Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade gatsby-plugin-sharp from 2.1.5 to 2.6.31 #29

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5
Prototype Pollution
SNYK-JS-ASYNC-2441827
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gatsby-plugin-sharp The new version differs by 250 commits.
  • 83cd408 chore(release): Publish
  • d6f0318 chore: use packlist for cleanup-package-dir (#26657)
  • aa300f4 chore(docs):fixed file names and links in query-execution (#26680)
  • 11ab72a chore(docs): fixed some links in query-execution (#26555)
  • fed2619 fix(docs): query filters -> update dictionary, code fences, fix code, brand name (#26408)
  • 7de5f18 add code fences (#26409)
  • 823e473 fix(docs): schema -> fix 404, remove deleted page from sidebar, apply redirects (#26461)
  • 21b94df Docs - Remove not inclusive words (#26294)
  • 652af04 fix(docs): schema -> code fences, code fix (#26462)
  • 6b96972 chore(docs): Update GraphQL spelling in README.md (#26693)
  • c2aeded fix(gatsby): properly unlock processes onExit (#26670)
  • 93fdc09 fix(gatsby): only enable debugger when argument is given (#26669)
  • 7e83ace chore(docs): fix typos (#26682)
  • c40434a chore(docs): Fix a typo (#26665)
  • 18f6b4d chore(docs): Fix typos (#26663)
  • dedd37f chore(gatsby-plugin-sharp, gatsby-transformer-sharp): update dependencies (#26259)
  • 7975b91 chore(gatsby-recipes): Add a contributing.md to recipes (#26583)
  • ac72bfb chore(release): Publish
  • 703678e Admin/recipes gui (#26243)
  • 04c75bb fix(gatsby): fix error from ts conversion (#26681)
  • 25e3a63 fix(gatsby): fix materialization edge case with nullish values (#26677)
  • 19020c2 chore(benchmarks): set semver to match any patch/minor for most deps (#26679)
  • 608f40c chore: cherrypick Renovate updates (#26582)
  • 6ba68f8 feat(gatsby): Support React 17's new JSX Transform (#26652)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant