[Snyk] Fix for 3 vulnerabilities

[kaocher82]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • starters/gatsby-starter-blog-theme/package.json
  • starters/gatsby-starter-blog-theme/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	601/1000 Why? Recently disclosed, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Code Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

• 93c356e chore(release): Publish
• 26a94f2 Revert "fix(gatsby): Update mini-css-extract-plugin to fix inc builds issue (fix(gatsby): Update mini-css-extract-plugin to fix inc builds issue gatsbyjs/gatsby#33979)" (Revert "fix(gatsby): Update mini-css-extract-plugin to fix inc builds issue (#33979)" gatsbyjs/gatsby#34413)
• 183b5f1 chore(gatsby): Add types for `getServerData` (chore(gatsby): Add types for getServerData gatsbyjs/gatsby#34406)
• 2e32870 chore(docs): Clean up Headless CMS documentation links (chore(docs): Clean up Headless CMS documentation links gatsbyjs/gatsby#34350)
• ca37398 fix(gatsby): Only start write page-data.json activity if there's pages to write (fix(gatsby): Only start write page-data.json activity if there's pages to write gatsbyjs/gatsby#34403)
• f4f1313 chore(release): Publish next
• 8a9b023 fix(gatsby): createNode return promise (fix(gatsby): createNode return promise gatsbyjs/gatsby#34399)
• 6ffe0af chore(release): Publish next
• 0cc5a5a fix(gatsby): Wrong route resolved by findPageByPath function (fix(gatsby): Wrong route resolved by findPageByPath function gatsbyjs/gatsby#34070)
• 33049c8 fix(deps): update typescript to v5 (major) (fix(deps): update typescript to v5 (major) gatsbyjs/gatsby#33786)
• 073caef chore(docs): Update processing external images guide (chore(docs): Update processing external images guide gatsbyjs/gatsby#34388)
• ad4b8da chore(deps): update dependency aws-sdk to ^2.1048.0 (chore(deps): update dependency aws-sdk to ^2.1048.0 gatsbyjs/gatsby#34365)
• fc3e7b7 chore(deps): update dependency autoprefixer to ^10.4.1 for gatsby-plugin-sass (chore(deps): update dependency autoprefixer to ^10.4.1 for gatsby-plugin-sass gatsbyjs/gatsby#34357)
• 1106845 chore(deps): update formatting & linting (chore(deps): update formatting & linting gatsbyjs/gatsby#34370)
• 4628093 fix(deps): update minor and patch dependencies for gatsby-source-drupal (fix(deps): update minor and patch dependencies for gatsby-source-drupal gatsbyjs/gatsby#34375)
• 3af68e1 fix(deps): update dependency eslint-plugin-react to ^7.28.0 (fix(deps): update dependency eslint-plugin-react to ^7.28.0 gatsbyjs/gatsby#34372)
• 8a7788d fix(deps): update dependency resolve-url-loader to ^3.1.4 for gatsby-plugin-sass (fix(deps): update dependency resolve-url-loader to ^3.1.4 for gatsby-plugin-sass gatsbyjs/gatsby#34361)
• c6e4298 chore(deps): update dependency typescript to ^4.5.4 (chore(deps): update dependency typescript to ^4.5.4 gatsbyjs/gatsby#34358)
• 7578d71 chore(docs): Fix links to shared layout component (chore(docs): Fix links to shared layout component gatsbyjs/gatsby#34330)
• 540484d chore: Fix typo (chore: Fix typo gatsbyjs/gatsby#34349)
• 3341eea chore(examples): use mobx v6 in using-mobx example (chore(examples): use mobx v6 in using-mobx example gatsbyjs/gatsby#34351)
• 63207a2 chore(deps): update dependency rewire to v6 for gatsby-plugin-offline (chore(deps): update dependency rewire to v6 for gatsby-plugin-offline gatsbyjs/gatsby#34376)
• 42c7d64 chore(deps): update dependency msw to ^0.36.3 for gatsby-core-utils (chore(deps): update dependency msw to ^0.36.3 for gatsby-core-utils gatsbyjs/gatsby#34367)
• 1367c79 chore(deps): update dependency msw to ^0.36.3 for gatsby-plugin-gatsby-cloud (chore(deps): update dependency msw to ^0.36.3 for gatsby-plugin-gatsby-cloud gatsbyjs/gatsby#34368)

See the full diff

Package name: gatsby-theme-blog

The new version differs by 26 commits.

• a9dd4d1 chore(release): Publish
• ca08c16 feat: upgrade to gatsby v4 ([Snyk] Security upgrade gatsby from 2.32.11 to 3.0.0 #149)
• 692499e BREAKING: v3 ([Snyk] Security upgrade gatsby from 2.32.11 to 3.0.0 #112)
• c05f29d chore: Revert to push again
• e6d333c chore(release): Publish
• 8f1ba38 feat(gatsby-theme-blog-core): Support filter, limit options ([Snyk] Security upgrade gatsby from 2.32.11 to 3.0.0 #98)
• 335eb8e chore: Run Cypress on push & PR
• 1b9267f chore(release): Publish
• dd7d0a6 chore: Dependency maintenance ([Snyk] Security upgrade gatsby from 2.32.11 to 3.0.0 #107)
• 069fb47 chore(release): Publish
• 107c28e fix(gatsby-theme-i18n-react-i18next): default options typo ([Snyk] Security upgrade gatsby from 2.32.11 to 3.0.0 #96)
• 6ff5c7a chore(release): Publish
• 003cd70 chore: Linting
• 7b3b008 chore(release): Publish
• 60d8928 fix(gatsby-theme-blog): Remove console.log
• 25e76f5 chore(release): Publish
• c2b71f9 chore: One more .org to .com change
• 0c2f843 chore: Change .org links to .com
• e6a3b30 fix(gatsby-theme-i18n): Correct HTML lang ([Snyk] Security upgrade gatsby from 2.32.11 to 3.0.0 #92)
• 631ae27 feat(gatsby-theme-i18n): Add "prefixDefault" option ([Snyk] Security upgrade gatsby from 2.32.10 to 3.0.0 #75)
• 6dd2936 Added post-hero-caption component and relevant mdx properties, with example usage ([Snyk] Security upgrade gatsby from 2.32.11 to 3.0.0 #95)
• fead1c2 Fix incorrect path in documentation ([Snyk] Security upgrade gatsby from 2.32.11 to 3.0.0 #86)
• 212d7b3 Add frontmatter imageAlt to fieldData ([Snyk] Security upgrade gatsby from 2.32.11 to 3.0.0 #85)
• 1ddd07c add small tests to check that notes pages from theme render ([Snyk] Security upgrade gatsby from 2.32.11 to 3.0.0 #77)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Code Injection