Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Security upgrade gatsby from 2.18.18 to 3.0.0 #65

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade gatsby from 2.18.18 to 3.0.0 #65

wants to merge 1 commit into from

Conversation

molllyn1
Copy link
Owner

@molllyn1 molllyn1 commented Nov 5, 2022

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • deps/npm/docs/package.json
    • deps/npm/docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 661/1000
Why? Recently disclosed, Has a fix available, CVSS 7.5		 Prototype Pollution
SNYK-JS-LOADERUTILS-3043105		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gatsby The new version differs by 250 commits.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

@snyk-bot
fix: deps/npm/docs/package.json & deps/npm/docs/package-lock.json to …
1dafc38 
…reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105
@guardrails
Copy link

guardrails bot commented Nov 5, 2022

⚠️ We detected 19 security issues in this pull request:

Mode: paranoid | Total findings: 19 | Considered vulnerability: 19

Vulnerable Libraries (19)
Severity Details
Medium pkg:npm/%40hapi/hoek@8.5.0@8.5.0 (t) - no patch available
Medium pkg:npm/object-path@0.11.5@0.11.5 (t) upgrade to: 0.11.6
Low pkg:npm/node-fetch@2.6.1@2.6.1 (t) - no patch available
Medium pkg:npm/ws@7.4.5@7.4.5 (t) - no patch available
Medium pkg:npm/git-up@4.0.5@4.0.5 (t) - no patch available
Critical pkg:npm/loader-utils@2.0.3@2.0.3 (t) - no patch available
High pkg:npm/parse-url@6.0.5@6.0.5 (t) - no patch available
N/A pkg:npm/node-forge@0.10.0@0.10.0 (t) upgrade to: 1.0.0
High pkg:npm/immer@8.0.1@8.0.1 (t) upgrade to: 9.0.6
Critical pkg:npm/socket.io-parser@4.0.5@4.0.5 (t) - no patch available
High pkg:npm/ini@1.3.5@1.3.5 (t) upgrade to: 1.3.6
Medium pkg:npm/es5-ext@0.10.62@0.10.62 (t) - no patch available
Critical pkg:npm/socket.io@3.1.1@3.1.1 (t) - no patch available
High pkg:npm/express@4.18.2@4.18.2 (t) - no patch available
Medium pkg:npm/parse-path@4.0.4@4.0.4 (t) - no patch available
Critical pkg:npm/shell-quote@1.7.2@1.7.2 (t) upgrade to: 1.7.3
High @hapi/hoek@8.5.0 (t) upgrade to: >8.5.0
Critical gatsby@3.0.0 upgrade to: >=1.10.0-alpha.1460dad9
High ini@1.3.5 (t) upgrade to: >=1.3.6

More info on how to fix Vulnerable Libraries in JavaScript.

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@molllyn1 @snyk-bot