[Snyk] Security upgrade gatsby-plugin-sharp from 2.3.10 to 4.23.0 by molllyn1 · Pull Request #55 · molllyn1/node

molllyn1 · 2022-09-14T03:16:40Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- deps/npm/docs/package.json
- deps/npm/docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby-plugin-sharp

The new version differs by 250 commits.

92543af chore(release): Publish
e79623c fix(create-gatsby): Missing "plugins" in cmses.json (Full support of WhatWg Streams nodejs/node#36566)
a373d80 chore(docs): Remove `content` from sourcing guide (#36562)
8b59183 fix(gatsby): Remove default support for non ESM browsers ([Bug] Remove the incorrect event listener. nodejs/node#36522)
fab2db2 chore: setup v5 release channel (tools: fix release script nodejs/node#36540)
bac1e7a chore(gatsby): Update `react-refresh` to `^0.14.0` ([v14.x] Revert "http: lazy create IncomingMessage.headers" nodejs/node#36553)
5f6ad91 chore(deps): update dependency autoprefixer to ^10.4.8 for gatsby-plugin-sass (doc: nodejs/node#36273)
cc3ef79 fix(deps): update dependency eslint-plugin-react-hooks to ^4.6.0 (403 Forbidden for the most recent coverage reports nodejs/node#36040)
856b695 chore(deps): update [dev] minor and patch dependencies for gatsby-legacy-polyfills (src: fix compiler warning in env.cc nodejs/node#35547)
0b6e823 chore(deps): update dependency @ types/semver to ^7.3.12 (n-api: emit uncaught-exception on calling into modules nodejs/node#36510)
0e56ad6 chore(deps): update dependency microbundle to ^0.15.1 for gatsby-link (build: ./node built with --node-builtin-modules-path runs into an error recently nodejs/node#36512)
80f6616 chore(deps): update dependency microbundle to ^0.15.1 for gatsby-script (Syntax error thrown for correct syntax within node shell nodejs/node#36513)
34c8e51 fix(deps): update dependency eslint-plugin-jsx-a11y to ^6.6.1 (test: add missing test coverage for setLocalAddress() nodejs/node#36039)
afba8ca chore(deps): update [dev] minor and patch dependencies for gatsby-source-shopify (test,tools: use .then(common.mustCall()) for all async IIFEs + linter rule nodejs/node#34363)
b55e1d5 chore(docs): monorepos support (doc: run license-builder nodejs/node#36504)
8aeae21 fix(gatsby): pass custom graphql context provided by createResolverContext to materialization executor (lib: restate the code to use primordials nodejs/node#36552)
9c5eacf fix(gatsby): Handle renderToPipeableStream errors (v14.15.3 proposal nodejs/node#36555)
42e241c feat(gatsby): split up head & page component loading (doc: simplify worker_threads.md text nodejs/node#36545)
dc9aa9a chore(gatsby): perfect `GatsbyConfig.proxy` type (test: redirect stderr EnvironmentWithNoESMLoader nodejs/node#36548)
1125e58 fix: ci pipeline (doc: Piping multiple streams to the same Writable stream might not end nodejs/node#36544)
7fe8e51 fix(deps): update dependency react-docgen to ^5.4.3 for gatsby-transformer-react-docgen (stdio: implement manual start for ReadStream nodejs/node#36277)
bc04e8f chore(docs): migrate cloud docs to dotcom(1) (Add two tips for speeding up the dev builds nodejs/node#36452)
59c1f4f fix(deps): update starters and examples - gatsby (doc: os.uptime() temporary bug notice nodejs/node#36503)
0d4dfe9 chore(docs): update url of `deleteNode` (worker: implement Web Locks API nodejs/node#36502)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

…reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032

guardrails · 2022-09-14T03:22:00Z

⚠️ We detected 1 security issue in this pull request:

Mode: paranoid | Total findings: 1 | Considered vulnerability: 1

Vulnerable Libraries (1)

Severity	Details
Medium	bl@3.0.0 (t) upgrade to: =3.0.0 \|\| >=1.2.3

More info on how to fix Vulnerable Libraries in JavaScript.

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

fix: deps/npm/docs/package.json & deps/npm/docs/package-lock.json to …

81ba32d

…reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade gatsby-plugin-sharp from 2.3.10 to 4.23.0#55

[Snyk] Security upgrade gatsby-plugin-sharp from 2.3.10 to 4.23.0#55
molllyn1 wants to merge 1 commit into
masterfrom
snyk-fix-680194f5725133a37a2983f2498e640f

molllyn1 commented Sep 14, 2022

guardrails Bot commented Sep 14, 2022

Labels

2 participants

Conversation