Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade gatsby from 2.32.13 to 3.5.0 #46

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade gatsby from 2.32.13 to 3.5.0 #46

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • templates/typescript/src/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIHTML-1296849		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gatsby The new version differs by 250 commits.
  • 102d92c chore(release): Publish
  • baa0804 fix(gatsby-plugin-mdx): enable hmr when importing mdx (#31288) (#31370)
  • a44a426 fix(gatsby): Fixes incorrect type (#31358) (#31365)
  • 63942db fix(gatsby): fix proxy creation on read-only properties (#31346) (#31364)
  • 4eca6cc fix(gatsby): Pass reporter from functions code for reporting warning (#31336) (#31363)
  • 01de613 fix(gatsby): don't print out flag suggestions if none are enabled or opted-in (#31299) (#31362)
  • 1a4a3a7 feat(gatsby): New overlay for DEV_SSR (#31061) (#31361)
  • fbab17b fix(gatsby-source-shopify): fix linting (#31291)
  • 62f0ad6 fix(deps): update minor and patch for gatsby-plugin-preact (#31169)
  • 95f52f0 chore: add gatsby-plugin-gatsby-cloud to renovate
  • 22cbc30 chore: update renovatebot config to support more packages (#31289)
  • 111647e chore(deps): update dependency @ types/semver to ^7.3.5 (#31148)
  • f3ee3fd fix(deps): update minor and patch for gatsby-plugin-manifest (#31160)
  • 2291fbd fix(deps): update minor and patch for gatsby-remark-copy-linked-files (#31163)
  • 137630e fix(deps): update dependency mini-css-extract-plugin to v1.6.0 (#31158)
  • b2ce9fe chore(deps): update dependency @ testing-library/react to ^11.2.6 (#31168)
  • b08c4c7 docs(gatsby-source-shopify): Updates Shopify README with new plugin info (#31287)
  • 06f4556 chore: run yarn deduplicate (#31285)
  • 4f84533 docs(gatsby-plugin-image): Add docs for customizing default options (#30344)
  • d0dee0d fix(gatsby-plugin-image): print error details (#30417)
  • 448061a chore(docs): Update "Adding Search with Algolia" guide (#29460)
  • ea81d3b chore(docs): Update MDX frontmatter for programmatic pages (#29798)
  • 5658261 docs: Add image plugin architecture doc (#31096)
  • fef8d6b perf(gatsby): use fastq instead of better-queue + refactor (#31269)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

馃 Learn about vulnerability in an interactive lesson of Snyk Learn.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@snyk-bot