[Snyk] Security upgrade gatsby from 2.18.18 to 2.32.8 by ron-a20 · Pull Request #25 · ron-a20/node

ron-a20 · 2021-02-26T00:10:13Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- deps/npm/docs/package.json
- deps/npm/docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

9ecbc81 chore(release): Publish
180ebad chore(gatsby): upgrade socket.io (stream: readable.push(undefined) behaviour? nodejs/node#29765) (doc: clarify --pending-deprecation effects on Buffer() usage nodejs/node#29769)
65274d6 chore(release): Publish
21f02de fix(gatsby-plugin-feed): Exists function and update version fs-extra (build,win: goto lint only after defining node_exe nodejs/node#29616) (ClientHttp2Session doesn't acknowledge new settings nodejs/node#29764)
997985a Update index.js (stream: certain sequence of Writable#write and Writable#end will not end stream nodejs/node#29758) (doc: fix nits in dgram.md nodejs/node#29761)
61bdabd force cherry-pick (test: proposal common.expectsError nextTick option nodejs/node#29749)
91b9d66 feat(gatsby): ignore case option in create redirect (stream: 'error' should be emitted asynchronously nodejs/node#29742)
662fe41 chore(release): Publish
8a2fac9 Release gatsby plugin gatsby cloud for Gatsby v2 (doc: clarify pipeline stream cleanup nodejs/node#29738)
d806703 fix(gatsby-source-wordpress):issue repl: declare for initial expression in the for loop, instead of hoisting and re-using nodejs/node#29535 not finished createSchemaCu… (add missing sigemptyset() to init sigset_t nodejs/node#29554) (build: include deps/v8/test/torque in source tarball nodejs/node#29712)
49f19fd feat(gatsby): Respect VERBOSE env var (Socket undestroy race nodejs/node#29708) (http: add reusedSocket property on client request nodejs/node#29713)
6fa14e4 chore(release): Publish
01d07b3 fix(gatsby): more reliable way to use prod versions of react/react-dom (crypto: refactor array buffer view validation nodejs/node#29683)
2022f2b chore(gatsby-core-utils): Move isTruthy to gatsby-core-utils (Cryptographically secure random integer in range nodejs/node#29707) (doc: fix URLs to CPU/Heap profilers in inspector nodejs/node#29710)
ac65482 chore: remove --cache from eslint (worker: fix process._fatalException return type nodejs/node#29706) (test-torque.tq failing source tarball builds for v12.11.0 (V8 7.7) nodejs/node#29709)
22dadae fix(gatsby): Fix snapshot for integration-tests/ssr tests (npm audit corrupts non-tty's nodejs/node#29697)
9183a6b fix(gatsby-plugin-image): Apply inline styles and img size (nodejs/platform-windows: call for new members nodejs/node#29603) (doc: remove align from tables nodejs/node#29668)
2625159 fix(contentful): retry on network errors when checking credentials (stream: remove ambiguous code nodejs/node#29664) (#29672)
255b565 chore: fix reset hard in assert-changed-files (Node removes key/value from object when passing to function nodejs/node#29328) (errors: make sure all Node.js errors show their properties nodejs/node#29677)
be9d9f9 fix(gatsby-plugin-sharp): Fix defaults handling (process: add source-map support to stack traces nodejs/node#29564) (http: remove legacy parser nodejs/node#29589)
d1f303a tests: Fix cli integration test (Intl.RelativeTimeFormat and Intl.ListFormat don't work on languages other than English on node 12.10.0 nodejs/node#29525) (tools: update remark-preset-lint-node to 1.10.0 nodejs/node#29594)
2035475 chore(release): Publish
febd5e4 fix(gatsby-source-contentful): Correct supported image formats (inspector: update faviconUrl nodejs/node#29562)
6374419 fix: drop terminal-link (deps: patch V8 to 7.7.299.10 nodejs/node#29472) (stream: read after destroy? nodejs/node#29477)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

…reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ENGINEIO-1056749

fix: deps/npm/docs/package.json & deps/npm/docs/package-lock.json to …

0f4e426

…reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-ENGINEIO-1056749

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade gatsby from 2.18.18 to 2.32.8#25

[Snyk] Security upgrade gatsby from 2.18.18 to 2.32.8#25
ron-a20 wants to merge 1 commit into
masterfrom
snyk-fix-728be5fb6f050fc073b35236ca08b4c6

ron-a20 commented Feb 26, 2021

Labels

2 participants

Conversation