[Snyk] Security upgrade gatsby from 2.13.73 to 5.0.0#96

kissofire · 2023-03-18T12:10:16Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- deps/npm/docs/package.json
- deps/npm/docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-BROWSERSLIST-1090194	No	Proof of Concept
696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	No	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	Yes	Proof of Concept
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-3023021	Yes	Proof of Concept
571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Improper Input Validation SNYK-JS-PARSEURL-3024398	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Command Injection SNYK-JS-REACTDEVUTILS-1083268	Yes	Proof of Concept
619/1000 Why? Has a fix available, CVSS 8.1	Cross-site Scripting (XSS) SNYK-JS-SERIALIZEJAVASCRIPT-536840	No	No Known Exploit
706/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.7	Arbitrary Code Injection SNYK-JS-SERIALIZEJAVASCRIPT-570062	No	Proof of Concept
619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-TERSER-2806366	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

0c6cd61 chore(release): Publish
5e8e621 chore: Update main README (module: ESM loader approach nodejs/node#36954)
7130cd4 test(gatsby): Slices API integration tests (Running JS linter... never completes nodejs/node#36747)
6496eed chore(release): Publish next
bc7ac84 chore: preserve previous webpack stats derived values, even if we restart webpack itself (deps: update ICU to 68.2 nodejs/node#36980)
2b5af32 fix: drop `__renderedByLocation` prop when calculating slice props hashes and don't expose it to slice component (#36979)
cc1ee9b chore(release): Publish next
6a53861 chore(gatsby-link): Correct type export (Import are case insensitive in window 10 nodejs/node#36968)
0ad6314 fix(gatsby-graphiql-explorer): Use upstream exporter package (test: fixup flaky test-crypto-x509 on windows nodejs/node#36966)
964265c chore(release): Publish next
b624442 chore: Update peerDeps (#36965)
b2ab092 chore(release): Publish next
e2a14bf feat(gatsby): Slices <> partial hydration interop (doc: remove pull-requests.md preamble nodejs/node#36960)
0083e62 fix(deps): update starters and examples gatsby packages to ^4.24.7 (Add CodeQL security analysis to GitHub Actions workflows nodejs/node#36957)
68e9cab chore(changelogs): update changelogs (Math.min NOT work with 123021 numbers nodejs/node#36958)
b9eb8d2 chore(deps): update dependency autoprefixer to ^10.4.13 for gatsby-plugin-sass (doc: add miladfarca to collaborators nodejs/node#36934)
58c37ea chore(deps): update dependency @ jridgewell/trace-mapping to ^0.3.17 for gatsby-legacy-polyfills (test: skip internet for test-npm-install nodejs/node#36933)
a5e4c47 fix(deps): update dependency body-parser to ^1.20.1 for gatsby-source-drupal ([v14.x Backport] http: don't cork noop .end() nodejs/node#36940)
c86aa7e chore(docs): Add clarification for Pro Tip on Part 4 of tutorial (module: deprecate "main" index and extension lookups nodejs/node#36918)
d5c775a feat(gatsby): handle graphql-import-node bundling (doc: add iansu to collaborators nodejs/node#36951)
59e2976 feat(gatsby-remark-embed-snippet): added csproj to language map so it will be recognized as xml (#36919)
c8a7dda chore(docs): Valhalla Content Hub Reference Guide (events.once creates an error listener that is not removed on abort. nodejs/node#36949)
3044280 fix(gatsby): stitch slices if just page html was regenerating without any of used slices regenerating (test: improve coverage for Module getters nodejs/node#36950)
10abdcb chore(release): Publish next

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note:You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Server-Side Request Forgery (SSRF)
🦉 Open Redirect
🦉 More lessons are available in Snyk Learn

This change is

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Security upgrade gatsby from 2.13.73 to 5.0.0#96

[Snyk] Security upgrade gatsby from 2.13.73 to 5.0.0 #96

Uh oh!

kissofire commented Mar 18, 2023•
edited
Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

[Snyk] Security upgrade gatsby from 2.13.73 to 5.0.0#96

Are you sure you want to change the base?

[Snyk] Security upgrade gatsby from 2.13.73 to 5.0.0 #96

Uh oh!

Conversation

kissofire commented Mar 18, 2023• edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

kissofire commented Mar 18, 2023•
edited
Loading