Skip to content

[Snyk] Security upgrade gatsby from 4.13.1 to 4.15.0#45

Open
shdkej wants to merge 1 commit into
masterfrom
snyk-fix-ae986e12b2cf627adf1f7c291deb72f4
Open

[Snyk] Security upgrade gatsby from 4.13.1 to 4.15.0#45
shdkej wants to merge 1 commit into
masterfrom
snyk-fix-ae986e12b2cf627adf1f7c291deb72f4

Conversation

@shdkej

@shdkej shdkej commented Jan 4, 2024

Copy link
Copy Markdown
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 641/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.4
Prototype Pollution
SNYK-JS-JSON5-3182856
No Proof of Concept
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gatsby The new version differs by 125 commits.
  • 56fb124 chore(release): Publish
  • efef49c chore: skip package without releases?
  • 791071f chore: skip changelog rewrite if changelog doesn't exist
  • fb4de37 chore: don't use npm-run-all to build packages
  • 04f9509 chore: re-pin select packages after 'lerna version' (#35725) (#35726)
  • c9df5a0 fix(gatsby-script): Adjust warning control flow (#35721) (#35722)
  • 6b9749b feat(gatsby-script): Duplicate script callbacks if no injected script callbacks (#35717) (#35723)
  • 459fab4 feat: Add `gatsby-parcel-namer-relative-to-cwd` to monorepo & update Parcel to 2.5.0 (#35446)
  • f7f8ffe refactor(gatsby,gatsby-script): Misc review comments (#35710)
  • 191c557 feat(gatsby-script): Handle duplicate script callbacks (#35708)
  • eb59c93 chore(gatsby): Update `IPluginRefObject` type (#35711)
  • 2289a2c chore(gatsby-dev-cli): Update README
  • 972e6e1 chore: `yarn_pnp` tests uses `gatsby-dev-cli` instead of portals (#35699)
  • e3d57c0 feat(gatsby-plugin-gatsby-cloud): Remove preview UI (#35586)
  • 3fcfa0a docs(gatsby): Updated hosting links (#35700)
  • 97433ec feat(gatsby): Add `graphqlTypegen` config option (#35697)
  • a88703f feat(gatsby-script): Script component (#35403)
  • 09a6dd9 perf(gatsby): speedups for webpack compilation (develop) (#35641)
  • 5a24c6d chore: Deprecate `gatsby-plugin-graphql-config` (#35696)
  • e7fc88b fix(gatsby): Throw Typegen errors & add `IGatsbyImageData` to output (#35683)
  • d85fd9e chore: Update contentful e2e snapshots (#35695)
  • 3b477be feat(gatsby-cli): Apply production node env to gatsby serve (#35693)
  • 54832b4 fix(gatsby-source-wordpress): Add image cdn fields on updates (#35687)
  • 7156882 chore(docs): Update RFC template (#35682)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution
🦉 Regular Expression Denial of Service (ReDoS)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants