haysclark / gatsby-starter-casper

The Casper theme v1.4 ported to GatsbyJS
https://haysclark.github.io/gatsby-starter-casper/
MIT License
198 stars 54 forks source link

[Snyk] Security upgrade gatsby from 2.0.85 to 2.1.1 #57

Open snyk-bot opened 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

⚠️ Warning ``` Failed to update the package-lock.json, please update manually before merging. ```

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 472/1000
Why? Proof of Concept exploit, CVSS 7.3
Prototype Pollution
SNYK-JS-Y18N-1021887
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gatsby The new version differs by 250 commits.
  • ba46e99 chore(release): Publish
  • 8494a1b Move to @gatsbyjs scoped version of yarn (#11759)
  • 67c0131 fix(blog): 2019-01-01 json code blocks (#11750)
  • d1ae7ab fix(starters): update dependency gatsby to ^2.1.0 (#11745)
  • 03fae48 fix(starters): update dependency prop-types to ^15.7.2 (#11748)
  • 5e7899c feat(showcase): add Incremental.com.au (#11729)
  • 8f7f8cd feat(starters): add starter magicsoup.io (#11670)
  • bb147bd docs(gatsby): Add documentation for useStaticQuery (#11741)
  • 9896fa0 chore(release): Publish
  • f149c4c feat(gatsby): add useStaticQuery hook (#11588)
  • a68769d chore(release): Publish
  • 0caea8b chore(docs): reword CSS in JS docs for clarity (#11439)
  • 67daa2d chore: Upgrade Prettier related packages to the latest (#11735)
  • 8a6db6a fix(core): added event source polyfill in develop to fix IE/edge hmr (#11582)
  • 3024839 chore: minify svg husky hook (#10560)
  • 22c41fb docs: add videos for Gatsby Link + rewrite for flow (#11700)
  • 0baa034 docs: add egghead lesson to quickstart (#11699)
  • 3198ca5 Update sites.yml (#11713)
  • 5dc5640 fix(starters): update dependency gatsby-transformer-remark to ^2.2.5 (#11718)
  • fadd172 fix(starters): clean up redundant/incorrect tags
  • 41b4f89 chore(release): Publish
  • 29dee3f fix(gatsby-transformer-remark): restore behavior of serializing date-like fields to string (#11716)
  • 128b156 chore: fix circle ci workflow (#11715)
  • bab4eae Docs/client search with js search (#11505)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic