[Snyk] Fix for 2 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • docs/package.json
  • docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	No Known Exploit
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-PRISMJS-1585202	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby-transformer-remark

The new version differs by 250 commits.

• e98cb62 chore(release): Publish
• 164f9a1 fix(gatsby-source-contentful): De-dupe type names (#30834) (#30850)
• 0b99d00 fix(gatsby): webpack warnings are no longer in object format by default (#30801) (#30853)
• f561724 fix(gatsby): lower memory pressure in SSR (#30793) (#30851)
• 96805d5 fix(gatsby-source-wordpress): change `console.warning` to `console.warn` (#30764) (#30852)
• e40c83d chore(release): Publish next
• a5b5cf8 feat: upgrade to remark 13 (#29678)
• 172cf4d chore(docs): Add link to perf implications siteContext (#30778)
• 4336d04 fix(gatsby-plugin-gatsby-cloud): Add missing index.js (so the plugin can be resolved in workspaces) (#30761)
• 2bdd5a5 fix(gatsby-source-wordpress): only log out duplicate node if we have all the data we want to log (#30751)
• 1a9b830 fix(gatsby-plugin-image): Don't inherit all img styles (#30754)
• e0df4cc chore(docs): Change "whitelist" to "allow list" (#30756)
• 81ec270 chore: Add backport script (#30732)
• 63cc8fa fix(docs): Copy edits for debugging html doc + add React-specific example (#30745)
• eed1d43 fix(docs): Add link to how to enable DEV_SSR for fixing inconsistent css styles between dev/prod (#30746)
• ecd823f perf(gatsby): cache babel config items (#28738)
• a60e92f chore(release): Publish next
• dd9e95c docs(gatsby-plugin-image): Note on tracedSVG options name change (#30736)
• a5869e3 fix(gatsby-plugin-image): Use bare GATSBY___IMAGE global (#30713)
• 0f3fa4e fix(contentful): make gatsby-plugin-image a peer dependency (#30709)
• 6b2fd94 fix(gatsby-source-wordpress): pass missing property helpers to gql fetch util (#30727)
• c6fa488 chore(docs): Update wording of tutorial part 8 (#30606)
• a777367 fix(gatsby-cli): Update docs links in error-map (#30493)
• c473abf chore(docs): include autoprefixer in tailwind install command (#30718)

See the full diff

Package name: prismjs

The new version differs by 250 commits.

• 99d94fa 1.25.0
• 6d8e547 Updated changelog ([BUG] Multiple related packages install fail due to wrong peerDependencies resolution  npm/cli#3083)
• e008ea0 Added support for Kusto ([BUG] npm ls --all does not list dependency tree without node_modules npm/cli#3068)
• 4433ccf Added support for ASP.NET Razor (ssri 6.0.1 vulnerability npm/cli#3064)
• 6a356d2 Added support for Wren ([BUG] <title> npm/cli#3063)
• 4fbdd2f Added support for MAXScript ([BUG] <title> npm/cli#3060)
• 746a4b1 Added AviSynth language definition ([BUG] Updating package in workspace child project to the already hoisted version does not remove old version from the child node mods  npm/cli#3071)
• ffb2043 Twilight theme: Increase selector specificities of plugin overrides ([BUG] install of local package differs from normal install npm/cli#3081)
• 52e8cee Markup: Made most patterns greedy ([BUG] on npm install npm does not run the prepublish scripts in workspace packages. npm/cli#3065)
• c7b6a7f Previewers: Ensure popup is visible across themes (npm ERR! cb() never called! npm/cli#3080)
• 0ff371b Markup: Fixed ReDoS ([BUG] Getting constant FetchError...reason: Socket timeout when installing packages npm/cli#3078)
• d216e60 Tests: Improved dection of empty patterns ([BUG] npx node-gyp@version runs the copy of node-gyp bundled with npm instead npm/cli#3058)
• a1b67ce Added support for Magma (CAS) (feat(version): add workspace support npm/cli#3055)
• 23cd9b6 Added support for GAP (CAS) (Release/v6.14.13 npm/cli#3054)
• 8d0b74b Clojure: Improved tokenization ([BUG] npm install script not working when I run npm install as dependency npm/cli#3056)
• 148c1ec Added support for Mermaid (Update hosted-git-info to fix CVE-2021-23362 npm/cli#3050)
• 8df825e Added support for Systemd configuration files (chore: update contributing.md to explicitely outline dep updates npm/cli#3053)
• 87e5a37 Added support for Apache Avro IDL (Release/v7.9.0 npm/cli#3051)
• 247fd9a Highlight Keywords: More documentation (Update ssri to fix CVE-2021-27290 npm/cli#3049)
• 35b88fc Shell-session: Fixed command false positives ([BUG] npm version commits with incorrect author name and email npm/cli#3048)
• 4f97b82 Added support for GN ([BUG] dependency loses transitive dependency npm/cli#3062)
• 5de8947 C++: Fixed generic function false positive ([BUG] All workspaces require script during npm run * --workspaces npm/cli#3043)
• 4e9338a ESLint: Added `regexp/no-super-linear-backtracking` rule ([BUG] NPM removes dependencies of global packages npm/cli#3040)
• 44456b2 Added benchmark suite (fix: legacy auth tokens npm/cli#2153)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic