[Snyk] Security upgrade gatsby from 2.23.20 to 2.32.8

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/docs/package.json
  • deps/npm/docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	776/1000 Why? Recently disclosed, Has a fix available, CVSS 9.8	Improper Input Validation SNYK-JS-SOCKETIOPARSER-3091012	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

• 9ecbc81 chore(release): Publish
• 180ebad chore(gatsby): upgrade socket.io (stream: readable.push(undefined) behaviour? nodejs/node#29765) (doc: clarify --pending-deprecation effects on Buffer() usage nodejs/node#29769)
• 65274d6 chore(release): Publish
• 21f02de fix(gatsby-plugin-feed): Exists function and update version fs-extra (build,win: goto lint only after defining node_exe nodejs/node#29616) (ClientHttp2Session doesn't acknowledge new settings nodejs/node#29764)
• 997985a Update index.js (stream: certain sequence of Writable#write and Writable#end will not end stream nodejs/node#29758) (doc: fix nits in dgram.md nodejs/node#29761)
• 61bdabd force cherry-pick (test: proposal common.expectsError nextTick option nodejs/node#29749)
• 91b9d66 feat(gatsby): ignore case option in create redirect (stream: 'error' should be emitted asynchronously nodejs/node#29742)
• 662fe41 chore(release): Publish
• 8a2fac9 Release gatsby plugin gatsby cloud for Gatsby v2 (doc: clarify pipeline stream cleanup nodejs/node#29738)
• d806703 fix(gatsby-source-wordpress):issue repl: declare for initial expression in the for loop, instead of hoisting and re-using nodejs/node#29535 not finished createSchemaCu… (add missing sigemptyset() to init sigset_t nodejs/node#29554) (build: include deps/v8/test/torque in source tarball nodejs/node#29712)
• 49f19fd feat(gatsby): Respect VERBOSE env var (Socket undestroy race nodejs/node#29708) (http: add reusedSocket property on client request nodejs/node#29713)
• 6fa14e4 chore(release): Publish
• 01d07b3 fix(gatsby): more reliable way to use prod versions of react/react-dom (crypto: refactor array buffer view validation nodejs/node#29683)
• 2022f2b chore(gatsby-core-utils): Move isTruthy to gatsby-core-utils (Cryptographically secure random integer in range nodejs/node#29707) (doc: fix URLs to CPU/Heap profilers in inspector nodejs/node#29710)
• ac65482 chore: remove --cache from eslint (worker: fix process._fatalException return type nodejs/node#29706) (test-torque.tq failing source tarball builds for v12.11.0 (V8 7.7) nodejs/node#29709)
• 22dadae fix(gatsby): Fix snapshot for integration-tests/ssr tests (npm audit corrupts non-tty's nodejs/node#29697)
• 9183a6b fix(gatsby-plugin-image): Apply inline styles and img size (nodejs/platform-windows: call for new members nodejs/node#29603) (doc: remove align from tables nodejs/node#29668)
• 2625159 fix(contentful): retry on network errors when checking credentials (stream: remove ambiguous code nodejs/node#29664) (#29672)
• 255b565 chore: fix reset hard in assert-changed-files (Node removes key/value from object when passing to function nodejs/node#29328) (errors: make sure all Node.js errors show their properties nodejs/node#29677)
• be9d9f9 fix(gatsby-plugin-sharp): Fix defaults handling (process: add source-map support to stack traces nodejs/node#29564) (http: remove legacy parser nodejs/node#29589)
• d1f303a tests: Fix cli integration test (Intl.RelativeTimeFormat and Intl.ListFormat don't work on languages other than English on node 12.10.0 nodejs/node#29525) (tools: update remark-preset-lint-node to 1.10.0 nodejs/node#29594)
• 2035475 chore(release): Publish
• febd5e4 fix(gatsby-source-contentful): Correct supported image formats (inspector: update faviconUrl nodejs/node#29562)
• 6374419 fix: drop terminal-link (deps: patch V8 to 7.7.299.10 nodejs/node#29472) (stream: read after destroy? nodejs/node#29477)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note:You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation

[guardrails]

⚠️ We detected 28 security issues in this pull request:

Mode: paranoid | Total findings: 28 | Considered vulnerability: 28

Vulnerable Libraries (28)

Severity	Details
N/A	pkg:npm/[email protected]@0.10.0 (t) upgrade to: 1.0.0
Medium	pkg:npm/[email protected]@7.4.5 (t) - no patch available
High	pkg:npm/[email protected]@6.0.5 (t) - no patch available
High	pkg:npm/[email protected]@3.5.0 (t) - no patch available
Critical	pkg:npm/[email protected]@2.0.3 (t) - no patch available
Medium	pkg:npm/[email protected]@2.6.1 (t) - no patch available
Critical	pkg:npm/[email protected]@4.0.4 (t) - no patch available
Medium	pkg:npm/[email protected]@4.0.5 (t) - no patch available
High	pkg:npm/[email protected]@4.18.2 (t) - no patch available
Medium	pkg:npm/%40hapi/[email protected]@8.5.0 (t) - no patch available
Critical	pkg:npm/[email protected]@3.1.1 (t) - no patch available
N/A	pkg:npm/[email protected]@0.3.6 (t) upgrade to: 0.4.0
Critical	pkg:npm/[email protected]@4.0.5 (t) - no patch available
Critical	pkg:npm/[email protected]@0.2.3 (t) upgrade to: 0.4.0
High	pkg:npm/[email protected]@3.0.0 (t) upgrade to: 4.2.2
Critical	pkg:npm/[email protected]@4.17.15 (t) - no patch available
High	pkg:npm/[email protected]@1.3.5 (t) upgrade to: 1.3.6
Medium	pkg:npm/[email protected]@0.10.62 (t) - no patch available
Medium	pkg:npm/[email protected]@6.0.2 (t) - no patch available
High	pkg:npm/[email protected]@4.5.0 (t) - no patch available
High	@hapi/[email protected] (t) upgrade to: >8.5.0
Critical	[email protected] upgrade to: >=5.0.1
High	[email protected] (t) upgrade to: >=1.3.6
Critical	[email protected] (t) upgrade to: >1.4.1 || >2.0.1
High	[email protected] (t) upgrade to: >6.0.2
High	[email protected] (t) upgrade to: >4.17.20
High	[email protected] (t) upgrade to: >6.0.2
High	[email protected] (t) upgrade to: >5.0.0

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.