Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Security upgrade gatsby-transformer-remark from 2.6.45 to 5.25.1 #59

Open
wants to merge 1 commit into
base: latest
Choose a base branch
from
Open

[Snyk] Security upgrade gatsby-transformer-remark from 2.6.45 to 5.25.1 #59

wants to merge 1 commit into from

Conversation

thebpc
Copy link
Owner

@thebpc thebpc commented Jan 13, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • docs/package.json
    • docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 798/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.1		 Arbitrary Code Injection
SNYK-JS-GATSBYTRANSFORMERREMARK-3228581		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: gatsby-transformer-remark The new version differs by 250 commits.
  • 4dcca80 chore(release): Publish
  • 59076c8 fix(gatsby-transformer-remark): Disallow JS frontmatter by default (#37244) (#37298)
  • 48a3db4 fix(gatsby): [rendering engines] use results of exports removal if sourceMap was not generated alongside transformed code (#37282) (#37299)
  • ea42d7f fix(gatsby): don't output file-loader assets to .cache (#37284) (#37300)
  • 2cc9eaf chore(release): Publish
  • a729764 fix(gatsby-source-wordpress): Add back nodeType field that was removed in last version (#37212) (#37218)
  • 188d3e7 chore(release): Publish
  • 947e11b chore(gatsby-source-wordpress): use wpgql 1.13 in itests (#37146) (#37208)
  • 5e72a5d chore(release): Publish
  • 2dc715d chore: remove tracedSVG (#37093) (#37127)
  • 07c0478 chore(release): Publish
  • c698f13 fix(gatsby-source-wordpress): WPGraphQL 1.13.0 compatibility (#37134) (#37183)
  • 49cca44 chore(release): Publish
  • fac9fbc feat(gatsby-source-drupal): Provide proxyUrl in addition to baseUrl to allow using CDN, API gateway, etc. (#36819) (#37084)
  • 2bc5902 feat(gatsby-source-wordpress): MediaItem.excludeFieldNames / auto exclude interface types that have no fields (#37062) (#37085)
  • 1f92e69 fix(gatsby-source-wordpress) pass store for auth (#37006) (#37083)
  • ab793c3 chore(release): Publish
  • 07a126d fix(gatsby): stale node manifests (#36988)
  • 288d836 chore(lerna): Use latest-v4 npm dist tag in 4.24 branch (#36995)
  • c7b94b5 chore(release): Publish
  • 1926b4e feat(gatsby): handle graphql-import-node bundling (#36951) (#36953)
  • 5e5d565 chore(release): Publish
  • be43418 fix(gatsby): Also clear cache on gatsby version change (#36913) (#36925)
  • 012761e chore(release): Publish

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Injection

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@thebpc @snyk-bot