[Snyk] Fix for 1 vulnerabilities

[molllyn1]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/docs/package.json
  • deps/npm/docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

• f3f1bbc chore(release): Publish
• c410082 fix(gatsby-source-drupal): check relationships type exists on node before filtering (doc: update napi_async_init documentation nodejs/node#33181) (errors: simplify super function invoke nodejs/node#33228)
• f3f2834 fix(gatsby-source-wordpress): fix failing test docker setup (Support query parameters (and hash) in CLI paths nodejs/node#33163)
• fe2f09b feat(gatsby): let serve use getServerData headers (#33159)
• fc66250 fix(gatsby): Assign parentSpan to activities that were missing them (v13.14.0 proposal nodejs/node#33122)
• 91187da feat(gatsby-source-drupal): Add tracing for full/delta fetches and http requests (src: separate owning and non-owning AliasedBuffers nodejs/node#33142)
• d31645c chore(gatsby): add webpack file to export same version ([v14.x] stream: runtime deprecate Transform._transformState nodejs/node#33126)
• 44afaf5 fix(gatsby): fix hydration flicker on initial render of ssr page (fs: add .ref() and .unref() methods to the StatWatcher and FSWatcher nodejs/node#33134)
• f1141a0 docs: Fix broken link on Getting Started with MDX page (respose.setHeader() should return response to allow chaining nodejs/node#33148)
• f921277 chore(release): Publish next
• b1168af chore(gatsby-plugin-gatsby-cloud): fix copy type file (node_http2.cc fatal error nodejs/node#33156)
• 14059da Remove <title> from inside <main> (test: move test-process-title to sequential nodejs/node#33150)
• 85645cd chore(release): Publish next
• 1720988 feat(gatsby-transformer-documentationjs): move createTypes to createSchemaCustomization (reword explanation nodejs/node#33149)
• 3d05986 feat(gatsby-plugin-styled-components): Add ability to disable vendor prefixes (http: ServerRequest & ServerResponse does not set destroyed false nodejs/node#33147)
• 323920d chore(gatsby): add environment variable for setting tracing config file (doc: clarify docs fs.watch exception may be emitted nodejs/node#32513)
• 425b8f5 chore(release): Publish next
• 2f2880e fix(gatsby-source-drupal): handle edge case with deleting nodes (Crarify which versions support package.json:"type":"module" nodejs/node#33143)
• eb552d1 chore(docs): Add note to Storybook guide about StaticImage (http: set default timeout in agent keepSocketAlive nodejs/node#33127)
• 4ff5026 docs: fix typo (test: ensure finish is emitted before destroy nodejs/node#33137)
• 81f35ff docs(gatsby-plugin-gatsby-cloud): fix typo: asterix -> asterisk (flaky test-net-throttle on daily master nodejs/node#33135)
• 4837b72 feat(gatsby-plugin-page-creator): Fix gatsby plugin page creator v4 (http: don't destroy completed request nodejs/node#33120)
• 3401149 feat(gatsby): Deprecate schema-related APIs in sourceNodes (Piping process.stdin to child.stdin leaves behind an open handle nodejs/node#32291)
• 62683f5 fix(gatsby-plugin-gatsby-cloud): Emit CREATE_FILE_NODE in onPostBootstrap (build: fix makefile script on windows nodejs/node#33136)

See the full diff

Package name: gatsby-plugin-sharp

The new version differs by 250 commits.

• 83cd408 chore(release): Publish
• d6f0318 chore: use packlist for cleanup-package-dir (doc: add Gireesh to TSC nodejs/node#26657)
• aa300f4 chore(docs):fixed file names and links in query-execution (doc: update spawnSync() status value possibilities nodejs/node#26680)
• 11ab72a chore(docs): fixed some links in query-execution (timers: remove dead code and simplify args check nodejs/node#26555)
• fed2619 fix(docs): query filters -> update dictionary, code fences, fix code, brand name (http: improve for-loop readability in _http_outgoing.js nodejs/node#26408)
• 7de5f18 add code fences (tools: add and apply eslint rule no-regex-spaces nodejs/node#26409)
• 823e473 fix(docs): schema -> fix 404, remove deleted page from sidebar, apply redirects (doc: fix nits in report docs nodejs/node#26461)
• 21b94df Docs - Remove not inclusive words (src: remove already elevated Isolate namespace nodejs/node#26294)
• 652af04 fix(docs): schema -> code fences, code fix (tools: use dmn@2.2.1 nodejs/node#26462)
• 6b96972 chore(docs): Update GraphQL spelling in README.md (perf_hooks: reset prev_ before starting ELD timer nodejs/node#26693)
• c2aeded fix(gatsby): properly unlock processes onExit ([v11.x] backport warning handler refactoring nodejs/node#26670)
• 93fdc09 fix(gatsby): only enable debugger when argument is given (C++ errors and JS errors format mismatch nodejs/node#26669)
• 7e83ace chore(docs): fix typos (src: fix warning in node_messaging nodejs/node#26682)
• c40434a chore(docs): Fix a typo (add internal documentation nodejs/node#26665)
• 18f6b4d chore(docs): Fix typos (Node REPL broken from 11.10.* to 11.11.* on fish shell nodejs/node#26663)
• dedd37f chore(gatsby-plugin-sharp, gatsby-transformer-sharp): update dependencies (doc: clarify http.ClientRequest path description nodejs/node#26259)
• 7975b91 chore(gatsby-recipes): Add a contributing.md to recipes (timers: refactor timer callback initialization nodejs/node#26583)
• ac72bfb chore(release): Publish
• 703678e Admin/recipes gui (src: remove unused Converter object nodejs/node#26243)
• 04c75bb fix(gatsby): fix error from ts conversion (src: elevate v8 namespaces for PropertyAttribute nodejs/node#26681)
• 25e3a63 fix(gatsby): fix materialization edge case with nullish values (lib: run prepareMainThreadExecution for third_party_main nodejs/node#26677)
• 19020c2 chore(benchmarks): set semver to match any patch/minor for most deps (lib: use const where possible nodejs/node#26679)
• 608f40c chore: cherrypick Renovate updates (Stream this.push and spread operator does not work nodejs/node#26582)
• 6ba68f8 feat(gatsby): Support React 17's new JSX Transform (doc: update the Troubleshooting section of the Collaborator Guide nodejs/node#26652)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)

[guardrails]

⚠️ We detected 98 security issues in this pull request:

Mode: paranoid | Total findings: 98 | Considered vulnerability: 98

Vulnerable Libraries (98)

Severity	Details
Medium	pkg:npm/es5-ext@0.10.62@0.10.62 (t) - no patch available
Medium	pkg:npm/es5-ext@0.10.62@0.10.62 (t) - no patch available
High	pkg:npm/ansi-regex@4.1.0@4.1.0 (t) upgrade to: 6.0.1,5.0.1,4.1.1,3.0.1
High	pkg:npm/semver-regex@2.0.0@2.0.0 (t) upgrade to: 3.1.3,4.0.1
Critical	pkg:npm/shell-quote@1.7.2@1.7.2 (t) upgrade to: 1.7.3
Medium	pkg:npm/object-path@0.11.5@0.11.5 (t) upgrade to: 0.11.6
Medium	pkg:npm/ajv@6.10.2@6.10.2 (t) upgrade to: 6.12.3
High	pkg:npm/css-what@2.1.3@2.1.3 (t) - no patch available
Medium	pkg:npm/sharp@0.23.4@0.23.4 (t) upgrade to: 0.30.5
High	pkg:npm/is-svg@3.0.0@3.0.0 (t) upgrade to: 4.3.0
Critical	pkg:npm/loader-utils@2.0.0@2.0.0 (t) upgrade to: 2.0.3
High	pkg:npm/file-type@8.1.0@8.1.0 (t) - no patch available
High	pkg:npm/ansi-regex@5.0.0@5.0.0 (t) upgrade to: 6.0.1,5.0.1,4.1.1,3.0.1
High	pkg:npm/url-regex@4.1.1@4.1.1 (t) - no patch available
High	pkg:npm/nth-check@1.0.2@1.0.2 (t) upgrade to: 2.0.1
Low	pkg:npm/node-fetch@2.6.1@2.6.1 (t) - no patch available
High	pkg:npm/prompts@2.4.0@2.4.0 (t) - no patch available
High	pkg:npm/file-type@9.0.0@9.0.0 (t) - no patch available
High	pkg:npm/json5@1.0.2@1.0.2 (t) upgrade to: 2.2.2
Medium	pkg:npm/color-string@1.5.3@1.5.3 (t) upgrade to: 1.5.5
Medium	pkg:npm/git-up@4.0.5@4.0.5 (t) - no patch available
Medium	pkg:npm/git-up@4.0.5@4.0.5 (t) - no patch available
High	pkg:npm/css-what@3.2.1@3.2.1 (t) - no patch available
Critical	pkg:npm/socket.io-parser@4.0.5@4.0.5 (t) - no patch available
Critical	pkg:npm/socket.io-parser@4.0.5@4.0.5 (t) - no patch available
N/A	pkg:npm/engine.io@4.1.2@4.1.2 (t) upgrade to: 3.6.1,6.2.1
High	pkg:npm/minimatch@3.0.4@3.0.4 (t) upgrade to: 3.0.5
Medium	pkg:npm/kind-of@6.0.2@6.0.2 (t) - no patch available
High	pkg:npm/busboy@0.2.14@0.2.14 (t) - no patch available
High	pkg:npm/busboy@0.2.14@0.2.14 (t) - no patch available
High	pkg:npm/minimist@0.0.8@0.0.8 (t) - no patch available
High	pkg:npm/file-type@3.9.0@3.9.0 (t) - no patch available
Medium	pkg:npm/cross-fetch@3.1.4@3.1.4 (t) upgrade to: 3.1.5,2.2.6
Medium	pkg:npm/cross-fetch@3.1.4@3.1.4 (t) upgrade to: 3.1.5,2.2.6
High	pkg:npm/loader-utils@2.0.4@2.0.4 (t) - no patch available
Medium	pkg:npm/got@10.7.0@10.7.0 (t) - no patch available
N/A	pkg:npm/dot-prop@4.2.0@4.2.0 (t) - no patch available
Medium	pkg:npm/multer@1.4.4@1.4.4 (t) - no patch available
Medium	pkg:npm/multer@1.4.4@1.4.4 (t) - no patch available
N/A	pkg:npm/decode-uri-component@0.2.0@0.2.0 (t) - no patch available
N/A	pkg:npm/decode-uri-component@0.2.0@0.2.0 (t) - no patch available
Medium	pkg:npm/browserslist@4.8.3@4.8.3 (t) upgrade to: 4.16.5
High	pkg:npm/decompress@4.2.0@4.2.0 (t) - no patch available
High	pkg:npm/minimist@1.2.0@1.2.0 (t) - no patch available
Medium	pkg:npm/postcss@7.0.26@7.0.26 (t) upgrade to: 8.2.13,7.0.36
Medium	pkg:npm/underscore.string@3.3.5@3.3.5 (t) - no patch available
High	pkg:npm/immer@8.0.1@8.0.1 (t) upgrade to: 9.0.6
High	pkg:npm/immer@8.0.1@8.0.1 (t) upgrade to: 9.0.6
Medium	pkg:npm/bl@1.2.2@1.2.2 (t) upgrade to: 1.2.3,2.2.1,3.0.1,4.0.3
