New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Fix for 19 vulnerabilities #2053

Open

snyk-bot wants to merge 1 commit into master from snyk-fix-7abdf2d7283679b8c7d0183140f627df

snyk-bot commented Feb 28, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- benchmarks/markdown_id/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Issue	Breaking Change	Exploit Maturity
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIHTML-1296849	Yes	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	Denial of Service (DoS) SNYK-JS-ENGINEIO-3136336	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	Yes	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	Authorization Bypass Through User-Controlled Key SNYK-JS-PARSEPATH-2936439	Yes	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-3023021	Yes	Proof of Concept
	Improper Input Validation SNYK-JS-PARSEURL-3024398	Yes	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	Command Injection SNYK-JS-REACTDEVUTILS-1083268	Yes	Proof of Concept
	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit

Commit messages

Package name: gatsby

The new version differs by 250 commits.

15ab3f8 chore(release): Publish
19eec6d chore(gatsby): bump socket.io (chore(gatsby): bump socket.io gatsbyjs/gatsby#37272) (chore(gatsby): bump socket.io (#37272) gatsbyjs/gatsby#37497)
d88ed09 chore(release): Publish
d04b3b5 feat(gatsby-source-drupal): drupal langcode as notlangcode (feat(gatsby-source-drupal): drupal langcode as notlangcode gatsbyjs/gatsby#37445) (feat(gatsby-source-drupal): drupal langcode as notlangcode (#37445) gatsbyjs/gatsby#37459)
19d3861 fix(gatsby-source-drupal): await async handleDeletedNode (fix(gatsby-source-drupal): await async handleDeletedNode gatsbyjs/gatsby#37435) (fix(gatsby-source-drupal): await async handleDeletedNode (#37435) gatsbyjs/gatsby#37458)
b229e7b fix(gatsby): Use correct settings for yaml-loader (fix(gatsby): Use correct settings for yaml-loader gatsbyjs/gatsby#37454) (fix(gatsby): Use correct settings for yaml-loader (#37454) gatsbyjs/gatsby#37460)
7021834 fix(gatsby-source-contentful): maintain back reference map between runs (fix(gatsby-source-contentful): maintain back reference map between runs gatsbyjs/gatsby#37442) (fix(gatsby-source-contentful): maintain back reference map between runs (#37442) gatsbyjs/gatsby#37456)
13bf518 chore(release): Publish
b30a43f chore(deps): Bump yaml-loader (chore(deps): Bump yaml-loader gatsbyjs/gatsby#37401) (chore(deps): Bump yaml-loader (#37401) gatsbyjs/gatsby#37407)
492a31a fix(gatsby): handle initializing multiple instances of gatsby-plugin-sharp (fix(gatsby): handle initializing multiple instances of gatsby-plugin-sharp gatsbyjs/gatsby#37306) (fix(gatsby): handle initializing multiple instances of gatsby-plugin-sharp (#37306) gatsbyjs/gatsby#37329)
4dcca80 chore(release): Publish
59076c8 fix(gatsby-transformer-remark): Disallow JS frontmatter by default (fix(gatsby-transformer-remark): Disallow JS frontmatter by default gatsbyjs/gatsby#37244) (fix(gatsby-transformer-remark): Disallow JS frontmatter by default (#37244) gatsbyjs/gatsby#37298)
48a3db4 fix(gatsby): [rendering engines] use results of exports removal if sourceMap was not generated alongside transformed code (fix(gatsby): [rendering engines] use results of exports removal if sourceMap was not generated alongside transformed code gatsbyjs/gatsby#37282) (fix(gatsby): [rendering engines] use results of exports removal if sourceMap was not generated alongside transformed code (#37282) gatsbyjs/gatsby#37299)
ea42d7f fix(gatsby): don't output file-loader assets to .cache (fix(gatsby): don't output file-loader assets to .cache gatsbyjs/gatsby#37284) (fix(gatsby): don't output file-loader assets to .cache (#37284) gatsbyjs/gatsby#37300)
2cc9eaf chore(release): Publish
a729764 fix(gatsby-source-wordpress): Add back nodeType field that was removed in last version (fix(gatsby-source-wordpress): Add back nodeType field that was removed in last version gatsbyjs/gatsby#37212) (fix(gatsby-source-wordpress): Add back nodeType field that was removed in last version (#37212) gatsbyjs/gatsby#37218)
188d3e7 chore(release): Publish
947e11b chore(gatsby-source-wordpress): use wpgql 1.13 in itests (chore(gatsby-source-wordpress): use wpgql 1.13 in itests gatsbyjs/gatsby#37146) (chore(gatsby-source-wordpress): use wpgql 1.13 in itests (#37146) gatsbyjs/gatsby#37208)
5e72a5d chore(release): Publish
2dc715d chore: remove tracedSVG (Remove tracedSVG gatsbyjs/gatsby#37093) (chore: remove tracedSVG (#37093) gatsbyjs/gatsby#37127)
07c0478 chore(release): Publish
c698f13 fix(gatsby-source-wordpress): WPGraphQL 1.13.0 compatibility (fix(gatsby-source-wordpress): WPGraphQL 1.13.0 compatibility gatsbyjs/gatsby#37134) (fix(gatsby-source-wordpress): WPGraphQL 1.13.0 compatibility (#37134) gatsbyjs/gatsby#37183)
49cca44 chore(release): Publish
fac9fbc feat(gatsby-source-drupal): Provide proxyUrl in addition to baseUrl to allow using CDN, API gateway, etc. (feat(gatsby-source-drupal): Provide proxyUrl in addition to baseUrl to allow using CDN, API gateway, etc. gatsbyjs/gatsby#36819) (feat(gatsby-source-drupal): Provide proxyUrl in addition to baseUrl to allow using CDN, API gateway, etc. (#36819) gatsbyjs/gatsby#37084)

See the full diff

Package name: gatsby-remark-images

The new version differs by 250 commits.

e98cb62 chore(release): Publish
164f9a1 fix(gatsby-source-contentful): De-dupe type names (fix(gatsby-source-contentful): De-dupe type names gatsbyjs/gatsby#30834) (fix(gatsby-source-contentful): De-dupe type names (#30834) gatsbyjs/gatsby#30850)
0b99d00 fix(gatsby): webpack warnings are no longer in object format by default (fix(gatsby): webpack warnings are no longer in object format by default gatsbyjs/gatsby#30801) (fix(gatsby): webpack warnings are no longer in object format by default (#30801) gatsbyjs/gatsby#30853)
f561724 fix(gatsby): lower memory pressure in SSR (fix(gatsby): lower memory pressure in SSR gatsbyjs/gatsby#30793) (fix(gatsby): lower memory pressure in SSR (#30793) gatsbyjs/gatsby#30851)
96805d5 fix(gatsby-source-wordpress): change `console.warning` to `console.warn` (fix(gatsby-source-wordpress): error when sourcing nodes, change console.warning to console.warn gatsbyjs/gatsby#30764) (fix(gatsby-source-wordpress): change console.warning to console.warn (#30764) gatsbyjs/gatsby#30852)
e40c83d chore(release): Publish next
a5b5cf8 feat: upgrade to remark 13 (feat: upgrade to remark 13 gatsbyjs/gatsby#29678)
172cf4d chore(docs): Add link to perf implications siteContext (chore(docs): Add link to perf implications siteContext gatsbyjs/gatsby#30778)
4336d04 fix(gatsby-plugin-gatsby-cloud): Add missing index.js (so the plugin can be resolved in workspaces) (fix(gatsby-plugin-gatsby-cloud): Add missing index.js (so the plugin can be resolved in workspaces) gatsbyjs/gatsby#30761)
2bdd5a5 fix(gatsby-source-wordpress): only log out duplicate node if we have all the data we want to log (fix(gatsby-source-wordpress): only log out duplicate nodes if we have all the data we want to log gatsbyjs/gatsby#30751)
1a9b830 fix(gatsby-plugin-image): Don't inherit all img styles (fix(gatsby-plugin-image): Allow draggable=false on images gatsbyjs/gatsby#30754)
e0df4cc chore(docs): Change "whitelist" to "allow list" (chore(docs): Change "whitelist" to "allow list" gatsbyjs/gatsby#30756)
81ec270 chore: Add backport script (chore: Add backport script gatsbyjs/gatsby#30732)
63cc8fa fix(docs): Copy edits for debugging html doc + add React-specific example (fix(docs): Copy edits for debugging html doc + add React-specific example gatsbyjs/gatsby#30745)
eed1d43 fix(docs): Add link to how to enable DEV_SSR for fixing inconsistent css styles between dev/prod (fix(docs): Add link to how to enable DEV_SSR for fixing inconsistent css styles between dev/prod gatsbyjs/gatsby#30746)
ecd823f perf(gatsby): cache babel config items (perf(gatsby): cache babel config items gatsbyjs/gatsby#28738)
a60e92f chore(release): Publish next
dd9e95c docs(gatsby-plugin-image): Note on tracedSVG options name change (docs(gatsby-plugin-image): Note on tracedSVG options name change gatsbyjs/gatsby#30736)
a5869e3 fix(gatsby-plugin-image): Use bare GATSBY___IMAGE global (fix(gatsby-plugin-image): Use bare GATSBY___IMAGE global gatsbyjs/gatsby#30713)
0f3fa4e fix(contentful): make gatsby-plugin-image a peer dependency (fix(contentful): make gatsby-plugin-image a peer dependency gatsbyjs/gatsby#30709)
6b2fd94 fix(gatsby-source-wordpress): pass missing property helpers to gql fetch util (fix(gatsby-source-wordpress): pass missing property "helpers" to gql fetch util gatsbyjs/gatsby#30727)
c6fa488 chore(docs): Update wording of tutorial part 8 (chore(docs): Update wording of tutorial part 8 gatsbyjs/gatsby#30606)
a777367 fix(gatsby-cli): Update docs links in error-map (fix(gatsby-cli): Update docs links in error-map gatsbyjs/gatsby#30493)
c473abf chore(docs): include autoprefixer in tailwind install command (chore(docs): include autoprefixer in tailwind install command gatsbyjs/gatsby#30718)

See the full diff

Package name: gatsby-transformer-remark

The new version differs by 250 commits.

e98cb62 chore(release): Publish
164f9a1 fix(gatsby-source-contentful): De-dupe type names (fix(gatsby-source-contentful): De-dupe type names gatsbyjs/gatsby#30834) (fix(gatsby-source-contentful): De-dupe type names (#30834) gatsbyjs/gatsby#30850)
0b99d00 fix(gatsby): webpack warnings are no longer in object format by default (fix(gatsby): webpack warnings are no longer in object format by default gatsbyjs/gatsby#30801) (fix(gatsby): webpack warnings are no longer in object format by default (#30801) gatsbyjs/gatsby#30853)
f561724 fix(gatsby): lower memory pressure in SSR (fix(gatsby): lower memory pressure in SSR gatsbyjs/gatsby#30793) (fix(gatsby): lower memory pressure in SSR (#30793) gatsbyjs/gatsby#30851)
96805d5 fix(gatsby-source-wordpress): change `console.warning` to `console.warn` (fix(gatsby-source-wordpress): error when sourcing nodes, change console.warning to console.warn gatsbyjs/gatsby#30764) (fix(gatsby-source-wordpress): change console.warning to console.warn (#30764) gatsbyjs/gatsby#30852)
e40c83d chore(release): Publish next
a5b5cf8 feat: upgrade to remark 13 (feat: upgrade to remark 13 gatsbyjs/gatsby#29678)
172cf4d chore(docs): Add link to perf implications siteContext (chore(docs): Add link to perf implications siteContext gatsbyjs/gatsby#30778)
4336d04 fix(gatsby-plugin-gatsby-cloud): Add missing index.js (so the plugin can be resolved in workspaces) (fix(gatsby-plugin-gatsby-cloud): Add missing index.js (so the plugin can be resolved in workspaces) gatsbyjs/gatsby#30761)
2bdd5a5 fix(gatsby-source-wordpress): only log out duplicate node if we have all the data we want to log (fix(gatsby-source-wordpress): only log out duplicate nodes if we have all the data we want to log gatsbyjs/gatsby#30751)
1a9b830 fix(gatsby-plugin-image): Don't inherit all img styles (fix(gatsby-plugin-image): Allow draggable=false on images gatsbyjs/gatsby#30754)
e0df4cc chore(docs): Change "whitelist" to "allow list" (chore(docs): Change "whitelist" to "allow list" gatsbyjs/gatsby#30756)
81ec270 chore: Add backport script (chore: Add backport script gatsbyjs/gatsby#30732)
63cc8fa fix(docs): Copy edits for debugging html doc + add React-specific example (fix(docs): Copy edits for debugging html doc + add React-specific example gatsbyjs/gatsby#30745)
eed1d43 fix(docs): Add link to how to enable DEV_SSR for fixing inconsistent css styles between dev/prod (fix(docs): Add link to how to enable DEV_SSR for fixing inconsistent css styles between dev/prod gatsbyjs/gatsby#30746)
ecd823f perf(gatsby): cache babel config items (perf(gatsby): cache babel config items gatsbyjs/gatsby#28738)
a60e92f chore(release): Publish next
dd9e95c docs(gatsby-plugin-image): Note on tracedSVG options name change (docs(gatsby-plugin-image): Note on tracedSVG options name change gatsbyjs/gatsby#30736)
a5869e3 fix(gatsby-plugin-image): Use bare GATSBY___IMAGE global (fix(gatsby-plugin-image): Use bare GATSBY___IMAGE global gatsbyjs/gatsby#30713)
0f3fa4e fix(contentful): make gatsby-plugin-image a peer dependency (fix(contentful): make gatsby-plugin-image a peer dependency gatsbyjs/gatsby#30709)
6b2fd94 fix(gatsby-source-wordpress): pass missing property helpers to gql fetch util (fix(gatsby-source-wordpress): pass missing property "helpers" to gql fetch util gatsbyjs/gatsby#30727)
c6fa488 chore(docs): Update wording of tutorial part 8 (chore(docs): Update wording of tutorial part 8 gatsbyjs/gatsby#30606)
a777367 fix(gatsby-cli): Update docs links in error-map (fix(gatsby-cli): Update docs links in error-map gatsbyjs/gatsby#30493)
c473abf chore(docs): include autoprefixer in tailwind install command (chore(docs): include autoprefixer in tailwind install command gatsbyjs/gatsby#30718)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Regular Expression Denial of Service (ReDoS)
🦉 Denial of Service (DoS)
🦉 More lessons are available in Snyk Learn


          fix: benchmarks/markdown_id/package.json to reduce vulnerabilities

1c1a211

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-ANSIHTML-1296849
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-ENGINEIO-3136336
- https://snyk.io/vuln/SNYK-JS-GLOBPARENT-1016905
- https://snyk.io/vuln/SNYK-JS-GOT-2932019
- https://snyk.io/vuln/SNYK-JS-HTTPCACHESEMANTICS-3248783
- https://snyk.io/vuln/SNYK-JS-MINIMATCH-3050818
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2330875
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2331908
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430337
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430339
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-2430341
- https://snyk.io/vuln/SNYK-JS-NTHCHECK-1586032
- https://snyk.io/vuln/SNYK-JS-PARSEPATH-2936439
- https://snyk.io/vuln/SNYK-JS-PARSEURL-3023021
- https://snyk.io/vuln/SNYK-JS-PARSEURL-3024398
- https://snyk.io/vuln/SNYK-JS-POSTCSS-1255640
- https://snyk.io/vuln/SNYK-JS-REACTDEVUTILS-1083268
- https://snyk.io/vuln/SNYK-JS-SHELLQUOTE-1766506

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet