Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 1 vulnerabilities #172

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Fix for 1 vulnerabilities #172

wants to merge 1 commit into from

Conversation

Xetera
Copy link
Member

@Xetera Xetera commented Nov 4, 2022

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-LOADERUTILS-3043105		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gatsby The new version differs by 250 commits.
  • f1d3f7b chore(release): Publish
  • 6e6ea56 chore(release): Publish rc
  • df50ce7 fix(gatsby): Add dir=ltr to Fast Refresh overlay (#29900) (#29908)
  • 83adec5 chore(docs): update readme (#29837) (#29909)
  • b2628da will git stop being weird (#29897) (#29907)
  • c98c87f chore(release): Publish rc
  • c8bf571 fix(gatsby-source-wordpress): image fixes (#29813) (#29886)
  • 85bb8ea fix(gatsby-plugin-image): Update peerdeps (#29880) (#29888)
  • c266b83 fix(gatsby): Remove `react-hot-loader` deps & other unused deps (#29864) (#29876)
  • 222ca3f fix(gatsby): with some custom babel configs array spreading with Set is not safe (#29885) (#29889)
  • ea31900 chore(release): Publish rc
  • f070422 fix(gatsby): Fix various small DEV_SSR bugs exposed in development_runtime tests (#29720) (#29866)
  • cb3b1ca chore: update peerdeps to latest major versions (#29857) (#29867)
  • 8639f7b fix(create-gatsby): Use legacy peer deps (#29856) (#29862)
  • fdc1fe2 fix(gatsby): fix some css HMR edge cases (#29839) (#29865)
  • e8a7e3b fix(gatsby-plugin-preact): fix fast-refresh (#29831) (#29860)
  • e7453c3 fix(gatsby): Improve Fast Refresh overlay styles (#29855) (#29861)
  • 76f4f96 chore: upgrade postcss & plugins (#29793)
  • de6cba6 chore(release): Publish rc
  • aafe584 fix: query on demand loading indicator always active on preact. (#29829) (#29836)
  • 34f5b8c fix(hmr): accept hot updates for modules above page templates (#29752) (#29835)
  • b8d21f8 fix(gatsby): workaround graphql-compose issue (#29822) (#29834)
  • 32fee71 fix(gatsby): eslint linting (#29796) (#29814)
  • bca7951 fix(gatsby-source-wordpress): HTML image regex's (#29778) (#29816)

See the full diff

Package name: gatsby-plugin-purgecss The new version differs by 250 commits.
  • 1a18e33 Release 5.0.0
  • afcfade Merge pull request #663 from anantoghosh/v5
  • 9146a95 fix(deps): Update package.json
  • e05a5ad test: Update snapshot
  • 791c06a feat: Update tailwind regex
  • 42c7642 fix: Update release-it config
  • d2e8831 feat: Upgrade to PurgeCSS v2
  • 1a5c51c Merge pull request #652 from anantoghosh/renovate/loader-utils-2.x
  • 3735686 fix(deps): update dependency loader-utils to v2
  • f136d4c Merge pull request #657 from anantoghosh/renovate/fs-extra-9.x
  • 1e3b68f fix(deps): update dependency fs-extra to v9
  • c429494 chore(deps): update dependency release-it to v13.1.2
  • eb5ebe7 chore(deps): update babel monorepo to v7.9.0
  • c4a7c8b chore(deps): update react monorepo to v16.13.1
  • 90cd848 chore(deps): update dependency coveralls to v3.0.11
  • fd360ef chore(deps): update dependency gatsby to v2.20.2
  • 4db6050 chore(deps): update gatsby monorepo
  • 83fd9ab chore(deps): update dependency gatsby to v2.19.49
  • 3a2b56b chore(deps): update dependency gatsby to v2.19.48
  • d76cf6d chore(deps): update dependency gatsby to v2.19.45
  • 1e01236 chore(deps): update gatsby monorepo
  • 394434e chore(deps): update dependency release-it to v13.1.1
  • f7f21db chore(deps): update dependency gatsby to v2.19.43
  • 467c566 chore(deps): update dependency sass to v1.26.3

See the full diff

Package name: gatsby-plugin-sass The new version differs by 250 commits.
  • f8cc2a3 chore(release): Publish
  • ecebdd3 fix(gatsby-plugin-sharp): Add avif to pipeline (#28871) (#28876)
  • 3f854ba perf(gatsby-plugin-mdx): Stop clobbering the same file over and over again (#27974) (#28874)
  • 0c1c807 fix(create-gatsby) the sessionId is supposed to be the same for the whole duration of the session (#28864) (#28870)
  • 6b7c5e7 fix(gatsby-plugin-image): Fix handling of sizes prop in SSR (#28835) (#28867)
  • afac774 perf(gatsby-plugin-sharp): change approach to concurrency for image processing (#28575) (#28862)
  • f04304e feat(gatsby): Partially release develop SSR to 5% (#28844) (#28859)
  • ceeb7d4 fix(gatsby-plugin-sharp): Pass format-specific options in image-data (#28826) (#28853)
  • 883d184 feature(gatsby): Extract non-css-in-js css and add add to <head> when SSRing in dev (#28471) (#28856)
  • b648728 fix(gatsby-plugin-image): Correct image styles (#28834) (#28854)
  • f45ba68 fix(gatsby-plugin-image): Better error logging (#28741) (#28855)
  • f19c807 chore(gatsby): enable query on demand (and lazy images) by default for local development (#28787)
  • bd6b899 feat(gatsby): use production React for dev-ssr when CI=true (#28728)
  • abdb8d6 feat(gatsby-source-graphql): Default Apollo Link fetch wrapper to show better API errors (#28786)
  • 3b40d80 feat(gatsby): enable lazy images by default (#28743)
  • 968914f chore(release): Publish next
  • 5c3931c chore(gatsby): Keep page renderer around (#28784)
  • 2058775 feat: Add AVIF image support to beta image plugin (#28742)
  • 146b197 fix(gatsby): print childOf directive for implicit child fields (#28483)
  • 3af7182 chore(telemetry) improve github action and circle detection (#28732)
  • 338ed78 chore(telemetry): add valueBoolean (#28734)
  • 4021a57 chore(gatsby-source-graphql): docs on how to use apollo links (#28686)
  • 3a51e22 perf(gatsby-source-contentful): dont re-create nodes (#28642)
  • 6af620c fix(gatsby-plugin-image): Preload lazy-hydrator (#28690)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Xetera @snyk-bot