[Snyk] Fix for 7 vulnerabilities

[mariasnyk]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • docs/package.json
  • docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	701/1000 Why? Recently disclosed, Has a fix available, CVSS 8.3	Improper Verification of Cryptographic Signature SNYK-JS-ELLIPTIC-8172694	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	No	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Code Injection SNYK-JS-LODASH-1040724	No	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	No	Proof of Concept
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHPARSE-1077067	No	Proof of Concept
	429/1000 Why? Has a fix available, CVSS 4.3	Exposure of Sensitive Information to an Unauthorized Actor SNYK-JS-PHIN-6598077	Yes	No Known Exploit
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Prototype Pollution SNYK-JS-XML2JS-5414874	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

• f1d3f7b chore(release): Publish
• 6e6ea56 chore(release): Publish rc
• df50ce7 fix(gatsby): Add dir=ltr to Fast Refresh overlay (feat(sqllab): Replace FilterableTable by AgGrid Table apache/superset#29900) (The in-memory storage for tracking rate limits apache/superset#29908)
• 83adec5 chore(docs): update readme (Where is this "Select Value" placeholder located in code apache/superset#29837) (Filtered values not appearing/not working after selected from dropdown Post Migration to Latest Superset Version apache/superset#29909)
• b2628da will git stop being weird (feat(explore): Add time shift color control to ECharts apache/superset#29897) (Disabling emit cross-filters for a single chart apache/superset#29907)
• c98c87f chore(release): Publish rc
• c8bf571 fix(gatsby-source-wordpress): image fixes (build(deps): bump chrono-node from 2.7.5 to 2.7.6 in /superset-frontend apache/superset#29813) ([SIP-144] Proposal to Integrate VisActor Visualization Plugin into Superset apache/superset#29886)
• 85bb8ea fix(gatsby-plugin-image): Update peerdeps (Dashboard Permissions: Copy Permalink / URL with Native Filters apache/superset#29880) (Background color - Y axis apache/superset#29888)
• c266b83 fix(gatsby): Remove `react-hot-loader` deps & other unused deps (fix: mypy issue on py3.9 + prevent similar issues apache/superset#29864) (chore(docs): reorder fs users apache/superset#29876)
• 222ca3f fix(gatsby): with some custom babel configs array spreading with Set is not safe (fix: add mutator to get_columns_description apache/superset#29885) (World Map apache/superset#29889)
• ea31900 chore(release): Publish rc
• f070422 fix(gatsby): Fix various small DEV_SSR bugs exposed in development_runtime tests (Change options in Show Entries #records dropdown apache/superset#29720) (chore: pre-matrixify pre-commit check apache/superset#29866)
• cb3b1ca chore: update peerdeps to latest major versions (Duplicated entries in Alerts & Reports execution log apache/superset#29857) (fix(capitalization): Capitalizing a button. apache/superset#29867)
• 8639f7b fix(create-gatsby): Use legacy peer deps (Slack apache/superset#29856) (fix: update celery config imports apache/superset#29862)
• fdc1fe2 fix(gatsby): fix some css HMR edge cases ([SIP-143] Global Async Task Framework apache/superset#29839) (test: testing bumping cached-dependencies apache/superset#29865)
• e8a7e3b fix(gatsby-plugin-preact): fix fast-refresh (Creating thread in superset_config.py freezes app apache/superset#29831) (fix: upgrade_catalog_perms and downgrade_catalog_perms implementation apache/superset#29860)
• e7453c3 fix(gatsby): Improve Fast Refresh overlay styles (perf: Lazy load rehype-raw and react-markdown apache/superset#29855) (fix: mypy fails related to simplejson.dumps apache/superset#29861)
• 76f4f96 chore: upgrade postcss & plugins (Request for Cache Metrics in Apache Superset apache/superset#29793)
• de6cba6 chore(release): Publish rc
• aafe584 fix: query on demand loading indicator always active on preact. (ValueError: Invalid decryption key - multiple superset instance and single database apache/superset#29829) ("user_favorite_tag" table not created after "superset db upgrade" when upgrade superset 3.0.1 to 4.0.2 on docker apache/superset#29836)
• 34f5b8c fix(hmr): accept hot updates for modules above page templates (build(deps): bump query-string from 6.14.1 to 9.1.0 in /superset-frontend apache/superset#29752) (No module named 's3cache' apache/superset#29835)
• b8d21f8 fix(gatsby): workaround graphql-compose issue (feat: frontend webpack proxy support zstd encoding apache/superset#29822) (Scheduling Queries linkback isn't work apache/superset#29834)
• 32fee71 fix(gatsby): eslint linting (perf: Lazy load React Ace apache/superset#29796) (build(deps-dev): bump eslint-plugin-cypress from 2.11.2 to 3.4.0 in /superset-frontend apache/superset#29814)
• bca7951 fix(gatsby-source-wordpress): HTML image regex's (调用DELETE /api/v1/dashboard/ 接口时，一直提示要登录 apache/superset#29778) (build(deps-dev): bump @types/react-syntax-highlighter from 15.5.11 to 15.5.13 in /superset-frontend apache/superset#29816)

See the full diff

Package name: gatsby-plugin-sharp

The new version differs by 250 commits.

• c1e67a2 chore(release): Publish
• 0c45654 chore: remove tracedSVG (#37093) (#37137)
• d7edf95 chore(release): Publish
• 2d00ea0 fix(gatsby-plugin-mdx): Do not leak frontmatter into page (#35859) (#35913)
• 4997d63 chore(release): Publish
• ff94ed5 fix(gatsby-plugin-mdx): don't allow JS frontmatter by default (#35830) (#35834)
• 36f21b0 chore: Removate validate-renovate from v3-latest branch (#34460)
• 1acb1bc chore(release): Publish
• 1589bd8 fix(gatsby): ensure that writing node manifests to disk does not break on Windows (#33853) (#34020)
• 9694010 fix(gatsby-source-drupal): Ensure all new nodes are created before creating relationships (#33864) (#34019)
• 76deb39 fix(gatsby-source-drupal): searcParams missing from urls (#33861) (#34018)
• f74cc8f feat(gatsby-source-drupal): Add node manifest support for previews (#33683) (#34017)
• 476a591 chore(release): Publish
• 35b48f8 fix(gatsby-plugin-image): GatsbyImage not displaying image in IE11 (#33416) (#33806)
• 880022e fix(gatsby-plugin-image): flickering when state changes (#33732) (#33807)
• c0d07e7 feat(gatsby-source-wordpress): Update supported-remote-plugin-versions.ts (#33801) (#33804)
• 3d9a702 chore(release): Publish
• 84053a2 fix(gatsby-plugin-sharp): pass input buffer instead of readStream when processing image jobs (#33685) (#33703)
• 4722a0d fix(gatsby-source-drupal): Add timeout in case of stalled API requests (#33668) (#33705)
• 857a628 fix(gatsby): single page node manifest accuracy (#33642) (#33698)
• 6bfd0f1 Properly set the pathPrefix and assetPrefix in the pluginData (#33667) (#33702)
• 26c51c0 fix(gatsby-source-drupal): cache backlink records (#33444) (#33701)
• b80c53a fix(gatsby-source-drupal): Correctly update nodes with changed back references so queries are re-run (#33328) (#33699)
• e29a194 chore: use gatsby-dev-cli@latest-v3 in tests

See the full diff

Package name: gatsby-transformer-sharp

The new version differs by 250 commits.

• c1e67a2 chore(release): Publish
• 0c45654 chore: remove tracedSVG (#37093) (#37137)
• d7edf95 chore(release): Publish
• 2d00ea0 fix(gatsby-plugin-mdx): Do not leak frontmatter into page (#35859) (#35913)
• 4997d63 chore(release): Publish
• ff94ed5 fix(gatsby-plugin-mdx): don't allow JS frontmatter by default (#35830) (#35834)
• 36f21b0 chore: Removate validate-renovate from v3-latest branch (#34460)
• 1acb1bc chore(release): Publish
• 1589bd8 fix(gatsby): ensure that writing node manifests to disk does not break on Windows (#33853) (#34020)
• 9694010 fix(gatsby-source-drupal): Ensure all new nodes are created before creating relationships (#33864) (#34019)
• 76deb39 fix(gatsby-source-drupal): searcParams missing from urls (#33861) (#34018)
• f74cc8f feat(gatsby-source-drupal): Add node manifest support for previews (#33683) (#34017)
• 476a591 chore(release): Publish
• 35b48f8 fix(gatsby-plugin-image): GatsbyImage not displaying image in IE11 (#33416) (#33806)
• 880022e fix(gatsby-plugin-image): flickering when state changes (#33732) (#33807)
• c0d07e7 feat(gatsby-source-wordpress): Update supported-remote-plugin-versions.ts (#33801) (#33804)
• 3d9a702 chore(release): Publish
• 84053a2 fix(gatsby-plugin-sharp): pass input buffer instead of readStream when processing image jobs (#33685) (#33703)
• 4722a0d fix(gatsby-source-drupal): Add timeout in case of stalled API requests (#33668) (#33705)
• 857a628 fix(gatsby): single page node manifest accuracy (#33642) (#33698)
• 6bfd0f1 Properly set the pathPrefix and assetPrefix in the pluginData (#33667) (#33702)
• 26c51c0 fix(gatsby-source-drupal): cache backlink records (#33444) (#33701)
• b80c53a fix(gatsby-source-drupal): Correctly update nodes with changed back references so queries are re-run (#33328) (#33699)
• e29a194 chore: use gatsby-dev-cli@latest-v3 in tests

See the full diff

Package name: theme-ui

The new version differs by 250 commits.

• 6f37cdd v0.6.0
• 8ff0379 docs: change version in readme
• d8b715d chore: update snapshots
• 0c6d050 Merge branch 'develop' into stable
• 949cbcf chore(docs): remove comma
• ac60158 chore: write more on migrating
• 7e3afbb refactor(theme-provider): remove unused import
• 15c7a0b chore: describe color mode flash fix in changelog
• 4b34c2c Merge branch '0.6-stable' into develop
• ac304c7 chore: make contributors table narrower
• c1a2c09 Merge pull request add oracle time_grains apache/superset#1544 from system-ui/chores
• 6b11630 fix(color-modes): stop mutating theme
• 469dc4a feat(core): export internal base provider
• 9c3c7db fix(editor): fix colors logic
• 6652bb1 chore: we must run prepare before publish, because Lerna does not build in order
• 7f8f796 Merge branch 'develop' into chores
• a368159 fix(editor): make editor demo work (broken for a longer time)
• ed94681 fix(color-modes): read correct color mode name
• 00cd0e6 refactor(docs): format themed.mdx, add title to styled.mdx
• 79a678c chore: bump Gatsby peer dep again
• 2bbfea7 Revert "chore: bump Gatsby peer dep"
• d52e4ec chore: write migration notes for 0.6
• c0f6551 Merge pull request Bogdan/query status polling apache/superset#1453 from atanasster/css-vars-remove-defaults
• 8433b4e feat(types): rename ContextValue to ThemeUIContextValue

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Code Injection
🦉 Prototype Pollution