[Snyk] Fix for 17 vulnerabilities #741

0xSebin · 2022-06-22T07:32:24Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- examples/using-excel/package.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	Yes	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
556/1000 Why? Recently disclosed, Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Command Injection SNYK-JS-REACTDEVUTILS-1083268	Yes	Proof of Concept
619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-XLSX-1311137	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-XLSX-1311139	Yes	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-XLSX-1311141	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

2c324f6 chore(release): Publish
55c7183 feat(contentful): add support for tables in Rich Text (feat(contentful): add support for tables in Rich Text gatsbyjs/gatsby#33870)
053180a fix(gatsby): Better TS compilation error (fix(gatsby): Better TS compilation error gatsbyjs/gatsby#35594)
0cf0bd9 chore(release): Publish next
9a91295 fix(gatsby-plugin-image): fix image flickers (fix(gatsby-plugin-image): fix image flickers gatsbyjs/gatsby#35226)
f358dc3 chore(release): Publish next
966aca8 feat(gatsby): Improvements to GraphQL TypeScript Generation (feat(gatsby): Improvements to GraphQL TypeScript Generation gatsbyjs/gatsby#35581)
8bad9b3 perf(gatsby): Minify page-data (perf(gatsby): Minify page-data gatsbyjs/gatsby#35578)
39e9840 chore(gatsby): Expose `serverDataStatus` field in SSR type declaration file (chore(gatsby): Expose serverDataStatus field in SSR type declaration file gatsbyjs/gatsby#35505)
ebd63b2 feat(gatsby-source-wordpress): use image cdn for non-resizable images in html (svgs/gifs mainly) (feat(gatsby-source-wordpress): use image cdn for non-resizable images in html (svgs/gifs mainly) gatsbyjs/gatsby#35529)
5e51519 fix(gatsby-source-wordpress): update test deps and fix int tests (fix(gatsby-source-wordpress): update test deps and fix int tests gatsbyjs/gatsby#35582)
128c7bb feat(gatsby-source-wordpress): always include draft slugs (feat(gatsby-source-wordpress): always include draft slugs gatsbyjs/gatsby#35573)
abc6dca feat(gatsby-plugin-image): add check for node.gatsbyImage in the getImage helper (feat(gatsby-plugin-image): add check for node.gatsbyImage in the getImage helper gatsbyjs/gatsby#35507)
e51c3a3 chore(release): Publish next
c9d98a4 feat(gatsby): Initial GraphQL Typegen Implementation (feat(gatsby): Initial GraphQL Typegen Implementation gatsbyjs/gatsby#35487)
17cbc7c fix(deps): update minor and patch dependencies for gatsby-source-graphql (fix(deps): update minor and patch dependencies for gatsby-source-graphql gatsbyjs/gatsby#35545)
10752ed fix(deps): update dependency fs-extra to ^10.1.0 (fix(deps): update dependency fs-extra to ^10.1.0 gatsbyjs/gatsby#34976)
0abdcd6 fix(deps): update dependency coffeescript to ^2.7.0 for gatsby-plugin-coffeescript (fix(deps): update dependency coffeescript to ^2.7.0 for gatsby-plugin-coffeescript gatsbyjs/gatsby#35550)
7cda002 fix(deps): update dependency eslint-plugin-import to ^2.26.0 (fix(deps): update dependency eslint-plugin-import to ^2.26.0 gatsbyjs/gatsby#35551)
3e74a9f fix(deps): update dependency eslint-plugin-react-hooks to ^4.5.0 (fix(deps): update dependency eslint-plugin-react-hooks to ^4.5.0 gatsbyjs/gatsby#35552)
fb98116 fix(deps): update minor and patch dependencies for gatsby-source-drupal (fix(deps): update minor and patch dependencies for gatsby-source-drupal gatsbyjs/gatsby#35554)
c09287a chore(deps): update starters and examples (chore(deps): update starters and examples gatsbyjs/gatsby#35565)
bf854ca fix(deps): update dependency prop-types to ^15.8.1 for gatsby-link (fix(deps): update dependency prop-types to ^15.8.1 for gatsby-link gatsbyjs/gatsby#35291)
71eb414 chore(deps): update dependency typescript to ^4.6.4 (chore(deps): update dependency typescript to ^4.6.4 gatsbyjs/gatsby#34984)

See the full diff

Package name: gatsby-transformer-excel

The new version differs by 250 commits.