High	pkg:npm/lodash.template@4.5.0@4.5.0 (t) - no patch available
High	pkg:npm/tar@5.0.5@5.0.5 (t) upgrade to: 4.4.16,5.0.8,6.1.7
N/A	pkg:npm/axios@0.18.1@0.18.1 (t) upgrade to: 0.21.1
Critical	pkg:npm/set-value@2.0.1@2.0.1 (t) - no patch available
Critical	pkg:npm/socket.io@3.1.1@3.1.1 (t) - no patch available
Critical	pkg:npm/socket.io@3.1.1@3.1.1 (t) - no patch available
Medium	pkg:npm/got@9.6.0@9.6.0 (t) - no patch available
Medium	pkg:npm/bl@3.0.0@3.0.0 (t) upgrade to: 1.2.3,2.2.1,3.0.1,4.0.3
Medium	pkg:npm/%40hapi/hoek@8.5.0@8.5.0 (t) - no patch available
Medium	pkg:npm/request@2.88.2@2.88.2 (t) - no patch available
High	pkg:npm/prismjs@1.18.0@1.18.0 (t) upgrade to: 1.21.0
High	pkg:npm/file-type@6.2.0@6.2.0 (t) - no patch available
High	pkg:npm/glob-parent@3.1.0@3.1.0 (t) upgrade to: 5.1.2
N/A	pkg:npm/debug@2.6.9@2.6.9 (t) upgrade to: 3.1.0
High	pkg:npm/@hapi/hoek@8.5.0@8.5.0 (t) upgrade to: 8.5.1,9.0.3
High	pkg:npm/file-type@5.2.0@5.2.0 (t) - no patch available
Medium	pkg:npm/parse-path@4.0.4@4.0.4 (t) - no patch available
High	pkg:npm/gatsby-transformer-remark@2.6.45@2.6.45 (t) upgrade to: 6.3.2,5.25.1
High	pkg:npm/parse-url@6.0.5@6.0.5 (t) - no patch available
High	pkg:npm/follow-redirects@1.5.10@1.5.10 (t) upgrade to: 1.14.7
High	pkg:npm/trim@0.0.1@0.0.1 (t) upgrade to: 0.0.3
Medium	pkg:npm/got@7.1.0@7.1.0 (t) - no patch available
Medium	pkg:npm/got@8.3.2@8.3.2 (t) - no patch available
Medium	pkg:npm/got@8.3.2@8.3.2 (t) - no patch available
Medium	pkg:npm/sharp@0.25.4@0.25.4 (t) upgrade to: 0.30.5
Medium	pkg:npm/browserslist@4.14.2@4.14.2 (t) upgrade to: 4.16.5
Medium	pkg:npm/ws@7.4.5@7.4.5 (t) upgrade to: 7.4.6,6.2.2,5.2.3
High	pkg:npm/clean-css@4.2.1@4.2.1 (t) - no patch available
Critical	pkg:npm/execa@1.0.0@1.0.0 (t) - no patch available
High	pkg:npm/file-type@12.4.2@12.4.2 (t) - no patch available
High	pkg:npm/file-type@4.4.0@4.4.0 (t) - no patch available
High	pkg:npm/sanitize-html@1.20.1@1.20.1 (t) - no patch available
High	pkg:npm/glob-parent@5.1.0@5.1.0 (t) upgrade to: 5.1.2
High	pkg:npm/glob-parent@5.1.0@5.1.0 (t) upgrade to: 5.1.2
Critical	pkg:npm/execa@0.7.0@0.7.0 (t) - no patch available
High	pkg:npm/path-parse@1.0.6@1.0.6 (t) - no patch available
High	pkg:npm/ini@1.3.5@1.3.5 (t) upgrade to: 1.3.6
High	pkg:npm/ini@1.3.5@1.3.5 (t) upgrade to: 1.3.6
High	pkg:npm/dicer@0.2.5@0.2.5 (t) - no patch available
High	pkg:npm/dicer@0.2.5@0.2.5 (t) - no patch available
N/A	pkg:npm/ansi-html@0.0.7@0.0.7 (t) - no patch available
High	pkg:npm/express@4.18.2@4.18.2 (t) - no patch available
High	pkg:npm/simple-get@3.1.0@3.1.0 (t) upgrade to: 4.0.1,3.1.1,2.8.2
Critical	pkg:npm/unset-value@1.0.0@1.0.0 (t) - no patch available
N/A	pkg:npm/acorn@7.1.0@7.1.0 (t) - no patch available
Medium	pkg:npm/react@16.12.0@16.12.0 (t) - no patch available
Critical	pkg:npm/lodash@4.17.15@4.17.15 (t) - no patch available
High	pkg:npm/ansi-regex@3.0.0@3.0.0 (t) upgrade to: 6.0.1,5.0.1,4.1.1,3.0.1
Critical	pkg:npm/loader-utils@1.4.2@1.4.2 (t) - no patch available

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.