search

hikerpig / gatsby-project-kb

Developing gatsby-theme-kb, a Gatsby theme for publishing Knowledge Base.
https://gatsby-project-kb.vercel.app/
MIT License
62 stars 15 forks source link

[Snyk] Security upgrade gatsby from 4.25.2 to 5.4.0 #64

Open hikerpig opened 1 year ago

hikerpig commented 1 year ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - demo/package.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **589/1000**
**Why?** Has a fix available, CVSS 7.5 | Denial of Service (DoS)
[SNYK-JS-ENGINEIO-3136336](https://snyk.io/vuln/SNYK-JS-ENGINEIO-3136336) | Yes | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: gatsby The new version differs by 250 commits.
  • 12252dd chore(release): Publish
  • e2084f6 fix(gatsby): Restore asset, path prefix for file-loader handled files (#37429) (#37430)
  • c7b5e7c chore(gatsby): Improve SlicePlaceholderProps type (#37409)
  • 57607f1 fix(gatsby): Allow "gatsby-node" directory for Parcel Compilation (#36712)
  • 56ace78 fix(gatsby-source-contentful): Add contentTypeFilter to Joi schema (#37403)
  • 04fb852 chore: Update `.gitpod` to use correct Node version (#37336)
  • 7a382f2 chore(deps): Bump yaml-loader (#37401)
  • 7fda6d1 fix(deps): update parcel to v2.8.2 (#37383)
  • 6e7c57f chore(deps): update [dev] minor and patch dependencies for gatsby (#37384)
  • b941876 chore(deps): update babel monorepo (#37386)
  • 5df8a99 chore(release): Publish next
  • 919efc0 fix(deps): update minor and patch dependencies for gatsby (#37377)
  • dd6bb8a chore(deps): update [dev] minor and patch dependencies for gatsby-source-shopify (#37355)
  • 594886b chore(deps): update [dev] minor and patch dependencies for gatsby-plugin-gatsby-cloud (#37385)
  • 9077a3f chore(deps): update [dev] minor and patch dependencies for gatsby-plugin-mdx (#37353)
  • 4c2ac49 chore(deps): update [dev] minor and patch dependencies for gatsby-plugin-image (#37352)
  • 78324eb chore(docs): Add wrapRootElement limitation to off-main-thread (#37402)
  • 20ce44b fix(deps): update e2e tests (major) (#37289)
  • bbd6220 chore(deps): update gatsby monorepo (#37366)
  • f8e8078 chore(docs): Update Storybook instructions (#37321)
  • e9ab3f4 chore(docs): Add `--legacy-peer-deps` flag for experimental React (#37332)
  • b573e21 chore(deps): update dependency cross-env to ^5.2.1 (#37359)
  • f503625 chore(deps): update [dev] minor and patch dependencies for gatsby-plugin-preact (#37354)
  • b8ce9de chore(deps): update dependency react-typography to ^0.16.23 for gatsby-plugin-typography (#37363)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/hikerpig/project/a9d59dae-74e9-4024-ad21-9d0a6d3f36a4?utm_source=github&utm_medium=referral&page=fix-pr) πŸ›  [Adjust project settings](https://app.snyk.io/org/hikerpig/project/a9d59dae-74e9-4024-ad21-9d0a6d3f36a4?utm_source=github&utm_medium=referral&page=fix-pr/settings) πŸ“š [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"d48e0977-a5d7-447c-8e33-7c29ef8d063f","prPublicId":"d48e0977-a5d7-447c-8e33-7c29ef8d063f","dependencies":[{"name":"gatsby","from":"4.25.2","to":"5.4.0"}],"packageManager":"npm","projectPublicId":"a9d59dae-74e9-4024-ad21-9d0a6d3f36a4","projectUrl":"https://app.snyk.io/org/hikerpig/project/a9d59dae-74e9-4024-ad21-9d0a6d3f36a4?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-ENGINEIO-3136336"],"upgrade":["SNYK-JS-ENGINEIO-3136336"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[589]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** πŸ¦‰ [Denial of Service (DoS)](https://learn.snyk.io/lessons/redos/javascript/?loc=fix-pr)
gatsby-cloud[bot] commented 1 year ago

:x: gatsby-project-kb-master deploy preview failed

Your build failed. View the build logs.