[Snyk] Upgrade gatsby from 5.0.0 to 5.14.1

[X-oss-byte]

Snyk has created this PR to upgrade gatsby from 5.0.0 to 5.14.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 147 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	572	Proof of Concept
	Prototype Pollution SNYK-JS-LOADERUTILS-3043105	572	No Known Exploit
	Uncaught Exception SNYK-JS-SOCKETIO-7278048	572	No Known Exploit
	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-5596892	572	No Known Exploit
	Sandbox Bypass SNYK-JS-WEBPACK-3358798	572	Proof of Concept
	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	572	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	572	Proof of Concept
	Denial of Service (DoS) SNYK-JS-ENGINEIO-3136336	572	No Known Exploit
	Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137	572	Proof of Concept
	Improper Input Validation SNYK-JS-NANOID-8492085	572	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	572	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-3244450	572	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-WEBPACK-7840298	572	Proof of Concept
	Information Exposure SNYK-JS-GATSBYCLI-5671903	572	Proof of Concept
	Denial of Service (DoS) SNYK-JS-GRAPHQL-5905181	572	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	572	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	572	Proof of Concept
	Improper Input Validation SNYK-JS-POSTCSS-5926692	572	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	572	Proof of Concept
	Information Exposure SNYK-JS-GATSBY-5671647	572	Proof of Concept

Release notes

Package name: gatsby

• 5.14.1 - 2024-12-20
• 5.14.0 - 2024-11-06
• 5.14.0-next.4 - 2024-02-20
• 5.14.0-next.3 - 2024-01-23
• 5.14.0-next.2 - 2024-01-05
• 5.14.0-next.1 - 2024-01-04
• 5.14.0-next.0 - 2023-12-15
• 5.14.0-ctf-next.0 - 2024-03-08
• 5.14.0-canary.7 - 2024-02-16
• 5.14.0-alpha-ssr-writestream.3 - 2024-01-25
• 5.14.0-alpha-monorepo-support.17 - 2024-06-04
• 5.14.0-alpha-headers-perf.16 - 2024-05-24
• 5.14.0-alpha-gatsby.9 - 2024-04-29
• 5.14.0-alpha-gatsby.6 - 2024-04-26
• 5.14.0-alpha-fix-ssr-linkfs.5 - 2023-12-21
• 5.14.0-alpha-fix-parcel-segfault.11 - 2024-01-02
• 5.13.7 - 2024-07-12
• 5.13.6 - 2024-05-29
• 5.13.5 - 2024-05-17
• 5.13.4 - 2024-04-10
• 5.13.3 - 2024-01-25
• 5.13.2 - 2024-01-23
• 5.13.1 - 2023-12-22
• 5.13.0 - 2023-12-18
• 5.13.0-next.3 - 2023-12-04
• 5.13.0-next.2 - 2023-11-16
• 5.13.0-next.1 - 2023-08-22
• 5.13.0-next.0 - 2023-07-25
• 5.13.0-alpha-fix-pnpm.21 - 2023-12-20
• 5.13.0-alpha-fix-pnpm.17 - 2023-12-15
• 5.13.0-alpha-fix-pnpm.16 - 2023-12-14
• 5.13.0-alpha-alt-image-cdn.38 - 2023-11-03
• 5.12.12 - 2023-12-07
• 5.12.11 - 2023-11-22
• 5.12.10 - 2023-11-21
• 5.12.9 - 2023-10-26
• 5.12.8 - 2023-10-20
• 5.12.7 - 2023-10-17
• 5.12.6 - 2023-10-09
• 5.12.5 - 2023-09-27
• 5.12.4 - 2023-09-05
• 5.12.3 - 2023-08-28
• 5.12.2 - 2023-08-28
• 5.12.1 - 2023-08-24
• 5.12.0 - 2023-08-24
• 5.12.0-next.1 - 2023-07-03
• 5.12.0-next.0 - 2023-06-15
• 5.11.1-canary-less-lmdb.0 - 2024-12-20
• 5.11.0 - 2023-06-15
• 5.11.0-touch-nodes-fix.4 - 2023-06-14
• 5.11.0-next.1 - 2023-06-05
• 5.11.0-next.0 - 2023-05-16
• 5.10.0 - 2023-05-16
• 5.10.0-next.4 - 2023-05-03
• 5.10.0-next.3 - 2023-04-27
• 5.10.0-next.2 - 2023-04-27
• 5.10.0-next.1 - 2023-04-19
• 5.10.0-next.0 - 2023-04-18
• 5.10.0-infer-block-less.13 - 2023-05-09
• 5.10.0-infer-block-less.12 - 2023-05-09
• 5.10.0-infer-block-less.11 - 2023-05-08
• 5.10.0-infer-block-less.8 - 2023-05-08
• 5.10.0-infer-block-less.7 - 2023-05-05
• 5.10.0-infer-block-less.6 - 2023-05-05
• 5.10.0-infer-block-less.5 - 2023-05-05
• 5.10.0-gatsby-gc.20 - 2023-05-16
• 5.10.0-gatsby-gc.19 - 2023-05-16
• 5.10.0-gatsby-gc.18 - 2023-05-16
• 5.10.0-gatsby-gc.17 - 2023-05-15
• 5.10.0-gatsby-gc.16 - 2023-05-15
• 5.10.0-gatsby-gc.15 - 2023-05-15
• 5.10.0-gatsby-gc.14 - 2023-05-15
• 5.10.0-alpha-adapters.165 - 2023-07-14
• 5.10.0-alpha-adapters.164 - 2023-07-13
• 5.10.0-alpha-adapters.159 - 2023-07-12
• 5.10.0-alpha-adapters.158 - 2023-07-12
• 5.10.0-alpha-adapters.156 - 2023-07-11
• 5.10.0-alpha-adapters.155 - 2023-07-11
• 5.10.0-alpha-adapters.153 - 2023-07-11
• 5.10.0-alpha-adapters.142 - 2023-07-04
• 5.10.0-alpha-adapters.141 - 2023-07-03
• 5.10.0-alpha-adapters.130 - 2023-06-30
• 5.10.0-alpha-adapters.96 - 2023-06-14
• 5.10.0-alpha-adapters.94 - 2023-06-14
• 5.10.0-alpha-adapters.89 - 2023-06-14
• 5.9.1 - 2023-05-09
• 5.9.0 - 2023-04-18
• 5.9.0-touch-nodes-optout.49 - 2023-04-12
• 5.9.0-reduce-contentful-mem-usage.39 - 2023-04-17
• 5.9.0-reduce-contentful-mem-usage.38 - 2023-04-17
• 5.9.0-reduce-contentful-mem-usage.36 - 2023-04-17
• 5.9.0-next.3 - 2023-04-06
• 5.9.0-next.2 - 2023-03-30
• 5.9.0-next.1 - 2023-03-28
• 5.9.0-next.0 - 2023-03-21
• 5.9.0-lmdb-remapchunks.41 - 2023-04-20
• 5.9.0-lmdb-remapchunks.40 - 2023-04-20
• 5.9.0-image-cdn-configurable.4 - 2023-04-11
• 5.9.0-alpha-cg-tailwind.23 - 2023-05-09
• 5.8.1 - 2023-03-29
• 5.8.0 - 2023-03-21
• 5.8.0-touchnodes-memdebug2.19 - 2023-03-23
• 5.8.0-touchnodes-memdebug2.17 - 2023-03-22
• 5.8.0-touchnodes-memdebug.17 - 2023-03-21
• 5.8.0-next.3 - 2023-03-14
• 5.8.0-next.2 - 2023-03-07
• 5.8.0-next.1 - 2023-02-22
• 5.8.0-next.0 - 2023-02-16
• 5.8.0-inference-memdebug.26 - 2023-03-23
• 5.8.0-inference-memdebug.22 - 2023-03-23
• 5.8.0-alpha-rspack.4 - 2023-03-10
• 5.8.0-alpha-react-profiling-env.8 - 2023-03-17
• 5.7.0 - 2023-02-21
• 5.7.0-next.1 - 2023-02-08
• 5.7.0-next.0 - 2023-02-03
• 5.6.1 - 2023-02-16
• 5.6.0 - 2023-02-07
• 5.6.0-next.2 - 2023-01-30
• 5.6.0-next.1 - 2023-01-26
• 5.6.0-next.0 - 2023-01-19
• 5.5.0 - 2023-01-24
• 5.5.0-next.1 - 2023-01-17
• 5.5.0-next.0 - 2023-01-05
• 5.5.0-alpha-initial-webhook-body.31 - 2023-01-16
• 5.5.0-alpha-initial-webhook-body.30 - 2023-01-16
• 5.4.2 - 2023-01-17
• 5.4.1 - 2023-01-13
• 5.4.0 - 2023-01-10
• 5.4.0-next.3 - 2023-01-04
• 5.4.0-next.2 - 2022-12-14
• 5.4.0-next.1 - 2022-12-14
• 5.4.0-next.0 - 2022-12-08
• 5.3.3 - 2022-12-20
• 5.3.2 - 2022-12-14
• 5.3.1 - 2022-12-14
• 5.3.0 - 2022-12-13
• 5.3.0-next.4 - 2022-12-07
• 5.3.0-next.3 - 2022-12-07
• 5.3.0-next.2 - 2022-12-06
• 5.3.0-next.1 - 2022-12-01
• 5.3.0-next.0 - 2022-11-25
• 5.2.0 - 2022-11-25
• 5.2.0-next.1 - 2022-11-23
• 5.2.0-next.0 - 2022-11-17
• 5.1.0 - 2022-11-22
• 5.1.0-next.0 - 2022-11-08
• 5.0.1 - 2022-11-10
• 5.0.0 - 2022-11-08

from gatsby GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Summary by Sourcery

Upgrade Gatsby from 5.0.0 to 5.14.1.

Bug Fixes:

• Fix multiple security vulnerabilities.

Enhancements:

• Upgrade Gatsby in the gatsby-starter-wordpress-blog starter.

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 7c5615b

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request upgrades the gatsby dependency from version 5.0.0 to 5.14.1. This upgrade includes multiple security fixes.

State diagram showing Gatsby version transition

stateDiagram-v2
    state "Gatsby 5.0.0" as v500
    state "Gatsby 5.14.1" as v5141

    [*] --> v500
    v500 --> v5141: Upgrade

    state v500 {
        state "Multiple Security
Vulnerabilities" as vulns
    }

    state v5141 {
        state "Security Issues Fixed" as fixed
        state "147 versions ahead" as versions
        state "Updated Dependencies" as deps
    }

Loading

File-Level Changes

Change	Details	Files
Upgraded gatsby dependency to address multiple vulnerabilities.	Updated gatsby version from 5.0.0 to 5.14.1 in package.json. Updated gatsby version in package-lock.json.	starters/gatsby-starter-wordpress-blog/package.json starters/gatsby-starter-wordpress-blog/package-lock.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!
• Generate a plan of action for an issue: Comment @sourcery-ai plan on
  an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!