[Snyk] Fix for 1 vulnerabilities

[vavdb]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	718/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 6.5	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-TAR-6476909	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gridsome

The new version differs by 67 commits.

• 1a8ce2e chore(release): publish
• ea53d07 refactor: use tapPromise instead of tapAsync (#1176)
• ac919fb chore(cli): improve warning if dir is not empty (#1187)
• 9e6e118 fix(g-image): rotate based on exif orientation (#1178)
• 3e5262c chore(graphql): error message for missing collection (#1180)
• 3dc6b0f fix(config): skip undefined plugins
• 7a456f8 chore(sitemap): add docs for options
• 5a311df feat(sitemap): option to include paths
• 1fcecc0 fix(vue-remark): use named entities when encoding (#1179)
• 5a28064 fix(graphql): allow GET request with query param (#1127)
• f9ec161 feat(remark): timeToRead with CJK support (#1160)
• e0b6656 feat(airtable): option for linked tables (#1054)
• 5b71d04 fix(graphql): use correct type for store.addReference()
• 4777d0c fix(graphql): add exists filter query operator
• f753a47 fix(graphql): exclude undefined variables in page-query
• dc1a3fe fix(app): add extra debugging output on hash mismatch failure (#1150)
• 224c883 chore(deps): update sharp to ^0.25.2 (#1140)
• e8a1b59 fix(cli): show help for unknown commands (#1130)
• 524e0e2 chore: update JAMstack -> Jamstack (#1148)
• 5e1d49a fix(app): reduce generated code in routes.js (#724)
• 8c3a71e refactor(google-analytics): send options to client
• 719e90b refactor(vue-remark): don’t send options to client
• 5a482c5 test: set unit or e2e in environment variable
• 8fc1c5a feat(remark): generate excerpt automatically (#1085)

See the full diff

Package name: node-sass

The new version differs by 50 commits.

• 7105b0a 5.0.0 (#3015)
• 0648b5a chore: Add Node 15 support (#2983)
• e2391c2 Add a deprecation message to the readme (#3011)
• 6a33e53 chore: Don't upload artifacts on PRs
• d763506 chore: Only run coverage on main repo
• d4ebe72 build(deps): update actions/setup-node requirement to v2.1.2
• 2bebe05 build(deps-dev): bump rimraf from 2.7.1 to 3.0.2
• f877689 chore: Don't double build DependaBot PRs
• b48fac4 chore: Add weekly DependaBot updates
• 91c40a0 Remove deprecated process.sass API
• 1f6df86 Replace lodash/assign in favor of the native Object.assign
• 522828a Remove workarounds for old Node.js versions
• 40e0f00 chore: Remove second NPM badge
• ab91bf6 chore: Remove Slack badge
• 6853a80 chore: Cleanup status badges
• fb1109c chore: Bump minimum engine version to v10
• d185440 chore: Add basic Node version support policy
• db25736 chore: Bump node-gyp to 7.1.0
• 2c5b110 chore: Bump cross-spawn to v7.0.3
• 38b9633 chore: Update Istanbul to NYC
• d63b5bf chore: Bump mocha to v8.1.3
• d0d8865 chore: Skip constructor tests on v14.6+
• ee3984d chore: Hoist test ESLint config
• feee448 chore: Remove disabled and recommended rules

See the full diff

Package name: npm

The new version differs by 250 commits.

• 3b4ba65 7.0.0
• bbfc75d chore: fix weird .gitignore thing that happened somehow
• 8a2d375 docs: changelog for v7.0.0
• 365f2e7 read-package-json@3.0.0
• fafb348 npm-package-arg@8.1.0
• 9306c68 libnpmfund@1.0.1
• 569cd64 libnpmfund@1.0.0
• ac9fde7 Integration code for @ npmcli/arborist@1.0.0
• 704b9cd @ npmcli/arborist@1.0.0
• 3955bb9 hosted-git-info@3.0.6
• da240ef fix: patch config.js to remove duplicate values
• 9ae45a8 init-package-json@2.0.0
• 41ab36d eslint@7.11.0
• c474a15 npm-registry-fetch@8.1.5
• efc6786 fix: make sure publishConfig is passed through
• 1e4e6e9 docs: v7 using npm config refresh
• 5c1c2da fix: init config aliases
• 5bc7eb2 docs: v7 npm-install refresh
• 1a35d87 7.0.0-rc.4
• 7a5a557 docs: changelog for v7.0.0-rc.4
• f0cf859 chore: dedupe deps
• 0273745 make-fetch-happen@8.0.10
• 7bd47ca @ npmcli/arborist@0.0.33
• 9320b8e only escape arguments, not the command name

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled Resource Consumption ('Resource Exhaustion')