[Snyk] Fix for 2 vulnerabilities

[bee22193]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	718/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	Yes	Proof of Concept
	763/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.4	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

• 0a455df chore(release): Publish
• 91dc167 fix(gatsby): don't log FAST_DEV message for each worker (#32961) (#32967)
• f936c93 fix(gatsby): set staticQueryResultHash to new hash on data change (#32949) (#32966)
• ea161ce feat(gatsby-graphiql-explorer): upgrade to webpack 5 (#30642)
• 944e381 chore(release): Publish next
• d6326df fix(gatsby-core-utils): Switch `auth` option from got to username/password (#32665)
• cf9c066 fix(gatsby): add this typings to actions (#32210)
• 53aa88e chore: enable test parallelism (#32766)
• b7deabc fix(deps): update starters and examples - gatsby (#32843)
• 6025c84 chore(deps): update dependency katex to ^0.13.13 for gatsby-remark-katex (#32567)
• d87c5cb chore: enable lmdb by default and update node for next major (#32695)
• 818d6c1 feat(gatsby-plugin-gatsby-cloud): Add `disablePreviewUI` option (#32907)
• f556a00 chore: update changelogs (#32924)
• aba5eba feat(gatsby): enable webpack caching in development for everyone (#32922)
• ac7bd4e feat(gatsby-source-wordpress): allow path to js file for beforeChangeNode option (#32901)
• 1a87a8a docs(gatsby-source-wordpress): document content sync (#32768)
• 417df15 chore: re-generate changelogs (#32886)
• 1810874 fix(gatsby-source-wordpress): draft previews (#32915)
• 7c72ab8 chore(gatsby): remove unused packages (#32903)
• afb06d7 chore(docs): Add hint for MDX plugin in remark-plugin-tutorial (#32876)
• 1303ecb chore(docs): Update wording for "using-web-fonts" (#32902)
• 9589911 chore(docs): Fix code highlighting in part 6 (#32900)
• 568d4ce feat(gatsby-source-drupal): Use the collection count from JSON:API extras to enable parallel API requests for cold builds (#32883)
• 41f5337 fix(deps): update typescript to ^4.29.3 (#32614)

See the full diff

Package name: gatsby-source-filesystem

The new version differs by 250 commits.

• 7884025 chore(release): Publish
• 816d475 fix: update dependency chokidar to v3 (#16975)
• 90ac3a5 chore(release): Publish
• 92df1cf fix(gatsby-plugin-feed): respect custom options and require title in config (#16814)
• efb0198 chore: update babel monorepo (#16977)
• d16474d fix(gatsby): update check for default exports (#16979)
• 043bebe fix: update gatsby monorepo (#16978)
• 42c1c5e chore: Set lerna concurrency on ci (#16973)
• a25bc27 docs: Add reddit link to Awesome Gatsby docs (#16982)
• 41d3e1c chore(gatsby-image): Clarify IntersectionObserver support in README.md (#16962)
• 7912336 chore(release): Publish
• f355bf8 Revert "chore: update babel monorepo" (#16976)
• 29d5e3c chore: update babel monorepo (#16929)
• 182407f chore: update react monorepo to ^16.9.0 (#16943)
• f7382ae feat(www): add code snippet with install command to starters (#16972)
• 3299192 chore: update dependency aws-sdk to ^2.516.0 (#16967)
• 7d2bf0d chore: update dependency flow-bin to ^0.106.0 (#16966)
• 5757af9 fix: update dependency theme-ui to ^0.2.36 (#16964)
• ebe6131 chore: update gatsby monorepo (#16950)
• 8b08b8c chore: Added my city to my creator description (#16955)
• d6bd515 fix: update minor updates in packages except react, babel and… (#16960)
• e9c8e8a chore(release): Publish
• 27d3efc chore(gatsby): Remove fallback for v8 serialize (#16958)
• 58ed3ca fix(gatsby): Remove deprecation warning from express-graphql (#16956)

See the full diff

Package name: node-sass

The new version differs by 74 commits.

• 7105b0a 5.0.0 (#3015)
• 0648b5a chore: Add Node 15 support (#2983)
• e2391c2 Add a deprecation message to the readme (#3011)
• 6a33e53 chore: Don't upload artifacts on PRs
• d763506 chore: Only run coverage on main repo
• d4ebe72 build(deps): update actions/setup-node requirement to v2.1.2
• 2bebe05 build(deps-dev): bump rimraf from 2.7.1 to 3.0.2
• f877689 chore: Don't double build DependaBot PRs
• b48fac4 chore: Add weekly DependaBot updates
• 91c40a0 Remove deprecated process.sass API
• 1f6df86 Replace lodash/assign in favor of the native Object.assign
• 522828a Remove workarounds for old Node.js versions
• 40e0f00 chore: Remove second NPM badge
• ab91bf6 chore: Remove Slack badge
• 6853a80 chore: Cleanup status badges
• fb1109c chore: Bump minimum engine version to v10
• d185440 chore: Add basic Node version support policy
• db25736 chore: Bump node-gyp to 7.1.0
• 2c5b110 chore: Bump cross-spawn to v7.0.3
• 38b9633 chore: Update Istanbul to NYC
• d63b5bf chore: Bump mocha to v8.1.3
• d0d8865 chore: Skip constructor tests on v14.6+
• ee3984d chore: Hoist test ESLint config
• feee448 chore: Remove disabled and recommended rules

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled Resource Consumption ('Resource Exhaustion')
🦉 Path Traversal