coder-newbie-advice icon indicating copy to clipboard operation
coder-newbie-advice copied to clipboard

Published 20 hours ago β€’ verified publisher icon cfereday

[Snyk] Security upgrade gatsby from 2.0.76 to 2.13.79

Open cfereday opened this issue 9 months ago β€’ 0 comments

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 169/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Network, EPSS: 0.00045, Social Trends: No, Days since published: 8, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: High, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.81, Score Version: V5		 Uncontrolled resource consumption
SNYK-JS-BRACES-6838727		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gatsby The new version differs by 250 commits.
  • 7884025 chore(release): Publish
  • 816d475 fix: update dependency chokidar to v3 (#16975)
  • 90ac3a5 chore(release): Publish
  • 92df1cf fix(gatsby-plugin-feed): respect custom options and require title in config (#16814)
  • efb0198 chore: update babel monorepo (#16977)
  • d16474d fix(gatsby): update check for default exports (#16979)
  • 043bebe fix: update gatsby monorepo (#16978)
  • 42c1c5e chore: Set lerna concurrency on ci (#16973)
  • a25bc27 docs: Add reddit link to Awesome Gatsby docs (#16982)
  • 41d3e1c chore(gatsby-image): Clarify IntersectionObserver support in README.md (#16962)
  • 7912336 chore(release): Publish
  • f355bf8 Revert "chore: update babel monorepo" (#16976)
  • 29d5e3c chore: update babel monorepo (#16929)
  • 182407f chore: update react monorepo to ^16.9.0 (#16943)
  • f7382ae feat(www): add code snippet with install command to starters (#16972)
  • 3299192 chore: update dependency aws-sdk to ^2.516.0 (#16967)
  • 7d2bf0d chore: update dependency flow-bin to ^0.106.0 (#16966)
  • 5757af9 fix: update dependency theme-ui to ^0.2.36 (#16964)
  • ebe6131 chore: update gatsby monorepo (#16950)
  • 8b08b8c chore: Added my city to my creator description (#16955)
  • d6bd515 fix: update minor updates in packages except react, babel and… (#16960)
  • e9c8e8a chore(release): Publish
  • 27d3efc chore(gatsby): Remove fallback for v8 serialize (#16958)
  • 58ed3ca fix(gatsby): Remove deprecation warning from express-graphql (#16956)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

πŸ›  Adjust project settings

πŸ“š Read more about Snyk's upgrade and patch logic

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Learn how to fix vulnerabilities with free interactive lessons:

πŸ¦‰ Uncontrolled resource consumption

cfereday avatar May 22 '24 13:05 cfereday