protoEvangelion / portfolio

Gatsby blog + portfolio
https://iamrhino.com
2 stars 2 forks source link

[Snyk] Security upgrade gatsby from 2.23.3 to 2.32.8 #137

Closed snyk-bot closed 3 years ago

snyk-bot commented 3 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 726/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 8.1
Arbitrary Code Injection
SNYK-JS-XMLHTTPREQUESTSSL-1082936
No Proof of Concept
high severity 758/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3
Access Restriction Bypass
SNYK-JS-XMLHTTPREQUESTSSL-1255647
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gatsby The new version differs by 250 commits.
  • 9ecbc81 chore(release): Publish
  • 180ebad chore(gatsby): upgrade socket.io (#29765) (#29769)
  • 65274d6 chore(release): Publish
  • 21f02de fix(gatsby-plugin-feed): Exists function and update version fs-extra (#29616) (#29764)
  • 997985a Update index.js (#29758) (#29761)
  • 61bdabd force cherry-pick (#29749)
  • 91b9d66 feat(gatsby): ignore case option in create redirect (#29742)
  • 662fe41 chore(release): Publish
  • 8a2fac9 Release gatsby plugin gatsby cloud for Gatsby v2 (#29738)
  • d806703 fix(gatsby-source-wordpress):issue #29535 not finished createSchemaCu… (#29554) (#29712)
  • 49f19fd feat(gatsby): Respect VERBOSE env var (#29708) (#29713)
  • 6fa14e4 chore(release): Publish
  • 01d07b3 fix(gatsby): more reliable way to use prod versions of react/react-dom (#29683)
  • 2022f2b chore(gatsby-core-utils): Move isTruthy to gatsby-core-utils (#29707) (#29710)
  • ac65482 chore: remove --cache from eslint (#29706) (#29709)
  • 22dadae fix(gatsby): Fix snapshot for integration-tests/ssr tests (#29697)
  • 9183a6b fix(gatsby-plugin-image): Apply inline styles and img size (#29603) (#29668)
  • 2625159 fix(contentful): retry on network errors when checking credentials (#29664) (#29672)
  • 255b565 chore: fix reset hard in assert-changed-files (#29328) (#29677)
  • be9d9f9 fix(gatsby-plugin-sharp): Fix defaults handling (#29564) (#29589)
  • d1f303a tests: Fix cli integration test (#29525) (#29594)
  • 2035475 chore(release): Publish
  • febd5e4 fix(gatsby-source-contentful): Correct supported image formats (#29562)
  • 6374419 fix: drop terminal-link (#29472) (#29477)
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic