0/00dab7af101b0607746d820c399bc3062279165b1b79009f2c6c8439a627818748da52f43eee0a4a874923707c89c9fce17aab72a7c88d298fa36b6efc0bacc7 languageName: node linkType: hard -"@docusaurus/plugin-css-cascade-layers@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/plugin-css-cascade-layers@npm:3.10.0" +"@docusaurus/plugin-css-cascade-layers@npm:3.10.1": + version: 3.10.1 + resolution: "@docusaurus/plugin-css-cascade-layers@npm:3.10.1" dependencies: - "@docusaurus/core": "npm:3.10.0" - "@docusaurus/types": "npm:3.10.0" - "@docusaurus/utils": "npm:3.10.0" - "@docusaurus/utils-validation": "npm:3.10.0" + "@docusaurus/core": "npm:3.10.1" + "@docusaurus/types": "npm:3.10.1" + "@docusaurus/utils": "npm:3.10.1" + "@docusaurus/utils-validation": "npm:3.10.1" tslib: "npm:^2.6.0" - checksum: 10c0/ebbfadc70293ff30878f263a166cd0c1e0bea24067acfc8ccb5d45adb9cc653c753fa9a27d874cd5e7855e2f7e5a35f1d337f07b6b28edabc77524f3533f47ea + checksum: 10c0/fd11a7488029226276bbdbeb1de4035ed425b8d7be0fbad3d5a0aa3a18646064f1930835bfc951837bfc813873548e1a8b23d9f52cb20120e1239a1d93128d79 languageName: node linkType: hard -"@docusaurus/plugin-debug@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/plugin-debug@npm:3.10.0" +"@docusaurus/plugin-debug@npm:3.10.1": + version: 3.10.1 + resolution: "@docusaurus/plugin-debug@npm:3.10.1" dependencies: - "@docusaurus/core": "npm:3.10.0" - "@docusaurus/types": "npm:3.10.0" - "@docusaurus/utils": "npm:3.10.0" + "@docusaurus/core": "npm:3.10.1" + "@docusaurus/types": "npm:3.10.1" + "@docusaurus/utils": "npm:3.10.1" fs-extra: "npm:^11.1.1" react-json-view-lite: "npm:^2.3.0" tslib: "npm:^2.6.0" peerDependencies: react: ^18.0.0 || ^19.0.0 react-dom: ^18.0.0 || ^19.0.0 - checksum: 10c0/575c364dcd2595928ebbc8ce6e90113e6bdcc2658ae59f3ddcd0fa2699880a81648765dc7083058bcc957bafd0f7e116c61c62e0cb6b678af97f7e719b5d2db7 + checksum: 10c0/d2978e40e83c1c4fd904dc3bc62ef1b6d52cf28e391e9dacad40712d7b14ce9ad22f0ad710631021066c296d10c364621b2c11a186694d8f5c6e59f35043f99a languageName: node linkType: hard -"@docusaurus/plugin-google-analytics@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/plugin-google-analytics@npm:3.10.0" +"@docusaurus/plugin-google-analytics@npm:3.10.1": + version: 3.10.1 + resolution: "@docusaurus/plugin-google-analytics@npm:3.10.1" dependencies: - "@docusaurus/core": "npm:3.10.0" - "@docusaurus/types": "npm:3.10.0" - "@docusaurus/utils-validation": "npm:3.10.0" + "@docusaurus/core": "npm:3.10.1" + "@docusaurus/types": "npm:3.10.1" + "@docusaurus/utils-validation": "npm:3.10.1" tslib: "npm:^2.6.0" peerDependencies: react: ^18.0.0 || ^19.0.0 react-dom: ^18.0.0 || ^19.0.0 - checksum: 10c0/f3814d3ec0c7e2040ac5f3a21a9e1dbb19d58af5a1096fe8376a8661fac92e9e77d3d48742ed7dfb0a1e635360bf1a4e2dd456b5d9d8746e490a250f9b7da097 + checksum: 10c0/c9aff3f3467d3e76a1dd8e1518e8a11b0d488b1761f0302a6cc9fdb94635b6e5673b3d993434205dc65cd6eb9677f795157887d508f01ba175c3f5e411aab2e6 languageName: node linkType: hard -"@docusaurus/plugin-google-gtag@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/plugin-google-gtag@npm:3.10.0" +"@docusaurus/plugin-google-gtag@npm:3.10.1": + version: 3.10.1 + resolution: "@docusaurus/plugin-google-gtag@npm:3.10.1" dependencies: - "@docusaurus/core": "npm:3.10.0" - "@docusaurus/types": "npm:3.10.0" - "@docusaurus/utils-validation": "npm:3.10.0" + "@docusaurus/core": "npm:3.10.1" + "@docusaurus/types": "npm:3.10.1" + "@docusaurus/utils-validation": "npm:3.10.1" "@types/gtag.js": "npm:^0.0.20" tslib: "npm:^2.6.0" peerDependencies: react: ^18.0.0 || ^19.0.0 react-dom: ^18.0.0 || ^19.0.0 - checksum: 10c0/31739d936f9ffa4c500d518816b17ac4f2ba2e75e20e5a6708eb2ed5d488465146b5a632899ab894cf8d8233306d212ac79d89c4c6a26c45f6dd15d31638444d + checksum: 10c0/6792713f813cb06dcc54ece92ac81faed01017a71079726f97adade1fa2b6665626369c788e108dee9c02e0cbfc4cc71a2e87db5d3e43f47944e7b0921bb71db languageName: node linkType: hard -"@docusaurus/plugin-google-tag-manager@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/plugin-google-tag-manager@npm:3.10.0" +"@docusaurus/plugin-google-tag-manager@npm:3.10.1": + version: 3.10.1 + resolution: "@docusaurus/plugin-google-tag-manager@npm:3.10.1" dependencies: - "@docusaurus/core": "npm:3.10.0" - "@docusaurus/types": "npm:3.10.0" - "@docusaurus/utils-validation": "npm:3.10.0" + "@docusaurus/core": "npm:3.10.1" + "@docusaurus/types": "npm:3.10.1" + "@docusaurus/utils-validation": "npm:3.10.1" tslib: "npm:^2.6.0" peerDependencies: react: ^18.0.0 || ^19.0.0 react-dom: ^18.0.0 || ^19.0.0 - checksum: 10c0/6937bd384653ef938a5b66cf56bce458cc39c33aa35a6ebc43139abb393cfc7cf7865dcf6af60a2dbf65ebb06d40303530430a52e30a119b9c3d7419e53f3a6d + checksum: 10c0/a1a01de5f876d63fec022d312c711525523ee380af3382e35d1953a577450da36039dfcd1ff7f0af0cd189cc14d268c64276def573bdc70d091db2cad56edf9f languageName: node linkType: hard -"@docusaurus/plugin-sitemap@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/plugin-sitemap@npm:3.10.0" - dependencies: - "@docusaurus/core": "npm:3.10.0" - "@docusaurus/logger": "npm:3.10.0" - "@docusaurus/types": "npm:3.10.0" - "@docusaurus/utils": "npm:3.10.0" - "@docusaurus/utils-common": "npm:3.10.0" - "@docusaurus/utils-validation": "npm:3.10.0" +"@docusaurus/plugin-sitemap@npm:3.10.1": + version: 3.10.1 + resolution: "@docusaurus/plugin-sitemap@npm:3.10.1" + dependencies: + "@docusaurus/core": "npm:3.10.1" + "@docusaurus/logger": "npm:3.10.1" + "@docusaurus/types": "npm:3.10.1" + "@docusaurus/utils": "npm:3.10.1" + "@docusaurus/utils-common": "npm:3.10.1" + "@docusaurus/utils-validation": "npm:3.10.1" fs-extra: "npm:^11.1.1" sitemap: "npm:^7.1.1" tslib: "npm:^2.6.0" peerDependencies: react: ^18.0.0 || ^19.0.0 react-dom: ^18.0.0 || ^19.0.0 - checksum: 10c0/a0538da02713caaf844cd3b489a360408bb6868ceefbe3e51e7d02223919e8349b219aac1d111e258a29be5eeaea53d712448abf9d7d860f0af89b12d6652a86 + checksum: 10c0/22c04be000a1577f9a0c169fb67ff0d4deaf618aa2a3839336cfaed667558f1db3ada5bed23ee7245596a307bbddbed62ede8e342120aa8efebe0b9d35f4da75 languageName: node linkType: hard -"@docusaurus/plugin-svgr@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/plugin-svgr@npm:3.10.0" +"@docusaurus/plugin-svgr@npm:3.10.1": + version: 3.10.1 + resolution: "@docusaurus/plugin-svgr@npm:3.10.1" dependencies: - "@docusaurus/core": "npm:3.10.0" - "@docusaurus/types": "npm:3.10.0" - "@docusaurus/utils": "npm:3.10.0" - "@docusaurus/utils-validation": "npm:3.10.0" + "@docusaurus/core": "npm:3.10.1" + "@docusaurus/types": "npm:3.10.1" + "@docusaurus/utils": "npm:3.10.1" + "@docusaurus/utils-validation": "npm:3.10.1" "@svgr/core": "npm:8.1.0" "@svgr/webpack": "npm:^8.1.0" tslib: "npm:^2.6.0" @@ -3072,66 +3079,66 @@ __metadata: peerDependencies: react: ^18.0.0 || ^19.0.0 react-dom: ^18.0.0 || ^19.0.0 - checksum: 10c0/31a049eaf82c80296b0dc4d7d7bd292bda13dbcf9f07943db4cd2b721276185cb95f6058c406ff4602f4ff408f0fb042f3ade8c8e1d009054ecfa55d99960a88 - languageName: node - linkType: hard - -"@docusaurus/preset-classic@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/preset-classic@npm:3.10.0" - dependencies: - "@docusaurus/core": "npm:3.10.0" - "@docusaurus/plugin-content-blog": "npm:3.10.0" - "@docusaurus/plugin-content-docs": "npm:3.10.0" - "@docusaurus/plugin-content-pages": "npm:3.10.0" - "@docusaurus/plugin-css-cascade-layers": "npm:3.10.0" - "@docusaurus/plugin-debug": "npm:3.10.0" - "@docusaurus/plugin-google-analytics": "npm:3.10.0" - "@docusaurus/plugin-google-gtag": "npm:3.10.0" - "@docusaurus/plugin-google-tag-manager": "npm:3.10.0" - "@docusaurus/plugin-sitemap": "npm:3.10.0" - "@docusaurus/plugin-svgr": "npm:3.10.0" - "@docusaurus/theme-classic": "npm:3.10.0" - "@docusaurus/theme-common": "npm:3.10.0" - "@docusaurus/theme-search-algolia": "npm:3.10.0" - "@docusaurus/types": "npm:3.10.0" + checksum: 10c0/d866efe42351d1a66febacd6c33753f5ace2056fe86259365408edd354fb67994208a4e2c9939a921c2a20cb11b64fdd3584d34dde8d0329a63a55c9a74c488f + languageName: node + linkType: hard + +"@docusaurus/preset-classic@npm:^3.10.1": + version: 3.10.1 + resolution: "@docusaurus/preset-classic@npm:3.10.1" + dependencies: + "@docusaurus/core": "npm:3.10.1" + "@docusaurus/plugin-content-blog": "npm:3.10.1" + "@docusaurus/plugin-content-docs": "npm:3.10.1" + "@docusaurus/plugin-content-pages": "npm:3.10.1" + "@docusaurus/plugin-css-cascade-layers": "npm:3.10.1" + "@docusaurus/plugin-debug": "npm:3.10.1" + "@docusaurus/plugin-google-analytics": "npm:3.10.1" + "@docusaurus/plugin-google-gtag": "npm:3.10.1" + "@docusaurus/plugin-google-tag-manager": "npm:3.10.1" + "@docusaurus/plugin-sitemap": "npm:3.10.1" + "@docusaurus/plugin-svgr": "npm:3.10.1" + "@docusaurus/theme-classic": "npm:3.10.1" + "@docusaurus/theme-common": "npm:3.10.1" + "@docusaurus/theme-search-algolia": "npm:3.10.1" + "@docusaurus/types": "npm:3.10.1" peerDependencies: react: ^18.0.0 || ^19.0.0 react-dom: ^18.0.0 || ^19.0.0 - checksum: 10c0/c7d9ce9b76f309b65a3cdba6702f49adb4c518da3e3c4a4f745c5ad659cab9a9d1bf3841d49817fa4a1e3d226c2f683d6e263bb36d9d9bb6143f9fc4d36add42 + checksum: 10c0/524675229e33f24f678ca104eab1b6328ca31c2572e5cb2a598a330bd990a8d50eb1929aaef9031c37827a22ddaf6bb19484b75ac2a5b0936f6322d951f33559 languageName: node linkType: hard -"@docusaurus/remark-plugin-npm2yarn@npm:^3.10.0": - version: 3.10.0 - resolution: "@docusaurus/remark-plugin-npm2yarn@npm:3.10.0" +"@docusaurus/remark-plugin-npm2yarn@npm:^3.10.1": + version: 3.10.1 + resolution: "@docusaurus/remark-plugin-npm2yarn@npm:3.10.1" dependencies: mdast-util-mdx: "npm:^3.0.0" npm-to-yarn: "npm:^3.0.0" tslib: "npm:^2.6.0" unified: "npm:^11.0.3" unist-util-visit: "npm:^5.0.0" - checksum: 10c0/015a9bb2c28a911b060d0c9f3cd869547b7c3bb3f3e13b0fb9fc36016339ca48b2c4590d99ebfb66d866194cd1e8ab4092bd37bb329f42e3448669a48bb9ef35 - languageName: node - linkType: hard - -"@docusaurus/theme-classic@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/theme-classic@npm:3.10.0" - dependencies: - "@docusaurus/core": "npm:3.10.0" - "@docusaurus/logger": "npm:3.10.0" - "@docusaurus/mdx-loader": "npm:3.10.0" - "@docusaurus/module-type-aliases": "npm:3.10.0" - "@docusaurus/plugin-content-blog": "npm:3.10.0" - "@docusaurus/plugin-content-docs": "npm:3.10.0" - "@docusaurus/plugin-content-pages": "npm:3.10.0" - "@docusaurus/theme-common": "npm:3.10.0" - "@docusaurus/theme-translations": "npm:3.10.0" - "@docusaurus/types": "npm:3.10.0" - "@docusaurus/utils": "npm:3.10.0" - "@docusaurus/utils-common": "npm:3.10.0" - "@docusaurus/utils-validation": "npm:3.10.0" + checksum: 10c0/1888080d863bf4818e97a6653f16c5139efb1bf7cef24b00f1a0739a504695a6094d283333353dfeea9254a707b37101651f13ed796348c86633682275139010 + languageName: node + linkType: hard + +"@docusaurus/theme-classic@npm:3.10.1": + version: 3.10.1 + resolution: "@docusaurus/theme-classic@npm:3.10.1" + dependencies: + "@docusaurus/core": "npm:3.10.1" + "@docusaurus/logger": "npm:3.10.1" + "@docusaurus/mdx-loader": "npm:3.10.1" + "@docusaurus/module-type-aliases": "npm:3.10.1" + "@docusaurus/plugin-content-blog": "npm:3.10.1" + "@docusaurus/plugin-content-docs": "npm:3.10.1" + "@docusaurus/plugin-content-pages": "npm:3.10.1" + "@docusaurus/theme-common": "npm:3.10.1" + "@docusaurus/theme-translations": "npm:3.10.1" + "@docusaurus/types": "npm:3.10.1" + "@docusaurus/utils": "npm:3.10.1" + "@docusaurus/utils-common": "npm:3.10.1" + "@docusaurus/utils-validation": "npm:3.10.1" "@mdx-js/react": "npm:^3.0.0" clsx: "npm:^2.0.0" copy-text-to-clipboard: "npm:^3.2.0" @@ -3148,18 +3155,18 @@ __metadata: peerDependencies: react: ^18.0.0 || ^19.0.0 react-dom: ^18.0.0 || ^19.0.0 - checksum: 10c0/920df8c75701cd462cc414440b446157b6c831432bb2fe0e506268a5a72ef7fefe58568d8fb12bfc61845e8809f5fe6900314f39e9867a0aedabd184cbaa05b9 + checksum: 10c0/55be80ca9a1880c0a923c519243233bb52025e4a0ae312907c9df52b8ab3594819da164a71377e6ed5b02eef740496eff006da41462603195c0284b977515ceb languageName: node linkType: hard -"@docusaurus/theme-common@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/theme-common@npm:3.10.0" +"@docusaurus/theme-common@npm:3.10.1": + version: 3.10.1 + resolution: "@docusaurus/theme-common@npm:3.10.1" dependencies: - "@docusaurus/mdx-loader": "npm:3.10.0" - "@docusaurus/module-type-aliases": "npm:3.10.0" - "@docusaurus/utils": "npm:3.10.0" - "@docusaurus/utils-common": "npm:3.10.0" + "@docusaurus/mdx-loader": "npm:3.10.1" + "@docusaurus/module-type-aliases": "npm:3.10.1" + "@docusaurus/utils": "npm:3.10.1" + "@docusaurus/utils-common": "npm:3.10.1" "@types/history": "npm:^4.7.11" "@types/react": "npm:*" "@types/react-router-config": "npm:*" @@ -3172,23 +3179,23 @@ __metadata: "@docusaurus/plugin-content-docs": "*" react: ^18.0.0 || ^19.0.0 react-dom: ^18.0.0 || ^19.0.0 - checksum: 10c0/16cda69e916adfc2cfdeea6940264c01d56e8b87e87fca887d7d28933712333b5b60ce60a64d505ddda8da2c6538b50f3aa4e16351e3d05df9f8e590b407be6e + checksum: 10c0/f66e25b6449e03b5c8812be407e80c1c9ffc87b07395273d009a40761302e6230ab357096de95b47f77aef1d7e4d0363220cca07b7fbdeb9679770e20e0ab7a4 languageName: node linkType: hard -"@docusaurus/theme-search-algolia@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/theme-search-algolia@npm:3.10.0" +"@docusaurus/theme-search-algolia@npm:3.10.1": + version: 3.10.1 + resolution: "@docusaurus/theme-search-algolia@npm:3.10.1" dependencies: "@algolia/autocomplete-core": "npm:^1.19.2" "@docsearch/react": "npm:^3.9.0 || ^4.3.2" - "@docusaurus/core": "npm:3.10.0" - "@docusaurus/logger": "npm:3.10.0" - "@docusaurus/plugin-content-docs": "npm:3.10.0" - "@docusaurus/theme-common": "npm:3.10.0" - "@docusaurus/theme-translations": "npm:3.10.0" - "@docusaurus/utils": "npm:3.10.0" - "@docusaurus/utils-validation": "npm:3.10.0" + "@docusaurus/core": "npm:3.10.1" + "@docusaurus/logger": "npm:3.10.1" + "@docusaurus/plugin-content-docs": "npm:3.10.1" + "@docusaurus/theme-common": "npm:3.10.1" + "@docusaurus/theme-translations": "npm:3.10.1" + "@docusaurus/utils": "npm:3.10.1" + "@docusaurus/utils-validation": "npm:3.10.1" algoliasearch: "npm:^5.37.0" algoliasearch-helper: "npm:^3.26.0" clsx: "npm:^2.0.0" @@ -3200,23 +3207,23 @@ __metadata: peerDependencies: react: ^18.0.0 || ^19.0.0 react-dom: ^18.0.0 || ^19.0.0 - checksum: 10c0/63dd5f7e99457a71f0eb7916e18fa421e3194018975a52e8d8bd197abfdf5f19d85348a8a7e0713bccac413e9d5b1cb54b9c69c28a868e0473c1cf0b806f3faa + checksum: 10c0/dd558ac0c50f2374b8285f463ec23e1996247f4436cd9147fd313689d02d9113214e0368c64fdc8ca106f10b6ef93589814980ea0121cb3583ca87feae4b19c3 languageName: node linkType: hard -"@docusaurus/theme-translations@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/theme-translations@npm:3.10.0" +"@docusaurus/theme-translations@npm:3.10.1": + version: 3.10.1 + resolution: "@docusaurus/theme-translations@npm:3.10.1" dependencies: fs-extra: "npm:^11.1.1" tslib: "npm:^2.6.0" - checksum: 10c0/62fa157763e2ad4d8c7afea0edebce895f85da5384c48222a1f697932716c550eeda34310d473643d037ae6d41720909174abf409971fcddd0eadb63daafced6 + checksum: 10c0/2a1c871e883a82c4c5071820dcdc3bbeea5a3571978d022c1d1b820ae8b676ea5dd173b9c17542a032b9a5ec7e06f5d8a3b9de31a1e1f474f527baccfb5f9deb languageName: node linkType: hard -"@docusaurus/types@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/types@npm:3.10.0" +"@docusaurus/types@npm:3.10.1, @docusaurus/types@npm:^3.10.1": + version: 3.10.1 + resolution: "@docusaurus/types@npm:3.10.1" dependencies: "@mdx-js/mdx": "npm:^3.0.0" "@types/history": "npm:^4.7.11" @@ -3231,43 +3238,43 @@ __metadata: peerDependencies: react: ^18.0.0 || ^19.0.0 react-dom: ^18.0.0 || ^19.0.0 - checksum: 10c0/0d0f5f57bb82f190385a506192d882a5072e833af55a35cb5fb69048bb4258012eebe51448b8ace9d77d05d69a99d7fd2dcae25bb4babfa205abfbca222de8d5 + checksum: 10c0/63cc1d92ec775fb0e58f156b4edc7075612943a94d15d4648b60effcbc34c70a1092569d66d552878779b48d5111abe2fc154ba6a3bca2af0383550c9f9a015b languageName: node linkType: hard -"@docusaurus/utils-common@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/utils-common@npm:3.10.0" +"@docusaurus/utils-common@npm:3.10.1": + version: 3.10.1 + resolution: "@docusaurus/utils-common@npm:3.10.1" dependencies: - "@docusaurus/types": "npm:3.10.0" + "@docusaurus/types": "npm:3.10.1" tslib: "npm:^2.6.0" - checksum: 10c0/12e54b8e29d1d8d78f85598a154fc122f4d93bdd143b55fd7a474c2d9eab431bbf13ac61e008f1c4f34ffce76578fe95b441f6a6469a752d7396f9d9c000f6e4 + checksum: 10c0/1dde7a5c538a2cbe9eba46c9a3991a773e2d9d5b9c489cb010f9284c33cba7d494c1300557f850fa6a6e857747ca835b91f6036b02a726e13d296d7a65f8d8db languageName: node linkType: hard -"@docusaurus/utils-validation@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/utils-validation@npm:3.10.0" +"@docusaurus/utils-validation@npm:3.10.1": + version: 3.10.1 + resolution: "@docusaurus/utils-validation@npm:3.10.1" dependencies: - "@docusaurus/logger": "npm:3.10.0" - "@docusaurus/utils": "npm:3.10.0" - "@docusaurus/utils-common": "npm:3.10.0" + "@docusaurus/logger": "npm:3.10.1" + "@docusaurus/utils": "npm:3.10.1" + "@docusaurus/utils-common": "npm:3.10.1" fs-extra: "npm:^11.2.0" joi: "npm:^17.9.2" js-yaml: "npm:^4.1.0" lodash: "npm:^4.17.21" tslib: "npm:^2.6.0" - checksum: 10c0/ab1aee9c9b236d4c5247f33b245c016a2ef501ef154f5f5392a98e706d448ee60c32746b4c58e4954be24393eee6db06cb3192efa8df00343176c558fca33924 + checksum: 10c0/6368eb2a879fc1c4a507873689bd0a08257e2bc72a2ba53b3629d633d97d368168720fc504a54f96a0652982fc098f29675076e1fbcaf0244947645131a3d2f9 languageName: node linkType: hard -"@docusaurus/utils@npm:3.10.0": - version: 3.10.0 - resolution: "@docusaurus/utils@npm:3.10.0" +"@docusaurus/utils@npm:3.10.1": + version: 3.10.1 + resolution: "@docusaurus/utils@npm:3.10.1" dependencies: - "@docusaurus/logger": "npm:3.10.0" - "@docusaurus/types": "npm:3.10.0" - "@docusaurus/utils-common": "npm:3.10.0" + "@docusaurus/logger": "npm:3.10.1" + "@docusaurus/types": "npm:3.10.1" + "@docusaurus/utils-common": "npm:3.10.1" escape-string-regexp: "npm:^4.0.0" execa: "npm:^5.1.1" file-loader: "npm:^6.2.0" @@ -3286,7 +3293,7 @@ __metadata: url-loader: "npm:^4.1.1" utility-types: "npm:^3.10.0" webpack: "npm:^5.88.1" - checksum: 10c0/0f3488c38fbc985378f93f6573cf080559207ae367b0052df2ad42d667726ec766900db68184ec1746bcf4c38c9a1289d9f54fbd71a857dc592363996295afff + checksum: 10c0/97d51da30035ef34eced1dbc937f829309a8165a07a9c66d87c5deec03fb62150cbc70b2763ffdec0286b21f1be53f4011a036e4265cb971a892f0ab12172e0a languageName: node linkType: hard @@ -6209,44 +6216,44 @@ __metadata: languageName: node linkType: hard -"@turbo/darwin-64@npm:2.9.6": - version: 2.9.6 - resolution: "@turbo/darwin-64@npm:2.9.6" +"@turbo/darwin-64@npm:2.9.14": + version: 2.9.14 + resolution: "@turbo/darwin-64@npm:2.9.14" conditions: os=darwin & cpu=x64 languageName: node linkType: hard -"@turbo/darwin-arm64@npm:2.9.6": - version: 2.9.6 - resolution: "@turbo/darwin-arm64@npm:2.9.6" +"@turbo/darwin-arm64@npm:2.9.14": + version: 2.9.14 + resolution: "@turbo/darwin-arm64@npm:2.9.14" conditions: os=darwin & cpu=arm64 languageName: node linkType: hard -"@turbo/linux-64@npm:2.9.6": - version: 2.9.6 - resolution: "@turbo/linux-64@npm:2.9.6" +"@turbo/linux-64@npm:2.9.14": + version: 2.9.14 + resolution: "@turbo/linux-64@npm:2.9.14" conditions: os=linux & cpu=x64 languageName: node linkType: hard -"@turbo/linux-arm64@npm:2.9.6": - version: 2.9.6 - resolution: "@turbo/linux-arm64@npm:2.9.6" +"@turbo/linux-arm64@npm:2.9.14": + version: 2.9.14 + resolution: "@turbo/linux-arm64@npm:2.9.14" conditions: os=linux & cpu=arm64 languageName: node linkType: hard -"@turbo/windows-64@npm:2.9.6": - version: 2.9.6 - resolution: "@turbo/windows-64@npm:2.9.6" +"@turbo/windows-64@npm:2.9.14": + version: 2.9.14 + resolution: "@turbo/windows-64@npm:2.9.14" conditions: os=win32 & cpu=x64 languageName: node linkType: hard -"@turbo/windows-arm64@npm:2.9.6": - version: 2.9.6 - resolution: "@turbo/windows-arm64@npm:2.9.6" +"@turbo/windows-arm64@npm:2.9.14": + version: 2.9.14 + resolution: "@turbo/windows-arm64@npm:2.9.14" conditions: os=win32 & cpu=arm64 languageName: node linkType: hard @@ -6349,26 +6356,6 @@ __metadata: languageName: node linkType: hard -"@types/eslint-scope@npm:^3.7.7": - version: 3.7.7 - resolution: "@types/eslint-scope@npm:3.7.7" - dependencies: - "@types/eslint": "npm:*" - "@types/estree": "npm:*" - checksum: 10c0/a0ecbdf2f03912679440550817ff77ef39a30fa8bfdacaf6372b88b1f931828aec392f52283240f0d648cf3055c5ddc564544a626bcf245f3d09fcb099ebe3cc - languageName: node - linkType: hard - -"@types/eslint@npm:*": - version: 9.6.1 - resolution: "@types/eslint@npm:9.6.1" - dependencies: - "@types/estree": "npm:*" - "@types/json-schema": "npm:*" - checksum: 10c0/69ba24fee600d1e4c5abe0df086c1a4d798abf13792d8cfab912d76817fe1a894359a1518557d21237fbaf6eda93c5ab9309143dee4c59ef54336d1b3570420e - languageName: node - linkType: hard - "@types/esrecurse@npm:^4.3.1": version: 4.3.1 resolution: "@types/esrecurse@npm:4.3.1" @@ -6548,7 +6535,7 @@ __metadata: languageName: node linkType: hard -"@types/json-schema@npm:*, @types/json-schema@npm:^7.0.11, @types/json-schema@npm:^7.0.15, @types/json-schema@npm:^7.0.4, @types/json-schema@npm:^7.0.7, @types/json-schema@npm:^7.0.8, @types/json-schema@npm:^7.0.9": +"@types/json-schema@npm:^7.0.11, @types/json-schema@npm:^7.0.15, @types/json-schema@npm:^7.0.4, @types/json-schema@npm:^7.0.7, @types/json-schema@npm:^7.0.8, @types/json-schema@npm:^7.0.9": version: 7.0.15 resolution: "@types/json-schema@npm:7.0.15" checksum: 10c0/a996a745e6c5d60292f36731dd41341339d4eeed8180bb09226e5c8d23759067692b1d88e5d91d72ee83dfc00d3aca8e7bd43ea120516c17922cbcb7c3e252db @@ -8593,12 +8580,12 @@ __metadata: languageName: node linkType: hard -"brace-expansion@npm:^5.0.5": - version: 5.0.5 - resolution: "brace-expansion@npm:5.0.5" +"brace-expansion@npm:^5.0.6": + version: 5.0.6 + resolution: "brace-expansion@npm:5.0.6" dependencies: balanced-match: "npm:^4.0.2" - checksum: 10c0/4d238e14ed4f5cc9c07285550a41cef23121ca08ba99fa9eb5b55b580dcb6bf868b8210aa10526bdc9f8dc97f33ca2a7259039c4cc131a93042beddb424c48e3 + checksum: 10c0/8c919869b90f61d533b341d3340be5ee4413232ea89b8246cbc2f38eb014f1d8182785c98a006eaf6111d02dc9eeffefdc240d5ac158625b2ed084dccd4bbf9b languageName: node linkType: hard @@ -10374,13 +10361,13 @@ __metadata: languageName: node linkType: hard -"enhanced-resolve@npm:^5.20.0": - version: 5.20.1 - resolution: "enhanced-resolve@npm:5.20.1" +"enhanced-resolve@npm:^5.21.4": + version: 5.22.0 + resolution: "enhanced-resolve@npm:5.22.0" dependencies: graceful-fs: "npm:^4.2.4" - tapable: "npm:^2.3.0" - checksum: 10c0/c6503ee1b2d725843e047e774445ecb12b779aa52db25d11ebe18d4b3adc148d3d993d2038b3d0c38ad836c9c4b3930fbc55df42f72b44785e2f94e5530eda69 + tapable: "npm:^2.3.3" + checksum: 10c0/01d3d7a7628c87f617df7d9a0a34b0f543a2268ac0755a73237d68c3627eb0612f28899343d20b7781a05ebd276069919441e1562cf99171bfcc85924f3d830a languageName: node linkType: hard @@ -10570,6 +10557,13 @@ __metadata: languageName: node linkType: hard +"es-module-lexer@npm:^2.1.0": + version: 2.1.0 + resolution: "es-module-lexer@npm:2.1.0" + checksum: 10c0/93bcf2454fa72d67fe3ccd0abef8ce7933f5840a319513418a643dd8e9c6aa8f49709cecfae02ded722805dd327232d30723a807cc52e6809d6ac697c62c29fb + languageName: node + linkType: hard + "es-object-atoms@npm:^1.0.0, es-object-atoms@npm:^1.1.1": version: 1.1.1 resolution: "es-object-atoms@npm:1.1.1" @@ -11304,10 +11298,10 @@ __metadata: languageName: node linkType: hard -"fast-uri@npm:^3.0.1": - version: 3.0.1 - resolution: "fast-uri@npm:3.0.1" - checksum: 10c0/3cd46d6006083b14ca61ffe9a05b8eef75ef87e9574b6f68f2e17ecf4daa7aaadeff44e3f0f7a0ef4e0f7e7c20fc07beec49ff14dc72d0b500f00386592f2d10 +"fast-uri@npm:^3.1.2": + version: 3.1.2 + resolution: "fast-uri@npm:3.1.2" + checksum: 10c0/5b35641895959f3f7ab7a7b1b5542bded159346f25ec9f256817b206d50b64eda5828e90d605a2e2fc645c90519a7259c2bab2c942ee728c88b88e5be21b090d languageName: node linkType: hard @@ -11513,13 +11507,13 @@ __metadata: languageName: node linkType: hard -"follow-redirects@npm:^1.0.0": - version: 1.15.11 - resolution: "follow-redirects@npm:1.15.11" +"follow-redirects@npm:^1.16.0": + version: 1.16.0 + resolution: "follow-redirects@npm:1.16.0" peerDependenciesMeta: debug: optional: true - checksum: 10c0/d301f430542520a54058d4aeeb453233c564aaccac835d29d15e050beb33f339ad67d9bddbce01739c5dc46a6716dbe3d9d0d5134b1ca203effa11a7ef092343 + checksum: 10c0/a1e2900163e6f1b4d1ed5c221b607f41decbab65534c63fe7e287e40a5d552a6496e7d9d7d976fa4ba77b4c51c11e5e9f683f10b43011ea11e442ff128d0e181 languageName: node linkType: hard @@ -12818,10 +12812,10 @@ __metadata: languageName: node linkType: hard -"ip-address@npm:^10.0.1": - version: 10.1.0 - resolution: "ip-address@npm:10.1.0" - checksum: 10c0/0103516cfa93f6433b3bd7333fa876eb21263912329bfa47010af5e16934eeeff86f3d2ae700a3744a137839ddfad62b900c7a445607884a49b5d1e32a3d7566 +"ip-address@npm:^10.1.1": + version: 10.2.0 + resolution: "ip-address@npm:10.2.0" + checksum: 10c0/5a00aada6e922c9c69dfc800ed5d0fa3348675ebdeed0e1575f503f27ca385b5f534363c9af7ad1daf64c1f1409388cdd3cc2e9b9b0fe1c924a431378d55075a languageName: node linkType: hard @@ -13696,7 +13690,7 @@ __metadata: languageName: node linkType: hard -"json-parse-even-better-errors@npm:^2.3.0, json-parse-even-better-errors@npm:^2.3.1": +"json-parse-even-better-errors@npm:^2.3.0": version: 2.3.1 resolution: "json-parse-even-better-errors@npm:2.3.1" checksum: 10c0/140932564c8f0b88455432e0f33c4cb4086b8868e37524e07e723f4eaedb9425bdc2bafd71bd1d9765bd15fd1e2d126972bc83990f55c467168c228c24d665f3 @@ -14122,10 +14116,10 @@ __metadata: languageName: node linkType: hard -"loader-runner@npm:^4.3.1": - version: 4.3.1 - resolution: "loader-runner@npm:4.3.1" - checksum: 10c0/a523b6329f114e0a98317158e30a7dfce044b731521be5399464010472a93a15ece44757d1eaed1d8845019869c5390218bc1c7c3110f4eeaef5157394486eac +"loader-runner@npm:^4.3.2": + version: 4.3.2 + resolution: "loader-runner@npm:4.3.2" + checksum: 10c0/35297f2d1cadcef8995c4ba2c4e27ef397f508014c5cdcdae43456ed27d07d3bfc3e81a5460857184517a02576917363f5f8f98cb22500c124f00c33eb6ec7b1 languageName: node linkType: hard @@ -15719,12 +15713,12 @@ __metadata: languageName: node linkType: hard -"nanoid@npm:^3.3.11": - version: 3.3.11 - resolution: "nanoid@npm:3.3.11" +"nanoid@npm:^3.3.12": + version: 3.3.12 + resolution: "nanoid@npm:3.3.12" bin: nanoid: bin/nanoid.cjs - checksum: 10c0/40e7f70b3d15f725ca072dfc4f74e81fcf1fbb02e491cf58ac0c79093adc9b0a73b152bcde57df4b79cd097e13023d7504acb38404a4da7bc1cd8e887b82fe0b + checksum: 10c0/ba142b7b39e11e80c16dd74b0365d407880c87c1cf7e1480956981ae940ee36060fa5b6f092cd1e315184dd19244c657bd017d03327bd3c62247d691c5e8edfb languageName: node linkType: hard @@ -16300,11 +16294,11 @@ __metadata: version: 0.0.0-use.local resolution: "openapi-qraft-website@workspace:website" dependencies: - "@docusaurus/core": "npm:3.10.0" - "@docusaurus/module-type-aliases": "npm:3.10.0" - "@docusaurus/preset-classic": "npm:3.10.0" - "@docusaurus/remark-plugin-npm2yarn": "npm:^3.10.0" - "@docusaurus/types": "npm:3.10.0" + "@docusaurus/core": "npm:^3.10.1" + "@docusaurus/module-type-aliases": "npm:^3.10.1" + "@docusaurus/preset-classic": "npm:^3.10.1" + "@docusaurus/remark-plugin-npm2yarn": "npm:^3.10.1" + "@docusaurus/types": "npm:^3.10.1" "@mdx-js/react": "npm:^3.1.1" clsx: "npm:^2.1.1" editorconfig-checker: "npm:^5.1.9" @@ -18005,14 +17999,14 @@ __metadata: languageName: node linkType: hard -"postcss@npm:^8.4.21, postcss@npm:^8.4.24, postcss@npm:^8.4.33, postcss@npm:^8.5.4, postcss@npm:^8.5.8": - version: 8.5.8 - resolution: "postcss@npm:8.5.8" +"postcss@npm:^8.5.10": + version: 8.5.15 + resolution: "postcss@npm:8.5.15" dependencies: - nanoid: "npm:^3.3.11" + nanoid: "npm:^3.3.12" picocolors: "npm:^1.1.1" source-map-js: "npm:^1.2.1" - checksum: 10c0/dd918f7127ee7c60a0295bae2e72b3787892296e1d1c3c564d7a2a00c68d8df83cadc3178491259daa19ccc54804fb71ed8c937c6787e08d8bd4bedf8d17044c + checksum: 10c0/7f2e63ae22fbe43aace1bf652bd99da4e90737c64194d49e51ddc9cd0f9e51ff2861a7d734379b494deffa03a880a5c65eec70bc29ee9ebaa7136dde3eee8f31 languageName: node linkType: hard @@ -18297,17 +18291,17 @@ __metadata: "@ianvs/prettier-plugin-sort-imports": "npm:^4.7.1" knip: "npm:^6.4.0" prettier: "npm:^3.8.2" - turbo: "npm:^2.9.6" + turbo: "npm:^2.9.14" typescript: "npm:^5.9.3" languageName: unknown linkType: soft -"qs@npm:~6.14.0, qs@npm:~6.14.1": - version: 6.14.2 - resolution: "qs@npm:6.14.2" +"qs@npm:^6.15.2": + version: 6.15.2 + resolution: "qs@npm:6.15.2" dependencies: side-channel: "npm:^1.1.0" - checksum: 10c0/646110124476fc9acf3c80994c8c3a0600cbad06a4ede1c9e93341006e8426d64e85e048baf8f0c4995f0f1bf0f37d1f3acc5ec1455850b81978792969a60ef6 + checksum: 10c0/e6fd5f6f0aab06d480fe9ab15cebfc4ce4235303e2f91dc69a8f7f4df1e668a61c11d1cfbabacf4295cbbeb7b670ed23db45307480726259761f98e5695e93a7 languageName: node linkType: hard @@ -21602,6 +21596,13 @@ __metadata: languageName: node linkType: hard +"tapable@npm:^2.3.3": + version: 2.3.3 + resolution: "tapable@npm:2.3.3" + checksum: 10c0/47992e861053f861154e92fb4a98ac4ab47b6463717e60792dd1e8c755da0c4964cd8bb68c308a9066d6da89000b6310457b4d5d985c30de4ccc29066068cc17 + languageName: node + linkType: hard + "tar-stream@npm:3.1.7": version: 3.1.7 resolution: "tar-stream@npm:3.1.7" @@ -21633,7 +21634,7 @@ __metadata: languageName: node linkType: hard -"terser-webpack-plugin@npm:^5.3.17, terser-webpack-plugin@npm:^5.3.9": +"terser-webpack-plugin@npm:^5.3.9": version: 5.4.0 resolution: "terser-webpack-plugin@npm:5.4.0" dependencies: @@ -21654,6 +21655,45 @@ __metadata: languageName: node linkType: hard +"terser-webpack-plugin@npm:^5.5.0": + version: 5.6.0 + resolution: "terser-webpack-plugin@npm:5.6.0" + dependencies: + "@jridgewell/trace-mapping": "npm:^0.3.25" + jest-worker: "npm:^27.4.5" + schema-utils: "npm:^4.3.0" + terser: "npm:^5.31.1" + peerDependencies: + webpack: ^5.1.0 + peerDependenciesMeta: + "@minify-html/node": + optional: true + "@swc/core": + optional: true + "@swc/css": + optional: true + "@swc/html": + optional: true + clean-css: + optional: true + cssnano: + optional: true + csso: + optional: true + esbuild: + optional: true + html-minifier-terser: + optional: true + lightningcss: + optional: true + postcss: + optional: true + uglify-js: + optional: true + checksum: 10c0/191882a727d571291df49b11bdcfa7459aa78e96c542a993d66f70df052404e3b30157708a80c2895bbe2de4860217c2addcf15d5b2321df8f0aa0de2191f64f + languageName: node + linkType: hard + "terser@npm:^5.10.0, terser@npm:^5.15.1, terser@npm:^5.31.1": version: 5.44.1 resolution: "terser@npm:5.44.1" @@ -21979,16 +22019,16 @@ __metadata: languageName: node linkType: hard -"turbo@npm:^2.9.6": - version: 2.9.6 - resolution: "turbo@npm:2.9.6" +"turbo@npm:^2.9.14": + version: 2.9.14 + resolution: "turbo@npm:2.9.14" dependencies: - "@turbo/darwin-64": "npm:2.9.6" - "@turbo/darwin-arm64": "npm:2.9.6" - "@turbo/linux-64": "npm:2.9.6" - "@turbo/linux-arm64": "npm:2.9.6" - "@turbo/windows-64": "npm:2.9.6" - "@turbo/windows-arm64": "npm:2.9.6" + "@turbo/darwin-64": "npm:2.9.14" + "@turbo/darwin-arm64": "npm:2.9.14" + "@turbo/linux-64": "npm:2.9.14" + "@turbo/linux-arm64": "npm:2.9.14" + "@turbo/windows-64": "npm:2.9.14" + "@turbo/windows-arm64": "npm:2.9.14" dependenciesMeta: "@turbo/darwin-64": optional: true @@ -22004,7 +22044,7 @@ __metadata: optional: true bin: turbo: bin/turbo - checksum: 10c0/8f06bc9f4fa8caa446b72276ba0ab69dbcaf46ffbf536926f5d2759cc5d180f027a4065286ce03d6788306b5404d7a320d8354670cabd459c599fcdca83e4611 + checksum: 10c0/77a20c05ef588a9bac02500108af644ac1129b23f6f8db53054c9c7af98ed6a71e019172a0dd6d03920c6068c1a93ea80e6b2fb857bf70ba09616381bf07ea47 languageName: node linkType: hard @@ -22748,12 +22788,12 @@ __metadata: languageName: node linkType: hard -"uuid@npm:^8.3.2": - version: 8.3.2 - resolution: "uuid@npm:8.3.2" +"uuid@npm:11.1.1": + version: 11.1.1 + resolution: "uuid@npm:11.1.1" bin: - uuid: dist/bin/uuid - checksum: 10c0/bcbb807a917d374a49f475fae2e87fdca7da5e5530820ef53f65ba1d12131bd81a92ecf259cc7ce317cbe0f289e7d79fdfebcef9bfa3087c8c8a2fa304c9be54 + uuid: dist/esm/bin/uuid + checksum: 10c0/9e3af58eba872ece5a5e76f4773a94fc78a0ef2c2444c38dbe6b42f41dadf76c01850fd783604f27986f6195e6286aef064d45987d401b2a33127b98ddf7c0c5 languageName: node linkType: hard @@ -23170,9 +23210,9 @@ __metadata: languageName: node linkType: hard -"webpack-dev-server@npm:^5.2.2": - version: 5.2.3 - resolution: "webpack-dev-server@npm:5.2.3" +"webpack-dev-server@npm:^5.2.4": + version: 5.2.4 + resolution: "webpack-dev-server@npm:5.2.4" dependencies: "@types/bonjour": "npm:^3.5.13" "@types/connect-history-api-fallback": "npm:^1.5.4" @@ -23211,7 +23251,7 @@ __metadata: optional: true bin: webpack-dev-server: bin/webpack-dev-server.js - checksum: 10c0/a716f1d509635ad9f2779baf242657740e6ad516ce210fe094cbf3b16f25f114e477c45a751ad2bbf1c601cbbe67b6ba9b8b43159b7c01fc3342c95b985fe963 + checksum: 10c0/42f8afe11b7bfe65d72e30d861ddf1e4d05f27202c4c1162d204cb41a4a858dffc91c5a02bf44ec08acc8c02b4a57aaf46924ec12a5e5b97c307991379282669 languageName: node linkType: hard @@ -23237,18 +23277,17 @@ __metadata: languageName: node linkType: hard -"webpack-sources@npm:^3.3.4": - version: 3.3.4 - resolution: "webpack-sources@npm:3.3.4" - checksum: 10c0/94a42508531338eb41939cf1d48a4a8a6db97f3a47e5453cff2133a68d3169ca779d4bcbe9dfed072ce16611959eba1e16f085bc2dc56714e1a1c1783fd661a3 +"webpack-sources@npm:^3.4.1": + version: 3.5.0 + resolution: "webpack-sources@npm:3.5.0" + checksum: 10c0/f186eb66ffe245479e7f78c1c202d79584d5b65cc2bc4a6175ff952cdc8840872b1a95e6305078b1286324a19527213935e7d10b53192a9f74c0e0e148e55cb0 languageName: node linkType: hard "webpack@npm:^5.104.1": - version: 5.106.1 - resolution: "webpack@npm:5.106.1" + version: 5.107.1 + resolution: "webpack@npm:5.107.1" dependencies: - "@types/eslint-scope": "npm:^3.7.7" "@types/estree": "npm:^1.0.8" "@types/json-schema": "npm:^7.0.15" "@webassemblyjs/ast": "npm:^1.14.1" @@ -23258,27 +23297,26 @@ __metadata: acorn-import-phases: "npm:^1.0.3" browserslist: "npm:^4.28.1" chrome-trace-event: "npm:^1.0.2" - enhanced-resolve: "npm:^5.20.0" - es-module-lexer: "npm:^2.0.0" + enhanced-resolve: "npm:^5.21.4" + es-module-lexer: "npm:^2.1.0" eslint-scope: "npm:5.1.1" events: "npm:^3.2.0" glob-to-regexp: "npm:^0.4.1" graceful-fs: "npm:^4.2.11" - json-parse-even-better-errors: "npm:^2.3.1" - loader-runner: "npm:^4.3.1" - mime-types: "npm:^2.1.27" + loader-runner: "npm:^4.3.2" + mime-db: "npm:^1.54.0" neo-async: "npm:^2.6.2" schema-utils: "npm:^4.3.3" tapable: "npm:^2.3.0" - terser-webpack-plugin: "npm:^5.3.17" + terser-webpack-plugin: "npm:^5.5.0" watchpack: "npm:^2.5.1" - webpack-sources: "npm:^3.3.4" + webpack-sources: "npm:^3.4.1" peerDependenciesMeta: webpack-cli: optional: true bin: webpack: bin/webpack.js - checksum: 10c0/eb56ba99564e185c83fb8d898253c0e6b91fcfcab54e3716bc6bc4df2636511686edb79073313ad9394b757c912b9489e28c7a5bd33d4d386d3103ba9608ca47 + checksum: 10c0/18f4788d71c994bfab491774a6d669cad9f77c6eb93fb29db7efa12bc70cf8adeb904ba5da150678883e24ba2c73e9f6efbfb9912cbe7a4e9a7fc2a1859fd90c languageName: node linkType: hard @@ -23564,9 +23602,9 @@ __metadata: languageName: node linkType: hard -"ws@npm:^8.18.0": - version: 8.18.0 - resolution: "ws@npm:8.18.0" +"ws@npm:^8.20.1": + version: 8.21.0 + resolution: "ws@npm:8.21.0" peerDependencies: bufferutil: ^4.0.1 utf-8-validate: ">=5.0.2" @@ -23575,7 +23613,7 @@ __metadata: optional: true utf-8-validate: optional: true - checksum: 10c0/25eb33aff17edcb90721ed6b0eb250976328533ad3cd1a28a274bd263682e7296a6591ff1436d6cbc50fa67463158b062f9d1122013b361cec99a05f84680e06 + checksum: 10c0/ef4a243476283fc49bc7550966c4af4aa0eef56273837211e700de3b664e08604a760cdddcb5ba43c049140e74ccfec5b0ee0bb439e08c2adf9138902fdde5f9 languageName: node linkType: hard From fa82784a71485491f519175f3100821660ca49f8 Mon Sep 17 00:00:00 2001 From: Alex Batalov Date: Mon, 25 May 2026 02:20:15 +0400 Subject: [PATCH 5/5] Revert "docs: design dependabot security remediation" --- ...6-05-25-dependabot-security-remediation.md | 355 ------------------ ...-dependabot-security-remediation-design.md | 72 ---- 2 files changed, 427 deletions(-) delete mode 100644 docs/superpowers/plans/2026-05-25-dependabot-security-remediation.md delete mode 100644 docs/superpowers/specs/2026-05-24-dependabot-security-remediation-design.md diff --git a/docs/superpowers/plans/2026-05-25-dependabot-security-remediation.md b/docs/superpowers/plans/2026-05-25-dependabot-security-remediation.md deleted file mode 100644 index 2932b5680..000000000 --- a/docs/superpowers/plans/2026-05-25-dependabot-security-remediation.md +++ /dev/null @@ -1,355 +0,0 @@ -# Dependabot Security Remediation Implementation Plan - -> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking. - -**Goal:** Close the current GitHub Dependabot alerts reported against the root `yarn.lock` without pushing from this environment. - -**Architecture:** Treat GitHub alerts and Yarn's resolved dependency graph as the source of truth. Update direct dependencies and nearby top-level dependencies first, then use root `resolutions` for transitive packages whose parents do not yet expose patched ranges. Verify by proving the vulnerable versions are gone from the lockfile and by running the repo's CI-like commands. - -**Tech Stack:** Yarn 4.9.1 workspaces, Turborepo, Docusaurus, TypeScript, Vitest, GitHub CLI. - ---- - -## File Structure - -- Modify `package.json`: bump direct root tooling dependencies and add or revise root `resolutions` for patched transitive packages. -- Modify `website/package.json`: bump Docusaurus packages together when they are the nearest practical parent for `webpack-dev-server`, `postcss`, and Babel-related alerts. -- Modify `yarn.lock`: refresh resolved package versions after manifest and resolution changes. -- Read `.github/dependabot.yml`: confirm that root Dependabot excludes `e2e/projects/**`; do not edit it unless an alert proves the exclusion is wrong. -- Leave `docs/superpowers/specs/2026-05-24-dependabot-security-remediation-design.md` unchanged unless the implementation discovers a contradiction in the approved design. - -## Alert Checklist - -The implementation must account for these open alerts: - -| Alert | Package | Patched version | Initial parent evidence | -| --- | --- | --- | --- | -| 175, 174 | `turbo` | `2.9.14` | Direct root dev dependency | -| 173 | `ws` | `8.20.1` | `webpack-dev-server`, `webpack-bundle-analyzer` | -| 172 | `qs` | `6.15.2` | `@cypress/request`, `body-parser`, `express` | -| 171 | `uuid` | `11.1.1` | `@cypress/request`, `sockjs` | -| 170 | `webpack-dev-server` | `5.2.4` | `@docusaurus/core` | -| 169 | `brace-expansion` | `5.0.6` | `minimatch@10.2.5` | -| 168 | `postcss` | `8.5.10` | Docusaurus, Vite, CSS tooling | -| 167 | `@babel/plugin-transform-modules-systemjs` | `7.29.4` | `@babel/preset-env` | -| 166, 165 | `fast-uri` | `3.1.2` | `ajv@8.18.0` | -| 164 | `ip-address` | `10.1.1` | `socks@2.8.7` | -| 162 | `follow-redirects` | `1.16.0` | `http-proxy@1.18.1` | - -### Task 1: Capture Current Dependency Evidence - -**Files:** -- Read: `package.json` -- Read: `website/package.json` -- Read: `.github/dependabot.yml` -- Read: `yarn.lock` - -- [x] **Step 1: Confirm the branch is clean except planned docs** - -Run: - -```bash -git status --short --branch -``` - -Expected: branch `codex/dependabot-security-remediation`; no uncommitted dependency files before implementation starts. - -- [x] **Step 2: Capture the open GitHub alerts** - -Run: - -```bash -gh api -H 'Accept: application/vnd.github+json' '/repos/OpenAPI-Qraft/openapi-qraft/dependabot/alerts?state=open&per_page=100' --jq '.