[Snyk] Fix for 1 vulnerabilities

[kaocher82]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json

⚠️ Warning

Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	768/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5	Prototype Pollution SNYK-JS-LODASH-6139239	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: gatsby

The new version differs by 250 commits.

• f1d3f7b chore(release): Publish
• 6e6ea56 chore(release): Publish rc
• df50ce7 fix(gatsby): Add dir=ltr to Fast Refresh overlay (#29900) (#29908)
• 83adec5 chore(docs): update readme (#29837) (#29909)
• b2628da will git stop being weird (#29897) (#29907)
• c98c87f chore(release): Publish rc
• c8bf571 fix(gatsby-source-wordpress): image fixes (#29813) (#29886)
• 85bb8ea fix(gatsby-plugin-image): Update peerdeps (#29880) (#29888)
• c266b83 fix(gatsby): Remove `react-hot-loader` deps & other unused deps (#29864) (#29876)
• 222ca3f fix(gatsby): with some custom babel configs array spreading with Set is not safe (#29885) (#29889)
• ea31900 chore(release): Publish rc
• f070422 fix(gatsby): Fix various small DEV_SSR bugs exposed in development_runtime tests (#29720) (#29866)
• cb3b1ca chore: update peerdeps to latest major versions (#29857) (#29867)
• 8639f7b fix(create-gatsby): Use legacy peer deps (#29856) (#29862)
• fdc1fe2 fix(gatsby): fix some css HMR edge cases (#29839) (#29865)
• e8a7e3b fix(gatsby-plugin-preact): fix fast-refresh (#29831) (#29860)
• e7453c3 fix(gatsby): Improve Fast Refresh overlay styles (#29855) (#29861)
• 76f4f96 chore: upgrade postcss & plugins (#29793)
• de6cba6 chore(release): Publish rc
• aafe584 fix: query on demand loading indicator always active on preact. (#29829) (#29836)
• 34f5b8c fix(hmr): accept hot updates for modules above page templates (#29752) (#29835)
• b8d21f8 fix(gatsby): workaround graphql-compose issue (#29822) (#29834)
• 32fee71 fix(gatsby): eslint linting (#29796) (#29814)
• bca7951 fix(gatsby-source-wordpress): HTML image regex's (#29778) (#29816)

See the full diff

Package name: gatsby-plugin-netlify-cms

The new version differs by 250 commits.

• 7efd49e chore(release): Publish
• 6b6eeb7 chore(gatsby-plugin-netlify-cms): add deprecation notice (#38753) (#38754)
• 8919f51 chore(release): Publish
• bba81d6 chore: update gatsby-adapter-netlify version manifest (#38745) (#38746)
• 04030d1 chore(release): Publish
• 3380c59 fix(gatsby-source-contentful): don't apply parent node links to child nodes (#38728) (#38730)
• 4d78fba chore(release): Publish
• f713e59 fix: re-install lmdb when detecting the absence of @ LMDB prebuilt packages (#38691) (#38707)
• c5ec678 chore(release): Publish
• 1090558 feat(gatsby,gatsby-adapter-netlify): support pathPrefix and trailingSlash options (#38666) (#38701)
• 3ce63a4 chore(release): Publish
• 8ae5702 fix(gatsby-adapter-netlify): adapter use headerRoutes (#38652) (#38674)
• 8ae8281 chore(release): Publish
• c43080f fix: respect 'force' and 'conditions' properties on redirects (#38657) (#38664)
• 4bf84f0 test(adapters-e2e): deploy to platform instead of ntl serve (#38643) (#38662)
• 67c8832 test: bump node version for pnp tests (#38656) (#38663)
• 6869562 fix(gatsby): Adapter header rules (#38644) (#38661)
• 4a76878 chore: added logging for cache handling (#38654) (#38660)
• 470d182 chore(release): Publish
• 02e925a fix(gatsby): support multiple instances of same variable in gatsbyImage placeholderUrl (#38626) (#38647)
• 8302bc8 fix(gatsby): don't force leading slash for external paths in routes manifest (#38639) (#38646)
• 39d2fd8 chore(release): Publish
• acb8799 fix(gatsby): open lmdb instances in writeable locations in generated ssr/dsg function (#38631) (#38638)
• 1e8748c chore(release): Publish

See the full diff

Package name: mirador

The new version differs by 221 commits.

• 8612748 Bump to v3.0.0 and add description
• cb3d709 Ensure metadata is available before calling length on it
• 62a0e00 Move rendering of show collection modal to allow when a manifest is selected
• a11ea77 Remove topranges from multi sequence selection fixes #3335 (#3337)
• 67b1d04 Adds setting to remove ThumbnailNavigation from WindowTopMenu fixes #3312 (#3338)
• 4fa9615 Update the readme w/ new badge + instructions (#3339)
• b1cba4d Remove RootRef and fix scrolling entire page
• 152afd2 Use GitHub actions for CI
• fb5cce4 Merge pull request #3332 from regisrob/patch-2
• 97cddf2 Update french translations
• d61b13a Move sequence canvas update to a saga
• 4f992ec id is not a used prop on MenuItem
• 3442f23 Make the sequence select an uncontrolled component
• f7a1fee Merge pull request #3304 from MImranAsghar/multi-seqs-display
• 0b658ff Make flaky annotation tests a little bit more resiliant on CI
• a464aa8 Fixup some react key warning behavior
• 33c63ac Add multipleSequences.json
• 87e1e4f Update travis badge
• adc074d Fix seq integration test name
• 903a1df Add integration test for multi-seq dropdown
• 24b1924 Remove manifestId from window blank.html
• c0b18c1 Fix multiseq disp issues after adding to master
• dd8c171 poke sequences through the ui
• 06c79c3 Update some eslint fixes

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution