Update NPM packages to resolve vulnerabilities

.github/workflows/firebase-hosting-merge-develop.yml

@@ -10,15 +10,15 @@ jobs:
   build_and_deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
-          node-version: 22.15.0
+          node-version: 24.16.0
       - name: Build Docusaurus
-        run: npm install && npm run build:dev
+        run: npm ci && npm run build:dev
       - name: Add robots.txt for Dev site only
         run: echo -e ${{ format('User-agent{0} *\\nDisallow{1} /', ':', ':') }} > build/robots.txt
-      - uses: FirebaseExtended/action-hosting-deploy@v0
+      - uses: FirebaseExtended/action-hosting-deploy@e2eda2e106cfa35cdbcf4ac9ddaf6c4756df2c8c # v0
         with:
           repoToken: '${{ secrets.GITHUB_TOKEN }}'
           firebaseServiceAccount: '${{ secrets.FIREBASE_SERVICE_ACCOUNT_GOLIOTH }}'

.github/workflows/firebase-hosting-merge-main.yml

@@ -10,12 +10,12 @@ jobs:
   build_and_deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
-          node-version: 22.15.0
-      - run: npm install && npm run build:prod
-      - uses: FirebaseExtended/action-hosting-deploy@v0
+          node-version: 24.16.0
+      - run: npm ci && npm run build:prod
+      - uses: FirebaseExtended/action-hosting-deploy@e2eda2e106cfa35cdbcf4ac9ddaf6c4756df2c8c # v0
         with:
           repoToken: '${{ secrets.GITHUB_TOKEN }}'
           firebaseServiceAccount: '${{ secrets.FIREBASE_SERVICE_ACCOUNT_GOLIOTH }}'

.github/workflows/firebase-hosting-pull-request.yml

@@ -7,12 +7,12 @@ jobs:
   build_and_preview:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v3
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
+      - uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6
         with:
-          node-version: 22.15.0
-      - run: npm install && npm run build:dev
-      - uses: FirebaseExtended/action-hosting-deploy@v0
+          node-version: 24.16.0
+      - run: npm ci && npm run build:dev
+      - uses: FirebaseExtended/action-hosting-deploy@e2eda2e106cfa35cdbcf4ac9ddaf6c4756df2c8c # v0
         with:
           repoToken: '${{ secrets.GITHUB_TOKEN }}'
           firebaseServiceAccount: '${{ secrets.FIREBASE_SERVICE_ACCOUNT_GOLIOTH }}'

docs/connectivity/2-credentials/1-pki/2-offline-pki.md

@@ -78,7 +78,7 @@ organization (`O`) to the slug for the appropriate project, which can be found
 under [`Project Settings`](https://console.golioth.io/project-settings). The
 common name (`CN`) must be set to a unique identifier for the device within the
 project. The unique value used in the common name is referred to as the device's
-_certificate ID_. See the [Certificate IDs](#certificate-ids) section below for
+_certificate ID_. See the [Certificate IDs](./README.md#certificate-ids) section for
 more information.
 :::
 

docs/connectivity/2-credentials/2-signed-urls.md

@@ -36,8 +36,8 @@ capable system to allow it to download the resource on its behalf.
 In order to use signed URLs, they must first be enabled in [project
 settings](https://console.golioth.io/project-settings). The project must also
 have any Certificate Authority (CA) certificates used in device authentication
-uploaded as described in the [PKI
-documentation](/connectivity/credentials/pki#integrating-with-golioth).
+uploaded as described in the [Offline PKI
+documentation](/connectivity/credentials/pki/offline-pki#integrating-with-golioth).
 
 :::tip
 Signed URLs can only be used with `GET` requests.

docs/reference/5-firmware/1-golioth-firmware-sdk/authentication/examples-zephyr.md

@@ -44,7 +44,7 @@ these stored credentials.
 The following steps are covered in the code example:
 
 1. Generate a set of root and device certificates [using the Golioth Docs as a
-   guide](/reference/firmware/golioth-firmware-sdk/authentication/certificate-auth#generate-certificates).
+   guide](/connectivity/credentials/pki/offline-pki#generating-device-certificates).
 2. Compile and flash the firmware example onto the device.
 3. Use `mcumgr` to copy the device certificates onto the device filesystem.
 4. Upload the root certificate to Golioth.
@@ -62,4 +62,3 @@ having a copy of the public root certificate).
 
 :::
 
-

docusaurus.config.js

@@ -2,7 +2,6 @@ module.exports = {
   title: "Golioth",
   tagline: "The Device You're Developing Is Cloud Ready",
   url: "https://docs.golioth.io",
-  themes: ["@docusaurus/theme-live-codeblock"],
   baseUrl: "/",
   onBrokenLinks: "throw",
   markdown: {
@@ -203,17 +202,6 @@ module.exports = {
     ],
   ],
   plugins: [
-    [
-      "docusaurus2-dotenv",
-      {
-        path: `./.env.${process.env.HOSTING_ENV}`, // The path to your environment variables.
-        safe: false, // If false ignore safe-mode, if true load './.env.example', if a string load that file as the sample
-        systemvars: false, // Set to true if you would rather load all system variables as well (useful for CI purposes)
-        silent: false, //  If true, all warnings will be suppressed
-        expand: false, // Allows your variables to be "expanded" for reusability within your .env file
-        defaults: false, //  Adds support for dotenv-defaults. If set to true, uses ./.env.defaults
-      },
-    ],
     [
       "posthog-docusaurus",
       {