Have you read the Contributing Guidelines on issues?

• I have read the Contributing Guidelines on issues.

Prerequisites

• I'm using the latest version of Docusaurus.
• I have tried the npm run clear or yarn clear command.
• I have tried rm -rf node_modules yarn.lock package-lock.json and re-installing packages.
• I have tried creating a repro with https://new.docusaurus.io.
• I have read the console error message carefully (if applicable).

Description

@docusaurus/core depends on wait-on@^7.0.1, which in turn depends on axios@^0.27.2. This version will now trigger GitHub vulnerability warnings due to axios/axios#6006 effecting axios before 1.6.0.

The newest version of wait-on still depends on old version of axios. Docusaurus only uses it in a single place, so it seems reasonable to remove or replace the dependency with something else.

Reproducible demo

No response

Steps to reproduce

yarn audit Docusaurus app

Expected behavior

Audit is clean

Actual behavior

Audit shows vulns from axios

Your environment

No response

Self-service

• I'd be willing to fix this bug myself.