[Snyk] Upgrade gatsby from 5.0.0 to 5.12.9 #309

X-oss-byte · 2023-12-11T08:21:07Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade gatsby from 5.0.0 to 5.12.9.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 111 versions ahead of your current version.
The recommended version was released a month ago, on 2023-10-26.

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Improper Input Validation SNYK-JS-POSTCSS-5926692	265/1000 Why? CVSS 5.3	No Known Exploit
Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	265/1000 Why? CVSS 5.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-5596892	265/1000 Why? CVSS 5.3	No Known Exploit
Sandbox Bypass SNYK-JS-WEBPACK-3358798	265/1000 Why? CVSS 5.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-ENGINEIO-3136336	265/1000 Why? CVSS 5.3	No Known Exploit
Prototype Pollution SNYK-JS-JSON5-3182856	265/1000 Why? CVSS 5.3	Proof of Concept
Prototype Pollution SNYK-JS-JSON5-3182856	265/1000 Why? CVSS 5.3	Proof of Concept
Heap-based Buffer Overflow SNYK-JS-SHARP-5922108	265/1000 Why? CVSS 5.3	Mature
Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	265/1000 Why? CVSS 5.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-3244450	265/1000 Why? CVSS 5.3	Proof of Concept
Information Exposure SNYK-JS-GATSBY-5671647	265/1000 Why? CVSS 5.3	Proof of Concept
Information Exposure SNYK-JS-GATSBYCLI-5671903	265/1000 Why? CVSS 5.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-GRAPHQL-5905181	265/1000 Why? CVSS 5.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: gatsby

5.12.9 - 2023-10-26
5.12.8 - 2023-10-20
5.12.7 - 2023-10-17
5.12.6 - 2023-10-09
5.12.5 - 2023-09-27
5.12.4 - 2023-09-05
5.12.3 - 2023-08-28
5.12.2 - 2023-08-28
5.12.1 - 2023-08-24
5.12.0 - 2023-08-24
5.12.0-next.1 - 2023-07-03
5.12.0-next.0 - 2023-06-15
5.11.0 - 2023-06-15
5.11.0-touch-nodes-fix.4 - 2023-06-14
5.11.0-next.1 - 2023-06-05
5.11.0-next.0 - 2023-05-16
5.10.0 - 2023-05-16
5.10.0-next.4 - 2023-05-03
5.10.0-next.3 - 2023-04-27
5.10.0-next.2 - 2023-04-27
5.10.0-next.1 - 2023-04-19
5.10.0-next.0 - 2023-04-18
5.10.0-infer-block-less.13 - 2023-05-09
5.10.0-infer-block-less.12 - 2023-05-09
5.10.0-infer-block-less.11 - 2023-05-08
5.10.0-infer-block-less.8 - 2023-05-08
5.10.0-infer-block-less.7 - 2023-05-05
5.10.0-infer-block-less.6 - 2023-05-05
5.10.0-infer-block-less.5 - 2023-05-05
5.10.0-gatsby-gc.20 - 2023-05-16
5.10.0-gatsby-gc.19 - 2023-05-16
5.10.0-gatsby-gc.18 - 2023-05-16
5.10.0-gatsby-gc.17 - 2023-05-15
5.10.0-gatsby-gc.16 - 2023-05-15
5.10.0-gatsby-gc.15 - 2023-05-15
5.10.0-gatsby-gc.14 - 2023-05-15
5.10.0-alpha-adapters.165 - 2023-07-14
5.10.0-alpha-adapters.164 - 2023-07-13
5.10.0-alpha-adapters.159 - 2023-07-12
5.10.0-alpha-adapters.158 - 2023-07-12
5.10.0-alpha-adapters.156 - 2023-07-11
5.10.0-alpha-adapters.155 - 2023-07-11
5.10.0-alpha-adapters.153 - 2023-07-11
5.10.0-alpha-adapters.142 - 2023-07-04
5.10.0-alpha-adapters.141 - 2023-07-03
5.10.0-alpha-adapters.130 - 2023-06-30
5.10.0-alpha-adapters.96 - 2023-06-14
5.10.0-alpha-adapters.94 - 2023-06-14
5.10.0-alpha-adapters.89 - 2023-06-14
5.9.1 - 2023-05-09
5.9.0 - 2023-04-18
5.9.0-touch-nodes-optout.49 - 2023-04-12
5.9.0-reduce-contentful-mem-usage.39 - 2023-04-17
5.9.0-reduce-contentful-mem-usage.38 - 2023-04-17
5.9.0-reduce-contentful-mem-usage.36 - 2023-04-17
5.9.0-next.3 - 2023-04-06
5.9.0-next.2 - 2023-03-30
5.9.0-next.1 - 2023-03-28
5.9.0-next.0 - 2023-03-21
5.9.0-lmdb-remapchunks.41 - 2023-04-20
5.9.0-lmdb-remapchunks.40 - 2023-04-20
5.9.0-image-cdn-configurable.4 - 2023-04-11
5.9.0-alpha-cg-tailwind.23 - 2023-05-09
5.8.1 - 2023-03-29
5.8.0 - 2023-03-21
5.8.0-touchnodes-memdebug2.19 - 2023-03-23
5.8.0-touchnodes-memdebug2.17 - 2023-03-22
5.8.0-touchnodes-memdebug.17 - 2023-03-21
5.8.0-next.3 - 2023-03-14
5.8.0-next.2 - 2023-03-07
5.8.0-next.1 - 2023-02-22
5.8.0-next.0 - 2023-02-16
5.8.0-inference-memdebug.26 - 2023-03-23
5.8.0-inference-memdebug.22 - 2023-03-23
5.8.0-alpha-rspack.4 - 2023-03-10
5.8.0-alpha-react-profiling-env.8 - 2023-03-17
5.7.0 - 2023-02-21
5.7.0-next.1 - 2023-02-08
5.7.0-next.0 - 2023-02-03
5.6.1 - 2023-02-16
5.6.0 - 2023-02-07
5.6.0-next.2 - 2023-01-30
5.6.0-next.1 - 2023-01-26
5.6.0-next.0 - 2023-01-19
5.5.0 - 2023-01-24
5.5.0-next.1 - 2023-01-17
5.5.0-next.0 - 2023-01-05
5.5.0-alpha-initial-webhook-body.31 - 2023-01-16
5.5.0-alpha-initial-webhook-body.30 - 2023-01-16
5.4.2 - 2023-01-17
5.4.1 - 2023-01-13
5.4.0 - 2023-01-10
5.4.0-next.3 - 2023-01-04
5.4.0-next.2 - 2022-12-14
5.4.0-next.1 - 2022-12-14
5.4.0-next.0 - 2022-12-08
5.3.3 - 2022-12-20
5.3.2 - 2022-12-14
5.3.1 - 2022-12-14
5.3.0 - 2022-12-13
5.3.0-next.4 - 2022-12-07
5.3.0-next.3 - 2022-12-07
5.3.0-next.2 - 2022-12-06
5.3.0-next.1 - 2022-12-01
5.3.0-next.0 - 2022-11-25
5.2.0 - 2022-11-25
5.2.0-next.1 - 2022-11-23
5.2.0-next.0 - 2022-11-17
5.1.0 - 2022-11-22
5.1.0-next.0 - 2022-11-08
5.0.1 - 2022-11-10
5.0.0 - 2022-11-08

from gatsby GitHub release notes

Commit messages

Package name: gatsby

8ae8281 chore(release): Publish
c43080f fix: respect 'force' and 'conditions' properties on redirects (fix: respect 'force' and 'conditions' properties on redirects gatsbyjs/gatsby#38657) (fix: respect 'force' and 'conditions' properties on redirects (#38657) gatsbyjs/gatsby#38664)
4bf84f0 test(adapters-e2e): deploy to platform instead of ntl serve (test(adapters-e2e): deploy to platform instead of ntl serve gatsbyjs/gatsby#38643) (test(adapters-e2e): deploy to platform instead of ntl serve (#38643) gatsbyjs/gatsby#38662)
67c8832 test: bump node version for pnp tests (test: bump node version for pnp tests gatsbyjs/gatsby#38656) (test: bump node version for pnp tests (#38656) gatsbyjs/gatsby#38663)
6869562 fix(gatsby): Adapter header rules (fix(gatsby): Adapter header rules gatsbyjs/gatsby#38644) (fix(gatsby): Adapter header rules (#38644) gatsbyjs/gatsby#38661)
4a76878 chore: added logging for cache handling (chore: added logging for cache handling gatsbyjs/gatsby#38654) (chore: added logging for cache handling (#38654) gatsbyjs/gatsby#38660)
470d182 chore(release): Publish
02e925a fix(gatsby): support multiple instances of same variable in gatsbyImage placeholderUrl (fix(gatsby): support multiple instances of same variable in gatsbyImage placeholderUrl gatsbyjs/gatsby#38626) (fix(gatsby): support multiple instances of same variable in gatsbyImage placeholderUrl (#38626) gatsbyjs/gatsby#38647)
8302bc8 fix(gatsby): don't force leading slash for external paths in routes manifest (fix(gatsby): don't force leading slash for external paths in routes manifest gatsbyjs/gatsby#38639) (fix(gatsby): don't force leading slash for external paths in routes manifest (#38639) gatsbyjs/gatsby#38646)
39d2fd8 chore(release): Publish
acb8799 fix(gatsby): open lmdb instances in writeable locations in generated ssr/dsg function (fix(gatsby): open lmdb instances in writeable locations in generated ssr/dsg function gatsbyjs/gatsby#38631) (fix(gatsby): open lmdb instances in writeable locations in generated ssr/dsg function (#38631) gatsbyjs/gatsby#38638)
1e8748c chore(release): Publish
f1a4107 chore(deps): upgrade sharp to latest v0.32.6 (chore(deps): upgrade sharp to latest v0.32.6 gatsbyjs/gatsby#38374) (chore(deps): upgrade sharp to latest v0.32.6 (#38374) gatsbyjs/gatsby#38617)
4dc464b chore(source-npm-package-search): bespoke treatment for `plugin-gatsby-cloud` and `source-contentful` (chore(source-npm-package-search): bespoke treatment for plugin-gatsby-cloud and source-contentful gatsbyjs/gatsby#38619) (chore(source-npm-package-search): bespoke treatment for plugin-gatsby-cloud and source-contentful (#38619) gatsbyjs/gatsby#38622)
aff105b chore(release): Publish
8061500 Update gatsby-contentful-plugin README (Update gatsby-contentful-plugin README gatsbyjs/gatsby#38480) (Update gatsby-contentful-plugin README (#38480) gatsbyjs/gatsby#38607)
aefefa9 chore(release): Publish
9ffed29 feat(gatsby-graphiql-explorer): lower minimum node version (feat(gatsby-graphiql-explorer): lower minimum node version gatsbyjs/gatsby#38577) (feat(gatsby-graphiql-explorer): lower minimum node version (#38577) gatsbyjs/gatsby#38579)
d055a99 chore(release): Publish
56ddcce fix(gatsby-adapter-netlify): handle cases with large cached _redirects and/or _headers files (fix(gatsby-adapter-netlify): handle cases with large cached _redirects and/or _headers files gatsbyjs/gatsby#38559) (fix(gatsby-adapter-netlify): handle cases with large cached _redirects and/or _headers files (#38559) gatsbyjs/gatsby#38564)
68be864 chore(release): Publish
dfcc546 Update gatsby-cloud-plugin README (Update gatsby-cloud-plugin README gatsbyjs/gatsby#38479) (Update gatsby-cloud-plugin README (#38479) gatsbyjs/gatsby#38550)
0642eb7 chore(release): Publish
232ec13 fix(gatsby): don't break builds when using features unsupported by adapter (fix(gatsby): don't break builds when using features unsupported by adapter gatsbyjs/gatsby#38520) (fix(gatsby): don't break builds when using features unsupported by adapter (#38520) gatsbyjs/gatsby#38521)

Compare

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade gatsby from 5.0.0 to 5.12.9. See this package in npm: https://www.npmjs.com/package/gatsby See this project in Snyk: https://app.snyk.io/org/sammytezzy/project/f5fdc01b-8aa3-49af-9e83-74a833d59c17?utm_source=github&utm_medium=referral&page=upgrade-pr

stackblitz · 2023-12-11T08:21:11Z

Run & review this pull request in StackBlitz Codeflow.

changeset-bot · 2023-12-11T08:21:13Z

⚠️ No Changeset found

Latest commit: eb06464

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Upgrade gatsby from 5.0.0 to 5.12.9 #309

[Snyk] Upgrade gatsby from 5.0.0 to 5.12.9 #309

X-oss-byte commented Dec 11, 2023

stackblitz bot commented Dec 11, 2023

changeset-bot bot commented Dec 11, 2023

[Snyk] Upgrade gatsby from 5.0.0 to 5.12.9 #309

Are you sure you want to change the base?

[Snyk] Upgrade gatsby from 5.0.0 to 5.12.9 #309

Conversation

X-oss-byte commented Dec 11, 2023

Snyk has created this PR to upgrade gatsby from 5.0.0 to 5.12.9.

stackblitz bot commented Dec 11, 2023

changeset-bot bot commented Dec 11, 2023

⚠️ No Changeset found