715739c chore(release): Publish
b33f5fe feat(gatsby-source-drupal): Disable caching + add http/2 agent (feat(gatsby-source-drupal): Disable caching + add http/2 agent gatsbyjs/gatsby#32012) (feat(gatsby-source-drupal): Disable caching + add http/2 agent (#32012) gatsbyjs/gatsby#32038)
65e04d2 feat(gatsby): enable webpack caching for all (feat(gatsby): enable webpack caching for all gatsbyjs/gatsby#32018) (feat(gatsby): enable webpack caching for all (#32018) gatsbyjs/gatsby#32032)
f795be3 fix(contentful): reenable support for gif images (fix(contentful): reenable support for gif images gatsbyjs/gatsby#31986) (fix(contentful): reenable support for gif images (#31986) gatsbyjs/gatsby#32029)
549cca9 removed apikey references/usage from shopify plugin (feat(gatsby-source-shopify): removed apikey references/usage from shopify plugin gatsbyjs/gatsby#32024) (removed apikey references/usage from shopify plugin (#32024) gatsbyjs/gatsby#32033)
cb914ae feat(gatsby-source-shopify): add default sales channel when using shopify app integration (feat(gatsby-source-shopify): add default sales channel when using shopify app integration gatsbyjs/gatsby#32010) (feat(gatsby-source-shopify): add default sales channel when using shopify app integration (#32010) gatsbyjs/gatsby#32030)
19fbb6a fix shopify source store url check (fix shopify source store url check gatsbyjs/gatsby#32003) (fix shopify source store url check (#32003) gatsbyjs/gatsby#32031)
b0de8f8 feat(gatsby-source-drupal): Use Got instead of Axios for retries & caching support + restrict to 20 concurrent requests (feat(gatsby-source-drupal): Use Got instead of Axios for retries & caching support + restrict to 20 concurrent requests gatsbyjs/gatsby#31514)
f91dd52 fix(gatsby-plugin-sitemap): Properly throw error on missing siteUrl (fix(gatsby-plugin-sitemap): Properly throw error on missing siteUrl gatsbyjs/gatsby#31963)
d469867 chore(release): Publish next
3222927 chore(gatsby-source-shopify): remove prepublish script from package json (chore(gatsby-source-shopify): remove prepublish script from package json gatsbyjs/gatsby#31968)
9e58577 fix(gatsby-source-shopify): fix gitignore (fix gitignore gatsbyjs/gatsby#31967)
c520894 docs: Fix missing commas in plugin-image defaults (docs: Fix missing commas in plugin-image defaults gatsbyjs/gatsby#31961)
aa3bad2 chore(docs): Fix multiple grammar issues (chore(docs): Fix multiple grammar issues gatsbyjs/gatsby#31946)
76a040d BREAKING(gatsby-source-shopify): Replace with new plugin (BREAKING(gatsby-source-shopify): Replace with new plugin gatsbyjs/gatsby#31862)
f641c5c fix(deps): update starters and examples - gatsby (fix(deps): update starters and examples - gatsby gatsbyjs/gatsby#31934)
75a2804 chore(docs): Fix grammar issue (chore(docs): Fix grammar issue gatsbyjs/gatsby#31937)
1ecd6e1 feat(gatsby-plugin-google-analytics): enable core webvitals tracking (feat(gatsby-plugin-google-analytics): enable core webvitals tracking gatsbyjs/gatsby#31665)
d06d6b5 chore(gatsby): Fix Invalid 'main' field error (chore(gatsby): Fix Invalid 'main' field error gatsbyjs/gatsby#31899)
1f89646 fix(gatsby-source-contentful): improve error message when dominant color can't be generated (fix(gatsby-source-contentful): improve error message when dominant color can't be generated gatsbyjs/gatsby#31879)
315b694 feat(gatsby): PQR workers can access inference metadata (feat(gatsby): PQR workers can access inference metadata gatsbyjs/gatsby#31858)
222a5ed feat(gatsby): PQR workers can access page & static queries (feat(gatsby): PQR workers can access page & static queries gatsbyjs/gatsby#31852)
28ca867 fix(gatsby): Update eslint a11y config (fix(gatsby): Update eslint a11y config gatsbyjs/gatsby#31896)
cf33dae chore(deps): update dependency eslint-plugin-react to ^7.24.0 (chore(deps): update dependency eslint-plugin-react to ^7.24.0 gatsbyjs/gatsby#31697)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect
🦉 Open Redirect
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn

…903d1ab [Snyk] Fix for 17 vulnerabilities

…6c49f17 [Snyk] Fix for 10 vulnerabilities

…8aef877 [Snyk] Fix for 17 vulnerabilities

…y-starter-blog-theme/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908

…100948c [Snyk] Security upgrade gatsby from 4.0.0 to 4.6.0

…660338f [Snyk] Fix for 11 vulnerabilities

…57a6c61d [Snyk] Fix for 15 vulnerabilities

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 - https://snyk.io/vuln/SNYK-JS-CSSWHAT-1298035 - https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-2330875 - https://snyk.io/vuln/SNYK-JS-NODEFORGE-2331908 - https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032 - https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640 - https://snyk.io/vuln/SNYK-JS-REACTDEVUTILS-1083268

…07b4b963 [Snyk] Fix for 8 vulnerabilities

…ities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 - https://snyk.io/vuln/SNYK-JS-CSSWHAT-1298035 - https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032

…fb23fa4b [Snyk] Security upgrade subfont from 4.2.2 to 6.3.0

…54ee307e [Snyk] Fix for 11 vulnerabilities

0xSebin and others added 20 commits November 3, 2020 13:35

Update README.md

f001419

Merge pull request #2 from 0xSebin/snyk-fix-6bc8d7ee57485152ab3d7772d…

404d718

…903d1ab [Snyk] Fix for 17 vulnerabilities

Merge pull request #3 from 0xSebin/snyk-fix-7bea780ad574667dfda10e6af…

9df9003

…6c49f17 [Snyk] Fix for 10 vulnerabilities

Merge pull request #4 from 0xSebin/snyk-fix-ad671b398116c284f8a9b3c9f…

af53dd7

…8aef877 [Snyk] Fix for 17 vulnerabilities

fix: starters/gatsby-starter-blog-theme/package.json & starters/gatsb…

9344b55

…y-starter-blog-theme/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908

Merge pull request #6 from 0xSebin/snyk-fix-f15c1d9bf0e0a1d5a641e031b…

6992fa2

…100948c [Snyk] Security upgrade gatsby from 4.0.0 to 4.6.0

Merge pull request #8 from 0xSebin/snyk-fix-a2ad439e0c10fbd5a257de385…

e14374d

…660338f [Snyk] Fix for 11 vulnerabilities

Merge pull request #10 from 0xSebin/snyk-fix-b92f5dc64214847d6c2f32af…

03cbd71

…57a6c61d [Snyk] Fix for 15 vulnerabilities

Merge pull request #12 from 0xSebin/snyk-fix-3398315ad97d9ea2042ad22d…

f085435

…07b4b963 [Snyk] Fix for 8 vulnerabilities

fix: packages/gatsby-plugin-subfont/package.json to reduce vulnerabil…

d465f68

…ities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908 - https://snyk.io/vuln/SNYK-JS-CSSWHAT-1298035 - https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032

Merge pull request #13 from 0xSebin/snyk-fix-8942e122db057660fde1ba63…

6bb9eb4

…fb23fa4b [Snyk] Security upgrade subfont from 4.2.2 to 6.3.0

Merge pull request #14 from 0xSebin/snyk-fix-c46aa05be9f7be2a282be97f…

d1bf25e

…54ee307e [Snyk] Fix for 11 vulnerabilities

0xSebin force-pushed the master branch from e66a8c9 to e58c180 Compare February 28, 2023 04:49

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 17 vulnerabilities #741

[Snyk] Fix for 17 vulnerabilities #741

0xSebin commented Jun 22, 2022

[Snyk] Fix for 17 vulnerabilities #741

Are you sure you want to change the base?

[Snyk] Fix for 17 vulnerabilities #741

Conversation

0xSebin commented Jun 22, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade: