[Snyk] Fix for 28 vulnerabilities

[kaocher82]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • starters/theme/package.json
  • starters/theme/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESSTAR-559095	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-EVENTSOURCE-2823375	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	No	No Known Exploit
	520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Authorization Bypass Through User-Controlled Key SNYK-JS-PARSEPATH-2936439	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

• 78f8c7a chore(release): Publish
• 4dcdeb1 chore(gatsby): Add env log for build and remove incorrect log for functions (#36462) (#36466)
• 41de1f0 feat(gatsby): add partial hydration flag (#36436)
• b8c2072 fix(gatsby-source-graphql): add dataLoaderOptions validation to gatsby-source-graphql (#36112)
• b45debc chore(docs): fix incorrect closing tag in tutorial (#36459)
• 222793d chore(docs): Update plugin count in part 3 of the tutorial (#36455)
• 3222684 chore(docs): Fix page link to page 6 of remark tutorial (#36437)
• 0b458e6 chore(docs): Fix some typos (#36431)
• 1bf2358 fix(gatsby): remove resource query from warnings (#36439)
• 0d896ae chore(gatsby-plugin-sharp,gatsby-plugin-utils,gatsby-remark-images,gatsby-transformer-sharp): bump min potrace version (#36443)
• a21510e docs: plugin image / image cdn (#36423)
• 8043d7e feat(docs): add webiny to headless cms list (#36388)
• 240dfac chore: update using-image-processing example (#36421)
• b361081 chore(gatsby): drop eslint-plugin-graphql (#36364)
• 2e67161 chore(docs): Update tutorial to Head API (#36378)
• 77190f4 fix(deps): update starters and examples - gatsby (#36416)
• c92404b chore(changelogs): update changelogs (#36417)
• b7b3577 fix(gatsby-plugin-react-helmet): Typo in `onPreInit` warning (#36419)
• 7b3286c chore(docs): Add note about query name to MDX
• dc283d7 chore: Use GCS for pipeline tests (#36413)
• 3760a0e feat(gatsby): Add option to emit TS types during build (#36405)
• c01806e chore(release): Publish next
• a05201e fix(gatsby): Prevent errors if `Head` has root text node (#36402)
• 9d737b6 fix(gatsby): close parcel cache db before clearing cache and retrying (#36377)

See the full diff

Package name: gatsby-theme-blog

The new version differs by 87 commits.

• a9dd4d1 chore(release): Publish
• ca08c16 feat: upgrade to gatsby v4 ([Snyk] Security upgrade gatsby-plugin-mdx from 1.10.1 to 4.0.0 #149)
• 692499e BREAKING: v3 ([Snyk] Security upgrade gatsby-theme-blog from 2.0.0 to 3.0.0 #112)
• c05f29d chore: Revert to push again
• e6d333c chore(release): Publish
• 8f1ba38 feat(gatsby-theme-blog-core): Support filter, limit options ([Snyk] Security upgrade gatsby-plugin-mdx from 1.10.1 to 2.14.1 #98)
• 335eb8e chore: Run Cypress on push & PR
• 1b9267f chore(release): Publish
• dd7d0a6 chore: Dependency maintenance ([Snyk] Security upgrade gatsby from 2.32.13 to 3.14.0 #107)
• 069fb47 chore(release): Publish
• 107c28e fix(gatsby-theme-i18n-react-i18next): default options typo ([Snyk] Security upgrade gatsby-plugin-mdx from 1.10.1 to 2.14.1 #96)
• 6ff5c7a chore(release): Publish
• 003cd70 chore: Linting
• 7b3b008 chore(release): Publish
• 60d8928 fix(gatsby-theme-blog): Remove console.log
• 25e76f5 chore(release): Publish
• c2b71f9 chore: One more .org to .com change
• 0c2f843 chore: Change .org links to .com
• e6a3b30 fix(gatsby-theme-i18n): Correct HTML lang ([Snyk] Security upgrade gatsby-theme-blog-core from 2.1.0 to 4.0.0 #92)
• 631ae27 feat(gatsby-theme-i18n): Add "prefixDefault" option ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #75)
• 6dd2936 Added post-hero-caption component and relevant mdx properties, with example usage ([Snyk] Fix for 1 vulnerabilities #95)
• fead1c2 Fix incorrect path in documentation ([Snyk] Security upgrade gatsby from 2.32.13 to 4.14.0 #86)
• 212d7b3 Add frontmatter imageAlt to fieldData ([Snyk] Security upgrade gatsby from 2.32.13 to 4.14.0 #85)
• 1ddd07c add small tests to check that notes pages from theme render ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #77)

See the full diff

Package name: gatsby-theme-notes

The new version differs by 85 commits.

• 692499e BREAKING: v3 ([Snyk] Security upgrade gatsby-theme-blog from 2.0.0 to 3.0.0 #112)
• c05f29d chore: Revert to push again
• e6d333c chore(release): Publish
• 8f1ba38 feat(gatsby-theme-blog-core): Support filter, limit options ([Snyk] Security upgrade gatsby-plugin-mdx from 1.10.1 to 2.14.1 #98)
• 335eb8e chore: Run Cypress on push & PR
• 1b9267f chore(release): Publish
• dd7d0a6 chore: Dependency maintenance ([Snyk] Security upgrade gatsby from 2.32.13 to 3.14.0 #107)
• 069fb47 chore(release): Publish
• 107c28e fix(gatsby-theme-i18n-react-i18next): default options typo ([Snyk] Security upgrade gatsby-plugin-mdx from 1.10.1 to 2.14.1 #96)
• 6ff5c7a chore(release): Publish
• 003cd70 chore: Linting
• 7b3b008 chore(release): Publish
• 60d8928 fix(gatsby-theme-blog): Remove console.log
• 25e76f5 chore(release): Publish
• c2b71f9 chore: One more .org to .com change
• 0c2f843 chore: Change .org links to .com
• e6a3b30 fix(gatsby-theme-i18n): Correct HTML lang ([Snyk] Security upgrade gatsby-theme-blog-core from 2.1.0 to 4.0.0 #92)
• 631ae27 feat(gatsby-theme-i18n): Add "prefixDefault" option ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #75)
• 6dd2936 Added post-hero-caption component and relevant mdx properties, with example usage ([Snyk] Fix for 1 vulnerabilities #95)
• fead1c2 Fix incorrect path in documentation ([Snyk] Security upgrade gatsby from 2.32.13 to 4.14.0 #86)
• 212d7b3 Add frontmatter imageAlt to fieldData ([Snyk] Security upgrade gatsby from 2.32.13 to 4.14.0 #85)
• 1ddd07c add small tests to check that notes pages from theme render ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #77)
• d2a1387 chore(release): Publish
• 4c9d3bc remove deprecated theme-ui components from notes-theme ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #76)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Open Redirect
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn