Fix security vulnerabilities on node-forge CVE-2025-66031 CVE-2025-12816 #954
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Updated Docusaurus packages from ^3.8.1 to ^3.9.2 to fix webpack-dev-server vulnerabilities - @docusaurus/core - @docusaurus/plugin-google-tag-manager - @docusaurus/preset-classic - @docusaurus/theme-common - @docusaurus/module-type-aliases - Fixed HIGH severity vulnerabilities: - glob: Command injection vulnerability (GHSA-5j98-mcp5-4vw2) - node-forge: ASN.1 vulnerabilities (GHSA-554w-wvp2-vw27, GHSA-65ch-62r8-g69g, GHSA-5gfm-wpxj-wjgq) - Fixed MODERATE severity vulnerabilities: - webpack-dev-server: Source code exposure vulnerabilities (GHSA-9jgg-88mc-972h, GHSA-4v9v-hfq4-rm2v) - js-yaml: Prototype pollution vulnerability (GHSA-mh29-5h37-fv8m) - Fixed LOW severity vulnerabilities: - brace-expansion: Regular Expression Denial of Service (GHSA-v6h2-p8h4-qcjw) - on-headers: HTTP response header manipulation (GHSA-76c9-3jph-rj3q) All vulnerabilities resolved - npm audit now reports 0 vulnerabilities.
Added unique 'key' attributes to both Prebid categories to resolve duplicate translation key conflict in Japanese locale: - Prebid category under Web: key 'Prebid-Web' - Prebid category at Mobile level: key 'Prebid-Mobile' This fixes the build error: 'Multiple docs sidebar items produce the same translation key'
sidebars.js
Outdated
| { | ||
| type: 'category', | ||
| label: 'Prebid', | ||
| key: 'Prebid-Web', |
Contributor
There was a problem hiding this comment.
why were the keys added to these two items?
Collaborator
There was a problem hiding this comment.
@ashleysmithTTD great spot. @sunnywu @ashleysmithTTD I tested this branch locally, and the build failed with this message:
{
message: '"key" is not allowed',
path: [ 'key' ],
type: 'object.unknown',
context: { child: 'key', label: 'key', value: 'Prebid-Web', key: 'key' }
}
Contributor
Author
There was a problem hiding this comment.
well this is the error when i didn't add these new keys. @genwhittTTD @ashleysmithTTD could you help having a look and advise if there is alternative way to fix it?
Building locally using "npm start" definitely didn't have this problem (with/without the sidebar.js change)
ashleysmithTTD
approved these changes
Dec 2, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
docusaurus upgrade release notes can be found here
Update for node-forge vulnerabilities https://avd.aquasec.com/nvd/2025/cve-2025-12816/ https://avd.aquasec.com/nvd/2025/cve-2025-66031/
Updated Docusaurus packages from ^3.8.1 to ^3.9.2 to fix webpack-dev-server vulnerabilities
Fixed HIGH severity vulnerabilities:
Fixed MODERATE severity vulnerabilities:
Fixed LOW severity vulnerabilities:
All vulnerabilities resolved - npm audit now reports 0 vulnerabilities.