fix(docs): patch mermaid, fast-uri, postcss advisories

[pratyush618]

Summary

Resolves the 7 open Dependabot alerts, all in the docs site's dependency tree (docs/pnpm-lock.yaml). The dashboard, Rust core, and Python package are unaffected.

Package	Was	Now	Advisories
mermaid (direct)	11.14.0	11.15.0	GHSA-6m6c-36f7-fhxh, GHSA-ghcm-xqfw-q4vr, GHSA-87f9-hvmw-gh4p, GHSA-xcj9-5m2h-648r
fast-uri (transitive)	3.1.0	3.1.2	GHSA-v39h-62p7-jpjc (high), GHSA-q3j6-qgpj-74h6 (high)
postcss (transitive)	8.4.31	8.5.13	GHSA-qx2v-qp2m-jg93

Changes

• Bumped the direct mermaid dependency range to ^11.15.0.
• Added scoped pnpm.overrides (fast-uri@<3.1.2 → >=3.1.2, postcss@<8.5.10 → >=8.5.10) to lift the vulnerable transitive copies while leaving already-patched instances untouched.
• Regenerated docs/pnpm-lock.yaml; no vulnerable versions remain.

Verification

pnpm --dir docs types:check, pnpm --dir docs lint, and pnpm --dir docs build (full static export, mermaid diagrams included) all pass.

Summary by CodeRabbit

• Chores
  • Updated package dependencies in the documentation module to improve system stability and address potential security vulnerabilities.
  • Implemented dependency override configuration to enforce standardized versions of indirect dependencies across the project, ensuring consistent behavior and reducing compatibility risks.

[coderabbitai]

📝 Walkthrough

Walkthrough

The PR updates the docs package to use Mermaid 11.15.0 and adds pnpm override configuration to enforce minimum versions for transitive dependencies fast-uri (≥3.1.2) and postcss (≥8.5.10).

Changes

Dependency Version Updates

Layer / File(s)	Summary
Mermaid upgrade and transitive dependency constraints docs/package.json	Mermaid dependency bumped from ^11.14.0 to ^11.15.0. A pnpm.overrides configuration section added to enforce minimum safe versions for transitive dependencies: fast-uri overridden to >=3.1.2 and postcss overridden to >=8.5.10.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

docs

Poem

🐰 A Mermaid swims in version streams,
With Pnpm's override schemes,
Fast-uri safe, postcss secure,
Dependencies locked, the build's pure!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: patching security vulnerabilities in mermaid, fast-uri, and postcss dependencies in the docs package.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/docs-dependency-vulnerabilities

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

🧹 Nitpick comments (1)

docs/package.json (1)

40-45: ⚡ Quick win

Consider using caret ranges for more predictable dependency resolution.

The current >= ranges ensure that any patched version is used, which is good for security. However, using caret ranges (e.g., ^3.1.2, ^8.5.10) would prevent potential breaking changes from future major versions while still ensuring the security fixes are applied.

♻️ Suggested refinement

   "pnpm": {
     "overrides": {
-      "fast-uri@<3.1.2": ">=3.1.2",
-      "postcss@<8.5.10": ">=8.5.10"
+      "fast-uri@<3.1.2": "^3.1.2",
+      "postcss@<8.5.10": "^8.5.10"
     }
   }

This approach ensures:

• Security patches are applied (versions >= 3.1.2 and >= 8.5.10)
• Future major version breaking changes won't be automatically pulled in
• More predictable behavior during future dependency updates

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@docs/package.json` around lines 40 - 45, Update the pnpm overrides to use
caret ranges instead of open-ended greater-than ranges: in the pnpm.overrides
object replace the ">=3.1.2" value for the "fast-uri@<3.1.2" override with
"^3.1.2" and replace the ">=8.5.10" value for the "postcss@<8.5.10" override
with "^8.5.10" so the overrides still apply security patches but avoid
automatically pulling future major versions.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@docs/package.json`:
- Around line 40-45: Update the pnpm overrides to use caret ranges instead of
open-ended greater-than ranges: in the pnpm.overrides object replace the
">=3.1.2" value for the "fast-uri@<3.1.2" override with "^3.1.2" and replace the
">=8.5.10" value for the "postcss@<8.5.10" override with "^8.5.10" so the
overrides still apply security patches but avoid automatically pulling future
major versions.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5b97e6dc-1872-4178-a9f0-076accb73ff6

📥 Commits

Reviewing files that changed from the base of the PR and between 55d9c34 and a10ff44.

⛔ Files ignored due to path filters (1)

• docs/pnpm-lock.yaml is excluded by !**/pnpm-lock.yaml

📒 Files selected for processing (1)

• docs/package.json