[Snyk] Security upgrade gatsby from 2.18.18 to 3.0.0

[molllyn1]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/docs/package.json
  • deps/npm/docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	713/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

• f1d3f7b chore(release): Publish
• 6e6ea56 chore(release): Publish rc
• df50ce7 fix(gatsby): Add dir=ltr to Fast Refresh overlay (Inconsistent Date.prototype.getTime() value across different Node.js versions nodejs/node#29900) (fs: remove options.encoding from Dir.read*() nodejs/node#29908)
• 83adec5 chore(docs): update readme (windowsHide:true prevents SIGINT on child processes nodejs/node#29837) (module: warn on require of .js inside type: module nodejs/node#29909)
• b2628da will git stop being weird (Gyp Python 3 fixes for Windows nodejs/node#29897) (NodeJs 12.11.1 NGHTTP2_ENHANCE_YOUR_CALM  nodejs/node#29907)
• c98c87f chore(release): Publish rc
• c8bf571 fix(gatsby-source-wordpress): image fixes (configure.py: upgrade from optparse to argparse nodejs/node#29813) (test: remove unnecessary --expose-internals flags nodejs/node#29886)
• 85bb8ea fix(gatsby-plugin-image): Update peerdeps (src: bring 425 status code name into accordance with RFC 8470 nodejs/node#29880) (regex source property escaping value changed? nodejs/node#29888)
• c266b83 fix(gatsby): Remove `react-hot-loader` deps & other unused deps (vm: add Synthetic modules nodejs/node#29864) (http2: allow passing FileHandle to respondWithFD nodejs/node#29876)
• 222ca3f fix(gatsby): with some custom babel configs array spreading with Set is not safe (deps: update npm to 6.12.0 nodejs/node#29885) (test: fix flaky test-http2-client-upload nodejs/node#29889)
• ea31900 chore(release): Publish rc
• f070422 fix(gatsby): Fix various small DEV_SSR bugs exposed in development_runtime tests (#29720) (esm: Unflag --experimental-modules nodejs/node#29866)
• cb3b1ca chore: update peerdeps to latest major versions (doc: notes about forwarding stream options nodejs/node#29857) (esm: unflag --experimental-exports nodejs/node#29867)
• 8639f7b fix(create-gatsby): Use legacy peer deps (stream: How to destroy and stop Readable? nodejs/node#29856) (module: allow unrestricted cjs requires nodejs/node#29862)
• fdc1fe2 fix(gatsby): fix some css HMR edge cases (doc: fix tls version values nodejs/node#29839) (Future work for source-map functionality nodejs/node#29865)
• e8a7e3b fix(gatsby-plugin-preact): fix fast-refresh (Weird behaviour when spawning bash scripts nodejs/node#29831) (doc: Documenting known issues and discrepancies nodejs/node#29860)
• e7453c3 fix(gatsby): Improve Fast Refresh overlay styles (http: IncomingMessage destroyed state nodejs/node#29855) (stream: don't emit 'error' on non destructive errors? nodejs/node#29861)
• 76f4f96 chore: upgrade postcss & plugins (The digest function of the Crypto module's Hash object fails encoding hash in utf16le encoding nodejs/node#29793)
• de6cba6 chore(release): Publish rc
• aafe584 fix: query on demand loading indicator always active on preact. (The differences between http2 compatibility API and http[s] nodejs/node#29829) (stream: don't deadlock duplexpair nodejs/node#29836)
• 34f5b8c fix(hmr): accept hot updates for modules above page templates (cli: rename --loader to --experimental-loader nodejs/node#29752) (Update.README.js nodejs/node#29835)
• b8d21f8 fix(gatsby): workaround graphql-compose issue (doc: correct typos in security release process nodejs/node#29822) (lib: introduce no-mixed-operators eslint rule to lib nodejs/node#29834)
• 32fee71 fix(gatsby): eslint linting (v12.11.1 release proposal nodejs/node#29796) (build: replace optparse for argparse in configure.py nodejs/node#29814)
• bca7951 fix(gatsby-source-wordpress): HTML image regex's (repl: check for NODE_REPL_EXTERNAL_MODULE nodejs/node#29778) (http2: support passing options of http2.connect to net.connect nodejs/node#29816)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[guardrails]

⚠️ We detected 4 security issues in this pull request:

Mode: paranoid | Total findings: 4 | Considered vulnerability: 4

Vulnerable Libraries (4)

Severity	Details
Medium	pkg:npm/es5-ext@0.10.62@0.10.62 (t) - no patch available
Medium	pkg:npm/%40hapi/hoek@8.5.0@8.5.0 (t) - no patch available
High	pkg:npm/immer@8.0.1@8.0.1 (t) upgrade to: 9.0.6
High	pkg:npm/ini@1.3.5@1.3.5 (t) upgrade to: 1.3.6

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.