[Snyk] Upgrade: gatsby-plugin-sharp, prop-types, gatsby-plugin-mdx, gatsby-theme-carbon, prismjs

[mjperrins]

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

gatsby-plugin-sharp
from 3.6.0 to 3.15.0 | 56 versions ahead of your current version | 2 years ago
on 2022-12-07 prop-types
from 15.7.2 to 15.8.1 | 2 versions ahead of your current version | 3 years ago
on 2022-01-05 gatsby-plugin-mdx
from 2.6.0 to 2.15.0 | 48 versions ahead of your current version | 2 years ago
on 2022-12-07 gatsby-theme-carbon
from 1.29.2 to 1.30.2 | 3 versions ahead of your current version | 3 years ago
on 2021-07-14 prismjs
from 1.23.0 to 1.29.0 | 7 versions ahead of your current version | 2 years ago
on 2022-08-23

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Denial of Service (DoS) SNYK-JS-FILETYPE-2958042	589	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1585202	589	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2935944	589	Proof of Concept
	Information Exposure SNYK-JS-PARSEURL-2935947	589	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-2936249	589	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-PARSEURL-2942134	589	Proof of Concept
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	589	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1314893	589	No Known Exploit
	Improper Input Validation SNYK-JS-URLPARSE-2407770	589	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	589	No Known Exploit
	Cross-site Scripting (XSS) SNYK-JS-PRISMJS-2404333	589	No Known Exploit
	Open Redirect SNYK-JS-URLPARSE-1533425	589	Proof of Concept
	Access Restriction Bypass SNYK-JS-URLPARSE-2401205	589	Proof of Concept
	Authorization Bypass SNYK-JS-URLPARSE-2407759	589	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-URLPARSE-2412697	589	Proof of Concept

Release notes

Package name: gatsby-plugin-sharp

• 3.15.0 - 2022-12-07
• 3.14.3 - 2021-11-02
• 3.14.2 - 2021-10-28
• 3.14.1 - 2021-10-05
• 3.14.0 - 2021-09-17
• 3.14.0-next.4 - 2021-09-08
• 3.14.0-next.2 - 2021-09-07
• 3.14.0-next.1 - 2021-09-02
• 3.14.0-next.0 - 2021-08-27
• 3.14.0-drupal-next.81 - 2021-10-26
• 3.14.0-alpha-remote-fetch.79 - 2021-09-03
• 3.14.0-alpha-remote-fetch.78 - 2021-09-02
• 3.14.0-alpha-qe-sm.33 - 2021-09-13
• 3.13.0 - 2021-08-31
• 3.13.0-next.4 - 2021-08-27
• 3.13.0-next.3 - 2021-08-25
• 3.13.0-next.2 - 2021-08-20
• 3.13.0-next.1 - 2021-08-19
• 3.13.0-next.0 - 2021-08-12
• 3.12.0 - 2021-08-18
• 3.12.0-next.3 - 2021-08-09
• 3.12.0-next.2 - 2021-08-05
• 3.12.0-next.1 - 2021-08-05
• 3.12.0-next.0 - 2021-07-29
• 3.12.0-coreutils.29 - 2021-08-23
• 3.11.0 - 2021-08-04
• 3.11.0-next.2 - 2021-07-22
• 3.11.0-next.1 - 2021-07-19
• 3.11.0-next.0 - 2021-07-15
• 3.11.0-alpha-qe-sm-write-file.94 - 2021-09-02
• 3.11.0-alpha-qe-sm.93 - 2021-09-02
• 3.11.0-alpha-qe-sm.92 - 2021-09-02
• 3.11.0-alpha-qe-sm.70 - 2021-08-26
• 3.11.0-alpha-qe-sm.69 - 2021-08-25
• 3.11.0-alpha-qe-sm.67 - 2021-08-24
• 3.11.0-alpha-qe-sm.48 - 2021-08-09
• 3.11.0-alpha-qe-sm.26 - 2021-07-28
• 3.11.0-alpha-qe-sm.25 - 2021-07-28
• 3.10.2 - 2021-07-21
• 3.10.1 - 2021-07-21
• 3.10.0 - 2021-07-20
• 3.10.0-next.1 - 2021-07-08
• 3.10.0-next.0 - 2021-07-01
• 3.10.0-alpha-remote-file.48 - 2021-07-22
• 3.10.0-alpha-remote-fetch.59 - 2021-08-12
• 3.9.0 - 2021-07-06
• 3.9.0-next.1 - 2021-06-28
• 3.9.0-next.0 - 2021-06-18
• 3.8.0 - 2021-06-22
• 3.8.0-next.1 - 2021-06-10
• 3.8.0-next.0 - 2021-06-03
• 3.7.1 - 2021-06-10
• 3.7.0 - 2021-06-08
• 3.7.0-next.2 - 2021-06-02
• 3.7.0-next.1 - 2021-05-31
• 3.7.0-next.0 - 2021-05-21
• 3.6.0 - 2021-05-25

from gatsby-plugin-sharp GitHub release notes

Package name: prop-types

• 15.8.1 - 2022-01-05
  
  • [Fix] fix crash when a custom propType return lacks .data; call hasOwnProperty properly (#370)
  • [meta] Fix formatting in CHANGELOG.md (#367)
  • [Tests] add missing test coverage (#370)
  • [Tests] convert normal it functions to arrow functions (#370)
  • [Tests] do not fail fast; add react 17 (#366)
  • [Dev Deps] update eslint
• 15.8.0 - 2021-12-22
  
  • [New] add PropTypes.bigint (#365)
  • [New] oneOfType: Add expected types to warning (#198)
  • [New] Add type check for validator for 'shape' and 'exact' (#234)
  • [Fix] checkPropTypes: Friendlier message when using a type checker that is not a function (#51)
  • [Refactor] extract has (#261, #125, #124)
  • [readme] Fix branch name (master -> main) (#364)
  • [readme] Clarify usage of elementType (#335)
  • [docs] highlighted the func name (#321)
  • [docs] Typo fix in example (#300)
  • [docs] Add instructions for intentional inclusion of validation in production. (#262)
  • [docs] PropTypes.node: add link to react docs
  • [docs] Improve wording for checkPropTypes (#258)
  • [meta] Add a package sideEffects field. (#350)
  • [meta] use in-publish to avoid running the build on install
  • [deps] regenerate yarn.lock
  • [deps] update react-is (#347, #346, #345, #340, #338)
  • [eslint] enable some rules (#360)
  • [Tests] Use GH Actions (#363)
  • [Tests] Fix spelling (#318)
  • [Tests] Fixed typo: 'Any type should accept any value' (#281)
  • [Tests] fix broken tests; test the build process
  • [Dev Deps] update browserify, bundle-collapser, eslint, in-publish, react, uglifyify, uglifyjs
• 15.7.2 - 2019-02-13
  

  v15.7.2

from prop-types GitHub release notes

Package name: gatsby-plugin-mdx

• 2.15.0 - 2022-12-07
• 2.14.2 - 2022-06-10
• 2.14.1 - 2022-06-02
• 2.14.0 - 2021-09-17
• 2.14.0-next.2 - 2021-09-07
• 2.14.0-next.1 - 2021-09-02
• 2.14.0-next.0 - 2021-08-27
• 2.14.0-drupal-next.94 - 2021-10-26
• 2.14.0-alpha-remote-fetch.79 - 2021-09-03
• 2.14.0-alpha-remote-fetch.78 - 2021-09-02
• 2.14.0-alpha-qe-sm.46 - 2021-09-13
• 2.13.0 - 2021-08-31
• 2.13.0-next.2 - 2021-08-27
• 2.13.0-next.1 - 2021-08-25
• 2.13.0-next.0 - 2021-08-12
• 2.12.0 - 2021-08-18
• 2.12.0-next.3 - 2021-08-09
• 2.12.0-next.2 - 2021-08-05
• 2.12.0-next.1 - 2021-08-05
• 2.12.0-next.0 - 2021-07-29
• 2.12.0-coreutils.29 - 2021-08-23
• 2.11.0 - 2021-08-04
• 2.11.0-next.1 - 2021-07-23
• 2.11.0-next.0 - 2021-07-15
• 2.11.0-alpha-qe-sm.108 - 2021-09-02
• 2.11.0-alpha-qe-sm.86 - 2021-08-26
• 2.11.0-alpha-qe-sm.85 - 2021-08-25
• 2.11.0-alpha-qe-sm.83 - 2021-08-24
• 2.11.0-alpha-qe-sm.64 - 2021-08-09
• 2.11.0-alpha-qe-sm.42 - 2021-07-28
• 2.11.0-alpha-qe-sm.41 - 2021-07-28
• 2.10.1 - 2021-07-26
• 2.10.0 - 2021-07-20
• 2.10.0-next.1 - 2021-07-08
• 2.10.0-next.0 - 2021-07-01
• 2.10.0-alpha-remote-file.48 - 2021-07-22
• 2.10.0-alpha-remote-fetch.59 - 2021-08-12
• 2.9.0 - 2021-07-06
• 2.9.0-next.1 - 2021-06-28
• 2.9.0-next.0 - 2021-06-18
• 2.8.0 - 2021-06-22
• 2.8.0-next.1 - 2021-06-10
• 2.8.0-next.0 - 2021-06-03
• 2.7.1 - 2021-06-10
• 2.7.0 - 2021-06-08
• 2.7.0-next.2 - 2021-06-02
• 2.7.0-next.1 - 2021-05-31
• 2.7.0-next.0 - 2021-05-21
• 2.6.0 - 2021-05-25

from gatsby-plugin-mdx GitHub release notes

Package name: gatsby-theme-carbon

• 1.30.2 - 2021-07-14
  

  1.30.2 (2021-07-14)

  Fixes

  • Update ibm.com Switcher URL
  • 404 page link color
• 1.30.1 - 2021-06-21
  

  1.30.1 (2021-06-21)

  Bug Fixes

  • cover gap between page tabs and shell (0bccf8f)
• 1.30.0 - 2021-06-15
  

  1.30.0 (2021-06-15)

  Features

  • add option to remove site switcher from header (#1132) (06ab644)
• 1.29.2 - 2021-05-17
  

  1.29.2 (2021-05-17)

  Bug Fixes

  • remove light prop (#1126) (b5da16b)

from gatsby-theme-carbon GitHub release notes

Package name: prismjs

• 1.29.0 - 2022-08-23
  

  Release 1.29.0

• 1.28.0 - 2022-04-17
  

  Release 1.28.0

• 1.27.0 - 2022-02-17
  

  Release 1.27.0

• 1.26.0 - 2022-01-06
  

  Release 1.26.0

• 1.25.0 - 2021-09-16
  

  Release 1.25.0

• 1.24.1 - 2021-07-03
  

  Release 1.24.1

• 1.24.0 - 2021-06-27
  

  Release 1.24.0

• 1.23.0 - 2020-12-31
  

  Release 1.23.0

from prismjs GitHub release notes

---

[!IMPORTANT]

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs