[Snyk] Fix for 15 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • starters/blog/package.json
  • starters/blog/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1076581	No	Proof of Concept
	584/1000 Why? Has a fix available, CVSS 7.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1314893	No	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1585202	No	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Command Injection SNYK-JS-REACTDEVUTILS-1083268	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

• 8d07242 chore(release): Publish
• 0790895 chore(gatsby): Update README (chore(gatsby): Update README gatsbyjs/gatsby#33615)
• 06760d7 chore(gatsby): Change comment format in actions/public (chore(gatsby): Change comment format in actions/public gatsbyjs/gatsby#33592)
• 7d66a23 feat(gatsby): capture number of ssg,dsg,ssr pages in telemetry (feat(gatsby): capture number of ssg,dsg,ssr pages in telemetry gatsbyjs/gatsby#33337)
• 98a843c fix(gatsby): use lmdb.removeSync so getNode can't return deleted nodes (fix(gatsby): use lmdb.removeSync so getNode can't return deleted nodes gatsbyjs/gatsby#33554)
• 4d8e40b fix(gatsby-source-wordpress): Add steps for `refetch_ALL` (fix(gatsby-source-wordpress): Add steps for refetch_ALL gatsbyjs/gatsby#33264)
• 4761dc3 fix(gatsby): restore onPreBuild to being called right after bootstrap finishes (fix(gatsby): restore onPreBuild to being called right after bootstrap finishes gatsbyjs/gatsby#33591)
• 1cdbab6 fix(deps): update starters and examples gatsby packages to ^3.14.3 (fix(deps): update starters and examples gatsby packages to ^3.14.3 gatsbyjs/gatsby#33553)
• 0f421db chore(release): Publish next
• 7d6a0aa fix(gatsby): fix page-tree in ink-cli (fix(gatsby): fix page-tree in ink-cli gatsbyjs/gatsby#33579)
• 3993819 chore(gatsby): Add `assetPrefix` to `IGatsbyConfig` (chore(gatsby): Add assetPrefix to IGatsbyConfig gatsbyjs/gatsby#33575)
• 6cc964a fix(gatsby-source-wordpress): restore PQR support (fix(gatsby-source-wordpress): restore PQR support gatsbyjs/gatsby#33590)
• 9eef270 specifying what actually changed (specifying what actually changed gatsbyjs/gatsby#33452)
• 2975c4d feat(gatsby,gatsby-link): add queue to prefetch (feat(gatsby,gatsby-link): add queue to prefetch gatsbyjs/gatsby#33530)
• 68fe836 fix(gatsby): temporary workaround for stale jobs cache (fix(gatsby): temporary workaround for stale jobs cache gatsbyjs/gatsby#33586)
• a800d9d fix(gatsby): Update internal usage of .runQuery (fix(gatsby): Update internal usage of .runQuery gatsbyjs/gatsby#33571)
• 677760c chore(docs): Clarify SEO component guide (chore(docs): Clarify SEO component guide gatsbyjs/gatsby#33451)
• ccca4b3 fix(gatsby): only remove unused code when apis got removed (fix(gatsby): only remove unused code when apis got removed gatsbyjs/gatsby#33527)
• 8dbf550 fix(gatsby): assign correct parentSpans to PQR activities (fix(gatsby): assign correct parentSpans to PQR activities gatsbyjs/gatsby#33568)
• 31d5a5e fix(gatsby-dev-cli): resolve correct versions of packages with unpkg (fix(gatsby-dev-cli): resolve correct versions of packages with unpkg gatsbyjs/gatsby#33551)
• 5110074 fix(gatsby-plugin-gatsby-cloud): emit file nodes after source updates (fix(gatsby-plugin-gatsby-cloud): emit file nodes after source updates gatsbyjs/gatsby#33548)
• d2329df fix(gatsby): make sure 404 and 500 page inherit stateful status from original page (fix(gatsby): make sure 404 and 500 pages inherit stateful status from original page gatsbyjs/gatsby#33544)
• 68e5b90 chore(docs): Update query var in part-7 tutorial (chore(docs): Update query var in part-7 tutorial gatsbyjs/gatsby#33559)
• a8cab55 chore(gatsby-plugin-react-helmet): Update Examples (chore(gatsby-plugin-react-helmet): Update Examples gatsbyjs/gatsby#33552)

See the full diff

Package name: gatsby-remark-images

The new version differs by 250 commits.

• e98cb62 chore(release): Publish
• 164f9a1 fix(gatsby-source-contentful): De-dupe type names (fix(gatsby-source-contentful): De-dupe type names gatsbyjs/gatsby#30834) (fix(gatsby-source-contentful): De-dupe type names (#30834) gatsbyjs/gatsby#30850)
• 0b99d00 fix(gatsby): webpack warnings are no longer in object format by default (fix(gatsby): webpack warnings are no longer in object format by default gatsbyjs/gatsby#30801) (fix(gatsby): webpack warnings are no longer in object format by default (#30801) gatsbyjs/gatsby#30853)
• f561724 fix(gatsby): lower memory pressure in SSR (fix(gatsby): lower memory pressure in SSR gatsbyjs/gatsby#30793) (fix(gatsby): lower memory pressure in SSR (#30793) gatsbyjs/gatsby#30851)
• 96805d5 fix(gatsby-source-wordpress): change `console.warning` to `console.warn` (fix(gatsby-source-wordpress): error when sourcing nodes, change console.warning to console.warn gatsbyjs/gatsby#30764) (fix(gatsby-source-wordpress): change console.warning to console.warn (#30764) gatsbyjs/gatsby#30852)
• e40c83d chore(release): Publish next
• a5b5cf8 feat: upgrade to remark 13 (feat: upgrade to remark 13 gatsbyjs/gatsby#29678)
• 172cf4d chore(docs): Add link to perf implications siteContext (chore(docs): Add link to perf implications siteContext gatsbyjs/gatsby#30778)
• 4336d04 fix(gatsby-plugin-gatsby-cloud): Add missing index.js (so the plugin can be resolved in workspaces) (fix(gatsby-plugin-gatsby-cloud): Add missing index.js (so the plugin can be resolved in workspaces) gatsbyjs/gatsby#30761)
• 2bdd5a5 fix(gatsby-source-wordpress): only log out duplicate node if we have all the data we want to log (fix(gatsby-source-wordpress): only log out duplicate nodes if we have all the data we want to log gatsbyjs/gatsby#30751)
• 1a9b830 fix(gatsby-plugin-image): Don't inherit all img styles (fix(gatsby-plugin-image): Allow draggable=false on images gatsbyjs/gatsby#30754)
• e0df4cc chore(docs): Change "whitelist" to "allow list" (chore(docs): Change "whitelist" to "allow list" gatsbyjs/gatsby#30756)
• 81ec270 chore: Add backport script (chore: Add backport script gatsbyjs/gatsby#30732)
• 63cc8fa fix(docs): Copy edits for debugging html doc + add React-specific example (fix(docs): Copy edits for debugging html doc + add React-specific example gatsbyjs/gatsby#30745)
• eed1d43 fix(docs): Add link to how to enable DEV_SSR for fixing inconsistent css styles between dev/prod (fix(docs): Add link to how to enable DEV_SSR for fixing inconsistent css styles between dev/prod gatsbyjs/gatsby#30746)
• ecd823f perf(gatsby): cache babel config items (perf(gatsby): cache babel config items gatsbyjs/gatsby#28738)
• a60e92f chore(release): Publish next
• dd9e95c docs(gatsby-plugin-image): Note on tracedSVG options name change (docs(gatsby-plugin-image): Note on tracedSVG options name change gatsbyjs/gatsby#30736)
• a5869e3 fix(gatsby-plugin-image): Use bare GATSBY___IMAGE global (fix(gatsby-plugin-image): Use bare GATSBY___IMAGE global gatsbyjs/gatsby#30713)
• 0f3fa4e fix(contentful): make gatsby-plugin-image a peer dependency (fix(contentful): make gatsby-plugin-image a peer dependency gatsbyjs/gatsby#30709)
• 6b2fd94 fix(gatsby-source-wordpress): pass missing property helpers to gql fetch util (fix(gatsby-source-wordpress): pass missing property "helpers" to gql fetch util gatsbyjs/gatsby#30727)
• c6fa488 chore(docs): Update wording of tutorial part 8 (chore(docs): Update wording of tutorial part 8 gatsbyjs/gatsby#30606)
• a777367 fix(gatsby-cli): Update docs links in error-map (fix(gatsby-cli): Update docs links in error-map gatsbyjs/gatsby#30493)
• c473abf chore(docs): include autoprefixer in tailwind install command (chore(docs): include autoprefixer in tailwind install command gatsbyjs/gatsby#30718)

See the full diff

Package name: gatsby-transformer-remark

The new version differs by 250 commits.

• e98cb62 chore(release): Publish
• 164f9a1 fix(gatsby-source-contentful): De-dupe type names (fix(gatsby-source-contentful): De-dupe type names gatsbyjs/gatsby#30834) (fix(gatsby-source-contentful): De-dupe type names (#30834) gatsbyjs/gatsby#30850)
• 0b99d00 fix(gatsby): webpack warnings are no longer in object format by default (fix(gatsby): webpack warnings are no longer in object format by default gatsbyjs/gatsby#30801) (fix(gatsby): webpack warnings are no longer in object format by default (#30801) gatsbyjs/gatsby#30853)
• f561724 fix(gatsby): lower memory pressure in SSR (fix(gatsby): lower memory pressure in SSR gatsbyjs/gatsby#30793) (fix(gatsby): lower memory pressure in SSR (#30793) gatsbyjs/gatsby#30851)
• 96805d5 fix(gatsby-source-wordpress): change `console.warning` to `console.warn` (fix(gatsby-source-wordpress): error when sourcing nodes, change console.warning to console.warn gatsbyjs/gatsby#30764) (fix(gatsby-source-wordpress): change console.warning to console.warn (#30764) gatsbyjs/gatsby#30852)
• e40c83d chore(release): Publish next
• a5b5cf8 feat: upgrade to remark 13 (feat: upgrade to remark 13 gatsbyjs/gatsby#29678)
• 172cf4d chore(docs): Add link to perf implications siteContext (chore(docs): Add link to perf implications siteContext gatsbyjs/gatsby#30778)
• 4336d04 fix(gatsby-plugin-gatsby-cloud): Add missing index.js (so the plugin can be resolved in workspaces) (fix(gatsby-plugin-gatsby-cloud): Add missing index.js (so the plugin can be resolved in workspaces) gatsbyjs/gatsby#30761)
• 2bdd5a5 fix(gatsby-source-wordpress): only log out duplicate node if we have all the data we want to log (fix(gatsby-source-wordpress): only log out duplicate nodes if we have all the data we want to log gatsbyjs/gatsby#30751)
• 1a9b830 fix(gatsby-plugin-image): Don't inherit all img styles (fix(gatsby-plugin-image): Allow draggable=false on images gatsbyjs/gatsby#30754)
• e0df4cc chore(docs): Change "whitelist" to "allow list" (chore(docs): Change "whitelist" to "allow list" gatsbyjs/gatsby#30756)
• 81ec270 chore: Add backport script (chore: Add backport script gatsbyjs/gatsby#30732)
• 63cc8fa fix(docs): Copy edits for debugging html doc + add React-specific example (fix(docs): Copy edits for debugging html doc + add React-specific example gatsbyjs/gatsby#30745)
• eed1d43 fix(docs): Add link to how to enable DEV_SSR for fixing inconsistent css styles between dev/prod (fix(docs): Add link to how to enable DEV_SSR for fixing inconsistent css styles between dev/prod gatsbyjs/gatsby#30746)
• ecd823f perf(gatsby): cache babel config items (perf(gatsby): cache babel config items gatsbyjs/gatsby#28738)
• a60e92f chore(release): Publish next
• dd9e95c docs(gatsby-plugin-image): Note on tracedSVG options name change (docs(gatsby-plugin-image): Note on tracedSVG options name change gatsbyjs/gatsby#30736)
• a5869e3 fix(gatsby-plugin-image): Use bare GATSBY___IMAGE global (fix(gatsby-plugin-image): Use bare GATSBY___IMAGE global gatsbyjs/gatsby#30713)
• 0f3fa4e fix(contentful): make gatsby-plugin-image a peer dependency (fix(contentful): make gatsby-plugin-image a peer dependency gatsbyjs/gatsby#30709)
• 6b2fd94 fix(gatsby-source-wordpress): pass missing property helpers to gql fetch util (fix(gatsby-source-wordpress): pass missing property "helpers" to gql fetch util gatsbyjs/gatsby#30727)
• c6fa488 chore(docs): Update wording of tutorial part 8 (chore(docs): Update wording of tutorial part 8 gatsbyjs/gatsby#30606)
• a777367 fix(gatsby-cli): Update docs links in error-map (fix(gatsby-cli): Update docs links in error-map gatsbyjs/gatsby#30493)
• c473abf chore(docs): include autoprefixer in tailwind install command (chore(docs): include autoprefixer in tailwind install command gatsbyjs/gatsby#30718)

See the full diff

Package name: prismjs

The new version differs by 250 commits.

• 99d94fa 1.25.0
• 6d8e547 Updated changelog (How to add <script> inside the body? gatsbyjs/gatsby#3083)
• e008ea0 Added support for Kusto (Dynamically fetch data from a blog with GraphQL gatsbyjs/gatsby#3068)
• 4433ccf Added support for ASP.NET Razor ([gatsby-source-contentful] Error at fresh installment gatsbyjs/gatsby#3064)
• 6a356d2 Added support for Wren ([gatsby-source-wordpress] Fetch protected endpoints gatsbyjs/gatsby#3063)
• 4fbdd2f Added support for MAXScript (Use layout if exist for dev 404 page gatsbyjs/gatsby#3060)
• 746a4b1 Added AviSynth language definition ([gatsby-source-contentful] Markdown editor image link formatting issue gatsbyjs/gatsby#3071)
• ffb2043 Twilight theme: Increase selector specificities of plugin overrides ([gatsby-transformer-yaml] README.md differs from reality gatsbyjs/gatsby#3081)
• 52e8cee Markup: Made most patterns greedy (problem on sorting with graphql gatsbyjs/gatsby#3065)
• c7b6a7f Previewers: Ensure popup is visible across themes (Switch default host back to localhost as breaks HMR on unix fixes #2989 gatsbyjs/gatsby#3080)
• 0ff371b Markup: Fixed ReDoS (Fix tutorial part one hot reloading gatsbyjs/gatsby#3078)
• d216e60 Tests: Improved dection of empty patterns (Format Markdown with Prettier gatsbyjs/gatsby#3058)
• a1b67ce Added support for Magma (CAS) (docs: add GraphQL primer note + link gatsbyjs/gatsby#3055)
• 23cd9b6 Added support for GAP (CAS) (Add endpoint to refresh external data gatsbyjs/gatsby#3054)
• 8d0b74b Clojure: Improved tokenization (Use IntersectionObserver when polyfilled after gatsby-image first load gatsbyjs/gatsby#3056)
• 148c1ec Added support for Mermaid (gatsby-plugin-typescript should ignore .d.ts files in pages dir gatsbyjs/gatsby#3050)
• 8df825e Added support for Systemd configuration files (gatsby-plugin-catch-links: do not catch dynamically created anchor links to hash on IE gatsbyjs/gatsby#3053)
• 87e5a37 Added support for Apache Avro IDL (Question: Cache API Requests gatsbyjs/gatsby#3051)
• 247fd9a Highlight Keywords: More documentation (Fix loading the layout component in the frontend gatsbyjs/gatsby#3049)
• 35b88fc Shell-session: Fixed command false positives ([examples/no-trailing-slashes] Throws in cache-dir/loader.js gatsbyjs/gatsby#3048)
• 4f97b82 Added support for GN ([gatsby-transformer-remark] Update readme gatsbyjs/gatsby#3062)
• 5de8947 C++: Fixed generic function false positive (gatsby develop only sporadically recompiles on save gatsbyjs/gatsby#3043)
• 4e9338a ESLint: Added `regexp/no-super-linear-backtracking` rule (npm downloads gatsbyjs/gatsby#3040)
• 44456b2 Added benchmark suite ([Snyk] Security upgrade gatsby from 2.32.13 to 4.25.4 #2153)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic