[Snyk] Fix for 6 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • examples/using-MDX/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Authorization Bypass Through User-Controlled Key SNYK-JS-PARSEPATH-2936439	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-3023021	Yes	Proof of Concept
	571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Improper Input Validation SNYK-JS-PARSEURL-3024398	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Command Injection SNYK-JS-REACTDEVUTILS-1083268	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Remote Code Execution (RCE) SNYK-JS-SHARP-2848109	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

• 8d07242 chore(release): Publish
• 0790895 chore(gatsby): Update README (chore(gatsby): Update README gatsbyjs/gatsby#33615)
• 06760d7 chore(gatsby): Change comment format in actions/public (chore(gatsby): Change comment format in actions/public gatsbyjs/gatsby#33592)
• 7d66a23 feat(gatsby): capture number of ssg,dsg,ssr pages in telemetry (feat(gatsby): capture number of ssg,dsg,ssr pages in telemetry gatsbyjs/gatsby#33337)
• 98a843c fix(gatsby): use lmdb.removeSync so getNode can't return deleted nodes (fix(gatsby): use lmdb.removeSync so getNode can't return deleted nodes gatsbyjs/gatsby#33554)
• 4d8e40b fix(gatsby-source-wordpress): Add steps for `refetch_ALL` (fix(gatsby-source-wordpress): Add steps for refetch_ALL gatsbyjs/gatsby#33264)
• 4761dc3 fix(gatsby): restore onPreBuild to being called right after bootstrap finishes (fix(gatsby): restore onPreBuild to being called right after bootstrap finishes gatsbyjs/gatsby#33591)
• 1cdbab6 fix(deps): update starters and examples gatsby packages to ^3.14.3 (fix(deps): update starters and examples gatsby packages to ^3.14.3 gatsbyjs/gatsby#33553)
• 0f421db chore(release): Publish next
• 7d6a0aa fix(gatsby): fix page-tree in ink-cli (fix(gatsby): fix page-tree in ink-cli gatsbyjs/gatsby#33579)
• 3993819 chore(gatsby): Add `assetPrefix` to `IGatsbyConfig` (chore(gatsby): Add assetPrefix to IGatsbyConfig gatsbyjs/gatsby#33575)
• 6cc964a fix(gatsby-source-wordpress): restore PQR support (fix(gatsby-source-wordpress): restore PQR support gatsbyjs/gatsby#33590)
• 9eef270 specifying what actually changed (specifying what actually changed gatsbyjs/gatsby#33452)
• 2975c4d feat(gatsby,gatsby-link): add queue to prefetch (feat(gatsby,gatsby-link): add queue to prefetch gatsbyjs/gatsby#33530)
• 68fe836 fix(gatsby): temporary workaround for stale jobs cache (fix(gatsby): temporary workaround for stale jobs cache gatsbyjs/gatsby#33586)
• a800d9d fix(gatsby): Update internal usage of .runQuery (fix(gatsby): Update internal usage of .runQuery gatsbyjs/gatsby#33571)
• 677760c chore(docs): Clarify SEO component guide (chore(docs): Clarify SEO component guide gatsbyjs/gatsby#33451)
• ccca4b3 fix(gatsby): only remove unused code when apis got removed (fix(gatsby): only remove unused code when apis got removed gatsbyjs/gatsby#33527)
• 8dbf550 fix(gatsby): assign correct parentSpans to PQR activities (fix(gatsby): assign correct parentSpans to PQR activities gatsbyjs/gatsby#33568)
• 31d5a5e fix(gatsby-dev-cli): resolve correct versions of packages with unpkg (fix(gatsby-dev-cli): resolve correct versions of packages with unpkg gatsbyjs/gatsby#33551)
• 5110074 fix(gatsby-plugin-gatsby-cloud): emit file nodes after source updates (fix(gatsby-plugin-gatsby-cloud): emit file nodes after source updates gatsbyjs/gatsby#33548)
• d2329df fix(gatsby): make sure 404 and 500 page inherit stateful status from original page (fix(gatsby): make sure 404 and 500 pages inherit stateful status from original page gatsbyjs/gatsby#33544)
• 68e5b90 chore(docs): Update query var in part-7 tutorial (chore(docs): Update query var in part-7 tutorial gatsbyjs/gatsby#33559)
• a8cab55 chore(gatsby-plugin-react-helmet): Update Examples (chore(gatsby-plugin-react-helmet): Update Examples gatsbyjs/gatsby#33552)

See the full diff

Package name: gatsby-plugin-manifest

The new version differs by 250 commits.

• f6734b9 chore(release): Publish
• 9a616c0 fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY (fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY gatsbyjs/gatsby#34853) (fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY (#34853) gatsbyjs/gatsby#34896)
• f5705b9 fix(create-gatsby): Add required deps for theme-ui option (fix(create-gatsby): Add required deps for theme-ui option gatsbyjs/gatsby#34885) (fix(create-gatsby): Add required deps for theme-ui option (#34885) gatsbyjs/gatsby#34897)
• 9a579f1 fix(gatsby-core-utils): fix 304 when file does not exists (fix(gatsby-core-utils): fix 304 when file does not exists gatsbyjs/gatsby#34842) (fix(gatsby-core-utils): fix 304 when file does not exists (#34842) gatsbyjs/gatsby#34888)
• 148d016 fix(gatsby): Remove double enhanced-resolve dep (fix(gatsby): Remove double enhanced-resolve dep gatsbyjs/gatsby#34854) (fix(gatsby): Remove double enhanced-resolve dep (#34854) gatsbyjs/gatsby#34889)
• 19b0304 feat(gatsby-core-utils): improve fetch-remote-file (feat(gatsby-core-utils): improve fetch-remote-file gatsbyjs/gatsby#34758)
• ac1d777 fix(gatsby-source-contentful): avoid confusion of Gatsby node and Contentful node count in logs (fix(gatsby-source-contentful): avoid confusion of Gatsby node and Contentful node count in logs gatsbyjs/gatsby#34830)
• ee8c874 refactor(gatsby-source-contentful): remove unnecessary check for existing node (refactor(gatsby-source-contentful): remove unnecessary check for existing node gatsbyjs/gatsby#34829)
• 056b48e test(gatsby): Add a memory test suite command to the memory benchmark (test(gatsby): Add a memory test suite command to the memory benchmark gatsbyjs/gatsby#34810)
• 45cb1f1 chore(release): Publish next
• 4c832bf documentation: Add Third Party Schema (docs(gatsby): Add Third Party Schema gatsbyjs/gatsby#34820)
• 9f23dec chore(gatsby): cache shouldn't reference nodes strongly (chore(gatsby): cache shouldn't reference nodes strongly gatsbyjs/gatsby#34821)
• f2d4830 feat(gatsby-core-utils): create proper mutex (feat(gatsby-core-utils): create proper mutex gatsbyjs/gatsby#34761)
• 21ef185 chore(changelogs): update changelogs (chore(changelogs): update changelogs gatsbyjs/gatsby#34826)
• a2f99af fix(deps): update starters and examples gatsby packages to ^4.7.2 (fix(deps): update starters and examples gatsby packages to ^4.7.2 gatsbyjs/gatsby#34822)
• 76c89d8 chore(release): Publish next
• 54d29c4 chore(gatsby): upgrade from lmdb-store to lmdb (chore(gatsby): upgrade from lmdb-store to lmdb gatsbyjs/gatsby#34576)
• 3df8583 fix(core): Make filter/sort query only hold onto node properties it needs (fix(core): Make filter/sort query only hold onto node properties it needs gatsbyjs/gatsby#34747)
• 3c3362b refactor(core): Make load plugins modular, prepare for TS (refactor(core): Make load plugins modular, prepare for TS gatsbyjs/gatsby#34813)
• 3d74584 feat(gatsby): allow referencing derived types in schema customization (feat(gatsby): allow referencing derived types in schema customization gatsbyjs/gatsby#34787)
• bfd04d3 fix(gatsby): Content Sync DSG bug (fix(gatsby): Content Sync DSG bug gatsbyjs/gatsby#34799)
• 326a483 fix(deps): update dependency sharp to ^0.30.1 (fix(deps): update dependency sharp to ^0.30.1 gatsbyjs/gatsby#34755)
• 7b958f9 docs: update typo Forestry (docs: update typo Forestry gatsbyjs/gatsby#34805)
• ba8e21c feat(gatsby): Match node manifest pages by page context slug (feat(gatsby): Match node manifest pages by page context slug gatsbyjs/gatsby#34790)

See the full diff

Package name: gatsby-plugin-sharp

The new version differs by 250 commits.

• f6734b9 chore(release): Publish
• 9a616c0 fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY (fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY gatsbyjs/gatsby#34853) (fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY (#34853) gatsbyjs/gatsby#34896)
• f5705b9 fix(create-gatsby): Add required deps for theme-ui option (fix(create-gatsby): Add required deps for theme-ui option gatsbyjs/gatsby#34885) (fix(create-gatsby): Add required deps for theme-ui option (#34885) gatsbyjs/gatsby#34897)
• 9a579f1 fix(gatsby-core-utils): fix 304 when file does not exists (fix(gatsby-core-utils): fix 304 when file does not exists gatsbyjs/gatsby#34842) (fix(gatsby-core-utils): fix 304 when file does not exists (#34842) gatsbyjs/gatsby#34888)
• 148d016 fix(gatsby): Remove double enhanced-resolve dep (fix(gatsby): Remove double enhanced-resolve dep gatsbyjs/gatsby#34854) (fix(gatsby): Remove double enhanced-resolve dep (#34854) gatsbyjs/gatsby#34889)
• 19b0304 feat(gatsby-core-utils): improve fetch-remote-file (feat(gatsby-core-utils): improve fetch-remote-file gatsbyjs/gatsby#34758)
• ac1d777 fix(gatsby-source-contentful): avoid confusion of Gatsby node and Contentful node count in logs (fix(gatsby-source-contentful): avoid confusion of Gatsby node and Contentful node count in logs gatsbyjs/gatsby#34830)
• ee8c874 refactor(gatsby-source-contentful): remove unnecessary check for existing node (refactor(gatsby-source-contentful): remove unnecessary check for existing node gatsbyjs/gatsby#34829)
• 056b48e test(gatsby): Add a memory test suite command to the memory benchmark (test(gatsby): Add a memory test suite command to the memory benchmark gatsbyjs/gatsby#34810)
• 45cb1f1 chore(release): Publish next
• 4c832bf documentation: Add Third Party Schema (docs(gatsby): Add Third Party Schema gatsbyjs/gatsby#34820)
• 9f23dec chore(gatsby): cache shouldn't reference nodes strongly (chore(gatsby): cache shouldn't reference nodes strongly gatsbyjs/gatsby#34821)
• f2d4830 feat(gatsby-core-utils): create proper mutex (feat(gatsby-core-utils): create proper mutex gatsbyjs/gatsby#34761)
• 21ef185 chore(changelogs): update changelogs (chore(changelogs): update changelogs gatsbyjs/gatsby#34826)
• a2f99af fix(deps): update starters and examples gatsby packages to ^4.7.2 (fix(deps): update starters and examples gatsby packages to ^4.7.2 gatsbyjs/gatsby#34822)
• 76c89d8 chore(release): Publish next
• 54d29c4 chore(gatsby): upgrade from lmdb-store to lmdb (chore(gatsby): upgrade from lmdb-store to lmdb gatsbyjs/gatsby#34576)
• 3df8583 fix(core): Make filter/sort query only hold onto node properties it needs (fix(core): Make filter/sort query only hold onto node properties it needs gatsbyjs/gatsby#34747)
• 3c3362b refactor(core): Make load plugins modular, prepare for TS (refactor(core): Make load plugins modular, prepare for TS gatsbyjs/gatsby#34813)
• 3d74584 feat(gatsby): allow referencing derived types in schema customization (feat(gatsby): allow referencing derived types in schema customization gatsbyjs/gatsby#34787)
• bfd04d3 fix(gatsby): Content Sync DSG bug (fix(gatsby): Content Sync DSG bug gatsbyjs/gatsby#34799)
• 326a483 fix(deps): update dependency sharp to ^0.30.1 (fix(deps): update dependency sharp to ^0.30.1 gatsbyjs/gatsby#34755)
• 7b958f9 docs: update typo Forestry (docs: update typo Forestry gatsbyjs/gatsby#34805)
• ba8e21c feat(gatsby): Match node manifest pages by page context slug (feat(gatsby): Match node manifest pages by page context slug gatsbyjs/gatsby#34790)

See the full diff

Package name: gatsby-transformer-sharp

The new version differs by 250 commits.

• f6734b9 chore(release): Publish
• 9a616c0 fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY (fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY gatsbyjs/gatsby#34853) (fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY (#34853) gatsbyjs/gatsby#34896)
• f5705b9 fix(create-gatsby): Add required deps for theme-ui option (fix(create-gatsby): Add required deps for theme-ui option gatsbyjs/gatsby#34885) (fix(create-gatsby): Add required deps for theme-ui option (#34885) gatsbyjs/gatsby#34897)
• 9a579f1 fix(gatsby-core-utils): fix 304 when file does not exists (fix(gatsby-core-utils): fix 304 when file does not exists gatsbyjs/gatsby#34842) (fix(gatsby-core-utils): fix 304 when file does not exists (#34842) gatsbyjs/gatsby#34888)
• 148d016 fix(gatsby): Remove double enhanced-resolve dep (fix(gatsby): Remove double enhanced-resolve dep gatsbyjs/gatsby#34854) (fix(gatsby): Remove double enhanced-resolve dep (#34854) gatsbyjs/gatsby#34889)
• 19b0304 feat(gatsby-core-utils): improve fetch-remote-file (feat(gatsby-core-utils): improve fetch-remote-file gatsbyjs/gatsby#34758)
• ac1d777 fix(gatsby-source-contentful): avoid confusion of Gatsby node and Contentful node count in logs (fix(gatsby-source-contentful): avoid confusion of Gatsby node and Contentful node count in logs gatsbyjs/gatsby#34830)
• ee8c874 refactor(gatsby-source-contentful): remove unnecessary check for existing node (refactor(gatsby-source-contentful): remove unnecessary check for existing node gatsbyjs/gatsby#34829)
• 056b48e test(gatsby): Add a memory test suite command to the memory benchmark (test(gatsby): Add a memory test suite command to the memory benchmark gatsbyjs/gatsby#34810)
• 45cb1f1 chore(release): Publish next
• 4c832bf documentation: Add Third Party Schema (docs(gatsby): Add Third Party Schema gatsbyjs/gatsby#34820)
• 9f23dec chore(gatsby): cache shouldn't reference nodes strongly (chore(gatsby): cache shouldn't reference nodes strongly gatsbyjs/gatsby#34821)
• f2d4830 feat(gatsby-core-utils): create proper mutex (feat(gatsby-core-utils): create proper mutex gatsbyjs/gatsby#34761)
• 21ef185 chore(changelogs): update changelogs (chore(changelogs): update changelogs gatsbyjs/gatsby#34826)
• a2f99af fix(deps): update starters and examples gatsby packages to ^4.7.2 (fix(deps): update starters and examples gatsby packages to ^4.7.2 gatsbyjs/gatsby#34822)
• 76c89d8 chore(release): Publish next
• 54d29c4 chore(gatsby): upgrade from lmdb-store to lmdb (chore(gatsby): upgrade from lmdb-store to lmdb gatsbyjs/gatsby#34576)
• 3df8583 fix(core): Make filter/sort query only hold onto node properties it needs (fix(core): Make filter/sort query only hold onto node properties it needs gatsbyjs/gatsby#34747)
• 3c3362b refactor(core): Make load plugins modular, prepare for TS (refactor(core): Make load plugins modular, prepare for TS gatsbyjs/gatsby#34813)
• 3d74584 feat(gatsby): allow referencing derived types in schema customization (feat(gatsby): allow referencing derived types in schema customization gatsbyjs/gatsby#34787)
• bfd04d3 fix(gatsby): Content Sync DSG bug (fix(gatsby): Content Sync DSG bug gatsbyjs/gatsby#34799)
• 326a483 fix(deps): update dependency sharp to ^0.30.1 (fix(deps): update dependency sharp to ^0.30.1 gatsbyjs/gatsby#34755)
• 7b958f9 docs: update typo Forestry (docs: update typo Forestry gatsbyjs/gatsby#34805)
• ba8e21c feat(gatsby): Match node manifest pages by page context slug (feat(gatsby): Match node manifest pages by page context slug gatsbyjs/gatsby#34790)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)
🦉 Regular Expression Denial of Service (ReDoS)