Outdated docs site dependencies create security and maintenance risk #519
Description
The technical docs site is running on an outdated frontend/tooling stack in website/package.json, which increases security exposure and makes future maintenance harder.
Current state
The site currently depends on:
docusaurus@^1.14.7
axios@^0.21.2
qs@^6.9.6
During a local build with npm run build, the project also emits warnings that indicate stale tooling:
Highlight.js v9 has reached EOL
caniuse-lite is outdated
Why this matters
This is the highest-value issue to address first because it affects the foundation of the docs site:
Older dependencies may contain known vulnerabilities
EOL tooling increases the chance of future build breakage
It makes routine maintenance and dependency updates harder
Small UI fixes are lower priority if the underlying stack is fragile
Expected outcome
We should modernize the docs site dependency stack, starting with the most exposed packages and then addressing the Docusaurus version path.
Suggested scope
Audit vulnerable or outdated dependencies in website/package.json
Upgrade or replace axios@0.21.2
Upgrade qs to a safe supported version
Assess migration path from Docusaurus v1 to a supported version
Remove build-time warnings related to outdated Highlight.js / Browserslist data
Acceptance criteria
npm install and npm run build succeed cleanly
No EOL warning from Highlight.js in the build
No known high-severity dependency issues in the docs app
The docs site still renders correctly after upgrades
Notes
There are smaller code issues in the repo, but this one should be prioritized because it has the largest impact on security, maintainability, and future development velocity.