[Snyk] Fix for 15 vulnerabilities

[saurabharch]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • examples/gatsbygram/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	556/1000 Why? Recently disclosed, Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Command Injection SNYK-JS-REACTDEVUTILS-1083268	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Remote Code Execution (RCE) SNYK-JS-SHARP-2848109	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

• 2c324f6 chore(release): Publish
• 55c7183 feat(contentful): add support for tables in Rich Text (feat(contentful): add support for tables in Rich Text gatsbyjs/gatsby#33870)
• 053180a fix(gatsby): Better TS compilation error (fix(gatsby): Better TS compilation error gatsbyjs/gatsby#35594)
• 0cf0bd9 chore(release): Publish next
• 9a91295 fix(gatsby-plugin-image): fix image flickers (fix(gatsby-plugin-image): fix image flickers gatsbyjs/gatsby#35226)
• f358dc3 chore(release): Publish next
• 966aca8 feat(gatsby): Improvements to GraphQL TypeScript Generation (feat(gatsby): Improvements to GraphQL TypeScript Generation gatsbyjs/gatsby#35581)
• 8bad9b3 perf(gatsby): Minify page-data (perf(gatsby): Minify page-data gatsbyjs/gatsby#35578)
• 39e9840 chore(gatsby): Expose `serverDataStatus` field in SSR type declaration file (chore(gatsby): Expose serverDataStatus field in SSR type declaration file gatsbyjs/gatsby#35505)
• ebd63b2 feat(gatsby-source-wordpress): use image cdn for non-resizable images in html (svgs/gifs mainly) (feat(gatsby-source-wordpress): use image cdn for non-resizable images in html (svgs/gifs mainly) gatsbyjs/gatsby#35529)
• 5e51519 fix(gatsby-source-wordpress): update test deps and fix int tests (fix(gatsby-source-wordpress): update test deps and fix int tests gatsbyjs/gatsby#35582)
• 128c7bb feat(gatsby-source-wordpress): always include draft slugs (feat(gatsby-source-wordpress): always include draft slugs gatsbyjs/gatsby#35573)
• abc6dca feat(gatsby-plugin-image): add check for node.gatsbyImage in the getImage helper (feat(gatsby-plugin-image): add check for node.gatsbyImage in the getImage helper gatsbyjs/gatsby#35507)
• e51c3a3 chore(release): Publish next
• c9d98a4 feat(gatsby): Initial GraphQL Typegen Implementation (feat(gatsby): Initial GraphQL Typegen Implementation gatsbyjs/gatsby#35487)
• 17cbc7c fix(deps): update minor and patch dependencies for gatsby-source-graphql (fix(deps): update minor and patch dependencies for gatsby-source-graphql gatsbyjs/gatsby#35545)
• 10752ed fix(deps): update dependency fs-extra to ^10.1.0 (fix(deps): update dependency fs-extra to ^10.1.0 gatsbyjs/gatsby#34976)
• 0abdcd6 fix(deps): update dependency coffeescript to ^2.7.0 for gatsby-plugin-coffeescript (fix(deps): update dependency coffeescript to ^2.7.0 for gatsby-plugin-coffeescript gatsbyjs/gatsby#35550)
• 7cda002 fix(deps): update dependency eslint-plugin-import to ^2.26.0 (fix(deps): update dependency eslint-plugin-import to ^2.26.0 gatsbyjs/gatsby#35551)
• 3e74a9f fix(deps): update dependency eslint-plugin-react-hooks to ^4.5.0 (fix(deps): update dependency eslint-plugin-react-hooks to ^4.5.0 gatsbyjs/gatsby#35552)
• fb98116 fix(deps): update minor and patch dependencies for gatsby-source-drupal (fix(deps): update minor and patch dependencies for gatsby-source-drupal gatsbyjs/gatsby#35554)
• c09287a chore(deps): update starters and examples (chore(deps): update starters and examples gatsbyjs/gatsby#35565)
• bf854ca fix(deps): update dependency prop-types to ^15.8.1 for gatsby-link (fix(deps): update dependency prop-types to ^15.8.1 for gatsby-link gatsbyjs/gatsby#35291)
• 71eb414 chore(deps): update dependency typescript to ^4.6.4 (chore(deps): update dependency typescript to ^4.6.4 gatsbyjs/gatsby#34984)

See the full diff

Package name: gatsby-plugin-manifest

The new version differs by 250 commits.

• e98cb62 chore(release): Publish
• 164f9a1 fix(gatsby-source-contentful): De-dupe type names (fix(gatsby-source-contentful): De-dupe type names gatsbyjs/gatsby#30834) (fix(gatsby-source-contentful): De-dupe type names (#30834) gatsbyjs/gatsby#30850)
• 0b99d00 fix(gatsby): webpack warnings are no longer in object format by default (fix(gatsby): webpack warnings are no longer in object format by default gatsbyjs/gatsby#30801) (fix(gatsby): webpack warnings are no longer in object format by default (#30801) gatsbyjs/gatsby#30853)
• f561724 fix(gatsby): lower memory pressure in SSR (fix(gatsby): lower memory pressure in SSR gatsbyjs/gatsby#30793) (fix(gatsby): lower memory pressure in SSR (#30793) gatsbyjs/gatsby#30851)
• 96805d5 fix(gatsby-source-wordpress): change `console.warning` to `console.warn` (fix(gatsby-source-wordpress): error when sourcing nodes, change console.warning to console.warn gatsbyjs/gatsby#30764) (fix(gatsby-source-wordpress): change console.warning to console.warn (#30764) gatsbyjs/gatsby#30852)
• e40c83d chore(release): Publish next
• a5b5cf8 feat: upgrade to remark 13 (feat: upgrade to remark 13 gatsbyjs/gatsby#29678)
• 172cf4d chore(docs): Add link to perf implications siteContext (chore(docs): Add link to perf implications siteContext gatsbyjs/gatsby#30778)
• 4336d04 fix(gatsby-plugin-gatsby-cloud): Add missing index.js (so the plugin can be resolved in workspaces) (fix(gatsby-plugin-gatsby-cloud): Add missing index.js (so the plugin can be resolved in workspaces) gatsbyjs/gatsby#30761)
• 2bdd5a5 fix(gatsby-source-wordpress): only log out duplicate node if we have all the data we want to log (fix(gatsby-source-wordpress): only log out duplicate nodes if we have all the data we want to log gatsbyjs/gatsby#30751)
• 1a9b830 fix(gatsby-plugin-image): Don't inherit all img styles (fix(gatsby-plugin-image): Allow draggable=false on images gatsbyjs/gatsby#30754)
• e0df4cc chore(docs): Change "whitelist" to "allow list" (chore(docs): Change "whitelist" to "allow list" gatsbyjs/gatsby#30756)
• 81ec270 chore: Add backport script (chore: Add backport script gatsbyjs/gatsby#30732)
• 63cc8fa fix(docs): Copy edits for debugging html doc + add React-specific example (fix(docs): Copy edits for debugging html doc + add React-specific example gatsbyjs/gatsby#30745)
• eed1d43 fix(docs): Add link to how to enable DEV_SSR for fixing inconsistent css styles between dev/prod (fix(docs): Add link to how to enable DEV_SSR for fixing inconsistent css styles between dev/prod gatsbyjs/gatsby#30746)
• ecd823f perf(gatsby): cache babel config items (perf(gatsby): cache babel config items gatsbyjs/gatsby#28738)
• a60e92f chore(release): Publish next
• dd9e95c docs(gatsby-plugin-image): Note on tracedSVG options name change (docs(gatsby-plugin-image): Note on tracedSVG options name change gatsbyjs/gatsby#30736)
• a5869e3 fix(gatsby-plugin-image): Use bare GATSBY___IMAGE global (fix(gatsby-plugin-image): Use bare GATSBY___IMAGE global gatsbyjs/gatsby#30713)
• 0f3fa4e fix(contentful): make gatsby-plugin-image a peer dependency (fix(contentful): make gatsby-plugin-image a peer dependency gatsbyjs/gatsby#30709)
• 6b2fd94 fix(gatsby-source-wordpress): pass missing property helpers to gql fetch util (fix(gatsby-source-wordpress): pass missing property "helpers" to gql fetch util gatsbyjs/gatsby#30727)
• c6fa488 chore(docs): Update wording of tutorial part 8 (chore(docs): Update wording of tutorial part 8 gatsbyjs/gatsby#30606)
• a777367 fix(gatsby-cli): Update docs links in error-map (fix(gatsby-cli): Update docs links in error-map gatsbyjs/gatsby#30493)
• c473abf chore(docs): include autoprefixer in tailwind install command (chore(docs): include autoprefixer in tailwind install command gatsbyjs/gatsby#30718)

See the full diff

Package name: gatsby-plugin-sharp

The new version differs by 250 commits.

• f6734b9 chore(release): Publish
• 9a616c0 fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY (fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY gatsbyjs/gatsby#34853) (fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY (#34853) gatsbyjs/gatsby#34896)
• f5705b9 fix(create-gatsby): Add required deps for theme-ui option (fix(create-gatsby): Add required deps for theme-ui option gatsbyjs/gatsby#34885) (fix(create-gatsby): Add required deps for theme-ui option (#34885) gatsbyjs/gatsby#34897)
• 9a579f1 fix(gatsby-core-utils): fix 304 when file does not exists (fix(gatsby-core-utils): fix 304 when file does not exists gatsbyjs/gatsby#34842) (fix(gatsby-core-utils): fix 304 when file does not exists (#34842) gatsbyjs/gatsby#34888)
• 148d016 fix(gatsby): Remove double enhanced-resolve dep (fix(gatsby): Remove double enhanced-resolve dep gatsbyjs/gatsby#34854) (fix(gatsby): Remove double enhanced-resolve dep (#34854) gatsbyjs/gatsby#34889)
• 19b0304 feat(gatsby-core-utils): improve fetch-remote-file (feat(gatsby-core-utils): improve fetch-remote-file gatsbyjs/gatsby#34758)
• ac1d777 fix(gatsby-source-contentful): avoid confusion of Gatsby node and Contentful node count in logs (fix(gatsby-source-contentful): avoid confusion of Gatsby node and Contentful node count in logs gatsbyjs/gatsby#34830)
• ee8c874 refactor(gatsby-source-contentful): remove unnecessary check for existing node (refactor(gatsby-source-contentful): remove unnecessary check for existing node gatsbyjs/gatsby#34829)
• 056b48e test(gatsby): Add a memory test suite command to the memory benchmark (test(gatsby): Add a memory test suite command to the memory benchmark gatsbyjs/gatsby#34810)
• 45cb1f1 chore(release): Publish next
• 4c832bf documentation: Add Third Party Schema (docs(gatsby): Add Third Party Schema gatsbyjs/gatsby#34820)
• 9f23dec chore(gatsby): cache shouldn't reference nodes strongly (chore(gatsby): cache shouldn't reference nodes strongly gatsbyjs/gatsby#34821)
• f2d4830 feat(gatsby-core-utils): create proper mutex (feat(gatsby-core-utils): create proper mutex gatsbyjs/gatsby#34761)
• 21ef185 chore(changelogs): update changelogs (chore(changelogs): update changelogs gatsbyjs/gatsby#34826)
• a2f99af fix(deps): update starters and examples gatsby packages to ^4.7.2 (fix(deps): update starters and examples gatsby packages to ^4.7.2 gatsbyjs/gatsby#34822)
• 76c89d8 chore(release): Publish next
• 54d29c4 chore(gatsby): upgrade from lmdb-store to lmdb (chore(gatsby): upgrade from lmdb-store to lmdb gatsbyjs/gatsby#34576)
• 3df8583 fix(core): Make filter/sort query only hold onto node properties it needs (fix(core): Make filter/sort query only hold onto node properties it needs gatsbyjs/gatsby#34747)
• 3c3362b refactor(core): Make load plugins modular, prepare for TS (refactor(core): Make load plugins modular, prepare for TS gatsbyjs/gatsby#34813)
• 3d74584 feat(gatsby): allow referencing derived types in schema customization (feat(gatsby): allow referencing derived types in schema customization gatsbyjs/gatsby#34787)
• bfd04d3 fix(gatsby): Content Sync DSG bug (fix(gatsby): Content Sync DSG bug gatsbyjs/gatsby#34799)
• 326a483 fix(deps): update dependency sharp to ^0.30.1 (fix(deps): update dependency sharp to ^0.30.1 gatsbyjs/gatsby#34755)
• 7b958f9 docs: update typo Forestry (docs: update typo Forestry gatsbyjs/gatsby#34805)
• ba8e21c feat(gatsby): Match node manifest pages by page context slug (feat(gatsby): Match node manifest pages by page context slug gatsbyjs/gatsby#34790)

See the full diff

Package name: gatsby-transformer-sharp

The new version differs by 250 commits.

• e98cb62 chore(release): Publish
• 164f9a1 fix(gatsby-source-contentful): De-dupe type names (fix(gatsby-source-contentful): De-dupe type names gatsbyjs/gatsby#30834) (fix(gatsby-source-contentful): De-dupe type names (#30834) gatsbyjs/gatsby#30850)
• 0b99d00 fix(gatsby): webpack warnings are no longer in object format by default (fix(gatsby): webpack warnings are no longer in object format by default gatsbyjs/gatsby#30801) (fix(gatsby): webpack warnings are no longer in object format by default (#30801) gatsbyjs/gatsby#30853)
• f561724 fix(gatsby): lower memory pressure in SSR (fix(gatsby): lower memory pressure in SSR gatsbyjs/gatsby#30793) (fix(gatsby): lower memory pressure in SSR (#30793) gatsbyjs/gatsby#30851)
• 96805d5 fix(gatsby-source-wordpress): change `console.warning` to `console.warn` (fix(gatsby-source-wordpress): error when sourcing nodes, change console.warning to console.warn gatsbyjs/gatsby#30764) (fix(gatsby-source-wordpress): change console.warning to console.warn (#30764) gatsbyjs/gatsby#30852)
• e40c83d chore(release): Publish next
• a5b5cf8 feat: upgrade to remark 13 (feat: upgrade to remark 13 gatsbyjs/gatsby#29678)
• 172cf4d chore(docs): Add link to perf implications siteContext (chore(docs): Add link to perf implications siteContext gatsbyjs/gatsby#30778)
• 4336d04 fix(gatsby-plugin-gatsby-cloud): Add missing index.js (so the plugin can be resolved in workspaces) (fix(gatsby-plugin-gatsby-cloud): Add missing index.js (so the plugin can be resolved in workspaces) gatsbyjs/gatsby#30761)
• 2bdd5a5 fix(gatsby-source-wordpress): only log out duplicate node if we have all the data we want to log (fix(gatsby-source-wordpress): only log out duplicate nodes if we have all the data we want to log gatsbyjs/gatsby#30751)
• 1a9b830 fix(gatsby-plugin-image): Don't inherit all img styles (fix(gatsby-plugin-image): Allow draggable=false on images gatsbyjs/gatsby#30754)
• e0df4cc chore(docs): Change "whitelist" to "allow list" (chore(docs): Change "whitelist" to "allow list" gatsbyjs/gatsby#30756)
• 81ec270 chore: Add backport script (chore: Add backport script gatsbyjs/gatsby#30732)
• 63cc8fa fix(docs): Copy edits for debugging html doc + add React-specific example (fix(docs): Copy edits for debugging html doc + add React-specific example gatsbyjs/gatsby#30745)
• eed1d43 fix(docs): Add link to how to enable DEV_SSR for fixing inconsistent css styles between dev/prod (fix(docs): Add link to how to enable DEV_SSR for fixing inconsistent css styles between dev/prod gatsbyjs/gatsby#30746)
• ecd823f perf(gatsby): cache babel config items (perf(gatsby): cache babel config items gatsbyjs/gatsby#28738)
• a60e92f chore(release): Publish next
• dd9e95c docs(gatsby-plugin-image): Note on tracedSVG options name change (docs(gatsby-plugin-image): Note on tracedSVG options name change gatsbyjs/gatsby#30736)
• a5869e3 fix(gatsby-plugin-image): Use bare GATSBY___IMAGE global (fix(gatsby-plugin-image): Use bare GATSBY___IMAGE global gatsbyjs/gatsby#30713)
• 0f3fa4e fix(contentful): make gatsby-plugin-image a peer dependency (fix(contentful): make gatsby-plugin-image a peer dependency gatsbyjs/gatsby#30709)
• 6b2fd94 fix(gatsby-source-wordpress): pass missing property helpers to gql fetch util (fix(gatsby-source-wordpress): pass missing property "helpers" to gql fetch util gatsbyjs/gatsby#30727)
• c6fa488 chore(docs): Update wording of tutorial part 8 (chore(docs): Update wording of tutorial part 8 gatsbyjs/gatsby#30606)
• a777367 fix(gatsby-cli): Update docs links in error-map (fix(gatsby-cli): Update docs links in error-map gatsbyjs/gatsby#30493)
• c473abf chore(docs): include autoprefixer in tailwind install command (chore(docs): include autoprefixer in tailwind install command gatsbyjs/gatsby#30718)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect
🦉 Open Redirect
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn