Dependencies vulnerabilities CVE-2025-30360 and CVE-2025-30359 #70
Description
Docusaurus-theme-search-type brings in vulnerable versions of webpack-dev-server via @docusaurus/core@3.8.0.
If @docusaurus/core is not used in this library, the best remediation would be to remove it as a dependency.
Alternatively, @docusaurus/core could be updated to 3.9.0 or above which does not depend on a vulnerable version of webpack-dev-server.
https://nvd.nist.gov/vuln/detail/CVE-2025-30360
https://nvd.nist.gov/vuln/detail/CVE-2025-30359