[Snyk] Upgrade gatsby-plugin-image from 3.0.0 to 3.13.1

[X-oss-byte]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade gatsby-plugin-image from 3.0.0 to 3.13.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 47 versions ahead of your current version.
• The recommended version was released 23 days ago, on 2024-01-23.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	375/1000 Why? CVSS 7.5	Proof of Concept
	Denial of Service (DoS) SNYK-JS-DECODEURICOMPONENT-3149970	375/1000 Why? CVSS 7.5	Proof of Concept
	Denial of Service (DoS) SNYK-JS-ENGINEIO-3136336	375/1000 Why? CVSS 7.5	No Known Exploit
	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-IMMER-1019369	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	375/1000 Why? CVSS 7.5	Proof of Concept
	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-5596892	375/1000 Why? CVSS 7.5	No Known Exploit
	Sandbox Bypass SNYK-JS-WEBPACK-3358798	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3042992	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-LOADERUTILS-3105943	375/1000 Why? CVSS 7.5	No Known Exploit
	Denial of Service (DoS) SNYK-JS-MSGPACKR-6140431	375/1000 Why? CVSS 7.5	No Known Exploit
	Improper Input Validation SNYK-JS-POSTCSS-5926692	375/1000 Why? CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-GATSBY-5671647	375/1000 Why? CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-GATSBYCLI-5671903	375/1000 Why? CVSS 7.5	Proof of Concept
	Information Exposure SNYK-JS-GATSBYPLUGINSHARP-5425803	375/1000 Why? CVSS 7.5	No Known Exploit
	Information Exposure SNYK-JS-GATSBYPLUGINSHARP-5671648	375/1000 Why? CVSS 7.5	Proof of Concept
	Denial of Service (DoS) SNYK-JS-GRAPHQL-5905181	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-IMMER-1540542	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	375/1000 Why? CVSS 7.5	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-WORDWRAP-3149973	375/1000 Why? CVSS 7.5	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	375/1000 Why? CVSS 7.5	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	375/1000 Why? CVSS 7.5	Proof of Concept
	Heap-based Buffer Overflow SNYK-JS-SHARP-5922108	375/1000 Why? CVSS 7.5	Mature
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	375/1000 Why? CVSS 7.5	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-3244450	375/1000 Why? CVSS 7.5	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: gatsby-plugin-image

• 3.13.1 - 2024-01-23
• 3.13.0 - 2023-12-18
• 3.13.0-next.1 - 2023-11-16
• 3.13.0-next.0 - 2023-07-25
• 3.13.0-alpha-alt-image-cdn.44 - 2023-11-03
• 3.12.3 - 2023-10-26
• 3.12.2 - 2023-10-20
• 3.12.1 - 2023-10-09
• 3.12.0 - 2023-08-24
• 3.12.0-next.1 - 2023-07-03
• 3.12.0-next.0 - 2023-06-15
• 3.11.0 - 2023-06-15
• 3.11.0-next.1 - 2023-06-05
• 3.11.0-next.0 - 2023-05-16
• 3.10.0 - 2023-05-16
• 3.10.0-next.2 - 2023-05-03
• 3.10.0-next.1 - 2023-04-27
• 3.10.0-next.0 - 2023-04-18
• 3.9.0 - 2023-04-18
• 3.9.0-next.1 - 2023-04-06
• 3.9.0-next.0 - 2023-03-21
• 3.9.0-image-cdn-configurable.4 - 2023-04-11
• 3.8.0 - 2023-03-21
• 3.8.0-next.0 - 2023-02-16
• 3.7.0 - 2023-02-21
• 3.7.0-next.0 - 2023-02-03
• 3.6.0 - 2023-02-07
• 3.6.0-next.1 - 2023-01-26
• 3.6.0-next.0 - 2023-01-19
• 3.5.0 - 2023-01-24
• 3.5.0-next.1 - 2023-01-17
• 3.5.0-next.0 - 2023-01-05
• 3.4.0 - 2023-01-10
• 3.4.0-next.2 - 2023-01-04
• 3.4.0-next.1 - 2022-12-14
• 3.4.0-next.0 - 2022-12-08
• 3.3.2 - 2022-12-14
• 3.3.1 - 2022-12-14
• 3.3.0 - 2022-12-13
• 3.3.0-next.3 - 2022-12-07
• 3.3.0-next.2 - 2022-12-06
• 3.3.0-next.1 - 2022-12-01
• 3.3.0-next.0 - 2022-11-25
• 3.2.0 - 2022-11-25
• 3.2.0-next.0 - 2022-11-17
• 3.1.0 - 2022-11-22
• 3.1.0-next.0 - 2022-11-08
• 3.0.0 - 2022-11-08

