Add Dependabot grouping for semver-minor and semver-patch updates (#47)

* Add Dependabot group for semver-minor and semver-patch npm updates

* fix(dependabot): group update types

* chore(dependabot): add labels and commit message prefixes

* ci(codeql): add codeql workflow

* Ensure generated/built code is properly analyzed
* Improve analysis performance
* Provide context in security findings
* Handle the build process correctly for a Docusaurus site

* fix(codeql): build-mode and node steps

* fix(config.ts): move onBrokenMarkdownLinks

siteConfig.onBrokenMarkdownLinks config option is deprecated and will be removed in Docusaurus v4.
Please migrate to siteConfig.markdown.hooks.onBrokenMarkdownLinks.

* fix(yarn): yarn.lock

also set nodeLinker: node-modules to resolve ERR_INVALID_ARG_TYPE

* build(deps): bump @docusaurus/preset-classic from 3.9.1 to 3.9.2

Bumps [@docusaurus/preset-classic](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-preset-classic) from 3.9.1 to 3.9.2.
- [Release notes](https://github.com/facebook/docusaurus/releases)
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/docusaurus/commits/v3.9.2/packages/docusaurus-preset-classic)

---
updated-dependencies:
- dependency-name: "@docusaurus/preset-classic"
  dependency-version: 3.9.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

* build(deps-dev): bump @types/node from 24.7.2 to 24.9.1

Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 24.7.2 to 24.9.1.
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.9.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

* build(deps-dev): bump @docusaurus/types from 3.9.1 to 3.9.2

Bumps [@docusaurus/types](https://github.com/facebook/docusaurus/tree/HEAD/packages/docusaurus-types) from 3.9.1 to 3.9.2.
- [Release notes](https://github.com/facebook/docusaurus/releases)
- [Changelog](https://github.com/facebook/docusaurus/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/docusaurus/commits/v3.9.2/packages/docusaurus-types)

---
updated-dependencies:
- dependency-name: "@docusaurus/types"
  dependency-version: 3.9.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

* fix(yarn): remove node 24.10 from yarn.lock

* chore(workflows): simplify package.json and yarn.yml

- checks yarn.lock consistency, and runs yarn build before deploying to Cloudflare

* fix(package.json): move react from devDependencies to main dependencies

* chore(build): optimize yarn config to be immutable

1. Removed @docusaurus/preset-classic (which bundled Algolia search)
2. Added individual Docusaurus plugins:
◦  @docusaurus/plugin-content-docs
◦  @docusaurus/plugin-content-blog
◦  @docusaurus/plugin-content-pages
◦  @docusaurus/plugin-sitemap
◦  @docusaurus/theme-classic
3. Updated docusaurus.config.ts to use plugins and themes directly
4. Added missing TypeScript types to devDependencies

•  ✅ Immutable installs work: yarn install --immutable passes
•  ✅ 67 packages removed (including all Algolia dependencies)
•  ✅ All Algolia peer dependency warnings eliminated
•  ✅ Remaining peer warnings are only about optional TypeScript types (harmless)

* fix(typecheck): resolve errors

1. Fixed docusaurus.config.ts:
•  Removed import of @docusaurus/preset-classic (package no longer installed)
•  Removed the type assertion that was causing issues

2. Fixed src/pages/index.tsx:
•  Removed title and description props from <Layout> component (these props don't exist on the Layout component - metadata is set via the config instead)

---------

Signed-off-by: Bryan Dady <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Author: bcdady

.github/dependabot.yml

@@ -4,6 +4,27 @@ updates:
     directory: '/'
     schedule:
       interval: 'weekly'
+      day: 'thursday'
+      time: '22:00'
+      timezone: 'America/Los_Angeles'
     open-pull-requests-limit: 5
     reviewers:
       - 'bcdady'
+    versioning-strategy: increase
+    labels:
+      - 'dependencies'
+      - 'npm'
+    commit-message:
+      prefix: 'chore'
+      prefix-development: 'chore(dev)'
+      include: 'scope'
+    groups:
+      minor-and-patch:
+        patterns:
+          - '*'
+        update-types:
+          - 'minor'
+          - 'patch'
+        exclude-patterns:
+          - 'typescript'
+          - '@types/*'

