[Snyk] Fix for 21 vulnerabilities
Created by: GTVolk
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Vulnerabilities that will be fixed
With an upgrade:
| Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
|---|---|---|---|---|
 |
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849 |
Yes | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908 |
Yes | Proof of Concept |
|
676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1 |
Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459 |
Yes | Proof of Concept |
 |
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3 |
Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESSTAR-559095 |
Yes | Proof of Concept |
|
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Information Exposure SNYK-JS-EVENTSOURCE-2823375 |
Yes | Proof of Concept |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905 |
Yes | Proof of Concept |
|
484/1000 Why? Has a fix available, CVSS 5.4 |
Open Redirect SNYK-JS-GOT-2932019 |
Yes | No Known Exploit |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783 |
Yes | Proof of Concept |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818 |
Yes | No Known Exploit |
|
539/1000 Why? Has a fix available, CVSS 6.5 |
Information Exposure SNYK-JS-NODEFETCH-2342118 |
Yes | No Known Exploit |
|
479/1000 Why? Has a fix available, CVSS 5.3 |
Improper Input Validation SNYK-JS-POSTCSS-5926692 |
Yes | No Known Exploit |
|
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831 |
Yes | Proof of Concept |
|
536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770 |
Yes | Proof of Concept |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358 |
Yes | No Known Exploit |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624 |
Yes | Proof of Concept |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151 |
Yes | Proof of Concept |
|
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5 |
Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873 |
Yes | Proof of Concept |
|
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038 |
Yes | Proof of Concept |
|
589/1000 Why? Has a fix available, CVSS 7.5 |
Prototype Pollution SNYK-JS-UNSETVALUE-2400660 |
Yes | No Known Exploit |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835 |
Yes | Proof of Concept |
|
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3 |
Prototype Pollution SNYK-JS-XML2JS-5414874 |
Yes | Proof of Concept |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: gatsby
The new version differs by 250 commits.- 78f8c7a chore(release): Publish
- 4dcdeb1 chore(gatsby): Add env log for build and remove incorrect log for functions (#36462) (#36466)
- 41de1f0 feat(gatsby): add partial hydration flag (#36436)
- b8c2072 fix(gatsby-source-graphql): add dataLoaderOptions validation to gatsby-source-graphql (#36112)
- b45debc chore(docs): fix incorrect closing tag in tutorial (#36459)
- 222793d chore(docs): Update plugin count in part 3 of the tutorial (#36455)
- 3222684 chore(docs): Fix page link to page 6 of remark tutorial (#36437)
- 0b458e6 chore(docs): Fix some typos (#36431)
- 1bf2358 fix(gatsby): remove resource query from warnings (#36439)
- 0d896ae chore(gatsby-plugin-sharp,gatsby-plugin-utils,gatsby-remark-images,gatsby-transformer-sharp): bump min potrace version (#36443)
- a21510e docs: plugin image / image cdn (#36423)
- 8043d7e feat(docs): add webiny to headless cms list (#36388)
- 240dfac chore: update using-image-processing example (#36421)
- b361081 chore(gatsby): drop eslint-plugin-graphql (#36364)
- 2e67161 chore(docs): Update tutorial to Head API (#36378)
- 77190f4 fix(deps): update starters and examples - gatsby (#36416)
- c92404b chore(changelogs): update changelogs (#36417)
- b7b3577 fix(gatsby-plugin-react-helmet): Typo in `onPreInit` warning (#36419)
- 7b3286c chore(docs): Add note about query name to MDX
- dc283d7 chore: Use GCS for pipeline tests (#36413)
- 3760a0e feat(gatsby): Add option to emit TS types during build (#36405)
- c01806e chore(release): Publish next
- a05201e fix(gatsby): Prevent errors if `Head` has root text node (#36402)
- 9d737b6 fix(gatsby): close parcel cache db before clearing cache and retrying (#36377)
Package name: gatsby-plugin-sharp
The new version differs by 250 commits.- c1e67a2 chore(release): Publish
- 0c45654 chore: remove tracedSVG (#37093) (#37137)
- d7edf95 chore(release): Publish
- 2d00ea0 fix(gatsby-plugin-mdx): Do not leak frontmatter into page (#35859) (#35913)
- 4997d63 chore(release): Publish
- ff94ed5 fix(gatsby-plugin-mdx): don't allow JS frontmatter by default (#35830) (#35834)
- 36f21b0 chore: Removate validate-renovate from v3-latest branch (#34460)
- 1acb1bc chore(release): Publish
- 1589bd8 fix(gatsby): ensure that writing node manifests to disk does not break on Windows (#33853) (#34020)
- 9694010 fix(gatsby-source-drupal): Ensure all new nodes are created before creating relationships (#33864) (#34019)
- 76deb39 fix(gatsby-source-drupal): searcParams missing from urls (#33861) (#34018)
- f74cc8f feat(gatsby-source-drupal): Add node manifest support for previews (#33683) (#34017)
- 476a591 chore(release): Publish
- 35b48f8 fix(gatsby-plugin-image): GatsbyImage not displaying image in IE11 (#33416) (#33806)
- 880022e fix(gatsby-plugin-image): flickering when state changes (#33732) (#33807)
- c0d07e7 feat(gatsby-source-wordpress): Update supported-remote-plugin-versions.ts (#33801) (#33804)
- 3d9a702 chore(release): Publish
- 84053a2 fix(gatsby-plugin-sharp): pass input buffer instead of readStream when processing image jobs (#33685) (#33703)
- 4722a0d fix(gatsby-source-drupal): Add timeout in case of stalled API requests (#33668) (#33705)
- 857a628 fix(gatsby): single page node manifest accuracy (#33642) (#33698)
- 6bfd0f1 Properly set the pathPrefix and assetPrefix in the pluginData (#33667) (#33702)
- 26c51c0 fix(gatsby-source-drupal): cache backlink records (#33444) (#33701)
- b80c53a fix(gatsby-source-drupal): Correctly update nodes with changed back references so queries are re-run (#33328) (#33699)
- e29a194 chore: use gatsby-dev-cli@latest-v3 in tests
Package name: gatsby-remark-images
The new version differs by 250 commits.- c1e67a2 chore(release): Publish
- 0c45654 chore: remove tracedSVG (#37093) (#37137)
- d7edf95 chore(release): Publish
- 2d00ea0 fix(gatsby-plugin-mdx): Do not leak frontmatter into page (#35859) (#35913)
- 4997d63 chore(release): Publish
- ff94ed5 fix(gatsby-plugin-mdx): don't allow JS frontmatter by default (#35830) (#35834)
- 36f21b0 chore: Removate validate-renovate from v3-latest branch (#34460)
- 1acb1bc chore(release): Publish
- 1589bd8 fix(gatsby): ensure that writing node manifests to disk does not break on Windows (#33853) (#34020)
- 9694010 fix(gatsby-source-drupal): Ensure all new nodes are created before creating relationships (#33864) (#34019)
- 76deb39 fix(gatsby-source-drupal): searcParams missing from urls (#33861) (#34018)
- f74cc8f feat(gatsby-source-drupal): Add node manifest support for previews (#33683) (#34017)
- 476a591 chore(release): Publish
- 35b48f8 fix(gatsby-plugin-image): GatsbyImage not displaying image in IE11 (#33416) (#33806)
- 880022e fix(gatsby-plugin-image): flickering when state changes (#33732) (#33807)
- c0d07e7 feat(gatsby-source-wordpress): Update supported-remote-plugin-versions.ts (#33801) (#33804)
- 3d9a702 chore(release): Publish
- 84053a2 fix(gatsby-plugin-sharp): pass input buffer instead of readStream when processing image jobs (#33685) (#33703)
- 4722a0d fix(gatsby-source-drupal): Add timeout in case of stalled API requests (#33668) (#33705)
- 857a628 fix(gatsby): single page node manifest accuracy (#33642) (#33698)
- 6bfd0f1 Properly set the pathPrefix and assetPrefix in the pluginData (#33667) (#33702)
- 26c51c0 fix(gatsby-source-drupal): cache backlink records (#33444) (#33701)
- b80c53a fix(gatsby-source-drupal): Correctly update nodes with changed back references so queries are re-run (#33328) (#33699)
- e29a194 chore: use gatsby-dev-cli@latest-v3 in tests
Package name: gatsby-transformer-remark
The new version differs by 250 commits.- e98cb62 chore(release): Publish
- 164f9a1 fix(gatsby-source-contentful): De-dupe type names (#30834) (#30850)
- 0b99d00 fix(gatsby): webpack warnings are no longer in object format by default (#30801) (#30853)
- f561724 fix(gatsby): lower memory pressure in SSR (#30793) (#30851)
- 96805d5 fix(gatsby-source-wordpress): change `console.warning` to `console.warn` (#30764) (#30852)
- e40c83d chore(release): Publish next
- a5b5cf8 feat: upgrade to remark 13 (#29678)
- 172cf4d chore(docs): Add link to perf implications siteContext (#30778)
- 4336d04 fix(gatsby-plugin-gatsby-cloud): Add missing index.js (so the plugin can be resolved in workspaces) (#30761)
- 2bdd5a5 fix(gatsby-source-wordpress): only log out duplicate node if we have all the data we want to log (#30751)
- 1a9b830 fix(gatsby-plugin-image): Don't inherit all img styles (#30754)
- e0df4cc chore(docs): Change "whitelist" to "allow list" (#30756)
- 81ec270 chore: Add backport script (#30732)
- 63cc8fa fix(docs): Copy edits for debugging html doc + add React-specific example (#30745)
- eed1d43 fix(docs): Add link to how to enable DEV_SSR for fixing inconsistent css styles between dev/prod (#30746)
- ecd823f perf(gatsby): cache babel config items (#28738)
- a60e92f chore(release): Publish next
- dd9e95c docs(gatsby-plugin-image): Note on tracedSVG options name change (#30736)
- a5869e3 fix(gatsby-plugin-image): Use bare GATSBY___IMAGE global (#30713)
- 0f3fa4e fix(contentful): make gatsby-plugin-image a peer dependency (#30709)
- 6b2fd94 fix(gatsby-source-wordpress): pass missing property helpers to gql fetch util (#30727)
- c6fa488 chore(docs): Update wording of tutorial part 8 (#30606)
- a777367 fix(gatsby-cli): Update docs links in error-map (#30493)
- c473abf chore(docs): include autoprefixer in tailwind install command (#30718)
Package name: gatsby-transformer-sharp
The new version differs by 250 commits.- c1e67a2 chore(release): Publish
- 0c45654 chore: remove tracedSVG (#37093) (#37137)
- d7edf95 chore(release): Publish
- 2d00ea0 fix(gatsby-plugin-mdx): Do not leak frontmatter into page (#35859) (#35913)
- 4997d63 chore(release): Publish
- ff94ed5 fix(gatsby-plugin-mdx): don't allow JS frontmatter by default (#35830) (#35834)
- 36f21b0 chore: Removate validate-renovate from v3-latest branch (#34460)
- 1acb1bc chore(release): Publish
- 1589bd8 fix(gatsby): ensure that writing node manifests to disk does not break on Windows (#33853) (#34020)
- 9694010 fix(gatsby-source-drupal): Ensure all new nodes are created before creating relationships (#33864) (#34019)
- 76deb39 fix(gatsby-source-drupal): searcParams missing from urls (#33861) (#34018)
- f74cc8f feat(gatsby-source-drupal): Add node manifest support for previews (#33683) (#34017)
- 476a591 chore(release): Publish
- 35b48f8 fix(gatsby-plugin-image): GatsbyImage not displaying image in IE11 (#33416) (#33806)
- 880022e fix(gatsby-plugin-image): flickering when state changes (#33732) (#33807)
- c0d07e7 feat(gatsby-source-wordpress): Update supported-remote-plugin-versions.ts (#33801) (#33804)
- 3d9a702 chore(release): Publish
- 84053a2 fix(gatsby-plugin-sharp): pass input buffer instead of readStream when processing image jobs (#33685) (#33703)
- 4722a0d fix(gatsby-source-drupal): Add timeout in case of stalled API requests (#33668) (#33705)
- 857a628 fix(gatsby): single page node manifest accuracy (#33642) (#33698)
- 6bfd0f1 Properly set the pathPrefix and assetPrefix in the pluginData (#33667) (#33702)
- 26c51c0 fix(gatsby-source-drupal): cache backlink records (#33444) (#33701)
- b80c53a fix(gatsby-source-drupal): Correctly update nodes with changed back references so queries are re-run (#33328) (#33699)
- e29a194 chore: use gatsby-dev-cli@latest-v3 in tests
Package name: node-sass
The new version differs by 90 commits.- 3b556c1 7.0.2
- c716359 Bump sass-graph@^4.0.1 (#3292)
- 24741b3 docs(readme): fix docpad plugin link
- 1523330 feat: Drop Node 12
- 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
- 1456114 build(deps): bump actions/upload-artifact from 2 to 3
- b465b69 chore: bump GitHub Actions to Windows 2019 (#3254)
- e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
- 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
- 29e2344 build(deps): bump actions/checkout from 2 to 3
- 85b0d22 build(deps): bump actions/setup-node from 2 to 3
- 3bb51da Use make-fetch-happen instead of request (#3193)
- adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (#3000)
- 77d12f0 chore: disable Apline for Node 16/17 builds
- 308d533 ci: use Python 3 for Node 12
- c818907 ci: unpin actions/setup-node to v2
- 99242d7 7.0.1
- 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 (#3224)
- c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (#3209)
- 918dcb3 Lint fix
- 0a21792 Set rejectUnauthorized to true by default (#3149)
- e80d4af chore: Drop EOL Node 15 (#3122)
- d753397 feat: Add Node 17 support (#3195)
- dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0
Package name: stylelint
The new version differs by 250 commits.- 845c373 13.3.1
- a7f56cf Prepare 13.3.1
- 011548b Document passings args to formatters (#4688)
- c14a40f Emphasise limiting rules (#4691)
- d527edf Use shared organisation configs (#4696)
- aa3b56d Update CHANGELOG.md
- e1c8d2d Replace syntaxes with our forks (#4685)
- 32874d0 Update devDependencies and regenerate package-lock.json (#4692)
- 98140e7 Change dependabot schedule to `weekly` (#4690)
- 643289b Update postcss-sass to 0.4.4 (#4689)
- 0a8efea 13.3.0
- 8190b58 Prepare 13.3.0
- a1464a7 Update CHANGELOG.md
- fa24482 Fix false positives for x unit within vendor-prefixed image-set in unit-no-unknown (#4654)
- 9c564e4 Update CHANGELOG.md
- 90f72ab Add ignoreFontFamilies option to font-family-no-missing-generic-family-keyword (#4656)
- db585b3 Update dependencies (#4665)
- 551dcb5 Bump prettier from 1.19.1 to 2.0.2 (#4669)
- 5c6f489 Bump jest-watch-typeahead from 0.4.2 to 0.5.0 (#4677)
- 362d5cf Bump remark-preset-lint-recommended from 3.0.3 to 4.0.0 (#4672)
- 68d9b73 Bump lint-staged from 10.0.8 to 10.1.1 (#4670)
- b4fa8f9 Bump got from 10.6.0 to 10.7.0 (#4671)
- 7f01736 Bump remark-cli from 7.0.1 to 8.0.0 (#4673)
- 57d56f4 Bump meow from 6.0.1 to 6.1.0 (#4674)
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 
🧐 View latest project report
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Regular Expression Denial of Service (ReDoS) 🦉 Cross-site Request Forgery (CSRF) 🦉 Open Redirect 🦉 More lessons are available in Snyk Learn