[Snyk] Fix for 29 vulnerabilities

[tejzpr]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-AMMO-548920	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-ANSIREGEX-1583908	Yes	Proof of Concept
	679/1000 Why? Has a fix available, CVSS 9.3	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962463	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-COLORSTRING-1082939	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESS-557358	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Arbitrary File Write via Archive Extraction (Zip Slip) SNYK-JS-DECOMPRESSTAR-559095	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-GLOBPARENT-1016905	Yes	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	Open Redirect SNYK-JS-GOT-2932019	Yes	No Known Exploit
	641/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.4	Prototype Pollution SNYK-JS-JSON5-3182856	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASHTEMPLATE-1088054	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-MERGE-1040469	Yes	No Known Exploit
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-MERGE-1042987	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Prototype Pollution SNYK-JS-MINIMIST-2429795	Yes	Proof of Concept
	601/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.6	Prototype Pollution SNYK-JS-MINIMIST-559764	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-POSTCSS-1255640	Yes	Proof of Concept
	479/1000 Why? Has a fix available, CVSS 5.3	Improper Input Validation SNYK-JS-POSTCSS-5926692	Yes	No Known Exploit
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Server-side Request Forgery (SSRF) SNYK-JS-REQUEST-3361831	Yes	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept
	536/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1047770	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1584358	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-1585624	Yes	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVERREGEX-2824151	Yes	Proof of Concept
	646/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.5	Prototype Pollution SNYK-JS-TOUGHCOOKIE-5672873	Yes	Proof of Concept
	589/1000 Why? Has a fix available, CVSS 7.5	Denial of Service (DoS) SNYK-JS-TRIMNEWLINES-1298042	Yes	No Known Exploit
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-UGLIFYJS-1727251	Yes	No Known Exploit
	589/1000 Why? Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-UNSETVALUE-2400660	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-URLREGEX-569472	Yes	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Regular Expression Denial of Service (ReDoS) npm:braces:20180219	Yes	Proof of Concept
	636/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 6.3	Prototype Pollution npm:hoek:20180212	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: css-loader

The new version differs by 191 commits.

• 634ab49 chore(release): 2.0.0
• 6ade2d0 refactor: remove unused file (add a new site starter named guoliim blog starter in README.md gatsbyjs/gatsby#860)
• e7525c9 test: nested url ([1.0] Debugging Gatsby gatsbyjs/gatsby#859)
• 7259faa test: css hacks ([1.0] Plugin packaging file structure gatsbyjs/gatsby#858)
• 5e6034c feat: allow to filter import at-rules ([1.0] Add support for removing nodes gatsbyjs/gatsby#857)
• 5e702e7 feat: allow filtering urls ([1.0] Perhaps use jest-validate instead of Joi for validating config gatsbyjs/gatsby#856)
• 9642aa5 test: css stuff (perfixLink should add any required trailing slashes gatsbyjs/gatsby#855)
• 3338656 fix: reduce number of require for url (harshini portfolio website built with gatsby added in the readme file gatsbyjs/gatsby#854)
• 533abbe test: issue 636 (Creating a sidebar menu for accessing markdown headers as sections gatsbyjs/gatsby#853)
• 08c551c refactor: better warning on invalid url resolution (1.0 gatsbyjs/gatsby#852)
• b0aa159 test: issue Added damianmullins.com to sites built with Gatsby gatsbyjs/gatsby#589 (Only setup the integration with Redux devtools if dev sets env var gatsbyjs/gatsby#851)
• f599c70 fix: broken unucode characters (CLI Utils for Gatsby devs/admins? gatsbyjs/gatsby#850)
• 1e551f3 test: issue 286 (Move remotedev server to npm script instead of always starting gatsbyjs/gatsby#849)
• 419d27b docs: improve readme ([1.0] improve typescript config gatsbyjs/gatsby#848)
• d94a698 refactor: webpack-default (Update README.md gatsbyjs/gatsby#847)
• b97d997 feat: schema options
• 453248f fix: support module resolution in composes ([1.0] gatsby-plugin-sass available gatsbyjs/gatsby#845)
• 8a6ea10 refactor: postcss plugins (Add SameMoment blog gatsbyjs/gatsby#844)
• fdcf687 fix: url resolving logic (bad woff path for icons gatsbyjs/gatsby#843)
• 889dc7f feat: allow to disable css modules and disable their by default (Add gatsby-starter-undefined to list of starters. gatsbyjs/gatsby#842)
• ee2d253 test: importLoaders option ([1.0] Add Hacker News data source plugin as well as a HN clone site gatsbyjs/gatsby#841)
• 1dad1fb feat: reuse postcss ast from other loaders (i.e `postcss-loader`) ([1.0] gatsby-plugin-typescript fails without tsconfig.json gatsbyjs/gatsby#840)
• fe94ebc test: icss reserved keywords (Convert config back to JS gatsbyjs/gatsby#839)
• 9eaba66 refactor: migrate on message api for postcss-icss-plugin (Support page data declared as named exports gatsbyjs/gatsby#838)

See the full diff

Package name: hapi

The new version differs by 236 commits.

• c4593b6 deps. Closes Netlify fails to resolve alias and build fails gatsbyjs/gatsby#2897. Closes Auto-snapshot builds of example sites and test against those gatsbyjs/gatsby#2898. Closes Update the part three of the tutorial gatsbyjs/gatsby#2899. Closes Added Bottender docs to the showcase gatsbyjs/gatsby#2900. Closes [gatsby-remark-copy-linked-files] Fix regression from #2871 with RegExp cannons gatsbyjs/gatsby#2901. Closes Responsive Images (remote) gatsbyjs/gatsby#2902. Closes Added greglobinski.com to the showcase gatsbyjs/gatsby#2903. Closes Convert var to let & Convert Non-strict to strict equality checking gatsbyjs/gatsby#2904. Closes Add "How to GraphQL" to list of showcases gatsbyjs/gatsby#2905. Closes gatsby-link determine when loading is complete gatsbyjs/gatsby#2906. Closes Fix import for loader tests gatsbyjs/gatsby#2907. Closes Use normalize-path so tests pass on windows gatsbyjs/gatsby#2908. Closes Markdown images with space in filename break gatsbyjs/gatsby#2909. Closes Autogenerate alt text for images  gatsbyjs/gatsby#2910. Closes How to connect the magic gatsbyjs/gatsby#2911. Closes gatsby-remark-images does not work gatsbyjs/gatsby#2912. Closes Add gatsby-compression-plugin. gatsbyjs/gatsby#2913. Closes styled-components doesnt work with hot reloading? gatsbyjs/gatsby#2914. Closes "Cannot read property 'jsonName' of undefined" in production gatsbyjs/gatsby#2915. Closes Build Error: WebpackError gatsbyjs/gatsby#2916. Closes [gatsby-source-contentful] Remove default crop focus gatsbyjs/gatsby#2917. Closes Make component-page-creator accessible to developers gatsbyjs/gatsby#2918. Closes Unable to build when using the editions package. gatsbyjs/gatsby#2919. Closes Step one for launching new PR integration testing gatsbyjs/gatsby#2920. Closes gatsby-remark-graph plugin mention gatsbyjs/gatsby#2921. Closes GraphQL query with variable gatsbyjs/gatsby#2922. Closes Large public folder on build gatsbyjs/gatsby#2923
• ca4320e Merge pull request [query-runner] Prevent empty error message for GraphQL errors gatsbyjs/gatsby#2891 from nlindley/payload-test-typo
• 02b6ac7 Fix typo in payload test
• e5da51c Merge branch 'master' of github.com:hapijs/hapi
• 5a0dc49 Remove compount assignments
• 375fe30 Merge pull request gatsby-link add withPrefix to typescript #2887 gatsbyjs/gatsby#2888 from cjihrig/master
• 05f6a26 style fixes
• 635089b Merge pull request gatsby-link: add withPrefix to index.d.ts gatsbyjs/gatsby#2887 from gergoerdosi/node-5
• 86102c7 Test on node v5
• fc503f8 lab 7
• fdf7ed3 Merge pull request Add the API Platform website to the showcase gatsbyjs/gatsby#2885 from gergoerdosi/subtext
• 0cb9143 Update hapijs/subtext to 2.0.2 from 2.0.1
• d3a6cf8 typo
• 47373dd Remove bluebird. Closes gatsby-source-contentful production build breaking if content is removed from Contentful field gatsbyjs/gatsby#2881
• 98d3404 Skip most lifecycle on not found and bad path. Closes There was an error while compiling your site's GraphQL queries" error message gatsbyjs/gatsby#2867
• 7041325 CORS error cases. Closes fix(plugin-feed): remove draft: true query restriction gatsbyjs/gatsby#2868
• 1696838 Replace function with arrow. Closes Sometimes gatsby build doesn't minify the commons-*.js file gatsbyjs/gatsby#2877
• 2aedf38 Merge branch 'master' of github.com:hapijs/hapi
• ca3ee7e Additional => conversions. For Sometimes gatsby build doesn't minify the commons-*.js file gatsbyjs/gatsby#2877
• 1ef09e8 Merge pull request Develop: use req.path to check for static files gatsbyjs/gatsby#2876 from sfabriece/patch-1
• a7b3ad7 Initial transition to arrow functions. For Sometimes gatsby build doesn't minify the commons-*.js file gatsbyjs/gatsby#2877
• 7ec0ae3 Update API.md
• 32cf03c for style change. Closes [gatsby-remark-copy-linked-files] Fix bad copy location with route dir and improve tests gatsbyjs/gatsby#2875
• 38f90bb Replace var with let. Closes Fix remark copy linked files gatsbyjs/gatsby#2874

See the full diff

Package name: hapi-webpack-plugin

The new version differs by 4 commits.

• 1d9544e Merge pull request [Snyk] Fix for 1 vulnerabilities #17 from LiaisonTechnologies/hapi-17
• 446812a Add support for Hapi 17.x
• 0e65cbe Merge pull request [Snyk] Fix for 1 vulnerable dependencies #12 from phulas/master
• e5bd7d8 - Updated webpack, webpack-dev-middleware, webpack-hot-middleware to be relatively recent and webpack 2 specific.

See the full diff

Package name: image-webpack-loader

The new version differs by 205 commits.

• d9cca9b 7.0.0
• 7d91d45 lts not found?
• 8ea85e3 update changelog
• 044ccaf require node 10
• 8d386e2 Merge pull request adds react-mdl as a website built with Gatsby gatsbyjs/gatsby#238 from tcoopman/dependabot/npm_and_yarn/imagemin-mozjpeg-9.0.0
• d0f574c Bump imagemin-mozjpeg from 8.0.0 to 9.0.0
• 73e4acc Merge pull request Fix path rewrite for pages with paths not ending with '/' gatsbyjs/gatsby#259 from tcoopman/dependabot/npm_and_yarn/imagemin-pngquant-9.0.1
• 42b776f Merge pull request Upgrade to React 15 gatsbyjs/gatsby#236 from tcoopman/dependabot/npm_and_yarn/imagemin-webp-6.0.0
• 63b3d18 Merge pull request Make HTML & md wrappers consistent + test html frontmatter gatsbyjs/gatsby#248 from tcoopman/dependabot/npm_and_yarn/webpack-4.44.1
• 953073e Bump imagemin-pngquant from 8.0.0 to 9.0.1
• 12a9da6 Bump webpack from 4.42.0 to 4.44.1
• 569b13c Bump imagemin-webp from 5.1.0 to 6.0.0
• 7fcf273 Merge pull request docs(README): correct HTML capitalization gatsbyjs/gatsby#258 from tcoopman/dependabot/npm_and_yarn/bl-1.2.3
• 2367e00 Merge pull request The development server returns HTML instead of static files if you try to load one directly gatsbyjs/gatsby#255 from tcoopman/dependabot/npm_and_yarn/decompress-4.2.1
• 7714554 Merge pull request Webpack config refactor; CSS now generated with HTML gatsbyjs/gatsby#253 from tcoopman/dependabot/npm_and_yarn/schema-utils-2.7.1
• b601c5c Merge pull request Use H for host option short flag. gatsbyjs/gatsby#247 from tcoopman/dependabot/npm_and_yarn/elliptic-6.5.3
• 96197b4 Merge pull request Add snapgit.com to list of sites gatsbyjs/gatsby#241 from tcoopman/dependabot/npm_and_yarn/webpack-cli-3.3.12
• 5cf2d90 [Security] Bump bl from 1.2.2 to 1.2.3
• 7e4116c Bump schema-utils from 2.6.5 to 2.7.1
• 605a580 Merge pull request Running gatsby through npm script from another directory throws an error gatsbyjs/gatsby#235 from tcoopman/dependabot/npm_and_yarn/imagemin-svgo-8.0.0
• 6fd3a22 [Security] Bump decompress from 4.2.0 to 4.2.1
• c37a782 Merge pull request Test performance of starters gatsbyjs/gatsby#234 from tcoopman/dependabot/npm_and_yarn/imagemin-optipng-8.0.0
• 830a392 Merge pull request webpack loader null gatsbyjs/gatsby#211 from tcoopman/dependabot/npm_and_yarn/imagemin-gifsicle-7.0.0
• 168a70c [Security] Bump elliptic from 6.5.2 to 6.5.3

See the full diff

Package name: less

The new version differs by 250 commits.

• e4f7551 v3.12.0
• 371185c v3.12.0-RC.2 (Add Developer Ecosystem to websites gatsbyjs/gatsby#3540)
• d5aa9d1 Fixes Add KNW Photography to the website showcase gatsbyjs/gatsby#3371 Allow conditional evaluation of function args (Bakers links are switched gatsbyjs/gatsby#3532)
• a722237 Remove lib folder from git (GraphQL Error Error Field "image" must not have a selection since type "String" has no subfields. gatsbyjs/gatsby#3531)
• e0f5c1a Move changelog to root ([gatsby-plugin-nprogress]: Implement a delay option gatsbyjs/gatsby#3530)
• f7bdce7 Duplicate dist files in root for older links (Language format for the date in GraphQL gatsbyjs/gatsby#3529)
• 0925cf1 Test-data module (Property 'to' does not exist on type gatsby-link, Typescript gatsbyjs/gatsby#3525)
• 51fb02b Fixes Layout graphql query data not being passed down to 404 page gatsbyjs/gatsby#3504 / organizes tests (Removes words like 'simple' & 'easy' from docs/www gatsbyjs/gatsby#3523)
• efb76ec Restore nuked scripts (?), replace dependencies (Easy edits based off of observing Eden go thru tutorials gatsbyjs/gatsby#3501) (fix(dev-404-page): route to 404 fails when using plugin-remove-trailing-slashes gatsbyjs/gatsby#3522)
• 2c5e4dd Lerna refactor / TS compiling w/o bundling (plugin-remove-trailing-slashes clashes with dev-404-page gatsbyjs/gatsby#3521)
• a3641e4 Resolve Prevent outputting contentful image url with dimensions greater than 4000px gatsbyjs/gatsby#3398 Add flag to disable sourcemap url annotation ([DOCS] Adding Markdown pages: Remove useless fields gatsbyjs/gatsby#3517)
• e018ba8 fix(Don't throw error if query not in page/layout component fixes #2030 gatsbyjs/gatsby#3294): use loadFileSync when loading plugins with syncImport: true (make ComponentRenderer shouldUpdateComponent return true when props c… gatsbyjs/gatsby#3506)
• 95b9007 Update changelog
• 6238bbc Fixes Example from using-gatsby-image doesn't work gatsbyjs/gatsby#3508 (Add Netlify CMS plugin, related docs gatsbyjs/gatsby#3509)
• 8338366 Update README.md
• 6313bc5 Update changelog
• 53bf877 Remove tree caching in import manager (Search and replace the hostname in URLs. gatsbyjs/gatsby#3498)
• 0f271f3 issue#3481 ignore missing debugInfo (Update Deploy Gatsby page - Gitlab Pages gatsbyjs/gatsby#3482)
• 3bd995b Additional check to avoid evaluating an expression if it is a comment (How should I use non typeface font? gatsbyjs/gatsby#3494)
• 0715d90 fix: Use make-dir instead of mkdirp (Use _.isPlainObject to prevent false Array positives gatsbyjs/gatsby#3490)
• 2634494 Properly exit calc mode after use (update styled-jsx dep in gatsby-plugin-styled-jsx gatsbyjs/gatsby#3493)
• 096dd22 Convert to auto-changelog (Fix typo gatsbyjs/gatsby#3477)
• 842386b Fixes Docs site does not have distinct titles for all pages gatsbyjs/gatsby#3469 - Include tslib dependency (Update CONTRIBUTING.md gatsbyjs/gatsby#3475)
• 1adaadb 3.11.0 (Add cache-control examples to caching docs page gatsbyjs/gatsby#3468)

See the full diff

Package name: node-sass

The new version differs by 250 commits.

• 3b556c1 7.0.2
• c716359 Bump sass-graph@^4.0.1 (add UX blog post gatsbyjs/gatsby#3292)
• 24741b3 docs(readme): fix docpad plugin link
• 1523330 feat: Drop Node 12
• 365d357 update https://registry.npm.taobao.org to https://registry.npmmirror.com
• 1456114 build(deps): bump actions/upload-artifact from 2 to 3
• b465b69 chore: bump GitHub Actions to Windows 2019 ((docs): add gatsby-plugin-mixpanel to plugins list gatsbyjs/gatsby#3254)
• e6194b1 build(deps): bump make-fetch-happen from 9.1.0 to 10.0.4
• 4edf594 build(deps): bump node-gyp from 8.4.1 to 9.0.0
• 29e2344 build(deps): bump actions/checkout from 2 to 3
• 85b0d22 build(deps): bump actions/setup-node from 2 to 3
• 3bb51da Use make-fetch-happen instead of request (Fix spelling. gatsbyjs/gatsby#3193)
• adc2f8b build(deps): bump true-case-path from 1.0.3 to 2.2.1 (Add gatsby-plugin-hotjar to docs gatsbyjs/gatsby#3000)
• 77d12f0 chore: disable Apline for Node 16/17 builds
• 308d533 ci: use Python 3 for Node 12
• c818907 ci: unpin actions/setup-node to v2
• 99242d7 7.0.1
• 77049d1 build(deps): bump sass-graph from 2.2.5 to 4.0.0 ([gatsby-remark-copy-linked-files] Add support for HTML <audio> gatsbyjs/gatsby#3224)
• c929f25 build(deps): bump node-gyp from 7.1.2 to 8.4.1 (_styledComponents.ServerStyleSheet is not a constructor error gatsbyjs/gatsby#3209)
• 918dcb3 Lint fix
• 0a21792 Set rejectUnauthorized to true by default (update docs org gatsbyjs/gatsby#3149)
• e80d4af chore: Drop EOL Node 15 ([gatsby-image] Support image loading with JavaScript disabled gatsbyjs/gatsby#3122)
• d753397 feat: Add Node 17 support (Using YML files as Markdown gatsbyjs/gatsby#3195)
• dcf2e75 build(deps-dev): bump eslint from 7.32.0 to 8.0.0

See the full diff

Package name: postcss-cssnext

The new version differs by 16 commits.

• 7730660 3.0.1
• 483b81f Fixed: specify the actual require peer dependency for caniuse database (caniuse-lite is used since latest caniuse-api latest major bump)
• 50557fa Fixed: bump dependencies not updated to PostCSS@6
• efb7100 Update babel config + some devDeps to be able to build website
• 69169ac update package-lock.json to 3.0.0
• 03b6017 3.0.0
• cf9fb19 Docs: fix chalk update issue
• b7d6ffd Merge pull request Enable hot reloading of imported stylesheets gatsbyjs/gatsby#400 from MoOx/postcss6-upgrade
• 1781dc7 Docs: Fix id of overflow wrap property in index (Add publicPath to build-javascript and build-html gatsbyjs/gatsby#393)
• 8b99180 Ensure a version of caniuse-db that includes css-image-set (Add Outcomes.com to README gatsbyjs/gatsby#380)
• db0f0fa Add a warning for custom property sets that are going to be removed + an option to hide the warning
• cc7c864 Change: support node4+ up to 8
• 7bb55c1 chore: add package-lock.json and yarn.lock files
• 20ae74d Change: upgrade to PostCSS 6
• af5f9c1 Change link to custom media queries specification
• 974e40b Fix PR link

See the full diff

Package name: postcss-import

The new version differs by 11 commits.

• 32470ed 9.0.0
• 7d9099c Merge branch 'v9-dev'
• 7124d43 BREAKING: Remove transform option (Update dependencies gatsbyjs/gatsby#250)
• dfe4c23 Add warning message for deprecated addDependencyTo option (Add a test case for calling --version in CLI gatsbyjs/gatsby#251)
• 9fdde94 BREAKING: Rewrite imported file parsing
• 883669d Reorganize tests
• a15e402 Change resolve behavior (Don't show help when calling --version gatsbyjs/gatsby#249)
• 49cf9be Deprecate addDependencyTo
• dbb2f60 Add docs for dependency message
• 3352a37 BREAKING: File not found is an Error, not a Warning (Use H for host option short flag. gatsbyjs/gatsby#247)
• 0cf36ec BREAKING: Remove pkg-resolve as a dep (Guidance on how to include CNAME file for GitHub Pages gatsbyjs/gatsby#243)

See the full diff

Package name: postcss-reporter

The new version differs by 10 commits.

• 67bd0ef Prepare 5.0.0
• e1f50c0 Drop support for Node 0.12 ([Snyk] Security upgrade node-sass from 3.13.1 to 5.0.0 #42)
• 150897d Move PostCSS from peerDependencies to dependencies
• c33ef36 Add changelog note
• fa02dbb PostCSS v6
• ea2ff31 Prepare 3.0.0
• 10c11db Add new option to clear messages for others plugins. ([Snyk] Security upgrade css-loader from 0.25.0 to 1.0.0 #33)
• be81a59 Prepare 2.0.0
• 3141991 Merge pull request [Snyk] Fix for 2 vulnerabilities #31 from shouze/issues/30
• 56a8e5a Should report only error & warning typed messages by default

See the full diff

Package name: webpack

The new version differs by 250 commits.

• 4be093d 2.2.0
• 2278469 2.2.0-rc.8
• b946eb4 Merge pull request Add Container as a styled div to styled-components doc gatsbyjs/gatsby#3988 from malstoun/bug/2664
• 260e413 Merge pull request [www] Add 'Upgrading to v2' docs page gatsbyjs/gatsby#3986 from webpack/bugfix/revert_use_of_buffer_dot_from
• 0ec7de9 Fix regression with watch cli opt, add tests for this case
• 72226db add missing disable line
• 4d30675 build fresh yarn.lock file to remove buffer polyfill
• 91c1f35 fix(node): rollback changes of Buffer.from to new Buffer() and bump down travis to 4.3 min node v
• 0b47602 2.2.0-rc.7
• db6ccbc Merge pull request Are there any plans to use @gatsby scope? gatsbyjs/gatsby#3978 from webpack/bugfix/conditional-reexports
• 82a5b03 Merge pull request Allow Gatsby/Contentful to work offline gatsbyjs/gatsby#3977 from malstoun/bug/2664
• fc1a43b Merge pull request Correct add tags page mini-tutorial to not pass in all posts to every tag page but instead query for posts from each tag page gatsbyjs/gatsby#3976 from timse/rely-on-defaults
• a44694a hoist exports declarations too
• 682bde8 Fix lint
• c6d7d90 Add tests
• af8d49e remove defaults values to shave a few bytes
• 9796696 2.2.0-rc.6
• e9bdb05 Merge pull request Adds new starter to docs :) gatsbyjs/gatsby#3971 from webpack/bugfix/fix_available_vars_in_fmtp
• bd45bdc add test case for global in harmony modules
• bfccb20 fix PR
• 5a3a23f fix(nmf): Fix exports for var injection to include free glob exports or arguments
• 437dce4 2.2.0-rc.5
• 91cb1df Merge pull request Investigate using autodll-webpack-plugin for our vendor modules to speed builds gatsbyjs/gatsby#3970 from webpack/ci/appveyor
• 9fd55e5 Merge pull request [v2] Convert babel config loading to same patterns as rest of site with "onCreateBabelConfig" node api & actions setBabelPlugin and setBabelPreset gatsbyjs/gatsby#3969 from webpack/bugfix/issue-3964

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Denial of Service (DoS)
🦉 Open Redirect
🦉 Prototype Pollution
🦉 More lessons are available in Snyk Learn