[Snyk] Fix for 11 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • e2e-tests/gatsby-image/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	579/1000 Why? Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	494/1000 Why? Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Authorization Bypass Through User-Controlled Key SNYK-JS-PARSEPATH-2936439	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-3023021	Yes	Proof of Concept
	571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Improper Input Validation SNYK-JS-PARSEURL-3024398	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	490/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-RAMDA-1582370	Yes	No Known Exploit
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Command Injection SNYK-JS-REACTDEVUTILS-1083268	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Remote Code Execution (RCE) SNYK-JS-SHARP-2848109	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

• 2c324f6 chore(release): Publish
• 55c7183 feat(contentful): add support for tables in Rich Text (feat(contentful): add support for tables in Rich Text gatsbyjs/gatsby#33870)
• 053180a fix(gatsby): Better TS compilation error (fix(gatsby): Better TS compilation error gatsbyjs/gatsby#35594)
• 0cf0bd9 chore(release): Publish next
• 9a91295 fix(gatsby-plugin-image): fix image flickers (fix(gatsby-plugin-image): fix image flickers gatsbyjs/gatsby#35226)
• f358dc3 chore(release): Publish next
• 966aca8 feat(gatsby): Improvements to GraphQL TypeScript Generation (feat(gatsby): Improvements to GraphQL TypeScript Generation gatsbyjs/gatsby#35581)
• 8bad9b3 perf(gatsby): Minify page-data (perf(gatsby): Minify page-data gatsbyjs/gatsby#35578)
• 39e9840 chore(gatsby): Expose `serverDataStatus` field in SSR type declaration file (chore(gatsby): Expose serverDataStatus field in SSR type declaration file gatsbyjs/gatsby#35505)
• ebd63b2 feat(gatsby-source-wordpress): use image cdn for non-resizable images in html (svgs/gifs mainly) (feat(gatsby-source-wordpress): use image cdn for non-resizable images in html (svgs/gifs mainly) gatsbyjs/gatsby#35529)
• 5e51519 fix(gatsby-source-wordpress): update test deps and fix int tests (fix(gatsby-source-wordpress): update test deps and fix int tests gatsbyjs/gatsby#35582)
• 128c7bb feat(gatsby-source-wordpress): always include draft slugs (feat(gatsby-source-wordpress): always include draft slugs gatsbyjs/gatsby#35573)
• abc6dca feat(gatsby-plugin-image): add check for node.gatsbyImage in the getImage helper (feat(gatsby-plugin-image): add check for node.gatsbyImage in the getImage helper gatsbyjs/gatsby#35507)
• e51c3a3 chore(release): Publish next
• c9d98a4 feat(gatsby): Initial GraphQL Typegen Implementation (feat(gatsby): Initial GraphQL Typegen Implementation gatsbyjs/gatsby#35487)
• 17cbc7c fix(deps): update minor and patch dependencies for gatsby-source-graphql (fix(deps): update minor and patch dependencies for gatsby-source-graphql gatsbyjs/gatsby#35545)
• 10752ed fix(deps): update dependency fs-extra to ^10.1.0 (fix(deps): update dependency fs-extra to ^10.1.0 gatsbyjs/gatsby#34976)
• 0abdcd6 fix(deps): update dependency coffeescript to ^2.7.0 for gatsby-plugin-coffeescript (fix(deps): update dependency coffeescript to ^2.7.0 for gatsby-plugin-coffeescript gatsbyjs/gatsby#35550)
• 7cda002 fix(deps): update dependency eslint-plugin-import to ^2.26.0 (fix(deps): update dependency eslint-plugin-import to ^2.26.0 gatsbyjs/gatsby#35551)
• 3e74a9f fix(deps): update dependency eslint-plugin-react-hooks to ^4.5.0 (fix(deps): update dependency eslint-plugin-react-hooks to ^4.5.0 gatsbyjs/gatsby#35552)
• fb98116 fix(deps): update minor and patch dependencies for gatsby-source-drupal (fix(deps): update minor and patch dependencies for gatsby-source-drupal gatsbyjs/gatsby#35554)
• c09287a chore(deps): update starters and examples (chore(deps): update starters and examples gatsbyjs/gatsby#35565)
• bf854ca fix(deps): update dependency prop-types to ^15.8.1 for gatsby-link (fix(deps): update dependency prop-types to ^15.8.1 for gatsby-link gatsbyjs/gatsby#35291)
• 71eb414 chore(deps): update dependency typescript to ^4.6.4 (chore(deps): update dependency typescript to ^4.6.4 gatsbyjs/gatsby#34984)

See the full diff

Package name: gatsby-plugin-manifest

The new version differs by 250 commits.

• f6734b9 chore(release): Publish
• 9a616c0 fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY (fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY gatsbyjs/gatsby#34853) (fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY (#34853) gatsbyjs/gatsby#34896)
• f5705b9 fix(create-gatsby): Add required deps for theme-ui option (fix(create-gatsby): Add required deps for theme-ui option gatsbyjs/gatsby#34885) (fix(create-gatsby): Add required deps for theme-ui option (#34885) gatsbyjs/gatsby#34897)
• 9a579f1 fix(gatsby-core-utils): fix 304 when file does not exists (fix(gatsby-core-utils): fix 304 when file does not exists gatsbyjs/gatsby#34842) (fix(gatsby-core-utils): fix 304 when file does not exists (#34842) gatsbyjs/gatsby#34888)
• 148d016 fix(gatsby): Remove double enhanced-resolve dep (fix(gatsby): Remove double enhanced-resolve dep gatsbyjs/gatsby#34854) (fix(gatsby): Remove double enhanced-resolve dep (#34854) gatsbyjs/gatsby#34889)
• 19b0304 feat(gatsby-core-utils): improve fetch-remote-file (feat(gatsby-core-utils): improve fetch-remote-file gatsbyjs/gatsby#34758)
• ac1d777 fix(gatsby-source-contentful): avoid confusion of Gatsby node and Contentful node count in logs (fix(gatsby-source-contentful): avoid confusion of Gatsby node and Contentful node count in logs gatsbyjs/gatsby#34830)
• ee8c874 refactor(gatsby-source-contentful): remove unnecessary check for existing node (refactor(gatsby-source-contentful): remove unnecessary check for existing node gatsbyjs/gatsby#34829)
• 056b48e test(gatsby): Add a memory test suite command to the memory benchmark (test(gatsby): Add a memory test suite command to the memory benchmark gatsbyjs/gatsby#34810)
• 45cb1f1 chore(release): Publish next
• 4c832bf documentation: Add Third Party Schema (docs(gatsby): Add Third Party Schema gatsbyjs/gatsby#34820)
• 9f23dec chore(gatsby): cache shouldn't reference nodes strongly (chore(gatsby): cache shouldn't reference nodes strongly gatsbyjs/gatsby#34821)
• f2d4830 feat(gatsby-core-utils): create proper mutex (feat(gatsby-core-utils): create proper mutex gatsbyjs/gatsby#34761)
• 21ef185 chore(changelogs): update changelogs (chore(changelogs): update changelogs gatsbyjs/gatsby#34826)
• a2f99af fix(deps): update starters and examples gatsby packages to ^4.7.2 (fix(deps): update starters and examples gatsby packages to ^4.7.2 gatsbyjs/gatsby#34822)
• 76c89d8 chore(release): Publish next
• 54d29c4 chore(gatsby): upgrade from lmdb-store to lmdb (chore(gatsby): upgrade from lmdb-store to lmdb gatsbyjs/gatsby#34576)
• 3df8583 fix(core): Make filter/sort query only hold onto node properties it needs (fix(core): Make filter/sort query only hold onto node properties it needs gatsbyjs/gatsby#34747)
• 3c3362b refactor(core): Make load plugins modular, prepare for TS (refactor(core): Make load plugins modular, prepare for TS gatsbyjs/gatsby#34813)
• 3d74584 feat(gatsby): allow referencing derived types in schema customization (feat(gatsby): allow referencing derived types in schema customization gatsbyjs/gatsby#34787)
• bfd04d3 fix(gatsby): Content Sync DSG bug (fix(gatsby): Content Sync DSG bug gatsbyjs/gatsby#34799)
• 326a483 fix(deps): update dependency sharp to ^0.30.1 (fix(deps): update dependency sharp to ^0.30.1 gatsbyjs/gatsby#34755)
• 7b958f9 docs: update typo Forestry (docs: update typo Forestry gatsbyjs/gatsby#34805)
• ba8e21c feat(gatsby): Match node manifest pages by page context slug (feat(gatsby): Match node manifest pages by page context slug gatsbyjs/gatsby#34790)

See the full diff

Package name: gatsby-plugin-sharp

The new version differs by 250 commits.

