chore(): upgrade Docusaurus to 3.8

[RichardSlater]

📲 What

Upgrades Docusaurus and several transitive dependencies to address a known vulnerability in webpack-dev-server while keeping the project up-to-date.

• Upgraded various Docusaurus packages from 3.5.2 to 3.8.1.
• Upgraded react and react-dom to 19.1.0.
• Added an override for webpack-dev-server (>=5.2.1) to mitigate CVE-2025-30360.
• Additionally upgraded transitive dependencies to latest to reduce risk exposure.
• Bumped build image to Ubuntu 24.04 LTS as 20.04 has been removed.
• Update Dockerfile, CI pipeline, and .nvmrc to require Node v20
• Fixed config so that it works for Node v20

🤔 Why

As part of our responsibilities under ISO27001, we are required to manage and mitigate risks associated with software vulnerabilities. By enforcing a secure version of webpack-dev-server, we reduce the risk of known vulnerabilities being exploited in our development environment. This proactive approach to dependency management demonstrates our commitment to maintaining the confidentiality, integrity, and availability of our information assets, as required by ISO27001 controls on software development and vulnerability management.

🛠 How

Upgrades executed as per Docusaurus Upgrade process, except for webpack-dev-server which was upgrade by adding:

  "overrides": {
    "webpack-dev-server": ">=5.2.1"
  },

To package.json

👀 Evidence

Build:

 $ npm run build

> stacks@0.0.0 build
> docusaurus build

[INFO] [en] Creating an optimized production build...

✔ Client
  Compiled successfully in 35.92s

✔ Server



● Client █████████████████████████ cache (99%) shutdown IdleFileCachePlugin
 stored

✔ Server


[WARNING] Docusaurus found broken anchors!

Please check the pages of your site in the list below, and make sure you don't reference any anchor that does not exist.
Note: it's possible to ignore broken anchors with the 'onBrokenAnchors' Docusaurus configuration, and let the build pass.

Exhaustive list of all broken anchors found:
- Broken anchor on source page path = /docs:
   -> linking to /#stacks-selector
- Broken anchor on source page path = /docs/stackscli/examples:
   -> linking to /docs/stackscli/examples#example_cli_cmdline
- Broken anchor on source page path = /docs/stackscli/project_settings:
   -> linking to #azdo_variable_template (resolved as: /docs/stackscli/project_settings#azdo_variable_template)
   -> linking to #_templating (resolved as: /docs/stackscli/project_settings#_templating)
- Broken anchor on source page path = /docs/stackscli/usage:
   -> linking to #.NET%20WebApi%20project%20using%20the%20interactive%20mode (resolved as: /docs/stackscli/usage#.NET%20WebApi%20project%20using%20the%20interactive%20mode)
   -> linking to #Examples (resolved as: /docs/stackscli/usage#Examples)
- Broken anchor on source page path = /docs/workloads/azure/data/getting_started/core_data_platform_deployment_azure:
   -> linking to /docs/workloads/azure/data/getting_started/requirements_data_azure#azure-devops

[SUCCESS] Generated static files in "build".
[INFO] Use `npm run serve` command to test your build locally.

"broken" anchors are links to components on page with delegated rendering.

Additionally have:

1. compared the /build folder pre-and post to validate the the changes are as expected
2. compared the live site with the local serve site and confirmed working
3. ran lint scripts

🕵️ How to test

npm run start and test manually.

✅ Acceptance criteria Checklist

• Code peer reviewed?
• Documentation has been updated to reflect the changes?
• Passing all automated tests, including a successful deployment?
• Passing any exploratory testing?
• Rebased/merged with latest changes from development and re-tested?
• Meeting the Coding Standards?

[RichardSlater]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[RichardSlater]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[RichardSlater]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[ElvenSpellmaker]

LGTM

[cloudratha]

I see docusaurus fails to build on Node 22, works fine after downgrading to 20. Might be one to watch to support LTS. Otherwise I ran the project and all seems ok to me

facebook/docusaurus#10904

[ElvenSpellmaker]

I see docusaurus fails to build on Node 22, works fine after downgrading to 20. Might be one to watch to support LTS. Otherwise I ran the project and all seems ok to me

facebook/docusaurus#10904

We should 100% be on LTS tbh...

[cloudratha]

I see docusaurus fails to build on Node 22, works fine after downgrading to 20. Might be one to watch to support LTS. Otherwise I ran the project and all seems ok to me
facebook/docusaurus#10904

We should 100% be on LTS tbh...

Less worrying as its a static site, but yeah we might need to wait for Docusaurus to support it

[RichardSlater]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[RichardSlater]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[Copilot]

Pull Request Overview

This PR upgrades core dependencies to Docusaurus v3.8.1 (and React to v19), enforces a secure webpack-dev-server version, and updates the project’s Node/CI environments to v20/Ubuntu 24.04.

• Bump Docusaurus, React, and related packages; add an overrides block for webpack-dev-server
• Update Dockerfile, CI pipeline, and .nvmrc to require Node v20
• Adjust remarkImages import for compatibility

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
package.json	Upgraded dependencies, added overrides for webpack-dev-server, and bumped engines
docusaurus.config.js	Fallback to remarkImages.default for plugin import compatibility
build-deploy-github-pages.yml	Parameterized vmImage, upgraded to Ubuntu 24.04 and Node 20.x
Dockerfile	Switched build and runtime images from Node 16 to Node 20
.nvmrc	Set Node version to v20.19.2

Comments suppressed due to low confidence (2)

package.json:28

• The @docusaurus/plugin-google-gtag version remains at 3.5.2 while other Docusaurus packages have been bumped to 3.8.1. Align this plugin to ^3.8.1 to maintain compatibility across Docusaurus modules.

"@docusaurus/plugin-google-gtag": "^3.5.2",

build-deploy-github-pages.yml:26

• [nitpick] The variable version_spec is ambiguous. Consider renaming it to something more descriptive like node_version to clarify its purpose in the pipeline.

    - name: version_spec

[RichardSlater]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[RichardSlater]

/azp run

[azure-pipelines]

Azure Pipelines successfully started running 1 pipeline(s).

[ElvenSpellmaker]

I wonder if the ^5.2.1 is better as it'll then upgrade but won't go to 6?

[RichardSlater]

Yes, CoPilot caught this here: #587 (review)

[ElvenSpellmaker]

Yeah and it suggested either 5.2.1 or ^5.2.1 and I was suggesting the latter 🙂

[ElvenSpellmaker]

Should we also bump the gtag to 3.8.1 like the rest of the stuff? That version does exist.

(Also that variable name is a little sus, but nothing to do with your PR)