Skip to content
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions website/package.json
Original file line number Diff line number Diff line change
Expand Up @@ -15,8 +15,8 @@
},
"dependencies": {
"@crowdin/crowdin-api-client": "^1.33.1",
"@docusaurus/core": "^3.9.0",
"@docusaurus/preset-classic": "^3.9.0",
"@docusaurus/core": "^3.8.0",
"@docusaurus/preset-classic": "^3.8.0",
Comment on lines +18 to +19

Copilot AI Feb 13, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR description states this fixes vulnerabilities SNYK-JS-AXIOS-15252993 (Prototype Pollution in axios) and SNYK-JS-AJV-15274295 (ReDoS in ajv), but downgrading Docusaurus packages from 3.9.0 to 3.8.0 would not fix these vulnerabilities if they exist in the current version. Security fixes require upgrading to patched versions, not downgrading. The PR description metadata indicates this should upgrade dependencies to fix vulnerabilities, but the actual changes do the opposite. This suggests either the PR was generated incorrectly by Snyk, or the intended changes were to upgrade to a newer version (possibly 3.10.0 or later) and were incorrectly applied as downgrades.

Copilot uses AI. Check for mistakes.
Comment on lines +18 to +19

Copilot AI Feb 13, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR downgrades @docusaurus/core and @docusaurus/preset-classic from version 3.9.0 to 3.8.0, which is counterintuitive for a security fix. Security fixes typically involve upgrading to newer versions that patch vulnerabilities, not downgrading to older versions. Additionally, this creates a version mismatch with @docusaurus/theme-search-algolia which remains at version 3.9.0 (line 20), potentially causing compatibility issues between Docusaurus packages that are designed to work together at the same version.

Copilot uses AI. Check for mistakes.
"@docusaurus/theme-search-algolia": "^3.9.0",

Copilot AI Feb 13, 2026

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version mismatch between Docusaurus packages will likely cause runtime issues. @docusaurus/theme-search-algolia at version 3.9.0 has peer dependencies expecting @docusaurus/core at version 3.9.x, but the core package is being downgraded to 3.8.0. All @Docusaurus packages should be kept at the same major.minor version to ensure compatibility. Either all three packages should be at 3.8.0 or all should be at 3.9.0.

Copilot uses AI. Check for mistakes.
"@mdx-js/react": "^3.0.0",
"@swc/core": "^1.6.0",
Expand Down
Loading
Loading