Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 1 vulnerabilities #4112

Open
wants to merge 1 commit into
base: staging
Choose a base branch
from

Conversation

afebbraro
Copy link
Contributor

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 713/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4
Prototype Pollution
SNYK-JS-JSON5-3182856
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gatsby The new version differs by 250 commits.
  • f1d3f7b chore(release): Publish
  • 6e6ea56 chore(release): Publish rc
  • df50ce7 fix(gatsby): Add dir=ltr to Fast Refresh overlay (#29900) (#29908)
  • 83adec5 chore(docs): update readme (#29837) (#29909)
  • b2628da will git stop being weird (#29897) (#29907)
  • c98c87f chore(release): Publish rc
  • c8bf571 fix(gatsby-source-wordpress): image fixes (#29813) (#29886)
  • 85bb8ea fix(gatsby-plugin-image): Update peerdeps (#29880) (#29888)
  • c266b83 fix(gatsby): Remove `react-hot-loader` deps & other unused deps (#29864) (#29876)
  • 222ca3f fix(gatsby): with some custom babel configs array spreading with Set is not safe (#29885) (#29889)
  • ea31900 chore(release): Publish rc
  • f070422 fix(gatsby): Fix various small DEV_SSR bugs exposed in development_runtime tests (#29720) (#29866)
  • cb3b1ca chore: update peerdeps to latest major versions (#29857) (#29867)
  • 8639f7b fix(create-gatsby): Use legacy peer deps (#29856) (#29862)
  • fdc1fe2 fix(gatsby): fix some css HMR edge cases (#29839) (#29865)
  • e8a7e3b fix(gatsby-plugin-preact): fix fast-refresh (#29831) (#29860)
  • e7453c3 fix(gatsby): Improve Fast Refresh overlay styles (#29855) (#29861)
  • 76f4f96 chore: upgrade postcss & plugins (#29793)
  • de6cba6 chore(release): Publish rc
  • aafe584 fix: query on demand loading indicator always active on preact. (#29829) (#29836)
  • 34f5b8c fix(hmr): accept hot updates for modules above page templates (#29752) (#29835)
  • b8d21f8 fix(gatsby): workaround graphql-compose issue (#29822) (#29834)
  • 32fee71 fix(gatsby): eslint linting (#29796) (#29814)
  • bca7951 fix(gatsby-source-wordpress): HTML image regex's (#29778) (#29816)

See the full diff

Package name: gatsby-plugin-mdx The new version differs by 250 commits.
  • b8eac2d chore(release): Publish
  • 3253a38 fix(gatsby-plugin-mdx): Hashing and pluginOptions (#36387) (#36395)
  • 1880491 fix(gatsby-script): Reach router import (#36385) (#36394)
  • f664ad2 feat(gatsby): Telemetry tracking for Head API (#36352)
  • ab55e4e chore: Update `got` (#36366)
  • 2b4ff76 fix(gatsby): Make runtime error overlay work in non-v8 browsers (#36365)
  • f990e08 fix(test): clear and close lmdb after each test suite (#36343)
  • 7fcf580 fix(gatsby): e.remove() is not a function when using Gatsby Head API (#36338)
  • 25fb9d1 chore: Fix pipeline tests (#36363)
  • a9132a5 chore(deps): update sharp (#35539)
  • bc80c23 chore: Add note about rehype-slug-custom-id
  • 5b6f1f6 chore(gatsby): upgrade multer (#36359)
  • f2f0acf chore(gatsby-telemetry): upgrade git-up (#36358)
  • 86a8efc chore(release): Publish next
  • 0705ac7 chore(gatsby-plugin-mdx): Update .gitignore
  • c92db36 BREAKING CHANGE(gatsby-plugin-mdx): MDX v2 (#35650)
  • 3c0dd6d chore(release): Publish next
  • 86b6ee9 Revert "chore(gatsby): Make `plugins` in `PluginOptions` type optional (#36351)"
  • a2fa5a2 chore(gatsby): Make `plugins` in `PluginOptions` type optional (#36351)
  • 6ecfe4a fix(gatsby-source-contentful): Correctly overwrite field type on Assets (#36337)
  • 0ed362c chore(docs): Pre-encoded unicode characters can't be used in paths (#36325)
  • 2bbe96d fix(deps): update dependency file-type to ^16.5.4 for gatsby-source-filesystem (#36276)
  • 2be3fa7 chore(docs): Add first batch of Cloud docs (#36218)
  • 4238142 chore(docs): Remove outdated examples and recipes (#36335)

See the full diff

Package name: gatsby-plugin-postcss The new version differs by 250 commits.
  • bdd723e chore(release): Publish
  • 00f7c08 breaking(gatsby-plugin-postcss): Upgrade gatsby-plugin-postcss to PostCSS 8 (#26947)
  • 57c79b1 chore(release): Publish
  • c377aef chore: Fix dirty lock file (#27200)
  • def8b37 Add siteHash and userAgent (#27170)
  • f1d45d4 Try detecting codesandbox and mark it as CI (#26958)
  • 710667f chore(deps): update dependency csstype to v2.6.13 (#27083)
  • 668858f chore(deps): update minor and patch for gatsby-remark-copy-linked-files (#27112)
  • b74ffaf chore(deps): update minor and patch for gatsby-remark-prismjs (#27113)
  • a4cf33b chore(deps): update dependency @ types/fs-extra to ^8.1.1 (#27072)
  • fcdedc0 chore(deps): update better-opn (#27100)
  • e085f63 chore(deps): update dependency @ types/lodash to ^4.14.161 (#27074)
  • 8d89796 chore(renovate): Fix typo
  • aad6551 chore: update schedule renovatebot (#27175)
  • 73dd4be chore(docs): Update gatsby-plugin-guess-js README (#25876)
  • 10dfe01 fix(blog): July gazette: brand names, files in code fences.... (#26228)
  • 152b524 Fix(gatsby-plugin-catch-links): SVGAnimatedString may not be available in some browsers. (#26047)
  • bfd46f8 fix(gatsby-source-contentful): Add file-extension to remote cached items (#25924)
  • 78abe26 fix(gatsby-telemetry): export typescript types, add captureEvent (#27167)
  • 79d70be Add siteName to ITelemetryTagsPayload (#27169)
  • 8d62b2c fix(gatsby): retry socket when connection closes (#27060)
  • 4e7ab0e chore(deps): update dependency @ types/node-fetch to ^2.5.7 (#27076)
  • 96e3935 chore(deps): update dependency @ types/got to ^9.6.11 (#27073)
  • e4a37a4 tests: run CircleCI tests when only yarn.lock changes (#27162)

See the full diff

Package name: gatsby-plugin-sass The new version differs by 250 commits.
  • f8cc2a3 chore(release): Publish
  • ecebdd3 fix(gatsby-plugin-sharp): Add avif to pipeline (#28871) (#28876)
  • 3f854ba perf(gatsby-plugin-mdx): Stop clobbering the same file over and over again (#27974) (#28874)
  • 0c1c807 fix(create-gatsby) the sessionId is supposed to be the same for the whole duration of the session (#28864) (#28870)
  • 6b7c5e7 fix(gatsby-plugin-image): Fix handling of sizes prop in SSR (#28835) (#28867)
  • afac774 perf(gatsby-plugin-sharp): change approach to concurrency for image processing (#28575) (#28862)
  • f04304e feat(gatsby): Partially release develop SSR to 5% (#28844) (#28859)
  • ceeb7d4 fix(gatsby-plugin-sharp): Pass format-specific options in image-data (#28826) (#28853)
  • 883d184 feature(gatsby): Extract non-css-in-js css and add add to <head> when SSRing in dev (#28471) (#28856)
  • b648728 fix(gatsby-plugin-image): Correct image styles (#28834) (#28854)
  • f45ba68 fix(gatsby-plugin-image): Better error logging (#28741) (#28855)
  • f19c807 chore(gatsby): enable query on demand (and lazy images) by default for local development (#28787)
  • bd6b899 feat(gatsby): use production React for dev-ssr when CI=true (#28728)
  • abdb8d6 feat(gatsby-source-graphql): Default Apollo Link fetch wrapper to show better API errors (#28786)
  • 3b40d80 feat(gatsby): enable lazy images by default (#28743)
  • 968914f chore(release): Publish next
  • 5c3931c chore(gatsby): Keep page renderer around (#28784)
  • 2058775 feat: Add AVIF image support to beta image plugin (#28742)
  • 146b197 fix(gatsby): print childOf directive for implicit child fields (#28483)
  • 3af7182 chore(telemetry) improve github action and circle detection (#28732)
  • 338ed78 chore(telemetry): add valueBoolean (#28734)
  • 4021a57 chore(gatsby-source-graphql): docs on how to use apollo links (#28686)
  • 3a51e22 perf(gatsby-source-contentful): dont re-create nodes (#28642)
  • 6af620c fix(gatsby-plugin-image): Preload lazy-hydrator (#28690)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants