search

tubone24 / blog

tubone's Blog made by Gatsby.js and Netlify
https://blog.tubone-project24.xyz/
Other
6 stars 2 forks source link

[Snyk] Security upgrade gatsby-transformer-remark from 5.25.1 to 6.0.0 #1433

Open tubone24 opened 6 months ago

tubone24 commented 6 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - yarn.lock #### Note for [zero-installs](https://yarnpkg.com/features/zero-installs) users If you are using the Yarn feature [zero-installs](https://yarnpkg.com/features/zero-installs) that was introduced in Yarn V2, note that this PR does not update the `.yarn/cache/` directory meaning this code cannot be pulled and immediately developed on as one would expect for a zero-install project - you will need to run `yarn` to update the contents of the `./yarn/cache` directory. If you are not using zero-install you can ignore this as your flow should likely be unchanged. #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![medium severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png "medium severity") | **658/1000**
**Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3 | Information Exposure
[SNYK-JS-SANITIZEHTML-6256334](https://snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/tubone24/project/f01f63e7-832e-45ca-a080-eb4d0da4b8e6?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/tubone24/project/f01f63e7-832e-45ca-a080-eb4d0da4b8e6?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"8bbc038d-6416-4044-abdd-f14675bcd5e1","prPublicId":"8bbc038d-6416-4044-abdd-f14675bcd5e1","dependencies":[{"name":"gatsby-transformer-remark","from":"5.25.1","to":"6.0.0"}],"packageManager":"yarn","projectPublicId":"f01f63e7-832e-45ca-a080-eb4d0da4b8e6","projectUrl":"https://app.snyk.io/org/tubone24/project/f01f63e7-832e-45ca-a080-eb4d0da4b8e6?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-SANITIZEHTML-6256334"],"upgrade":["SNYK-JS-SANITIZEHTML-6256334"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[658],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io/?loc=fix-pr)
github-actions[bot] commented 6 months ago

depcheck Result

List up libraries that are defined in dependencies and devDependencies in package.json but not used in your codes.

Unused dependencies - @popperjs/core - @sentry/react - @typescript-eslint/eslint-plugin - babel-loader - babel-polyfill - classnames - flexboxgrid - gatsby-legacy-polyfills - gatsby-plugin-flexsearch - gatsby-plugin-twitter - gatsby-react-router-scroll - html-minifier - intersection-observer - md5 - preact - preact-render-to-string - react-body-classname - react-dom - rimraf - sass - typescript
Unused devdependencies - @babel/core - @babel/preset-typescript - @storybook/addon-a11y - @storybook/addon-controls - @storybook/addon-essentials - @storybook/addon-info - @storybook/addon-interactions - @storybook/addon-knobs - @storybook/addon-links - @storybook/addon-storysource - @storybook/addon-viewport - @storybook/builder-webpack5 - @storybook/manager-webpack5 - @textlint-rule/textlint-rule-no-duplicate-abbr - @types/jest - @types/react-test-renderer - @types/responselike - axe-core - @babel/eslint-parser - babel-plugin-transform-runtime - core-js - cross-env - css-loader - eslint - eslint-config-airbnb - eslint-import-resolver-webpack - eslint-plugin-import - eslint-plugin-jsx-a11y - eslint-plugin-react - gh-pages - husky - identity-obj-proxy - jest - jest-environment-jsdom - markdownlint-cli2 - memlab - netlify-cli - netlify-lambda - nyc - prettier - react-test-renderer - sass-loader - start-server-and-test - stylelint - stylelint-config-recess-order - stylelint-config-recommended-scss - stylelint-config-standard - stylelint-scss - textlint - textlint-filter-rule-allowlist - textlint-filter-rule-comments - textlint-rule-aws-spellcheck - textlint-rule-ja-no-inappropriate-words - textlint-rule-no-mixed-zenkaku-and-hankaku-alphabet - textlint-rule-no-start-duplicated-conjunction - textlint-rule-preset-smarthr - textlint-rule-prh - textlint-rule-terminology - ts-jest - yaml-lint
Missing - colors - /github/workspace/src/styles/_hover.scss - @algolia/transporter - /github/workspace/src/components/SearchBox/index.tsx - @algolia/client-search - /github/workspace/src/components/SearchBox/index.tsx - qs - /github/workspace/scripts/benchmark.js - https - /github/workspace/scripts/uploadScreenShot.ts
coveralls commented 6 months ago

Pull Request Test Coverage Report for Build 8023712653

Details

Totals Coverage Status
Change from base Build 7595429093: 0.0%
Covered Lines: 250
Relevant Lines: 280
💛 - Coveralls