[Snyk] Fix for 1 vulnerabilities

[ebouck]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @storybook/addon-docs

The new version differs by 250 commits.

• b97e2ee v6.0.0
• de37d6f Update root, peer deps to 6.0.0
• ba55375 6.0.0 changelog
• 30d685c Merge pull request #11877 from storybookjs/chore_add_api_section_snippets
• e9ec609 Merge pull request #11882 from storybookjs/add_faq_to_docs
• 7096da8 Merge pull request #11872 from storybookjs/chore_add_workflow_snippets
• c55b61d Merge pull request #11881 from storybookjs/add-readmes-for-deprecated-content
• f899683 adds faq to the documentation
• ab88075 Add deprecated docs to monorepo
• fe3b3e0 Merge branch 'next' into chore_add_api_section_snippets
• 6eee72c Merge branch 'next' into chore_add_workflow_snippets
• d8180f0 component-story-with-query was adjusted.
• 7a34522 Merge pull request #11867 from storybookjs/add-install-snippet
• 1a8351e Merge pull request #11878 from storybookjs/documentation_snippets_updates
• e680f98 Merge pull request #11876 from storybookjs/docs/preview-entries
• 313a8b7 TS => js
• d063351 Merge pull request #11880 from storybookjs/6.0-docs-tweaks
• fbdf836 fix broken markdown
• 5bddd6f updates per feedback
• 2581f63 api section feedback changes
• 9daa2b7 Merge pull request #11879 from storybookjs/remove-angular-dummy-snippet
• 483a8cf Remove angular dummy snippet
• 714076b removes the shell and json file references.
• 99aa694 initial snippets for api section

See the full diff

Package name: gatsby

The new version differs by 250 commits.

• 0c6cd61 chore(release): Publish
• 5e8e621 chore: Update main README (#36954)
• 7130cd4 test(gatsby): Slices API integration tests (#36747)
• 6496eed chore(release): Publish next
• bc7ac84 chore: preserve previous webpack stats derived values, even if we restart webpack itself (#36980)
• 2b5af32 fix: drop `__renderedByLocation` prop when calculating slice props hashes and don't expose it to slice component (#36979)
• cc1ee9b chore(release): Publish next
• 6a53861 chore(gatsby-link): Correct type export (#36968)
• 0ad6314 fix(gatsby-graphiql-explorer): Use upstream exporter package (#36966)
• 964265c chore(release): Publish next
• b624442 chore: Update peerDeps (#36965)
• b2ab092 chore(release): Publish next
• e2a14bf feat(gatsby): Slices <> partial hydration interop (#36960)
• 0083e62 fix(deps): update starters and examples gatsby packages to ^4.24.7 (#36957)
• 68e9cab chore(changelogs): update changelogs (#36958)
• b9eb8d2 chore(deps): update dependency autoprefixer to ^10.4.13 for gatsby-plugin-sass (#36934)
• 58c37ea chore(deps): update dependency @ jridgewell/trace-mapping to ^0.3.17 for gatsby-legacy-polyfills (#36933)
• a5e4c47 fix(deps): update dependency body-parser to ^1.20.1 for gatsby-source-drupal (#36940)
• c86aa7e chore(docs): Add clarification for Pro Tip on Part 4 of tutorial (#36918)
• d5c775a feat(gatsby): handle graphql-import-node bundling (#36951)
• 59e2976 feat(gatsby-remark-embed-snippet): added csproj to language map so it will be recognized as xml (#36919)
• c8a7dda chore(docs): Valhalla Content Hub Reference Guide (#36949)
• 3044280 fix(gatsby): stitch slices if just page html was regenerating without any of used slices regenerating (#36950)
• 10abdcb chore(release): Publish next

See the full diff

Package name: gatsby-plugin-manifest

The new version differs by 250 commits.

• 0a455df chore(release): Publish
• 91dc167 fix(gatsby): don't log FAST_DEV message for each worker (#32961) (#32967)
• f936c93 fix(gatsby): set staticQueryResultHash to new hash on data change (#32949) (#32966)
• ea161ce feat(gatsby-graphiql-explorer): upgrade to webpack 5 (#30642)
• 944e381 chore(release): Publish next
• d6326df fix(gatsby-core-utils): Switch `auth` option from got to username/password (#32665)
• cf9c066 fix(gatsby): add this typings to actions (#32210)
• 53aa88e chore: enable test parallelism (#32766)
• b7deabc fix(deps): update starters and examples - gatsby (#32843)
• 6025c84 chore(deps): update dependency katex to ^0.13.13 for gatsby-remark-katex (#32567)
• d87c5cb chore: enable lmdb by default and update node for next major (#32695)
• 818d6c1 feat(gatsby-plugin-gatsby-cloud): Add `disablePreviewUI` option (#32907)
• f556a00 chore: update changelogs (#32924)
• aba5eba feat(gatsby): enable webpack caching in development for everyone (#32922)
• ac7bd4e feat(gatsby-source-wordpress): allow path to js file for beforeChangeNode option (#32901)
• 1a87a8a docs(gatsby-source-wordpress): document content sync (#32768)
• 417df15 chore: re-generate changelogs (#32886)
• 1810874 fix(gatsby-source-wordpress): draft previews (#32915)
• 7c72ab8 chore(gatsby): remove unused packages (#32903)
• afb06d7 chore(docs): Add hint for MDX plugin in remark-plugin-tutorial (#32876)
• 1303ecb chore(docs): Update wording for "using-web-fonts" (#32902)
• 9589911 chore(docs): Fix code highlighting in part 6 (#32900)
• 568d4ce feat(gatsby-source-drupal): Use the collection count from JSON:API extras to enable parallel API requests for cold builds (#32883)
• 41f5337 fix(deps): update typescript to ^4.29.3 (#32614)

See the full diff

Package name: gatsby-plugin-sass

The new version differs by 250 commits.

• f8cc2a3 chore(release): Publish
• ecebdd3 fix(gatsby-plugin-sharp): Add avif to pipeline (#28871) (#28876)
• 3f854ba perf(gatsby-plugin-mdx): Stop clobbering the same file over and over again (#27974) (#28874)
• 0c1c807 fix(create-gatsby) the sessionId is supposed to be the same for the whole duration of the session (#28864) (#28870)
• 6b7c5e7 fix(gatsby-plugin-image): Fix handling of sizes prop in SSR (#28835) (#28867)
• afac774 perf(gatsby-plugin-sharp): change approach to concurrency for image processing (#28575) (#28862)
• f04304e feat(gatsby): Partially release develop SSR to 5% (#28844) (#28859)
• ceeb7d4 fix(gatsby-plugin-sharp): Pass format-specific options in image-data (#28826) (#28853)
• 883d184 feature(gatsby): Extract non-css-in-js css and add add to <head> when SSRing in dev (#28471) (#28856)
• b648728 fix(gatsby-plugin-image): Correct image styles (#28834) (#28854)
• f45ba68 fix(gatsby-plugin-image): Better error logging (#28741) (#28855)
• f19c807 chore(gatsby): enable query on demand (and lazy images) by default for local development (#28787)
• bd6b899 feat(gatsby): use production React for dev-ssr when CI=true (#28728)
• abdb8d6 feat(gatsby-source-graphql): Default Apollo Link fetch wrapper to show better API errors (#28786)
• 3b40d80 feat(gatsby): enable lazy images by default (#28743)
• 968914f chore(release): Publish next
• 5c3931c chore(gatsby): Keep page renderer around (#28784)
• 2058775 feat: Add AVIF image support to beta image plugin (#28742)
• 146b197 fix(gatsby): print childOf directive for implicit child fields (#28483)
• 3af7182 chore(telemetry) improve github action and circle detection (#28732)
• 338ed78 chore(telemetry): add valueBoolean (#28734)
• 4021a57 chore(gatsby-source-graphql): docs on how to use apollo links (#28686)
• 3a51e22 perf(gatsby-source-contentful): dont re-create nodes (#28642)
• 6af620c fix(gatsby-plugin-image): Preload lazy-hydrator (#28690)

See the full diff

Package name: gatsby-plugin-sharp

The new version differs by 250 commits.

• 0a455df chore(release): Publish
• 91dc167 fix(gatsby): don't log FAST_DEV message for each worker (#32961) (#32967)
• f936c93 fix(gatsby): set staticQueryResultHash to new hash on data change (#32949) (#32966)
• ea161ce feat(gatsby-graphiql-explorer): upgrade to webpack 5 (#30642)
• 944e381 chore(release): Publish next
• d6326df fix(gatsby-core-utils): Switch `auth` option from got to username/password (#32665)
• cf9c066 fix(gatsby): add this typings to actions (#32210)
• 53aa88e chore: enable test parallelism (#32766)
• b7deabc fix(deps): update starters and examples - gatsby (#32843)
• 6025c84 chore(deps): update dependency katex to ^0.13.13 for gatsby-remark-katex (#32567)
• d87c5cb chore: enable lmdb by default and update node for next major (#32695)
• 818d6c1 feat(gatsby-plugin-gatsby-cloud): Add `disablePreviewUI` option (#32907)
• f556a00 chore: update changelogs (#32924)
• aba5eba feat(gatsby): enable webpack caching in development for everyone (#32922)
• ac7bd4e feat(gatsby-source-wordpress): allow path to js file for beforeChangeNode option (#32901)
• 1a87a8a docs(gatsby-source-wordpress): document content sync (#32768)
• 417df15 chore: re-generate changelogs (#32886)
• 1810874 fix(gatsby-source-wordpress): draft previews (#32915)
• 7c72ab8 chore(gatsby): remove unused packages (#32903)
• afb06d7 chore(docs): Add hint for MDX plugin in remark-plugin-tutorial (#32876)
• 1303ecb chore(docs): Update wording for "using-web-fonts" (#32902)
• 9589911 chore(docs): Fix code highlighting in part 6 (#32900)
• 568d4ce feat(gatsby-source-drupal): Use the collection count from JSON:API extras to enable parallel API requests for cold builds (#32883)
• 41f5337 fix(deps): update typescript to ^4.29.3 (#32614)

See the full diff

Package name: gatsby-source-contentful

The new version differs by 250 commits.

• 84fa4be chore(release): Publish
• 49e6669 feat(gatsby-plugin-utils): add package and methods to validate plugin options (#27164)
• f3075c9 fix(deps): update minor and patch for gatsby-telemetry (#27145)
• 04c813d chore(gatsby-image): Add more DatoCMS fragments (#27289)
• 7bf2bdb perf(gatsby-source-contentful): fix API, execute deprecations, improve performance (#27244)
• 8ca2826 chore(deps): update dependency eslint-plugin-react to ^7.21.3 (#27279)
• 639a0ca chore(docs): Update storyblok links (#27064)
• 8437b65 chore(docs): Remove --save from READMEs (#27032)
• 52c69bd chore(docs): Update deploying-to-netlify (#25620)
• cc87135 chore(docs): typo in i18n doc (#27284)
• 39d897e chore(gatsby-remark-embed-snippet): Add prismjs install (#27265)
• dd264de End Drupal activity on delete webhooks and invalid secret key webhooks (#27249)
• 36421c5 chore(peril): disable merge-on-green (#27245)
• 4f7622e chore: pin joi version in peril (#27235)
• 9f0b545 fix(gatsby-remark-images): enable creating img tag with empty alt attribute (#27218)
• 4d73034 chore: update peril bot (#27233)
• 687ef12 chore(remark): Ignore unnecessary files/folders (#27229)
• 3858de1 test(integration/gatsby-cli): use sandboxed directory to "globally" install gatsby-cli (#27056)
• 84187bb chore(docs): add -u flag to pacman update cmd (#27202)
• 96f9d0b chore(circleci): Remove unit tests for www (#27201)
• bdd723e chore(release): Publish
• 00f7c08 breaking(gatsby-plugin-postcss): Upgrade gatsby-plugin-postcss to PostCSS 8 (#26947)
• 57c79b1 chore(release): Publish
• c377aef chore: Fix dirty lock file (#27200)

See the full diff

Package name: node-sass

The new version differs by 64 commits.

• c167004 6.0.1
• 911d4db remove mkdirp dep (#3108)
• 30a52f7 build(deps): bump meow from 3.7.0 to 9.0.0
• 7e08463 build(deps-dev): bump mocha from 8.4.0 to 9.0.1
• cfcbb2c chore: Use default Apline version from docker-node (#3121)
• 886319b chore: Drop Node 10 support
• c908f4f fix: Bump OSX minimum to 10.11
• 8ab02da fix: Remove old compiler gyp settings
• 3d7b9d0 chore: Add Node 16 support
• 4115e9d build(deps): bump actions/setup-node from v2.1.4 to v2.1.5
• 06f3ab4 Update TROUBLESHOOTING.md
• c1cb367 build(deps): bump actions/setup-node from v2.1.3 to v2.1.4
• 769f3a6 build(deps): bump actions/setup-node from v2.1.2 to v2.1.3
• a2a3a78 chore: Bump dependabot limit
• 7105b0a 5.0.0 (#3015)
• 0648b5a chore: Add Node 15 support (#2983)
• e2391c2 Add a deprecation message to the readme (#3011)
• 6a33e53 chore: Don't upload artifacts on PRs
• d763506 chore: Only run coverage on main repo
• d4ebe72 build(deps): update actions/setup-node requirement to v2.1.2
• 2bebe05 build(deps-dev): bump rimraf from 2.7.1 to 3.0.2
• f877689 chore: Don't double build DependaBot PRs
• b48fac4 chore: Add weekly DependaBot updates
• 91c40a0 Remove deprecated process.sass API

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)