coder-newbie-advice
coder-newbie-advice copied to clipboard
Published
20 hours ago •
cfereday
cfereday
[Snyk] Fix for 2 vulnerabilities
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
144/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.39, Score Version: V5 |
Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909 |
Yes | Proof of Concept |
 |
160/1000 Why? Confidentiality impact: High, Integrity impact: None, Availability impact: None, Scope: Changed, Exploit Maturity: Proof of Concept, User Interaction (UI): Required, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.01055, Social Trends: No, Days since published: 0, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 6.65, Likelihood: 2.39, Score Version: V5 |
Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: gatsby
The new version differs by 250 commits.- 0a455df chore(release): Publish
- 91dc167 fix(gatsby): don't log FAST_DEV message for each worker (#32961) (#32967)
- f936c93 fix(gatsby): set staticQueryResultHash to new hash on data change (#32949) (#32966)
- ea161ce feat(gatsby-graphiql-explorer): upgrade to webpack 5 (#30642)
- 944e381 chore(release): Publish next
- d6326df fix(gatsby-core-utils): Switch `auth` option from got to username/password (#32665)
- cf9c066 fix(gatsby): add this typings to actions (#32210)
- 53aa88e chore: enable test parallelism (#32766)
- b7deabc fix(deps): update starters and examples - gatsby (#32843)
- 6025c84 chore(deps): update dependency katex to ^0.13.13 for gatsby-remark-katex (#32567)
- d87c5cb chore: enable lmdb by default and update node for next major (#32695)
- 818d6c1 feat(gatsby-plugin-gatsby-cloud): Add `disablePreviewUI` option (#32907)
- f556a00 chore: update changelogs (#32924)
- aba5eba feat(gatsby): enable webpack caching in development for everyone (#32922)
- ac7bd4e feat(gatsby-source-wordpress): allow path to js file for beforeChangeNode option (#32901)
- 1a87a8a docs(gatsby-source-wordpress): document content sync (#32768)
- 417df15 chore: re-generate changelogs (#32886)
- 1810874 fix(gatsby-source-wordpress): draft previews (#32915)
- 7c72ab8 chore(gatsby): remove unused packages (#32903)
- afb06d7 chore(docs): Add hint for MDX plugin in remark-plugin-tutorial (#32876)
- 1303ecb chore(docs): Update wording for "using-web-fonts" (#32902)
- 9589911 chore(docs): Fix code highlighting in part 6 (#32900)
- 568d4ce feat(gatsby-source-drupal): Use the collection count from JSON:API extras to enable parallel API requests for cold builds (#32883)
- 41f5337 fix(deps): update typescript to ^4.29.3 (#32614)
Package name: gatsby-plugin-manifest
The new version differs by 250 commits.- cfc6413 Unused variable and wrong propTypes (#22426)
- 56023e8 chore(release): Publish
- 79e6bbe chore(gatsby): Update sharp and remove Promise shim for Node 8 (#22432)
- ec8e2f9 chore(release): Publish
- cf4f2db chore(docs): Fix Markdown formatting (#22423)
- 07b1434 chore(gatsby): upgrade `null-loader` (#22410)
- e1a7313 chore(gatsby-source-filesystem): update got dependency (#18857)
- 7f197c0 chore(release): Publish
- 83d681a feat(gatsby): bump node min version to 10.13.0 (#22400)
- 72c91f5 chore(release): Publish
- f345985 chore(docs): 🧹 remove trailing whitespace from Markdown. (#22369)
- e0933f8 fix missing link of frontmatter (#22366)
- 2205811 fix(plugin-netlify-cms): use 'netlify-identity.js' instead of 'netlify-identity-widget.js' (#22387)
- 9b7b6bb chore: adjust renovate config (#22355)
- 341cc5b Blog post feature flags (#22405)
- a55329b Fix the setup() function in the documentation (#22368)
- 5496e6b fix(gatsby): Incorrect PackageJson type (#22406)
- 3ce7083 Showcase erudicat update (#22407)
- 39282ca fix(docs): 404 link to workers.dev (#22365)
- 43ad085 chore(gatsby): Convert local-eslint-config-finder to typescript (#22403)
- 0700cd5 chore(gatsby): migrate test-require-error to typescript (#22265)
- 7d73604 chore(gatsby): migrate webpack-hmr-hooks-patch to TypeScript (#22280)
- 101e322 chore(starters): add gatsby-minimalistic-dmin (#22375)
- d9c6415 Fixed eslint url path (#22399)
Package name: gatsby-plugin-sharp
The new version differs by 250 commits.- cfc6413 Unused variable and wrong propTypes (#22426)
- 56023e8 chore(release): Publish
- 79e6bbe chore(gatsby): Update sharp and remove Promise shim for Node 8 (#22432)
- ec8e2f9 chore(release): Publish
- cf4f2db chore(docs): Fix Markdown formatting (#22423)
- 07b1434 chore(gatsby): upgrade `null-loader` (#22410)
- e1a7313 chore(gatsby-source-filesystem): update got dependency (#18857)
- 7f197c0 chore(release): Publish
- 83d681a feat(gatsby): bump node min version to 10.13.0 (#22400)
- 72c91f5 chore(release): Publish
- f345985 chore(docs): 🧹 remove trailing whitespace from Markdown. (#22369)
- e0933f8 fix missing link of frontmatter (#22366)
- 2205811 fix(plugin-netlify-cms): use 'netlify-identity.js' instead of 'netlify-identity-widget.js' (#22387)
- 9b7b6bb chore: adjust renovate config (#22355)
- 341cc5b Blog post feature flags (#22405)
- a55329b Fix the setup() function in the documentation (#22368)
- 5496e6b fix(gatsby): Incorrect PackageJson type (#22406)
- 3ce7083 Showcase erudicat update (#22407)
- 39282ca fix(docs): 404 link to workers.dev (#22365)
- 43ad085 chore(gatsby): Convert local-eslint-config-finder to typescript (#22403)
- 0700cd5 chore(gatsby): migrate test-require-error to typescript (#22265)
- 7d73604 chore(gatsby): migrate webpack-hmr-hooks-patch to TypeScript (#22280)
- 101e322 chore(starters): add gatsby-minimalistic-dmin (#22375)
- d9c6415 Fixed eslint url path (#22399)
Package name: gatsby-source-filesystem
The new version differs by 250 commits.- 7884025 chore(release): Publish
- 816d475 fix: update dependency chokidar to v3 (#16975)
- 90ac3a5 chore(release): Publish
- 92df1cf fix(gatsby-plugin-feed): respect custom options and require title in config (#16814)
- efb0198 chore: update babel monorepo (#16977)
- d16474d fix(gatsby): update check for default exports (#16979)
- 043bebe fix: update gatsby monorepo (#16978)
- 42c1c5e chore: Set lerna concurrency on ci (#16973)
- a25bc27 docs: Add reddit link to Awesome Gatsby docs (#16982)
- 41d3e1c chore(gatsby-image): Clarify IntersectionObserver support in README.md (#16962)
- 7912336 chore(release): Publish
- f355bf8 Revert "chore: update babel monorepo" (#16976)
- 29d5e3c chore: update babel monorepo (#16929)
- 182407f chore: update react monorepo to ^16.9.0 (#16943)
- f7382ae feat(www): add code snippet with install command to starters (#16972)
- 3299192 chore: update dependency aws-sdk to ^2.516.0 (#16967)
- 7d2bf0d chore: update dependency flow-bin to ^0.106.0 (#16966)
- 5757af9 fix: update dependency theme-ui to ^0.2.36 (#16964)
- ebe6131 chore: update gatsby monorepo (#16950)
- 8b08b8c chore: Added my city to my creator description (#16955)
- d6bd515 fix: update minor updates in packages except react, babel and… (#16960)
- e9c8e8a chore(release): Publish
- 27d3efc chore(gatsby): Remove fallback for v8 serialize (#16958)
- 58ed3ca fix(gatsby): Remove deprecation warning from express-graphql (#16956)
Package name: gatsby-transformer-sharp
The new version differs by 250 commits.- cfc6413 Unused variable and wrong propTypes (#22426)
- 56023e8 chore(release): Publish
- 79e6bbe chore(gatsby): Update sharp and remove Promise shim for Node 8 (#22432)
- ec8e2f9 chore(release): Publish
- cf4f2db chore(docs): Fix Markdown formatting (#22423)
- 07b1434 chore(gatsby): upgrade `null-loader` (#22410)
- e1a7313 chore(gatsby-source-filesystem): update got dependency (#18857)
- 7f197c0 chore(release): Publish
- 83d681a feat(gatsby): bump node min version to 10.13.0 (#22400)
- 72c91f5 chore(release): Publish
- f345985 chore(docs): 🧹 remove trailing whitespace from Markdown. (#22369)
- e0933f8 fix missing link of frontmatter (#22366)
- 2205811 fix(plugin-netlify-cms): use 'netlify-identity.js' instead of 'netlify-identity-widget.js' (#22387)
- 9b7b6bb chore: adjust renovate config (#22355)
- 341cc5b Blog post feature flags (#22405)
- a55329b Fix the setup() function in the documentation (#22368)
- 5496e6b fix(gatsby): Incorrect PackageJson type (#22406)
- 3ce7083 Showcase erudicat update (#22407)
- 39282ca fix(docs): 404 link to workers.dev (#22365)
- 43ad085 chore(gatsby): Convert local-eslint-config-finder to typescript (#22403)
- 0700cd5 chore(gatsby): migrate test-require-error to typescript (#22265)
- 7d73604 chore(gatsby): migrate webpack-hmr-hooks-patch to TypeScript (#22280)
- 101e322 chore(starters): add gatsby-minimalistic-dmin (#22375)
- d9c6415 Fixed eslint url path (#22399)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Uncontrolled Resource Consumption ('Resource Exhaustion') 🦉 Path Traversal
