coder-newbie-advice icon indicating copy to clipboard operation
coder-newbie-advice copied to clipboard

Published 20 hours ago verified publisher icon cfereday

[Snyk] Security upgrade gatsby from 2.0.76 to 2.1.1

Open snyk-bot opened this issue 3 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 611/1000
Why? Recently disclosed, Has a fix available, CVSS 6.5		 Information Exposure
SNYK-JS-NODEFETCH-2342118		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gatsby The new version differs by 250 commits.
  • ba46e99 chore(release): Publish
  • 8494a1b Move to @ gatsbyjs scoped version of yarn (#11759)
  • 67c0131 fix(blog): 2019-01-01 json code blocks (#11750)
  • d1ae7ab fix(starters): update dependency gatsby to ^2.1.0 (#11745)
  • 03fae48 fix(starters): update dependency prop-types to ^15.7.2 (#11748)
  • 5e7899c feat(showcase): add Incremental.com.au (#11729)
  • 8f7f8cd feat(starters): add starter magicsoup.io (#11670)
  • bb147bd docs(gatsby): Add documentation for useStaticQuery (#11741)
  • 9896fa0 chore(release): Publish
  • f149c4c feat(gatsby): add useStaticQuery hook (#11588)
  • a68769d chore(release): Publish
  • 0caea8b chore(docs): reword CSS in JS docs for clarity (#11439)
  • 67daa2d chore: Upgrade Prettier related packages to the latest (#11735)
  • 8a6db6a fix(core): added event source polyfill in develop to fix IE/edge hmr (#11582)
  • 3024839 chore: minify svg husky hook (#10560)
  • 22c41fb docs: add videos for Gatsby Link + rewrite for flow (#11700)
  • 0baa034 docs: add egghead lesson to quickstart (#11699)
  • 3198ca5 Update sites.yml (#11713)
  • 5dc5640 fix(starters): update dependency gatsby-transformer-remark to ^2.2.5 (#11718)
  • fadd172 fix(starters): clean up redundant/incorrect tags
  • 41b4f89 chore(release): Publish
  • 29dee3f fix(gatsby-transformer-remark): restore behavior of serializing date-like fields to string (#11716)
  • 128b156 chore: fix circle ci workflow (#11715)
  • bab4eae Docs/client search with js search (#11505)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Jan 19 '22 08:01 snyk-bot