Skip to content

Update docusaurus for dependabot #10404

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update docusaurus for dependabot #10404

wants to merge 1 commit into from
+2,974 −4,570

Conversation

tempoz
Copy link
Contributor

@tempoz tempoz commented Sep 30, 2025
edited
Loading

Addresses https://github.com/buildbuddy-io/buildbuddy/security/dependabot/223

Also upgraded node since the newest docusaurus requires node 20.

@tempoz tempoz requested a review from sluongng September 30, 2025 20:56
@dan-stowell
Copy link
Contributor

@tempoz, what do you think about doing the Node upgrade separately? And going to the most recent stable version?

sluongng
sluongng reviewed Oct 2, 2025
View reviewed changes
Copy link
Contributor

@sluongng sluongng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I scanned through the change log in https://github.com/facebook/docusaurus/releases and did not notice anything breaking between 3.6.3 and 3.9.1.

👍 to Dan's suggestion: let's move the nodejs upgrade to a separate PR. Though I don't think we would be able to upgrade it to the very latest because we might need a rules_nodejs upgrade before that.

@tempoz
Copy link
Contributor Author

tempoz commented Oct 2, 2025

node 20 is the most recent LTS, which is why I picked it. Happy to separate it out, though.

@tempoz
Copy link
Contributor Author

tempoz commented Oct 2, 2025

I've separated out the node upgrade now.

@tempoz tempoz requested a review from sluongng October 2, 2025 16:08
dan-stowell
dan-stowell approved these changes Oct 2, 2025
View reviewed changes
Copy link
Contributor

@dan-stowell dan-stowell left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Once Node.js 20 is out in prod and stable, safe to merge this!
Just saw the commentary here on why Node.js 20, that's good reasoning, no need to chase Node.js 22 right this second.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sluongng sluongng sluongng approved these changes

@dan-stowell dan-stowell dan-stowell approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@tempoz @dan-stowell @sluongng