Bump gatsby from 2.24.65 to 4.25.7 in /docs

[dependabot]

Bumps gatsby from 2.24.65 to 4.25.7.

Release notes

Sourced from gatsby's releases.

v4.24

Welcome to gatsby@4.24.0 release (September 2022 #2)

Key highlights of this release:

• Gatsby 5 Alpha
• Updating File System Routes on data changes

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

v4.23

Welcome to gatsby@4.23.0 release (September 2022 #1)

Key highlights of this release:

• Open RFCs

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

v4.22

Welcome to gatsby@4.22.0 release (August 2022 #3)

Key highlights of this release:

• Open RFCs

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

v4.21

Welcome to gatsby@4.21.0 release (August 2022 #2)

Key highlights of this release:

• gatsby-plugin-mdx v4
• Open RFCs

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

... (truncated)

Commits

• db5eb18 chore(release): Publish
• fc22f4b fix(gatsby): don't serve codeframes for files outside of compilation (#38059)...
• 8889bfe chore(release): Publish
• d3d5fd0 fix(gatsby-source-wordpress): prevent inconsistent schema customization (#377...
• 5bdef4a fix(gatsby): don't block event loop during inference (#37780) (#37801)
• 50e3f94 chore(release): Publish
• 3f8477d chore: Update get-unowned-packages script to use npm 9 syntax
• dcf88ed fix(gatsby-plugin-sharp): don't serve static assets that are not result of cu...
• 3be4a80 chore(release): Publish
• 98c4d27 feat(gatsby): add initial webhook body env var to bootstrap context (#37478) ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[codesandbox-ci]

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

Latest deployment of this branch, based on commit 28106ef:

Sandbox	Source
react-easy-crop	Configuration

[socket-security]

🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎

To accept the risk, merge this PR and you will not be notified again.

Issue	Package	Version	Note	Source
Native code	@parcel/watcher	2.1.0	Location: binding.gyp	docs/package.json via gatsby@4.25.7, gatsby-plugin-material-ui@2.1.10, gatsby-plugin-sharp@2.6.36, gatsby-transformer-sharp@2.5.15
Native code	lmdb	2.5.2	Location: binding.gyp	docs/package.json via gatsby@4.25.7, gatsby-plugin-material-ui@2.1.10, gatsby-plugin-sharp@2.6.36, gatsby-transformer-sharp@2.5.15
Native code	lmdb	2.5.3	Location: binding.gyp	docs/package.json via gatsby@4.25.7, gatsby-plugin-material-ui@2.1.10, gatsby-plugin-sharp@2.6.36, gatsby-transformer-sharp@2.5.15
Native code	msgpackr-extract	3.0.2	Location: binding.gyp	docs/package.json via gatsby@4.25.7, gatsby-plugin-material-ui@2.1.10, gatsby-plugin-sharp@2.6.36, gatsby-transformer-sharp@2.5.15
Install scripts	core-js-pure	3.30.2	Install script: postinstall Source: node -e "try{require('./postinstall')}catch(e){}"	docs/package.json via gatsby@4.25.7, gatsby-plugin-material-ui@2.1.10, gatsby-plugin-sharp@2.6.36, gatsby-transformer-sharp@2.5.15
Install scripts	esbuild	0.16.17	Install script: postinstall Source: node install.js	package.json via vite@4.1.5
Network access	esbuild	0.16.17	Module: https Location: install.js	package.json via vite@4.1.5
Install scripts	es5-ext	0.10.62	Install script: postinstall Source: node -e "try{require('./_postinstall')}catch(e){}" || exit 0	docs/package.json via gatsby@4.25.7, gatsby-plugin-manifest@2.4.31, gatsby-plugin-material-ui@2.1.10, gatsby-plugin-offline@3.2.28, gatsby-plugin-react-helmet@3.3.11, gatsby-plugin-sharp@2.6.36, gatsby-plugin-typescript@2.4.20, gatsby-source-filesystem@2.3.30, gatsby-transformer-sharp@2.5.15
Protestware/Troll package	es5-ext	0.10.62	Note: This package prints a protestware console message on install regarding Ukraine for users with Russian language locale	docs/package.json via gatsby@4.25.7, gatsby-plugin-manifest@2.4.31, gatsby-plugin-material-ui@2.1.10, gatsby-plugin-offline@3.2.28, gatsby-plugin-react-helmet@3.3.11, gatsby-plugin-sharp@2.6.36, gatsby-plugin-typescript@2.4.20, gatsby-source-filesystem@2.3.30, gatsby-transformer-sharp@2.5.15
Network access	@parcel/reporter-dev-server	2.6.2	Module: tls Location: lib/ServerReporter.js	docs/package.json via gatsby@4.25.7, gatsby-plugin-material-ui@2.1.10, gatsby-plugin-sharp@2.6.36, gatsby-transformer-sharp@2.5.15
Network access	http2-wrapper	1.0.3	Module: tls Location: source/agent.js	docs/package.json via gatsby@4.25.7, gatsby-plugin-material-ui@2.1.10, gatsby-plugin-sharp@2.6.36, gatsby-transformer-sharp@2.5.15
Network access	resolve-alpn	1.2.1	Module: tls Location: index.js	docs/package.json via gatsby@4.25.7, gatsby-plugin-material-ui@2.1.10, gatsby-plugin-sharp@2.6.36, gatsby-transformer-sharp@2.5.15
Network access	@builder.io/partytown	0.5.4	Module: globalThis["fetch"] Location: lib/debug/partytown-ww-atomics.js	docs/package.json via gatsby@4.25.7, gatsby-plugin-material-ui@2.1.10, gatsby-plugin-sharp@2.6.36, gatsby-transformer-sharp@2.5.15
Network access	@graphql-tools/url-loader	6.10.1	Module: globalThis["fetch"] Location: es5/index.cjs.js	docs/package.json via gatsby-plugin-manifest@2.4.31, gatsby-plugin-offline@3.2.28, gatsby-plugin-react-helmet@3.3.11, gatsby-plugin-typescript@2.4.20, gatsby-source-filesystem@2.3.30, gatsby-transformer-sharp@2.5.15
Network access	@microsoft/fetch-event-source	2.0.1	Module: globalThis["fetch"] Location: lib/cjs/fetch.js	docs/package.json via gatsby-plugin-manifest@2.4.31, gatsby-plugin-offline@3.2.28, gatsby-plugin-react-helmet@3.3.11, gatsby-plugin-typescript@2.4.20, gatsby-source-filesystem@2.3.30, gatsby-transformer-sharp@2.5.15
Network access	@parcel/runtime-js	2.6.2	Module: globalThis["fetch"] Location: lib/helpers/browser/html-loader.js	docs/package.json via gatsby@4.25.7, gatsby-plugin-material-ui@2.1.10, gatsby-plugin-sharp@2.6.36, gatsby-transformer-sharp@2.5.15
Network access	abortcontroller-polyfill	1.7.5	Module: globalThis["fetch"] Location: dist/cjs-ponyfill.js	docs/package.json via gatsby@4.25.7, gatsby-plugin-material-ui@2.1.10, gatsby-plugin-sharp@2.6.36, gatsby-transformer-sharp@2.5.15
Network access	domutils	2.8.0	Module: globalThis["fetch"] Location: lib/feeds.js	package.json via html-webpack-plugin@4.5.2, docs/package.json via gatsby@4.25.7, gatsby-plugin-manifest@2.4.31, gatsby-plugin-material-ui@2.1.10, gatsby-plugin-offline@3.2.28, gatsby-plugin-prefetch-google-fonts@1.4.3, gatsby-plugin-react-helmet@3.3.11, gatsby-plugin-sharp@2.6.36, gatsby-plugin-typescript@2.4.20, gatsby-source-filesystem@2.3.30, gatsby-transformer-sharp@2.5.15
Network access	fbjs	3.0.5	Module: globalThis["fetch"] Location: lib/mocks/fetch.js	docs/package.json via gatsby@4.25.7, gatsby-plugin-material-ui@2.1.10, gatsby-plugin-sharp@2.6.36, gatsby-transformer-sharp@2.5.15
Network access	svgo	2.8.0	Module: globalThis["fetch"] Location: dist/svgo.browser.js	docs/package.json via gatsby@4.25.7, gatsby-plugin-manifest@2.4.31, gatsby-plugin-material-ui@2.1.10, gatsby-plugin-offline@3.2.28, gatsby-plugin-prefetch-google-fonts@1.4.3, gatsby-plugin-react-helmet@3.3.11, gatsby-plugin-sharp@2.6.36, gatsby-plugin-typescript@2.4.20, gatsby-source-filesystem@2.3.30, gatsby-transformer-sharp@2.5.15
Network access	sync-fetch	0.3.0	Module: globalThis["fetch"] Location: index.js	docs/package.json via gatsby-plugin-manifest@2.4.31, gatsby-plugin-offline@3.2.28, gatsby-plugin-react-helmet@3.3.11, gatsby-plugin-typescript@2.4.20, gatsby-source-filesystem@2.3.30, gatsby-transformer-sharp@2.5.15
Network access	@parcel/utils	2.6.2	Module: https Location: src/http-server.js	docs/package.json via gatsby@4.25.7, gatsby-plugin-material-ui@2.1.10, gatsby-plugin-sharp@2.6.36, gatsby-transformer-sharp@2.5.15
Network access	create-gatsby	0.5.1	Module: https Location: lib/index.js	docs/package.json via gatsby-plugin-manifest@2.4.31, gatsby-plugin-offline@3.2.28, gatsby-plugin-react-helmet@3.3.11, gatsby-plugin-typescript@2.4.20, gatsby-source-filesystem@2.3.30, gatsby-transformer-sharp@2.5.15
Network access	create-gatsby	2.25.0	Module: https Location: lib/index.js	docs/package.json via gatsby@4.25.7, gatsby-plugin-material-ui@2.1.10, gatsby-plugin-sharp@2.6.36, gatsby-transformer-sharp@2.5.15
Network access	express-http-proxy	1.6.3	Module: https Location: lib/requestOptions.js	docs/package.json via gatsby@4.25.7, gatsby-plugin-material-ui@2.1.10, gatsby-plugin-sharp@2.6.36, gatsby-transformer-sharp@2.5.15
Network access	gatsby	2.32.13	Module: https Location: dist/commands/develop.js	docs/package.json via gatsby-plugin-manifest@2.4.31, gatsby-plugin-offline@3.2.28, gatsby-plugin-react-helmet@3.3.11, gatsby-plugin-typescript@2.4.20, gatsby-source-filesystem@2.3.30, gatsby-transformer-sharp@2.5.15
Network access	got	11.8.6	Module: http2-wrapper Location: dist/source/core/index.js	docs/package.json via gatsby@4.25.7, gatsby-plugin-material-ui@2.1.10, gatsby-plugin-sharp@2.6.36, gatsby-transformer-sharp@2.5.15
Network access	engine.io	4.1.2	Module: http Location: lib/engine.io.js	docs/package.json via gatsby-plugin-manifest@2.4.31, gatsby-plugin-offline@3.2.28, gatsby-plugin-react-helmet@3.3.11, gatsby-plugin-typescript@2.4.20, gatsby-source-filesystem@2.3.30, gatsby-transformer-sharp@2.5.15
Network access	engine.io	6.2.1	Module: http Location: build/engine.io.js	docs/package.json via gatsby@4.25.7, gatsby-plugin-material-ui@2.1.10, gatsby-plugin-sharp@2.6.36, gatsby-transformer-sharp@2.5.15
Network access	gatsby-recipes	0.9.3	Module: http Location: dist/graphql-server/server.js	docs/package.json via gatsby-plugin-manifest@2.4.31, gatsby-plugin-offline@3.2.28, gatsby-plugin-react-helmet@3.3.11, gatsby-plugin-typescript@2.4.20, gatsby-source-filesystem@2.3.30, gatsby-transformer-sharp@2.5.15
Network access	socket.io	3.1.1	Module: http Location: dist/index.js	docs/package.json via gatsby-plugin-manifest@2.4.31, gatsby-plugin-offline@3.2.28, gatsby-plugin-react-helmet@3.3.11, gatsby-plugin-typescript@2.4.20, gatsby-source-filesystem@2.3.30, gatsby-transformer-sharp@2.5.15
Network access	socket.io	4.5.4	Module: http Location: dist/index.js	docs/package.json via gatsby@4.25.7, gatsby-plugin-material-ui@2.1.10, gatsby-plugin-sharp@2.6.36, gatsby-transformer-sharp@2.5.15

Next steps

What's wrong with native code?

Contains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs.

Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.

What is an install script?

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

What is network access?

This module accesses the network.

Packages should remove all network access that isn't functionally unnecessary. Consumers should audit network access to ensure legitimate use.

What is protestware and troll packages?

This package is a joke, parody, or includes undocumented or hidden behavior unrelated to its primary function.

Consider that consuming this package my come along with functionality unrelated to its primary purpose.

Take a deeper look at the dependency

Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev.

Remove the package

If you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency.

Mark a package as acceptable risk

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@* or ignore all packages with @SocketSecurity ignore-all

• @SocketSecurity ignore core-js-pure@3.30.2
• @SocketSecurity ignore esbuild@0.16.17
• @SocketSecurity ignore es5-ext@0.10.62
• @SocketSecurity ignore @parcel/watcher@2.1.0
• @SocketSecurity ignore lmdb@2.5.2
• @SocketSecurity ignore lmdb@2.5.3
• @SocketSecurity ignore msgpackr-extract@3.0.2
• @SocketSecurity ignore @parcel/reporter-dev-server@2.6.2
• @SocketSecurity ignore http2-wrapper@1.0.3
• @SocketSecurity ignore resolve-alpn@1.2.1
• @SocketSecurity ignore @builder.io/partytown@0.5.4
• @SocketSecurity ignore @graphql-tools/url-loader@6.10.1
• @SocketSecurity ignore @microsoft/fetch-event-source@2.0.1
• @SocketSecurity ignore @parcel/runtime-js@2.6.2
• @SocketSecurity ignore abortcontroller-polyfill@1.7.5
• @SocketSecurity ignore domutils@2.8.0
• @SocketSecurity ignore fbjs@3.0.5
• @SocketSecurity ignore svgo@2.8.0
• @SocketSecurity ignore sync-fetch@0.3.0
• @SocketSecurity ignore @parcel/utils@2.6.2
• @SocketSecurity ignore create-gatsby@0.5.1
• @SocketSecurity ignore create-gatsby@2.25.0
• @SocketSecurity ignore express-http-proxy@1.6.3
• @SocketSecurity ignore gatsby@2.32.13
• @SocketSecurity ignore got@11.8.6
• @SocketSecurity ignore engine.io@4.1.2
• @SocketSecurity ignore engine.io@6.2.1
• @SocketSecurity ignore gatsby-recipes@0.9.3
• @SocketSecurity ignore socket.io@3.1.1
• @SocketSecurity ignore socket.io@4.5.4

[socket-security]

New and updated dependency changes detected. Learn more about Socket for GitHub ↗︎

Packages		Version	New capabilities	Transitives1	Size	Publisher
eslint-plugin-jsx-a11y	🆕	6.7.1	None	+22	1.86 MB	ljharb
lodash.debounce	🆕	4.0.8	None	+0	14 kB	jdalton
query-string	🆕	6.14.1	None	+3	46.5 kB	sindresorhus
eslint-plugin-react	🆕	7.32.2	filesystem	+10	1.28 MB	ljharb
eslint-plugin-import	🆕	2.27.5	None	+6	1.32 MB	ljharb
@typescript-eslint/parser	🆕	5.51.0	None	+8	1.88 MB	jameshenry
@typescript-eslint/eslint-plugin	🆕	5.51.0	None	+15	4.92 MB	jameshenry
gatsby	⬆️	2.24.65...4.25.7	environment	+558/-310	318 MB	pieh

Footnotes

1. https://docs.socket.dev ↩

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.