fix(core): upgrade serve handler min version to for upgrade users to a secure version#11833
Merged
slorber merged 2 commits intofacebook:mainfrom Mar 24, 2026
Merged
Conversation
resolves security vulnerabilities in minimatch dependency
|
Hi @BearAlliance! Thank you for your pull request and welcome to our community. Action RequiredIn order to merge any pull request (code, docs, etc.), we require contributors to sign our Contributor License Agreement, and we don't seem to have one on file for you. ProcessIn order for us to review and merge your suggested changes, please sign at https://code.facebook.com/cla. If you are contributing on behalf of someone else (eg your employer), the individual CLA may not be sufficient and your employer may need to sign the corporate CLA. Once the CLA is signed, our tooling will perform checks and validations. Afterwards, the pull request will be tagged with If you have received this in error or have any questions, please contact us at cla@meta.com. Thanks! |
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
All alerts resolved. Learn more about Socket for GitHub. This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored. |
✅ [V2]Built without sensitive environment variables
To edit notification comments on pull requests, go to your Netlify project configuration. |
|
Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Meta Open Source project. Thanks! |
|
Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Meta Open Source project. Thanks! |
slorber
approved these changes
Mar 24, 2026
Collaborator
slorber
left a comment
slorber
left a comment
There was a problem hiding this comment.
LGTM
(the CI error is unrelated, it's due to TS 6.0 being released)
| "react-router-dom": "^5.3.4", | ||
| "semver": "^7.5.4", | ||
| "serve-handler": "^6.1.6", | ||
| "serve-handler": "^6.1.7", |
Collaborator
There was a problem hiding this comment.
agree to do this change, however we are using a ^ range so technically users can already update their lockfile and get the newer version
Contributor
Author
There was a problem hiding this comment.
Agree. Doing it here alleviates users from having to understand the transitive dependent relationship. In my case, it prevents me from having to add overrides to several repos using the package.
slorber
changed the title
slorber
requested changes
Mar 24, 2026
BearAlliance
force-pushed
the
upgrade-serve-handler
branch
from
a4646a9 to
bf41a0b
Compare
Collaborator
|
thanks! |
Thiladev
pushed a commit
to Thiladev/effect-fc
that referenced
this pull request
Apr 23, 2026
This PR contains the following updates: | Package | Change | [Age](https://docs.renovatebot.com/merge-confidence/) | [Confidence](https://docs.renovatebot.com/merge-confidence/) | |---|---|---|---| | [@docusaurus/core](https://github.com/facebook/docusaurus) ([source](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus)) | [`3.9.2` → `3.10.0`](https://renovatebot.com/diffs/npm/@docusaurus%2fcore/3.9.2/3.10.0) |  |  | | [@docusaurus/module-type-aliases](https://github.com/facebook/docusaurus) ([source](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-module-type-aliases)) | [`3.9.2` → `3.10.0`](https://renovatebot.com/diffs/npm/@docusaurus%2fmodule-type-aliases/3.9.2/3.10.0) |  |  | | [@docusaurus/preset-classic](https://github.com/facebook/docusaurus) ([source](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-preset-classic)) | [`3.9.2` → `3.10.0`](https://renovatebot.com/diffs/npm/@docusaurus%2fpreset-classic/3.9.2/3.10.0) |  |  | | [@docusaurus/tsconfig](https://github.com/facebook/docusaurus) ([source](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-tsconfig)) | [`3.9.2` → `3.10.0`](https://renovatebot.com/diffs/npm/@docusaurus%2ftsconfig/3.9.2/3.10.0) |  |  | | [@docusaurus/types](https://github.com/facebook/docusaurus) ([source](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-types)) | [`3.9.2` → `3.10.0`](https://renovatebot.com/diffs/npm/@docusaurus%2ftypes/3.9.2/3.10.0) |  |  | | [@effect/language-service](https://github.com/Effect-TS/language-service) | [`^0.84.2` → `^0.85.0`](https://renovatebot.com/diffs/npm/@effect%2flanguage-service/0.84.3/0.85.1) |  |  | --- ### Release Notes <details> <summary>facebook/docusaurus (@​docusaurus/core)</summary> ### [`v3.10.0`](https://github.com/facebook/docusaurus/blob/HEAD/CHANGELOG.md#3100-2026-04-07) [Compare Source](facebook/docusaurus@v3.9.2...v3.10.0) ##### 🚀 New Feature - `docusaurus-types`, `docusaurus` - [#​11896](facebook/docusaurus#11896) feat(core): add `future.v4.mdx1CompatDisabledByDefault` flag ([@​slorber](https://github.com/slorber)) - [#​11797](facebook/docusaurus#11797) feat(core): promote `siteConfig.storage` to stable + add `future.v4.siteStorageNamespacing` flag \[Claude] ([@​slorber](https://github.com/slorber)) - [#​11571](facebook/docusaurus#11571) feat(core): support custom html elements in head tags ([@​lebalz](https://github.com/lebalz)) - `create-docusaurus` - [#​11897](facebook/docusaurus#11897) feat(create-docusaurus): update init template to `.mdx` extension and strict MDX syntax ([@​slorber](https://github.com/slorber)) - [#​11696](facebook/docusaurus#11696) feat(create-docusaurus): Newly initialized TS sites should use "strict: true" ([@​slorber](https://github.com/slorber)) - [#​11611](facebook/docusaurus#11611) feat(create-docusaurus): enable creation in current directory ([@​Mcheung7272](https://github.com/Mcheung7272)) - Other - [#​11874](facebook/docusaurus#11874) feat(ci): improve npm supply chain security - improve Dependabot config ([@​slorber](https://github.com/slorber)) - [#​11712](facebook/docusaurus#11712) feat(publish): Use trusted publishing (OIDC) for canary releases ([@​slorber](https://github.com/slorber)) - `create-docusaurus`, `docusaurus-bundler`, `docusaurus-plugin-content-blog`, `docusaurus-plugin-content-docs`, `docusaurus-plugin-content-pages`, `docusaurus-plugin-pwa`, `docusaurus-types`, `docusaurus` - [#​11802](facebook/docusaurus#11802) feat(core): Docusaurus Faster is stable + v4 future flag turns it on by default ([@​slorber](https://github.com/slorber)) - `docusaurus-mdx-loader`, `docusaurus-utils`, `docusaurus` - [#​11777](facebook/docusaurus#11777) feat(cli): `write-heading-ids` CLI now supports the `--syntax` and `--migrate` options ([@​slorber](https://github.com/slorber)) - `docusaurus-mdx-loader` - [#​11755](facebook/docusaurus#11755) feat(mdx-loader): add support for explicit `headingId` based on MD/MDX comments ([@​slorber](https://github.com/slorber)) - `docusaurus-theme-live-codeblock`, `docusaurus-theme-translations` - [#​11675](facebook/docusaurus#11675) feat(theme-live-codeblock): reset button + wire `position` prop ([@​NPX2218](https://github.com/NPX2218)) - `docusaurus-theme-classic`, `docusaurus-theme-common` - [#​11734](facebook/docusaurus#11734) feat(theme): Split `<DocCard>`, improve extensibility, better handling of emoji icons, stable classNames ([@​slorber](https://github.com/slorber)) - [#​11733](facebook/docusaurus#11733) feat(theme): Use React context for `<Tabs>`, allow custom `<TabItem>` components ([@​slorber](https://github.com/slorber)) - `docusaurus-faster`, `docusaurus` - [#​11715](facebook/docusaurus#11715) feat(bundler): upgrade to Rspack 1.7, remove useless experimental feature flags ([@​slorber](https://github.com/slorber)) - `docusaurus-plugin-content-pages` - [#​11666](facebook/docusaurus#11666) feat(pages): add support for Markdown file path links ([@​VedantMadane](https://github.com/VedantMadane)) - `docusaurus-mdx-loader`, `docusaurus-theme-classic` - [#​11642](facebook/docusaurus#11642) feat(mdx-loader): add admonitions directive support for class/id shortcuts ([@​lebalz](https://github.com/lebalz)) - `docusaurus-theme-classic` - [#​11635](facebook/docusaurus#11635) feat(theme): add MDXComponents/Li to swizzle config ([@​moskalakamil](https://github.com/moskalakamil)) - `docusaurus-theme-search-algolia` - [#​11581](facebook/docusaurus#11581) feat(theme-search-algolia): allow overriding transformSearchClient ([@​hugohaggmark](https://github.com/hugohaggmark)) - [#​11541](facebook/docusaurus#11541) feat(theme-search-algolia): add support for DocSearch v4.3.2 and new Suggested Questions ([@​NatanTechofNY](https://github.com/NatanTechofNY)) - `create-docusaurus`, `docusaurus-plugin-content-blog`, `docusaurus-plugin-content-docs`, `docusaurus-plugin-content-pages`, `docusaurus-plugin-sitemap`, `docusaurus-types`, `docusaurus-utils`, `docusaurus` - [#​11512](facebook/docusaurus#11512) feat(core): New siteConfig `future.experimental_vcs` API + `future.experimental_faster.gitEagerVcs` flag ([@​slorber](https://github.com/slorber)) ##### 🐛 Bug Fix - `docusaurus` - [#​11844](facebook/docusaurus#11844) fix(core): fix `url.resolve()` Node.js deprecation warning ([@​slorber](https://github.com/slorber)) - [#​11833](facebook/docusaurus#11833) fix(core): upgrade serve handler min version to for upgrade users to a secure version ([@​BearAlliance](https://github.com/BearAlliance)) - [#​11763](facebook/docusaurus#11763) fix(cli): fix `write-heading-ids` CLI when no files provided ([@​slorber](https://github.com/slorber)) - [#​11693](facebook/docusaurus#11693) fix(core): Remove deprecated experiments.lazyBarrel config for RsPack ([@​VedikaGupt](https://github.com/VedikaGupt)) - [#​11604](facebook/docusaurus#11604) fix(core): webpack aliases shouldn't be created for test files and typedefs ([@​slorber](https://github.com/slorber)) - [#​11603](facebook/docusaurus#11603) fix(core): Fix openBrowser AppleScript support for Arc ([@​slorber](https://github.com/slorber)) - [#​11579](facebook/docusaurus#11579) fix(core): in `isInternalUrl()`, URI protocol scheme detection should implement the spec more strictly ([@​slorber](https://github.com/slorber)) - [#​11550](facebook/docusaurus#11550) fix(core): optimize i18n integration for site builds + improve inference of locale config ([@​slorber](https://github.com/slorber)) - `docusaurus-faster`, `docusaurus` - [#​11817](facebook/docusaurus#11817) fix(faster): upgrade Rspack, fix Yarn PnP support ([@​slorber](https://github.com/slorber)) - `create-docusaurus`, `docusaurus-logger`, `docusaurus-plugin-content-blog`, `docusaurus-plugin-content-docs`, `docusaurus-plugin-google-gtag`, `docusaurus-plugin-pwa`, `docusaurus` - [#​11843](facebook/docusaurus#11843) fix(create-docusaurus): fix support for TypeScript 6.0 + fix our CI ([@​slorber](https://github.com/slorber)) - `docusaurus-utils` - [#​11804](facebook/docusaurus#11804) fix(utils): Git Eager VSC should have better DX ([@​slorber](https://github.com/slorber)) - `docusaurus-theme-classic` - [#​11796](facebook/docusaurus#11796) fix(theme): restore copy-text-to-clipboard as lazy fallback for non-secure contexts ([@​dmoranp](https://github.com/dmoranp)) - [#​11513](facebook/docusaurus#11513) fix(a11y): add Space key support for navbar dropdowns ([@​TheCyperpunk](https://github.com/TheCyperpunk)) - [#​11565](facebook/docusaurus#11565) fix(theme): Change code block line from span to div, fix Firefox text selection/copy bug ([@​slorber](https://github.com/slorber)) - `docusaurus-plugin-content-docs` - [#​11794](facebook/docusaurus#11794) fix(content-docs): translate generated-index category titles in pagination links ([@​dmoranp](https://github.com/dmoranp)) - [#​11743](facebook/docusaurus#11743) fix(content-docs): use category key for generated-index translation lookup ([@​4RH1T3CT0R7](https://github.com/4RH1T3CT0R7)) - [#​11616](facebook/docusaurus#11616) fix(docs): breadcrumb APIs only return category/docs items, ignoring links ([@​Chesars](https://github.com/Chesars)) - `docusaurus-plugin-google-gtag` - [#​11770](facebook/docusaurus#11770) fix(create-docusaurus): update [@​types/gtag](https://github.com/types/gtag).js to 0.0.20 ([@​fresh3nough](https://github.com/fresh3nough)) - `docusaurus-theme-search-algolia` - [#​11683](facebook/docusaurus#11683) fix(algolia): upgrade to DocSearch 4.5 + fix types ([@​slorber](https://github.com/slorber)) - [#​11560](facebook/docusaurus#11560) fix(theme-search-algolia): preserve query strings in useSearchResultUrlProcessor ([@​pyrytakala](https://github.com/pyrytakala)) - `docusaurus-plugin-content-blog` - [#​11736](facebook/docusaurus#11736) fix(content-blog): fix wrong path variable in feed XSLT CSS file validation ([@​akshatsinha0](https://github.com/akshatsinha0)) - [#​11577](facebook/docusaurus#11577) fix(blog): Fix author paginated page url: `/blog/authors/<author>/page/2` ([@​slorber](https://github.com/slorber)) - [#​11562](facebook/docusaurus#11562) chore(blog): refactor blog Content, remove useless `blogListPaginated` attribute ([@​slorber](https://github.com/slorber)) - [#​11559](facebook/docusaurus#11559) fix(content-blog): filter unlisted posts from author pages ([@​pyrytakala](https://github.com/pyrytakala)) - `docusaurus-theme-classic`, `docusaurus-theme-common` - [#​11713](facebook/docusaurus#11713) fix(a11y): remove `useKeyboardNavigation` hook ([@​nmggithub](https://github.com/nmggithub)) - `docusaurus-plugin-ideal-image` - [#​11659](facebook/docusaurus#11659) fix(ideal-image): `<IdealImage>` should forward remaining props to the underlying component ([@​tempoz](https://github.com/tempoz)) - `eslint-plugin` - [#​11587](facebook/docusaurus#11587) fix(eslint-plugin): specify exact type of `no-untranslated-text` rule options ([@​andreww2012](https://github.com/andreww2012)) - `docusaurus-mdx-loader` - [#​11530](facebook/docusaurus#11530) fix(mdx-loader): fix url.parse deprecation warning on Node 24+ ([@​kou029w](https://github.com/kou029w)) - `docusaurus-bundler`, `docusaurus-faster`, `docusaurus-theme-mermaid` - [#​11496](facebook/docusaurus#11496) fix(faster): fix server build SWC / browserslist node target ([@​slorber](https://github.com/slorber)) ##### :running\_woman: Performance - `docusaurus-plugin-content-blog` - [#​11707](facebook/docusaurus#11707) refactor(content-blog): decouple getTagsFile from generateBlogPosts ([@​garry00107](https://github.com/garry00107)) - `create-docusaurus`, `docusaurus-utils`, `docusaurus` - [#​11684](facebook/docusaurus#11684) refactor(create-docusaurus): remove useless dependencies (docusaurus-utils, execa, fs-extra) + simplify some code ([@​slorber](https://github.com/slorber)) - `create-docusaurus` - [#​11653](facebook/docusaurus#11653) refactor(create-docusaurus): replace lodash with native implementation ([@​torresgol10](https://github.com/torresgol10)) ##### 📝 Documentation - `docusaurus` - [#​11779](facebook/docusaurus#11779) chore(website): migrate MDX heading ids to comment syntax + upgrade Crowdin parser version ([@​slorber](https://github.com/slorber)) - Other - [#​11784](facebook/docusaurus#11784) docs(website): change recommended syntax for math equations ([@​slorber](https://github.com/slorber)) - [#​11623](facebook/docusaurus#11623) docs: Add expose-markdown-docusaurus-plugin resource ([@​FlyNumber](https://github.com/FlyNumber)) ##### 🤖 Dependencies - Other - [#​11886](facebook/docusaurus#11886) chore(deps): bump react-json-view-lite from 2.3.0 to 2.5.0 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11885](facebook/docusaurus#11885) chore(deps): bump postcss from 8.5.4 to 8.5.8 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11888](facebook/docusaurus#11888) chore(deps): bump lodash from 4.17.23 to 4.18.1 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11882](facebook/docusaurus#11882) chore(deps): bump [@​babel/core](https://github.com/babel/core) from 7.28.6 to 7.29.0 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11880](facebook/docusaurus#11880) chore(deps): bump fs-extra and [@​types/fs-extra](https://github.com/types/fs-extra) ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11861](facebook/docusaurus#11861) chore(deps): bump preactjs/compressed-size-action from 2.9.0 to 2.9.1 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11851](facebook/docusaurus#11851) chore(deps): bump handlebars from 4.7.7 to 4.7.9 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11849](facebook/docusaurus#11849) chore(deps): bump convict from 6.2.4 to 6.2.5 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11857](facebook/docusaurus#11857) chore(deps): bump node-forge from 1.3.2 to 1.4.0 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11838](facebook/docusaurus#11838) chore(deps-dev): bump picomatch from 2.3.1 to 2.3.2 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11822](facebook/docusaurus#11822) chore(deps): bump flatted from 3.3.1 to 3.4.2 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11810](facebook/docusaurus#11810) chore(deps): bump marocchino/sticky-pull-request-comment from 2.9.4 to 3.0.2 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11811](facebook/docusaurus#11811) chore(deps): bump treosh/lighthouse-ci-action from 12.6.1 to 12.6.2 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11813](facebook/docusaurus#11813) chore(deps): bump socket.io-parser from 4.2.4 to 4.2.6 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11806](facebook/docusaurus#11806) chore(deps): bump yauzl from 3.1.3 to 3.2.1 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11789](facebook/docusaurus#11789) chore(deps): bump actions/dependency-review-action from 4.8.3 to 4.9.0 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11790](facebook/docusaurus#11790) chore(deps): bump actions/setup-node from 6.2.0 to 6.3.0 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11776](facebook/docusaurus#11776) chore(deps): bump dompurify from 3.2.5 to 3.3.2 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11768](facebook/docusaurus#11768) chore(deps): bump actions/upload-artifact from 6.0.0 to 7.0.0 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11774](facebook/docusaurus#11774) chore(deps): bump svgo from 3.2.0 to 3.3.3 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11762](facebook/docusaurus#11762) chore(deps): bump rollup from 2.79.2 to 2.80.0 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11756](facebook/docusaurus#11756) chore(deps): bump actions/dependency-review-action from 4.8.2 to 4.8.3 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11692](facebook/docusaurus#11692) chore(deps): bump actions/checkout from 6.0.1 to 6.0.2 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11679](facebook/docusaurus#11679) chore(deps): bump lodash from 4.17.21 to 4.17.23 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11674](facebook/docusaurus#11674) chore(deps): bump actions/setup-node from 6.1.0 to 6.2.0 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11625](facebook/docusaurus#11625) chore(deps): bump preactjs/compressed-size-action from 2.8.0 to 2.9.0 - pin all remaining GitHub actions ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11608](facebook/docusaurus#11608) chore(deps): bump actions/setup-node from 6.0.0 to 6.1.0 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11609](facebook/docusaurus#11609) chore(deps): bump actions/checkout from 6.0.0 to 6.0.1 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11589](facebook/docusaurus#11589) chore(deps): bump mdast-util-to-hast from 13.2.0 to 13.2.1 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11574](facebook/docusaurus#11574) chore(deps): bump node-forge from 1.3.1 to 1.3.2 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11557](facebook/docusaurus#11557) chore(deps): bump actions/dependency-review-action from 4.8.1 to 4.8.2 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11569](facebook/docusaurus#11569) chore(deps): bump actions/checkout from 5.0.0 to 6.0.0 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11551](facebook/docusaurus#11551) chore(deps): bump js-yaml from 4.1.0 to 4.1.1 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11514](facebook/docusaurus#11514) chore(deps): bump actions/upload-artifact from 4 to 5 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11515](facebook/docusaurus#11515) chore(deps): bump github/codeql-action from 4.30.9 to 4.31.0 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11504](facebook/docusaurus#11504) chore(deps): bump github/codeql-action from 4.30.8 to 4.30.9 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - [#​11503](facebook/docusaurus#11503) chore(deps): bump actions/setup-node from 5.0.0 to 6.0.0 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) - `docusaurus-bundler`, `docusaurus-mdx-loader` - [#​11717](facebook/docusaurus#11717) chore(deps): bump webpack from 5.95.0 to 5.104.1 ([@​dependabot\[bot\]](https://github.com/apps/dependabot)) ##### 🔧 Maintenance - Other - [#​11846](facebook/docusaurus#11846) chore(website): disable `mdx1Compat.comments` on our site ([@​slorber](https://github.com/slorber)) - [#​11845](facebook/docusaurus#11845) chore(website): Upgrade to Algolia v4.6 ([@​slorber](https://github.com/slorber)) - [#​11795](facebook/docusaurus#11795) chore(ci): canary/trusted publishing shouldn't use any caching ([@​slorber](https://github.com/slorber)) - [#​11753](facebook/docusaurus#11753) chore: Add basic AGENTS.md ([@​slorber](https://github.com/slorber)) - [#​11639](facebook/docusaurus#11639) test(jest): simplify Jest snapshotPathNormalizer.ts ([@​slorber](https://github.com/slorber)) - [#​11626](facebook/docusaurus#11626) chore(website): upgrade to DocSearch 4.4.0 + fix little website theming issues ([@​slorber](https://github.com/slorber)) - [#​11553](facebook/docusaurus#11553) chore(ci): upgrade Netlify to Node 24 (LTS) + add `git backfill` command ([@​slorber](https://github.com/slorber)) - `create-docusaurus`, `docusaurus-babel`, `docusaurus-bundler`, `docusaurus-cssnano-preset`, `docusaurus-faster`, `docusaurus-logger`, `docusaurus-mdx-loader`, `docusaurus-module-type-aliases`, `docusaurus-plugin-client-redirects`, `docusaurus-plugin-content-blog`, `docusaurus-plugin-content-docs`, `docusaurus-plugin-content-pages`, `docusaurus-plugin-css-cascade-layers`, `docusaurus-plugin-debug`, `docusaurus-plugin-google-analytics`, `docusaurus-plugin-google-gtag`, `docusaurus-plugin-google-tag-manager`, `docusaurus-plugin-ideal-image`, `docusaurus-plugin-pwa`, `docusaurus-plugin-rsdoctor`, `docusaurus-plugin-sitemap`, `docusaurus-plugin-svgr`, `docusaurus-plugin-vercel-analytics`, `docusaurus-preset-classic`, `docusaurus-remark-plugin-npm2yarn`, `docusaurus-theme-classic`, `docusaurus-theme-common`, `docusaurus-theme-live-codeblock`, `docusaurus-theme-mermaid`, `docusaurus-theme-search-algolia`, `docusaurus-theme-translations`, `docusaurus-tsconfig`, `docusaurus-types`, `docusaurus-utils-common`, `docusaurus-utils-validation`, `docusaurus-utils`, `docusaurus`, `eslint-plugin`, `lqip-loader`, `stylelint-copyright` - [#​11823](facebook/docusaurus#11823) chore(ci): fixes for the npm trusted publishing workflow ([@​slorber](https://github.com/slorber)) - [#​11819](facebook/docusaurus#11819) chore(ci): add Trusted Publishing release workflow through dispatch action ([@​slorber](https://github.com/slorber)) - `docusaurus-plugin-content-docs`, `docusaurus-plugin-ideal-image`, `docusaurus-theme-classic`, `docusaurus-theme-common`, `docusaurus-theme-mermaid`, `docusaurus-utils`, `docusaurus` - [#​11698](facebook/docusaurus#11698) chore(monorepo): upgrade React packages to v19 ([@​slorber](https://github.com/slorber)) - `docusaurus-cssnano-preset`, `docusaurus-logger`, `docusaurus-mdx-loader`, `docusaurus-plugin-client-redirects`, `docusaurus-plugin-content-blog`, `docusaurus-plugin-content-docs`, `docusaurus-plugin-content-pages`, `docusaurus-plugin-ideal-image`, `docusaurus-remark-plugin-npm2yarn`, `docusaurus-theme-classic`, `docusaurus-theme-common`, `docusaurus-utils-validation`, `docusaurus-utils`, `docusaurus` - [#​11702](facebook/docusaurus#11702) chore(monorepo): upgrade to Jest 30 ([@​slorber](https://github.com/slorber)) - `docusaurus-theme-classic`, `docusaurus-theme-common`, `docusaurus` - [#​11697](facebook/docusaurus#11697) chore(monorepo): upgrade React monorepo types to v19 ([@​slorber](https://github.com/slorber)) - `docusaurus-babel` - [#​11586](facebook/docusaurus#11586) chore(deps): remove unused [@​babel/runtime-corejs3](https://github.com/babel/runtime-corejs3) dependency ([@​JustinBeckwith](https://github.com/JustinBeckwith)) - `docusaurus-plugin-content-blog` - [#​11564](facebook/docusaurus#11564) test(blog): Add basic tests for blog routes. ([@​slorber](https://github.com/slorber)) ##### :globe\_with\_meridians: Translations - `docusaurus-theme-translations` - [#​11632](facebook/docusaurus#11632) feat(i18n): add Urdu (ur) default theme translations ([@​hammadurrehman2006](https://github.com/hammadurrehman2006)) - [#​11533](facebook/docusaurus#11533) fix(translations): complete theme translations for Algolia pt-br ([@​luicfrr](https://github.com/luicfrr)) ##### Committers: 41 - Akshat Sinha ([@​akshatsinha0](https://github.com/akshatsinha0)) - Aleksandar Zgonjan ([@​acosoft](https://github.com/acosoft)) - Andrew Kazakov ([@​andreww2012](https://github.com/andreww2012)) - Anukool Pandey ([@​ANUKOOL324](https://github.com/ANUKOOL324)) - Artem Lytkin ([@​4RH1T3CT0R7](https://github.com/4RH1T3CT0R7)) - Balthasar Hofer ([@​lebalz](https://github.com/lebalz)) - Bhoomi Sharma ([@​Bhoomi070](https://github.com/Bhoomi070)) - Cesar Garcia ([@​Chesars](https://github.com/Chesars)) - Denny Morán ([@​dmoranp](https://github.com/dmoranp)) - Dmitriy Rotaenko ([@​dmitriyrotaenko](https://github.com/dmitriyrotaenko)) - Eoin Shaughnessy ([@​EoinTrial](https://github.com/EoinTrial)) - Gaurav Sulsule ([@​garry00107](https://github.com/garry00107)) - Gnana Eswar Gunturu ([@​GnanaEswarGunturu](https://github.com/GnanaEswarGunturu)) - Hugo Häggmark ([@​hugohaggmark](https://github.com/hugohaggmark)) - Ivan Torres ([@​torresgol10](https://github.com/torresgol10)) - Justin Beckwith ([@​JustinBeckwith](https://github.com/JustinBeckwith)) - Kamil Moskała ([@​moskalakamil](https://github.com/moskalakamil)) - Kohei Watanabe ([@​kou029w](https://github.com/kou029w)) - Kuldeep Prasad Mishra ([@​kmish9685](https://github.com/kmish9685)) - Kunwardeep Singh ([@​work109677-sudo](https://github.com/work109677-sudo)) - Luiz Carlos ([@​luicfrr](https://github.com/luicfrr)) - Matthew Cheung ([@​Mcheung7272](https://github.com/Mcheung7272)) - Max Clayton Clowes ([@​mcclowes](https://github.com/mcclowes)) - Misrilal ([@​Misrilal-Sah](https://github.com/Misrilal-Sah)) - Muhammad Hammad ur Rehman ([@​hammadurrehman2006](https://github.com/hammadurrehman2006)) - Nader Jaber ([@​FlyNumber](https://github.com/FlyNumber)) - Natan Yagudayev ([@​NatanTechofNY](https://github.com/NatanTechofNY)) - Neel Bansal ([@​NPX2218](https://github.com/NPX2218)) - Nick Cacace ([@​BearAlliance](https://github.com/BearAlliance)) - Noah Gregory ([@​nmggithub](https://github.com/nmggithub)) - Poetry Of Code ([@​poetryofcode](https://github.com/poetryofcode)) - Pyry Takala ([@​pyrytakala](https://github.com/pyrytakala)) - Salman Chishti ([@​salmanmkc](https://github.com/salmanmkc)) - Sreehari Upas ([@​SreehariU](https://github.com/SreehariU)) - Sébastien Lorber ([@​slorber](https://github.com/slorber)) - Vedant Madane ([@​VedantMadane](https://github.com/VedantMadane)) - Vedika Gupta ([@​VedikaGupt](https://github.com/VedikaGupt)) - Zoey Greer ([@​tempoz](https://github.com/tempoz)) - [@​TheCyperpunk](https://github.com/TheCyperpunk) - [@​snikkrs](https://github.com/snikkrs) - fre$h ([@​fresh3nough](https://github.com/fresh3nough) </details> <details> <summary>Effect-TS/language-service (@​effect/language-service)</summary> ### [`v0.85.1`](https://github.com/Effect-TS/language-service/releases/tag/%40effect/language-service%400.85.1) [Compare Source](https://github.com/Effect-TS/language-service/compare/@effect/language-service@0.85.0...@effect/language-service@0.85.1) ##### Patch Changes - [#​726](Effect-TS/language-service#726) [`fd4a8da`](Effect-TS/language-service@fd4a8da) Thanks [@​mattiamanzati](https://github.com/mattiamanzati)! - Update the Effect v4 beta examples and type parsing to match the renamed Context APIs in the latest 4.0.0-beta releases. - [#​724](Effect-TS/language-service#724) [`14d5798`](Effect-TS/language-service@14d5798) Thanks [@​mattiamanzati](https://github.com/mattiamanzati)! - Refactor Effect context tracking to use cached node context flags and direct generator lookups. This aligns the TypeScript implementation more closely with the TSGo version and simplifies diagnostics that need to detect whether code is inside an Effect generator. ### [`v0.85.0`](https://github.com/Effect-TS/language-service/releases/tag/%40effect/language-service%400.85.0) [Compare Source](https://github.com/Effect-TS/language-service/compare/@effect/language-service@0.84.3...@effect/language-service@0.85.0) ##### Minor Changes - [#​720](Effect-TS/language-service#720) [`4229bb9`](Effect-TS/language-service@4229bb9) Thanks [@​mattiamanzati](https://github.com/mattiamanzati)! - Add the `nestedEffectGenYield` diagnostic to detect `yield* Effect.gen(...)` inside an existing Effect generator context. Example: ```ts Effect.gen(function* () { yield* Effect.gen(function* () { yield* Effect.succeed(1); }); }); ``` - [#​723](Effect-TS/language-service#723) [`da9cc4b`](Effect-TS/language-service@da9cc4b) Thanks [@​mattiamanzati](https://github.com/mattiamanzati)! - Add the `effectMapFlatten` style diagnostic for `Effect.map(...)` immediately followed by `Effect.flatten` in pipe flows. Example: ```ts import { Effect } from "effect"; const program = Effect.succeed(1).pipe( Effect.map((n) => Effect.succeed(n + 1)), Effect.flatten ); ``` - [#​718](Effect-TS/language-service#718) [`0af7c0f`](Effect-TS/language-service@0af7c0f) Thanks [@​mattiamanzati](https://github.com/mattiamanzati)! - Add the `lazyPromiseInEffectSync` diagnostic to catch `Effect.sync(() => Promise...)` patterns and suggest using `Effect.promise` or `Effect.tryPromise` for async work. Example: ```ts Effect.sync(() => Promise.resolve(1)); ``` - [#​714](Effect-TS/language-service#714) [`32985b2`](Effect-TS/language-service@32985b2) Thanks [@​mattiamanzati](https://github.com/mattiamanzati)! - Add `processEnv` and `processEnvInEffect` diagnostics to guide `process.env.*` reads toward Effect `Config` APIs. Examples: - `process.env.PORT` - `process.env["API_KEY"]` - [#​721](Effect-TS/language-service#721) [`f05ae89`](Effect-TS/language-service@f05ae89) Thanks [@​mattiamanzati](https://github.com/mattiamanzati)! - Add the `unnecessaryArrowBlock` style diagnostic for arrow functions whose block body only returns an expression. Example: ```ts const trim = (value: string) => { return value.trim(); }; ``` - [#​717](Effect-TS/language-service#717) [`b77848a`](Effect-TS/language-service@b77848a) Thanks [@​mattiamanzati](https://github.com/mattiamanzati)! - Add `newPromise` and `asyncFunction` effect-native diagnostics to report manual `Promise` construction and async function declarations, with guidance toward Effect-based async control flow. - [#​722](Effect-TS/language-service#722) [`6f19858`](Effect-TS/language-service@6f19858) Thanks [@​mattiamanzati](https://github.com/mattiamanzati)! - Add the `effectDoNotation` style diagnostic for `Effect.Do` usage and suggest migrating to `Effect.gen` or `Effect.fn`. Example: ```ts import { pipe } from "effect/Function"; import { Effect } from "effect"; const program = pipe( Effect.Do, Effect.bind("a", () => Effect.succeed(1)), Effect.let("b", ({ a }) => a + 1) ); ``` - [#​716](Effect-TS/language-service#716) [`c3f67b0`](Effect-TS/language-service@c3f67b0) Thanks [@​mattiamanzati](https://github.com/mattiamanzati)! - Add `cryptoRandomUUID` and `cryptoRandomUUIDInEffect` diagnostics for Effect v4 to discourage `crypto.randomUUID()` in favor of the Effect `Random` module, which uses Effect-injected randomness instead of the global crypto implementation. ##### Patch Changes - [#​719](Effect-TS/language-service#719) [`d23980a`](Effect-TS/language-service@d23980a) Thanks [@​mattiamanzati](https://github.com/mattiamanzati)! - Update the Effect v4 beta dependencies to `4.0.0-beta.43` for the language service and v4 harness packages. </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xMDkuNSIsInVwZGF0ZWRJblZlciI6IjQzLjExMC4xNCIsInRhcmdldEJyYW5jaCI6Im5leHQiLCJsYWJlbHMiOltdfQ==--> Reviewed-on: https://git.valverde.cloud/Thilawyn/effect-fc/pulls/45 Co-authored-by: Renovate Bot <renovate-bot@valverde.cloud> Co-committed-by: Renovate Bot <renovate-bot@valverde.cloud>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR resolves security vulnerabilities in the minimatch dependency.
This is a non-breaking change.
See vercel/serve-handler#228 for details on the security vulnerabilities that were fixed.
Note: minimatch@3.0.5 — pinned exact version, required by @lerna/* and nx. Can't be changed without modifying those packages' dependency declarations. That's a separate concern though.
Pre-flight checklist
Motivation
Resolving security vulnerabilities in transitive dependency.
Test Plan
Existing tests should be sufficient.
Test links
Deploy preview: https://deploy-preview-_____--docusaurus-2.netlify.app/
Related issues/PRs
None in this project that I could find.