[Snyk] Security upgrade gatsby-plugin-sharp from 2.3.10 to 2.6.31

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • deps/npm/docs/package.json
  • deps/npm/docs/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-ASYNC-2441827	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby-plugin-sharp

The new version differs by 250 commits.

• 83cd408 chore(release): Publish
• d6f0318 chore: use packlist for cleanup-package-dir (doc: add Gireesh to TSC nodejs/node#26657)
• aa300f4 chore(docs):fixed file names and links in query-execution (doc: update spawnSync() status value possibilities nodejs/node#26680)
• 11ab72a chore(docs): fixed some links in query-execution (timers: remove dead code and simplify args check nodejs/node#26555)
• fed2619 fix(docs): query filters -> update dictionary, code fences, fix code, brand name (http: improve for-loop readability in _http_outgoing.js nodejs/node#26408)
• 7de5f18 add code fences (tools: add and apply eslint rule no-regex-spaces nodejs/node#26409)
• 823e473 fix(docs): schema -> fix 404, remove deleted page from sidebar, apply redirects (doc: fix nits in report docs nodejs/node#26461)
• 21b94df Docs - Remove not inclusive words (src: remove already elevated Isolate namespace nodejs/node#26294)
• 652af04 fix(docs): schema -> code fences, code fix (tools: use dmn@2.2.1 nodejs/node#26462)
• 6b96972 chore(docs): Update GraphQL spelling in README.md (perf_hooks: reset prev_ before starting ELD timer nodejs/node#26693)
• c2aeded fix(gatsby): properly unlock processes onExit ([v11.x] backport warning handler refactoring nodejs/node#26670)
• 93fdc09 fix(gatsby): only enable debugger when argument is given (C++ errors and JS errors format mismatch nodejs/node#26669)
• 7e83ace chore(docs): fix typos (src: fix warning in node_messaging nodejs/node#26682)
• c40434a chore(docs): Fix a typo (add internal documentation nodejs/node#26665)
• 18f6b4d chore(docs): Fix typos (Node REPL broken from 11.10.* to 11.11.* on fish shell nodejs/node#26663)
• dedd37f chore(gatsby-plugin-sharp, gatsby-transformer-sharp): update dependencies (doc: clarify http.ClientRequest path description nodejs/node#26259)
• 7975b91 chore(gatsby-recipes): Add a contributing.md to recipes (timers: refactor timer callback initialization nodejs/node#26583)
• ac72bfb chore(release): Publish
• 703678e Admin/recipes gui (src: remove unused Converter object nodejs/node#26243)
• 04c75bb fix(gatsby): fix error from ts conversion (src: elevate v8 namespaces for PropertyAttribute nodejs/node#26681)
• 25e3a63 fix(gatsby): fix materialization edge case with nullish values (lib: run prepareMainThreadExecution for third_party_main nodejs/node#26677)
• 19020c2 chore(benchmarks): set semver to match any patch/minor for most deps (lib: use const where possible nodejs/node#26679)
• 608f40c chore: cherrypick Renovate updates (Stream this.push and spread operator does not work nodejs/node#26582)
• 6ba68f8 feat(gatsby): Support React 17's new JSX Transform (doc: update the Troubleshooting section of the Collaborator Guide nodejs/node#26652)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

[mistaken-pull-closer]

Thanks for your submission.

It appears that you've created a pull request using one of our repository's branches. Since this is
almost always a mistake, we're going to go ahead and close this. If it was intentional, please
let us know what you were intending and we can see about reopening it.

Thanks again!

[pull-dog]

*Ruff* 🐶 I wasn't able to find any Docker Compose files in your repository at any of the given paths in the pull-dog.json configuration file, or the default docker-compose.yml file 😩 Make sure the given paths are correct.

Files checked:

• docker-compose.yml

What is this?

Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a docker-compose.yml file you specify. It takes 19 seconds to set up (we counted!) and there's a free plan available.

Visit our website to learn more.

Commands

• @pull-dog up to reprovision or provision the server.
• @pull-dog down to delete the provisioned server.

Troubleshooting

Need help? Don't hesitate to file an issue in our repository

Configuration

{
  "isLazy": false,
  "dockerComposeYmlFilePaths": [
    "docker-compose.yml"
  ],
  "expiry": "00:00:00",
  "conversationMode": "singleComment"
}

Trace ID
d20b0ba0-b762-11ec-8059-8e641593c1d6

[guardrails]

⚠️ We detected 31 security issues in this pull request:

Mode: paranoid | Total findings: 31 | Considered vulnerability: 31

Vulnerable Libraries (31)

Severity	Details
High	acorn@7.1.0 (t) - no patch available
Medium	bl@3.0.0 (t) - no patch available
Critical	decompress@4.2.0 (t) - no patch available
High	ini@1.3.5 (t) - no patch available
Medium	hosted-git-info@2.8.5 (t) - no patch available
High	glob-parent@5.1.0 (t) - no patch available
High	jszip@3.5.0 (t) - no patch available
High	kind-of@6.0.2 (t) - no patch available
Medium	ajv@6.10.2 (t) upgrade to: >=6.12.3
Medium	ansi-regex@5.0.0 (t) upgrade to: 3.0.0 || >4.1.0 || 5.0.0
High	bl@3.0.0 (t) upgrade to: >=1.2.3 || =3.0.0
Medium	browserslist@4.8.3 (t) upgrade to: >4.16.4
Medium	cheerio@1.0.0-rc.3 (t) upgrade to: >1.0.0-rc.3
Medium	color-string@1.5.3 (t) upgrade to: >=1.5.5
Critical	decompress@4.2.0 (t) upgrade to: >=4.2.1
High	dot-prop@4.2.0 (t) upgrade to: >=4.2.1
Medium	gatsby-plugin-sharp@2.6.31 upgrade to: >=2.0.30
High	get-urls@8.0.0 (t) upgrade to: >9.2.1
Medium	hosted-git-info@2.8.5 (t) upgrade to: >=2.8.9 || >=3.0.8
High	ini@1.3.5 (t) upgrade to: >=1.3.6
High	kind-of@6.0.2 (t) upgrade to: >6.0.2
High	lodash@4.17.15 (t) upgrade to: >4.17.20
High	mdast-util-to-hast@3.0.4 (t) upgrade to: >6.0.2
Critical	mkdirp@0.5.1 (t) upgrade to: >0.5.1
High	normalize-url@4.5.0 (t) upgrade to: >4.5.0
Medium	path-parse@1.0.6 (t) upgrade to: >=1.0.7
Medium	postcss@7.0.26 (t) upgrade to: >7.0.35
High	postcss-svgo@4.0.2 (t) upgrade to: >5.0.0-rc.2
High	remark@10.0.1 (t) upgrade to: >12.0.1
High	simple-get@3.1.0 (t) upgrade to: >3.1.0
High	tar@5.0.5 (t) upgrade to: >5.0.9

More info on how to fix Vulnerable Libraries in General and JavaScript.

---

👉 Go to the dashboard for detailed results.

📥 Happy? Share your feedback with us.