fix: upgrade Docusaurus from 2.0.0-beta to 3.9.2 to resolve all security vulnerabilities

.github/workflows/deploy.yml

@@ -33,7 +33,7 @@ jobs:
 
       - uses: actions/setup-node@v3
         with:
-          node-version: '16'
+          node-version: '20'
 
       - name: Get node version
         id: node-version

.github/workflows/link-check.yml

@@ -26,7 +26,7 @@ jobs:
       - uses: actions/checkout@v3.1.0
       - uses: actions/setup-node@v3
         with:
-          node-version: "16"
+          node-version: "20"
 
       - name: Install Dependencies
         run: |

.github/workflows/lint.yml

@@ -11,7 +11,7 @@ jobs:
       - name: 🚀 Use Node.js
         uses: actions/setup-node@v3
         with:
-          node-version: '12.x'
+          node-version: '20'
       - run: npm install -g markdownlint-cli@0.25.0
       - run: markdownlint '**/*.md' --ignore node_modules
   yamllint:

blog/en/blog/2021/07/14/the-road-to-customization-of-Sina-Weibo-API-gateway-based-on-Apache-APISIX.md

@@ -110,7 +110,7 @@ The full canary release feature requires some API support exposed on the gateway
 
 ![Support Canary Release3](https://static.apiseven.com/202108/1646900211377-0c1df098-c5be-4c69-bda6-eabd1518f0f5.png)
 
-Canary release API fixed URI, the unified path is /admin/services/gray/{SAAS_ID}/ routes. Different HTTP Method presents different business meanings, POST means create, DELETE means to stop canary release, GET means to view.
+Canary release API fixed URI, the unified path is `/admin/services/gray/{SAAS_ID}/` routes. Different HTTP Method presents different business meanings, POST means create, DELETE means to stop canary release, GET means to view.
 
 #### Activation Process
 

blog/en/blog/2021/08/10/apisix-nginx.md

@@ -53,7 +53,7 @@ etcd:
   prefix: /apisix # apisix configurations prefix
 ```
 
-and upstreams/1 is equivalent to http { upstream 1 {} } in nginx.conf. Similar keywords are used in /apisix/services/, /apisix/routes/, and so on.
+and upstreams/1 is equivalent to http \{ upstream 1 \{\} \} in nginx.conf. Similar keywords are used in /apisix/services/, /apisix/routes/, and so on.
 
 So, how does Nginx get the etcd configuration data changes through the watch mechanism? Does it start a new agent process? Does it communicate with etcd via HTTP/1.1 or gRPC?
 

blog/en/blog/2021/08/16/Using-the-Apache-APISIX-OpenID-Connect-Plugin-for-Centralized-Authentication.md

@@ -94,9 +94,9 @@ Have an Okta account ready for use.
    ![save the changes](https://static.apiseven.com/202108/1639467449049-628d7796-0d8e-4ed9-8334-5ba7f0fb32f4.png)
 5. Visit the General page of the application to obtain the following configuration, which is required to configure Apache APISIX OpenID Connect.
 
-- Client ID: OAuth client ID, the application ID, which corresponds to client_id and {YOUR_CLIENT_ID} below.
-- Client secret: OAuth client secret, the application key, which corresponds to client_secret and {YOUR_CLIENT_SECRET} below.
-- Okta domain: The domain name used by the application, corresponding to {YOUR_ISSUER} below.
+- Client ID: OAuth client ID, the application ID, which corresponds to client_id and `{YOUR_CLIENT_ID}` below.
+- Client secret: OAuth client secret, the application key, which corresponds to client_secret and `{YOUR_CLIENT_SECRET}` below.
+- Okta domain: The domain name used by the application, corresponding to `{YOUR_ISSUER}` below.
 
 ![obtain configuration](https://static.apiseven.com/202108/1639467501106-d95bf8ad-db47-4918-ac70-424b12488e5b.png)
 

blog/en/blog/2021/12/08/apisix-integrate-rocketmq-logger-plugin.md

@@ -104,7 +104,7 @@ The first thing you can do is to adjust the relevant log format in the form of a
 
 | Name             |  Default Value |  Description                                             |
 | ---------------- |  ------------- | ------------------------------------------------ |
-| log_format       |  {"host": "$host", "@timestamp": "$time_iso8601", "client_ip": "$remote_addr"} |    Declare the log format as a key-value pair in JSON format. For the value section, only strings are supported. If it starts with `$`, it indicates that you want to get the __APISIX__ variable or [Nginx built-in variable](http://nginx.org/en/docs/varindex.html). In particular, __this setting takes effect globally__, which means that when log_format is specified, it will take effect on all Route or Service bound to http-logger. |
+| log_format       |  `{"host": "$host", "@timestamp": "$time_iso8601", "client_ip": "$remote_addr"}` |    Declare the log format as a key-value pair in JSON format. For the value section, only strings are supported. If it starts with `$`, it indicates that you want to get the __APISIX__ variable or [Nginx built-in variable](http://nginx.org/en/docs/varindex.html). In particular, __this setting takes effect globally__, which means that when log_format is specified, it will take effect on all Route or Service bound to http-logger. |
 
 Once the log format is adjusted, you need to send a request to the `/apisix/admin/plugin_metadata` endpoint to update the metadata, as described in the code below.
 

blog/en/blog/2021/12/22/google-logging.md

@@ -146,7 +146,7 @@ curl http://127.0.0.1:9080/apisix/admin/routes/1  -H 'X-API-KEY: edd1c9f034335f1
 |auth_config.scopes|No|["https://www.googleapis.com/auth/logging.read","https://www.googleapis.com/auth/logging.write","https://www.googleapis.com/auth/logging.admin","https://www.googleapis.com/auth/cloud-platform"]|Google Services account access scope, refer to: [OAuth 2.0 Scopes for Google APIs](https://developers.google.com/identity/protocols/oauth2/scopes#logging)|
 |auth_file|No|n/a|Path to the Google Services account JSON file (either auth_config or auth_file must be configured)|
 |ssl_verify|No|TRUE|Enable SSL authentication, configured according to [OpenResty documentation](https://github.com/openresty/lua-nginx-module#tcpsocksslhandshake) options.|
-|resource|No|{"type": "global"}|Google Monitored Resources, please refer to [MonitoredResource](https://cloud.google.com/logging/docs/reference/v2/rest/v2/MonitoredResource).|
+|resource|No|`{"type": "global"}`|Google Monitored Resources, please refer to [MonitoredResource](https://cloud.google.com/logging/docs/reference/v2/rest/v2/MonitoredResource).|
 |log_id|No|apisix.apache.org%2Flogs|Google Log ID, reference: [LogEntry](https://cloud.google.com/logging/docs/reference/v2/rest/v2/LogEntry).|
 |max_retry_count|No|0|Maximum number of retries before removal from the processing pipeline.|
 |retry_delay|No|1|Number of seconds that process execution should be delayed if execution fails.|

blog/en/blog/2022/07/06/use-keycloak-with-api-gateway-to-secure-apis.md

@@ -273,7 +273,7 @@ Because APISIX writes `id_token`, `access_token`, and `refresh_token` into the c
 2. **How to change the name and location of the cookie stored in the Session?**
 
 Currently, the openid-connect plugin does not provide the ability to customize this part of the configuration, so we can use the method provided in `lua-resty-session`: override its default configuration by NGINX variables.
-We rely on the NGINX configuration injection capabilities provided by APISIX to achieve the override: the name of the Session storage cookie can be modified by adding this code to the configuration file {apisix}/conf/config.yaml.
+We rely on the NGINX configuration injection capabilities provided by APISIX to achieve the override: the name of the Session storage cookie can be modified by adding this code to the configuration file `{apisix}/conf/config.yaml`.
 
 ```yaml
 nginx_config:

blog/en/blog/2023/01/02/accessing_apisix-dashboard_from_everywhere_with_keycloak_authentication.md

@@ -644,7 +644,7 @@ Forwarding from 127.0.0.1:8080 -> 9000
 Forwarding from [::1]:8080 -> 9000
 ```
 
-Then access the dashboard on **“hdev”** pointing the web browser to the url “http://localhost:9090”
+Then access the dashboard on **“hdev”** pointing the web browser to the url `http://localhost:9090`
 Login with **“admin / admin”**
 
 ![ad01](https://static.apiseven.com/uploads/2023/01/20/INeavn6G_8%20ad01.png)
@@ -889,7 +889,7 @@ Access “https://apisix.h.net” from a browser. You should receive page not fo
 
 > Work on **hdev**
 
-port forward apisix-dashboard and access it at “http://localhost:9090” and login with **“admin” / "admin“**
+port forward apisix-dashboard and access it at `http://localhost:9090` and login with **“admin” / "admin“**
 
 ```
 kubectl -n apisix port-forward service/apisix-dashboard 9090:80
@@ -960,7 +960,7 @@ sysop@hserv:~/H$ rsync -vau --stats ./hservcerts/* hdev.int.h.net://home/sysop/H
 
 > Work on **hdev**
 
-Port forward apisix-dashboard and access it ah “http://localhost:9090” and login with **“admin” / "admin“**
+Port forward apisix-dashboard and access it ah `http://localhost:9090` and login with **“admin” / "admin“**
 
 ```
 kubectl -n apisix port-forward service/apisix-dashboard 9090:80

blog/en/blog/2023/03/09/authenticate-openid-connect.md

@@ -157,9 +157,9 @@ Fill in the fields:
 
 In the Docker Compose configuration above, use the Client ID and Client Secret as `OIDC_CLIENTID` and `OIDC_SECRET`. I wrote them down as environment variables in a `.env` file.
 
-The last missing variable is `OIDC_ISSUER`: it's `accounts.google.com`. If you navigate to <https://accounts.google.com/.well-known/openid-configuration>, you'll see all data required by OAuth 2.0 (and more).
+The last missing variable is `OIDC_ISSUER`: it's `accounts.google.com`. If you navigate to https://accounts.google.com/.well-known/openid-configuration, you'll see all data required by OAuth 2.0 (and more).
 
-At this point, we can start our setup with `docker compose up`. When we navigate to <http://localhost:9080/>, the browser redirects us to the Google authentication page. Since I'm already authenticated, I can choose my ID - and I need one bound to the organization of the project I created above.
+At this point, we can start our setup with `docker compose up`. When we navigate to http://localhost:9080/, the browser redirects us to the Google authentication page. Since I'm already authenticated, I can choose my ID - and I need one bound to the organization of the project I created above.
 
 ![Choose the Google account you want to authenticate with](https://static.apiseven.com/uploads/2023/06/13/yckQhlJf_google-auth-choose-account.jpg)
 

blog/en/blog/2023/03/23/mtls-everywhere.md

@@ -43,7 +43,7 @@ We now have enough understanding of the concepts to get our hands dirty.
 
 ## Generating certificates with cert-manager
 
-A couple of root <abbr title="Certificate Authority">CA</abbr> are installed in browsers by default. That's how we can browse HTTPS websites safely, trusting that <https://apache.org> is the site they pretend to be. The infrastructure has no pre-installed certificates, so we must start from scratch.
+A couple of root <abbr title="Certificate Authority">CA</abbr> are installed in browsers by default. That's how we can browse HTTPS websites safely, trusting that https://apache.org is the site they pretend to be. The infrastructure has no pre-installed certificates, so we must start from scratch.
 
 We need at least one root certificate. In turn, it will generate all other certificates. While it's possible to do every manually, I'll rely on [cert-manager](https://cert-manager.io/) in Kubernetes. As its name implies, cert-manager is a solution to manage certificates.
 

blog/en/blog/2023/07/27/apisix-without-etcd.md

@@ -220,7 +220,7 @@ Currently, ETCD-Adapter is not feature-complete (to say the least) and requires
 
 The complete source code for this post can be found on GitHub:
 
-{% embed https://github.com/ajavageek/apisix-mysql %}
+[https://github.com/ajavageek/apisix-mysql](https://github.com/ajavageek/apisix-mysql)
 
 **To go further:**
 

blog/en/blog/2024/02/13/apisix-owasp-coraza-core-ruleset.md

@@ -159,7 +159,7 @@ global_rules:
 6. Use all rules. We could pick and choose the ones we want for more fine-grained control
 7. Use the `default` configuration defined above
 
-We proceed to define routes to <https://httpbin.org/> to test our setup. Let's call the route to `/get`:
+We proceed to define routes to https://httpbin.org/ to test our setup. Let's call the route to `/get`:
 
 ```bash
 curl localhost:9080?user=foobar

blog/en/blog/2024/06/13/fixed-routes-apisix.md

@@ -25,7 +25,7 @@ image: https://static.apiseven.com/uploads/2024/06/12/2XTLbwyU_tower-1897536.jpg
 
 >We have a requirement to use a plugin, where we need to route the traffic on percentage basis. I'll give an example for better understanding.
 >
->We have an URL <https://xyz.com/ca/fr/index.html> where ca is country (canada) and fr is french language. Now the traffic needs to routed 10% to <https://xyz.com/ca/en/index.html> and the remaining 90% to <https://xyz.com/ca/fr/index.html>. And whenever we're routing the traffic to <https://xyz.com/ca/en/index.html> we need to set a cookie. So for next call, if the cookie is there, it should directly go to <https://xyz.com/ca/en/index.html> else it should go via a 10:90 traffic split. What is the best possible way to achieve this ??
+>We have an URL https://xyz.com/ca/fr/index.html where ca is country (canada) and fr is french language. Now the traffic needs to routed 10% to https://xyz.com/ca/en/index.html and the remaining 90% to https://xyz.com/ca/fr/index.html. And whenever we're routing the traffic to https://xyz.com/ca/en/index.html we need to set a cookie. So for next call, if the cookie is there, it should directly go to https://xyz.com/ca/en/index.html else it should go via a 10:90 traffic split. What is the best possible way to achieve this ??
 >
 >-- [help request: Setting cookie based on a condition](https://github.com/apache/apisix/issues/11279)
 
@@ -183,7 +183,7 @@ curl -v --cookie 'site=en' localhost:9080                  #1
 
 1. The cookie name is case-sensitive; beware
 
-The browser keeps the cookie, so it's even simpler. Just go to <http:localhost:9080> and refresh several times: the content is the same as well. The content will change if you change the cookie to another possible value and request again.
+The browser keeps the cookie, so it's even simpler. Just go to `http://localhost:9080` and refresh several times: the content is the same as well. The content will change if you change the cookie to another possible value and request again.
 
 The complete source code for this post can be found on [GitHub](https://github.com/ajavageek/fixed-route-apisix).
 

blog/en/docusaurus.config.js

@@ -1,3 +1,4 @@
+const { themes } = require('prism-react-renderer');
 const { ssrTemplate } = require('../../config/ssrTemplate');
 
 const description = 'APISIX is a dynamic, high-performance API Gateway with features like load balancing, canary release, authentication, and observability. As an AI Gateway, it enables AI proxying, LLM load balancing, retries, fallbacks, token-based rate limiting, and security to enhance AI agent efficiency and reliability.';
@@ -78,7 +79,11 @@ module.exports = {
       },
       items: require('../../config/navbar.js'),
     },
-    hideableSidebar: true,
+    docs: {
+      sidebar: {
+        hideable: true,
+      },
+    },
     announcementBar: {
       id: 'query',
       backgroundColor: '#e8433e',
@@ -87,8 +92,8 @@ module.exports = {
         '\u{1F914} Introducing APISIX AI Gateway – Built for LLMs and AI workloads. <a target="_blank" rel="noopener noreferrer" href="/ai-gateway/"> Learn More</a>',
     },
     prism: {
-      theme: require('prism-react-renderer/themes/github'),
-      darkTheme: require('prism-react-renderer/themes/dracula'),
+      theme: themes.github,
+      darkTheme: themes.dracula,
       defaultLanguage: 'bash',
     },
     algolia: {
@@ -103,7 +108,7 @@ module.exports = {
       respectPrefersColorScheme: false,
     },
     image: 'https://static.apiseven.com/202202/apache-apisix.png',
-    metadatas,
+    metadata: metadatas,
   },
   scripts: [
     {

blog/package.json

@@ -12,51 +12,47 @@
     "serve:en": "docusaurus serve en",
     "serve:zh": "docusaurus serve zh",
     "swizzle": "docusaurus swizzle",
-    "docusaurus": "docusaurus",
-    "postinstall": "patch-package"
+    "docusaurus": "docusaurus"
   },
   "devDependencies": {
-    "@docusaurus/module-type-aliases": "^2.0.0-beta.6",
-    "@svgr/webpack": "^5.5.0",
-    "@tsconfig/docusaurus": "^1.0.4",
-    "@types/react": "^17.0.20",
-    "@types/react-helmet": "^6.1.2",
+    "@docusaurus/module-type-aliases": "3.9.2",
+    "@docusaurus/tsconfig": "3.9.2",
+    "@types/react": "^18.2.29",
     "@types/react-lazy-load-image-component": "^1.5.2",
-    "@types/react-router-dom": "^5.1.8",
     "@types/styled-components": "^5.1.24",
     "@types/video.js": "^7.3.40",
     "babel-plugin-styled-components": "^2.0.6",
     "hexo-fs": "^3.1.0",
     "stylelint-config-standard-scss": "^4.0.0",
-    "typescript": "^4.4.2"
+    "typescript": "~5.2.2"
   },
   "dependencies": {
-    "@docusaurus/core": "2.0.0-beta.8",
-    "@docusaurus/preset-classic": "2.0.0-beta.8",
+    "@docusaurus/core": "3.9.2",
+    "@docusaurus/preset-classic": "3.9.2",
     "@iconify/icons-akar-icons": "^1.2.8",
     "@iconify/react": "^3.2.2",
+    "@mdx-js/react": "^3.0.0",
     "@use-gesture/react": "^10.2.16",
     "avvvatars-react": "^0.4.2",
     "change-case": "^4.1.2",
     "clsx": "^1.1.1",
-    "docusaurus-plugin-sass": "^0.2.2",
+    "docusaurus-plugin-sass": "^0.2.5",
     "fitty": "^2.3.6",
     "gsap": "^3.7.1",
     "lethargy": "^1.0.9",
-    "patch-package": "^6.5.1",
-    "postinstall-postinstall": "^2.1.0",
+    "prism-react-renderer": "^2.3.0",
     "raw-loader": "^4.0.2",
     "rc-image": "^5.6.2",
-    "react": "^17.0.2",
-    "react-dom": "^17.0.2",
+    "react": "^18.2.0",
+    "react-dom": "^18.2.0",
     "react-lazy-load-image-component": "^1.5.4",
     "react-share": "^4.4.0",
     "react-spring": "^9.4.5",
     "react-stickynode": "^4.1.0",
     "react-transition-group": "^4.4.1",
     "react-use": "^17.4.0",
     "reading-time": "^1.5.0",
-    "sass": "^1.53.0",
+    "sass": "^1.70.0",
     "srcset": "^5.0.0",
     "styled-components": "^5.3.3",
     "three": "^0.131.3",