Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade gatsby-source-filesystem from 2.2.2 to 2.6.0 #517

Closed

Conversation

nr-security-github
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • docs/package.json
    • docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5
Denial of Service (DoS)
SNYK-JS-FILETYPE-2958042
No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gatsby-source-filesystem The new version differs by 250 commits.
  • 3d607f1 chore(release): Publish
  • a5131bd fix(gatsby): pull out a few bug fixes from https://github.com/feat(gatsby): make dev ssr bundling lazy gatsbyjs/gatsby#28149/ (#28186) (#28188)
  • 4b9cd2e feat(gatsby): invite people with long page query running to try out query on demand feature (#28181) (#28185)
  • 9869094 feat(gatsby): enable all dev improvements with one env var (#28166) (#28179)
  • 57b5840 fix(gatsby): get-page-data should timeout gracefully (#28131) (#28180)
  • 00870bb fix(gatsby-source-filesystem): Use new FileType methods to read file extension (#28156) (#28178)
  • 9e3ceec fix(gatsby): rename env var for lazy dev bundling to make consistent with other experiments (#28150)
  • a612f26 feat(gatsby): invite (1%) of Gatsby users to try out develop ssr (#28139)
  • 04349a0 feat(gatsby): lazy bundle page components in dev server (#27884)
  • 179694a chore(gatsby-source-graphql): upgrade graphql-tools to v7 (#27792)
  • 23da2c3 feat(gatsby): SSR pages during development (#27432)
  • 6858f22 Try adding sitehash to success event (#28136)
  • 088eef4 feat(develop): add query on demand behind feature flag (#28127)
  • a737ea7 feat(gatsby): invite people with long develop bundling times to try the lazy dev js bundling feature (#28116)
  • bf328d0 chore(docs): replace typefaces with fontsource (#27313)
  • 17de55b chore: update publishing scripts (#28118)
  • f9838f7 feat(create-gatsby): add telemetry tracking (#28107)
  • 23b4137 chore(create-gatsby): Remove alpha warning (#28132)
  • 195d623 feat: add utility to show experiment invitation notices (#28120)
  • 1657b98 benchmarks(contentful): use the new max pageLimit (#28128)
  • 283da81 refactor(gatsby): get-page-data util (#27939)
  • 5b2d9b6 fix(gatsby): fix race condition in cache lock (#28097)
  • 061b459 Add Netlify CMS (#28124)
  • 539dbb0 chore(deps): update babel monorepo (#27528)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@jbeveland27
Copy link
Contributor

Closed by #626

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants