[Snyk] Fix for 17 vulnerabilities

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • starters/gatsby-starter-blog-theme/package.json
  • starters/gatsby-starter-blog-theme/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	616/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.9	Server-Side Request Forgery (SSRF) SNYK-JS-AXIOS-1038255	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-1579269	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-ENGINEIO-1056749	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	704/1000 Why? Has a fix available, CVSS 9.8	Prototype Pollution SNYK-JS-LODASH-590103	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-NTHCHECK-1586032	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Command Injection SNYK-JS-REACTDEVUTILS-1083268	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	No	Proof of Concept
	726/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.1	Arbitrary Code Injection SNYK-JS-XMLHTTPREQUESTSSL-1082936	No	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Access Restriction Bypass SNYK-JS-XMLHTTPREQUESTSSL-1255647	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

• 8d07242 chore(release): Publish
• 0790895 chore(gatsby): Update README (chore(gatsby): Update README gatsbyjs/gatsby#33615)
• 06760d7 chore(gatsby): Change comment format in actions/public (chore(gatsby): Change comment format in actions/public gatsbyjs/gatsby#33592)
• 7d66a23 feat(gatsby): capture number of ssg,dsg,ssr pages in telemetry (feat(gatsby): capture number of ssg,dsg,ssr pages in telemetry gatsbyjs/gatsby#33337)
• 98a843c fix(gatsby): use lmdb.removeSync so getNode can't return deleted nodes (fix(gatsby): use lmdb.removeSync so getNode can't return deleted nodes gatsbyjs/gatsby#33554)
• 4d8e40b fix(gatsby-source-wordpress): Add steps for `refetch_ALL` (fix(gatsby-source-wordpress): Add steps for refetch_ALL gatsbyjs/gatsby#33264)
• 4761dc3 fix(gatsby): restore onPreBuild to being called right after bootstrap finishes (fix(gatsby): restore onPreBuild to being called right after bootstrap finishes gatsbyjs/gatsby#33591)
• 1cdbab6 fix(deps): update starters and examples gatsby packages to ^3.14.3 (fix(deps): update starters and examples gatsby packages to ^3.14.3 gatsbyjs/gatsby#33553)
• 0f421db chore(release): Publish next
• 7d6a0aa fix(gatsby): fix page-tree in ink-cli (fix(gatsby): fix page-tree in ink-cli gatsbyjs/gatsby#33579)
• 3993819 chore(gatsby): Add `assetPrefix` to `IGatsbyConfig` (chore(gatsby): Add assetPrefix to IGatsbyConfig gatsbyjs/gatsby#33575)
• 6cc964a fix(gatsby-source-wordpress): restore PQR support (fix(gatsby-source-wordpress): restore PQR support gatsbyjs/gatsby#33590)
• 9eef270 specifying what actually changed (specifying what actually changed gatsbyjs/gatsby#33452)
• 2975c4d feat(gatsby,gatsby-link): add queue to prefetch (feat(gatsby,gatsby-link): add queue to prefetch gatsbyjs/gatsby#33530)
• 68fe836 fix(gatsby): temporary workaround for stale jobs cache (fix(gatsby): temporary workaround for stale jobs cache gatsbyjs/gatsby#33586)
• a800d9d fix(gatsby): Update internal usage of .runQuery (fix(gatsby): Update internal usage of .runQuery gatsbyjs/gatsby#33571)
• 677760c chore(docs): Clarify SEO component guide (chore(docs): Clarify SEO component guide gatsbyjs/gatsby#33451)
• ccca4b3 fix(gatsby): only remove unused code when apis got removed (fix(gatsby): only remove unused code when apis got removed gatsbyjs/gatsby#33527)
• 8dbf550 fix(gatsby): assign correct parentSpans to PQR activities (fix(gatsby): assign correct parentSpans to PQR activities gatsbyjs/gatsby#33568)
• 31d5a5e fix(gatsby-dev-cli): resolve correct versions of packages with unpkg (fix(gatsby-dev-cli): resolve correct versions of packages with unpkg gatsbyjs/gatsby#33551)
• 5110074 fix(gatsby-plugin-gatsby-cloud): emit file nodes after source updates (fix(gatsby-plugin-gatsby-cloud): emit file nodes after source updates gatsbyjs/gatsby#33548)
• d2329df fix(gatsby): make sure 404 and 500 page inherit stateful status from original page (fix(gatsby): make sure 404 and 500 pages inherit stateful status from original page gatsbyjs/gatsby#33544)
• 68e5b90 chore(docs): Update query var in part-7 tutorial (chore(docs): Update query var in part-7 tutorial gatsbyjs/gatsby#33559)
• a8cab55 chore(gatsby-plugin-react-helmet): Update Examples (chore(gatsby-plugin-react-helmet): Update Examples gatsbyjs/gatsby#33552)

See the full diff

Package name: gatsby-theme-blog

The new version differs by 26 commits.

• a9dd4d1 chore(release): Publish
• ca08c16 feat: upgrade to gatsby v4 ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #149)
• 692499e BREAKING: v3 ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #112)
• c05f29d chore: Revert to push again
• e6d333c chore(release): Publish
• 8f1ba38 feat(gatsby-theme-blog-core): Support filter, limit options ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #98)
• 335eb8e chore: Run Cypress on push & PR
• 1b9267f chore(release): Publish
• dd7d0a6 chore: Dependency maintenance ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #107)
• 069fb47 chore(release): Publish
• 107c28e fix(gatsby-theme-i18n-react-i18next): default options typo ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #96)
• 6ff5c7a chore(release): Publish
• 003cd70 chore: Linting
• 7b3b008 chore(release): Publish
• 60d8928 fix(gatsby-theme-blog): Remove console.log
• 25e76f5 chore(release): Publish
• c2b71f9 chore: One more .org to .com change
• 0c2f843 chore: Change .org links to .com
• e6a3b30 fix(gatsby-theme-i18n): Correct HTML lang ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #92)
• 631ae27 feat(gatsby-theme-i18n): Add "prefixDefault" option ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #75)
• 6dd2936 Added post-hero-caption component and relevant mdx properties, with example usage ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #95)
• fead1c2 Fix incorrect path in documentation ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #86)
• 212d7b3 Add frontmatter imageAlt to fieldData ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #85)
• 1ddd07c add small tests to check that notes pages from theme render ([Snyk] Security upgrade gatsby from 2.32.13 to 3.13.0 #77)

See the full diff

Package name: theme-ui

The new version differs by 250 commits.

• 348177b Bump version to: v0.13.0 [skip ci]
• 438b6f9 Update contributors [skip ci]
• 2f9f1b4 Update CHANGELOG.md [skip ci]
• f5179e1 fix: add missing deepmerge dependency
• 3455f98 docs: Write migration notes for v0.13
• 8cb18ce Merge branch 'develop' into stable
• f87d93c docs: Add 3 new projects to Resources page
• 0278b14 Bump peerDependency in `gatsby-plugin-theme-ui`
• 07e067c Merge pull request [Snyk] Security upgrade gatsby-transformer-remark from 2.16.1 to 5.25.1 #1867 from system-ui/peer-deps
• 7d0e51f Merge pull request chore(deps): bump devcert from 1.2.0 to 1.2.2 in /starters/gatsby-starter-blog-theme-core #2027 from system-ui/dependabot/npm_and_yarn/cypress-9.1.0
• 5a14694 chore(ci): run eslint --quiet in GH Actions
• 9f9e09b fix(eslint): Add import/no-extraneous-dependencies and fix bad imports
• a0fc7a2 Merge branch 'develop' into peer-deps
• a8c148b docs: Add indivorg/theme to resources
• 73b00cf docs: Add next-theme-ui
• 22da26c chore(deps): bump next from 11.1.2 to 11.1.3 in /examples/next
• fa1fea4 Merge pull request chore(deps): bump devcert from 1.2.0 to 1.2.2 in /starters/gatsby-starter-blog-theme #2028 from system-ui/dependabot/npm_and_yarn/babel-jest-27.4.2
• b383c11 chore(deps-dev): bump babel-jest from 27.3.1 to 27.4.2
• 00eaf28 chore(deps): bump cypress from 9.0.0 to 9.1.0
• cd6c461 Merge pull request chore(deps): bump devcert from 1.2.0 to 1.2.2 in /starters/gatsby-starter-theme #2032 from system-ui/dependabot/npm_and_yarn/jest-27.4.2
• 13374c7 Merge pull request chore(deps): bump fast-json-patch from 3.0.0-1 to 3.1.1 #2033 from system-ui/dependabot/npm_and_yarn/esbuild-0.14.1
• 2a87274 chore(deps-dev): bump postcss from 8.3.11 to 8.4.4
• 1c681ca chore(deps): bump type-fest from 2.5.4 to 2.7.0
• 025b607 chore(deps-dev): bump prettier from 2.4.1 to 2.5.0

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic