[Snyk] Security upgrade gatsby-transformer-remark from 2.6.45 to 5.25.1 #91

snyk-bot · 2023-01-13T05:58:07Z

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- deps/npm/docs/package.json
- deps/npm/docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	798/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.1	Arbitrary Code Injection SNYK-JS-GATSBYTRANSFORMERREMARK-3228581	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby-transformer-remark

The new version differs by 250 commits.

4dcca80 chore(release): Publish
59076c8 fix(gatsby-transformer-remark): Disallow JS frontmatter by default (asyncId for unhandled rejected Promise nodejs/node#37244) (Policy scope fix nodejs/node#37298)
48a3db4 fix(gatsby): [rendering engines] use results of exports removal if sourceMap was not generated alongside transformed code (doc: fixed typos in doc/api/deprecations.md and doc/api/diagnostics_channel.md nodejs/node#37282) (ModuleWrap::SyntheticModuleEvaluationStepsCallback should return a Promise nodejs/node#37299)
ea42d7f fix(gatsby): don't output file-loader assets to .cache (fs.copyFile fails with permission denied when source is read-only nodejs/node#37284) (module: make synthetic module evaluation steps return a Promise to support top level await nodejs/node#37300)
2cc9eaf chore(release): Publish
a729764 fix(gatsby-source-wordpress): Add back nodeType field that was removed in last version (crypto: avoid infinite loops in prime generation nodejs/node#37212) (crypto: introduce crypto/promises nodejs/node#37218)
188d3e7 chore(release): Publish
947e11b chore(gatsby-source-wordpress): use wpgql 1.13 in itests (src: fix warning in string_search.h nodejs/node#37146) (#37208)
5e72a5d chore(release): Publish
2dc715d chore: remove tracedSVG (CONTRIBUTING.md nodejs/node#37093) (fs: improve promises.readFile performance nodejs/node#37127)
07c0478 chore(release): Publish
c698f13 fix(gatsby-source-wordpress): WPGraphQL 1.13.0 compatibility (Backport worker.performance.eventLoopUtilization() nodejs/node#37134) (v15.8.0 release proposal nodejs/node#37183)
49cca44 chore(release): Publish
fac9fbc feat(gatsby-source-drupal): Provide proxyUrl in addition to baseUrl to allow using CDN, API gateway, etc. (http: remove unused and undocumented httpAllowHalfOpen nodejs/node#36819) (pipeline causes memory leak when used with async generator nodejs/node#37084)
2bc5902 feat(gatsby-source-wordpress): MediaItem.excludeFieldNames / auto exclude interface types that have no fields (Special threat for outgoing information and for ingoing information trought IPC nodejs/node#37062) (doc,test: fix prime generation description nodejs/node#37085)
1f92e69 fix(gatsby-source-wordpress) pass store for auth (lib: refactor to use validateString nodejs/node#37006) (src: fix dead code in RandomPrimeTraits nodejs/node#37083)
ab793c3 chore(release): Publish
07a126d fix(gatsby): stale node manifests ([Backport v14.x] module: add isPreloading indicator nodejs/node#36988)
288d836 chore(lerna): Use latest-v4 npm dist tag in 4.24 branch (benchmark: improve explanations in R script nodejs/node#36995)
c7b94b5 chore(release): Publish
1926b4e feat(gatsby): handle graphql-import-node bundling (doc: add iansu to collaborators nodejs/node#36951) (deps: upgrade npm to 7.4.2 nodejs/node#36953)
5e5d565 chore(release): Publish
be43418 fix(gatsby): Also clear cache on gatsby version change (doc: change "it's" to "its" where necessary nodejs/node#36913) (test-fs-read-type fails on IBM i nodejs/node#36925)
012761e chore(release): Publish

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Arbitrary Code Injection

…reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-3228581

fix: deps/npm/docs/package.json & deps/npm/docs/package-lock.json to …

611f842

…reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-GATSBYTRANSFORMERREMARK-3228581

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Security upgrade gatsby-transformer-remark from 2.6.45 to 5.25.1 #91

[Snyk] Security upgrade gatsby-transformer-remark from 2.6.45 to 5.25.1 #91

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

[Snyk] Security upgrade gatsby-transformer-remark from 2.6.45 to 5.25.1 #91

Are you sure you want to change the base?

[Snyk] Security upgrade gatsby-transformer-remark from 2.6.45 to 5.25.1 #91

Uh oh!

Conversation

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants