New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Fix for 11 vulnerabilities #14

Merged

0xSebin merged 1 commit into master from snyk-fix-c46aa05be9f7be2a282be97f54ee307e

Feb 20, 2022

snyk-bot commented Feb 19, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- starters/gatsby-starter-theme/package.json
- starters/gatsby-starter-theme/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Command Injection SNYK-JS-REACTDEVUTILS-1083268	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

8d07242 chore(release): Publish
0790895 chore(gatsby): Update README (chore(gatsby): Update README gatsbyjs/gatsby#33615)
06760d7 chore(gatsby): Change comment format in actions/public (chore(gatsby): Change comment format in actions/public gatsbyjs/gatsby#33592)
7d66a23 feat(gatsby): capture number of ssg,dsg,ssr pages in telemetry (feat(gatsby): capture number of ssg,dsg,ssr pages in telemetry gatsbyjs/gatsby#33337)
98a843c fix(gatsby): use lmdb.removeSync so getNode can't return deleted nodes (fix(gatsby): use lmdb.removeSync so getNode can't return deleted nodes gatsbyjs/gatsby#33554)
4d8e40b fix(gatsby-source-wordpress): Add steps for `refetch_ALL` (fix(gatsby-source-wordpress): Add steps for refetch_ALL gatsbyjs/gatsby#33264)
4761dc3 fix(gatsby): restore onPreBuild to being called right after bootstrap finishes (fix(gatsby): restore onPreBuild to being called right after bootstrap finishes gatsbyjs/gatsby#33591)
1cdbab6 fix(deps): update starters and examples gatsby packages to ^3.14.3 (fix(deps): update starters and examples gatsby packages to ^3.14.3 gatsbyjs/gatsby#33553)
0f421db chore(release): Publish next
7d6a0aa fix(gatsby): fix page-tree in ink-cli (fix(gatsby): fix page-tree in ink-cli gatsbyjs/gatsby#33579)
3993819 chore(gatsby): Add `assetPrefix` to `IGatsbyConfig` (chore(gatsby): Add assetPrefix to IGatsbyConfig gatsbyjs/gatsby#33575)
6cc964a fix(gatsby-source-wordpress): restore PQR support (fix(gatsby-source-wordpress): restore PQR support gatsbyjs/gatsby#33590)
9eef270 specifying what actually changed (specifying what actually changed gatsbyjs/gatsby#33452)
2975c4d feat(gatsby,gatsby-link): add queue to prefetch (feat(gatsby,gatsby-link): add queue to prefetch gatsbyjs/gatsby#33530)
68fe836 fix(gatsby): temporary workaround for stale jobs cache (fix(gatsby): temporary workaround for stale jobs cache gatsbyjs/gatsby#33586)
a800d9d fix(gatsby): Update internal usage of .runQuery (fix(gatsby): Update internal usage of .runQuery gatsbyjs/gatsby#33571)
677760c chore(docs): Clarify SEO component guide (chore(docs): Clarify SEO component guide gatsbyjs/gatsby#33451)
ccca4b3 fix(gatsby): only remove unused code when apis got removed (fix(gatsby): only remove unused code when apis got removed gatsbyjs/gatsby#33527)
8dbf550 fix(gatsby): assign correct parentSpans to PQR activities (fix(gatsby): assign correct parentSpans to PQR activities gatsbyjs/gatsby#33568)
31d5a5e fix(gatsby-dev-cli): resolve correct versions of packages with unpkg (fix(gatsby-dev-cli): resolve correct versions of packages with unpkg gatsbyjs/gatsby#33551)
5110074 fix(gatsby-plugin-gatsby-cloud): emit file nodes after source updates (fix(gatsby-plugin-gatsby-cloud): emit file nodes after source updates gatsbyjs/gatsby#33548)
d2329df fix(gatsby): make sure 404 and 500 page inherit stateful status from original page (fix(gatsby): make sure 404 and 500 pages inherit stateful status from original page gatsbyjs/gatsby#33544)
68e5b90 chore(docs): Update query var in part-7 tutorial (chore(docs): Update query var in part-7 tutorial gatsbyjs/gatsby#33559)
a8cab55 chore(gatsby-plugin-react-helmet): Update Examples (chore(gatsby-plugin-react-helmet): Update Examples gatsbyjs/gatsby#33552)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


          fix: starters/gatsby-starter-theme/package.json & starters/gatsby-sta…

808b7c2

…rter-theme/package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-AXIOS-1038255
- https://snyk.io/vuln/SNYK-JS-AXIOS-1579269
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-1056749
- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
- https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032
- https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640
- https://snyk.io/vuln/SNYK-JS-REACTDEVUTILS-1083268
- https://snyk.io/vuln/SNYK-JS-WS-1296835
- https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1082936
- https://snyk.io/vuln/SNYK-JS-XMLHTTPREQUESTSSL-1255647

0xSebin merged commit d1bf25e into master

# for free to join this conversation on GitHub. Already have an account? # to comment

Labels

None yet