coder-newbie-advice icon indicating copy to clipboard operation
coder-newbie-advice copied to clipboard

Published 20 hours ago verified publisher icon cfereday

[Snyk] Security upgrade gatsby-plugin-sharp from 2.0.17 to 2.6.31

Open snyk-bot opened this issue 2 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-ASYNC-2441827		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gatsby-plugin-sharp The new version differs by 250 commits.
  • 83cd408 chore(release): Publish
  • d6f0318 chore: use packlist for cleanup-package-dir (#26657)
  • aa300f4 chore(docs):fixed file names and links in query-execution (#26680)
  • 11ab72a chore(docs): fixed some links in query-execution (#26555)
  • fed2619 fix(docs): query filters -> update dictionary, code fences, fix code, brand name (#26408)
  • 7de5f18 add code fences (#26409)
  • 823e473 fix(docs): schema -> fix 404, remove deleted page from sidebar, apply redirects (#26461)
  • 21b94df Docs - Remove not inclusive words (#26294)
  • 652af04 fix(docs): schema -> code fences, code fix (#26462)
  • 6b96972 chore(docs): Update GraphQL spelling in README.md (#26693)
  • c2aeded fix(gatsby): properly unlock processes onExit (#26670)
  • 93fdc09 fix(gatsby): only enable debugger when argument is given (#26669)
  • 7e83ace chore(docs): fix typos (#26682)
  • c40434a chore(docs): Fix a typo (#26665)
  • 18f6b4d chore(docs): Fix typos (#26663)
  • dedd37f chore(gatsby-plugin-sharp, gatsby-transformer-sharp): update dependencies (#26259)
  • 7975b91 chore(gatsby-recipes): Add a contributing.md to recipes (#26583)
  • ac72bfb chore(release): Publish
  • 703678e Admin/recipes gui (#26243)
  • 04c75bb fix(gatsby): fix error from ts conversion (#26681)
  • 25e3a63 fix(gatsby): fix materialization edge case with nullish values (#26677)
  • 19020c2 chore(benchmarks): set semver to match any patch/minor for most deps (#26679)
  • 608f40c chore: cherrypick Renovate updates (#26582)
  • 6ba68f8 feat(gatsby): Support React 17's new JSX Transform (#26652)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

snyk-bot avatar Apr 07 '22 23:04 snyk-bot