[Snyk] Fix for 1 vulnerabilities

[molllyn1]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/docs/package.json
  • deps/npm/docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

• f1d3f7b chore(release): Publish
• 6e6ea56 chore(release): Publish rc
• df50ce7 fix(gatsby): Add dir=ltr to Fast Refresh overlay (Inconsistent Date.prototype.getTime() value across different Node.js versions nodejs/node#29900) (fs: remove options.encoding from Dir.read*() nodejs/node#29908)
• 83adec5 chore(docs): update readme (windowsHide:true prevents SIGINT on child processes nodejs/node#29837) (module: warn on require of .js inside type: module nodejs/node#29909)
• b2628da will git stop being weird (Gyp Python 3 fixes for Windows nodejs/node#29897) (NodeJs 12.11.1 NGHTTP2_ENHANCE_YOUR_CALM  nodejs/node#29907)
• c98c87f chore(release): Publish rc
• c8bf571 fix(gatsby-source-wordpress): image fixes (configure.py: upgrade from optparse to argparse nodejs/node#29813) (test: remove unnecessary --expose-internals flags nodejs/node#29886)
• 85bb8ea fix(gatsby-plugin-image): Update peerdeps (src: bring 425 status code name into accordance with RFC 8470 nodejs/node#29880) (regex source property escaping value changed? nodejs/node#29888)
• c266b83 fix(gatsby): Remove `react-hot-loader` deps & other unused deps (vm: add Synthetic modules nodejs/node#29864) (http2: allow passing FileHandle to respondWithFD nodejs/node#29876)
• 222ca3f fix(gatsby): with some custom babel configs array spreading with Set is not safe (deps: update npm to 6.12.0 nodejs/node#29885) (test: fix flaky test-http2-client-upload nodejs/node#29889)
• ea31900 chore(release): Publish rc
• f070422 fix(gatsby): Fix various small DEV_SSR bugs exposed in development_runtime tests (#29720) (esm: Unflag --experimental-modules nodejs/node#29866)
• cb3b1ca chore: update peerdeps to latest major versions (doc: notes about forwarding stream options nodejs/node#29857) (esm: unflag --experimental-exports nodejs/node#29867)
• 8639f7b fix(create-gatsby): Use legacy peer deps (stream: How to destroy and stop Readable? nodejs/node#29856) (module: allow unrestricted cjs requires nodejs/node#29862)
• fdc1fe2 fix(gatsby): fix some css HMR edge cases (doc: fix tls version values nodejs/node#29839) (Future work for source-map functionality nodejs/node#29865)
• e8a7e3b fix(gatsby-plugin-preact): fix fast-refresh (Weird behaviour when spawning bash scripts nodejs/node#29831) (doc: Documenting known issues and discrepancies nodejs/node#29860)
• e7453c3 fix(gatsby): Improve Fast Refresh overlay styles (http: IncomingMessage destroyed state nodejs/node#29855) (stream: don't emit 'error' on non destructive errors? nodejs/node#29861)
• 76f4f96 chore: upgrade postcss & plugins (The digest function of the Crypto module's Hash object fails encoding hash in utf16le encoding nodejs/node#29793)
• de6cba6 chore(release): Publish rc
• aafe584 fix: query on demand loading indicator always active on preact. (The differences between http2 compatibility API and http[s] nodejs/node#29829) (stream: don't deadlock duplexpair nodejs/node#29836)
• 34f5b8c fix(hmr): accept hot updates for modules above page templates (cli: rename --loader to --experimental-loader nodejs/node#29752) (Update.README.js nodejs/node#29835)
• b8d21f8 fix(gatsby): workaround graphql-compose issue (doc: correct typos in security release process nodejs/node#29822) (lib: introduce no-mixed-operators eslint rule to lib nodejs/node#29834)
• 32fee71 fix(gatsby): eslint linting (v12.11.1 release proposal nodejs/node#29796) (build: replace optparse for argparse in configure.py nodejs/node#29814)
• bca7951 fix(gatsby-source-wordpress): HTML image regex's (repl: check for NODE_REPL_EXTERNAL_MODULE nodejs/node#29778) (http2: support passing options of http2.connect to net.connect nodejs/node#29816)

See the full diff

Package name: gatsby-transformer-remark

The new version differs by 250 commits.

• 0c6cd61 chore(release): Publish
• 5e8e621 chore: Update main README (module: ESM loader approach nodejs/node#36954)
• 7130cd4 test(gatsby): Slices API integration tests (Running JS linter... never completes nodejs/node#36747)
• 6496eed chore(release): Publish next
• bc7ac84 chore: preserve previous webpack stats derived values, even if we restart webpack itself (deps: update ICU to 68.2 nodejs/node#36980)
• 2b5af32 fix: drop `__renderedByLocation` prop when calculating slice props hashes and don't expose it to slice component (#36979)
• cc1ee9b chore(release): Publish next
• 6a53861 chore(gatsby-link): Correct type export (Import are case insensitive in window 10 nodejs/node#36968)
• 0ad6314 fix(gatsby-graphiql-explorer): Use upstream exporter package (test: fixup flaky test-crypto-x509 on windows nodejs/node#36966)
• 964265c chore(release): Publish next
• b624442 chore: Update peerDeps (#36965)
• b2ab092 chore(release): Publish next
• e2a14bf feat(gatsby): Slices <> partial hydration interop (doc: remove pull-requests.md preamble nodejs/node#36960)
• 0083e62 fix(deps): update starters and examples gatsby packages to ^4.24.7 (Add CodeQL security analysis to GitHub Actions workflows nodejs/node#36957)
• 68e9cab chore(changelogs): update changelogs (Math.min NOT work with 123021 numbers nodejs/node#36958)
• b9eb8d2 chore(deps): update dependency autoprefixer to ^10.4.13 for gatsby-plugin-sass (doc: add miladfarca to collaborators nodejs/node#36934)
• 58c37ea chore(deps): update dependency @ jridgewell/trace-mapping to ^0.3.17 for gatsby-legacy-polyfills (test: skip internet for test-npm-install nodejs/node#36933)
• a5e4c47 fix(deps): update dependency body-parser to ^1.20.1 for gatsby-source-drupal ([v14.x Backport] http: don't cork noop .end() nodejs/node#36940)
• c86aa7e chore(docs): Add clarification for Pro Tip on Part 4 of tutorial (module: deprecate "main" index and extension lookups nodejs/node#36918)
• d5c775a feat(gatsby): handle graphql-import-node bundling (doc: add iansu to collaborators nodejs/node#36951)
• 59e2976 feat(gatsby-remark-embed-snippet): added csproj to language map so it will be recognized as xml (#36919)
• c8a7dda chore(docs): Valhalla Content Hub Reference Guide (events.once creates an error listener that is not removed on abort. nodejs/node#36949)
• 3044280 fix(gatsby): stitch slices if just page html was regenerating without any of used slices regenerating (test: improve coverage for Module getters nodejs/node#36950)
• 10abdcb chore(release): Publish next

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Input Validation

[guardrails]

⚠️ We detected 2 security issues in this pull request:

Mode: paranoid | Total findings: 2 | Considered vulnerability: 2

Vulnerable Libraries (2)

Severity	Details
Medium	pkg:npm/gatsby@3.0.0 upgrade to: 4.25.7,5.9.1
High	pkg:npm/gatsby-transformer-remark@6.0.0 upgrade to: 6.3.2,5.25.1

More info on how to fix Vulnerable Libraries in JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.