.github/workflows/codeql.yml

@@ -0,0 +1,58 @@
+name: "CodeQL Security Scanning"
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+  schedule:
+    - cron: '30 1 * * 1'  # Weekly on Mondays at 1:30 AM UTC
+
+jobs:
+  analyze:
+    name: Analyze Code
+    runs-on: ubuntu-latest
+    timeout-minutes: 360
+    permissions:
+      security-events: write
+      packages: read
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: javascript-typescript
+          build-mode: autobuild
+    
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        queries: +security-and-quality
+
+    - name: Setup Node.js
+      uses: actions/setup-node@v4
+      with:
+        node-version: '22'
+        cache: 'yarn'
+
+    - name: Install dependencies and build
+      run: |
+        yarn install
+        yarn build
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"
+        upload: true
+        ram: 6144  # Increase memory for large codebases
+        threads: 2 # Number of threads to use for analysis
+        add-snippets: true  # Include code snippets in the results

.github/workflows/security.yml

@@ -0,0 +1,35 @@
+name: Check Dependencies & Build
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: '0 8 * * 1' # Weekly Monday 8am UTC
+
+jobs:
+  yarn:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 'lts/*'
+          cache: 'yarn'
+
+      # Verify lockfile is up-to-date
+      - name: Check yarn.lock consistency
+        run: |
+          echo "Running immutable install to verify yarn.lock..."
+          if ! yarn install --immutable; then
+            echo "::error::yarn.lock is out of sync with package.json. Run 'yarn install' locally and commit the updated yarn.lock"
+            exit 1
+          fi
+
+      # Run typecheck before build to catch type errors early
+      - name: Type check
+        run: yarn typecheck
+
+      # build the docusaurus site
+      - name: Build site
+        run: yarn build

.github/workflows/yarn.yml

@@ -0,0 +1,7 @@
+compressionLevel: mixed
+
+enableGlobalCache: false
+
+nodeLinker: node-modules
+
+yarnPath: .yarn/releases/yarn-4.9.1.cjs

.yarn/releases/yarn-4.9.1.cjs

@@ -1,6 +1,5 @@
 import { themes as prismThemes } from "prism-react-renderer";
 import type { Config } from "@docusaurus/types";
-import type * as Preset from "@docusaurus/preset-classic";
 
 const config: Config = {
   title: "Bryan Dady",
@@ -19,7 +18,11 @@ const config: Config = {
   projectName: "bryandady.com", // Usually your repo name.
 
   onBrokenLinks: "throw",
-  onBrokenMarkdownLinks: "warn",
+  markdown: {
+    hooks: {
+      onBrokenMarkdownLinks: "warn",
+    },
+  },
 
   // Even if you don't use internationalization, you can use this field to set
   // useful metadata like html lang. For example, if your site is Chinese, you
@@ -29,24 +32,31 @@ const config: Config = {
     locales: ["en"],
   },
 
-  presets: [
+  plugins: [
     [
-      "classic",
+      "@docusaurus/plugin-content-docs",
       {
-        docs: {
-          sidebarPath: "./sidebars.ts",
-          editUrl:
-            "https://github.com/bcdady/bryandady.com/tree/main/",
-        },
-        blog: {
-          showReadingTime: true,
-          editUrl:
-            "https://github.com/bcdady/bryandady.com/tree/main/",
-        },
-        theme: {
-          customCss: "./src/css/custom.css",
-        },
-      } satisfies Preset.Options,
+        sidebarPath: "./sidebars.ts",
+        editUrl: "https://github.com/bcdady/bryandady.com/tree/main/",
+      },
+    ],
+    [
+      "@docusaurus/plugin-content-blog",
+      {
+        showReadingTime: true,
+        editUrl: "https://github.com/bcdady/bryandady.com/tree/main/",
+      },
+    ],
+    ["@docusaurus/plugin-content-pages", {}],
+    ["@docusaurus/plugin-sitemap", {}],
+  ],
+
+  themes: [
+    [
+      "@docusaurus/theme-classic",
+      {
+        customCss: "./src/css/custom.css",
+      },
     ],
   ],
 
@@ -140,7 +150,7 @@ const config: Config = {
       theme: prismThemes.github,
       darkTheme: prismThemes.dracula,
     },
-  } satisfies Preset.ThemeConfig,
+      },
 };
 
 export default config;

.yarnrc.yml

@@ -1,35 +1,18 @@
 {
   "name": "my-website",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "private": true,
   "scripts": {
     "docusaurus": "docusaurus",
     "start": "docusaurus start",
     "build": "docusaurus build",
-    "build:production": "yarn build && yarn verify:no-webpack-dev-server",
     "swizzle": "docusaurus swizzle",
     "deploy": "docusaurus deploy",
     "clear": "docusaurus clear",
     "serve": "docusaurus serve",
     "write-translations": "docusaurus write-translations",
     "write-heading-ids": "docusaurus write-heading-ids",
     "typecheck": "tsc",
-    "audit": "yarn audit",
-    "audit:production": "yarn audit --groups dependencies",
-    "audit:fix": "yarn audit",
-    "outdated": "yarn outdated",
-    "update:check": "yarn dlx npm-check-updates",
-    "update:minor": "yarn dlx npm-check-updates -u --target minor",
-    "security": "yarn audit && yarn outdated",
-    "snyk:test": "snyk test",
-    "snyk:monitor": "snyk monitor",
-    "snyk:fix": "snyk fix",
-    "format": "prettier --write \"**/*.{js,jsx,ts,tsx,json,css,md,yml,yaml}\"",
-    "format:check": "prettier --check \"**/*.{js,jsx,ts,tsx,json,css,md,yml,yaml}\"",
-    "format:yaml": "prettier --write \"**/*.{yml,yaml}\"",
-    "verify:no-webpack-dev-server": "echo 'Verifying webpack-dev-server is not in build output...' && ! find build -name '*webpack-dev-server*' -o -name '*webpack*dev*' | grep -q . && echo 'Build verified: no webpack-dev-server found in output'",
-    "deploy:verify": "yarn typecheck && yarn build && yarn verify:no-webpack-dev-server && echo 'Deployment verification complete: webpack-dev-server excluded from production build'",
-    "deploy:safe": "echo 'Starting safe deployment process...' && yarn deploy:verify && echo 'Ready for production deployment - webpack-dev-server vulnerabilities do not affect deployed site'",
     "resume:validate": "node -e \"const fs = require('fs'); const data = JSON.parse(fs.readFileSync('docs/professional/Bryan_Dady.resume.json', 'utf8')); console.log('Resume JSON is valid:', data.basics.name); console.log('Schema version:', data.meta?.version || 'unknown');\"",
     "resume:check": "yarn resume:validate && echo 'Resume validation complete'",
     "resume:meta": "node scripts/generate-resume-meta.js",
@@ -38,20 +21,23 @@
   },
   "dependencies": {
     "@docusaurus/core": "^3.9.2",
-    "@docusaurus/preset-classic": "^3.9.2",
+    "@docusaurus/plugin-content-blog": "^3.9.2",
+    "@docusaurus/plugin-content-docs": "^3.9.2",
+    "@docusaurus/plugin-content-pages": "^3.9.2",
+    "@docusaurus/plugin-sitemap": "^3.9.2",
+    "@docusaurus/theme-classic": "^3.9.2",
     "@mdx-js/react": "^3.1.1",
     "clsx": "^2.1.1",
     "prism-react-renderer": "^2.4.1",
-    "react": "^19.1.1",
-    "react-dom": "^19.1.1"
+    "react": "^18.2.0",
+    "react-dom": "^18.2.0"
   },
   "devDependencies": {
     "@docusaurus/module-type-aliases": "^3.9.2",
     "@docusaurus/tsconfig": "^3.9.2",
     "@docusaurus/types": "^3.9.2",
-    "@types/node": "^24.10.0",
-    "@types/react": "^19.1.9",
-    "prettier": "^3.6.2",
+    "@types/react": "^18.2.28",
+    "@types/react-dom": "^18.2.7",
     "typescript": "~5.9.3"
   },
   "browserslist": {
@@ -67,6 +53,7 @@
     ]
   },
   "engines": {
-    "node": ">=18.0"
-  }
+    "node": ">=22.0"
+  },
+  "packageManager": "[email protected]"
 }

docusaurus.config.ts

@@ -1,5 +1,6 @@
 import clsx from "clsx";
 import Link from "@docusaurus/Link";
+import type { ComponentProps } from 'react';
 import useDocusaurusContext from "@docusaurus/useDocusaurusContext";
 import Layout from "@theme/Layout";
 import HomepageFeatures from "@site/src/components/HomepageFeatures";
@@ -32,7 +33,7 @@ function HomepageHeader() {
 export default function Home(): React.JSX.Element {
   const { siteConfig } = useDocusaurusContext();
   return (
-    <Layout title={`Hello from ${siteConfig.title}`} description="Bryan Dady">
+    <Layout>
       <HomepageHeader />
       <main>
         <HomepageFeatures />

package.json

@@ -3,5 +3,6 @@
   "extends": "@docusaurus/tsconfig",
   "compilerOptions": {
     "baseUrl": "."
-  }
+  },
+  "exclude": [".docusaurus", "build"]
 }