Skip to content

Replace wait-on dependency #9537

@NickGerleman

Description

@NickGerleman

Have you read the Contributing Guidelines on issues?

Prerequisites

Description

@docusaurus/core depends on wait-on@^7.0.1, which in turn depends on axios@^0.27.2. This version will now trigger GitHub vulnerability warnings due to axios/axios#6006 effecting axios before 1.6.0.

The newest version of wait-on still depends on old version of axios. Docusaurus only uses it in a single place, so it seems reasonable to remove or replace the dependency with something else.

Reproducible demo

No response

Steps to reproduce

yarn audit Docusaurus app

Expected behavior

Audit is clean

Actual behavior

Audit shows vulns from axios

Your environment

No response

Self-service

  • I'd be willing to fix this bug myself.

Metadata

Metadata

Assignees

No one assigned

    Labels

    domain: dependenciesProposal to upgrade a dependency across major versions

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions