[Snyk] Security upgrade gatsby from 2.29.1 to 5.0.0#13
[Snyk] Security upgrade gatsby from 2.29.1 to 5.0.0#13
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-GOT-2932019
Socket Security Pull Request ReportDependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again. 📜 Install scriptsInstall scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.
🫣 Native codeContains native code which could be a vector to obscure malicious code, and generally decrease the likelihood of reproducible or reliable installs. Ensure that native code bindings are expected. Consumers may consider pure JS and functionally similar alternatives to avoid the challenges and risks associated with native code bindings.
🧌 Protestware/Troll packageThis package is a joke, parody, or includes undocumented or hidden behavior unrelated to its primary function.
Pull request report summary
Bot CommandsTo ignore an alert, reply with a comment starting with
Powered by socket.dev |
1 participant
Snyk has created this PR to fix one or more vulnerable packages in the `yarn` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Has a fix available, CVSS 5.4
SNYK-JS-GOT-2932019
(*) Note that the real score may have changed since the PR was raised.
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic
Learn how to fix vulnerabilities with free interactive lessons:
🦉 Open Redirect