search

fnplus / footsteps-app

A search 🔎 engine of experts-led learning paths. Learn by following the footsteps (journey) of experts. 👨‍💻👩‍💻
https://www.footsteps.dev/
GNU General Public License v3.0
42 stars 72 forks source link

[Snyk] Fix for 3 vulnerabilities #174

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 616/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.9		 Server-Side Request Forgery (SSRF)
SNYK-JS-AXIOS-1038255		 No Proof of Concept
medium severity 504/1000
Why? Has a fix available, CVSS 5.8		 Prototype Pollution
SNYK-JS-HIGHLIGHTJS-1045326		 No No Known Exploit
medium severity 520/1000
Why? Has a fix available, CVSS 5.9		 Denial of Service
SNYK-JS-NODEFETCH-674311		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gatsby The new version differs by 250 commits.
  • fbc5893 chore(release): Publish
  • e693b62 chore: update yarn.lock (#29078)
  • e998870 fix(gatsby): Always render the body component to ensure needed head & pre/post body components are added (#29077)
  • a1921b5 feat(gatsby): bump opt-in % to dev-ssr to 20% (#29075)
  • 2439b44 feat(gatsby-codemods): Handle or warn on nested options changes (#29046)
  • c0e6c92 fix(gatsby-plugin-typescript): add missing options validations (#29066)
  • 3163ca6 fix(gatsby-plugin-mdx): Add `root` to plugin validation (#29010)
  • 6233382 fix(gatsby-plugin-image): Fix onload race condition (#29064)
  • c76c175 benchmark(gabe-fs-markdown-images): add img benchmark (#29009)
  • bd5b5f7 feat(gatsby): allow to skip cache persistence (#29047)
  • 48db6ac fix(gatsby): fix broken GraphQL resolver tracing (#29015)
  • 90b6e3d fix(gatsby): Use fast-refresh for React 17 (#28930)
  • 9a55d12 feat(gatsby): Add eslint rules to warn against bad patterns in pageTemplates (for Fast Refresh) (#28689)
  • b9978e1 fix(gatsby-plugin-image): Handle imgStyle in SSR (#29043)
  • f23ba4b fix(gatsby-source-contentful): Improve base64 placeholders (#29034)
  • 18b5f30 fix(security): update vulnerable packages, include React 17 in peerDeps (#28545)
  • f8bbc06 docs: edit search documentation (#28737)
  • 004acf0 fix(sharp) wrap sharp calls in try/catch to avoid crashing on bad images (#28645)
  • bf6f264 Hydrate when the page was server rendered (#29016)
  • e72533d chore(gatsby-plugin-image): Unflag remote images (#29032)
  • 332543c chore(docs): adjust Contentful Rich Text example codes (#29029)
  • 9bcc12c feat(gatsby-plugin-image): Change fullWidth to use breakpoints (#29002)
  • 168ff60 Fix/contentful add header (#29028)
  • a3ad6d7 fix(gatsbu-source-contentful): apply useNameForId when creating the graphql schema (#28649)
See the full diff
Package name: gatsby-cli The new version differs by 250 commits.
  • fbc5893 chore(release): Publish
  • e693b62 chore: update yarn.lock (#29078)
  • e998870 fix(gatsby): Always render the body component to ensure needed head & pre/post body components are added (#29077)
  • a1921b5 feat(gatsby): bump opt-in % to dev-ssr to 20% (#29075)
  • 2439b44 feat(gatsby-codemods): Handle or warn on nested options changes (#29046)
  • c0e6c92 fix(gatsby-plugin-typescript): add missing options validations (#29066)
  • 3163ca6 fix(gatsby-plugin-mdx): Add `root` to plugin validation (#29010)
  • 6233382 fix(gatsby-plugin-image): Fix onload race condition (#29064)
  • c76c175 benchmark(gabe-fs-markdown-images): add img benchmark (#29009)
  • bd5b5f7 feat(gatsby): allow to skip cache persistence (#29047)
  • 48db6ac fix(gatsby): fix broken GraphQL resolver tracing (#29015)
  • 90b6e3d fix(gatsby): Use fast-refresh for React 17 (#28930)
  • 9a55d12 feat(gatsby): Add eslint rules to warn against bad patterns in pageTemplates (for Fast Refresh) (#28689)
  • b9978e1 fix(gatsby-plugin-image): Handle imgStyle in SSR (#29043)
  • f23ba4b fix(gatsby-source-contentful): Improve base64 placeholders (#29034)
  • 18b5f30 fix(security): update vulnerable packages, include React 17 in peerDeps (#28545)
  • f8bbc06 docs: edit search documentation (#28737)
  • 004acf0 fix(sharp) wrap sharp calls in try/catch to avoid crashing on bad images (#28645)
  • bf6f264 Hydrate when the page was server rendered (#29016)
  • e72533d chore(gatsby-plugin-image): Unflag remote images (#29032)
  • 332543c chore(docs): adjust Contentful Rich Text example codes (#29029)
  • 9bcc12c feat(gatsby-plugin-image): Change fullWidth to use breakpoints (#29002)
  • 168ff60 Fix/contentful add header (#29028)
  • a3ad6d7 fix(gatsbu-source-contentful): apply useNameForId when creating the graphql schema (#28649)
See the full diff
Package name: gatsby-source-graphql The new version differs by 250 commits.
  • fbc5893 chore(release): Publish
  • e693b62 chore: update yarn.lock (#29078)
  • e998870 fix(gatsby): Always render the body component to ensure needed head & pre/post body components are added (#29077)
  • a1921b5 feat(gatsby): bump opt-in % to dev-ssr to 20% (#29075)
  • 2439b44 feat(gatsby-codemods): Handle or warn on nested options changes (#29046)
  • c0e6c92 fix(gatsby-plugin-typescript): add missing options validations (#29066)
  • 3163ca6 fix(gatsby-plugin-mdx): Add `root` to plugin validation (#29010)
  • 6233382 fix(gatsby-plugin-image): Fix onload race condition (#29064)
  • c76c175 benchmark(gabe-fs-markdown-images): add img benchmark (#29009)
  • bd5b5f7 feat(gatsby): allow to skip cache persistence (#29047)
  • 48db6ac fix(gatsby): fix broken GraphQL resolver tracing (#29015)
  • 90b6e3d fix(gatsby): Use fast-refresh for React 17 (#28930)
  • 9a55d12 feat(gatsby): Add eslint rules to warn against bad patterns in pageTemplates (for Fast Refresh) (#28689)
  • b9978e1 fix(gatsby-plugin-image): Handle imgStyle in SSR (#29043)
  • f23ba4b fix(gatsby-source-contentful): Improve base64 placeholders (#29034)
  • 18b5f30 fix(security): update vulnerable packages, include React 17 in peerDeps (#28545)
  • f8bbc06 docs: edit search documentation (#28737)
  • 004acf0 fix(sharp) wrap sharp calls in try/catch to avoid crashing on bad images (#28645)
  • bf6f264 Hydrate when the page was server rendered (#29016)
  • e72533d chore(gatsby-plugin-image): Unflag remote images (#29032)
  • 332543c chore(docs): adjust Contentful Rich Text example codes (#29029)
  • 9bcc12c feat(gatsby-plugin-image): Change fullWidth to use breakpoints (#29002)
  • 168ff60 Fix/contentful add header (#29028)
  • a3ad6d7 fix(gatsbu-source-contentful): apply useNameForId when creating the graphql schema (#28649)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

netlify[bot] commented 3 years ago

:heavy_check_mark: Deploy preview for footsteps-app ready!

:hammer: Explore the source changes: 9c60b100bbeb78d37e0cf08d5792b118e80bb695

:mag: Inspect the deploy logs: https://app.netlify.com/sites/footsteps-app/deploys/6007582fdc06b700075118ce

:sunglasses: Browse the preview: https://deploy-preview-174--footsteps-app.netlify.app