coder-newbie-advice
coder-newbie-advice copied to clipboard
Published
20 hours ago β’
cfereday
cfereday
[Snyk] Fix for 35 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
165/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00303, Social Trends: No, Days since published: 1252, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.68, Score Version: V5 |
Prototype Pollution SNYK-JS-AJV-584908 |
No | No Known Exploit |
|
159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00299, Social Trends: No, Days since published: 829, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
Yes | Proof of Concept |
 |
63/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00085, Social Trends: No, Days since published: 447, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.64, Score Version: V5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-3035488 |
Yes | Proof of Concept |
|
159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00109, Social Trends: No, Days since published: 387, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.64, Score Version: V5 |
Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970 |
Yes | Proof of Concept |
|
141/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01055, Social Trends: No, Days since published: 20, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.35, Score Version: V5 |
Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116 |
Yes | Proof of Concept |
|
150/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00714, Social Trends: No, Days since published: 1105, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.66, Score Version: V5 |
Prototype Pollution SNYK-JS-INI-1048974 |
Yes | Proof of Concept |
|
190/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): Low, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00214, Social Trends: No, Days since published: 360, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 7.84, Likelihood: 2.42, Score Version: V5 |
Prototype Pollution SNYK-JS-JSON5-3182856 |
Yes | Proof of Concept |
|
149/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00209, Social Trends: No, Days since published: 766, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.84, Likelihood: 1.9, Score Version: V5 |
Prototype Pollution SNYK-JS-JSONSCHEMA-1920922 |
No | No Known Exploit |
|
102/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1732, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.69, Score Version: V5 |
Denial of Service (DoS) SNYK-JS-JSYAML-173999 |
Yes | No Known Exploit |
|
166/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1718, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 1.69, Score Version: V5 |
Arbitrary Code Execution SNYK-JS-JSYAML-174129 |
Yes | No Known Exploit |
 |
57/1000 Why? Confidentiality impact: Low, Integrity impact: None, Availability impact: None, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 1431, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.42, Score Version: V5 |
Validation Bypass SNYK-JS-KINDOF-537849 |
Yes | Proof of Concept |
|
45/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00094, Social Trends: No, Days since published: 387, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.89, Score Version: V5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992 |
Yes | No Known Exploit |
|
114/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00248, Social Trends: No, Days since published: 411, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 1.9, Score Version: V5 |
Prototype Pollution SNYK-JS-LOADERUTILS-3043105 |
Yes | No Known Exploit |
|
45/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00164, Social Trends: No, Days since published: 408, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.89, Score Version: V5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943 |
Yes | No Known Exploit |
|
63/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00231, Social Trends: No, Days since published: 1038, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.65, Score Version: V5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905 |
No | Proof of Concept |
|
239/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): High, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00606, Social Trends: No, Days since published: 1038, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5 |
Command Injection SNYK-JS-LODASH-1040724 |
No | Proof of Concept |
|
151/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01552, Social Trends: No, Days since published: 1632, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.68, Score Version: V5 |
Prototype Pollution SNYK-JS-LODASH-450202 |
No | Proof of Concept |
|
188/1000 Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01036, Social Trends: No, Days since published: 1331, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 7.03, Likelihood: 2.67, Score Version: V5 |
Prototype Pollution SNYK-JS-LODASH-567746 |
No | Proof of Concept |
|
150/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 1216, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.67, Score Version: V5 |
Prototype Pollution SNYK-JS-LODASH-608086 |
No | Proof of Concept |
|
45/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00071, Social Trends: No, Days since published: 428, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.89, Score Version: V5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818 |
Yes | No Known Exploit |
|
58/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01248, Social Trends: No, Days since published: 639, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 2.45, Score Version: V5 |
Prototype Pollution SNYK-JS-MINIMIST-2429795 |
Yes | Proof of Concept |
|
137/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00105, Social Trends: No, Days since published: 1379, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.42, Score Version: V5 |
Prototype Pollution SNYK-JS-MINIMIST-559764 |
Yes | Proof of Concept |
|
150/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00522, Social Trends: No, Days since published: 1644, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.65, Score Version: V5 |
Prototype Pollution SNYK-JS-MIXINDEEP-450212 |
Yes | Proof of Concept |
|
159/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00437, Social Trends: No, Days since published: 381, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.65, Score Version: V5 |
Prototype Poisoning SNYK-JS-QS-3153490 |
No | Proof of Concept |
|
169/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00091, Social Trends: No, Days since published: 183, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795 |
Yes | Proof of Concept |
|
158/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.06698, Social Trends: No, Days since published: 829, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.81, Score Version: V5 |
Prototype Pollution SNYK-JS-SETVALUE-1540541 |
Yes | Proof of Concept |
|
150/1000 Why? Confidentiality impact: Low, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00447, Social Trends: No, Days since published: 1644, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.62, Likelihood: 2.65, Score Version: V5 |
Prototype Pollution SNYK-JS-SETVALUE-450213 |
Yes | Proof of Concept |
|
95/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.00889, Social Trends: No, Days since published: 868, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.6, Likelihood: 0.989, Score Version: V5 |
Arbitrary File Overwrite SNYK-JS-TAR-1536528 |
Yes | No Known Exploit |
|
97/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: None, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01656, Social Trends: No, Days since published: 868, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.6, Likelihood: 1.01, Score Version: V5 |
Arbitrary File Overwrite SNYK-JS-TAR-1536531 |
Yes | No Known Exploit |
|
40/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: Low, Scope: Unchanged, Exploit Maturity: Unproven, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 867, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Low, Package Popularity Score: 99, Impact: 2.35, Likelihood: 1.69, Score Version: V5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758 |
Yes | No Known Exploit |
|
97/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: Low, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.0011, Social Trends: No, Days since published: 840, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.95, Likelihood: 0.969, Score Version: V5 |
Arbitrary File Write SNYK-JS-TAR-1579147 |
Yes | No Known Exploit |
|
97/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: Low, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.0011, Social Trends: No, Days since published: 840, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.95, Likelihood: 0.969, Score Version: V5 |
Arbitrary File Write SNYK-JS-TAR-1579152 |
Yes | No Known Exploit |
|
97/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: Low, Scope: Changed, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.00059, Social Trends: No, Days since published: 840, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.95, Likelihood: 0.968, Score Version: V5 |
Arbitrary File Write SNYK-JS-TAR-1579155 |
Yes | No Known Exploit |
|