from gatsby-plugin-image GitHub release notes

Commit messages

Package name: gatsby-plugin-image

• b24134d chore(release): Publish
• c74745c fix(gatsby): support builtin modules prefixed with `node:` on `build-html` (fix(gatsby): support builtin modules prefixed with node: on build-html gatsbyjs/gatsby#38516) (fix(gatsby): support builtin modules prefixed with node: on build-html (#38516) gatsbyjs/gatsby#38818)
• c9f8c24 chore: swap babel-plugin-lodash with updated version that doesn't use deprecated APIs (chore: swap babel-plugin-lodash with updated version that doesn't use deprecated APIs gatsbyjs/gatsby#38797) (chore: swap babel-plugin-lodash with updated version that doesn't use deprecated APIs (#38797) gatsbyjs/gatsby#38803)
• fc0eea1 fix(gatsby): fix webpack compilation when pnpm is used (fix(gatsby): fix webpack compilation when pnpm is used gatsbyjs/gatsby#38757) (fix(gatsby): fix webpack compilation when pnpm is used (#38757) gatsbyjs/gatsby#38804)
• f6ed443 fix(gatsby): try to automatically recover when parcel segfaults (fix(gatsby): try to automatically recover when parcel segfaults gatsbyjs/gatsby#38773) (fix(gatsby): try to automatically recover when parcel segfaults (#38773) gatsbyjs/gatsby#38799)
• 68b0821 fix(gatsby): more robust adapter zero-conf handling (fix(gatsby): more robust adapter zero-conf handling gatsbyjs/gatsby#38778) (fix(gatsby): more robust adapter zero-conf handling (#38778) gatsbyjs/gatsby#38800)
• 366b54c chore(release): Publish
• 4b892c5 chore(gatsby-cli,gatsby-source-wordpress): bump clipboardy (chore(gatsby-cli,gatsby-source-wordpress): bump clipboardy gatsbyjs/gatsby#38775) (chore(gatsby-cli,gatsby-source-wordpress): bump clipboardy (#38775) gatsbyjs/gatsby#38776)
• 2c0622c chore(release): Publish
• 5d6bb65 fix(docs): update remote url docs (fix(docs): update remote url docs gatsbyjs/gatsby#38768) (fix(docs): update remote url docs (#38768) gatsbyjs/gatsby#38770)
• 18ffcfa chore(release): Publish
• 1953e5c fix(gatsby): allow gatsby-adapter-netlify@">=1.0.0 <=1.0.3" for gatsby@<5.12.10 (fix(gatsby): allow gatsby-adapter-netlify@">=1.0.0 <=1.0.3" for gatsby@<5.12.10 gatsbyjs/gatsby#38758)
• 4a780fb feat: image and file cdn url generator adapter implementation (feat: image and file cdn url generator adapter implementation gatsbyjs/gatsby#38685)
• f8c207b chore: move gatsby-plugin-netlify-cms to deprecated-packages (chore: move gatsby-plugin-netlify-cms to deprecated-packages gatsbyjs/gatsby#38755)
• 6d1d97e chore(gatsby-plugin-netlify-cms): add deprecation notice (chore(gatsby-plugin-netlify-cms): add deprecation notice  gatsbyjs/gatsby#38753)
• 7a7fa5f chore(deps): update dependency @ types/jscodeshift to ^0.11.11 for gatsby-codemods (chore(deps): update dependency @types/jscodeshift to ^0.11.11 for gatsby-codemods gatsbyjs/gatsby#38595)
• 8919982 fix(deps): update dependency gatsby-plugin-webpack-bundle-analyser-v2 to ^1.1.32 (fix(deps): update dependency gatsby-plugin-webpack-bundle-analyser-v2 to ^1.1.32 gatsbyjs/gatsby#38722)
• d148295 chore(deps): update [dev] minor and patch dependencies for gatsby-cli (chore(deps): update [dev] minor and patch dependencies for gatsby-cli gatsbyjs/gatsby#38592)
• 37f2288 chore(deps): update dependency rimraf to ^5.0.5 (chore(deps): update dependency rimraf to ^5.0.5 gatsbyjs/gatsby#38596)
• 0faf0fe chore(deps): update dependency rimraf to ^5.0.5 for gatsby-telemetry (chore(deps): update dependency rimraf to ^5.0.5 for gatsby-telemetry gatsbyjs/gatsby#38597)
• 31272e9 chore(deps): update dependency rimraf to ^5.0.5 for gatsby-worker (chore(deps): update dependency rimraf to ^5.0.5 for gatsby-worker gatsbyjs/gatsby#38598)
• edcb035 chore(deps): update dependency start-server-and-test to ^2.0.3 (chore(deps): update dependency start-server-and-test to ^2.0.3 gatsbyjs/gatsby#38599)
• 956e30c chore(deps): update dependency wait-on to ^7.2.0 (chore(deps): update dependency wait-on to ^7.2.0 gatsbyjs/gatsby#38724)
• c1138ad chore(deps): update dependency fs-extra to ^11.2.0 (chore(deps): update dependency fs-extra to ^11.2.0 gatsbyjs/gatsby#38723)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: b46f566

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[sourcery-ai]

PR Type: Enhancement

PR Summary: This pull request upgrades the gatsby-plugin-image from version 3.0.0 to 3.13.1. The upgrade addresses several high and medium severity vulnerabilities, including Prototype Pollution, Regular Expression Denial of Service (ReDoS), Denial of Service (DoS), Improper Input Validation, and Information Exposure, among others. The new version also brings the package 47 versions ahead, incorporating improvements and bug fixes released over approximately the last three months.

Decision: Comment

📝 Type: 'Enhancement' - not supported yet.

• Sourcery currently only approves 'Typo fix' PRs.

✅ Issue addressed: this change correctly addresses the issue or implements the desired feature.

No details provided.

✅ Small diff: the diff is small enough to approve with confidence.

No details provided.

General suggestions:

• Ensure thorough testing of the website's image handling capabilities post-upgrade to confirm that the plugin's new version integrates seamlessly with the existing codebase and other dependencies.
• Review the release notes and commit messages linked in the PR description to understand the changes and new features introduced in the upgraded version. This can help identify any necessary adjustments or opportunities to leverage new functionalities.
• Consider setting up a continuous monitoring or alert system for dependency updates if not already in place. Tools like Snyk, as used here, can automate the detection of vulnerabilities and the creation of upgrade PRs, helping to maintain the security and stability of the project.

Thanks for using Sourcery. We offer it for free for open source projects and would be very grateful if you could help us grow. If you like it, would you consider sharing Sourcery on your favourite social media? ✨

Share Sourcery

• X
• Mastodon
• LinkedIn
• Facebook

---

Help me be more useful! Please click 👍 or 👎 on each comment to tell me if it was helpful.