haysclark / gatsby-starter-casper

The Casper theme v1.4 ported to GatsbyJS
https://haysclark.github.io/gatsby-starter-casper/
MIT License
198 stars 54 forks source link

[Snyk] Security upgrade gatsby from 2.0.85 to 2.32.8 #101

Open haysclark opened 11 months ago

haysclark commented 11 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![low severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/l.png "low severity") | **506/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 3.7 | Regular Expression Denial of Service (ReDoS)
[npm:debug:20170905](https://snyk.io/vuln/npm:debug:20170905) | No | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: gatsby The new version differs by 250 commits.
  • 9ecbc81 chore(release): Publish
  • 180ebad chore(gatsby): upgrade socket.io (#29765) (#29769)
  • 65274d6 chore(release): Publish
  • 21f02de fix(gatsby-plugin-feed): Exists function and update version fs-extra (#29616) (#29764)
  • 997985a Update index.js (#29758) (#29761)
  • 61bdabd force cherry-pick (#29749)
  • 91b9d66 feat(gatsby): ignore case option in create redirect (#29742)
  • 662fe41 chore(release): Publish
  • 8a2fac9 Release gatsby plugin gatsby cloud for Gatsby v2 (#29738)
  • d806703 fix(gatsby-source-wordpress):issue #29535 not finished createSchemaCu… (#29554) (#29712)
  • 49f19fd feat(gatsby): Respect VERBOSE env var (#29708) (#29713)
  • 6fa14e4 chore(release): Publish
  • 01d07b3 fix(gatsby): more reliable way to use prod versions of react/react-dom (#29683)
  • 2022f2b chore(gatsby-core-utils): Move isTruthy to gatsby-core-utils (#29707) (#29710)
  • ac65482 chore: remove --cache from eslint (#29706) (#29709)
  • 22dadae fix(gatsby): Fix snapshot for integration-tests/ssr tests (#29697)
  • 9183a6b fix(gatsby-plugin-image): Apply inline styles and img size (#29603) (#29668)
  • 2625159 fix(contentful): retry on network errors when checking credentials (#29664) (#29672)
  • 255b565 chore: fix reset hard in assert-changed-files (#29328) (#29677)
  • be9d9f9 fix(gatsby-plugin-sharp): Fix defaults handling (#29564) (#29589)
  • d1f303a tests: Fix cli integration test (#29525) (#29594)
  • 2035475 chore(release): Publish
  • febd5e4 fix(gatsby-source-contentful): Correct supported image formats (#29562)
  • 6374419 fix: drop terminal-link (#29472) (#29477)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/haysclark/project/84a46da2-929c-4011-a1c0-e2f10a98415b?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/haysclark/project/84a46da2-929c-4011-a1c0-e2f10a98415b?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"77c13573-7417-4b4e-bfde-ce9b9a20087e","prPublicId":"77c13573-7417-4b4e-bfde-ce9b9a20087e","dependencies":[{"name":"gatsby","from":"2.0.85","to":"2.32.8"}],"packageManager":"npm","projectPublicId":"84a46da2-929c-4011-a1c0-e2f10a98415b","projectUrl":"https://app.snyk.io/org/haysclark/project/84a46da2-929c-4011-a1c0-e2f10a98415b?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["npm:debug:20170905"],"upgrade":["npm:debug:20170905"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[506],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr)