update vulnerable dependencies of @docusaurus/bundler

[overheadhunter]

No description provided.

[Copilot]

Pull request overview

This PR adds npm overrides to force newer versions of two transitive dependencies of @docusaurus/bundler in order to address known vulnerabilities.

Changes:

• Adds overrides for copy-webpack-plugin (→ 14.0.0) and css-minimizer-webpack-plugin (→ 8.0.0) to resolve security vulnerabilities in their older versions pulled in by Docusaurus.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

These overrides jump multiple major versions beyond what @docusaurus/bundler declares as compatible (copy-webpack-plugin from ^11 → 14.0.0, css-minimizer-webpack-plugin from ^5 → 8.0.0). Major version bumps often include breaking API changes, and using versions outside the range supported by the upstream package can cause subtle build or runtime issues that won't surface until a Docusaurus internal API call hits an incompatible code path.

Please verify the site builds and renders correctly with these overrides (e.g., npm run build succeeds and CSS is properly minified). If possible, it would also be safer to pin to the minimum major version that resolves the vulnerability rather than jumping to the latest major.

Suggested change

	"copy-webpack-plugin": "14.0.0",
	"css-minimizer-webpack-plugin": "8.0.0"
	"copy-webpack-plugin": "^11.0.0",
	"css-minimizer-webpack-plugin": "^5.0.0"

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 9e1dfb6b-c438-4ab2-9bb1-caffe9cabec3

📥 Commits

Reviewing files that changed from the base of the PR and between e190e19 and e139e84.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json

---

Walkthrough

A new overrides field is introduced at the root level of package.json to pin two transitive dependencies: copy-webpack-plugin at version 14.0.0 and css-minimizer-webpack-plugin at version 8.0.0. This configuration addition contains no logic or control flow modifications.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	No description was provided by the author, making it impossible to assess whether the description relates to the changeset.	Add a description explaining why these dependencies are vulnerable, what versions are being pinned, and any testing performed to validate the updates.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly describes the main change: updating vulnerable dependencies in the @docusaurus/bundler package by pinning transitive dependencies (copy-webpack-plugin and css-minimizer-webpack-plugin).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/update-transitive-dependencies

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}