chore(deps): bump the docusaurus-dependencies group across 1 directory with 6 updates#599
Conversation
dependabot
Bot
added
dependencies
dependabot
Bot
added
dependencies
github-actions
Bot
changed the title
Dependency Review✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #599 +/- ##
==========================================
+ Coverage 65.16% 67.70% +2.53%
==========================================
Files 251 263 +12
Lines 15597 16827 +1230
Branches 2152 2290 +138
==========================================
+ Hits 10164 11392 +1228
Misses 5142 5142
- Partials 291 293 +2
*This pull request uses carry forward flags. Click here to find out more. 🚀 New features to boost your workflow:
|
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Advisory Review Summary
Surfaces touched: docs/docusaurus (documentation site npm packages — isolated from production surfaces)
| Package | From | To | Severity | Surface |
|---|---|---|---|---|
@docusaurus/core |
3.10.0 |
3.10.1 |
None identified | docs |
@docusaurus/plugin-client-redirects |
3.10.0 |
3.10.1 |
None identified | docs |
@docusaurus/preset-classic |
3.10.0 |
3.10.1 |
None identified | docs |
@docusaurus/module-type-aliases |
3.10.0 |
3.10.1 |
None identified | docs |
@docusaurus/tsconfig |
3.10.0 |
3.10.1 |
None identified | docs |
@docusaurus/types |
3.10.0 |
3.10.1 |
None identified | docs |
@docusaurus/* (grouped patch)
Advisory summary: No GHSA or CVE identifiers were found in the PR body. The security(deps): title prefix indicates Dependabot flagged this as security-related; however no published advisory record was identifiable — GHSA API and OSV.dev were unavailable in the sandbox. If a specific advisory was linked by Dependabot, it can be verified at github.com/advisories.
Release notes (sourced from Docusaurus releases):
3.10.1 (2026-04-30) — Bug Fix
docusaurus-bundler: fix(bundler): fix v3 webpackbar bug due to webpack breaking change (#11981)Maintenance
docusaurus: chore: cherry-pick commits for v3.10.1 patch release (#11982)
Repo-specific risk notes:
- Patch bump (3.10.0 → 3.10.1); no major or minor version boundary crossed.
- Both
docs/docusaurus/package.json(manifest) anddocs/docusaurus/package-lock.json(lockfile) are updated — this is not a lockfile-only transitive pin. docs/docusaurusis the documentation site only, isolated fromdata-management/viewer/frontend/, training, evaluation, and infrastructure surfaces. No ABI sensitivity, no CUDA/numpy concerns, no peer-dep conflicts with production code.- Manifest is covered by
.github/dependabot.ymlunderdirectory: "/docs/docusaurus"with groupdocusaurus-dependencies. No uncovered-manifest note required.
Validation Signal
Deterministic CI: PR Validation: in_progress:in_progress
Static impact reasoning: Only docs/docusaurus/package.json and docs/docusaurus/package-lock.json are modified. No training, evaluation, terraform, or infrastructure manifests are touched. The Isaac Sim ABI guard (numpy >=1.26.0,<2.0.0), torch/tensordict/onnxruntime-gpu checks, and Terraform provider breaking-change checks do not apply.
Advisory verdict: COMMENT — CI conclusion is pending; the security(deps): prefix could not be resolved to a specific advisory identifier. Low inherent risk (patch, docs-only surface); APPROVE may be appropriate once CI is green and, if applicable, the linked advisory is confirmed fixed.
Note
🔒 Integrity filter blocked 1 item
The following item were blocked because they don't meet the GitHub integrity level.
- #599
pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
To allow these resources, lower min-integrity in your GitHub frontmatter:
tools:
github:
min-integrity: approved # merged | approved | unapproved | noneGenerated by AW Dependabot PR Review for issue #599 · ● 1.3M
| "@docusaurus/core": "3.10.0", | ||
| "@docusaurus/plugin-client-redirects": "3.10.0", | ||
| "@docusaurus/preset-classic": "3.10.0", | ||
| "@docusaurus/core": "3.10.1", |
There was a problem hiding this comment.
Docusaurus patch group bump — advisory note
All six @docusaurus/* packages move together from 3.10.0 → 3.10.1 (patch). Release notes cite a single bug fix: fix(bundler): fix v3 webpackbar bug due to webpack breaking change (facebook/docusaurus#11981).
