[Snyk] Fix for 11 vulnerabilities

[ajesse11x]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • packages/gatsby-plugin-sharp/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESS-557358	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESSTAR-559095	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-URLREGEX-569472	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: imagemin

The new version differs by 8 commits.

• b27ba85 7.0.0
• 8dd5a14 Rename `output` option to `destination`
• cc0171e Rename `.path` to `.destinationPath` and add `.sourcePath`
• 04edf5a Add `glob` option
• 801a885 Require Node.js 8 and move `output` argument to options
• 6745ce3 Filter out junk files ([Snyk] Fix for 1 vulnerabilities #284)
• d837afb Use Travis to test on Windows ([Snyk] Fix for 1 vulnerabilities #309)
• d9da21c Fix usage example for `imagemin-pngquant`

See the full diff

Package name: imagemin-pngquant

The new version differs by 16 commits.

• 0754402 9.0.0
• d285e92 Require Node.js 10 ([Snyk] Fix for 1 vulnerable dependencies #67)
• 61997a2 8.0.0
• 7049509 Require Node.js 8
• 6ce8a90 Use Travis to test on Windows ([Snyk] Fix for 1 vulnerable dependencies #57)
• 97c4d23 Fix the default documented value for the `speed` option ([Snyk] Fix for 1 vulnerable dependencies #55)
• cdf2f26 7.0.0
• b2ad077 Add TypeScript definition ([Snyk] Fix for 1 vulnerable dependencies #54)
• 0e0edd2 Fix the `quality` option
• fdac781 Update dependencies
• fd535b0 Change the `quality` option to be a float from 0 to 1
• 201aa20 Add strict options checks
• e6c1b97 Docs improvements
• 507d8ab Fix the documented `quality` option type
• b96f2ac Fix the default documented value for the `dithering` option
• 515fb7e Rename `floyd` option to `dithering` and drop the `nofs` option

See the full diff

Package name: probe-image-size

The new version differs by 33 commits.

• c169722 6.0.0 released
• e15ca1e docs update
• 98f07f3 Dim not reachable lines from coverage report
• a12ea0b Improve code coverage
• 0795702 Add tests for relative redirect and gzip
• 40f0968 request => needle
• f51e899 streams: pipe() => pipeline()
• e6ac87e tests: rename files
• 126ac1d Improve test coverage for ICO
• 05c1a6a tests: simplify Buffer fill
• b3bbfb7 Reorganize internal parser error handle
• d25bb84 Increase test timeouts
• e2f998c Close input stream when parser finishes
• b3f8fdb Move eslint ignores to main conf
• b59aa60 istanbul -> nyc
• 7aefa22 Drop `from2`
• 3b64ae4 docs update
• ae7f18d Dev deps bump
• 69649b7 changelog update
• ebb6a12 Drop callbacks and legacy signature support
• aca9b4d tests: rewrite to async/await
• f6ad873 tests: drop legacy `Buffer` api support
• f99c8d5 Simplify inheritance
• 738aa82 assert.deepEqual() => assert.deepStrictEqual()

See the full diff

Package name: svgo

The new version differs by 82 commits.

• 80ed684 v1.0.0
• 1aa9e9a Remove 'recursvie' option as not implemented
• 999cfbd Convert circles/ellipses to paths ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #818)
• b51192c Fixed addClassesToSVGElement and added test
• eceb95c Updated addElementsToSVGElement plugin to support attribute values, as well as attribute names.
• 239f383 Pin css-tree version (fixes [Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #813)
• 6459089 Allow element seperator to be changed in config
• 91d9810 Add prefixIds plugin ([Snyk] Security upgrade gatsby from 2.32.13 to 3.0.0 #700)
• d828a62 Bump dependencies and minor fix for inlineStyles
• 2523799 Add inlineStyles plugin (rewrite of localStyles plugin) ([Snyk] Security upgrade gatsby from 2.32.12 to 3.0.0 #592)
• f2fa7a3 add support for tab indent
• 055e303 Tune plugins
• f8234fd Prevent removing IDs in SVGs only with defs
• 3b6fa1e Fix typo in test
• 93f2760 Support "href" attribute from SVG 2, fixes [Snyk] Security upgrade gatsby from 2.32.13 to 3.0.0 #772
• f044d25 Fix error on empty file, fixes [Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #810
• 6f9fdb1 Sync russian README
• 7718a63 Indentation and syntax highlighting of shell code
• cbaefd8 Update removeDesc.js ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #798)
• cd8a405 Removed an assigned value that's never used. Also fixed typos. ([Snyk] Security upgrade gatsby from 2.32.13 to 3.0.0 #764)
• 87796ac Updated colorNames according to CSS Color Module Level 4 ([Snyk] Security upgrade gatsby from 2.32.13 to 3.0.0 #755)
• 11e72c8 Merge pull request [Snyk] Security upgrade gatsby from 2.32.13 to 3.0.0 #753 from craigmichaelmartin/patch-1
• dc8042a Merge pull request [Snyk] Security upgrade gatsby from 2.32.13 to 3.0.0 #752 from JoshyPHP/ticket-708
• a1c7210 Merge pull request [Snyk] Security upgrade gatsby from 2.32.13 to 3.0.0 #760 from davidleston/[Snyk] Security upgrade gatsby from 2.32.13 to 3.0.0 #759-upper-case-hex-to-shortname

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)
🦉 Prototype Pollution