chore: deps upgrade + Docusaurus 3.10 hardening (#112)

* chore: deps upgrade + Docusaurus 3.10 hardening

Upgrades:
- Docusaurus core/preset/theme-search-algolia 3.6.3 -> ^3.10.0
- @docusaurus/module-type-aliases ^3.10.0
- @mdx-js/react 3.0.0 -> ^3.1.1
- posthog-docusaurus ^2.0.5, clsx ^2.1.1, prism-react-renderer ^2.4.1
- Node engine >=16.14 -> >=20.0 (Docusaurus 3.9 dropped Node 18)

Vulnerabilities: 40 (4 low, 26 moderate, 10 high) -> 0 via:
- Docusaurus 3.10 cascade
- npm overrides for serialize-javascript ^7.0.5 (high-sev RCE/XSS in deep
  copy-webpack-plugin / css-minimizer-webpack-plugin transitives)
- npm override for webpackbar ^7.0.0 (v6 used pre-strict ProgressPlugin
  schema, broke build under newer webpack)

New Docusaurus features adopted:
- @docusaurus/faster (Rspack/SWC/LightningCSS) via future.faster + the
  required future.v4.removeLegacyPostBuildHeadAttribute flag
- storage namespace to avoid localStorage collisions across versioned docs
- onBrokenAnchors: throw (CI safety net for cross-references)
- sitemap lastmod from git, drop priority/changefreq (v4 default, SEO win)
- colorMode.respectPrefersColorScheme (auto follow OS dark/light)
- markdown.hooks.onBrokenMarkdownLinks (replaces deprecated top-level)

Cleanups uncovered by Faster:
- Deleted babel.config.js (SWC handles JS now; build emitted notice)
- Moved scarf tracking pixel from headTags to an inline plugin using
  injectHtmlTags -> postBodyTags. The <img> in <head> was invalid HTML5
  and produced 128 HTML minifier warnings under the strict SWC minifier
  (browsers tolerated it, tracking still fired). Now warning-free.

v4 prep:
- :::caution -> :::warning in docs/Server-Admin-Onboarding.md (2 places)

* ci: bump Node 18 -> 24 (latest LTS) and update GH Actions

- node-version: 18 -> 24 (latest LTS as of Apr 2026)
  Required: serialize-javascript ^7.0.5 (security override) uses the
  global crypto API which only exists in Node 19+, so the prior
  Node 18 runner failed with "ReferenceError: crypto is not defined"
- actions/checkout@v3 -> v4
- actions/setup-node@v3 -> v4
  Both v3 actions were on the deprecated Node 20 runtime
- peaceiris/actions-gh-pages@v3 -> v4

package.json engines stays >=20.0 (Docusaurus 3.10's floor) so users
running 20/22/24 locally remain supported; CI just runs latest LTS.

* chore: pin engines.node to 24.x (latest LTS)

Vercel was emitting two warnings on every deploy:
  - "engines >=20.0 ... will automatically upgrade when a new major
    Node.js Version is released"
  - "Node.js Version defined in your Project Settings (22.x) will not
    apply, Node.js Version 24.x will be used instead"

Open-ended ranges trigger Vercel's auto-upgrade behaviour. Pin to
24.x to match CI and the runtime Vercel is already selecting.

Heads-up: the Vercel Project Settings still need to be flipped from
22.x to 24.x to clear the second warning.

Author: Frooodle

.github/workflows/deploy.yml

@@ -15,10 +15,10 @@ jobs:
     name: Deploy to GitHub Pages
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
-          node-version: 18
+          node-version: 24
           cache: npm
 
       - name: Install dependencies
@@ -31,7 +31,7 @@ jobs:
       # Popular action to deploy to GitHub Pages:
       # Docs: https://github.com/peaceiris/actions-gh-pages#%EF%B8%8F-docusaurus
       - name: Deploy to GitHub Pages
-        uses: peaceiris/actions-gh-pages@v3
+        uses: peaceiris/actions-gh-pages@v4
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           # Build output to publish to the `gh-pages` branch:

.github/workflows/test-deploy.yml

@@ -12,10 +12,10 @@ jobs:
     name: Test deployment
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
-          node-version: 18
+          node-version: 24
           cache: npm
 
       - name: Install dependencies

babel.config.js

@@ -367,7 +367,7 @@ After first login, you can control how additional users are created through Sett
    - Verify you're the first user created
    - Confirm `SECURITY_ENABLELOGIN=true` is set
 
-:::caution Secure Your Admin Account
+:::warning Secure Your Admin Account
 - **Change the default password immediately** after first login
 - Use a strong password (12+ characters, mixed case, numbers, symbols)
 - Consider using SSO (OAuth2/SAML2) to avoid password management entirely
@@ -462,7 +462,7 @@ processExecutor:
 
 Navigate to **Settings → Security**
 
-:::caution Critical for Production
+:::warning Critical for Production
 These settings directly impact your organization's security. Review carefully!
 :::
 

docs/Server-Admin-Onboarding.md

@@ -21,7 +21,25 @@ const config = {
     projectName: 'Stirling-PDF', // Usually your repo name.
 
     onBrokenLinks: 'throw',
-    onBrokenMarkdownLinks: 'warn',
+    onBrokenAnchors: 'throw',
+
+    markdown: {
+        hooks: {
+            onBrokenMarkdownLinks: 'warn',
+        },
+    },
+
+    future: {
+        v4: {
+            removeLegacyPostBuildHeadAttribute: true,
+        },
+        faster: true,
+    },
+
+    storage: {
+        type: 'localStorage',
+        namespace: true,
+    },
 
     i18n: {
         defaultLocale: 'en',
@@ -55,6 +73,28 @@ const config = {
         enableInDevelopment: true, // optional
       },
     ],
+    function scarfTrackingPixelPlugin() {
+      return {
+        name: 'scarf-tracking-pixel',
+        injectHtmlTags() {
+          return {
+            postBodyTags: [
+              {
+                tagName: 'img',
+                attributes: {
+                  referrerpolicy: 'no-referrer-when-downgrade',
+                  src: 'https://static.scarf.sh/a.png?x-pxid=5d074971-2ecb-4c54-8397-30c0f91896b3',
+                  height: '1',
+                  width: '1',
+                  style: 'display:none',
+                  alt: 'x',
+                },
+              },
+            ],
+          };
+        },
+      };
+    },
   ],
   clientModules: [
     require.resolve('./src/clientModules/anchorScroll.js'),
@@ -84,26 +124,21 @@ const config = {
                 theme: {
                     customCss: require.resolve('./src/css/custom.css'),
                 },
+                sitemap: {
+                    lastmod: 'date',
+                    priority: null,
+                    changefreq: null,
+                },
             }),
         ],
     ],
-	headTags: [
-	  {
-		tagName: 'img',
-		attributes: {
-		  referrerpolicy: 'no-referrer-when-downgrade',
-		  src: 'https://static.scarf.sh/a.png?x-pxid=5d074971-2ecb-4c54-8397-30c0f91896b3',
-		  height: '1',
-		  width: '1',
-		  style: 'display:none',
-		  alt: 'x',
-		},
-	  },
-	],
-
     themeConfig:
         /** @type {import('@docusaurus/preset-classic').ThemeConfig} */
         ({
+			colorMode: {
+				defaultMode: 'light',
+				respectPrefersColorScheme: true,
+			},
 			// Improve anchor scrolling behavior
 			scrollToTop: true,
 			scrollToTopOptions: {