[Snyk] Fix for 1 vulnerabilities

[molllyn1]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/docs/package.json
  • deps/npm/docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-FILETYPE-2958042	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby-plugin-sharp

The new version differs by 250 commits.

• 0a455df chore(release): Publish
• 91dc167 fix(gatsby): don't log FAST_DEV message for each worker (Error [ERR_INTERNAL_ASSERTION] nodejs/node#32961) (stream: finished should complete with read-only Duplex nodejs/node#32967)
• f936c93 fix(gatsby): set staticQueryResultHash to new hash on data change (stream: refactor the objectMode assignment logic nodejs/node#32949) (stream: pipeline don't destroy Duplex src before 'finish' nodejs/node#32966)
• ea161ce feat(gatsby-graphiql-explorer): upgrade to webpack 5 (build: use Node.js instead of Node in configure nodejs/node#30642)
• 944e381 chore(release): Publish next
• d6326df fix(gatsby-core-utils): Switch `auth` option from got to username/password (lib: created isValidCallback validator nodejs/node#32665)
• cf9c066 fix(gatsby): add this typings to actions (todo: update to openssl 1.1.1e on March 17th nodejs/node#32210)
• 53aa88e chore: enable test parallelism (test: elevate common http sequences to common nodejs/node#32766)
• b7deabc fix(deps): update starters and examples - gatsby (src: use using NewStringType nodejs/node#32843)
• 6025c84 chore(deps): update dependency katex to ^0.13.13 for gatsby-remark-katex (doc: fix wordy sentence nodejs/node#32567)
• d87c5cb chore: enable lmdb by default and update node for next major (test: replace console.log/error with debuglog nodejs/node#32695)
• 818d6c1 feat(gatsby-plugin-gatsby-cloud): Add `disablePreviewUI` option ('uncaughtException' event not working with unhandled promises nodejs/node#32907)
• f556a00 chore: update changelogs (HTTP/2 frames are serialised one per TLS record nodejs/node#32924)
• aba5eba feat(gatsby): enable webpack caching in development for everyone (http2.connect mishandles the socket option when connecting to an HTTPS server nodejs/node#32922)
• ac7bd4e feat(gatsby-source-wordpress): allow path to js file for beforeChangeNode option (Update zlib.md nodejs/node#32901)
• 1a87a8a docs(gatsby-source-wordpress): document content sync (2020-04-12 Node.js v10.20.1 'Dubnium' (LTS) Release nodejs/node#32768)
• 417df15 chore: re-generate changelogs (stream: inline unbuffered _write nodejs/node#32886)
• 1810874 fix(gatsby-source-wordpress): draft previews (modules: partial doc removal of --experimental-modules nodejs/node#32915)
• 7c72ab8 chore(gatsby): remove unused packages (doc: synch SECURITY.md with website nodejs/node#32903)
• afb06d7 chore(docs): Add hint for MDX plugin in remark-plugin-tutorial (Node warnings bubble up and in bin scripts can't be disabled  nodejs/node#32876)
• 1303ecb chore(docs): Update wording for "using-web-fonts" (Using "folder" and "directory" interchangeably in documentation nodejs/node#32902)
• 9589911 chore(docs): Fix code highlighting in part 6 (stream: some simplification nodejs/node#32900)
• 568d4ce feat(gatsby-source-drupal): Use the collection count from JSON:API extras to enable parallel API requests for cold builds ([v12.x] module: path-only CJS exports extension searching nodejs/node#32883)
• 41f5337 fix(deps): update typescript to ^4.29.3 (build: use tabs for indentation in Makefile nodejs/node#32614)

See the full diff

Package name: gatsby-source-filesystem

The new version differs by 250 commits.

• 3d607f1 chore(release): Publish
• a5131bd fix(gatsby): pull out a few bug fixes from https://github.com/feat(gatsby): make dev ssr bundling lazy gatsbyjs/gatsby#28149/ (last versions of node for linuxppc64 requires glib >= 2.15 but maximal version on this platform is 2.11 nodejs/node#28186) (report: add cpu info to report output nodejs/node#28188)
• 4b9cd2e feat(gatsby): invite people with long page query running to try out query on demand feature (build: re-enable custom V8 snapshot by default nodejs/node#28181) (NiM Chrome Extension is collecting user's email address nodejs/node#28185)
• 9869094 feat(gatsby): enable all dev improvements with one env var (perf_hooks,trace_events: use stricter equality nodejs/node#28166) (doc,test: test documentation consistency for NODE_OPTIONS nodejs/node#28179)
• 57b5840 fix(gatsby): get-page-data should timeout gracefully (lib: remove unnecessary bind nodejs/node#28131) (build: Re-enable openssl asm for arm64 nodejs/node#28180)
• 00870bb fix(gatsby-source-filesystem): Use new FileType methods to read file extension (test: mark test-fs-stat-bigint as flaky nodejs/node#28156) (doc,n-api: fix typo nodejs/node#28178)
• 9e3ceec fix(gatsby): rename env var for lazy dev bundling to make consistent with other experiments (http2: refactor ping + settings object lifetime management nodejs/node#28150)
• a612f26 feat(gatsby): invite (1%) of Gatsby users to try out develop ssr (test: remove duplicate test-child-process-execfilesync-maxBuffer.js nodejs/node#28139)
• 04349a0 feat(gatsby): lazy bundle page components in dev server (test: add util inspect null getter test nodejs/node#27884)
• 179694a chore(gatsby-source-graphql): upgrade graphql-tools to v7 (deps: V8: cherry-pick 94c87fe nodejs/node#27792)
• 23da2c3 feat(gatsby): SSR pages during development ([v10.x backport] TLS1.3 (and dependent PRs) nodejs/node#27432)
• 6858f22 Try adding sitehash to success event (doc: add example for zlib.createGzip() nodejs/node#28136)
• 088eef4 feat(develop): add query on demand behind feature flag (doc: fix prohibited-strings warning in pull-requests.md nodejs/node#28127)
• a737ea7 feat(gatsby): invite people with long develop bundling times to try the lazy dev js bundling feature (tls: rename validateKeyCert in _tls_common.js nodejs/node#28116)
• bf328d0 chore(docs): replace typefaces with fontsource (modules: explicitly initialize CJS loader nodejs/node#27313)
• 17de55b chore: update publishing scripts (build: unbreak --with-intl=system-icu build nodejs/node#28118)
• f9838f7 feat(create-gatsby): add telemetry tracking (test: mark test-worker-debug flaky nodejs/node#28107)
• 23b4137 chore(create-gatsby): Remove alpha warning (http: empty body response considered not completed and aborted nodejs/node#28132)
• 195d623 feat: add utility to show experiment invitation notices (http: fix test where aborted should not be emitted nodejs/node#28120)
• 1657b98 benchmarks(contentful): use the new max pageLimit (build: lint all docs under doc nodejs/node#28128)
• 283da81 refactor(gatsby): get-page-data util ([10.x] http, http2: flag for overriding server timeout nodejs/node#27939)
• 5b2d9b6 fix(gatsby): fix race condition in cache lock (doc: improve DEP0090 text nodejs/node#28097)
• 061b459 Add Netlify CMS (test: move the corresponding IPv4 and IPv6 tests nodejs/node#28124)
• 539dbb0 chore(deps): update babel monorepo (doc: add missing --trace in man page nodejs/node#27528)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[guardrails]

⚠️ We detected 10 security issues in this pull request:

Mode: paranoid | Total findings: 10 | Considered vulnerability: 10

Vulnerable Libraries (10)

Severity	Details
Medium	git-up@4.0.1 (t) - no patch available
Medium	node-fetch@1.7.3 (t) - no patch available
Critical	parse-path@4.0.1 (t) - no patch available
Medium	prismjs@1.18.0 (t) - no patch available
Medium	parse-url@5.0.1 (t) - no patch available
High	simple-get@3.1.0 (t) - no patch available
High	url-parse@1.4.7 (t) - no patch available
Medium	bl@3.0.0 (t) upgrade to: =3.0.0 || >=1.2.3
High	gatsby-plugin-sharp@3.13.0 upgrade to: ***
Medium	gatsby-source-filesystem@2.6.0 upgrade to: >=1.4.8

More info on how to fix Vulnerable Libraries in General and JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.