[Snyk] Upgrade @mdx-js/react from 3.1.0 to 3.1.1

[thomhurst]

Snyk has created this PR to upgrade @mdx-js/react from 3.1.0 to 3.1.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 1 version ahead of your current version.

• The recommended version was released 3 months ago.

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[claude]

Claude finished @thomhurst's task —— View job

---

Pull Request Review

I've completed my review of this Snyk dependency upgrade PR for @mdx-js/react 3.1.0 → 3.1.1.

Review Tasks:

• Analyze package.json changes
• Review yarn.lock modifications
• Assess security implications
• Check for potential breaking changes
• Evaluate test coverage impact
• Provide recommendations

---

📋 Review Summary

✅ APPROVED - Low Risk Patch Update

This is a clean, low-risk patch version bump from a reputable security tool (Snyk). The changes are minimal and follow best practices.

📝 Detailed Analysis

Code Quality & Best Practices

• ✅ Proper version constraint: Uses ^3.1.1 allowing future patch updates
• ✅ Clean lockfile update: Both old (3.1.0) and new (3.1.1) versions present during transition
• ✅ Consistent dependency management: Using Yarn with proper lock file

Security Assessment

• ✅ No security vulnerabilities: This is a proactive update, not fixing known issues
• ✅ Trusted source: @mdx-js/react is a well-maintained MDX ecosystem package
• ✅ Automated by Snyk: Reduces human error in dependency management

Breaking Changes

• ✅ Patch version (3.1.0 → 3.1.1): Semantic versioning guarantees no breaking changes
• ✅ Same major.minor version: Should maintain API compatibility

Performance Considerations

• ✅ Minimal impact: Patch updates typically focus on bug fixes, not performance changes
• ✅ Documentation site context: Performance impact would be build-time only

Test Coverage Impact

• ⚠️ No MDX-specific tests found: This isn't necessarily problematic since this is documentation
• ✅ Docusaurus handles MDX processing: Framework provides testing layer
• ✅ Build process validation: CI will verify docs build successfully

🎯 Recommendations

1. ✅ Merge with confidence - This is exactly the type of low-risk update that should be automated
2. Monitor CI build - Ensure docs build passes (likely will, given patch nature)
3. Consider enabling auto-merge - For patch-level dependency updates from Snyk on documentation projects

🔍 What This Update Likely Contains

Patch updates for @mdx-js/react typically include:

• Bug fixes for edge cases in MDX processing
• TypeScript definition improvements
• Compatibility fixes with React versions
• Documentation and example improvements

💡 Dependency Context

This package powers MDX (Markdown + JSX) processing in the TUnit documentation site built with Docusaurus. The update maintains the site's ability to render markdown files with embedded React components.

Files Changed:

• docs/package.json:21 - Version constraint updated to ^3.1.1
• docs/yarn.lock - Lock entries for both versions (normal during transition)