[Snyk] Upgrade: gatsby, gatsby-plugin-google-analytics, gatsby-plugin-manifest, gatsby-plugin-netlify by snyk-bot · Pull Request #906 · hackistic/hackisticjs

snyk-bot · 2023-01-08T04:38:25Z

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on
gatsby from 2.17.15 to 2.32.13	646 versions ahead of your current version	2 years ago on 2021-05-04
gatsby-plugin-google-analytics from 2.1.27 to 2.11.0	56 versions ahead of your current version	2 years ago on 2021-02-02
gatsby-plugin-manifest from 2.2.28 to 2.12.1	105 versions ahead of your current version	2 years ago on 2021-02-24
gatsby-plugin-netlify from 2.1.25 to 2.11.1	61 versions ahead of your current version	2 years ago on 2021-03-18

The recommended version fixes:

Issue	PriorityScore (*)	Exploit Maturity
Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-610226	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1023599	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Arbitrary File Write SNYK-JS-TAR-1579155	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579152	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Write SNYK-JS-TAR-1579147	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536531	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary File Overwrite SNYK-JS-TAR-1536528	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-NODEFORGE-598677	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-MOMENT-2944238	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Directory Traversal SNYK-JS-MOMENT-2440688	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-ASYNC-2441827	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) npm:mem:20180117	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Prototype Pollution SNYK-JS-YARGSPARSER-560381	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-YARGSPARSER-560381	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Prototype Pollution SNYK-JS-YARGSPARSER-560381	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-1072471	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service (DoS) SNYK-JS-SOCKJS-575261	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Insecure Defaults SNYK-JS-SOCKETIO-1024859	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-PROMPTS-1729737	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2942134	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Information Exposure SNYK-JS-PARSEURL-2935947	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2935944	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Denial of Service SNYK-JS-NODEFETCH-674311	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Denial of Service SNYK-JS-NODEFETCH-674311	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Denial of Service SNYK-JS-NODEFETCH-674311	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Cross-site Scripting (XSS) SNYK-JS-GRAPHQLPLAYGROUNDHTML-571775	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Mature
Prototype Pollution SNYK-JS-FLAT-596927	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	472/1000 Why? Proof of Concept exploit, CVSS 7.3	No Known Exploit
Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-2936249	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-HOSTEDGITINFO-1088355	472/1000 Why? Proof of Concept exploit, CVSS 7.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade: - gatsby from 2.17.15 to 2.32.13. See this package in npm: - gatsby-plugin-google-analytics from 2.1.27 to 2.11.0. See this package in npm: - gatsby-plugin-manifest from 2.2.28 to 2.12.1. See this package in npm: - gatsby-plugin-netlify from 2.1.25 to 2.11.1. See this package in npm: See this project in Snyk: https://app.snyk.io/org/hacksterjs/project/42f824ae-4e8d-4913-ada8-72b08eefef44?utm_source=github&utm_medium=referral&page=upgrade-pr

gatsby-cloud · 2023-01-08T04:42:53Z

✅ dfdigital deploy preview ready

Deploy preview
Build logs · 1m build time
Performance 99 💚 · Accessibility 100 💚 · Best Practices 100 💚 · SEO 92 💚 — View full report

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade: gatsby, gatsby-plugin-google-analytics, gatsby-plugin-manifest, gatsby-plugin-netlify#906

[Snyk] Upgrade: gatsby, gatsby-plugin-google-analytics, gatsby-plugin-manifest, gatsby-plugin-netlify#906
snyk-bot wants to merge 1 commit intomasterfrom
snyk-upgrade-844e6d1296470e068b09da604de0d631

snyk-bot commented Jan 8, 2023

Uh oh!

gatsby-cloud bot commented Jan 8, 2023 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

snyk-bot commented Jan 8, 2023

Snyk has created this PR to upgrade multiple dependencies.

Uh oh!

gatsby-cloud bot commented Jan 8, 2023 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

✅ dfdigital deploy preview ready

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

gatsby-cloud bot commented Jan 8, 2023 •

edited

Loading