Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 2 vulnerabilities #36

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

asmexcaliburwoods
Copy link

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 718/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5
Uncontrolled Resource Consumption ('Resource Exhaustion')
SNYK-JS-TAR-6476909
No Proof of Concept
high severity 763/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.4
Path Traversal
SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555
Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gatsby The new version differs by 250 commits.
  • 0a455df chore(release): Publish
  • 91dc167 fix(gatsby): don't log FAST_DEV message for each worker (#32961) (#32967)
  • f936c93 fix(gatsby): set staticQueryResultHash to new hash on data change (#32949) (#32966)
  • ea161ce feat(gatsby-graphiql-explorer): upgrade to webpack 5 (#30642)
  • 944e381 chore(release): Publish next
  • d6326df fix(gatsby-core-utils): Switch `auth` option from got to username/password (#32665)
  • cf9c066 fix(gatsby): add this typings to actions (#32210)
  • 53aa88e chore: enable test parallelism (#32766)
  • b7deabc fix(deps): update starters and examples - gatsby (#32843)
  • 6025c84 chore(deps): update dependency katex to ^0.13.13 for gatsby-remark-katex (#32567)
  • d87c5cb chore: enable lmdb by default and update node for next major (#32695)
  • 818d6c1 feat(gatsby-plugin-gatsby-cloud): Add `disablePreviewUI` option (#32907)
  • f556a00 chore: update changelogs (#32924)
  • aba5eba feat(gatsby): enable webpack caching in development for everyone (#32922)
  • ac7bd4e feat(gatsby-source-wordpress): allow path to js file for beforeChangeNode option (#32901)
  • 1a87a8a docs(gatsby-source-wordpress): document content sync (#32768)
  • 417df15 chore: re-generate changelogs (#32886)
  • 1810874 fix(gatsby-source-wordpress): draft previews (#32915)
  • 7c72ab8 chore(gatsby): remove unused packages (#32903)
  • afb06d7 chore(docs): Add hint for MDX plugin in remark-plugin-tutorial (#32876)
  • 1303ecb chore(docs): Update wording for "using-web-fonts" (#32902)
  • 9589911 chore(docs): Fix code highlighting in part 6 (#32900)
  • 568d4ce feat(gatsby-source-drupal): Use the collection count from JSON:API extras to enable parallel API requests for cold builds (#32883)
  • 41f5337 fix(deps): update typescript to ^4.29.3 (#32614)

See the full diff

Package name: gatsby-transformer-inline-svg The new version differs by 3 commits.

See the full diff

Package name: gatsby-transformer-sharp The new version differs by 250 commits.
  • cfc6413 Unused variable and wrong propTypes (#22426)
  • 56023e8 chore(release): Publish
  • 79e6bbe chore(gatsby): Update sharp and remove Promise shim for Node 8 (#22432)
  • ec8e2f9 chore(release): Publish
  • cf4f2db chore(docs): Fix Markdown formatting (#22423)
  • 07b1434 chore(gatsby): upgrade `null-loader` (#22410)
  • e1a7313 chore(gatsby-source-filesystem): update got dependency (#18857)
  • 7f197c0 chore(release): Publish
  • 83d681a feat(gatsby): bump node min version to 10.13.0 (#22400)
  • 72c91f5 chore(release): Publish
  • f345985 chore(docs): 🧹 remove trailing whitespace from Markdown. (#22369)
  • e0933f8 fix missing link of frontmatter (#22366)
  • 2205811 fix(plugin-netlify-cms): use 'netlify-identity.js' instead of 'netlify-identity-widget.js' (#22387)
  • 9b7b6bb chore: adjust renovate config (#22355)
  • 341cc5b Blog post feature flags (#22405)
  • a55329b Fix the setup() function in the documentation (#22368)
  • 5496e6b fix(gatsby): Incorrect PackageJson type (#22406)
  • 3ce7083 Showcase erudicat update (#22407)
  • 39282ca fix(docs): 404 link to workers.dev (#22365)
  • 43ad085 chore(gatsby): Convert local-eslint-config-finder to typescript (#22403)
  • 0700cd5 chore(gatsby): migrate test-require-error to typescript (#22265)
  • 7d73604 chore(gatsby): migrate webpack-hmr-hooks-patch to TypeScript (#22280)
  • 101e322 chore(starters): add gatsby-minimalistic-dmin (#22375)
  • d9c6415 Fixed eslint url path (#22399)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled Resource Consumption ('Resource Exhaustion')
🦉 Path Traversal

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants