[Snyk] Security upgrade gatsby from 2.13.73 to 2.31.0 by kissofire · Pull Request #122 · kissofire/node

kissofire · 2024-03-15T18:47:52Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- deps/npm/docs/package.json
- deps/npm/docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	718/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

fbc5893 chore(release): Publish
e693b62 chore: update yarn.lock (http: remove redundant condition nodejs/node#29078)
e998870 fix(gatsby): Always render the body component to ensure needed head & pre/post body components are added (stream: improve read() performance further nodejs/node#29077)
a1921b5 feat(gatsby): bump opt-in % to dev-ssr to 20% (Assorted typo fixes. nodejs/node#29075)
2439b44 feat(gatsby-codemods): Handle or warn on nested options changes ([x] stream: properties cleanup nodejs/node#29046)
c0e6c92 fix(gatsby-plugin-typescript): add missing options validations (buffer: improve copy() performance nodejs/node#29066)
3163ca6 fix(gatsby-plugin-mdx): Add `root` to plugin validation (stream: writableError & readableError nodejs/node#29010)
6233382 fix(gatsby-plugin-image): Fix onload race condition ([x] stream: error multiple iterators nodejs/node#29064)
c76c175 benchmark(gabe-fs-markdown-images): add img benchmark (stream: readable error emitted nodejs/node#29009)
bd5b5f7 feat(gatsby): allow to skip cache persistence (UDP/Datagram: Can't send messages while bind is done to 127.0.0.1 must bind to 0.0.0.0 nodejs/node#29047)
48db6ac fix(gatsby): fix broken GraphQL resolver tracing (http: replace superfluous property with getter/setter nodejs/node#29015)
90b6e3d fix(gatsby): Use fast-refresh for React 17 (HTTP2 compatibility layer tries to write the header multiple times. nodejs/node#28930)
9a55d12 feat(gatsby): Add eslint rules to warn against bad patterns in pageTemplates (for Fast Refresh) ([Website Generator] Links must be .html for nodejs.org/api but they're actually .md on github nodejs/node#28689)
b9978e1 fix(gatsby-plugin-image): Handle imgStyle in SSR (fs: unecessary argument validation nodejs/node#29043)
f23ba4b fix(gatsby-source-contentful): Improve base64 placeholders (stream: suggestion stream._writeMany nodejs/node#29034)
18b5f30 fix(security): update vulnerable packages, include React 17 in peerDeps (Fully decorated fs.promises for complete fs replacement? nodejs/node#28545)
f8bbc06 docs: edit search documentation (src: add public virtual destructor for KVStore nodejs/node#28737)
004acf0 fix(sharp) wrap sharp calls in try/catch to avoid crashing on bad images (http2: report memory allocated by nghttp2 to V8 nodejs/node#28645)
bf6f264 Hydrate when the page was server rendered (#29016)
e72533d chore(gatsby-plugin-image): Unflag remote images (V12.x staging nodejs/node#29032)
332543c chore(docs): adjust Contentful Rich Text example codes (assert.deepEqual: fix bug with faked boxed primitives nodejs/node#29029)
9bcc12c feat(gatsby-plugin-image): Change fullWidth to use breakpoints (http: ClientRequest streamlike nodejs/node#29002)
168ff60 Fix/contentful add header (stream: don't flush destroyed writable nodejs/node#29028)
a3ad6d7 fix(gatsbu-source-contentful): apply useNameForId when creating the graphql schema (deps: update acorn to 6.2.0 nodejs/node#28649)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

This change is

…reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6444610

fix: deps/npm/docs/package.json & deps/npm/docs/package-lock.json to …

fa6e494

…reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6444610

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade gatsby from 2.13.73 to 2.31.0#122

[Snyk] Security upgrade gatsby from 2.13.73 to 2.31.0#122
kissofire wants to merge 1 commit into
masterfrom
snyk-fix-48b82042d1be88f94a3c5ce5d1d0c3b9

kissofire commented Mar 15, 2024 •

edited

Loading

Labels

2 participants

Conversation

kissofire commented Mar 15, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!