[] | [.number, .dependency.package.name, .dependency.scope, .dependency.relationship, .security_advisory.severity, (.security_vulnerability.first_patched_version.identifier // "none"), .security_vulnerability.vulnerable_version_range] | @tsv' -``` - -Expected: the command prints the alerts listed in the Alert Checklist. If GitHub reports additional alerts, append them to the local working checklist before editing dependencies. - -- [x] **Step 3: Capture parent packages for every alert** - -Run: - -```bash -for pkg in turbo ws qs uuid webpack-dev-server brace-expansion postcss @babel/plugin-transform-modules-systemjs fast-uri ip-address follow-redirects; do - printf '\n### %s\n' "$pkg" - yarn why "$pkg" -done -``` - -Expected: output shows the current parents. Use this output to decide whether the next task can remove the alert through top-level package updates or needs `resolutions`. - -- [x] **Step 4: Capture vulnerable lockfile entries** - -Run: - -```bash -rg -n '^(turbo|ws|qs|uuid|webpack-dev-server|brace-expansion|postcss|@babel/plugin-transform-modules-systemjs|fast-uri|ip-address|follow-redirects)@' yarn.lock -``` - -Expected: output includes the currently resolved entries that GitHub flags. Save the package names and versions mentally for comparison after lockfile refresh. - -### Task 2: Apply Direct And Nearby Top-Level Updates - -**Files:** -- Modify: `package.json` -- Modify: `website/package.json` -- Modify: `yarn.lock` - -- [x] **Step 1: Update direct and nearby parents with Yarn** - -Run: - -```bash -yarn up turbo @docusaurus/core @docusaurus/preset-classic @docusaurus/remark-plugin-npm2yarn @docusaurus/module-type-aliases @docusaurus/types -``` - -Expected: Yarn updates `package.json`, `website/package.json`, and `yarn.lock`. Do not use `-R` with explicit ranges because Yarn 4 rejects ranges in recursive mode. - -- [x] **Step 2: Check which alerts remain after the top-level pass** - -Run: - -```bash -for pkg in turbo ws qs uuid webpack-dev-server brace-expansion postcss @babel/plugin-transform-modules-systemjs fast-uri ip-address follow-redirects; do - printf '\n### %s\n' "$pkg" - yarn why "$pkg" -done -``` - -Expected: `turbo` resolves to `2.9.14` or newer. `webpack-dev-server` should resolve to `5.2.4` if the Docusaurus update was enough. Other transitive packages may still need root `resolutions`. - -- [x] **Step 3: Inspect the dependency diff** - -Run: - -```bash -git diff -- package.json website/package.json yarn.lock -``` - -Expected: dependency changes are limited to manifest version bumps and lockfile refreshes. No generated source, docs content, or excluded `e2e/projects/**` files should be modified. - -### Task 3: Add Security Resolutions For Remaining Vulnerable Transitives - -**Files:** -- Modify: `package.json` -- Modify: `yarn.lock` - -- [x] **Step 1: Add root `resolutions` for still-vulnerable transitive packages** - -Edit the root `package.json` `resolutions` object. Keep existing entries and add the following entries only for packages that still resolve to vulnerable versions after Task 2: - -```json -{ - "@babel/plugin-transform-modules-systemjs@npm:^7.28.5": "npm:^7.29.4", - "@cypress/request@npm:3.0.10/uuid": "npm:11.1.1", - "fast-uri@npm:^3.0.1": "npm:^3.1.2", - "follow-redirects@npm:^1.0.0": "npm:^1.16.0", - "ip-address@npm:^10.0.1": "npm:^10.1.1", - "minimatch@npm:10.2.5/brace-expansion": "npm:^5.0.6", - "postcss": "npm:^8.5.10", - "qs@npm:~6.14.0": "npm:^6.15.2", - "qs@npm:~6.14.1": "npm:^6.15.2", - "sockjs@npm:0.3.24/uuid": "npm:11.1.1", - "webpack-dev-server@npm:^5.2.2": "npm:^5.2.4", - "ws@npm:^8.18.0": "npm:^8.20.1" -} -``` - -Expected: `package.json` remains valid JSON. Existing qraft-specific security overrides remain in place. - -- [x] **Step 2: Refresh the lockfile** - -Run: - -```bash -yarn install -``` - -Expected: Yarn completes successfully and updates `yarn.lock`. If Yarn reports an incompatible peer or resolution warning, keep the output and continue to Task 4; warnings are acceptable only if build/test verification passes. - -- [x] **Step 3: Verify immutable install** - -Run: - -```bash -yarn install --immutable -``` - -Expected: success with no lockfile changes. If it wants to modify `yarn.lock`, inspect `git diff -- yarn.lock`, run `yarn install` once more, then rerun `yarn install --immutable`. - -### Task 4: Prove The Vulnerable Versions Are Gone - -**Files:** -- Read: `package.json` -- Read: `website/package.json` -- Read: `yarn.lock` - -- [x] **Step 1: Re-run `yarn why` for every alert package** - -Run: - -```bash -for pkg in turbo ws qs uuid webpack-dev-server brace-expansion postcss @babel/plugin-transform-modules-systemjs fast-uri ip-address follow-redirects; do - printf '\n### %s\n' "$pkg" - yarn why "$pkg" -done -``` - -Expected resolved minimums: - -```text -turbo >= 2.9.14 -ws >= 8.20.1 for ws 8.x entries, or no vulnerable ws 8.x entry -qs >= 6.15.2 -uuid >= 11.1.1, or no uuid entry in a GitHub-reported vulnerable range -webpack-dev-server >= 5.2.4 -brace-expansion >= 5.0.6 for brace-expansion 5.x entries -postcss >= 8.5.10 -@babel/plugin-transform-modules-systemjs >= 7.29.4 -fast-uri >= 3.1.2 -ip-address >= 10.1.1 -follow-redirects >= 1.16.0 -``` - -- [x] **Step 2: Inspect lockfile package headers** - -Run: - -```bash -rg -n '^(turbo|ws|qs|uuid|webpack-dev-server|brace-expansion|postcss|@babel/plugin-transform-modules-systemjs|fast-uri|ip-address|follow-redirects)@' yarn.lock -``` - -Expected: no lockfile header resolves an alerted package to the vulnerable ranges from the Alert Checklist. - -- [x] **Step 3: Recheck GitHub alert state for this repository** - -Run: - -```bash -gh api -H 'Accept: application/vnd.github+json' '/repos/OpenAPI-Qraft/openapi-qraft/dependabot/alerts?state=open&per_page=100' --jq '.[] | [.number, .dependency.package.name, (.security_vulnerability.first_patched_version.identifier // "none"), .security_vulnerability.vulnerable_version_range] | @tsv' -``` - -Expected: GitHub may still show alerts until the branch is pushed and scanned. Use this output as the remote baseline; the local lockfile evidence from Steps 1 and 2 is the actionable proof before push. - -### Task 5: Run Project Verification - -**Files:** -- Read: `package.json` -- Read: `turbo.json` -- Read: the failing workspace's `package.json` when a verification command names a specific workspace. - -- [x] **Step 1: Run typecheck** - -Run: - -```bash -yarn typecheck -``` - -Expected: success. If it fails, identify the first workspace and error. Fix only failures caused by dependency changes. - -- [x] **Step 2: Run lint** - -Run: - -```bash -yarn lint -``` - -Expected: success. If it fails, identify whether the failure is dependency-induced or pre-existing. Fix dependency-induced failures. - -- [x] **Step 3: Run tests** - -Run: - -```bash -yarn test -``` - -Expected: success. If a test fails due to a dependency behavior change, fix the implementation or adjust the dependency strategy rather than weakening assertions. - -- [x] **Step 4: Run publishable build** - -Run: - -```bash -yarn build:publishable -``` - -Expected: success. This is required because `turbo`, Docusaurus/Babel/Webpack, and lockfile overrides can affect build tooling. - -- [x] **Step 5: Run website verification if Docusaurus changed** - -Run this when `website/package.json` or Docusaurus-related lockfile entries changed: - -```bash -yarn workspace openapi-qraft-website build -``` - -Expected: success. If the website build fails because Docusaurus 3.10.1 changed behavior, either fix the website issue or revert the Docusaurus bump and rely on narrower `resolutions`. - -- [x] **Step 6: Run relevant e2e if build tooling changed** - -Run the checkout's available CI-like e2e script: - -```bash -cd e2e && NPM_PUBLISH_REGISTRY=http://localhost:4873 UNSAFE_HTTP_WHITELIST=localhost yarn e2e:test -``` - -Expected: success if the local e2e environment is configured. If it leaves local fixture install/build artifacts behind, clean those artifacts before committing. - -### Task 6: Commit Dependency Remediation - -**Files:** -- Modify: `package.json` -- Modify: `website/package.json` if changed -- Modify: `yarn.lock` - -- [x] **Step 1: Check final diff** - -Run: - -```bash -git diff -- package.json website/package.json yarn.lock -``` - -Expected: diff contains dependency remediation only. - -- [x] **Step 2: Check whitespace and patch sanity** - -Run: - -```bash -git diff --check -``` - -Expected: no whitespace errors. - -- [ ] **Step 3: Stage dependency files** - -Run: - -```bash -git add package.json website/package.json yarn.lock -``` - -Expected: only files that changed are staged. If `website/package.json` did not change, Git will ignore that path or report no staged change for it. - -- [ ] **Step 4: Commit dependency remediation** - -Run: - -```bash -git commit -m "fix: remediate dependabot security alerts" -``` - -Expected: commit succeeds. Do not push. - -- [ ] **Step 5: Summarize verification evidence** - -Run: - -```bash -git status --short --branch -``` - -Expected: clean branch after the dependency commit. Final response must list the commands that passed, any command that was skipped or blocked, and the local evidence that vulnerable versions are gone. diff --git a/docs/superpowers/specs/2026-05-24-dependabot-security-remediation-design.md b/docs/superpowers/specs/2026-05-24-dependabot-security-remediation-design.md deleted file mode 100644 index 6588ab09a..000000000 --- a/docs/superpowers/specs/2026-05-24-dependabot-security-remediation-design.md +++ /dev/null @@ -1,72 +0,0 @@ -# Dependabot Security Remediation Design - -## Goal - -Close the current open GitHub Dependabot security alerts for `OpenAPI-Qraft/openapi-qraft` that are reported against the root `yarn.lock`, while staying within this branch and avoiding any push from this environment. - -The remediation is allowed to update direct dependencies, workspace dependencies, root `resolutions`, and the lockfile as needed. The deciding criterion is not the smallest possible diff; it is a dependency graph that no longer resolves vulnerable versions and still passes the project verification suite. - -## Current Alert Scope - -The initial GitHub API snapshot reported 13 open alerts in `yarn.lock`: - -- `turbo`: direct development dependency, patched in `2.9.14`. -- `ws`: transitive runtime dependency, patched in `8.20.1`. -- `qs`: transitive runtime dependency, patched in `6.15.2`. -- `uuid`: transitive runtime dependency, patched in `11.1.1` for the currently reported vulnerable range. -- `webpack-dev-server`: transitive runtime dependency, patched in `5.2.4`. -- `brace-expansion`: transitive runtime dependency, patched in `5.0.6`. -- `postcss`: transitive runtime dependency, patched in `8.5.10`. -- `@babel/plugin-transform-modules-systemjs`: transitive runtime dependency, patched in `7.29.4`. -- `fast-uri`: transitive runtime dependency, patched in `3.1.2`. -- `ip-address`: transitive runtime dependency, patched in `10.1.1`. -- `follow-redirects`: transitive runtime dependency, patched in `1.16.0`. - -The `fast-uri` package has two open advisories, both resolved by `3.1.2`. - -The repository's Dependabot config excludes `e2e/projects/**`, so this pass does not chase dependency state inside those excluded project fixtures unless they affect the root lockfile alerts. - -## Remediation Strategy - -Use a hybrid close-alerts-first strategy: - -1. Update direct dependencies through their manifest entries when they are the source of an alert. -2. For transitive alerts, prefer updating the nearest practical top-level dependency when that is a normal maintenance update and does not create an unrelated migration. -3. Use root `resolutions` when an upstream package has not yet widened or refreshed its own dependency range, or when a broad top-level update would turn this task into unrelated framework migration work. -4. Preserve existing security `resolutions` until the refreshed graph proves they are no longer needed. -5. Judge the result by the resolved graph and verification commands, not by whether every alert was solved through the same mechanism. - -## Dependency Evidence - -Before changing dependency versions, build a checklist from: - -- GitHub Dependabot alerts via `gh api`. -- `yarn why ` for each alerted package. -- Lockfile entries for vulnerable and patched versions. - -After changes, repeat the evidence pass and verify that the root graph no longer resolves versions in the reported vulnerable ranges. - -## Error Handling - -If a dependency update causes a build or test failure, first classify the failure: - -- A small API or tooling compatibility break can be fixed as part of this branch. -- A large unrelated framework migration should be avoided; replace that broad bump with a narrower dependency override when possible. -- A pre-existing verification failure should be documented with the exact command and output boundary instead of treated as a successful pass. - -Do not hide a real runtime or type regression behind another override. Overrides are acceptable only when they directly force a patched transitive dependency without changing the public behavior of qraft packages. - -## Verification Plan - -Run the smallest evidence checks after each meaningful dependency pass, then run project-level verification before completion: - -- `yarn install --immutable` or an equivalent Yarn consistency check after lockfile changes. -- `yarn why` and lockfile checks for every alerted package. -- GitHub alert snapshot through `gh api` when the branch state can be compared locally. -- `yarn typecheck`. -- `yarn lint`. -- `yarn test`. -- `yarn build:publishable` or another build command that covers affected package/tooling surfaces. -- Relevant e2e commands if dependency changes touch toolchain paths that e2e covers. - -If the full suite is too slow or blocked by pre-existing failures, record the exact commands that passed and the exact blocker for anything not completed.