[Snyk] Security upgrade gatsby from 2.18.18 to 3.0.0 by 137717unity · Pull Request #116 · 137717unity/node

137717unity · 2024-01-09T18:35:43Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- deps/npm/docs/package.json
- deps/npm/docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	698/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-6147607	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

f1d3f7b chore(release): Publish
6e6ea56 chore(release): Publish rc
df50ce7 fix(gatsby): Add dir=ltr to Fast Refresh overlay (Inconsistent Date.prototype.getTime() value across different Node.js versions nodejs/node#29900) (fs: remove options.encoding from Dir.read*() nodejs/node#29908)
83adec5 chore(docs): update readme (windowsHide:true prevents SIGINT on child processes nodejs/node#29837) (module: warn on require of .js inside type: module nodejs/node#29909)
b2628da will git stop being weird (Gyp Python 3 fixes for Windows nodejs/node#29897) (NodeJs 12.11.1 NGHTTP2_ENHANCE_YOUR_CALM nodejs/node#29907)
c98c87f chore(release): Publish rc
c8bf571 fix(gatsby-source-wordpress): image fixes (configure.py: upgrade from optparse to argparse nodejs/node#29813) (test: remove unnecessary --expose-internals flags nodejs/node#29886)
85bb8ea fix(gatsby-plugin-image): Update peerdeps (src: bring 425 status code name into accordance with RFC 8470 nodejs/node#29880) (regex source property escaping value changed? nodejs/node#29888)
c266b83 fix(gatsby): Remove `react-hot-loader` deps & other unused deps (vm: add Synthetic modules nodejs/node#29864) (http2: allow passing FileHandle to respondWithFD nodejs/node#29876)
222ca3f fix(gatsby): with some custom babel configs array spreading with Set is not safe (deps: update npm to 6.12.0 nodejs/node#29885) (test: fix flaky test-http2-client-upload nodejs/node#29889)
ea31900 chore(release): Publish rc
f070422 fix(gatsby): Fix various small DEV_SSR bugs exposed in development_runtime tests (#29720) (esm: Unflag --experimental-modules nodejs/node#29866)
cb3b1ca chore: update peerdeps to latest major versions (doc: notes about forwarding stream options nodejs/node#29857) (esm: unflag --experimental-exports nodejs/node#29867)
8639f7b fix(create-gatsby): Use legacy peer deps (stream: How to destroy and stop Readable? nodejs/node#29856) (module: allow unrestricted cjs requires nodejs/node#29862)
fdc1fe2 fix(gatsby): fix some css HMR edge cases (doc: fix tls version values nodejs/node#29839) (Future work for source-map functionality nodejs/node#29865)
e8a7e3b fix(gatsby-plugin-preact): fix fast-refresh (Weird behaviour when spawning bash scripts nodejs/node#29831) (doc: Documenting known issues and discrepancies nodejs/node#29860)
e7453c3 fix(gatsby): Improve Fast Refresh overlay styles (http: IncomingMessage destroyed state nodejs/node#29855) (stream: don't emit 'error' on non destructive errors? nodejs/node#29861)
76f4f96 chore: upgrade postcss & plugins (The digest function of the Crypto module's Hash object fails encoding hash in utf16le encoding nodejs/node#29793)
de6cba6 chore(release): Publish rc
aafe584 fix: query on demand loading indicator always active on preact. (The differences between http2 compatibility API and http[s] nodejs/node#29829) (stream: don't deadlock duplexpair nodejs/node#29836)
34f5b8c fix(hmr): accept hot updates for modules above page templates (cli: rename --loader to --experimental-loader nodejs/node#29752) (Update.README.js nodejs/node#29835)
b8d21f8 fix(gatsby): workaround graphql-compose issue (doc: correct typos in security release process nodejs/node#29822) (lib: introduce no-mixed-operators eslint rule to lib nodejs/node#29834)
32fee71 fix(gatsby): eslint linting (v12.11.1 release proposal nodejs/node#29796) (build: replace optparse for argparse in configure.py nodejs/node#29814)
bca7951 fix(gatsby-source-wordpress): HTML image regex's (repl: check for NODE_REPL_EXTERNAL_MODULE nodejs/node#29778) (http2: support passing options of http2.connect to net.connect nodejs/node#29816)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)

…reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607

fix: deps/npm/docs/package.json & deps/npm/docs/package-lock.json to …

fad3607

…reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-SERIALIZEJAVASCRIPT-6147607

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade gatsby from 2.18.18 to 3.0.0#116

[Snyk] Security upgrade gatsby from 2.18.18 to 3.0.0#116
137717unity wants to merge 1 commit into
masterfrom
snyk-fix-36ada8569d20ae52f4e15d29283a48c2

137717unity commented Jan 9, 2024

Labels

2 participants

Conversation