[Snyk] Fix for 30 vulnerabilities

[mansong1]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • docs/package.json
  • docs/package-lock.json
  • docs/.snyk

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept
	344/1000 Why? Has a fix available, CVSS 2.6	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2396346	No	No Known Exploit
	608/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 4.3	Information Exposure SNYK-JS-GATSBY-5671647	Yes	Proof of Concept
	608/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 4.3	Information Exposure SNYK-JS-GATSBYCLI-5671903	Yes	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Deserialization of Untrusted Data SNYK-JS-GATSBYPLUGINMDX-2405699	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HTTPCACHESEMANTICS-3248783	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-MERMAID-2936793	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MINIMATCH-3050818	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-PARSEURL-3023021	Yes	Proof of Concept
	571/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5	Improper Input Validation SNYK-JS-PARSEURL-3024398	Yes	Proof of Concept
	399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-POLISHED-1298071	No	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Command Injection SNYK-JS-REACTDEVUTILS-1083268	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Validation Bypass SNYK-JS-SANITIZEHTML-1070780	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Access Restriction Bypass SNYK-JS-SANITIZEHTML-1070786	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SANITIZEHTML-2957526	Yes	No Known Exploit
	684/1000 Why? Has a fix available, CVSS 9.4	Arbitrary Code Execution SNYK-JS-SANITIZEHTML-585892	Yes	No Known Exploit
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	539/1000 Why? Has a fix available, CVSS 6.5	Remote Code Execution (RCE) SNYK-JS-SHARP-2848109	Yes	No Known Exploit
	619/1000 Why? Has a fix available, CVSS 8.1	Remote Code Execution (RCE) SNYK-JS-SHELLQUOTE-1766506	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-TRIM-1017038	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @mdx-js/mdx

The new version differs by 30 commits.

• bf7deab v2.0.0-next.5
• 5c15a00 fix(remark-mdx): move remark-stringify to deps (ERRO Running error: buildir: analysis skipped: errors in package golangci/golangci-lint#1190)
• f59b174 Make type test run in their own action, closes avoid halting, instead check compilation errors golangci/golangci-lint#1172 (Add Noctx golangci/golangci-lint#1179)
• 9ac9755 docs(typescript): document how to use mdx 2 with typescript (Add go-header linter golangci/golangci-lint#1181)
• 42077e4 ci(github): update github actions to latest versions (Add goheader linter golangci/golangci-lint#1180)
• cc95646 ci(github): update github actions and dtslint to latest (Use path exclude rules on absolute paths instead of relative paths golangci/golangci-lint#1178)
• 6098d94 Remove deprecated plugin options, fixes Whitelist regexp and fmt.Errorf global vars golangci/golangci-lint#718 (build(deps): bump github.com/stretchr/testify from 1.5.1 to 1.6.0 golangci/golangci-lint#1174)
• 0da2fcf Specify pre-dist-tag
• e1b45e3 v2.0.0-next.4
• 649dbd8 Implement inline link serialization that doesn't wrap them in angle (Update not found url in new-linters.mdx golangci/golangci-lint#1171)
• d08c5b6 Make testing matrix simpler (build(deps): bump github.com/sourcegraph/go-diff from 0.5.2 to 0.5.3 golangci/golangci-lint#1173)
• d0059c8 v2.0.0-next.3
• fa091d2 v2.0.0-next.2
• 7829b88 Move publish to its own action
• afd60c2 Break out linting into its own action
• 3ca8e0a Fix linting (handle some block comment to detect generated files golangci/golangci-lint#1161)
• 577d48f Fix some linting
• db93304 Improve export name extraction for shortcode generation (dev: fix Windows asset name golangci/golangci-lint#1160)
• ea9970a Bump deps, fix core-js version in babel configs
• 166fd9d v2.0.0-next.1
• 569f82f Make preid next to match dist tag
• a3d8f08 types: add types to test utils (Improve generated files detection golangci/golangci-lint#1083)
• e2eb4ee types: add typescript typings for remark-mdx, remark-mdx-remove-exports, remark-mdx-remove-imports, @ mdx-js/util (Godot removes comments not ending with dot when fix option is used golangci/golangci-lint#1082)
• 65af47c Break three main tests into their own scripts

See the full diff

Package name: gatsby

The new version differs by 250 commits.

• 0c6cd61 chore(release): Publish
• 5e8e621 chore: Update main README (#36954)
• 7130cd4 test(gatsby): Slices API integration tests (#36747)
• 6496eed chore(release): Publish next
• bc7ac84 chore: preserve previous webpack stats derived values, even if we restart webpack itself (#36980)
• 2b5af32 fix: drop `__renderedByLocation` prop when calculating slice props hashes and don't expose it to slice component (#36979)
• cc1ee9b chore(release): Publish next
• 6a53861 chore(gatsby-link): Correct type export (#36968)
• 0ad6314 fix(gatsby-graphiql-explorer): Use upstream exporter package (#36966)
• 964265c chore(release): Publish next
• b624442 chore: Update peerDeps (#36965)
• b2ab092 chore(release): Publish next
• e2a14bf feat(gatsby): Slices <> partial hydration interop (#36960)
• 0083e62 fix(deps): update starters and examples gatsby packages to ^4.24.7 (#36957)
• 68e9cab chore(changelogs): update changelogs (#36958)
• b9eb8d2 chore(deps): update dependency autoprefixer to ^10.4.13 for gatsby-plugin-sass (#36934)
• 58c37ea chore(deps): update dependency @ jridgewell/trace-mapping to ^0.3.17 for gatsby-legacy-polyfills (#36933)
• a5e4c47 fix(deps): update dependency body-parser to ^1.20.1 for gatsby-source-drupal (#36940)
• c86aa7e chore(docs): Add clarification for Pro Tip on Part 4 of tutorial (#36918)
• d5c775a feat(gatsby): handle graphql-import-node bundling (#36951)
• 59e2976 feat(gatsby-remark-embed-snippet): added csproj to language map so it will be recognized as xml (#36919)
• c8a7dda chore(docs): Valhalla Content Hub Reference Guide (#36949)
• 3044280 fix(gatsby): stitch slices if just page html was regenerating without any of used slices regenerating (#36950)
• 10abdcb chore(release): Publish next

See the full diff

Package name: gatsby-plugin-google-analytics

The new version differs by 250 commits.

• 2cfb64b chore(release): Publish
• c132f2d feat(gatsby-plugin-google-gtag): Add `delayOnRouteUpdate` option (#37017)
• 3032a1b fix(gatsby): Use xstate `predictableActionArguments` & update to 4.34 (#36342)
• aca64b7 chore: Add constraints to renovate (#37047)
• f94db78 fix(gatsby-transformer-csv): Fix high memory consumption (#36610)
• f158930 test: e2e tests for Slices API (#36746)
• 9d67c13 chore(docs): Google Analytics: use gtag.js plugin (#36984)
• 8569655 chore(gatsby-plugin-google-analytics): Update `minimatch` (#37029)
• 086c862 fix(gatsby-core-utils): decode uri-encode filename for remote file (#35637)
• ccf56d5 chore: Add npm "engines" (#37046)
• 5772595 fix(gatsby-source-wordpress) pass store for auth (#37006)
• c411d69 chore(docs): Add `--` to quick start flags (#37041)
• 2a06fff chore(docs): Deployment Updates & Cleanup (#37038)
• 0fb0390 chore: Repository Cleanup (#37035)
• 88b9dc5 chore(gatsby-source-wordpress): remove runApisInSteps and call runApiSteps for each gatsby-node api (#37039)
• b69709c build: include e2e tests in renovate config (#37005)
• 8fc95f5 chore(docs): Clarify language in v4 to v5 migration guide (#37007)
• 1cfd9b8 chore(e2e-tests): Wait for route change on back/forward (#37033)
• 4842417 chore(docs): Add IE 11 note to v2 to v3 migration guide (#37022)
• 19dd1c4 fix(graphiql-explorer): Adjust env var truthiness logic (#37032)
• 57b37ae chore(changelogs): update changelogs (#37030)
• 58197a0 fix(docs): update forEach to use map (#37008)
• 3a4d333 chore: migrate from express-graphql to graphql-http (#37001)
• 5766694 chore(docs): Add overview video to release notes (+ other misc) (#37003)

See the full diff

Package name: gatsby-plugin-manifest

The new version differs by 250 commits.

• f6734b9 chore(release): Publish
• 9a616c0 fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY (#34853) (#34896)
• f5705b9 fix(create-gatsby): Add required deps for theme-ui option (#34885) (#34897)
• 9a579f1 fix(gatsby-core-utils): fix 304 when file does not exists (#34842) (#34888)
• 148d016 fix(gatsby): Remove double enhanced-resolve dep (#34854) (#34889)
• 19b0304 feat(gatsby-core-utils): improve fetch-remote-file (#34758)
• ac1d777 fix(gatsby-source-contentful): avoid confusion of Gatsby node and Contentful node count in logs (#34830)
• ee8c874 refactor(gatsby-source-contentful): remove unnecessary check for existing node (#34829)
• 056b48e test(gatsby): Add a memory test suite command to the memory benchmark (#34810)
• 45cb1f1 chore(release): Publish next
• 4c832bf documentation: Add Third Party Schema (#34820)
• 9f23dec chore(gatsby): cache shouldn't reference nodes strongly (#34821)
• f2d4830 feat(gatsby-core-utils): create proper mutex (#34761)
• 21ef185 chore(changelogs): update changelogs (#34826)
• a2f99af fix(deps): update starters and examples gatsby packages to ^4.7.2 (#34822)
• 76c89d8 chore(release): Publish next
• 54d29c4 chore(gatsby): upgrade from lmdb-store to lmdb (#34576)
• 3df8583 fix(core): Make filter/sort query only hold onto node properties it needs (#34747)
• 3c3362b refactor(core): Make load plugins modular, prepare for TS (#34813)
• 3d74584 feat(gatsby): allow referencing derived types in schema customization (#34787)
• bfd04d3 fix(gatsby): Content Sync DSG bug (#34799)
• 326a483 fix(deps): update dependency sharp to ^0.30.1 (#34755)
• 7b958f9 docs: update typo Forestry (#34805)
• ba8e21c feat(gatsby): Match node manifest pages by page context slug (#34790)

See the full diff

Package name: gatsby-plugin-mdx

The new version differs by 250 commits.

• b8eac2d chore(release): Publish
• 3253a38 fix(gatsby-plugin-mdx): Hashing and pluginOptions (#36387) (#36395)
• 1880491 fix(gatsby-script): Reach router import (#36385) (#36394)
• f664ad2 feat(gatsby): Telemetry tracking for Head API (#36352)
• ab55e4e chore: Update `got` (#36366)
• 2b4ff76 fix(gatsby): Make runtime error overlay work in non-v8 browsers (#36365)
• f990e08 fix(test): clear and close lmdb after each test suite (#36343)
• 7fcf580 fix(gatsby): e.remove() is not a function when using Gatsby Head API (#36338)
• 25fb9d1 chore: Fix pipeline tests (#36363)
• a9132a5 chore(deps): update sharp (#35539)
• bc80c23 chore: Add note about rehype-slug-custom-id
• 5b6f1f6 chore(gatsby): upgrade multer (#36359)
• f2f0acf chore(gatsby-telemetry): upgrade git-up (#36358)
• 86a8efc chore(release): Publish next
• 0705ac7 chore(gatsby-plugin-mdx): Update .gitignore
• c92db36 BREAKING CHANGE(gatsby-plugin-mdx): MDX v2 (#35650)
• 3c0dd6d chore(release): Publish next
• 86b6ee9 Revert "chore(gatsby): Make `plugins` in `PluginOptions` type optional (#36351)"
• a2fa5a2 chore(gatsby): Make `plugins` in `PluginOptions` type optional (#36351)
• 6ecfe4a fix(gatsby-source-contentful): Correctly overwrite field type on Assets (#36337)
• 0ed362c chore(docs): Pre-encoded unicode characters can't be used in paths (#36325)
• 2bbe96d fix(deps): update dependency file-type to ^16.5.4 for gatsby-source-filesystem (#36276)
• 2be3fa7 chore(docs): Add first batch of Cloud docs (#36218)
• 4238142 chore(docs): Remove outdated examples and recipes (#36335)

See the full diff

Package name: gatsby-plugin-sharp

The new version differs by 250 commits.

• f6734b9 chore(release): Publish
• 9a616c0 fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY (#34853) (#34896)
• f5705b9 fix(create-gatsby): Add required deps for theme-ui option (#34885) (#34897)
• 9a579f1 fix(gatsby-core-utils): fix 304 when file does not exists (#34842) (#34888)
• 148d016 fix(gatsby): Remove double enhanced-resolve dep (#34854) (#34889)
• 19b0304 feat(gatsby-core-utils): improve fetch-remote-file (#34758)
• ac1d777 fix(gatsby-source-contentful): avoid confusion of Gatsby node and Contentful node count in logs (#34830)
• ee8c874 refactor(gatsby-source-contentful): remove unnecessary check for existing node (#34829)
• 056b48e test(gatsby): Add a memory test suite command to the memory benchmark (#34810)
• 45cb1f1 chore(release): Publish next
• 4c832bf documentation: Add Third Party Schema (#34820)
• 9f23dec chore(gatsby): cache shouldn't reference nodes strongly (#34821)
• f2d4830 feat(gatsby-core-utils): create proper mutex (#34761)
• 21ef185 chore(changelogs): update changelogs (#34826)
• a2f99af fix(deps): update starters and examples gatsby packages to ^4.7.2 (#34822)
• 76c89d8 chore(release): Publish next
• 54d29c4 chore(gatsby): upgrade from lmdb-store to lmdb (#34576)
• 3df8583 fix(core): Make filter/sort query only hold onto node properties it needs (#34747)
• 3c3362b refactor(core): Make load plugins modular, prepare for TS (#34813)
• 3d74584 feat(gatsby): allow referencing derived types in schema customization (#34787)
• bfd04d3 fix(gatsby): Content Sync DSG bug (#34799)
• 326a483 fix(deps): update dependency sharp to ^0.30.1 (#34755)
• 7b958f9 docs: update typo Forestry (#34805)
• ba8e21c feat(gatsby): Match node manifest pages by page context slug (#34790)

See the full diff

Package name: gatsby-remark-images

The new version differs by 250 commits.

• e98cb62 chore(release): Publish
• 164f9a1 fix(gatsby-source-contentful): De-dupe type names (#30834) (#30850)
• 0b99d00 fix(gatsby): webpack warnings are no longer in object format by default (#30801) (#30853)
• f561724 fix(gatsby): lower memory pressure in SSR (#30793) (#30851)
• 96805d5 fix(gatsby-source-wordpress): change `console.warning` to `console.warn` (#30764) (#30852)
• e40c83d chore(release): Publish next
• a5b5cf8 feat: upgrade to remark 13 (#29678)
• 172cf4d chore(docs): Add link to perf implications siteContext (#30778)
• 4336d04 fix(gatsby-plugin-gatsby-cloud): Add missing index.js (so the plugin can be resolved in workspaces) (#30761)
• 2bdd5a5 fix(gatsby-source-wordpress): only log out duplicate node if we have all the data we want to log (#30751)
• 1a9b830 fix(gatsby-plugin-image): Don't inherit all img styles (#30754)
• e0df4cc chore(docs): Change "whitelist" to "allow list" (#30756)
• 81ec270 chore: Add backport script (#30732)
• 63cc8fa fix(docs): Copy edits for debugging html doc + add React-specific example (#30745)
• eed1d43 fix(docs): Add link to how to enable DEV_SSR for fixing inconsistent css styles between dev/prod (#30746)
• ecd823f perf(gatsby): cache babel config items (#28738)
• a60e92f chore(release): Publish next
• dd9e95c docs(gatsby-plugin-image): Note on tracedSVG options name change (#30736)
• a5869e3 fix(gatsby-plugin-image): Use bare GATSBY___IMAGE global (#30713)
• 0f3fa4e fix(contentful): make gatsby-plugin-image a peer dependency (#30709)
• 6b2fd94 fix(gatsby-source-wordpress): pass missing property helpers to gql fetch util (#30727)
• c6fa488 chore(docs): Update wording of tutorial part 8 (#30606)
• a777367 fix(gatsby-cli): Update docs links in error-map (#30493)
• c473abf chore(docs): include autoprefixer in tailwind install command (#30718)

