[Snyk] Security upgrade gatsby-plugin-sharp from 2.3.10 to 3.15.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/docs/package.json
  • deps/npm/docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-CSSWHAT-1298035	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby-plugin-sharp

The new version differs by 250 commits.

• c1e67a2 chore(release): Publish
• 0c45654 chore: remove tracedSVG (CONTRIBUTING.md nodejs/node#37093) (just some practice nodejs/node#37137)
• d7edf95 chore(release): Publish
• 2d00ea0 fix(gatsby-plugin-mdx): Do not leak frontmatter into page (ESM importing a CommonJS calls getters nodejs/node#35859) (fix comment nodejs/node#35913)
• 4997d63 chore(release): Publish
• ff94ed5 fix(gatsby-plugin-mdx): don't allow JS frontmatter by default (zlib: test BrotliCompress throws invalid arg value nodejs/node#35830) (#35834)
• 36f21b0 chore: Removate validate-renovate from v3-latest branch (src: guard against nullptr deref in TimerWrapHandle::Stop nodejs/node#34460)
• 1acb1bc chore(release): Publish
• 1589bd8 fix(gatsby): ensure that writing node manifests to disk does not break on Windows (Why the http client does not support the keep alive feature? nodejs/node#33853) (tls: add getter and setter for session ticket number. nodejs/node#34020)
• 9694010 fix(gatsby-source-drupal): Ensure all new nodes are created before creating relationships (Rename default branch from "master" to "main" nodejs/node#33864) (quic: fix lint error in node_quic_crypto nodejs/node#34019)
• 76deb39 fix(gatsby-source-drupal): searcParams missing from urls (Value display error nodejs/node#33861) (fix drain() function for "Piping to writable streams from async iterators" nodejs/node#34018)
• f74cc8f feat(gatsby-source-drupal): Add node manifest support for previews (src: remove unnecessary ToLocalChecked call nodejs/node#33683) (timers: allow timers to be used as primitives nodejs/node#34017)
• 476a591 chore(release): Publish
• 35b48f8 fix(gatsby-plugin-image): GatsbyImage not displaying image in IE11 (module: CJS exports detection for modules with __esModule export nodejs/node#33416) (VM aborts when error thrown when in property setter nodejs/node#33806)
• 880022e fix(gatsby-plugin-image): flickering when state changes (lib/internal/util.js#join function is slower than the built-in Array#join nodejs/node#33732) (v8: implement v8.takeCoverage() and v8.stopCoverage() nodejs/node#33807)
• c0d07e7 feat(gatsby-source-wordpress): Update supported-remote-plugin-versions.ts (async_hooks: callback trampoline for MakeCallback nodejs/node#33801) (n-api: document nextTick timing in callbacks nodejs/node#33804)
• 3d9a702 chore(release): Publish
• 84053a2 fix(gatsby-plugin-sharp): pass input buffer instead of readStream when processing image jobs (build: fix node.gyp config nodejs/node#33685) (node --jitless segfault on mipsel or mips64el nodejs/node#33703)
• 4722a0d fix(gatsby-source-drupal): Add timeout in case of stalled API requests (invalid syntax for loop in python  nodejs/node#33668) (doc: UNABLE_TO_VERIFY_LEAF_SIGNATURE/unable to verify the first certificate error not documented nodejs/node#33705)
• 857a628 fix(gatsby): single page node manifest accuracy (benchmark: fix async-resource benchmark nodejs/node#33642) (Unexpected performance penalty when using field initialiser nodejs/node#33698)
• 6bfd0f1 Properly set the pathPrefix and assetPrefix in the pluginData (doc:  nodejs/node#33667) (deps: V8: re-enable interpreted frames native stack on S390 nodejs/node#33702)
• 26c51c0 fix(gatsby-source-drupal): cache backlink records (src: use enum for refed flag on native immediates nodejs/node#33444) (#33701)
• b80c53a fix(gatsby-source-drupal): Correctly update nodes with changed back references so queries are re-run (src: forbid lt and gt in url host code point nodejs/node#33328) (Why does HTTP1 module lack support for certain request methods? nodejs/node#33699)
• e29a194 chore: use gatsby-dev-cli@latest-v3 in tests

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[guardrails]

⚠️ We detected 3 security issues in this pull request:

Mode: paranoid | Total findings: 3 | Considered vulnerability: 3

Vulnerable Libraries (3)

Severity	Details
Medium	bl@3.0.0 (t) upgrade to: >=1.2.3 || =3.0.0
High	body-parser@1.19.0 (t) upgrade to: 1.19.0
Medium	gatsby-plugin-sharp@3.15.0 upgrade to: >=5.10.0

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.