[Snyk] Fix for 3 vulnerabilities #174

snyk-bot · 2021-01-19T22:07:41Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	No	Proof of Concept
504/1000 Why? Has a fix available, CVSS 5.8	Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	No	No Known Exploit
520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

fbc5893 chore(release): Publish
e693b62 chore: update yarn.lock (#29078)
e998870 fix(gatsby): Always render the body component to ensure needed head & pre/post body components are added (#29077)
a1921b5 feat(gatsby): bump opt-in % to dev-ssr to 20% (#29075)
2439b44 feat(gatsby-codemods): Handle or warn on nested options changes (#29046)
c0e6c92 fix(gatsby-plugin-typescript): add missing options validations (#29066)
3163ca6 fix(gatsby-plugin-mdx): Add `root` to plugin validation (#29010)
6233382 fix(gatsby-plugin-image): Fix onload race condition (#29064)
c76c175 benchmark(gabe-fs-markdown-images): add img benchmark (#29009)
bd5b5f7 feat(gatsby): allow to skip cache persistence (#29047)
48db6ac fix(gatsby): fix broken GraphQL resolver tracing (#29015)
90b6e3d fix(gatsby): Use fast-refresh for React 17 (#28930)
9a55d12 feat(gatsby): Add eslint rules to warn against bad patterns in pageTemplates (for Fast Refresh) (#28689)
b9978e1 fix(gatsby-plugin-image): Handle imgStyle in SSR (#29043)
f23ba4b fix(gatsby-source-contentful): Improve base64 placeholders (#29034)
18b5f30 fix(security): update vulnerable packages, include React 17 in peerDeps (#28545)
f8bbc06 docs: edit search documentation (#28737)
004acf0 fix(sharp) wrap sharp calls in try/catch to avoid crashing on bad images (#28645)
bf6f264 Hydrate when the page was server rendered (#29016)
e72533d chore(gatsby-plugin-image): Unflag remote images (#29032)
332543c chore(docs): adjust Contentful Rich Text example codes (#29029)
9bcc12c feat(gatsby-plugin-image): Change fullWidth to use breakpoints (#29002)
168ff60 Fix/contentful add header (#29028)
a3ad6d7 fix(gatsbu-source-contentful): apply useNameForId when creating the graphql schema (#28649)

See the full diff

Package name: gatsby-cli

The new version differs by 250 commits.

fbc5893 chore(release): Publish
e693b62 chore: update yarn.lock (#29078)
e998870 fix(gatsby): Always render the body component to ensure needed head & pre/post body components are added (#29077)
a1921b5 feat(gatsby): bump opt-in % to dev-ssr to 20% (#29075)
2439b44 feat(gatsby-codemods): Handle or warn on nested options changes (#29046)
c0e6c92 fix(gatsby-plugin-typescript): add missing options validations (#29066)
3163ca6 fix(gatsby-plugin-mdx): Add `root` to plugin validation (#29010)
6233382 fix(gatsby-plugin-image): Fix onload race condition (#29064)
c76c175 benchmark(gabe-fs-markdown-images): add img benchmark (#29009)
bd5b5f7 feat(gatsby): allow to skip cache persistence (#29047)
48db6ac fix(gatsby): fix broken GraphQL resolver tracing (#29015)
90b6e3d fix(gatsby): Use fast-refresh for React 17 (#28930)
9a55d12 feat(gatsby): Add eslint rules to warn against bad patterns in pageTemplates (for Fast Refresh) (#28689)
b9978e1 fix(gatsby-plugin-image): Handle imgStyle in SSR (#29043)
f23ba4b fix(gatsby-source-contentful): Improve base64 placeholders (#29034)
18b5f30 fix(security): update vulnerable packages, include React 17 in peerDeps (#28545)
f8bbc06 docs: edit search documentation (#28737)
004acf0 fix(sharp) wrap sharp calls in try/catch to avoid crashing on bad images (#28645)
bf6f264 Hydrate when the page was server rendered (#29016)
e72533d chore(gatsby-plugin-image): Unflag remote images (#29032)
332543c chore(docs): adjust Contentful Rich Text example codes (#29029)
9bcc12c feat(gatsby-plugin-image): Change fullWidth to use breakpoints (#29002)
168ff60 Fix/contentful add header (#29028)
a3ad6d7 fix(gatsbu-source-contentful): apply useNameForId when creating the graphql schema (#28649)

See the full diff

Package name: gatsby-source-graphql

The new version differs by 250 commits.

fbc5893 chore(release): Publish
e693b62 chore: update yarn.lock (#29078)
e998870 fix(gatsby): Always render the body component to ensure needed head & pre/post body components are added (#29077)
a1921b5 feat(gatsby): bump opt-in % to dev-ssr to 20% (#29075)
2439b44 feat(gatsby-codemods): Handle or warn on nested options changes (#29046)
c0e6c92 fix(gatsby-plugin-typescript): add missing options validations (#29066)
3163ca6 fix(gatsby-plugin-mdx): Add `root` to plugin validation (#29010)
6233382 fix(gatsby-plugin-image): Fix onload race condition (#29064)
c76c175 benchmark(gabe-fs-markdown-images): add img benchmark (#29009)
bd5b5f7 feat(gatsby): allow to skip cache persistence (#29047)
48db6ac fix(gatsby): fix broken GraphQL resolver tracing (#29015)
90b6e3d fix(gatsby): Use fast-refresh for React 17 (#28930)
9a55d12 feat(gatsby): Add eslint rules to warn against bad patterns in pageTemplates (for Fast Refresh) (#28689)
b9978e1 fix(gatsby-plugin-image): Handle imgStyle in SSR (#29043)
f23ba4b fix(gatsby-source-contentful): Improve base64 placeholders (#29034)
18b5f30 fix(security): update vulnerable packages, include React 17 in peerDeps (#28545)
f8bbc06 docs: edit search documentation (#28737)
004acf0 fix(sharp) wrap sharp calls in try/catch to avoid crashing on bad images (#28645)
bf6f264 Hydrate when the page was server rendered (#29016)
e72533d chore(gatsby-plugin-image): Unflag remote images (#29032)
332543c chore(docs): adjust Contentful Rich Text example codes (#29029)
9bcc12c feat(gatsby-plugin-image): Change fullWidth to use breakpoints (#29002)
168ff60 Fix/contentful add header (#29028)
a3ad6d7 fix(gatsbu-source-contentful): apply useNameForId when creating the graphql schema (#28649)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-1038255 - https://snyk.io/vuln/SNYK-JS-HIGHLIGHTJS-1045326 - https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311

netlify · 2021-01-19T22:14:01Z

✔️ Deploy preview for footsteps-app ready!

🔨 Explore the source changes: 9c60b10

🔍 Inspect the deploy logs: https://app.netlify.com/sites/footsteps-app/deploys/6007582fdc06b700075118ce

😎 Browse the preview: https://deploy-preview-174--footsteps-app.netlify.app

fix: package.json & package-lock.json to reduce vulnerabilities

9c60b10

The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-AXIOS-1038255 - https://snyk.io/vuln/SNYK-JS-HIGHLIGHTJS-1045326 - https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 3 vulnerabilities #174

[Snyk] Fix for 3 vulnerabilities #174

snyk-bot commented Jan 19, 2021

netlify bot commented Jan 19, 2021

[Snyk] Fix for 3 vulnerabilities #174

Are you sure you want to change the base?

[Snyk] Fix for 3 vulnerabilities #174

Conversation

snyk-bot commented Jan 19, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

netlify bot commented Jan 19, 2021