[Snyk] Security upgrade gatsby from 2.20.25 to 2.31.0 #572

wizbit · 2024-01-02T00:25:51Z

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- starters/gatsby-starter-blog-theme/package.json
- starters/gatsby-starter-blog-theme/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	758/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.3	Improper Input Validation SNYK-JS-FOLLOWREDIRECTS-6141137	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

fbc5893 chore(release): Publish
e693b62 chore: update yarn.lock (chore: update yarn.lock gatsbyjs/gatsby#29078)
e998870 fix(gatsby): Always render the body component to ensure needed head & pre/post body components are added (fix(gatsby): Always render the body component to ensure needed head & pre/post body components are added gatsbyjs/gatsby#29077)
a1921b5 feat(gatsby): bump opt-in % to dev-ssr to 20% (feat(gatsby): bump opt-in % to dev-ssr to 20% gatsbyjs/gatsby#29075)
2439b44 feat(gatsby-codemods): Handle or warn on nested options changes (feat(gatsby-codemods): Handle or warn on nested options changes gatsbyjs/gatsby#29046)
c0e6c92 fix(gatsby-plugin-typescript): add missing options validations (fix(gatsby-plugin-typescript): add missing options validations gatsbyjs/gatsby#29066)
3163ca6 fix(gatsby-plugin-mdx): Add `root` to plugin validation (fix(gatsby-plugin-mdx): Add root to plugin validation gatsbyjs/gatsby#29010)
6233382 fix(gatsby-plugin-image): Fix onload race condition (fix(gatsby-plugin-image): Fix onload race condition gatsbyjs/gatsby#29064)
c76c175 benchmark(gabe-fs-markdown-images): add img benchmark (benchmark(gabe-fs-markdown-images): add img benchmark gatsbyjs/gatsby#29009)
bd5b5f7 feat(gatsby): allow to skip cache persistence (allow to skip cache persistence gatsbyjs/gatsby#29047)
48db6ac fix(gatsby): fix broken GraphQL resolver tracing (fix(gatsby): fix broken GraphQL resolver tracing gatsbyjs/gatsby#29015)
90b6e3d fix(gatsby): Use fast-refresh for React 17 (fix(gatsby): Use fast-refresh for React 17 gatsbyjs/gatsby#28930)
9a55d12 feat(gatsby): Add eslint rules to warn against bad patterns in pageTemplates (for Fast Refresh) (feat(gatsby): Add eslint rules to warn against bad patterns in pageTemplates (for Fast Refresh) gatsbyjs/gatsby#28689)
b9978e1 fix(gatsby-plugin-image): Handle imgStyle in SSR (fix(gatsby-plugin-image): Handle imgStyle in SSR gatsbyjs/gatsby#29043)
f23ba4b fix(gatsby-source-contentful): Improve base64 placeholders (fix(gatsby-source-contentful): Improve base64 placeholders gatsbyjs/gatsby#29034)
18b5f30 fix(security): update vulnerable packages, include React 17 in peerDeps (fix(security): update vulnerable packages, include React 17 in peerDeps gatsbyjs/gatsby#28545)
f8bbc06 docs: edit search documentation (Edit search documentation gatsbyjs/gatsby#28737)
004acf0 fix(sharp) wrap sharp calls in try/catch to avoid crashing on bad images (fix(sharp) wrap sharp calls in try/catch to avoid crashing on bad images gatsbyjs/gatsby#28645)
bf6f264 Hydrate when the page was server rendered (feat(gatsby): Hydrate in development when the page was server rendered gatsbyjs/gatsby#29016)
e72533d chore(gatsby-plugin-image): Unflag remote images (chore(gatsby-plugin-image): Unflag remote images gatsbyjs/gatsby#29032)
332543c chore(docs): adjust Contentful Rich Text example codes (chore(docs): adjust Contentful Rich Text example codes gatsbyjs/gatsby#29029)
9bcc12c feat(gatsby-plugin-image): Change fullWidth to use breakpoints (feat(gatsby-plugin-image): Change fullWidth to use breakpoints gatsbyjs/gatsby#29002)
168ff60 Fix/contentful add header (fix(gatsby-source-contentful): Add header gatsbyjs/gatsby#29028)
a3ad6d7 fix(gatsbu-source-contentful): apply useNameForId when creating the graphql schema (fix(gatsbu-source-contentful): apply useNameForId when creating the g… gatsbyjs/gatsby#28649)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation

…y-starter-blog-theme/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137

fix: starters/gatsby-starter-blog-theme/package.json & starters/gatsb…

fa8eff3

…y-starter-blog-theme/package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Security upgrade gatsby from 2.20.25 to 2.31.0 #572

[Snyk] Security upgrade gatsby from 2.20.25 to 2.31.0 #572

wizbit commented Jan 2, 2024

[Snyk] Security upgrade gatsby from 2.20.25 to 2.31.0 #572

Are you sure you want to change the base?

[Snyk] Security upgrade gatsby from 2.20.25 to 2.31.0 #572

Conversation

wizbit commented Jan 2, 2024

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade: