Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade gatsby from 2.32.13 to 4.6.0 #41

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade gatsby from 2.32.13 to 4.6.0 #41

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • templates/javascript/src/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gatsby The new version differs by 250 commits.
  • 441e6da chore(release): Publish
  • ed1a9b5 fix(gatsby-cli): relax error location validation and ignore extra fields (#34559) (#34588)
  • e39f6cd fix(gatsby): don't remove onPluginInit in graphql-engine (#34558) (#34586)
  • 17e8698 feat(gatsby-plugin-gatsby-cloud): request customer feedback (#34471)
  • 94ffe33 chore(docs): Update client-only self-hosting instructions (#34537)
  • e1e55c9 chore(docs): Update FS route api client only splat description (#34546)
  • e9cd0ba chore(docs): Update links on gatsby-for-ecommerce (#34517)
  • 1f28c1c chore(changelogs): update changelogs (#34544)
  • d20c97b fix: add missing dependencies (#28759)
  • 42ed5ef fix(plugin-schema-snapshot): unlink file on init (#34527)
  • 195188c docs(migrating-from-v3-to-v4): correct getNode snippet (#34543)
  • d39265f docs(migrating-from-v2-to-v3): correct getNode snippet (#34542)
  • bb85cef chore(release): Publish next
  • 022ce14 fix(deps): update starters and examples gatsby packages to ^4.5.4 (#34541)
  • 3954944 fix(gatsby-remark-images): regenerate markdown when used image changes (#34433)
  • f5bb0b6 chore(circleci): pin renovate cli version (#34536)
  • 77e4bb0 fix(gatsby): handle session storage not being available (#34525)
  • d2ba1f9 perf: move id: eq fast path handling to node-model so it's shared between query running strategies (#34520)
  • a3fa646 feat(gatsby-sharp): create more resilient wrapper around sharp (#34339)
  • d319983 chore(changelogs): update changelogs (#34521)
  • f10d0e5 feat(gatsby): content sync debugging tweaks (#34487)
  • 15e549c fix(deps): update starters and examples - gatsby (#34515)
  • 7387918 chore(docs): Update links on plugins overview doc (#34479)
  • 44b2ef5 fix(create-gatsby): Respect telemetry disable (#34495)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@snyk-bot