Skip to content

Upgrade Redocly & remove unused htmltojsx#3498

Merged
mDuo13 merged 3 commits intotutorials-iav4from
upgrade_redocly_to_0.130.2
Feb 21, 2026
Merged

Upgrade Redocly & remove unused htmltojsx#3498
mDuo13 merged 3 commits intotutorials-iav4from
upgrade_redocly_to_0.130.2

Conversation

@mDuo13
Copy link
Collaborator

@mDuo13 mDuo13 commented Feb 13, 2026
edited
Loading

  • Update to the latest Redocly version (0.130.4). (Updated)
  • Remove the htmltojsx devDependency that was the source of all the alerts about critical security vulnerabilities. As far as I know we don't actually use it now—Roman had it in the initial version of our Redocly config file, so maybe it was used for some migration scripts or something and it's been carried over unchanged since then, but as far as I can tell nothing references it and nothing broke when I removed it.
  • Remove now-redundant redirects for Japanese pages. In the new Redocly version, these work implicitly. (e.g. /ja/rippling.html/ja/docs/concepts/tokens/fungible-tokens/rippling works based on the /rippling.html/docs/concepts/tokens/fungible-tokens/rippling redirect without needing a separate entry for the Japanese version.)
  • Remove many instances of type: 301 from the redirects file. This field is optional and the default is 301. I am hoping that by removing this we will have fewer merge conflicts later because the diff won't find "matching" lines in the middle of a change.

Tested and working in local dev:

  • Homepage
  • Code Samples page
  • All the built-in dev tools
  • Translated pages, switching between them
  • Search - results seem a little less good than on production but it's not outright broken
  • 🆕 Implicit redirects for localized files

@mDuo13 mDuo13 added the redocly Issues with the Redocly toolchain label Feb 13, 2026
@amarantha-k
Copy link
Collaborator

amarantha-k commented Feb 19, 2026

npm flags security issues (details below); waiting for Redocly's response.

...
ajv <8.18.0
Severity: moderate
ajv has ReDoS when using `$data` option - https://github.com/advisories/GHSA-2g4f-4pwh-qvx6
fix available via `npm audit fix --force`
Will install @redocly/realm@0.128.1, which is a breaking change
...
fast-xml-parser 4.1.3 - 5.3.5
Severity: high
fast-xml-parser affected by DoS through entity expansion in DOCTYPE (no expansion limit) - https://github.com/advisories/GHSA-jmr7-xgp7-cmfj
fix available via `npm audit fix --force`
Will install @redocly/realm@0.128.1, which is a breaking change
...

@mDuo13
Copy link
Collaborator Author

mDuo13 commented Feb 20, 2026

Switched it to version 0.130.4 now that that version is out and updates ajv and fast-xml-parser to resolve the security alerts on those.

amarantha-k
amarantha-k approved these changes Feb 20, 2026
View reviewed changes
Copy link
Collaborator

@amarantha-k amarantha-k left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good.

@mDuo13 mDuo13 merged commit e5cd1b9 into tutorials-iav4 Feb 21, 2026
@mDuo13 mDuo13 deleted the upgrade_redocly_to_0.130.2 branch February 21, 2026 02:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@amarantha-k amarantha-k amarantha-k approved these changes

Assignees

No one assigned

Labels

redocly Issues with the Redocly toolchain

Projects

None yet

Milestone

Tutorials Revamp (part of IA v4.0)

Development

Successfully merging this pull request may close these issues.

2 participants

@mDuo13 @amarantha-k