[Snyk] Fix for 59 vulnerabilities #1

snyk-bot · 2022-01-17T14:26:27Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
Adding or updating a Snyk policy (.snyk) file; this file is required in order to apply Snyk vulnerability patches.
Find out more.

Vulnerabilities that will be fixed

With an upgrade:

Priority Score (*)	Issue	Breaking Change	Exploit Maturity
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	Yes	Proof of Concept
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESS-557358	Yes	Proof of Concept
811/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 9.8	Arbitrary Code Execution SNYK-JS-FRONTMATTER-569103	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
504/1000 Why? Has a fix available, CVSS 5.8	Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	No	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	Yes	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1085627	Yes	Proof of Concept
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-ISSVG-1243891	Yes	Proof of Concept
509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-JSYAML-173999	Yes	No Known Exploit
619/1000 Why? Has a fix available, CVSS 8.1	Arbitrary Code Execution SNYK-JS-JSYAML-174129	Yes	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-450202	No	Proof of Concept
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	No	No Known Exploit
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	No	Proof of Concept
686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-73638	No	Proof of Concept
541/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.4	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-73639	No	Proof of Concept
551/1000 Why? Recently disclosed, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNIT-2331914	Yes	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-MARKDOWNIT-459438	Yes	Proof of Concept
520/1000 Why? Has a fix available, CVSS 5.9	Denial of Service SNYK-JS-NODEFETCH-674311	Yes	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Improper Certificate Validation SNYK-JS-NODESASS-1059081	Yes	No Known Exploit
550/1000 Why? Has a fix available, CVSS 6.5	Out-of-bounds Read SNYK-JS-NODESASS-535499	Yes	No Known Exploit
726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Out-of-bounds Read SNYK-JS-NODESASS-535501	Yes	Proof of Concept
600/1000 Why? Has a fix available, CVSS 7.5	Uncontrolled Recursion SNYK-JS-NODESASS-535503	Yes	No Known Exploit
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Resource Exhaustion SNYK-JS-NODESASS-535504	Yes	Proof of Concept
761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-535505	Yes	Proof of Concept
589/1000 Why? Has a fix available, CVSS 7.5	Uncontrolled Recursion SNYK-JS-NODESASS-540960	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Out-of-bounds Read SNYK-JS-NODESASS-540962	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Improper Input Validation SNYK-JS-NODESASS-540966	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Improper Input Validation SNYK-JS-NODESASS-540968	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Uncontrolled Recursion SNYK-JS-NODESASS-540970	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Out-of-bounds Read SNYK-JS-NODESASS-540972	Yes	No Known Exploit
761/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.8	NULL Pointer Dereference SNYK-JS-NODESASS-540974	Yes	Proof of Concept
646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Denial of Service (DoS) SNYK-JS-NODESASS-540982	Yes	Proof of Concept
539/1000 Why? Has a fix available, CVSS 6.5	Out-of-bounds Read SNYK-JS-NODESASS-540984	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Out-of-bounds Read SNYK-JS-NODESASS-540986	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-NODESASS-540988	Yes	No Known Exploit
509/1000 Why? Has a fix available, CVSS 5.9	Denial of Service (DoS) SNYK-JS-NODESASS-542662	Yes	No Known Exploit
586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536528	Yes	No Known Exploit
624/1000 Why? Has a fix available, CVSS 8.2	Arbitrary File Overwrite SNYK-JS-TAR-1536531	Yes	No Known Exploit
410/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) SNYK-JS-TAR-1536758	Yes	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579147	Yes	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579152	Yes	No Known Exploit
639/1000 Why? Has a fix available, CVSS 8.5	Arbitrary File Write SNYK-JS-TAR-1579155	Yes	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No	No Known Exploit
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	No	Proof of Concept
399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No	No Known Exploit
399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:moment:20170905	No	No Known Exploit
399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No	No Known Exploit
576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: boom

The new version differs by 22 commits.

47f4e48 version 3.1.3
eaef185 Merge pull request Sass/SCSS Integration gatsbyjs/gatsby#110 from hapijs/travis
301b7b9 Updates for node 6
18e27fd Added node 6.
7040bf8 version 3.2.1
345ab94 Merge pull request Pass --watch to gatsby develop gatsbyjs/gatsby#97 from gergoerdosi/quotes
4338bf7 Merge pull request gatsby -v not working gatsbyjs/gatsby#98 from gergoerdosi/travis-badge
4c238cb Use svg badge
5739af4 Use quotes instead of backticks
d455050 version 3.1.1
6f0041d Merge pull request Make static builds deterministic by constant reactid's gatsbyjs/gatsby#95 from hapijs/proto
269ff01 Changed prototype logic.
3af172b version 3.1.0
f51f2ee Cleanup for 254593fd1d09e79049692675a4f9b7b5108b36d8
ca3aac4 Merge pull request [WIP] postcss, css-modules and file-loading/hashing in css gatsbyjs/gatsby#91 from hapijs/code-451
254593f Add new 451 Unavailable For Legal Reasons
03fc3c4 Merge pull request TASK: Update demo sites to latest version and use link helper function gatsbyjs/gatsby#89 from hapijs/toc
005a398 Autogenerate table of contents. Closes Sass support? gatsbyjs/gatsby#86.
f81417c Merge pull request docs(readme): update slack badge to discord gatsbyjs/gatsby#85 from mtharrison/master
ea08443 Fixed typo in README schema => scheme
9a71a86 Merge pull request Cannot import CSS into html component when serving site as Node.js doesn't understand Webpack module types gatsbyjs/gatsby#83 from hapijs/es6
dbcbee5 es6 style. Closes [email protected] untested ⚠️ gatsbyjs/gatsby#77

See the full diff

Package name: css-loader

The new version differs by 191 commits.

634ab49 chore(release): 2.0.0
6ade2d0 refactor: remove unused file (add a new site starter named guoliim blog starter in README.md gatsbyjs/gatsby#860)
e7525c9 test: nested url ([1.0] Debugging Gatsby gatsbyjs/gatsby#859)
7259faa test: css hacks ([1.0] Plugin packaging file structure gatsbyjs/gatsby#858)
5e6034c feat: allow to filter import at-rules ([1.0] Add support for removing nodes gatsbyjs/gatsby#857)
5e702e7 feat: allow filtering urls ([1.0] Perhaps use jest-validate instead of Joi for validating config gatsbyjs/gatsby#856)
9642aa5 test: css stuff (perfixLink should add any required trailing slashes gatsbyjs/gatsby#855)
3338656 fix: reduce number of require for url (harshini portfolio website built with gatsby added in the readme file gatsbyjs/gatsby#854)
533abbe test: issue 636 (Creating a sidebar menu for accessing markdown headers as sections gatsbyjs/gatsby#853)
08c551c refactor: better warning on invalid url resolution (1.0 gatsbyjs/gatsby#852)
b0aa159 test: issue Added damianmullins.com to sites built with Gatsby gatsbyjs/gatsby#589 (Only setup the integration with Redux devtools if dev sets env var gatsbyjs/gatsby#851)
f599c70 fix: broken unucode characters (CLI Utils for Gatsby devs/admins? gatsbyjs/gatsby#850)
1e551f3 test: issue 286 (Move remotedev server to npm script instead of always starting gatsbyjs/gatsby#849)
419d27b docs: improve readme ([1.0] improve typescript config gatsbyjs/gatsby#848)
d94a698 refactor: webpack-default (Update README.md gatsbyjs/gatsby#847)
b97d997 feat: schema options
453248f fix: support module resolution in composes ([1.0] gatsby-plugin-sass available gatsbyjs/gatsby#845)
8a6ea10 refactor: postcss plugins (Add SameMoment blog gatsbyjs/gatsby#844)
fdcf687 fix: url resolving logic (bad woff path for icons gatsbyjs/gatsby#843)
889dc7f feat: allow to disable css modules and disable their by default (Add gatsby-starter-undefined to list of starters. gatsbyjs/gatsby#842)
ee2d253 test: importLoaders option ([1.0] Add Hacker News data source plugin as well as a HN clone site gatsbyjs/gatsby#841)
1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) ([1.0] gatsby-plugin-typescript fails without tsconfig.json gatsbyjs/gatsby#840)
fe94ebc test: icss reserved keywords (Convert config back to JS gatsbyjs/gatsby#839)
9eaba66 refactor: migrate on message api for postcss-icss-plugin (Support page data declared as named exports gatsbyjs/gatsby#838)

See the full diff

Package name: debug

The new version differs by 33 commits.

13abeae Release 2.6.9
f53962e remove ReDoS regexp in %o formatter (Topics/clean starter gatsbyjs/gatsby#504)
52e1f21 Release 2.6.8
2482e08 Check for undefined on browser globals (Don't re render on hash anchors from markdown wrapper gatsbyjs/gatsby#462)
6bb07f7 release 2.6.7
15850cb Fix Regular Expression Denial of Service (ReDoS)
4a6c85c update "debug" to v1.0.0 (HMR in production build? gatsbyjs/gatsby#454)
b68dbf8 Fix typo (Add Loanpal as a sponsor gatsbyjs/gatsby#455)
1351d2f Inline extend function in node implementation (Redirect from non-slash to slash page in development gatsbyjs/gatsby#452)
c211947 update version for component
14df14c release 2.6.5
cae07b7 cleanup browser tests and fix null reference check on window.documentElement.style.WebkitAppearance (New themes/example sites for 1.0 gatsbyjs/gatsby#447)
f311b10 release 2.6.4
1f01b70 Fix bug that would occure if process.env.DEBUG is a non-string value. (Thoughts on querying Markdown AST for custom rendering gatsbyjs/gatsby#444)
2f3ebf4 Update CHANGELOG.md
f5ae332 Update CHANGELOG.md
9742c5f chore(): ignore bower.json in npm installations. (Add talk from ViennaJS gatsbyjs/gatsby#437)
27d93a3 update "debug" to v0.7.3
9dc30f8 release 2.6.3
0fb8ea4 LocalStorage returns undefined for any key not present (1.0 improving performance and scalability gatsbyjs/gatsby#431)
ce4d93e changelog fix
017a9d6 release 2.6.2
23bc780 fix DEBUG_MAX_ARRAY_LENGTH
065cbfb Add backers and sponsors from Open Collective (Add note to README pointing to 1.0 issue gatsbyjs/gatsby#422)

See the full diff

Package name: front-matter

The new version differs by 50 commits.

90d23d1 4.0.1
f71652c Fix case of `allowUnsafe` in boolean coercion
80ff5d4 Merge branch 'tyankatsu0105-test/add-declaration-test'
2d1bd3f feat: add options args to fm
854bab6 chore: remove unused file
f4d091f test: add typescript description test
0ec3a2c 4.0.0
5e574da Merge branch 'peterbe-65-yamlsafeload'
188b598 Merge branch '65-yamlsafeload' of git://github.com/peterbe/front-matter into peterbe-65-yamlsafeload
331fff5 update .travis.yml
9658b13 feedbacked
b87b7d9 and readme
7887a05 feedbacked
60b3b67 readme update
1d9094f yaml.safeLoad()
eaf33a5 3.2.1
7c4156c Merge branch 'mourner-patch-1'
0058684 smaller published size
c50fd45 Update my email
9a31548 3.2.0
979dc2d Merge branch 'tyankatsu0105-master'
fb81da2 chore: update declaration
3c53424 chore: declaration
af399ef 3.1.0

See the full diff

Package name: hapi

The new version differs by 250 commits.

faacf02 deps and passthrough validation error. Closes update gatsby-source-drupal to match new json api endpoint gatsbyjs/gatsby#3136. Closes question: does gatsby still render a page if its data dependencies are unchanged? gatsbyjs/gatsby#3137. Closes I want to add a demo website（it is my blog）…… gatsbyjs/gatsby#3138. Closes [gatsby-source-contentful] Errors due to missing fields in GraphQL schema gatsbyjs/gatsby#3139. Closes New Blog Post for 12/06/2017 gatsbyjs/gatsby#3140. Closes Update React tutorial link gatsbyjs/gatsby#3141. Closes New blog post gives error on first load gatsbyjs/gatsby#3142. Closes Set title for posts written as React components gatsbyjs/gatsby#3143. Closes [gatsby-plugin-preact] Fix Preact URL in readme gatsbyjs/gatsby#3144. Closes gatsby-cli: Consider exposing Reporter For Use By Starters and Plugins gatsbyjs/gatsby#3145. Closes Upgrade to Prettier 1.9.1 gatsbyjs/gatsby#3146. Closes Create a 'Awesome Gatsby' page gatsbyjs/gatsby#3147
40dbdc1 Merge pull request Added heml.io gatsbyjs/gatsby#3128 from mikefrey/patch-1
e169ee3 Spelling/grammar fix
af95913 Merge pull request Docs/add markdown page gatsbyjs/gatsby#3111 from hapijs/johnbrett-patch-1
2752e23 add test for multipart payload exceeding byte limit
d870e6a Merge pull request What's the current state of support for URL rewriting? gatsbyjs/gatsby#3113 from danielb2/master
5d1b437 test for strictHeader false
f8e897d Update hapijs/subtext to 4.0.1 from 4.0.0
8aef93a typo
526d5ea Cleanup
fb83094 Merge branch 'master' of github.com:hapijs/hapi
a739abe Allow validating any input. Closes How to build without minifying HTML gatsbyjs/gatsby#3107
6f20a78 Merge pull request using react components gatsbyjs/gatsby#3105 from devinivy/api-deps-on-init
d3ca463 Clarify that plugin deps are enforced during initialize
0cd1b62 Merge pull request Dynamically fetch data from a blog with GraphQL gatsbyjs/gatsby#3068 from kanongil/fast-shutdown
ea04005 version
9e5c889 Fix incorrect entity error message. Closes Document how to implement Gatsby's different APIs gatsbyjs/gatsby#3101
7a47a85 Actively end idle persistent connections on server.stop()
2435a08 Test that server.stop() completes active requests before denying new requests
a123307 Add server.stop() destroy test for in-progress connections
6e80746 Revise server.stop() self close test
ed195fa 13.2.1
23e333e Cleanup for Update example sites to gatsby-plugin-react-helmet v2 gatsbyjs/gatsby#3044
687a378 Merge pull request Update example sites to gatsby-plugin-react-helmet v2 gatsbyjs/gatsby#3044 from csabapalfi/disable-cache-control

See the full diff

Package name: hapi-webpack-plugin

The new version differs by 2 commits.

0e65cbe Merge pull request Generating a sitemap gatsbyjs/gatsby#12 from phulas/master
e5bd7d8 - Updated webpack, webpack-dev-middleware, webpack-hot-middleware to be relatively recent and webpack 2 specific.

See the full diff

Package name: image-webpack-loader

The new version differs by 115 commits.

ce6f669 4.5.0
d0b73ec Merge pull request Building from HTML source gatsbyjs/gatsby#172 from aaboyd/master
e0de6ed Update imagemin dependencies to latest version
c7b50a6 Merge pull request Add nordnet.se/brand to sites built with Gatsby gatsbyjs/gatsby#169 from markwoon/patch-1
b8d9ea2 Remove unnecessary peer dependency
c3bb33f 4.4.0
e41a33e Merge pull request Remove underscore and replace with Lodash gatsbyjs/gatsby#165 from maturanomx/master
de849ec Update `imagemin-pngquant` version
0942611 Merge pull request Add scroll-behavior to restore browser-like scroll behaviors gatsbyjs/gatsby#163 from amilajack/patch-1
757072f Fix failing CI
9b568be Tests against latest node on CI
8f874ac update some packages
6337d3a 4.3.1
605862b Merge pull request Not able to create new gatsby file gatsbyjs/gatsby#157 from goto-bus-stop/dev-webpack
2bcd82f Move webpack-cli to devDependencies
a797c9b 4.3.0
f864e8a Merge pull request Give the user the possibility to implement a 404 componenent gatsbyjs/gatsby#156 from Eterion/master
ea8107f Update of imagemin dependencies
e424808 Disable option for [email protected]
4dcac71 Added package-lock and rm -rf replaced with rimraf for windows compatibility
84f3122 Merge pull request Update README example for modifying Webpack to one that isn't now supported in core gatsbyjs/gatsby#155 from DanielMSchmidt/danielmschmidt/webpack-4-support
ac03972 add support for webpack 4
b30e0fb Merge pull request Gatsby must be installed as a dependency of site gatsbyjs/gatsby#152 from DanielMSchmidt/add-webpack-3
b247cac Merge pull request OPTIMIZATION: Build large sites in parallel gatsbyjs/gatsby#151 from DanielMSchmidt/add-ci

See the full diff

Package name: markdown-it

The new version differs by 234 commits.

