Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 30 vulnerabilities #131

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

mansong1
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • docs/package.json
    • docs/package-lock.json
    • docs/.snyk

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
Yes Proof of Concept
medium severity 616/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.9
Server-Side Request Forgery (SSRF)
SNYK-JS-AXIOS-1038255
No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-AXIOS-1579269
No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-ENGINEIO-1056749
No Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2332181
No Proof of Concept
low severity 344/1000
Why? Has a fix available, CVSS 2.6
Information Exposure
SNYK-JS-FOLLOWREDIRECTS-2396346
No No Known Exploit
medium severity 608/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 4.3
Information Exposure
SNYK-JS-GATSBY-5671647
Yes Proof of Concept
medium severity 608/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 4.3
Information Exposure
SNYK-JS-GATSBYCLI-5671903
Yes Proof of Concept
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
Deserialization of Untrusted Data
SNYK-JS-GATSBYPLUGINMDX-2405699
Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HTTPCACHESEMANTICS-3248783
Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Information Exposure
SNYK-JS-MERMAID-2936793
Yes Proof of Concept
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-3050818
Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-NTHCHECK-1586032
Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
Server-side Request Forgery (SSRF)
SNYK-JS-PARSEURL-3023021
Yes Proof of Concept
medium severity 571/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5
Improper Input Validation
SNYK-JS-PARSEURL-3024398
Yes Proof of Concept
low severity 399/1000
Why? Has a fix available, CVSS 3.7
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POLISHED-1298071
No No Known Exploit
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640
Yes Proof of Concept
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6
Command Injection
SNYK-JS-REACTDEVUTILS-1083268
Yes Proof of Concept
medium severity 646/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.5
Validation Bypass
SNYK-JS-SANITIZEHTML-1070780
Yes Proof of Concept
medium severity 539/1000
Why? Has a fix available, CVSS 6.5
Access Restriction Bypass
SNYK-JS-SANITIZEHTML-1070786
Yes No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SANITIZEHTML-2957526
Yes No Known Exploit
critical severity 684/1000
Why? Has a fix available, CVSS 9.4
Arbitrary Code Execution
SNYK-JS-SANITIZEHTML-585892
Yes No Known Exploit
medium severity 658/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
Yes Proof of Concept
medium severity 539/1000
Why? Has a fix available, CVSS 6.5
Remote Code Execution (RCE)
SNYK-JS-SHARP-2848109
Yes No Known Exploit
high severity 619/1000
Why? Has a fix available, CVSS 8.1
Remote Code Execution (RCE)
SNYK-JS-SHELLQUOTE-1766506
Yes No Known Exploit
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-TRIM-1017038
Yes Proof of Concept
medium severity 586/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.3
Regular Expression Denial of Service (ReDoS)
SNYK-JS-WS-1296835
No Proof of Concept
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
Arbitrary Code Injection
SNYK-JS-XMLHTTPREQUESTSSL-1082936
No Proof of Concept
high severity 686/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.3
Access Restriction Bypass
SNYK-JS-XMLHTTPREQUESTSSL-1255647
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: @mdx-js/mdx The new version differs by 30 commits.

See the full diff

Package name: gatsby The new version differs by 250 commits.
  • 0c6cd61 chore(release): Publish
  • 5e8e621 chore: Update main README (#36954)
  • 7130cd4 test(gatsby): Slices API integration tests (#36747)
  • 6496eed chore(release): Publish next
  • bc7ac84 chore: preserve previous webpack stats derived values, even if we restart webpack itself (#36980)
  • 2b5af32 fix: drop `__renderedByLocation` prop when calculating slice props hashes and don't expose it to slice component (#36979)
  • cc1ee9b chore(release): Publish next
  • 6a53861 chore(gatsby-link): Correct type export (#36968)
  • 0ad6314 fix(gatsby-graphiql-explorer): Use upstream exporter package (#36966)
  • 964265c chore(release): Publish next
  • b624442 chore: Update peerDeps (#36965)
  • b2ab092 chore(release): Publish next
  • e2a14bf feat(gatsby): Slices <> partial hydration interop (#36960)
  • 0083e62 fix(deps): update starters and examples gatsby packages to ^4.24.7 (#36957)
  • 68e9cab chore(changelogs): update changelogs (#36958)
  • b9eb8d2 chore(deps): update dependency autoprefixer to ^10.4.13 for gatsby-plugin-sass (#36934)
  • 58c37ea chore(deps): update dependency @ jridgewell/trace-mapping to ^0.3.17 for gatsby-legacy-polyfills (#36933)
  • a5e4c47 fix(deps): update dependency body-parser to ^1.20.1 for gatsby-source-drupal (#36940)
  • c86aa7e chore(docs): Add clarification for Pro Tip on Part 4 of tutorial (#36918)
  • d5c775a feat(gatsby): handle graphql-import-node bundling (#36951)
  • 59e2976 feat(gatsby-remark-embed-snippet): added csproj to language map so it will be recognized as xml (#36919)
  • c8a7dda chore(docs): Valhalla Content Hub Reference Guide (#36949)
  • 3044280 fix(gatsby): stitch slices if just page html was regenerating without any of used slices regenerating (#36950)
  • 10abdcb chore(release): Publish next

See the full diff

Package name: gatsby-plugin-google-analytics The new version differs by 250 commits.
  • 2cfb64b chore(release): Publish
  • c132f2d feat(gatsby-plugin-google-gtag): Add `delayOnRouteUpdate` option (#37017)
  • 3032a1b fix(gatsby): Use xstate `predictableActionArguments` & update to 4.34 (#36342)
  • aca64b7 chore: Add constraints to renovate (#37047)
  • f94db78 fix(gatsby-transformer-csv): Fix high memory consumption (#36610)
  • f158930 test: e2e tests for Slices API (#36746)
  • 9d67c13 chore(docs): Google Analytics: use gtag.js plugin (#36984)
  • 8569655 chore(gatsby-plugin-google-analytics): Update `minimatch` (#37029)
  • 086c862 fix(gatsby-core-utils): decode uri-encode filename for remote file (#35637)
  • ccf56d5 chore: Add npm "engines" (#37046)
  • 5772595 fix(gatsby-source-wordpress) pass store for auth (#37006)
  • c411d69 chore(docs): Add `--` to quick start flags (#37041)
  • 2a06fff chore(docs): Deployment Updates & Cleanup (#37038)
  • 0fb0390 chore: Repository Cleanup (#37035)
  • 88b9dc5 chore(gatsby-source-wordpress): remove runApisInSteps and call runApiSteps for each gatsby-node api (#37039)
  • b69709c build: include e2e tests in renovate config (#37005)
  • 8fc95f5 chore(docs): Clarify language in v4 to v5 migration guide (#37007)
  • 1cfd9b8 chore(e2e-tests): Wait for route change on back/forward (#37033)
  • 4842417 chore(docs): Add IE 11 note to v2 to v3 migration guide (#37022)
  • 19dd1c4 fix(graphiql-explorer): Adjust env var truthiness logic (#37032)
  • 57b37ae chore(changelogs): update changelogs (#37030)
  • 58197a0 fix(docs): update forEach to use map (#37008)
  • 3a4d333 chore: migrate from express-graphql to graphql-http (#37001)
  • 5766694 chore(docs): Add overview video to release notes (+ other misc) (#37003)

See the full diff

Package name: gatsby-plugin-manifest The new version differs by 250 commits.
  • f6734b9 chore(release): Publish
  • 9a616c0 fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY (#34853) (#34896)
  • f5705b9 fix(create-gatsby): Add required deps for theme-ui option (#34885) (#34897)
  • 9a579f1 fix(gatsby-core-utils): fix 304 when file does not exists (#34842) (#34888)
  • 148d016 fix(gatsby): Remove double enhanced-resolve dep (#34854) (#34889)
  • 19b0304 feat(gatsby-core-utils): improve fetch-remote-file (#34758)
  • ac1d777 fix(gatsby-source-contentful): avoid confusion of Gatsby node and Contentful node count in logs (#34830)
  • ee8c874 refactor(gatsby-source-contentful): remove unnecessary check for existing node (#34829)
  • 056b48e test(gatsby): Add a memory test suite command to the memory benchmark (#34810)
  • 45cb1f1 chore(release): Publish next
  • 4c832bf documentation: Add Third Party Schema (#34820)
  • 9f23dec chore(gatsby): cache shouldn't reference nodes strongly (#34821)
  • f2d4830 feat(gatsby-core-utils): create proper mutex (#34761)
  • 21ef185 chore(changelogs): update changelogs (#34826)
  • a2f99af fix(deps): update starters and examples gatsby packages to ^4.7.2 (#34822)
  • 76c89d8 chore(release): Publish next
  • 54d29c4 chore(gatsby): upgrade from lmdb-store to lmdb (#34576)
  • 3df8583 fix(core): Make filter/sort query only hold onto node properties it needs (#34747)
  • 3c3362b refactor(core): Make load plugins modular, prepare for TS (#34813)
  • 3d74584 feat(gatsby): allow referencing derived types in schema customization (#34787)
  • bfd04d3 fix(gatsby): Content Sync DSG bug (#34799)
  • 326a483 fix(deps): update dependency sharp to ^0.30.1 (#34755)
  • 7b958f9 docs: update typo Forestry (#34805)
  • ba8e21c feat(gatsby): Match node manifest pages by page context slug (#34790)

See the full diff

Package name: gatsby-plugin-mdx The new version differs by 250 commits.
  • b8eac2d chore(release): Publish
  • 3253a38 fix(gatsby-plugin-mdx): Hashing and pluginOptions (#36387) (#36395)
  • 1880491 fix(gatsby-script): Reach router import (#36385) (#36394)
  • f664ad2 feat(gatsby): Telemetry tracking for Head API (#36352)
  • ab55e4e chore: Update `got` (#36366)
  • 2b4ff76 fix(gatsby): Make runtime error overlay work in non-v8 browsers (#36365)
  • f990e08 fix(test): clear and close lmdb after each test suite (#36343)
  • 7fcf580 fix(gatsby): e.remove() is not a function when using Gatsby Head API (#36338)
  • 25fb9d1 chore: Fix pipeline tests (#36363)
  • a9132a5 chore(deps): update sharp (#35539)
  • bc80c23 chore: Add note about rehype-slug-custom-id
  • 5b6f1f6 chore(gatsby): upgrade multer (#36359)
  • f2f0acf chore(gatsby-telemetry): upgrade git-up (#36358)
  • 86a8efc chore(release): Publish next
  • 0705ac7 chore(gatsby-plugin-mdx): Update .gitignore
  • c92db36 BREAKING CHANGE(gatsby-plugin-mdx): MDX v2 (#35650)
  • 3c0dd6d chore(release): Publish next
  • 86b6ee9 Revert "chore(gatsby): Make `plugins` in `PluginOptions` type optional (#36351)"
  • a2fa5a2 chore(gatsby): Make `plugins` in `PluginOptions` type optional (#36351)
  • 6ecfe4a fix(gatsby-source-contentful): Correctly overwrite field type on Assets (#36337)
  • 0ed362c chore(docs): Pre-encoded unicode characters can't be used in paths (#36325)
  • 2bbe96d fix(deps): update dependency file-type to ^16.5.4 for gatsby-source-filesystem (#36276)
  • 2be3fa7 chore(docs): Add first batch of Cloud docs (#36218)
  • 4238142 chore(docs): Remove outdated examples and recipes (#36335)

See the full diff

Package name: gatsby-plugin-sharp The new version differs by 250 commits.
  • f6734b9 chore(release): Publish
  • 9a616c0 fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY (#34853) (#34896)
  • f5705b9 fix(create-gatsby): Add required deps for theme-ui option (#34885) (#34897)
  • 9a579f1 fix(gatsby-core-utils): fix 304 when file does not exists (#34842) (#34888)
  • 148d016 fix(gatsby): Remove double enhanced-resolve dep (#34854) (#34889)
  • 19b0304 feat(gatsby-core-utils): improve fetch-remote-file (#34758)
  • ac1d777 fix(gatsby-source-contentful): avoid confusion of Gatsby node and Contentful node count in logs (#34830)
  • ee8c874 refactor(gatsby-source-contentful): remove unnecessary check for existing node (#34829)
  • 056b48e test(gatsby): Add a memory test suite command to the memory benchmark (#34810)
  • 45cb1f1 chore(release): Publish next
  • 4c832bf documentation: Add Third Party Schema (#34820)
  • 9f23dec chore(gatsby): cache shouldn't reference nodes strongly (#34821)
  • f2d4830 feat(gatsby-core-utils): create proper mutex (#34761)
  • 21ef185 chore(changelogs): update changelogs (#34826)
  • a2f99af fix(deps): update starters and examples gatsby packages to ^4.7.2 (#34822)
  • 76c89d8 chore(release): Publish next
  • 54d29c4 chore(gatsby): upgrade from lmdb-store to lmdb (#34576)
  • 3df8583 fix(core): Make filter/sort query only hold onto node properties it needs (#34747)
  • 3c3362b refactor(core): Make load plugins modular, prepare for TS (#34813)
  • 3d74584 feat(gatsby): allow referencing derived types in schema customization (#34787)
  • bfd04d3 fix(gatsby): Content Sync DSG bug (#34799)
  • 326a483 fix(deps): update dependency sharp to ^0.30.1 (#34755)
  • 7b958f9 docs: update typo Forestry (#34805)
  • ba8e21c feat(gatsby): Match node manifest pages by page context slug (#34790)

See the full diff

Package name: gatsby-remark-images The new version differs by 250 commits.
  • e98cb62 chore(release): Publish
  • 164f9a1 fix(gatsby-source-contentful): De-dupe type names (#30834) (#30850)
  • 0b99d00 fix(gatsby): webpack warnings are no longer in object format by default (#30801) (#30853)
  • f561724 fix(gatsby): lower memory pressure in SSR (#30793) (#30851)
  • 96805d5 fix(gatsby-source-wordpress): change `console.warning` to `console.warn` (#30764) (#30852)
  • e40c83d chore(release): Publish next
  • a5b5cf8 feat: upgrade to remark 13 (#29678)
  • 172cf4d chore(docs): Add link to perf implications siteContext (#30778)
  • 4336d04 fix(gatsby-plugin-gatsby-cloud): Add missing index.js (so the plugin can be resolved in workspaces) (#30761)
  • 2bdd5a5 fix(gatsby-source-wordpress): only log out duplicate node if we have all the data we want to log (#30751)
  • 1a9b830 fix(gatsby-plugin-image): Don't inherit all img styles (#30754)
  • e0df4cc chore(docs): Change "whitelist" to "allow list" (#30756)
  • 81ec270 chore: Add backport script (#30732)
  • 63cc8fa fix(docs): Copy edits for debugging html doc + add React-specific example (#30745)
  • eed1d43 fix(docs): Add link to how to enable DEV_SSR for fixing inconsistent css styles between dev/prod (#30746)
  • ecd823f perf(gatsby): cache babel config items (#28738)
  • a60e92f chore(release): Publish next
  • dd9e95c docs(gatsby-plugin-image): Note on tracedSVG options name change (#30736)
  • a5869e3 fix(gatsby-plugin-image): Use bare GATSBY___IMAGE global (#30713)
  • 0f3fa4e fix(contentful): make gatsby-plugin-image a peer dependency (#30709)
  • 6b2fd94 fix(gatsby-source-wordpress): pass missing property helpers to gql fetch util (#30727)
  • c6fa488 chore(docs): Update wording of tutorial part 8 (#30606)
  • a777367 fix(gatsby-cli): Update docs links in error-map (#30493)
  • c473abf chore(docs): include autoprefixer in tailwind install command (#30718)

See the full diff

Package name: gatsby-transformer-remark The new version differs by 250 commits.
  • 0c6cd61 chore(release): Publish
  • 5e8e621 chore: Update main README (#36954)
  • 7130cd4 test(gatsby): Slices API integration tests (#36747)
  • 6496eed chore(release): Publish next
  • bc7ac84 chore: preserve previous webpack stats derived values, even if we restart webpack itself (#36980)
  • 2b5af32 fix: drop `__renderedByLocation` prop when calculating slice props hashes and don't expose it to slice component (#36979)
  • cc1ee9b chore(release): Publish next
  • 6a53861 chore(gatsby-link): Correct type export (#36968)
  • 0ad6314 fix(gatsby-graphiql-explorer): Use upstream exporter package (#36966)
  • 964265c chore(release): Publish next
  • b624442 chore: Update peerDeps (#36965)
  • b2ab092 chore(release): Publish next
  • e2a14bf feat(gatsby): Slices <> partial hydration interop (#36960)
  • 0083e62 fix(deps): update starters and examples gatsby packages to ^4.24.7 (#36957)
  • 68e9cab chore(changelogs): update changelogs (#36958)
  • b9eb8d2 chore(deps): update dependency autoprefixer to ^10.4.13 for gatsby-plugin-sass (#36934)
  • 58c37ea chore(deps): update dependency @ jridgewell/trace-mapping to ^0.3.17 for gatsby-legacy-polyfills (#36933)
  • a5e4c47 fix(deps): update dependency body-parser to ^1.20.1 for gatsby-source-drupal (#36940)
  • c86aa7e chore(docs): Add clarification for Pro Tip on Part 4 of tutorial (#36918)
  • d5c775a feat(gatsby): handle graphql-import-node bundling (#36951)
  • 59e2976 feat(gatsby-remark-embed-snippet): added csproj to language map so it will be recognized as xml (#36919)
  • c8a7dda chore(docs): Valhalla Content Hub Reference Guide (#36949)
  • 3044280 fix(gatsby): stitch slices if just page html was regenerating without any of used slices regenerating (#36950)
  • 10abdcb chore(release): Publish next

See the full diff

Package name: gatsby-transformer-sharp The new version differs by 250 commits.
  • f6734b9 chore(release): Publish
  • 9a616c0 fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY (#34853) (#34896)
  • f5705b9 fix(create-gatsby): Add required deps for theme-ui option (#34885) (#34897)
  • 9a579f1 fix(gatsby-core-utils): fix 304 when file does not exists (#34842) (#34888)
  • 148d016 fix(gatsby): Remove double enhanced-resolve dep (#34854) (#34889)
  • 19b0304 feat(gatsby-core-utils): improve fetch-remote-file (#34758)
  • ac1d777 fix(gatsby-source-contentful): avoid confusion of Gatsby node and Contentful node count in logs (#34830)
  • ee8c874 refactor(gatsby-source-contentful): remove unnecessary check for existing node (#34829)
  • 056b48e test(gatsby): Add a memory test suite command to the memory benchmark (#34810)
  • 45cb1f1 chore(release): Publish next
  • 4c832bf documentation: Add Third Party Schema (#34820)
  • 9f23dec chore(gatsby): cache shouldn't reference nodes strongly (#34821)
  • f2d4830 feat(gatsby-core-utils): create proper mutex (#34761)
  • 21ef185 chore(changelogs): update changelogs (#34826)
  • a2f99af fix(deps): update starters and examples gatsby packages to ^4.7.2 (#34822)
  • 76c89d8 chore(release): Publish next
  • 54d29c4 chore(gatsby): upgrade from lmdb-store to lmdb (#34576)
  • 3df8583 fix(core): Make filter/sort query only hold onto node properties it needs (#34747)
  • 3c3362b refactor(core): Make load plugins modular, prepare for TS (#34813)
  • 3d74584 feat(gatsby): allow referencing derived types in schema customization (#34787)
  • bfd04d3 fix(gatsby): Content Sync DSG bug (#34799)
  • 326a483 fix(deps): update dependency sharp to ^0.30.1 (#34755)
  • 7b958f9 docs: update typo Forestry (#34805)
  • ba8e21c feat(gatsby): Match node manifest pages by page context slug (#34790)

See the full diff

Package name: gatsby-transformer-yaml The new version differs by 250 commits.
  • ed73e4d chore(release): Publish
  • 3b1b6a5 fix(gatsby): Use windows import helper for validate (#37520) (#37522)
  • 000e23e feat(gatsby): add initial webhook body env var to bootstrap context (#37478)
  • 0017375 fix(gatsby): pass serverData to Head (#37500)
  • e7e5cb4 fix(gatsby-react-router-scroll): fix issues with anchor links (#37498)
  • fe65c29 feat(gatsby): Allow `<html>` and `<body>` attributes to be updated from `Head` (#37449)
  • e4f841f chore(docs): Improve v5 migration guide around MDX (#37485)
  • 48d4069 fix(gatsby-source-wordpress): fix preview issues (#37492)
  • c288dd5 fix(deps): update starters and examples gatsby packages to ^5.4.2 (#37488)
  • 88dc3b6 chore(docs): Update headless CMS
  • 16685a6 chore(gatsby-source-filesystem): Improve README (#37480)
  • 8a718e3 chore(changelogs): update changelogs (#37482)
  • f8f084a chore(release): Publish next
  • df58891 feat(gatsby-source-filesystem): Only generate hashes when a file has changed, and add an option for skipping hashing (#37464)
  • 949132b fix(gatsby): nodeModel.findAll supports v5 sort argument structure (#37477)
  • 87487ba chore(docs): Adds Kinsta Application hosting to other services (#37476)
  • df27ff4 feat(gatsby-core-utils): Add hashing methods from `hash-wasm` (#37433)
  • 2b24aec fix(deps): update starters and examples gatsby packages to ^5.4.1 (#37469)
  • 6e215d4 chore(changelogs): update changelogs (#37473)
  • 8763e01 docs: fix v5 release notes slice example (#37465)
  • 4a721df fix(gatsby): Check rawPath in loadPage (#37451)
  • 3ef4f44 fix(gatsby): Use correct settings for yaml-loader (#37454)
  • 76f979c fix(gatsby-source-contentful): maintain back reference map between runs (#37442)
  • c57c060 fix(gatsby): pluginOptionsSchema in local TS plugin (#37443)

See the full diff

With a Snyk patch:
Severity Priority Score (*) Issue Exploit Maturity
high severity 731/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.2
Prototype Pollution
SNYK-JS-LODASH-567746
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[//]: # (snyk:metadata:{"prId":"e2e6c859-b957-4f75-aacf-29b016edc148","prPublicId":"e2e6c859-b957-4f75-aacf-29b016edc148","dependencies":[{"name":"@mdx-js/mdx","from":"1.6.18","to":"2.0.0"},{"name":"gatsby","from":"2.24.65","to":"5.0.0"},{"name":"gatsby-plugin-google-analytics","from":"2.3.14","to":"5.1.0"},{"name":"gatsby-plugin-manifest","from":"2.4.27","to":"4.8.0"},{"name":"gatsby-plugin-mdx","from":"1.2.43","to":"4.0.0"},{"name":"gatsby-plugin-sharp","from":"2.6.40","to":"4.8.0"},{"name":"gatsby-remark-images","from":"3.6.0","to":"5.0.0"},{"name":"gatsby-remark-mermaid","from":"2.1.0","to":"3.0.0"},{"name":"gatsby-transformer-remark","from":"2.8.28","to":"6.0.0"},{"name":"gatsby-transformer-sharp","from":"2.5.15","to":"4.8.0"},{"name":"gatsby-transformer-yaml","from":"2.4.11","to":"5.5.0"},{"name":"polished","from":"4.0.3","to":"4.1.3"}],"packageManager":"npm","projectPublicId":"8acf9e7a-37a9-4fbe-abe7-f1d30381329c","projectUrl":"https://app.snyk.io/org/mansong1/project/8acf9e7a-37a9-4fbe-abe7-f1d30381329c?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":["SNYK-JS-LODASH-567746"],"vulns":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-AXIOS-1038255","SNYK-JS-AXIOS-1579269","SNYK-JS-ENGINEIO-1056749","SNYK-JS-FOLLOWREDIRECTS-2332181","SNYK-JS-FOLLOWREDIRECTS-2396346","SNYK-JS-GATSBY-5671647","SNYK-JS-GATSBYCLI-5671903","SNYK-JS-GATSBYPLUGINMDX-2405699","SNYK-JS-HTTPCACHESEMANTICS-3248783","SNYK-JS-LODASH-567746","SNYK-JS-MERMAID-2936793","SNYK-JS-MINIMATCH-3050818","SNYK-JS-NTHCHECK-1586032","SNYK-JS-PARSEURL-3023021","SNYK-JS-PARSEURL-3024398","SNYK-JS-POLISHED-1298071","SNYK-JS-POSTCSS-1255640","SNYK-JS-REACTDEVUTILS-1083268","SNYK-JS-SANITIZEHTML-1070780","SNYK-JS-SANITIZEHTML-1070786","SNYK-JS-SANITIZEHTML-2957526","SNYK-JS-SANITIZEHTML-585892","SNYK-JS-SEMVER-3247795","SNYK-JS-SHARP-2848109","SNYK-JS-SHELLQUOTE-1766506","SNYK-JS-TRIM-1017038","SNYK-JS-WS-1296835","SNYK-JS-XMLHTTPREQUESTSSL-1082936","SNYK-JS-XMLHTTPREQUESTSSL-1255647"],"upgrade":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-AXIOS-1038255","SNYK-JS-AXIOS-1579269","SNYK-JS-ENGINEIO-1056749","SNYK-JS-FOLLOWREDIRECTS-2332181","SNYK-JS-FOLLOWREDIRECTS-2396346","SNYK-JS-GATSBY-5671647","SNYK-JS-GATSBYCLI-5671903","SNYK-JS-GATSBYPLUGINMDX-2405699","SNYK-JS-HTTPCACHESEMANTICS-3248783","SNYK-JS-MERMAID-2936793","SNYK-JS-MINIMATCH-3050818","SNYK-JS-NTHCHECK-1586032","SNYK-JS-PARSEURL-3023021","SNYK-JS-PARSEURL-3024398","SNYK-JS-POLISHED-1298071","SNYK-JS-POSTCSS-1255640","SNYK-JS-REACTDEVUTILS-1083268","SNYK-JS-SANITIZEHTML-1070780","SNYK-JS-SANITIZEHTML-1070786","SNYK-JS-SANITIZEHTML-2957526","SNYK-JS-SANITIZEHTML-585892","SNYK-JS-SEMVER-3247795","SNYK-JS-SHARP-2848109","SNYK-JS-SHELLQUOTE-1766506","SNYK-JS-TRIM-1017038","SNYK-JS-WS-1296835","SNYK-JS-XMLHTTPREQUESTSSL-1082936","SNYK-JS-XMLHTTPREQUESTSSL-1255647"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[696,616,696,696,586,344,608,608,726,586,731,586,479,696,646,571,399,586,601,646,539,479,684,658,539,619,696,586,726,686],"remediatio...

… vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-AXIOS-1038255
- https://snyk.io/vuln/SNYK-JS-AXIOS-1579269
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-1056749
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2332181
- https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-2396346
- https://snyk.io/vuln/SNYK-JS-GATSBY-5671647
- https://snyk.io/vuln/SNYK-JS-GATSBYCLI-5671903
- https://snyk.io/vuln/SNYK-JS-GATSBYPLUGINMDX-2405699
- https://snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783
- https://snyk.io/vuln/SNYK-JS-MERMAID-2936793
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032
- https://snyk.io/vuln/SNYK-JS-PARSEURL-3023021
- https://snyk.io/vuln/SNYK-JS-PARSEURL-3024398
- https://snyk.io/vuln/SNYK-JS-POLISHED-1298071
- https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640
- https://snyk.io/vuln/SNYK-JS-REACTDEVUTILS-1083268
- https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070780
- https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-1070786
- https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-2957526
- https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-585892
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-SHARP-2848109
- https://snyk.io/vuln/SNYK-JS-SHELLQUOTE-1766506
- https://snyk.io/vuln/SNYK-JS-TRIM-1017038
- https://snyk.io/vuln/SNYK-JS-WS-1296835
- https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936
- https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1255647


The following vulnerabilities are fixed with a Snyk patch:
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

avoid halting, instead check compilation errors
2 participants