See the full diff

Package name: gatsby-transformer-remark

The new version differs by 250 commits.

• 0c6cd61 chore(release): Publish
• 5e8e621 chore: Update main README (#36954)
• 7130cd4 test(gatsby): Slices API integration tests (#36747)
• 6496eed chore(release): Publish next
• bc7ac84 chore: preserve previous webpack stats derived values, even if we restart webpack itself (#36980)
• 2b5af32 fix: drop `__renderedByLocation` prop when calculating slice props hashes and don't expose it to slice component (#36979)
• cc1ee9b chore(release): Publish next
• 6a53861 chore(gatsby-link): Correct type export (#36968)
• 0ad6314 fix(gatsby-graphiql-explorer): Use upstream exporter package (#36966)
• 964265c chore(release): Publish next
• b624442 chore: Update peerDeps (#36965)
• b2ab092 chore(release): Publish next
• e2a14bf feat(gatsby): Slices <> partial hydration interop (#36960)
• 0083e62 fix(deps): update starters and examples gatsby packages to ^4.24.7 (#36957)
• 68e9cab chore(changelogs): update changelogs (#36958)
• b9eb8d2 chore(deps): update dependency autoprefixer to ^10.4.13 for gatsby-plugin-sass (#36934)
• 58c37ea chore(deps): update dependency @ jridgewell/trace-mapping to ^0.3.17 for gatsby-legacy-polyfills (#36933)
• a5e4c47 fix(deps): update dependency body-parser to ^1.20.1 for gatsby-source-drupal (#36940)
• c86aa7e chore(docs): Add clarification for Pro Tip on Part 4 of tutorial (#36918)
• d5c775a feat(gatsby): handle graphql-import-node bundling (#36951)
• 59e2976 feat(gatsby-remark-embed-snippet): added csproj to language map so it will be recognized as xml (#36919)
• c8a7dda chore(docs): Valhalla Content Hub Reference Guide (#36949)
• 3044280 fix(gatsby): stitch slices if just page html was regenerating without any of used slices regenerating (#36950)
• 10abdcb chore(release): Publish next

See the full diff

Package name: gatsby-transformer-sharp

The new version differs by 250 commits.

• f6734b9 chore(release): Publish
• 9a616c0 fix(gatsby): wait for LMDB upserts to finish before emitting ENGINES_READY (#34853) (#34896)
• f5705b9 fix(create-gatsby): Add required deps for theme-ui option (#34885) (#34897)
• 9a579f1 fix(gatsby-core-utils): fix 304 when file does not exists (#34842) (#34888)
• 148d016 fix(gatsby): Remove double enhanced-resolve dep (#34854) (#34889)
• 19b0304 feat(gatsby-core-utils): improve fetch-remote-file (#34758)
• ac1d777 fix(gatsby-source-contentful): avoid confusion of Gatsby node and Contentful node count in logs (#34830)
• ee8c874 refactor(gatsby-source-contentful): remove unnecessary check for existing node (#34829)
• 056b48e test(gatsby): Add a memory test suite command to the memory benchmark (#34810)
• 45cb1f1 chore(release): Publish next
• 4c832bf documentation: Add Third Party Schema (#34820)
• 9f23dec chore(gatsby): cache shouldn't reference nodes strongly (#34821)
• f2d4830 feat(gatsby-core-utils): create proper mutex (#34761)
• 21ef185 chore(changelogs): update changelogs (#34826)
• a2f99af fix(deps): update starters and examples gatsby packages to ^4.7.2 (#34822)
• 76c89d8 chore(release): Publish next
• 54d29c4 chore(gatsby): upgrade from lmdb-store to lmdb (#34576)
• 3df8583 fix(core): Make filter/sort query only hold onto node properties it needs (#34747)
• 3c3362b refactor(core): Make load plugins modular, prepare for TS (#34813)
• 3d74584 feat(gatsby): allow referencing derived types in schema customization (#34787)
• bfd04d3 fix(gatsby): Content Sync DSG bug (#34799)
• 326a483 fix(deps): update dependency sharp to ^0.30.1 (#34755)
• 7b958f9 docs: update typo Forestry (#34805)
• ba8e21c feat(gatsby): Match node manifest pages by page context slug (#34790)

See the full diff

Package name: gatsby-transformer-yaml

The new version differs by 250 commits.

• ed73e4d chore(release): Publish
• 3b1b6a5 fix(gatsby): Use windows import helper for validate (#37520) (#37522)
• 000e23e feat(gatsby): add initial webhook body env var to bootstrap context (#37478)
• 0017375 fix(gatsby): pass serverData to Head (#37500)
• e7e5cb4 fix(gatsby-react-router-scroll): fix issues with anchor links (#37498)
• fe65c29 feat(gatsby): Allow `<html>` and `<body>` attributes to be updated from `Head` (#37449)
• e4f841f chore(docs): Improve v5 migration guide around MDX (#37485)
• 48d4069 fix(gatsby-source-wordpress): fix preview issues (#37492)
• c288dd5 fix(deps): update starters and examples gatsby packages to ^5.4.2 (#37488)
• 88dc3b6 chore(docs): Update headless CMS
• 16685a6 chore(gatsby-source-filesystem): Improve README (#37480)
• 8a718e3 chore(changelogs): update changelogs (#37482)
• f8f084a chore(release): Publish next
• df58891 feat(gatsby-source-filesystem): Only generate hashes when a file has changed, and add an option for skipping hashing (#37464)
• 949132b fix(gatsby): nodeModel.findAll supports v5 sort argument structure (#37477)
• 87487ba chore(docs): Adds Kinsta Application hosting to other services (#37476)
• df27ff4 feat(gatsby-core-utils): Add hashing methods from `hash-wasm` (#37433)
• 2b24aec fix(deps): update starters and examples gatsby packages to ^5.4.1 (#37469)
• 6e215d4 chore(changelogs): update changelogs (#37473)
• 8763e01 docs: fix v5 release notes slice example (#37465)
• 4a721df fix(gatsby): Check rawPath in loadPage (#37451)
• 3ef4f44 fix(gatsby): Use correct settings for yaml-loader (#37454)
• 76f979c fix(gatsby-source-contentful): maintain back reference map between runs (#37442)
• c57c060 fix(gatsby): pluginOptionsSchema in local TS plugin (#37443)

See the full diff

With a Snyk patch:

Severity	Priority Score (*)	Issue	Exploit Maturity
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[//]: # (snyk:metadata:{"prId":"e2e6c859-b957-4f75-aacf-29b016edc148","prPublicId":"e2e6c859-b957-4f75-aacf-29b016edc148","dependencies":[{"name":"@mdx-js/mdx","from":"1.6.18","to":"2.0.0"},{"name":"gatsby","from":"2.24.65","to":"5.0.0"},{"name":"gatsby-plugin-google-analytics","from":"2.3.14","to":"5.1.0"},{"name":"gatsby-plugin-manifest","from":"2.4.27","to":"4.8.0"},{"name":"gatsby-plugin-mdx","from":"1.2.43","to":"4.0.0"},{"name":"gatsby-plugin-sharp","from":"2.6.40","to":"4.8.0"},{"name":"gatsby-remark-images","from":"3.6.0","to":"5.0.0"},{"name":"gatsby-remark-mermaid","from":"2.1.0","to":"3.0.0"},{"name":"gatsby-transformer-remark","from":"2.8.28","to":"6.0.0"},{"name":"gatsby-transformer-sharp","from":"2.5.15","to":"4.8.0"},{"name":"gatsby-transformer-yaml","from":"2.4.11","to":"5.5.0"},{"name":"polished","from":"4.0.3","to":"4.1.3"}],"packageManager":"npm","projectPublicId":"8acf9e7a-37a9-4fbe-abe7-f1d30381329c","projectUrl":"https://app.snyk.io/org/mansong1/project/8acf9e7a-37a9-4fbe-abe7-f1d30381329c?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":["SNYK-JS-LODASH-567746"],"vulns":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-AXIOS-1038255","SNYK-JS-AXIOS-1579269","SNYK-JS-ENGINEIO-1056749","SNYK-JS-FOLLOWREDIRECTS-2332181","SNYK-JS-FOLLOWREDIRECTS-2396346","SNYK-JS-GATSBY-5671647","SNYK-JS-GATSBYCLI-5671903","SNYK-JS-GATSBYPLUGINMDX-2405699","SNYK-JS-HTTPCACHESEMANTICS-3248783","SNYK-JS-LODASH-567746","SNYK-JS-MERMAID-2936793","SNYK-JS-MINIMATCH-3050818","SNYK-JS-NTHCHECK-1586032","SNYK-JS-PARSEURL-3023021","SNYK-JS-PARSEURL-3024398","SNYK-JS-POLISHED-1298071","SNYK-JS-POSTCSS-1255640","SNYK-JS-REACTDEVUTILS-1083268","SNYK-JS-SANITIZEHTML-1070780","SNYK-JS-SANITIZEHTML-1070786","SNYK-JS-SANITIZEHTML-2957526","SNYK-JS-SANITIZEHTML-585892","SNYK-JS-SEMVER-3247795","SNYK-JS-SHARP-2848109","SNYK-JS-SHELLQUOTE-1766506","SNYK-JS-TRIM-1017038","SNYK-JS-WS-1296835","SNYK-JS-XMLHTTPREQUESTSSL-1082936","SNYK-JS-XMLHTTPREQUESTSSL-1255647"],"upgrade":["SNYK-JS-ANSIREGEX-1583908","SNYK-JS-AXIOS-1038255","SNYK-JS-AXIOS-1579269","SNYK-JS-ENGINEIO-1056749","SNYK-JS-FOLLOWREDIRECTS-2332181","SNYK-JS-FOLLOWREDIRECTS-2396346","SNYK-JS-GATSBY-5671647","SNYK-JS-GATSBYCLI-5671903","SNYK-JS-GATSBYPLUGINMDX-2405699","SNYK-JS-HTTPCACHESEMANTICS-3248783","SNYK-JS-MERMAID-2936793","SNYK-JS-MINIMATCH-3050818","SNYK-JS-NTHCHECK-1586032","SNYK-JS-PARSEURL-3023021","SNYK-JS-PARSEURL-3024398","SNYK-JS-POLISHED-1298071","SNYK-JS-POSTCSS-1255640","SNYK-JS-REACTDEVUTILS-1083268","SNYK-JS-SANITIZEHTML-1070780","SNYK-JS-SANITIZEHTML-1070786","SNYK-JS-SANITIZEHTML-2957526","SNYK-JS-SANITIZEHTML-585892","SNYK-JS-SEMVER-3247795","SNYK-JS-SHARP-2848109","SNYK-JS-SHELLQUOTE-1766506","SNYK-JS-TRIM-1017038","SNYK-JS-WS-1296835","SNYK-JS-XMLHTTPREQUESTSSL-1082936","SNYK-JS-XMLHTTPREQUESTSSL-1255647"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["priorityScore"],"priorityScoreList":[696,616,696,696,586,344,608,608,726,586,731,586,479,696,646,571,399,586,601,646,539,479,684,658,539,619,696,586,726,686],"remediatio...