[Snyk] Upgrade: gatsby, gatsby-plugin-manifest, gatsby-plugin-offline, gatsby-plugin-sharp, gatsby-source-filesystem, gatsby-transformer-remark, gatsby-transformer-sharp, react-is, algoliasearch, bootstrap, disqus-react, dotenv, prop-types, moment, gatsby-plugin-algolia, prismjs, react-instantsearch-dom, react-share, react-slick, styled-components, typography #239
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade:
- gatsby from 2.32.3 to 2.32.13.
See this package in npm: https://www.npmjs.com/package/gatsby
- gatsby-plugin-manifest from 2.12.0 to 2.12.1.
See this package in npm: https://www.npmjs.com/package/gatsby-plugin-manifest
- gatsby-plugin-offline from 3.10.0 to 3.10.2.
See this package in npm: https://www.npmjs.com/package/gatsby-plugin-offline
- gatsby-plugin-sharp from 2.14.1 to 2.14.4.
See this package in npm: https://www.npmjs.com/package/gatsby-plugin-sharp
- gatsby-source-filesystem from 2.11.0 to 2.11.1.
See this package in npm: https://www.npmjs.com/package/gatsby-source-filesystem
- gatsby-transformer-remark from 2.16.0 to 2.16.1.
See this package in npm: https://www.npmjs.com/package/gatsby-transformer-remark
- gatsby-transformer-sharp from 2.12.0 to 2.12.1.
See this package in npm: https://www.npmjs.com/package/gatsby-transformer-sharp
- react-is from 17.0.1 to 17.0.2.
See this package in npm: https://www.npmjs.com/package/react-is
- algoliasearch from 4.8.5 to 4.24.0.
See this package in npm: https://www.npmjs.com/package/algoliasearch
- bootstrap from 4.6.0 to 4.6.2.
See this package in npm: https://www.npmjs.com/package/bootstrap
- disqus-react from 1.0.11 to 1.1.5.
See this package in npm: https://www.npmjs.com/package/disqus-react
- dotenv from 8.2.0 to 8.6.0.
See this package in npm: https://www.npmjs.com/package/dotenv
- prop-types from 15.7.2 to 15.8.1.
See this package in npm: https://www.npmjs.com/package/prop-types
- moment from 2.29.1 to 2.30.1.
See this package in npm: https://www.npmjs.com/package/moment
- gatsby-plugin-algolia from 0.6.0 to 0.26.0.
See this package in npm: https://www.npmjs.com/package/gatsby-plugin-algolia
- prismjs from 1.23.0 to 1.29.0.
See this package in npm: https://www.npmjs.com/package/prismjs
- react-instantsearch-dom from 6.9.0 to 6.40.4.
See this package in npm: https://www.npmjs.com/package/react-instantsearch-dom
- react-share from 4.3.1 to 4.4.1.
See this package in npm: https://www.npmjs.com/package/react-share
- react-slick from 0.25.2 to 0.30.2.
See this package in npm: https://www.npmjs.com/package/react-slick
- styled-components from 5.2.1 to 5.3.11.
See this package in npm: https://www.npmjs.com/package/styled-components
- typography from 0.16.19 to 0.16.24.
See this package in npm: https://www.npmjs.com/package/typography
See this project in Snyk:
https://app.snyk.io/org/bgreengo/project/eeb10fa1-d08b-416d-a654-d19bbc2266a7?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯 The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
gatsby
from 2.32.3 to 2.32.13 | 12 versions ahead of your current version | 3 years ago
on 2021-05-04
gatsby-plugin-manifest
from 2.12.0 to 2.12.1 | 1 version ahead of your current version | 4 years ago
on 2021-02-24
gatsby-plugin-offline
from 3.10.0 to 3.10.2 | 2 versions ahead of your current version | 4 years ago
on 2021-02-24
gatsby-plugin-sharp
from 2.14.1 to 2.14.4 | 3 versions ahead of your current version | 3 years ago
on 2021-05-04
gatsby-source-filesystem
from 2.11.0 to 2.11.1 | 1 version ahead of your current version | 4 years ago
on 2021-02-24
gatsby-transformer-remark
from 2.16.0 to 2.16.1 | 1 version ahead of your current version | 4 years ago
on 2021-02-24
gatsby-transformer-sharp
from 2.12.0 to 2.12.1 | 1 version ahead of your current version | 4 years ago
on 2021-03-08
react-is
from 17.0.1 to 17.0.2 | 1 version ahead of your current version | 3 years ago
on 2021-03-22
algoliasearch
from 4.8.5 to 4.24.0 | 38 versions ahead of your current version | 3 months ago
on 2024-06-25
bootstrap
from 4.6.0 to 4.6.2 | 2 versions ahead of your current version | 2 years ago
on 2022-07-19
disqus-react
from 1.0.11 to 1.1.5 | 6 versions ahead of your current version | 2 years ago
on 2022-10-13
dotenv
from 8.2.0 to 8.6.0 | 5 versions ahead of your current version | 3 years ago
on 2021-05-05
prop-types
from 15.7.2 to 15.8.1 | 2 versions ahead of your current version | 3 years ago
on 2022-01-05
moment
from 2.29.1 to 2.30.1 | 5 versions ahead of your current version | 9 months ago
on 2023-12-27
gatsby-plugin-algolia
from 0.6.0 to 0.26.0 | 36 versions ahead of your current version | 3 years ago
on 2022-02-03
prismjs
from 1.23.0 to 1.29.0 | 7 versions ahead of your current version | 2 years ago
on 2022-08-23
react-instantsearch-dom
from 6.9.0 to 6.40.4 | 60 versions ahead of your current version | a year ago
on 2023-07-25
react-share
from 4.3.1 to 4.4.1 | 2 versions ahead of your current version | 2 years ago
on 2022-10-16
react-slick
from 0.25.2 to 0.30.2 | 25 versions ahead of your current version | 7 months ago
on 2024-02-17
styled-components
from 5.2.1 to 5.3.11 | 16 versions ahead of your current version | a year ago
on 2023-05-26
typography
from 0.16.19 to 0.16.24 | 3 versions ahead of your current version | a year ago
on 2023-07-08
Issues fixed by the recommended upgrade:
SNYK-JS-MOMENT-2440688
SNYK-JS-MOMENT-2944238
SNYK-JS-FOLLOWREDIRECTS-6141137
SNYK-JS-ENGINEIO-1056749
SNYK-JS-PRISMJS-1314893
SNYK-JS-PRISMJS-1585202
SNYK-JS-XMLHTTPREQUESTSSL-1082936
SNYK-JS-XMLHTTPREQUESTSSL-1255647
SNYK-JS-URLPARSE-2407770
SNYK-JS-LODASH-1040724
SNYK-JS-FOLLOWREDIRECTS-2332181
SNYK-JS-BROWSERSLIST-1090194
SNYK-JS-FOLLOWREDIRECTS-6444610
SNYK-JS-ALGOLIASEARCHHELPER-1570421
SNYK-JS-PARSEURL-2935944
SNYK-JS-PROMPTS-1729737
SNYK-JS-URLPARSE-2407759
SNYK-JS-FOLLOWREDIRECTS-2396346
SNYK-JS-BABELTRAVERSE-5962462
SNYK-JS-PRISMJS-2404333
SNYK-JS-PARSEURL-2935947
SNYK-JS-PARSEURL-2936249
SNYK-JS-PARSEURL-2942134
SNYK-JS-SOCKETIOPARSER-3091012
SNYK-JS-SOCKETIOPARSER-3091012
SNYK-JS-YARGSPARSER-560381
SNYK-JS-SOCKETIO-1024859
SNYK-JS-URLPARSE-1078283
SNYK-JS-URLPARSE-1533425
SNYK-JS-URLPARSE-2401205
SNYK-JS-URLPARSE-2412697
SNYK-JS-LODASH-1018905
npm:debug:20170905
Release notes
Package name: gatsby
-
2.32.13 - 2021-05-04
-
2.32.12 - 2021-04-07
-
2.32.11 - 2021-03-09
-
2.32.10 - 2021-03-08
-
2.32.9 - 2021-03-01
-
2.32.8 - 2021-02-25
-
2.32.7 - 2021-02-25
-
2.32.6 - 2021-02-24
-
2.32.5 - 2021-02-24
-
2.32.5-pin-babel-7-12.3 - 2021-02-23
-
2.32.4 - 2021-02-18
-
2.32.4-runtime-tick.2 - 2021-02-21
-
2.32.3 - 2021-02-05
from gatsby GitHub release notesPackage name: gatsby-plugin-manifest
-
2.12.1 - 2021-02-24
-
2.12.0 - 2021-02-02
from gatsby-plugin-manifest GitHub release notesPackage name: gatsby-plugin-offline
-
3.10.2 - 2021-02-24
-
3.10.1 - 2021-02-18
-
3.10.0 - 2021-02-02
from gatsby-plugin-offline GitHub release notesPackage name: gatsby-plugin-sharp
-
2.14.4 - 2021-05-04
-
2.14.3 - 2021-02-25
-
2.14.2 - 2021-02-24
-
2.14.1 - 2021-02-05
from gatsby-plugin-sharp GitHub release notesPackage name: gatsby-source-filesystem
-
2.11.1 - 2021-02-24
-
2.11.0 - 2021-02-02
from gatsby-source-filesystem GitHub release notesPackage name: gatsby-transformer-remark
-
2.16.1 - 2021-02-24
-
2.16.0 - 2021-02-02
from gatsby-transformer-remark GitHub release notesPackage name: gatsby-transformer-sharp
-
2.12.1 - 2021-03-08
-
2.12.0 - 2021-02-02
from gatsby-transformer-sharp GitHub release notesPackage name: react-is
-
17.0.2 - 2021-03-22
- Remove an unused dependency to address the
- react: https://unpkg.com/react@17.0.2/umd/
- react-art: https://unpkg.com/react-art@17.0.2/umd/
- react-dom: https://unpkg.com/react-dom@17.0.2/umd/
- react-is: https://unpkg.com/react-is@17.0.2/umd/
- react-test-renderer: https://unpkg.com/react-test-renderer@17.0.2/umd/
- scheduler: https://unpkg.com/scheduler@0.20.2/umd/
-
17.0.1 - 2020-10-22
- Fix a crash in IE11. (@ gaearon in #20071)
from react-is GitHub release notesReact DOM
SharedArrayBuffercross-origin isolation warning. (@ koba04 and @ bvaughn in #20831, #20832, and #20840)Artifacts
React DOM
Package name: algoliasearch
-
4.24.0 - 2024-06-25
-
4.23.3 - 2024-04-10
-
4.23.2 - 2024-03-27
-
4.23.1 - 2024-03-26
-
4.23.0 - 2024-03-26
-
4.22.1 - 2024-01-09
-
4.22.0 - 2023-12-14
-
4.21.1 - 2023-12-12
-
4.21.0 - 2023-12-11
-
4.20.0 - 2023-09-12
-
4.19.1 - 2023-07-20
-
4.19.0 - 2023-07-18
-
4.18.0 - 2023-06-23
-
4.17.2 - 2023-06-08
-
4.17.1 - 2023-05-24
-
4.17.0 - 2023-04-03
-
4.16.0 - 2023-03-23
-
4.15.0 - 2023-03-02
-
4.14.3 - 2022-12-19
-
4.14.2 - 2022-07-27
-
4.14.1 - 2022-07-20
-
4.14.0 - 2022-07-18
-
4.13.1 - 2022-05-18
-
4.13.0 - 2022-03-14
-
4.12.2 - 2022-03-02
-
4.12.1 - 2022-01-28
-
4.12.0 - 2022-01-07
-
4.11.0 - 2021-10-20
-
4.10.5 - 2021-08-26
-
4.10.4 - 2021-08-23
-
4.10.3 - 2021-07-05
-
4.10.2 - 2021-06-23
-
4.10.0 - 2021-06-23
-
4.9.3 - 2021-06-15
-
4.9.2 - 2021-06-10
-
4.9.1 - 2021-04-26
-
4.9.0 - 2021-04-13
-
4.8.6 - 2021-03-08
-
4.8.5 - 2021-02-08
from algoliasearch GitHub release notesPackage name: bootstrap
-
4.6.2 - 2022-07-19
- Added an example to our Collapse plugin docs to show how to use horizontal collapsing. This has long been possible via our JS, but we never had an official class to utilize it.
- We've replaced the deprecated
- Tweaked the size of
- Improved accessibility around our dropdowns, color contrast, and
- Fixed some broken links to supporting documentation.
- Updated dependencies across the board.
- Removed blurred background reference from the Toast Docs. by @ pricop in #35190
- Update links to CCA, MQ5 prefers-reduced-motion, evergreen WCAG urls, more resources by @ patrickhlauke in #35427
- v4-dev backports and updates by @ XhmikosR in #35482
- Backport #35556 by @ julien-deramond in #35558
- Tweak toast docs by @ patrickhlauke in #35633
- v4-dev backports and updates by @ XhmikosR in #35642
- Doc: Reorder alphabetically lists of components by @ julien-deramond in #36128
- Updated the small-font-size to use a round value by @ pricop in #36172
- v4 dev backports and updates by @ XhmikosR in #35767
- _custom-forms.scss: fix order of attributes by @ twin-elements in #36231
- Replace the deprecated
- [v4] Doc: remove
- Dynamic tabs: use buttons rather than links (backport to v4) by @ patrickhlauke in #33163
- v4 dev updates by @ XhmikosR in #36430
- Fix closing HTML tag in navs docs by @ julien-deramond in #36466
- v4: Horizontal collapse by @ mdo in #36434
- Fixing tabs' tests v4 by @ louismaximepiton in #36485
- Docs: fix some ARIA Authoring Practices Guides broken links by @ julien-deramond in #36490
- v4 - Remove confusing unnecessary id/aria-labelledby for dropdown menus by @ patrickhlauke in #36491
- v4 Docs: outdated ARIA/PF link, expand contrast explanation in
- v4: Improve accessible name of version dropdown in docs navbar by @ patrickhlauke in #36504
- Update devDependencies by @ XhmikosR in #36522
- Docs: update clipboard.js to v2.0.11 by @ julien-deramond in #36631
- Update devDependencies by @ XhmikosR in #36724
- v4: Add Fathom by @ mdo in #36727
- Docs: Capitalize Unicode by @ julien-deramond in #36735
- Release v4.6.2 by @ XhmikosR in #36725
- @ twin-elements made their first contribution in #36231
- @ AdrianCurtin made their first contribution in #36283
-
4.6.1 - 2021-10-28
- Replace Sass division with multiplication and custom
- Update RFS to v8.1.0 by @ XhmikosR in #34571
- fix(forms): input-group and validation icons by @ ffoodd in #32968
- Fix minor visual bug in Firefox caused by
- Adjust
- Add
- Adjust feedback icon position and padding for
- Carousel: use buttons, not links, for prev/next controls by @ patrickhlauke in #33165
- v4: Sass docs for default variables by @ mdo in #33392
- Handle complex expressions in
- More concise improvements for
- Remove
- Dropdown: support
- Update Node versions in JS tests (drop Node 10, add Node 16), update docs JS assets and add variables for
- Replace Freenode with Libera IRC server by @ midzer #34050
- Fix repetition in the Navbar docs description by @ coliff in #34208
- Enable
- Remove print
- Fix prevented
- Input group validation with custom-file input by @ ffoodd in #33239
- Add eslint-plugin-qunit and tighten JS tests by @ XhmikosR in #32270
- Update our tests to Node 16 and npm 8 by @ XhmikosR in #35142
- Disabled link cleanup by @ patrickhlauke in #34924
- Updated our devDependencies including terser; also enabled two passes for terser by @ XhmikosR
-
4.6.0 - 2021-01-19
from bootstrap GitHub release notesHighlights
color-adjustwithprint-color-adjustin our Sass files as part of the Autoprefixer v10.4.6 issues. This should quiet the issues folks have seen from that dependency change. If you're using our distribution CSS files, likebootstrap.min.css, you may still see the warning.smalland.smallto compute to a whole pixel value (was12.8pxand now is14px).roleattributes.What's Changed
color-adjustwithprint-color-adjustby @ AdrianCurtin in #36283role="group"from some split drop* buttons by @ julien-deramond in #36254accessibility.mdby @ patrickhlauke in #36492New Contributors
Full Changelog: v4.6.1...v4.6.2
What's changed
divide()function by @ mdo in #34571moz-focusringby @ kremit in #32821SAFE_URL_PATTERNregex for use with test method of regexes by @ nikonthethird in #33153smsin theSAFE_URL_PATTERNfor sanitizer by @ XhmikosR in #35074select.form-controlby @ mdo in #33206add()&subtract()by @ ffoodd in #34047add()andsubtract()by @ ffoodd in #34432aria-haspopupfrom dropdowns by @ patrickhlauke in #33624.dropdown-itemwrapped in<li>tags by @ cpsievert in #33649vertical-alignin spinners by @ XhmikosR in #338070.xwith negative margins in utilities by @ k-utsumi in #33593theadrule by @ coliff in #34426showevent disabling modals with fade class from being displayed again by @ alpadev in #34087Full changelog
v4.6.0...v4.6.1
Package name: disqus-react
What's Changed
Full Changelog: v1.1.4...v1.1.5
What's Changed
New Contributors
Full Changelog: v1.1.2...v1.1.4
1.1.3
path-parsefrom 1.0.6 to 1.0.7url-parsefrom 1.5.1 to 1.5.3wsfrom 5.2.2 to 5.2.3