d72c68b 12.3.2 released
aca3396 dist rebuild
ffc49ab Fix possible ReDOS in newline rule.
76469e8 12.3.1 released
ae5a243 dist rebuild
1cd8a51 Fix tab preventing paragraph continuation in lists
830757c Fix spelling error in question Github Template (Small bug fixes gatsbyjs/gatsby#835)
2e31d34 12.3.0 released
393354c Dist rebuild
8564eed Dev deps bump
24abaa5 Improve emphasis algorithm
e07a9dd typo fix
6e2de08 12.2.0 released
08827d6 dist rebuild
8bcc82a Parser: Set ordered list_item_open token info to input marker.
77fb937 Add pathological test from cmark
e5986bb Always suffix indented code block with a newline
13cdeb9 12.1.0 released
13d8335 Dist rebuild
eed156e Fix emphasis algorithm as per 0.30 spec
0b14fa0 Update CommonMark spec to 0.30
064d602 Updated highlight.js usage info
df4607f 12.0.6 released
e5b0eb3 dist rebuild

See the full diff

Package name: node-sass

The new version differs by 250 commits.

918dcb3 Lint fix
0a21792 Set rejectUnauthorized to true by default (update docs org gatsbyjs/gatsby#3149)
e80d4af chore: Drop EOL Node 15 ([gatsby-image] Support image loading with JavaScript disabled gatsbyjs/gatsby#3122)
d753397 feat: Add Node 17 support (Using YML files as Markdown gatsbyjs/gatsby#3195)
dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0
bfa1a3c build(deps): bump actions/setup-node from 2.4.0 to 2.4.1
80d6c00 chore: Windows x86 on GitHub Actions (Add Gatsby Project to Showcase Section gatsbyjs/gatsby#3041)
566dc27 build(deps-dev): bump fs-extra from 0.30.0 to 10.0.0 (Gatsby doesn't extract graphql from TypeScript files gatsbyjs/gatsby#3102)
7bb5157 build(deps): bump npmlog from 4.1.2 to 5.0.0 ([gatsby-remark-code-repls] Add Ramda REPL gatsbyjs/gatsby#3156)
2efb38f build(deps): bump chalk from 1.1.3 to 4.1.2 (Rough draft of instructions for adding tags/categories gatsbyjs/gatsby#3161)
fca5257 build(deps): bump actions/setup-node from 2.3.0 to 2.4.0
6200b21 docs: Double word "support" (Consider removing words that shouldn't be used in educational writing from the docs (simply, easily, just) gatsbyjs/gatsby#3159)
eaf791a build(deps): bump actions/setup-node from 2.1.5 to 2.3.0
16b8d4b build(deps): bump coverallsapp/github-action from 1.1.2 to 1.1.3
c167004 6.0.1
911d4db remove mkdirp dep (Updates sitemap example URL gatsbyjs/gatsby#3108)
30a52f7 build(deps): bump meow from 3.7.0 to 9.0.0
7e08463 build(deps-dev): bump mocha from 8.4.0 to 9.0.1
cfcbb2c chore: Use default Apline version from docker-node (Can't use graphql in onCreateNode gatsbyjs/gatsby#3121)
886319b chore: Drop Node 10 support
c908f4f fix: Bump OSX minimum to 10.11
8ab02da fix: Remove old compiler gyp settings
3d7b9d0 chore: Add Node 16 support
4115e9d build(deps): bump actions/setup-node from v2.1.4 to v2.1.5

See the full diff

Package name: postcss-cssnext

The new version differs by 29 commits.

03b6017 3.0.0
cf9fb19 Docs: fix chalk update issue
b7d6ffd Merge pull request Enable hot reloading of imported stylesheets gatsbyjs/gatsby#400 from MoOx/postcss6-upgrade
1781dc7 Docs: Fix id of overflow wrap property in index (Add publicPath to build-javascript and build-html gatsbyjs/gatsby#393)
8b99180 Ensure a version of caniuse-db that includes css-image-set (Add Outcomes.com to README gatsbyjs/gatsby#380)
db0f0fa Add a warning for custom property sets that are going to be removed + an option to hide the warning
cc7c864 Change: support node4+ up to 8
7bb55c1 chore: add package-lock.json and yarn.lock files
20ae74d Change: upgrade to PostCSS 6
af5f9c1 Change link to custom media queries specification
974e40b Fix PR link
ed02dc8 2.11.0
b6f4796 Fix "Unknow browserslist" error
480687c Add browsers for testing new futures
e7cb40b Merge pull request Pin eslint a11y plugin until move to eslint 3 gatsbyjs/gatsby#369 from Semigradsky/patch-1
08dd185 Merge pull request dynamic pages? gatsbyjs/gatsby#373 from SuperOl3g/master
2ca6df0 Fix failed tests.
a1f8143 update image-set-polyfill package version
4c982cd Added: postcss-image-set-polyfill (Cannot find module "wrappers/md" gatsbyjs/gatsby#43)
5200ff2 Add `caniuse-db` as peer dependency.
d3b21c1 Update features-activation-map
6577f6c 2.10.0
951b81d Added: new deactivation rules in features map (Check port gatsbyjs/gatsby#345)
fe6d852 Merge pull request Add dynamicext.com site example to README gatsbyjs/gatsby#342 from JLHwung/add-postcss-font-family-system-ui

See the full diff

Package name: postcss-import

The new version differs by 74 commits.

aae7db3 12.0.0
d9bc09f Update eslint-config-i-am-meticulous to version 11.0.0 (Ask User to use new port if in Use gatsbyjs/gatsby#371)
3868ce2 Update postcss-scss to version 2.0.0 (Upgrade to 0.12.1 is causing performance issues while building gatsbyjs/gatsby#370)
1c40a5f Update prettier to version 1.14.0 (dynamic pages? gatsbyjs/gatsby#373)
8c8c7ec Update eslint to version 5.0.0 (url / issue gatsbyjs/gatsby#364)
92e38d7 Drop Node 4 from AppVeyor
9cd2953 Use PostCSS 7 & drop support for Node.js 4 (Update README.md gatsbyjs/gatsby#372)
84d35e2 Update prettier to version 1.13.5 (Out of memory with lots of files (1000+) under AWS Lambda gatsbyjs/gatsby#363)
7127b77 Update eslint-config-i-am-meticulous to version 10.0.0 (Add eslint-loader gatsbyjs/gatsby#362)
fcc31b1 Update npmpub to version 4.0.0 (Update README URLs based on HTTP redirects gatsbyjs/gatsby#360)
c62200b Update eslint-config-i-am-meticulous to version 9.0.0 (add drunkenblog starter gatsbyjs/gatsby#361)
3d9dc49 Update prettier to version 1.13.0 (Whitelist page types + add image loader gatsbyjs/gatsby#357)
f72bdc2 Update prettier to version 1.12.1 (Wrapper vs Template gatsbyjs/gatsby#353)
64ffaa2 Update prettier to version 1.12.0 (Vulnerable Package Dependency: minimatch gatsbyjs/gatsby#352)
af2747d Update prettier to version 1.11.0 (Update dependencies gatsbyjs/gatsby#346)
a941757 11.1.0
5a99783 Add Filter Parameter (Add test for installing starter using 'gatsby new' gatsbyjs/gatsby#327)
7c863ea Update eslint-config-i-am-meticulous to version 8.0.0 (Add React Gravatar's website gatsbyjs/gatsby#344)
78c0832 Update ava to version 0.25.0 (fix: route update hook gets current location from listener gatsbyjs/gatsby#343)
2949578 Silence postcss warnings in tests
d5e0f10 Update .gitignore
7ab52b7 Add tests for importing sub-files/directories from npm packages (Set NODE_ENV=production on node process when running "gatsby build" gatsbyjs/gatsby#337)
df611c2 Update eslint to version 4.16.0 (Sourcemap settings for UglifyJsPlugin in build gatsbyjs/gatsby#336)
b53e7f5 Update prettier to version 1.10.2 (Ignoring *.swp file types when using gatsby develop gatsbyjs/gatsby#333)

See the full diff

Package name: postcss-loader

The new version differs by 205 commits.

7647ac9 chore(release): 3.0.0
313c3c4 docs(README): update filename formatting
d6931da refactor(Error): add `error` property checks
962b1d6 refactor(options): remove `ident` from validation schema
1f98aee refactor(Warning): add `warning` property checks
95de4c1 docs(LOADER): update JSDoc
ea68a42 chore(package): update `schema-utils` v0.4.5...1.0.0 (`dependencies`)
73a8c66 chore(ISSUE_TEMPLATE/DOCS): add template for documentation issues
70f4426 chore(ISSUE_TEMPLATE/FEATURE): add feature request template
4a0328e chore(ISSUE_TEMPLATE/BUG): move bug reports into their own template
319d1f7 chore(PULL_REQUEST_TEMPLATE): improve format and content
bdcbef0 refactor(src): update code base with latest ES2015+ features
f34954f fix(index): add ast version (`meta.ast`)
8ac6fb5 fix(index): emit `warnings` as an instance of `{Error}`
2c6033b test(Errors): remove stacktrace from snapshot
549ea08 fix(options): improved `ValidationError` messages
fbf05de test: replace helpers with `@ webpack-utilities/test` (Anchor Links, part 2 gatsbyjs/gatsby#386)
daa0da8 chore(package): update `postcss` v6.0.0...7.0.0 (`dependencies`) (Add DOSH to list of example sites in README gatsbyjs/gatsby#375)
114db12 docs(README): add autoprefixing example (Add Outcomes.com to README gatsbyjs/gatsby#380)
8772814 style(standard): fix linting issues
8ef443f ci(travis): build stages
6f10898 ci(appveyor): readd Appveyor CI (Integrate Webpack Validator Into Webpack.Config.js gatsbyjs/gatsby#381)
0bb835c ci(package): run tests in an explicit environment (`jest --env=node`) (Add Codefellows.org gatsbyjs/gatsby#382)
5e2bca9 docs(README): replace `postcss-cssnext` with `postcss-preset-env` (Fail in cleaner fashion if user runs gatsby develop in a non-gatsby directory gatsbyjs/gatsby#379)

See the full diff

Package name: postcss-reporter

The new version differs by 6 commits.

fa02dbb PostCSS v6
ea2ff31 Prepare 3.0.0
10c11db Add new option to clear messages for others plugins. (Support for pagination and categories/tags gatsbyjs/gatsby#33)
be81a59 Prepare 2.0.0
3141991 Merge pull request Added Babel dependency and configuration for building from ES6 codebase gatsbyjs/gatsby#31 from shouze/issues/30
56a8e5a Should report only error & warning typed messages by default

See the full diff

Package name: tracer

The new version differs by 9 commits.

ee7c3cd v0.8.8
9ef2f0f Merge pull request [email protected] untested ⚠️ gatsbyjs/gatsby#69 from timaschew/patch-1
6312633 fixes Add hash to the bundle filename for better caching gatsbyjs/gatsby#63
aa8e679 Merge pull request [email protected] untested ⚠️ gatsbyjs/gatsby#68 from bryant1410/master
7de3217 Fix broken Markdown headings
d2222b4 Merge pull request Google analytics gatsbyjs/gatsby#64 from earnubs/patch-1
7f7179d fix typo
9696469 travis
71cb9a3 re-publish to nom v0.8.7

See the full diff

Package name: url-loader

The new version differs by 32 commits.

11dce14 docs: Update changelog with nsp advisory
1934507 chore(release): 0.6.0
a1e1fef chore: Fix mime version
d19ee2d chore: update `mime` package to avoid deprecation mime type with `woff` and `woff2` (Enable extension of webpack config by consumers gatsbyjs/gatsby#87)
636ebed feat: add `fallback` option (Replace "gatsby serve" with "gatsby develop" gatsbyjs/gatsby#88)
f3f5fce docs(README): remove confusing `prefix` option (`options.prefix`) (TASK: Update demo sites to latest version and use link helper function gatsbyjs/gatsby#89)
2de70bb docs(README): fix typo in example (Add support for react 0.14 gatsbyjs/gatsby#81)
ced5990 feat(index): add options validation (`schema-utils`) ([email protected] untested ⚠️ gatsbyjs/gatsby#78)
5574ed3 chore(release): 0.5.9
71b2250 chore: Add changelog
88a5f5a chore(pacakge): Add release tooling
99b935f docs(README): standardize ([email protected] untested ⚠️ gatsbyjs/gatsby#77)
e9496b9 fix: `String` not being `base64` encoded (Update markdown-it to version 5.0.0 🚀 gatsbyjs/gatsby#67)
020c2a8 fix: don't default to `0` (`options.limit`) (SyntaxError: Unexpected token ILLEGAL gatsbyjs/gatsby#74)
9356a81 docs(README): fix typesetting, add links ([email protected] untested ⚠️ gatsbyjs/gatsby#75)
de61cbd docs(README): link to webpack 2 docs ([email protected] untested ⚠️ gatsbyjs/gatsby#72)
fae96d7 chore(release): url-loader v0.5.8
2452768 Merge pull request Update all dependencies 🌴 gatsbyjs/gatsby#62 from ryani33/fix-deprecated-warning
841c6c8 fix deprecated warning
75fab90 docs(readme): update maintainers to admin team
8fd2f35 Merge pull request Exit code when module is not found is wrong gatsbyjs/gatsby#58 from simon04/master
0a292a0 Remove license link
adb13b2 Merge pull request Remove backticks gatsbyjs/gatsby#57 from d3viant0ne/d3viant0ne-DocUpdatesForFinal
637f00a chore(readme): Update to webpack standard format

See the full diff

Package name: webpack

The new version differs by 250 commits.

bf4ec9c 3.0.0
9feda63 Merge pull request Wait for images to load before screenshotting gatsbyjs/gatsby#5028 from webpack/feature/externalize_uglify_plugin
49d6e38 Merge pull request resize(rotate: xx) in gatsby-transformer-sharp is not work. gatsbyjs/gatsby#5086 from webpack/ci/node-8
3dcb133 OSX test on node.js 8
f4b8785 Merge pull request Redux, Styled Components and Client-Side Only Error gatsbyjs/gatsby#5012 from webpack/TheLarkInn-patch-1
d26c402 chore(deps): upgrade uglifyjs-webpack-plugin deps to get latest webpack-sources so tests pass
3da4f3e Merge pull request Bump all packages to use babel 7 gatsbyjs/gatsby#5085 from jbellenger/jbellenger/rawmodule-hash
8c9dc14 fix RawModule hashing
c2c5d73 Update README.md
316d4b9 Merge pull request team development workflows gatsbyjs/gatsby#5084 from timse/remove-duplicate-code
ae18552 update test case with changed hash due to less clutter in dependencies
fc20348 unite iteration through modules into one loop
083843e remove code that pushes arrays of dependencies into dependencies
ab636b0 Merge pull request update starter's link (gatsby-advanced-blog) gatsbyjs/gatsby#5075 from andreipfeiffer/master
3b3449c Refactor: use const for non reassignable identifier
2ba0499 3.0.0-rc.2
1769fa2 Merge pull request [gatsby-source-wordpress] Single API endpoint gatsbyjs/gatsby#5064 from webpack/feature/scope-hoisting-multi-entry
a73646a Merge pull request Error when using gatsby-image plugin gatsbyjs/gatsby#5060 from mikesherov/reason-chunks-as-set
28f826a consistent order
8a30188 use Set for ModuleReason chunk rewriting
5d4ba56 Allow scope hoisting to process modules in multiple chunks
d6a7594 harmony modules without exports have no exports instead of unknown
3ae782d Merge pull request [gatsby-source-wordpress] GraphQL Error Unknown type "acf_post_photo" gatsbyjs/gatsby#5049 from KTruong888/ES6_refactoring_multicompiler
18cdba8 4099_ES6 refactor lib/MultiCompiler.js

See the full diff

With a Snyk patch:

Priority Score (*)	Issue	Exploit Maturity
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Proof of Concept
399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:debug:20170905	No Known Exploit
579/1000 Why? Has a fix available, CVSS 7.3	Prototype Pollution npm:extend:20180424	No Known Exploit
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Proof of Concept
636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:lodash:20180130	Proof of Concept
399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:mime:20170907	No Known Exploit
399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:moment:20170905	No Known Exploit
399/1000 Why? Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:ms:20170412	No Known Exploit
589/1000 Why? Has a fix available, CVSS 7.5	Prototype Override Protection Bypass npm:qs:20170213	No Known Exploit
646/1000 Why? Mature exploit, Has a fix available, CVSS 5.2	Uninitialized Memory Exposure npm:stringstream:20180511	Mature
509/1000 Why? Has a fix available, CVSS 5.9	Regular Expression Denial of Service (ReDoS) npm:tough-cookie:20170905	No Known Exploit
576/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.1	Uninitialized Memory Exposure npm:tunnel-agent:20170305	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Snyk] Fix for 59 vulnerabilities #1

[Snyk] Fix for 59 vulnerabilities #1

snyk-bot commented Jan 17, 2022

[Snyk] Fix for 59 vulnerabilities #1

Are you sure you want to change the base?

[Snyk] Fix for 59 vulnerabilities #1

Conversation

snyk-bot commented Jan 17, 2022

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

With a Snyk patch: