[Snyk] Security upgrade gatsby from 2.23.20 to 2.31.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/docs/package.json
  • deps/npm/docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

• fbc5893 chore(release): Publish
• e693b62 chore: update yarn.lock (http: remove redundant condition nodejs/node#29078)
• e998870 fix(gatsby): Always render the body component to ensure needed head & pre/post body components are added (stream: improve read() performance further nodejs/node#29077)
• a1921b5 feat(gatsby): bump opt-in % to dev-ssr to 20% (Assorted typo fixes. nodejs/node#29075)
• 2439b44 feat(gatsby-codemods): Handle or warn on nested options changes ([x] stream: properties cleanup nodejs/node#29046)
• c0e6c92 fix(gatsby-plugin-typescript): add missing options validations (buffer: improve copy() performance nodejs/node#29066)
• 3163ca6 fix(gatsby-plugin-mdx): Add `root` to plugin validation (stream: writableError & readableError nodejs/node#29010)
• 6233382 fix(gatsby-plugin-image): Fix onload race condition ([x] stream: error multiple iterators nodejs/node#29064)
• c76c175 benchmark(gabe-fs-markdown-images): add img benchmark (stream: readable error emitted nodejs/node#29009)
• bd5b5f7 feat(gatsby): allow to skip cache persistence (UDP/Datagram: Can't send messages while bind is done to 127.0.0.1 must bind to 0.0.0.0 nodejs/node#29047)
• 48db6ac fix(gatsby): fix broken GraphQL resolver tracing (http: replace superfluous property with getter/setter nodejs/node#29015)
• 90b6e3d fix(gatsby): Use fast-refresh for React 17 (HTTP2 compatibility layer tries to write the header multiple times. nodejs/node#28930)
• 9a55d12 feat(gatsby): Add eslint rules to warn against bad patterns in pageTemplates (for Fast Refresh) ([Website Generator] Links must be .html for nodejs.org/api but they're actually .md on github nodejs/node#28689)
• b9978e1 fix(gatsby-plugin-image): Handle imgStyle in SSR (fs: unecessary argument validation nodejs/node#29043)
• f23ba4b fix(gatsby-source-contentful): Improve base64 placeholders (stream: suggestion stream._writeMany nodejs/node#29034)
• 18b5f30 fix(security): update vulnerable packages, include React 17 in peerDeps (Fully decorated fs.promises for complete fs replacement? nodejs/node#28545)
• f8bbc06 docs: edit search documentation (src: add public virtual destructor for KVStore nodejs/node#28737)
• 004acf0 fix(sharp) wrap sharp calls in try/catch to avoid crashing on bad images (http2: report memory allocated by nghttp2 to V8 nodejs/node#28645)
• bf6f264 Hydrate when the page was server rendered (#29016)
• e72533d chore(gatsby-plugin-image): Unflag remote images (V12.x staging nodejs/node#29032)
• 332543c chore(docs): adjust Contentful Rich Text example codes (assert.deepEqual: fix bug with faked boxed primitives nodejs/node#29029)
• 9bcc12c feat(gatsby-plugin-image): Change fullWidth to use breakpoints (http: ClientRequest streamlike nodejs/node#29002)
• 168ff60 Fix/contentful add header (stream: don't flush destroyed writable nodejs/node#29028)
• a3ad6d7 fix(gatsbu-source-contentful): apply useNameForId when creating the graphql schema (deps: update acorn to 6.2.0 nodejs/node#28649)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[mistaken-pull-closer]

Thanks for your submission.

It appears that you've created a pull request using one of our repository's branches. Since this is
almost always a mistake, we're going to go ahead and close this. If it was intentional, please
let us know what you were intending and we can see about reopening it.

Thanks again!

[pull-dog]

*Ruff* 🐶 I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file 😩 Make sure the given paths are correct.

Files checked:

• docker-compose.yml

What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a docker-compose.yml file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available.

Visit our website to learn more.

Commands

• @pull-dog up to reprovision or provision the server.
• @pull-dog down to delete the provisioned server.

Troubleshooting

Need help? Don't hesitate to file an issue in our repository

Configuration

{
  "isLazy": false,
  "dockerComposeYmlFilePaths": [
    "docker-compose.yml"
  ],
  "expiry": "00:00:00",
  "conversationMode": "singleComment"
}

Trace ID
41548920-0f8c-11ec-85b6-1204ae0a5faa

[guardrails]

⚠️ We detected 2 security issues in this pull request:

Mode: paranoid | Total findings: 2 | Considered vulnerability: 2

Vulnerable Libraries (2)

Severity	Details
Medium	@graphql-tools/url-loader@6.10.1 (t) upgrade to: >6.10.1
High	gatsby@2.31.0 upgrade to: >=1.10.0-alpha.1460dad9

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.