238/1000 Why? Confidentiality impact: High, Integrity impact: High, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: High, Attack Vector: Network, EPSS: 0.00339, Social Trends: No, Days since published: 1718, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 9.79, Likelihood: 2.43, Score Version: V5 |
Arbitrary File Overwrite SNYK-JS-TAR-174125 |
Yes | Proof of Concept |
|
41/1000 Why? Confidentiality impact: None, Integrity impact: Low, Availability impact: Low, Scope: Unchanged, Exploit Maturity: No data, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.00042, Social Trends: No, Days since published: 1968, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 4.19, Likelihood: 0.967, Score Version: V5 |
Time of Check Time of Use (TOCTOU) npm:chownr:20180731 |
Yes | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: gatsby
The new version differs by 250 commits.- 0a455df chore(release): Publish
- 91dc167 fix(gatsby): don't log FAST_DEV message for each worker (#32961) (#32967)
- f936c93 fix(gatsby): set staticQueryResultHash to new hash on data change (#32949) (#32966)
- ea161ce feat(gatsby-graphiql-explorer): upgrade to webpack 5 (#30642)
- 944e381 chore(release): Publish next
- d6326df fix(gatsby-core-utils): Switch `auth` option from got to username/password (#32665)
- cf9c066 fix(gatsby): add this typings to actions (#32210)
- 53aa88e chore: enable test parallelism (#32766)
- b7deabc fix(deps): update starters and examples - gatsby (#32843)
- 6025c84 chore(deps): update dependency katex to ^0.13.13 for gatsby-remark-katex (#32567)
- d87c5cb chore: enable lmdb by default and update node for next major (#32695)
- 818d6c1 feat(gatsby-plugin-gatsby-cloud): Add `disablePreviewUI` option (#32907)
- f556a00 chore: update changelogs (#32924)
- aba5eba feat(gatsby): enable webpack caching in development for everyone (#32922)
- ac7bd4e feat(gatsby-source-wordpress): allow path to js file for beforeChangeNode option (#32901)
- 1a87a8a docs(gatsby-source-wordpress): document content sync (#32768)
- 417df15 chore: re-generate changelogs (#32886)
- 1810874 fix(gatsby-source-wordpress): draft previews (#32915)
- 7c72ab8 chore(gatsby): remove unused packages (#32903)
- afb06d7 chore(docs): Add hint for MDX plugin in remark-plugin-tutorial (#32876)
- 1303ecb chore(docs): Update wording for "using-web-fonts" (#32902)
- 9589911 chore(docs): Fix code highlighting in part 6 (#32900)
- 568d4ce feat(gatsby-source-drupal): Use the collection count from JSON:API extras to enable parallel API requests for cold builds (#32883)
- 41f5337 fix(deps): update typescript to ^4.29.3 (#32614)
Package name: gatsby-plugin-sharp
The new version differs by 250 commits.- c1e67a2 chore(release): Publish
- 0c45654 chore: remove tracedSVG (#37093) (#37137)
- d7edf95 chore(release): Publish
- 2d00ea0 fix(gatsby-plugin-mdx): Do not leak frontmatter into page (#35859) (#35913)
- 4997d63 chore(release): Publish
- ff94ed5 fix(gatsby-plugin-mdx): don't allow JS frontmatter by default (#35830) (#35834)
- 36f21b0 chore: Removate validate-renovate from v3-latest branch (#34460)
- 1acb1bc chore(release): Publish
- 1589bd8 fix(gatsby): ensure that writing node manifests to disk does not break on Windows (#33853) (#34020)
- 9694010 fix(gatsby-source-drupal): Ensure all new nodes are created before creating relationships (#33864) (#34019)
- 76deb39 fix(gatsby-source-drupal): searcParams missing from urls (#33861) (#34018)
- f74cc8f feat(gatsby-source-drupal): Add node manifest support for previews (#33683) (#34017)
- 476a591 chore(release): Publish
- 35b48f8 fix(gatsby-plugin-image): GatsbyImage not displaying image in IE11 (#33416) (#33806)
- 880022e fix(gatsby-plugin-image): flickering when state changes (#33732) (#33807)
- c0d07e7 feat(gatsby-source-wordpress): Update supported-remote-plugin-versions.ts (#33801) (#33804)
- 3d9a702 chore(release): Publish
- 84053a2 fix(gatsby-plugin-sharp): pass input buffer instead of readStream when processing image jobs (#33685) (#33703)
- 4722a0d fix(gatsby-source-drupal): Add timeout in case of stalled API requests (#33668) (#33705)
- 857a628 fix(gatsby): single page node manifest accuracy (#33642) (#33698)
- 6bfd0f1 Properly set the pathPrefix and assetPrefix in the pluginData (#33667) (#33702)
- 26c51c0 fix(gatsby-source-drupal): cache backlink records (#33444) (#33701)
- b80c53a fix(gatsby-source-drupal): Correctly update nodes with changed back references so queries are re-run (#33328) (#33699)
- e29a194 chore: use gatsby-dev-cli@latest-v3 in tests
Package name: gatsby-source-filesystem
The new version differs by 250 commits.- 7884025 chore(release): Publish
- 816d475 fix: update dependency chokidar to v3 (#16975)
- 90ac3a5 chore(release): Publish
- 92df1cf fix(gatsby-plugin-feed): respect custom options and require title in config (#16814)
- efb0198 chore: update babel monorepo (#16977)
- d16474d fix(gatsby): update check for default exports (#16979)
- 043bebe fix: update gatsby monorepo (#16978)
- 42c1c5e chore: Set lerna concurrency on ci (#16973)
- a25bc27 docs: Add reddit link to Awesome Gatsby docs (#16982)
- 41d3e1c chore(gatsby-image): Clarify IntersectionObserver support in README.md (#16962)
- 7912336 chore(release): Publish
- f355bf8 Revert "chore: update babel monorepo" (#16976)
- 29d5e3c chore: update babel monorepo (#16929)
- 182407f chore: update react monorepo to ^16.9.0 (#16943)
- f7382ae feat(www): add code snippet with install command to starters (#16972)
- 3299192 chore: update dependency aws-sdk to ^2.516.0 (#16967)
- 7d2bf0d chore: update dependency flow-bin to ^0.106.0 (#16966)
- 5757af9 fix: update dependency theme-ui to ^0.2.36 (#16964)
- ebe6131 chore: update gatsby monorepo (#16950)
- 8b08b8c chore: Added my city to my creator description (#16955)
- d6bd515 fix: update minor updates in packages except react, babel and⦠(#16960)
- e9c8e8a chore(release): Publish
- 27d3efc chore(gatsby): Remove fallback for v8 serialize (#16958)
- 58ed3ca fix(gatsby): Remove deprecation warning from express-graphql (#16956)
Package name: gatsby-transformer-sharp
The new version differs by 250 commits.- fbc5893 chore(release): Publish
- e693b62 chore: update yarn.lock (#29078)
- e998870 fix(gatsby): Always render the body component to ensure needed head & pre/post body components are added (#29077)
- a1921b5 feat(gatsby): bump opt-in % to dev-ssr to 20% (#29075)
- 2439b44 feat(gatsby-codemods): Handle or warn on nested options changes (#29046)
- c0e6c92 fix(gatsby-plugin-typescript): add missing options validations (#29066)
- 3163ca6 fix(gatsby-plugin-mdx): Add `root` to plugin validation (#29010)
- 6233382 fix(gatsby-plugin-image): Fix onload race condition (#29064)
- c76c175 benchmark(gabe-fs-markdown-images): add img benchmark (#29009)
- bd5b5f7 feat(gatsby): allow to skip cache persistence (#29047)
- 48db6ac fix(gatsby): fix broken GraphQL resolver tracing (#29015)
- 90b6e3d fix(gatsby): Use fast-refresh for React 17 (#28930)
- 9a55d12 feat(gatsby): Add eslint rules to warn against bad patterns in pageTemplates (for Fast Refresh) (#28689)
- b9978e1 fix(gatsby-plugin-image): Handle imgStyle in SSR (#29043)
- f23ba4b fix(gatsby-source-contentful): Improve base64 placeholders (#29034)
- 18b5f30 fix(security): update vulnerable packages, include React 17 in peerDeps (#28545)
- f8bbc06 docs: edit search documentation (#28737)
- 004acf0 fix(sharp) wrap sharp calls in try/catch to avoid crashing on bad images (#28645)
- bf6f264 Hydrate when the page was server rendered (#29016)
- e72533d chore(gatsby-plugin-image): Unflag remote images (#29032)
- 332543c chore(docs): adjust Contentful Rich Text example codes (#29029)
- 9bcc12c feat(gatsby-plugin-image): Change fullWidth to use breakpoints (#29002)
- 168ff60 Fix/contentful add header (#29028)
- a3ad6d7 fix(gatsbu-source-contentful): apply useNameForId when creating the graphql schema (#28649)
Package name: pngquant
The new version differs by 37 commits.- 8f83a1f 2.0.1
- 3c57520 Update pngquant-bin to ^5.0.2
- 43b9d76 Merge pull request #25 from papandreou/depfu/update/npm/mocha-6.0.0
- a34d47b Update mocha to version 6.0.0
- eeaa426 Merge pull request #24 from papandreou/depfu/update/npm/unexpected-11.0.0
- a77ab7c Wrap to satisfy function in expect.it
- 9eeffa6 Update unexpected to version 11.0.0
- 632f8f0 Move coveralls to the after_success step on Travis
- d6a3b93 Use Buffer.from instead of new Buffer, avoiding deprecation warning
- fd024d9 Replace istanbul with nyc
- 102d45c npm run {travis => ci}
- 6cf816e Merge pull request #23 from papandreou/depfu/update/npm/sinon-7.0.0
- 6282358 Update sinon to version 7.0.0
- 029458d Update memoizeasync to version 1.1.0
- 4e4126e Merge pull request #18 from papandreou/depfu/update/npm/which-1.3.1
- 4b10f1f Merge pull request #21 from papandreou/depfu/update/npm/sinon-6.3.5
- c16540e Don't lint as part of npm test
- 04671c7 eslint --fix .
- 71155e4 Remove empty lines
- 2a0d193 for transform in arrow arrow-return let obj-shorthand obj-method ; do for dir in lib test; do lebab --transform $transform --replace $dir; done ; done
- 95f6764 eslint --fix .
- fad875f Replace jshint with eslint + prettier
- 2e000aa Add .npmrc
- 6fb6505 Travis: Build with node.js 6, 8, 10, drop 4 and 7
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
π§ View latest project report
π Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
π¦ Prototype Pollution π¦ Regular Expression Denial of Service (ReDoS) π¦ Arbitrary Code Execution π¦ More lessons are available in Snyk Learn