• f6734b9 chore(release): Publish
• 9a616c0 fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY (fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY gatsbyjs/gatsby#34853) (fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY (#34853) gatsbyjs/gatsby#34896)
• f5705b9 fix(create-gatsby): Add required deps for theme-ui option (fix(create-gatsby): Add required deps for theme-ui option gatsbyjs/gatsby#34885) (fix(create-gatsby): Add required deps for theme-ui option (#34885) gatsbyjs/gatsby#34897)
• 9a579f1 fix(gatsby-core-utils): fix 304 when file does not exists (fix(gatsby-core-utils): fix 304 when file does not exists gatsbyjs/gatsby#34842) (fix(gatsby-core-utils): fix 304 when file does not exists (#34842) gatsbyjs/gatsby#34888)
• 148d016 fix(gatsby): Remove double enhanced-resolve dep (fix(gatsby): Remove double enhanced-resolve dep gatsbyjs/gatsby#34854) (fix(gatsby): Remove double enhanced-resolve dep (#34854) gatsbyjs/gatsby#34889)
• 19b0304 feat(gatsby-core-utils): improve fetch-remote-file (feat(gatsby-core-utils): improve fetch-remote-file gatsbyjs/gatsby#34758)
• ac1d777 fix(gatsby-source-contentful): avoid confusion of Gatsby node and Contentful node count in logs (fix(gatsby-source-contentful): avoid confusion of Gatsby node and Contentful node count in logs gatsbyjs/gatsby#34830)
• ee8c874 refactor(gatsby-source-contentful): remove unnecessary check for existing node (refactor(gatsby-source-contentful): remove unnecessary check for existing node gatsbyjs/gatsby#34829)
• 056b48e test(gatsby): Add a memory test suite command to the memory benchmark (test(gatsby): Add a memory test suite command to the memory benchmark gatsbyjs/gatsby#34810)
• 45cb1f1 chore(release): Publish next
• 4c832bf documentation: Add Third Party Schema (docs(gatsby): Add Third Party Schema gatsbyjs/gatsby#34820)
• 9f23dec chore(gatsby): cache shouldn't reference nodes strongly (chore(gatsby): cache shouldn't reference nodes strongly gatsbyjs/gatsby#34821)
• f2d4830 feat(gatsby-core-utils): create proper mutex (feat(gatsby-core-utils): create proper mutex gatsbyjs/gatsby#34761)
• 21ef185 chore(changelogs): update changelogs (chore(changelogs): update changelogs gatsbyjs/gatsby#34826)
• a2f99af fix(deps): update starters and examples gatsby packages to ^4.7.2 (fix(deps): update starters and examples gatsby packages to ^4.7.2 gatsbyjs/gatsby#34822)
• 76c89d8 chore(release): Publish next
• 54d29c4 chore(gatsby): upgrade from lmdb-store to lmdb (chore(gatsby): upgrade from lmdb-store to lmdb gatsbyjs/gatsby#34576)
• 3df8583 fix(core): Make filter/sort query only hold onto node properties it needs (fix(core): Make filter/sort query only hold onto node properties it needs gatsbyjs/gatsby#34747)
• 3c3362b refactor(core): Make load plugins modular, prepare for TS (refactor(core): Make load plugins modular, prepare for TS gatsbyjs/gatsby#34813)
• 3d74584 feat(gatsby): allow referencing derived types in schema customization (feat(gatsby): allow referencing derived types in schema customization gatsbyjs/gatsby#34787)
• bfd04d3 fix(gatsby): Content Sync DSG bug (fix(gatsby): Content Sync DSG bug gatsbyjs/gatsby#34799)
• 326a483 fix(deps): update dependency sharp to ^0.30.1 (fix(deps): update dependency sharp to ^0.30.1 gatsbyjs/gatsby#34755)
• 7b958f9 docs: update typo Forestry (docs: update typo Forestry gatsbyjs/gatsby#34805)
• ba8e21c feat(gatsby): Match node manifest pages by page context slug (feat(gatsby): Match node manifest pages by page context slug gatsbyjs/gatsby#34790)

See the full diff

Package name: gatsby-transformer-sharp

The new version differs by 250 commits.

• f6734b9 chore(release): Publish
• 9a616c0 fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY (fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY gatsbyjs/gatsby#34853) (fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY (#34853) gatsbyjs/gatsby#34896)
• f5705b9 fix(create-gatsby): Add required deps for theme-ui option (fix(create-gatsby): Add required deps for theme-ui option gatsbyjs/gatsby#34885) (fix(create-gatsby): Add required deps for theme-ui option (#34885) gatsbyjs/gatsby#34897)
• 9a579f1 fix(gatsby-core-utils): fix 304 when file does not exists (fix(gatsby-core-utils): fix 304 when file does not exists gatsbyjs/gatsby#34842) (fix(gatsby-core-utils): fix 304 when file does not exists (#34842) gatsbyjs/gatsby#34888)
• 148d016 fix(gatsby): Remove double enhanced-resolve dep (fix(gatsby): Remove double enhanced-resolve dep gatsbyjs/gatsby#34854) (fix(gatsby): Remove double enhanced-resolve dep (#34854) gatsbyjs/gatsby#34889)
• 19b0304 feat(gatsby-core-utils): improve fetch-remote-file (feat(gatsby-core-utils): improve fetch-remote-file gatsbyjs/gatsby#34758)
• ac1d777 fix(gatsby-source-contentful): avoid confusion of Gatsby node and Contentful node count in logs (fix(gatsby-source-contentful): avoid confusion of Gatsby node and Contentful node count in logs gatsbyjs/gatsby#34830)
• ee8c874 refactor(gatsby-source-contentful): remove unnecessary check for existing node (refactor(gatsby-source-contentful): remove unnecessary check for existing node gatsbyjs/gatsby#34829)
• 056b48e test(gatsby): Add a memory test suite command to the memory benchmark (test(gatsby): Add a memory test suite command to the memory benchmark gatsbyjs/gatsby#34810)
• 45cb1f1 chore(release): Publish next
• 4c832bf documentation: Add Third Party Schema (docs(gatsby): Add Third Party Schema gatsbyjs/gatsby#34820)
• 9f23dec chore(gatsby): cache shouldn't reference nodes strongly (chore(gatsby): cache shouldn't reference nodes strongly gatsbyjs/gatsby#34821)
• f2d4830 feat(gatsby-core-utils): create proper mutex (feat(gatsby-core-utils): create proper mutex gatsbyjs/gatsby#34761)
• 21ef185 chore(changelogs): update changelogs (chore(changelogs): update changelogs gatsbyjs/gatsby#34826)
• a2f99af fix(deps): update starters and examples gatsby packages to ^4.7.2 (fix(deps): update starters and examples gatsby packages to ^4.7.2 gatsbyjs/gatsby#34822)
• 76c89d8 chore(release): Publish next
• 54d29c4 chore(gatsby): upgrade from lmdb-store to lmdb (chore(gatsby): upgrade from lmdb-store to lmdb gatsbyjs/gatsby#34576)
• 3df8583 fix(core): Make filter/sort query only hold onto node properties it needs (fix(core): Make filter/sort query only hold onto node properties it needs gatsbyjs/gatsby#34747)
• 3c3362b refactor(core): Make load plugins modular, prepare for TS (refactor(core): Make load plugins modular, prepare for TS gatsbyjs/gatsby#34813)
• 3d74584 feat(gatsby): allow referencing derived types in schema customization (feat(gatsby): allow referencing derived types in schema customization gatsbyjs/gatsby#34787)
• bfd04d3 fix(gatsby): Content Sync DSG bug (fix(gatsby): Content Sync DSG bug gatsbyjs/gatsby#34799)
• 326a483 fix(deps): update dependency sharp to ^0.30.1 (fix(deps): update dependency sharp to ^0.30.1 gatsbyjs/gatsby#34755)
• 7b958f9 docs: update typo Forestry (docs: update typo Forestry gatsbyjs/gatsby#34805)
• ba8e21c feat(gatsby): Match node manifest pages by page context slug (feat(gatsby): Match node manifest pages by page context slug gatsbyjs/gatsby#34790)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-side Request Forgery (SSRF)
🦉 Remote Code Execution (RCE)