No GHSA or CVE identifiers appear in the PR body despite the security(deps): title prefix. The GHSA/OSV enrichment chain was unavailable in the sandbox; if Dependabot linked a specific advisory record, verify it at github.com/advisories. This surface (docs/docusaurus) is isolated from training, evaluation, and infrastructure manifests — no ABI or peer-dep risk applies.
…y with 6 updates Bumps the docusaurus-dependencies group with 6 updates in the /docs/docusaurus directory: | Package | From | To | | --- | --- | --- | | [@docusaurus/core](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus) | `3.10.0` | `3.10.1` | | [@docusaurus/plugin-client-redirects](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-plugin-client-redirects) | `3.10.0` | `3.10.1` | | [@docusaurus/preset-classic](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-preset-classic) | `3.10.0` | `3.10.1` | | [@docusaurus/module-type-aliases](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-module-type-aliases) | `3.10.0` | `3.10.1` | | [@docusaurus/tsconfig](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-tsconfig) | `3.10.0` | `3.10.1` | | [@docusaurus/types](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-types) | `3.10.0` | `3.10.1` | Updates `@docusaurus/core` from 3.10.0 to 3.10.1 - [Release notes](https://github.com/facebook/docusaurus/releases) - [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus) Updates `@docusaurus/plugin-client-redirects` from 3.10.0 to 3.10.1 - [Release notes](https://github.com/facebook/docusaurus/releases) - [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus-plugin-client-redirects) Updates `@docusaurus/preset-classic` from 3.10.0 to 3.10.1 - [Release notes](https://github.com/facebook/docusaurus/releases) - [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus-preset-classic) Updates `@docusaurus/module-type-aliases` from 3.10.0 to 3.10.1 - [Release notes](https://github.com/facebook/docusaurus/releases) - [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus-module-type-aliases) Updates `@docusaurus/tsconfig` from 3.10.0 to 3.10.1 - [Release notes](https://github.com/facebook/docusaurus/releases) - [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus-tsconfig) Updates `@docusaurus/types` from 3.10.0 to 3.10.1 - [Release notes](https://github.com/facebook/docusaurus/releases) - [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/docusaurus/commits/v3.10.1/packages/docusaurus-types) --- updated-dependencies: - dependency-name: "@docusaurus/core" dependency-version: 3.10.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: docusaurus-dependencies - dependency-name: "@docusaurus/module-type-aliases" dependency-version: 3.10.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: docusaurus-dependencies - dependency-name: "@docusaurus/plugin-client-redirects" dependency-version: 3.10.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: docusaurus-dependencies - dependency-name: "@docusaurus/preset-classic" dependency-version: 3.10.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: docusaurus-dependencies - dependency-name: "@docusaurus/tsconfig" dependency-version: 3.10.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: docusaurus-dependencies - dependency-name: "@docusaurus/types" dependency-version: 3.10.1 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: docusaurus-dependencies ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
changed the title
dependabot
Bot
force-pushed
the
dependabot/npm_and_yarn/docs/docusaurus/docusaurus-dependencies-e287f7b829
branch
from
1c75ec2 to
e67ba84
Compare
There was a problem hiding this comment.
Advisory Review Summary
- Ecosystem / surface: npm —
docs/docusaurus(documentation site, not a runtime surface) - Update type: Grouped patch bump — 6
@docusaurus/*packages, all 3.10.0 → 3.10.1 - Security advisories: None — no GHSA or CVE identifiers present in this PR
- High-risk triggers: None
| Package | From | To | Severity | Surface |
|---|---|---|---|---|
@docusaurus/core |
3.10.0 | 3.10.1 | None | docs/npm |
@docusaurus/plugin-client-redirects |
3.10.0 | 3.10.1 | None | docs/npm |
@docusaurus/preset-classic |
3.10.0 | 3.10.1 | None | docs/npm |
@docusaurus/module-type-aliases |
3.10.0 | 3.10.1 | None | docs/npm |
@docusaurus/tsconfig |
3.10.0 | 3.10.1 | None | docs/npm |
@docusaurus/types |
3.10.0 | 3.10.1 | None | docs/npm |
@docusaurus/* (grouped)
Advisory summary: No security advisories found for any of the six packages in this bump. No GHSA or CVE identifiers appear in the PR body or linked release notes.
Release notes (3.10.1 — 2026-04-30):
Bug Fix:
fix(bundler): fix v3 webpackbar bug due to webpack breaking change(#11981)
Maintenance: Cherry-pick commits for v3.10.1 patch release (#11982)
Repo-specific risk notes:
- Patch-only bump within the 3.x line — no breaking changes, no API surface changes.
- All six packages are part of a single Docusaurus monorepo release; they must be co-bumped together, which this PR correctly does.
- Manifests touched:
docs/docusaurus/package.json(all 6 packages updated) anddocs/docusaurus/package-lock.json(lockfile update). - This surface (
docs/docusaurus) is a documentation-only site and is isolated from all runtime surfaces:training-rl-abi,python-runtime,dataviewer-frontend,terraform-providers, andgomodsurfaces are unaffected. - Existing
overridesinpackage.json(express,follow-redirects,lodash,path-to-regexp,qs,serialize-javascript) are unchanged by this PR — no transitive security overrides are disrupted. - No peer-dep conflicts expected: React 19, TypeScript 6.0.3, and the bundled versions remain unchanged. The webpackbar fix is internal to the Docusaurus bundler layer.
Validation Signal
Deterministic CI: PR Validation: in_progress:in_progress
⚠️ Deterministic CI conclusion not yet available; verdict is advisory only.The
PR Validationorchestrator is still running at the time of this review. See: workflow run
No per-surface check runs are applicable to this change from the surface map (the docs/docusaurus npm path is outside all mapped surfaces). The closest mapped surface would be dataviewer-frontend, but that covers only data-management/viewer/frontend/ — not the docs site.
Static impact reasoning: No ABI-sensitive packages are involved. The Isaac Sim numpy guard, torch/tensordict/onnxruntime-gpu checks, and Terraform provider guards are all inapplicable to this documentation-only npm bump.
Advisory verdict: COMMENT — CI validation is still in progress. No security advisories or high-risk triggers identified; this is a low-risk patch bump of the documentation site tooling. Safe to merge once CI passes.
Note
🔒 Integrity filter blocked 1 item
The following item were blocked because they don't meet the GitHub integrity level.
- #599
pull_request_read: has lower integrity than agent requires. The agent cannot read data with integrity below "approved".
To allow these resources, lower min-integrity in your GitHub frontmatter:
tools:
github:
min-integrity: approved # merged | approved | unapproved | noneGenerated by AW Dependabot PR Review for issue #599 · ● 527K
1 participant
Bumps the docusaurus-dependencies group with 6 updates in the /docs/docusaurus directory:
3.10.03.10.13.10.03.10.13.10.03.10.13.10.03.10.13.10.03.10.13.10.03.10.1Updates
@docusaurus/corefrom 3.10.0 to 3.10.1Release notes
Sourced from @docusaurus/core's releases.
Changelog
Sourced from @docusaurus/core's changelog.
Commits
41c1a45v3.10.1d4164aechore: cherry-pick commits for v3.10.1 patch release (#11982)Updates
@docusaurus/plugin-client-redirectsfrom 3.10.0 to 3.10.1Release notes
Sourced from @docusaurus/plugin-client-redirects's releases.
Changelog
Sourced from @docusaurus/plugin-client-redirects's changelog.
Commits
41c1a45v3.10.1Updates
@docusaurus/preset-classicfrom 3.10.0 to 3.10.1Release notes
Sourced from @docusaurus/preset-classic's releases.
Changelog
Sourced from @docusaurus/preset-classic's changelog.
Commits
41c1a45v3.10.1Updates
@docusaurus/module-type-aliasesfrom 3.10.0 to 3.10.1Release notes
Sourced from @docusaurus/module-type-aliases's releases.
Changelog
Sourced from @docusaurus/module-type-aliases's changelog.
Commits
41c1a45v3.10.1Updates
@docusaurus/tsconfigfrom 3.10.0 to 3.10.1Release notes
Sourced from @docusaurus/tsconfig's releases.
Changelog
Sourced from @docusaurus/tsconfig's changelog.
Commits
41c1a45v3.10.1Updates
@docusaurus/typesfrom 3.10.0 to 3.10.1Release notes
Sourced from @docusaurus/types's releases.
Changelog
Sourced from @docusaurus/types's changelog.
Commits
41c1a45v3.10.1