Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade gatsby from 2.15.6 to 4.10.2 #240

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade gatsby from 2.15.6 to 4.10.2 #240

wants to merge 1 commit into from

Conversation

qsays
Copy link
Owner

@qsays qsays commented May 13, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • examples/gatsby-hot-reload/package.json
    • examples/gatsby-hot-reload/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Uncontrolled resource consumption
SNYK-JS-BRACES-6838727		 Yes No Known Exploit
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Inefficient Regular Expression Complexity
SNYK-JS-MICROMATCH-6838728		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gatsby The new version differs by 250 commits.
  • 7c43f38 chore(release): Publish
  • 9a087ec fix(gatsby): fix eperm when cache getting cleared (#35154) (#35197)
  • a56b652 fix(gatsby): PnP fixes (#35194) (#35199)
  • 0b6067a fix(gatsby): remove apis from ts,tsx (#35183) (#35198)
  • f080b46 chore(release): Publish
  • 0275fad fix(gatsby-plugin-preact): fix preact alias (#35156) (#35169)
  • 3ac159f fix(gatsby-plugin-utils): Add missing fs-extra dep (#35165) (#35168)
  • 0f2ec73 fix(gatsby-cli): Resolve babel preset ts explicitly (#35153) (#35167)
  • 24b9fde chore(release): Publish
  • f10eb58 chore: Update eslintignore
  • 4753cf9 chore(docs): Update migration guide to add more info about image resolvers (#35105)
  • cd0b80c chore(docs): update documentation for node-fetch to use CommonJS (#35129)
  • 9690c7c fix(gatsby-plugin-sharp): Handle diff duotone settings (#35075)
  • bf8392c chore(gatsby): add generic to GatsbyFunctionRequest (#35029)
  • c5b8bb9 fix(deps): update starters and examples - gatsby (#35085)
  • 56fbf8d feat(gatsby-core-utils,gatsby-cli): Allow write to gatsby-config.ts (#35074)
  • fb9c014 chore(plugins): Deprecate create client paths plugin (#35124)
  • 500d17a chore(docs): Update query-execution.md (#35115)
  • 6d01f21 docs(gh-pages): improve separate repository instructions (#35118)
  • c02d256 chore(docs): Fix typos (#35119)
  • a5cd72a fix(gatsby): use lmdb for resultHash cache so shared across workers (#34925)
  • c0f394d fix(create-gatsby): Update wordpress deps in schema (#35107)
  • 46e2902 fix(gatsby): null check for context (#35096)
  • 5852dc8 feat(gatsby): Capture number of compiled TS files in Telemetry (#35023)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled resource consumption

@snyk-bot
fix: examples/gatsby-hot-reload/package.json & examples/gatsby-hot-re…
bc50e9c 
…load/package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BRACES-6838727
- https://snyk.io/vuln/SNYK-JS-MICROMATCH-6838728
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@qsays @snyk-bot