This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
#### Vulnerabilities that will be fixed
##### With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity
:-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------
 | **718/1000** **Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5 | Uncontrolled Resource Consumption ('Resource Exhaustion') [SNYK-JS-TAR-6476909](https://snyk.io/vuln/SNYK-JS-TAR-6476909) | Yes | Proof of Concept
 | **763/1000** **Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.4 | Path Traversal [SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555](https://snyk.io/vuln/SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555) | Yes | Proof of Concept
(*) Note that the real score may have changed since the PR was raised.
Commit messagesPackage name: gatsby
The new version differs by 250 commits.
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
------------
**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.*
For more information:
๐ง [View latest project report](https://app.snyk.io/org/saurabharch/project/6b7e3f7b-e719-4702-a0d2-d259b0fbdf56?utm_source=github&utm_medium=referral&page=fix-pr)
๐ [Adjust project settings](https://app.snyk.io/org/saurabharch/project/6b7e3f7b-e719-4702-a0d2-d259b0fbdf56?utm_source=github&utm_medium=referral&page=fix-pr/settings)
๐ [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities)
[//]: # (snyk:metadata:{"prId":"add9a762-71e3-4a19-840b-5fcc167e6c44","prPublicId":"add9a762-71e3-4a19-840b-5fcc167e6c44","dependencies":[{"name":"@firebase/firestore","from":"0.9.3","to":"1.14.0"},{"name":"gatsby","from":"2.3.14","to":"3.13.0"},{"name":"gatsby-plugin-sharp","from":"2.0.32","to":"2.5.1"},{"name":"gatsby-transformer-sharp","from":"2.1.17","to":"2.4.1"}],"packageManager":"npm","projectPublicId":"6b7e3f7b-e719-4702-a0d2-d259b0fbdf56","projectUrl":"https://app.snyk.io/org/saurabharch/project/6b7e3f7b-e719-4702-a0d2-d259b0fbdf56?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-TAR-6476909","SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555"],"upgrade":["SNYK-JS-TAR-6476909","SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[718,763],"remediationStrategy":"vuln"})
---
**Learn how to fix vulnerabilities with free interactive lessons:**
๐ฆ [Uncontrolled Resource Consumption ('Resource Exhaustion')](https://learn.snyk.io/lesson/redos/?loc=fix-pr)
๐ฆ [Path Traversal](https://learn.snyk.io/lesson/directory-traversal/?loc=fix-pr)
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:-------------------------  | **718/1000****Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5 | Uncontrolled Resource Consumption ('Resource Exhaustion')
[SNYK-JS-TAR-6476909](https://snyk.io/vuln/SNYK-JS-TAR-6476909) | Yes | Proof of Concept  | **763/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.4 | Path Traversal
[SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555](https://snyk.io/vuln/SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: gatsby
The new version differs by 250 commits.- 0a455df chore(release): Publish
- 91dc167 fix(gatsby): don't log FAST_DEV message for each worker (#32961) (#32967)
- f936c93 fix(gatsby): set staticQueryResultHash to new hash on data change (#32949) (#32966)
- ea161ce feat(gatsby-graphiql-explorer): upgrade to webpack 5 (#30642)
- 944e381 chore(release): Publish next
- d6326df fix(gatsby-core-utils): Switch `auth` option from got to username/password (#32665)
- cf9c066 fix(gatsby): add this typings to actions (#32210)
- 53aa88e chore: enable test parallelism (#32766)
- b7deabc fix(deps): update starters and examples - gatsby (#32843)
- 6025c84 chore(deps): update dependency katex to ^0.13.13 for gatsby-remark-katex (#32567)
- d87c5cb chore: enable lmdb by default and update node for next major (#32695)
- 818d6c1 feat(gatsby-plugin-gatsby-cloud): Add `disablePreviewUI` option (#32907)
- f556a00 chore: update changelogs (#32924)
- aba5eba feat(gatsby): enable webpack caching in development for everyone (#32922)
- ac7bd4e feat(gatsby-source-wordpress): allow path to js file for beforeChangeNode option (#32901)
- 1a87a8a docs(gatsby-source-wordpress): document content sync (#32768)
- 417df15 chore: re-generate changelogs (#32886)
- 1810874 fix(gatsby-source-wordpress): draft previews (#32915)
- 7c72ab8 chore(gatsby): remove unused packages (#32903)
- afb06d7 chore(docs): Add hint for MDX plugin in remark-plugin-tutorial (#32876)
- 1303ecb chore(docs): Update wording for "using-web-fonts" (#32902)
- 9589911 chore(docs): Fix code highlighting in part 6 (#32900)
- 568d4ce feat(gatsby-source-drupal): Use the collection count from JSON:API extras to enable parallel API requests for cold builds (#32883)
- 41f5337 fix(deps): update typescript to ^4.29.3 (#32614)
See the full diffPackage name: gatsby-plugin-sharp
The new version differs by 250 commits.- cfc6413 Unused variable and wrong propTypes (#22426)
- 56023e8 chore(release): Publish
- 79e6bbe chore(gatsby): Update sharp and remove Promise shim for Node 8 (#22432)
- ec8e2f9 chore(release): Publish
- cf4f2db chore(docs): Fix Markdown formatting (#22423)
- 07b1434 chore(gatsby): upgrade `null-loader` (#22410)
- e1a7313 chore(gatsby-source-filesystem): update got dependency (#18857)
- 7f197c0 chore(release): Publish
- 83d681a feat(gatsby): bump node min version to 10.13.0 (#22400)
- 72c91f5 chore(release): Publish
- f345985 chore(docs): ๐งน remove trailing whitespace from Markdown. (#22369)
- e0933f8 fix missing link of frontmatter (#22366)
- 2205811 fix(plugin-netlify-cms): use 'netlify-identity.js' instead of 'netlify-identity-widget.js' (#22387)
- 9b7b6bb chore: adjust renovate config (#22355)
- 341cc5b Blog post feature flags (#22405)
- a55329b Fix the setup() function in the documentation (#22368)
- 5496e6b fix(gatsby): Incorrect PackageJson type (#22406)
- 3ce7083 Showcase erudicat update (#22407)
- 39282ca fix(docs): 404 link to workers.dev (#22365)
- 43ad085 chore(gatsby): Convert local-eslint-config-finder to typescript (#22403)
- 0700cd5 chore(gatsby): migrate test-require-error to typescript (#22265)
- 7d73604 chore(gatsby): migrate webpack-hmr-hooks-patch to TypeScript (#22280)
- 101e322 chore(starters): add gatsby-minimalistic-dmin (#22375)
- d9c6415 Fixed eslint url path (#22399)
See the full diffPackage name: gatsby-transformer-sharp
The new version differs by 250 commits.- cfc6413 Unused variable and wrong propTypes (#22426)
- 56023e8 chore(release): Publish
- 79e6bbe chore(gatsby): Update sharp and remove Promise shim for Node 8 (#22432)
- ec8e2f9 chore(release): Publish
- cf4f2db chore(docs): Fix Markdown formatting (#22423)
- 07b1434 chore(gatsby): upgrade `null-loader` (#22410)
- e1a7313 chore(gatsby-source-filesystem): update got dependency (#18857)
- 7f197c0 chore(release): Publish
- 83d681a feat(gatsby): bump node min version to 10.13.0 (#22400)
- 72c91f5 chore(release): Publish
- f345985 chore(docs): ๐งน remove trailing whitespace from Markdown. (#22369)
- e0933f8 fix missing link of frontmatter (#22366)
- 2205811 fix(plugin-netlify-cms): use 'netlify-identity.js' instead of 'netlify-identity-widget.js' (#22387)
- 9b7b6bb chore: adjust renovate config (#22355)
- 341cc5b Blog post feature flags (#22405)
- a55329b Fix the setup() function in the documentation (#22368)
- 5496e6b fix(gatsby): Incorrect PackageJson type (#22406)
- 3ce7083 Showcase erudicat update (#22407)
- 39282ca fix(docs): 404 link to workers.dev (#22365)
- 43ad085 chore(gatsby): Convert local-eslint-config-finder to typescript (#22403)
- 0700cd5 chore(gatsby): migrate test-require-error to typescript (#22265)
- 7d73604 chore(gatsby): migrate webpack-hmr-hooks-patch to TypeScript (#22280)
- 101e322 chore(starters): add gatsby-minimalistic-dmin (#22375)
- d9c6415 Fixed eslint url path (#22399)
See the full diff