[Snyk] Fix for 14 vulnerabilities

[kaocher82]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • e2e-tests/mdx/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	676/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.1	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-EVENTSOURCE-2823375	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-NODEFETCH-2342118	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @mdx-js/mdx

The new version differs by 30 commits.

• bf7deab v2.0.0-next.5
• 5c15a00 fix(remark-mdx): move remark-stringify to deps ([Snyk] Security upgrade gatsby from 2.32.13 to 3.0.0 #1190)
• f59b174 Make type test run in their own action, closes [Snyk] Security upgrade unist-util-select from 1.5.0 to 3.0.3 #1172 ([Snyk] Fix for 1 vulnerabilities #1179)
• 9ac9755 docs(typescript): document how to use mdx 2 with typescript ([Snyk] Security upgrade gatsby from 2.32.13 to 3.0.0 #1181)
• 42077e4 ci(github): update github actions to latest versions ([Snyk] Security upgrade gatsby from 2.32.13 to 3.0.0 #1180)
• cc95646 ci(github): update github actions and dtslint to latest ([Snyk] Security upgrade gatsby from 2.32.13 to 3.0.0 #1178)
• 6098d94 Remove deprecated plugin options, fixes [Snyk] Security upgrade gatsby from 2.32.13 to 3.0.0 #718 ([Snyk] Fix for 1 vulnerabilities #1174)
• 0da2fcf Specify pre-dist-tag
• e1b45e3 v2.0.0-next.4
• 649dbd8 Implement inline link serialization that doesn't wrap them in angle ([Snyk] Security upgrade gatsby from 2.32.13 to 3.0.0 #1171)
• d08c5b6 Make testing matrix simpler ([Snyk] Security upgrade gatsby from 2.32.13 to 3.0.0 #1173)
• d0059c8 v2.0.0-next.3
• fa091d2 v2.0.0-next.2
• 7829b88 Move publish to its own action
• afd60c2 Break out linting into its own action
• 3ca8e0a Fix linting ([Snyk] Security upgrade gatsby from 2.32.13 to 3.0.0 #1161)
• 577d48f Fix some linting
• db93304 Improve export name extraction for shortcode generation ([Snyk] Fix for 1 vulnerabilities #1160)
• ea9970a Bump deps, fix core-js version in babel configs
• 166fd9d v2.0.0-next.1
• 569f82f Make preid next to match dist tag
• a3d8f08 types: add types to test utils ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #1083)
• e2eb4ee types: add typescript typings for remark-mdx, remark-mdx-remove-exports, remark-mdx-remove-imports, @ mdx-js/util ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #1082)
• 65af47c Break three main tests into their own scripts

See the full diff

Package name: gatsby

The new version differs by 250 commits.

• 78f8c7a chore(release): Publish
• 4dcdeb1 chore(gatsby): Add env log for build and remove incorrect log for functions (chore(gatsby): Add env log for build and remove incorrect log for functions gatsbyjs/gatsby#36462) (chore(gatsby): Add env log for build and remove incorrect log for functions (#36462) gatsbyjs/gatsby#36466)
• 41de1f0 feat(gatsby): add partial hydration flag (feat(gatsby): add partial hydration flag gatsbyjs/gatsby#36436)
• b8c2072 fix(gatsby-source-graphql): add dataLoaderOptions validation to gatsby-source-graphql (fix(gatsby-source-graphql): add dataLoaderOptions validation to gatsby-source-graphql gatsbyjs/gatsby#36112)
• b45debc chore(docs): fix incorrect closing tag in tutorial (chore(docs): fix incorrect closing tag in tutorial gatsbyjs/gatsby#36459)
• 222793d chore(docs): Update plugin count in part 3 of the tutorial (chore(docs): Update plugin count in part 3 of the tutorial gatsbyjs/gatsby#36455)
• 3222684 chore(docs): Fix page link to page 6 of remark tutorial (chore(docs): Fix page link to page 6 of remark tutorial gatsbyjs/gatsby#36437)
• 0b458e6 chore(docs): Fix some typos (chore(docs): Fix some typos gatsbyjs/gatsby#36431)
• 1bf2358 fix(gatsby): remove resource query from warnings (fix(gatsby): remove resource query from warnings gatsbyjs/gatsby#36439)
• 0d896ae chore(gatsby-plugin-sharp,gatsby-plugin-utils,gatsby-remark-images,gatsby-transformer-sharp): bump min potrace version (chore(gatsby-plugin-sharp,gatsby-plugin-utils,gatsby-remark-images,gatsby-transformer-sharp): bump min potrace version gatsbyjs/gatsby#36443)
• a21510e docs: plugin image / image cdn (docs: plugin image / image cdn  gatsbyjs/gatsby#36423)
• 8043d7e feat(docs): add webiny to headless cms list (feat(docs): add webiny to headless cms list gatsbyjs/gatsby#36388)
• 240dfac chore: update using-image-processing example (chore: update using-image-processing example gatsbyjs/gatsby#36421)
• b361081 chore(gatsby): drop eslint-plugin-graphql (chore(gatsby): drop eslint-plugin-graphql gatsbyjs/gatsby#36364)
• 2e67161 chore(docs): Update tutorial to Head API (chore(docs): Update tutorial to Head API gatsbyjs/gatsby#36378)
• 77190f4 fix(deps): update starters and examples - gatsby (fix(deps): update starters and examples - gatsby gatsbyjs/gatsby#36416)
• c92404b chore(changelogs): update changelogs (chore(changelogs): update changelogs gatsbyjs/gatsby#36417)
• b7b3577 fix(gatsby-plugin-react-helmet): Typo in `onPreInit` warning (fix(gatsby-plugin-react-helmet): Typo in onPreInit warning gatsbyjs/gatsby#36419)
• 7b3286c chore(docs): Add note about query name to MDX
• dc283d7 chore: Use GCS for pipeline tests (chore: Use GCS for pipeline tests gatsbyjs/gatsby#36413)
• 3760a0e feat(gatsby): Add option to emit TS types during build (feat(gatsby): Add option to emit TS types during build gatsbyjs/gatsby#36405)
• c01806e chore(release): Publish next
• a05201e fix(gatsby): Prevent errors if `Head` has root text node (fix(gatsby): Prevent errors if Head has root text node gatsbyjs/gatsby#36402)
• 9d737b6 fix(gatsby): close parcel cache db before clearing cache and retrying (fix(gatsby): close parcel cache db before clearing cache and retrying gatsbyjs/gatsby#36377)

See the full diff

Package name: gatsby-plugin-mdx

The new version differs by 250 commits.

• b8eac2d chore(release): Publish
• 3253a38 fix(gatsby-plugin-mdx): Hashing and pluginOptions (fix(gatsby-plugin-mdx): Hashing and pluginOptions gatsbyjs/gatsby#36387) (fix(gatsby-plugin-mdx): Hashing and pluginOptions (#36387) gatsbyjs/gatsby#36395)
• 1880491 fix(gatsby-script): Reach router import (fix(gatsby-script): Reach router import gatsbyjs/gatsby#36385) (fix(gatsby-script): Reach router import (#36385) gatsbyjs/gatsby#36394)
• f664ad2 feat(gatsby): Telemetry tracking for Head API (feat(gatsby): Telemetry tracking for Head API gatsbyjs/gatsby#36352)
• ab55e4e chore: Update `got` (chore: Update got gatsbyjs/gatsby#36366)
• 2b4ff76 fix(gatsby): Make runtime error overlay work in non-v8 browsers (fix(gatsby): Make runtime error overlay work in non-v8 browsers gatsbyjs/gatsby#36365)
• f990e08 fix(test): clear and close lmdb after each test suite (fix(test): clear and close lmdb after each test suite gatsbyjs/gatsby#36343)
• 7fcf580 fix(gatsby): e.remove() is not a function when using Gatsby Head API (fix(gatsby): e.remove() is not a function when using Gatsby Head API gatsbyjs/gatsby#36338)
• 25fb9d1 chore: Fix pipeline tests (chore: Fix pipeline tests gatsbyjs/gatsby#36363)
• a9132a5 chore(deps): update sharp (chore(deps): update sharp gatsbyjs/gatsby#35539)
• bc80c23 chore: Add note about rehype-slug-custom-id
• 5b6f1f6 chore(gatsby): upgrade multer (chore(gatsby): upgrade multer gatsbyjs/gatsby#36359)
• f2f0acf chore(gatsby-telemetry): upgrade git-up (chore(gatsby-telemetry): upgrade git-up gatsbyjs/gatsby#36358)
• 86a8efc chore(release): Publish next
• 0705ac7 chore(gatsby-plugin-mdx): Update .gitignore
• c92db36 BREAKING CHANGE(gatsby-plugin-mdx): MDX v2 (BREAKING CHANGE(gatsby-plugin-mdx): MDX v2 gatsbyjs/gatsby#35650)
• 3c0dd6d chore(release): Publish next
• 86b6ee9 Revert "chore(gatsby): Make `plugins` in `PluginOptions` type optional (chore(gatsby): Make plugins in PluginOptions type optional gatsbyjs/gatsby#36351)"
• a2fa5a2 chore(gatsby): Make `plugins` in `PluginOptions` type optional (chore(gatsby): Make plugins in PluginOptions type optional gatsbyjs/gatsby#36351)
• 6ecfe4a fix(gatsby-source-contentful): Correctly overwrite field type on Assets (fix(gatsby-source-contentful): Correctly overwrite field type on Assets gatsbyjs/gatsby#36337)
• 0ed362c chore(docs): Pre-encoded unicode characters can't be used in paths (chore(docs): Pre-encoded unicode characters can't be used in paths gatsbyjs/gatsby#36325)
• 2bbe96d fix(deps): update dependency file-type to ^16.5.4 for gatsby-source-filesystem (fix(deps): update dependency file-type to ^16.5.4 for gatsby-source-filesystem gatsbyjs/gatsby#36276)
• 2be3fa7 chore(docs): Add first batch of Cloud docs (chore(docs): Add first batch of Cloud docs gatsbyjs/gatsby#36218)
• 4238142 chore(docs): Remove outdated examples and recipes (chore(docs): Remove outdated examples and recipes gatsbyjs/gatsby#36335)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Cross-site Request Forgery (CSRF)
🦉 Improper Input Validation
🦉 More lessons are available in Snyk Learn