Closed snyk-bot closed 1 year ago
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Deserialization of Untrusted Data
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Recently disclosed, Has a fix available, CVSS 8.1
SNYK-JS-GATSBYPLUGINMDX-2405699
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: gatsby-plugin-mdx
The new version differs by 165 commits.- cda0777 chore(release): Publish
- e916cf8 fix(gatsby-plugin-mdx): don't allow JS frontmatter by default (#35830) (#35832)
- ab3131a chore(release): Publish
- 4f4d2d7 feat(gatsby-source-drupal): Allow sites to configure the request timeout (#35794) (#35820)
- 2652fa8 chore(release): Publish
- 629b30f fix(gatsby-plugin-preload-fonts): disable cache (#34633) (#35790)
- ae95d66 fix(gatsby-script): Make load callback work when both load and error callbacks defined (#35760) (#35787)
- 9f5c107 fix(function): prioritize raw body parser (#35780) (#35786)
- e7a3e6e fix(gatsby-plugin-utils): Make `GatsbyImageData` nullable (#35777) (#35785)
- 823b22e chore(release): Publish
- 884c554 fix(gatsby): correctly auto-load preview plugin (#35745) (#35746)
- 56fb124 chore(release): Publish
- efef49c chore: skip package without releases?
- 791071f chore: skip changelog rewrite if changelog doesn't exist
- fb4de37 chore: don't use npm-run-all to build packages
- 04f9509 chore: re-pin select packages after 'lerna version' (#35725) (#35726)
- c9df5a0 fix(gatsby-script): Adjust warning control flow (#35721) (#35722)
- 6b9749b feat(gatsby-script): Duplicate script callbacks if no injected script callbacks (#35717) (#35723)
- 459fab4 feat: Add `gatsby-parcel-namer-relative-to-cwd` to monorepo & update Parcel to 2.5.0 (#35446)
- f7f8ffe refactor(gatsby,gatsby-script): Misc review comments (#35710)
- 191c557 feat(gatsby-script): Handle duplicate script callbacks (#35708)
- eb59c93 chore(gatsby): Update `IPluginRefObject` type (#35711)
- 2289a2c chore(gatsby-dev-cli): Update README
- 972e6e1 chore: `yarn_pnp` tests uses `gatsby-dev-cli` instead of portals (#35699)
See the full diffCheck the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Deserialization of Untrusted Data