Skip to content

Upgrade Docusaurus to 3.10#2879

Merged
alexandratran merged 4 commits into
mainfrom
upgrade-docusaurus
Apr 23, 2026
Merged

Upgrade Docusaurus to 3.10#2879
alexandratran merged 4 commits into
mainfrom
upgrade-docusaurus

Conversation

@alexandratran

@alexandratran alexandratran commented Apr 23, 2026

Copy link
Copy Markdown
Contributor

Description

Upgrade Docusaurus and address breaking changes as necessary.

Preview

Checklist

  • If this PR updates or adds documentation content that changes or adds technical meaning, it has received an approval from an engineer or DevRel from the relevant team.
  • If this PR updates or adds documentation content, it has received an approval from a technical writer.

External contributor checklist

  • I've read the contribution guidelines.
  • I've created a new issue (or assigned myself to an existing issue) describing what this PR addresses.

Note

Medium Risk
Framework upgrade plus refactors to swizzled Tabs/Layout components can cause subtle runtime/styling or accessibility regressions in navigation and tab behavior despite being largely dependency-driven.

Overview
Upgrades Docusaurus from 3.9.2 to 3.10.0 (and updates package-lock.json accordingly), pulling in a broad set of upstream dependency bumps.

Adapts local theme overrides to the new Docusaurus internals: removes useKeyboardNavigation() from the swizzled Layout, and rewrites the swizzled Tabs implementation to use TabsProvider/useTabsContextValue while preserving custom tab item styling for flaskOnly/deprecated tab content.

Updates the iOS v6→v7 migration guide to wrap the ExtraLoginOptions table/struct examples in a <Tabs> block for clearer presentation.

Reviewed by Cursor Bugbot for commit 0d420eb. Bugbot is set up for automated code reviews on this repo. Configure here.

@alexandratran alexandratran requested review from a team as code owners April 23, 2026 00:05
@vercel

vercel Bot commented Apr 23, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
metamask-docs Ready Ready Preview, Comment Apr 23, 2026 5:21am

Request Review

@socket-security

socket-security Bot commented Apr 23, 2026

Copy link
Copy Markdown

Warning

MetaMask internal reviewing guidelines:

  • Do not ignore-all
  • Each alert has instructions on how to review if you don't know what it means. If lost, ask your Security Liaison or the supply-chain group
  • Copy-paste ignore lines for specific packages or a group of one kind with a note on what research you did to deem it safe.
    @SocketSecurity ignore npm/PACKAGE@VERSION
Action Severity Alert  (click "▶" to expand/collapse)
Warn Low
Potential code anomaly (AI signal): npm @babel/helper-module-imports is 100.0% likely to have a medium risk anomaly

Notes: The analyzed code is a Babel AST helper (ImportBuilder) used to construct import statements and interop-wrapped imports. It contains no indicators of malicious behavior, data exfiltration, backdoors, or runtime abuses. It operates within a compiler/transpiler context to produce code, not to execute arbitrary user data. Therefore, the code itself does not present security risks or malware indicators under normal usage. This is benign library behavior intended for code transformation.

Confidence: 1.00

Severity: 0.60

From: package-lock.jsonnpm/@docusaurus/core@3.10.0npm/@docusaurus/preset-classic@3.10.0npm/@metamask/profile-sync-controller@16.0.0npm/react-dropdown-select@4.12.2npm/react-select@5.10.2npm/react-spring@10.0.3npm/@babel/helper-module-imports@7.28.6

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@babel/helper-module-imports@7.28.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Low
Potential code anomaly (AI signal): npm @babel/helper-module-transforms is 100.0% likely to have a medium risk anomaly

Notes: The code is a legitimate, static-code transformation utility used in Babel to ensure proper behavior of ES module bindings after transforms. There is no evidence of malicious behavior, data leakage, or external communications within this fragment. It operates purely on AST-level transformations consistent with module import/export handling.

Confidence: 1.00

Severity: 0.60

From: package-lock.jsonnpm/@docusaurus/core@3.10.0npm/@docusaurus/preset-classic@3.10.0npm/@metamask/profile-sync-controller@16.0.0npm/react-spring@10.0.3npm/@babel/helper-module-transforms@7.28.6

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@babel/helper-module-transforms@7.28.6. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Warn Low
Potential code anomaly (AI signal): npm @docusaurus/utils is 100.0% likely to have a medium risk anomaly

Notes: The module is a benign, well-scoped utility for deterministic, URL-friendly naming with collision-avoidance. MD5 usage is acceptable here given the non-security-critical purpose, though migration to a stronger hash could be considered if future requirements demand cryptographic strength. Overall risk remains low with respect to data leakage or code behavior; the primary concern is MD5's weaknesses and potential policy guidance on hashing algorithms.

Confidence: 1.00

Severity: 0.60

From: package-lock.jsonnpm/@docusaurus/plugin-google-tag-manager@3.10.0npm/@docusaurus/theme-mermaid@3.10.0npm/@docusaurus/core@3.10.0npm/@docusaurus/plugin-content-docs@3.10.0npm/@docusaurus/preset-classic@3.10.0npm/@docusaurus/plugin-google-gtag@3.10.0npm/@docusaurus/plugin-client-redirects@3.10.0npm/@docusaurus/theme-common@3.10.0npm/@docusaurus/plugin-content-pages@3.10.0npm/@docusaurus/utils@3.10.0

ℹ Read more on: This package | This alert | What is an AI-detected potential code anomaly?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/@docusaurus/utils@3.10.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cursor Bugbot has reviewed your changes and found 1 potential issue.

Fix All in Cursor

❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.

Reviewed by Cursor Bugbot for commit 8a8f813. Configure here.

Comment thread src/theme/Tabs/index.tsx

@bgravenorst bgravenorst left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@alexandratran alexandratran merged commit 3048eac into main Apr 23, 2026
17 of 19 checks passed
@alexandratran alexandratran deleted the upgrade-docusaurus branch April 23, 2026 16:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants