search

hikerpig / gatsby-project-kb

Developing gatsby-theme-kb, a Gatsby theme for publishing Knowledge Base.
https://gatsby-project-kb.vercel.app/
MIT License
62 stars 15 forks source link

[Snyk] Security upgrade gatsby from 3.1.3 to 3.5.0 #21

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-NORMALIZEURL-1296539		 No No Known Exploit
medium severity 479/1000
Why? Has a fix available, CVSS 5.3		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-POSTCSS-1255640		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gatsby The new version differs by 250 commits.
  • 102d92c chore(release): Publish
  • baa0804 fix(gatsby-plugin-mdx): enable hmr when importing mdx (#31288) (#31370)
  • a44a426 fix(gatsby): Fixes incorrect type (#31358) (#31365)
  • 63942db fix(gatsby): fix proxy creation on read-only properties (#31346) (#31364)
  • 4eca6cc fix(gatsby): Pass reporter from functions code for reporting warning (#31336) (#31363)
  • 01de613 fix(gatsby): don't print out flag suggestions if none are enabled or opted-in (#31299) (#31362)
  • 1a4a3a7 feat(gatsby): New overlay for DEV_SSR (#31061) (#31361)
  • fbab17b fix(gatsby-source-shopify): fix linting (#31291)
  • 62f0ad6 fix(deps): update minor and patch for gatsby-plugin-preact (#31169)
  • 95f52f0 chore: add gatsby-plugin-gatsby-cloud to renovate
  • 22cbc30 chore: update renovatebot config to support more packages (#31289)
  • 111647e chore(deps): update dependency @ types/semver to ^7.3.5 (#31148)
  • f3ee3fd fix(deps): update minor and patch for gatsby-plugin-manifest (#31160)
  • 2291fbd fix(deps): update minor and patch for gatsby-remark-copy-linked-files (#31163)
  • 137630e fix(deps): update dependency mini-css-extract-plugin to v1.6.0 (#31158)
  • b2ce9fe chore(deps): update dependency @ testing-library/react to ^11.2.6 (#31168)
  • b08c4c7 docs(gatsby-source-shopify): Updates Shopify README with new plugin info (#31287)
  • 06f4556 chore: run yarn deduplicate (#31285)
  • 4f84533 docs(gatsby-plugin-image): Add docs for customizing default options (#30344)
  • d0dee0d fix(gatsby-plugin-image): print error details (#30417)
  • 448061a chore(docs): Update "Adding Search with Algolia" guide (#29460)
  • ea81d3b chore(docs): Update MDX frontmatter for programmatic pages (#29798)
  • 5658261 docs: Add image plugin architecture doc (#31096)
  • fef8d6b perf(gatsby): use fastq instead of better-queue + refactor (#31269)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

gatsby-cloud[bot] commented 3 years ago

Gatsby Cloud Build Report

gatsby-project-kb-master

:tada: Your build was successful! See the Deploy preview here.

Build Details

View the build logs here.

:clock1: Build time: 2m

Performance

Lighthouse report

Metric Score
Performance :green_heart: 95
Accessibility :green_heart: 90
Best Practices :green_heart: 100
SEO :green_heart: 91

:link: View full report