Skip to content

Bump the npm_and_yarn group across 2 directories with 35 updates#12

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-d19954b46c
Open

Bump the npm_and_yarn group across 2 directories with 35 updates#12
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/npm_and_yarn-d19954b46c

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github May 16, 2025

Bumps the npm_and_yarn group with 8 updates in the / directory:

Package From To
gatsby 2.23.1 4.25.7
gatsby-plugin-sharp 2.6.10 4.25.1
lodash 4.17.15 4.17.21
decode-uri-component 0.2.0 0.2.2
lodash-es 4.17.15 4.17.21
path-parse 1.0.6 1.0.7
tar-fs 2.1.0 2.1.2
tar 6.0.2 6.2.1

Bumps the npm_and_yarn group with 8 updates in the /plugins/gatsby-plugin-ghost-manifest directory:

Package From To
@babel/traverse 7.10.1 7.27.1
cross-spawn 7.0.1 7.0.6
decode-uri-component 0.2.0 0.2.2
fsevents 1.2.9 1.2.13
json5 2.1.3 2.2.3
minimatch 3.0.4 3.1.2
path-parse 1.0.6 1.0.7
sharp 0.25.3 0.32.6

Updates gatsby from 2.23.1 to 4.25.7

Release notes

Sourced from gatsby's releases.

gatsby-source-wordpress@7.13.5 and 6 more...

2024-08-26

Updated packages

  • gatsby-source-wordpress@7.13.5
  • gatsby-remark-responsive-iframe@6.13.2
  • gatsby-remark-prismjs@7.13.2
  • gatsby-remark-images@7.13.2
  • gatsby-remark-images@6.13.2
  • gatsby-remark-graphviz@5.13.2
  • gatsby-remark-copy-linked-files@6.13.2
  • gatsby-plugin-offline@6.13.3

What's Changed

See full release notes: gatsbyjs/gatsby#39070

v4.24

Welcome to gatsby@4.24.0 release (September 2022 #2)

Key highlights of this release:

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

v4.23

Welcome to gatsby@4.23.0 release (September 2022 #1)

Key highlights of this release:

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

v4.22

Welcome to gatsby@4.22.0 release (August 2022 #3)

Key highlights of this release:

... (truncated)

Commits
  • db5eb18 chore(release): Publish
  • fc22f4b fix(gatsby): don't serve codeframes for files outside of compilation (#38059)...
  • 8889bfe chore(release): Publish
  • d3d5fd0 fix(gatsby-source-wordpress): prevent inconsistent schema customization (#377...
  • 5bdef4a fix(gatsby): don't block event loop during inference (#37780) (#37801)
  • 50e3f94 chore(release): Publish
  • 3f8477d chore: Update get-unowned-packages script to use npm 9 syntax
  • dcf88ed fix(gatsby-plugin-sharp): don't serve static assets that are not result of cu...
  • 3be4a80 chore(release): Publish
  • 98c4d27 feat(gatsby): add initial webhook body env var to bootstrap context (#37478) ...
  • Additional commits viewable in compare view

Updates gatsby-plugin-sharp from 2.6.10 to 4.25.1

Release notes

Sourced from gatsby-plugin-sharp's releases.

gatsby-source-wordpress@7.13.5 and 6 more...

2024-08-26

Updated packages

  • gatsby-source-wordpress@7.13.5
  • gatsby-remark-responsive-iframe@6.13.2
  • gatsby-remark-prismjs@7.13.2
  • gatsby-remark-images@7.13.2
  • gatsby-remark-images@6.13.2
  • gatsby-remark-graphviz@5.13.2
  • gatsby-remark-copy-linked-files@6.13.2
  • gatsby-plugin-offline@6.13.3

What's Changed

See full release notes: gatsbyjs/gatsby#39070

v4.24

Welcome to gatsby@4.24.0 release (September 2022 #2)

Key highlights of this release:

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

v4.23

Welcome to gatsby@4.23.0 release (September 2022 #1)

Key highlights of this release:

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

v4.22

Welcome to gatsby@4.22.0 release (August 2022 #3)

Key highlights of this release:

... (truncated)

Changelog

Sourced from gatsby-plugin-sharp's changelog.

Changelog: gatsby-plugin-sharp

All notable changes to this project will be documented in this file. See Conventional Commits for commit guidelines.

5.14.0 (2024-11-06)

🧾 Release notes

Bug Fixes

  • update dependency fs-extra to ^11.2.0 #38727 (cb33fe5)
  • update dependency async to ^3.2.5 for gatsby-plugin-sharp #38721 (a30811a)

5.13.1 (2024-01-23)

Note: Version bump only for package gatsby-plugin-sharp

5.13.0 (2023-12-18)

🧾 Release notes

Chores

5.12.3 (2023-10-26)

Note: Version bump only for package gatsby-plugin-sharp

5.12.2 (2023-10-20)

Note: Version bump only for package gatsby-plugin-sharp

5.12.1 (2023-10-09)

Chores

5.12.0 (2023-08-24)

🧾 Release notes

Bug Fixes

5.11.0 (2023-06-15)

... (truncated)

Commits

Updates lodash from 4.17.15 to 4.17.21

Commits
  • f299b52 Bump to v4.17.21
  • c4847eb Improve performance of toNumber, trim and trimEnd on large input strings
  • 3469357 Prevent command injection through _.template's variable option
  • ded9bc6 Bump to v4.17.20.
  • 63150ef Documentation fixes.
  • 00f0f62 test.js: Remove trailing comma.
  • 846e434 Temporarily use a custom fork of lodash-cli.
  • 5d046f3 Re-enable Travis tests on 4.17 branch.
  • aa816b3 Remove /npm-package.
  • d7fbc52 Bump to v4.17.19
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by bnjmnt4n, a new releaser for lodash since your current version.


Updates @babel/traverse from 7.10.1 to 7.27.1

Release notes

Sourced from @​babel/traverse's releases.

v7.27.1 (2025-04-30)

Thanks @​kermanx and @​woaitsAryan for your first PRs!

👓 Spec Compliance

🐛 Bug Fix

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-traverse
  • babel-helper-wrap-function, babel-plugin-transform-async-to-generator
  • babel-helper-remap-async-to-generator, babel-plugin-transform-async-to-generator
  • babel-helper-fixtures, babel-parser
  • babel-generator, babel-parser
    • #17226 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 2) (@​JLHwung)
  • babel-parser
    • #17224 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 1) (@​JLHwung)
    • #17080 Fix start of TSParameterProperty (@​JLHwung)
  • babel-compat-data, babel-preset-env
  • babel-traverse
  • babel-generator

💅 Polish

  • babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-proposal-decorators, babel-plugin-transform-arrow-functions, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-traverse

🏠 Internal

  • babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-compat-data, babel-preset-env
  • babel-compat-data, babel-standalone
  • babel-register
  • babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-preset-env, babel-runtime-corejs3
  • All packages

... (truncated)

Changelog

Sourced from @​babel/traverse's changelog.

v7.27.1 (2025-04-30)

👓 Spec Compliance

🐛 Bug Fix

  • babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-traverse
  • babel-helper-wrap-function, babel-plugin-transform-async-to-generator
  • babel-helper-remap-async-to-generator, babel-plugin-transform-async-to-generator
  • babel-helper-fixtures, babel-parser
  • babel-generator, babel-parser
    • #17226 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 2) (@​JLHwung)
  • babel-parser
    • #17224 Fill optional AST properties when both estree and typescript parser plugin are enabled (Part 1) (@​JLHwung)
    • #17080 Fix start of TSParameterProperty (@​JLHwung)
  • babel-compat-data, babel-preset-env
  • babel-traverse
  • babel-generator

💅 Polish

  • babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-proposal-decorators, babel-plugin-transform-arrow-functions, babel-plugin-transform-class-properties, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-traverse

🏠 Internal

  • babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
  • babel-compat-data, babel-preset-env
  • babel-compat-data, babel-standalone
  • Other
  • babel-register
  • babel-cli, babel-compat-data, babel-core, babel-generator, babel-helper-compilation-targets, babel-helper-fixtures, babel-helper-module-imports, babel-helper-module-transforms, babel-helper-plugin-test-runner, babel-helper-transform-fixture-test-runner, babel-helpers, babel-node, babel-parser, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-modules-umd, babel-plugin-transform-react-display-name, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-preset-env, babel-register, babel-standalone, babel-types
  • babel-plugin-transform-regenerator

... (truncated)

Commits

Updates ansi-html from 0.0.7 to 0.0.9

Commits

Updates braces from 2.3.2 to 3.0.2

Changelog

Sourced from braces's changelog.

Release history

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

  • Changelogs are for humans, not machines.
  • There should be an entry for every single version.
  • The same types of changes should be grouped.
  • Versions and sections should be linkable.
  • The latest version comes first.
  • The release date of each versions is displayed.
  • Mention whether you follow Semantic Versioning.

Changelog entries are classified using the following labels (from keep-a-changelog):

  • Added for new features.
  • Changed for changes in existing functionality.
  • Deprecated for soon-to-be removed features.
  • Removed for now removed features.
  • Fixed for any bug fixes.
  • Security in case of vulnerabilities.

[3.0.0] - 2018-04-08

v3.0 is a complete refactor, resulting in a faster, smaller codebase, with fewer deps, and a more accurate parser and compiler.

Breaking Changes

  • The undocumented .makeRe method was removed
  • Require Node.js >= 8.3

Non-breaking changes

  • Caching was removed
Commits

Updates cross-fetch from 2.2.2 to 3.2.0

Release notes

Sourced from cross-fetch's releases.

v3.2.0

What's Changed

FEATURES

  • Upgraded node-fetch from 2.6.12 to 2.7.0. Please refer to node-fetch release notes for features and bug fixes.
  • Upgraded whatwg-fetch from 3.0.0 to 3.6.20. Please refer to whatwg-fetch release notes for features and bug fixes.

v3.1.8

What's Changed

  • Restored caret range to node-fetch version for automatic feature and fix updates.

Full Changelog: lquixada/cross-fetch@v3.1.7...v3.1.8

v3.1.7

What's Changed

  • Updated node-fetch version to 2.6.12

Full Changelog: lquixada/cross-fetch@v3.1.6...v3.1.7

v3.1.6

What's Changed

  • Updated node-fetch version to 2.6.11
  • Added caret range to node-fetch version for automatic feature and fix updates.

Full Changelog: lquixada/cross-fetch@v3.1.5...v3.1.6

v3.1.5

What's Changed

New Contributors

Full Changelog: lquixada/cross-fetch@v3.1.4...v3.1.5

v3.1.4

🐞 fixed typescript errors.

v3.1.3

🐞 fixed typescript compilation error causing #95, #101, #102.

v3.1.2

🐞 added missing Headers interface augmentation from lib.dom.iterable.d.ts (#97)

v3.1.1

🐞 fixed missing fetch api types from constructor signatures #96 (thanks @​jstewmon)

... (truncated)

Changelog

Sourced from cross-fetch's changelog.

3.2.0 (2024-12-21)

Features

Bug Fixes

3.1.8 (2023-07-02)

Bug Fixes

  • restored caret on node-fetch version (6669927)

3.1.7 (2023-07-01)

3.1.6 (2023-05-14)

Features

  • allowed minor and patch update of node-fetch (#132) (425395b), closes #129

Bug Fixes

  • fixed ESTree.StaticBlock error (a66f21b)
Commits
  • c6f6f83 chore(release): 3.2.0
  • d704d0a chore: fixed prepublishOnly script
  • 312d047 refactor: improved Makefile
  • d1f85aa refactor: improved Makefile (#199)
  • 1555cee refactor: improved make command reliability
  • fbbecc8 fix: updated whatwg-fetch to 3.6.20 (#198)
  • ebf44c3 feat: updated node-fetch to 2.7.0 (#191)
  • c8736f5 chore: changed default node version to 16
  • f34b605 chore: updated action/setup-node to v4 and hmarr/debug-action to v3
  • f991e47 chore: updated action/checkout and action/cache to v4
  • Additional commits viewable in compare view

Updates cross-spawn from 5.1.0 to 6.0.5

Changelog

Sourced from cross-spawn's changelog.

7.0.6 (2024-11-18)

Bug Fixes

  • update cross-spawn version to 7.0.5 in package-lock.json (f700743)

7.0.5 (2024-11-07)

Bug Fixes

  • fix escaping bug introduced by backtracking (640d391)

7.0.4 (2024-11-07)

Bug Fixes

7.0.3 (2020-05-25)

Bug Fixes

  • detect path key based on correct environment (#133) (159e7e9)

7.0.2 (2020-04-04)

Bug Fixes

  • fix worker threads in Node >=11.10.0 (#132) (6c5b4f0)
Commits
  • 77cd97f chore(release): 7.0.6
  • 6717de4 chore: upgrade standard-version
  • f700743 fix: update cross-spawn version to 7.0.5 in package-lock.json
  • 9a7e3b2 chore: fix build status badge
  • 0852683 chore(release): 7.0.5
  • 640d391 fix: fix escaping bug introduced by backtracking
  • bff0c87 chore: remove codecov
  • a7c6abc chore: replace travis with github workflows
  • 9b9246e chore(release): 7.0.4
  • 5ff3a07 fix: disable regexp backtracking (#160)
  • Additional commits viewable in compare view

Updates decode-uri-component from 0.2.0 to 0.2.2

Release notes

Sourced from decode-uri-component's releases.

v0.2.2

  • Prevent overwriting previously decoded tokens 980e0bf

SamVerschueren/decode-uri-component@v0.2.1...v0.2.2

v0.2.1

  • Switch to GitHub workflows 76abc93
  • Fix issue where decode throws - fixes #6 746ca5d
  • Update license (#1) 486d7e2
  • Tidelift tasks a650457
  • Meta tweaks 66e1c28

SamVerschueren/decode-uri-component@v0.2.0...v0.2.1

Commits

Updates devcert from 1.1.0 to 1.2.2

Release notes

Sourced from devcert's releases.

v1.1.1

Bug Fixes

#55: Fix remote execution vulnerability by switching from execSync to execFileSync

  • Change run() to use execFileSync
  • Refactor codebase to use new signature of run()
  • Add an extra sanitizing step: test arguments passed to certificateFor with a (fairly permissive) regular expression limiting them to legal domain name chars

⚠️ This is a mandatory update! ⚠️

This release fixes a security vulnerability in previous versions. Previous versions will be deprecated.

Changelog

Sourced from devcert's changelog.

Change Log

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

1.1.2

Bug Fixes

#56: localhost is not a valid domain name

Regular expression fixed in #57.

1.1.1

Bug Fixes

#55: Fix remote execution vulnerability by switching from execSync to execFileSync

  • Change run() to use execFileSync
  • Refactor codebase to use new signature of run()
  • Add an extra sanitizing step: test arguments passed to certificateFor with a (fairly permissive) regular expression limiting them to legal domain name chars

⚠️ This is a mandatory update! ⚠️

This release fixes a security vulnerability in previous versions. Previous versions will be deprecated.

Commits
Maintainer changes

This version was pushed to npm by jzetlen, a new releaser for devcert since your current version.


Updates engine.io from 3.4.1 to 6.2.1

Release notes

Sourced from engine.io's releases.

engine.io-parser@5.2.3

Bug Fixes

  • do not expose the TransformStream type (f9cb983)
Commits

Updates flat from 4.1.0 to 5.0.2

Commits
  • e5ffd66 Release 5.0.2
  • fdb79d5 Update dependencies, refresh lockfile, format with standard.
  • e52185d Test against node 14 in CI.
  • 0189cb1 Avoid arrow function syntax.
  • f25d3a1 Release 5.0.1
  • 54cc7ad use standard formatting
  • 779816e drop dependencies
  • 2eea6d3 Bump lodash from 4.17.15 to 4.17.19
  • a61a554 Bump acorn from 7.1.0 to 7.4.0
  • 20ef0ef Fix prototype pollution on unflatten
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by timoxley, a new releaser for flat since your current version.


Updates fsevents from 1.2.13 to 2.1.3

Release notes

Sourced from fsevents's releases.

Release v1.2.13

Only build on Mac-OSX

Release v1.2.11

Removing node-pre-gyp so that building fsevents becomes easier and enabled without the download of binaries.

The credentials to the AWS store have been lost. Releasing to AWS is both insecure and no longer possible due to the lost credentials.

Intermediate Release

No release notes provided.

Commits

Updates got from 7.1.0 to 9.6.0

Release notes

Sourced from got's releases.

v9.6.0

  • Add init hook (#683) 677d0a4
  • Add beforeError hook (#696) 29ffb44

sindresorhus/got@v9.5.1...v9.6.0

v9.5.1

  • Fix memory leak when using socket timeout and keepalive agent (#694) 203dadc
  • Fix strange timing data for HTTP requests d136e61
  • Correctly preserve original status code when returning cached responses d136e61

sindresorhus/got@v9.5.0...v9.5.1

v9.5.0

  • Remove error thrown for URLs with auth component (#676) 5d20a43
  • Upgrade dependencies a1eadfe

sindresorhus/got@v9.4.0...v9.5.0

v9.4.0

  • Add ability to specify which network error codes to retry on. 9f3a099
  • Add Got options onto responses and errors. 33b838f
  • Correctly clear socket timeout on error. c8e358f

sindresorhus/got@v9.3.2...v9.4.0

v9.3.2

sindresorhus/got@v9.3.1...v9.3.2

v9.3.1

  • Don't override headers defined in the url argument when it's an object. 191e00a
  • Don't set content-length header when upload body size is null. 311b184

sindresorhus/got@v9.3.0...v9.3.1

v9.3.0

  • Add option to allow defaults to be mutable. b392f60
  • Add beforeRedirect, beforeRetry, and afterResponse hooks. 325409c
  • Retry on a few more errors. fbaaa2a
  • Include body property in HTTPError. fdc0fa6
  • Transform user set headers to lowercase. a07b2be
  • Support Electron renderer timings. 25f18be

sindresorhus/got@v9.2.0...v9.3.0

v9.2.2

  • Gracefully handle invalid Location redirect URLs. (#605) 7ae6939

... (truncated)

Commits
  • a45e071 9.6.0
  • 29ffb44 Add beforeError hook (#696)
  • 677d0a4 Add init hook (#683)
  • Description has been truncated

    Summary by Sourcery

    Upgrade project dependencies in both the root and gatsby-plugin-ghost-manifest plugin and refresh lockfiles

    Chores:

    • Update root dependencies, including gatsby from 2.23.1 to 4.25.7 and gatsby-plugin-sharp from 2.6.10 to 4.25.1
    • Upgrade various root utility libraries (lodash, lodash-es, decode-uri-component, path-parse, tar-fs, tar) to their latest patch versions
    • Bump gatsby-plugin-ghost-manifest dependencies (@babel/traverse, cross-spawn, decode-uri-component, fsevents, json5, minimatch, path-parse, sharp) to current releases
    • Regenerate yarn.lock files in both root and plugin directories to lock updated versions

Bumps the npm_and_yarn group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [gatsby](https://github.com/gatsbyjs/gatsby) | `2.23.1` | `4.25.7` |
| [gatsby-plugin-sharp](https://github.com/gatsbyjs/gatsby/tree/HEAD/packages/gatsby-plugin-sharp) | `2.6.10` | `4.25.1` |
| [lodash](https://github.com/lodash/lodash) | `4.17.15` | `4.17.21` |
| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |
| [lodash-es](https://github.com/lodash/lodash) | `4.17.15` | `4.17.21` |
| [path-parse](https://github.com/jbgutierrez/path-parse) | `1.0.6` | `1.0.7` |
| [tar-fs](https://github.com/mafintosh/tar-fs) | `2.1.0` | `2.1.2` |
| [tar](https://github.com/isaacs/node-tar) | `6.0.2` | `6.2.1` |

Bumps the npm_and_yarn group with 8 updates in the /plugins/gatsby-plugin-ghost-manifest directory:

| Package | From | To |
| --- | --- | --- |
| [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.10.1` | `7.27.1` |
| [cross-spawn](https://github.com/moxystudio/node-cross-spawn) | `7.0.1` | `7.0.6` |
| [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) | `0.2.0` | `0.2.2` |
| [fsevents](https://github.com/fsevents/fsevents) | `1.2.9` | `1.2.13` |
| [json5](https://github.com/json5/json5) | `2.1.3` | `2.2.3` |
| [minimatch](https://github.com/isaacs/minimatch) | `3.0.4` | `3.1.2` |
| [path-parse](https://github.com/jbgutierrez/path-parse) | `1.0.6` | `1.0.7` |
| [sharp](https://github.com/lovell/sharp) | `0.25.3` | `0.32.6` |



Updates `gatsby` from 2.23.1 to 4.25.7
- [Release notes](https://github.com/gatsbyjs/gatsby/releases)
- [Changelog](https://github.com/gatsbyjs/gatsby/blob/master/CHANGELOG.md)
- [Commits](https://github.com/gatsbyjs/gatsby/compare/gatsby@2.23.1...gatsby@4.25.7)

Updates `gatsby-plugin-sharp` from 2.6.10 to 4.25.1
- [Release notes](https://github.com/gatsbyjs/gatsby/releases)
- [Changelog](https://github.com/gatsbyjs/gatsby/blob/master/packages/gatsby-plugin-sharp/CHANGELOG.md)
- [Commits](https://github.com/gatsbyjs/gatsby/commits/gatsby-plugin-sharp@4.25.1/packages/gatsby-plugin-sharp)

Updates `lodash` from 4.17.15 to 4.17.21
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.15...4.17.21)

Updates `@babel/traverse` from 7.10.1 to 7.27.1
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.27.1/packages/babel-traverse)

Updates `ansi-html` from 0.0.7 to 0.0.9
- [Commits](https://github.com/Tjatse/ansi-html/commits)

Updates `braces` from 2.3.2 to 3.0.2
- [Changelog](https://github.com/micromatch/braces/blob/master/CHANGELOG.md)
- [Commits](https://github.com/micromatch/braces/commits/3.0.2)

Updates `cross-fetch` from 2.2.2 to 3.2.0
- [Release notes](https://github.com/lquixada/cross-fetch/releases)
- [Changelog](https://github.com/lquixada/cross-fetch/blob/v3.2.0/CHANGELOG.md)
- [Commits](lquixada/cross-fetch@v2.2.2...v3.2.0)

Updates `cross-spawn` from 5.1.0 to 6.0.5
- [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md)
- [Commits](moxystudio/node-cross-spawn@v7.0.1...v7.0.6)

Updates `decode-uri-component` from 0.2.0 to 0.2.2
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases)
- [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2)

Updates `devcert` from 1.1.0 to 1.2.2
- [Release notes](https://github.com/davewasmer/devcert/releases)
- [Changelog](https://github.com/davewasmer/devcert/blob/master/CHANGELOG.md)
- [Commits](davewasmer/devcert@v1.1.0...v1.2.2)

Updates `engine.io` from 3.4.1 to 6.2.1
- [Release notes](https://github.com/socketio/socket.io/releases)
- [Changelog](https://github.com/socketio/socket.io/blob/main/CHANGELOG.md)
- [Commits](https://github.com/socketio/socket.io/commits)

Updates `flat` from 4.1.0 to 5.0.2
- [Release notes](https://github.com/hughsk/flat/releases)
- [Commits](hughsk/flat@4.1.0...5.0.2)

Updates `fsevents` from 1.2.13 to 2.1.3
- [Release notes](https://github.com/fsevents/fsevents/releases)
- [Commits](fsevents/fsevents@v1.2.9...v1.2.13)

Updates `got` from 7.1.0 to 9.6.0
- [Release notes](https://github.com/sindresorhus/got/releases)
- [Commits](sindresorhus/got@v7.1.0...v9.6.0)

Updates `http-cache-semantics` from 3.8.1 to 4.1.0
- [Commits](kornelski/http-cache-semantics@v3.8.1...v4.1.0)

Updates `json5` from 1.0.1 to 1.0.2
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v2.1.3...v2.2.3)

Updates `loader-utils` from 1.4.0 to 2.0.4
- [Release notes](https://github.com/webpack/loader-utils/releases)
- [Changelog](https://github.com/webpack/loader-utils/blob/v2.0.4/CHANGELOG.md)
- [Commits](webpack/loader-utils@v1.4.0...v2.0.4)

Updates `lodash-es` from 4.17.15 to 4.17.21
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.15...4.17.21)

Updates `micromatch` from 3.1.10 to 4.0.8
- [Release notes](https://github.com/micromatch/micromatch/releases)
- [Changelog](https://github.com/micromatch/micromatch/blob/master/CHANGELOG.md)
- [Commits](micromatch/micromatch@3.1.10...4.0.8)

Updates `minimatch` from 3.0.3 to 3.0.4
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.0.4...v3.1.2)

Updates `minimist` from 0.2.1 to 1.2.5
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](minimistjs/minimist@v0.2.1...v1.2.5)

Updates `node-fetch` from 1.7.3 to 2.7.0
- [Release notes](https://github.com/node-fetch/node-fetch/releases)
- [Commits](node-fetch/node-fetch@1.7.3...v2.7.0)

Updates `parse-path` from 4.0.1 to 7.1.0
- [Release notes](https://github.com/IonicaBizau/parse-path/releases)
- [Commits](IonicaBizau/parse-path@4.0.1...7.1.0)

Updates `parse-url` from 5.0.1 to 8.1.0
- [Release notes](https://github.com/IonicaBizau/parse-url/releases)
- [Commits](IonicaBizau/parse-url@5.0.1...8.1.0)

Updates `path-parse` from 1.0.6 to 1.0.7
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

Updates `postcss` from 6.0.23 to 8.5.3
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@6.0.23...8.5.3)

Updates `shell-quote` from 1.6.1 to 1.8.2
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.6.1...v1.8.2)

Updates `socket.io-parser` from 3.3.0 to 4.2.4
- [Release notes](https://github.com/Automattic/socket.io-parser/releases)
- [Changelog](https://github.com/socketio/socket.io-parser/blob/4.2.4/CHANGELOG.md)
- [Commits](socketio/socket.io-parser@3.3.0...4.2.4)

Updates `tar-fs` from 2.1.0 to 2.1.2
- [Commits](mafintosh/tar-fs@v2.1.0...v2.1.2)

Updates `tar` from 6.0.2 to 6.2.1
- [Release notes](https://github.com/isaacs/node-tar/releases)
- [Changelog](https://github.com/isaacs/node-tar/blob/main/CHANGELOG.md)
- [Commits](isaacs/node-tar@v6.0.2...v6.2.1)

Updates `terser` from 4.7.0 to 5.39.2
- [Changelog](https://github.com/terser/terser/blob/master/CHANGELOG.md)
- [Commits](terser/terser@v4.7.0...v5.39.2)

Updates `ua-parser-js` from 0.7.21 to 1.0.40
- [Release notes](https://github.com/faisalman/ua-parser-js/releases)
- [Changelog](https://github.com/faisalman/ua-parser-js/blob/master/CHANGELOG.md)
- [Commits](faisalman/ua-parser-js@0.7.21...1.0.40)

Updates `ws` from 5.2.2 to 8.2.3
- [Release notes](https://github.com/websockets/ws/releases)
- [Commits](websockets/ws@5.2.2...8.2.3)

Updates `@babel/traverse` from 7.10.1 to 7.27.1
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/commits/v7.27.1/packages/babel-traverse)

Updates `cross-spawn` from 7.0.1 to 7.0.6
- [Changelog](https://github.com/moxystudio/node-cross-spawn/blob/master/CHANGELOG.md)
- [Commits](moxystudio/node-cross-spawn@v7.0.1...v7.0.6)

Updates `decode-uri-component` from 0.2.0 to 0.2.2
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases)
- [Commits](SamVerschueren/decode-uri-component@v0.2.0...v0.2.2)

Updates `fsevents` from 1.2.9 to 1.2.13
- [Release notes](https://github.com/fsevents/fsevents/releases)
- [Commits](fsevents/fsevents@v1.2.9...v1.2.13)

Updates `json5` from 2.1.3 to 2.2.3
- [Release notes](https://github.com/json5/json5/releases)
- [Changelog](https://github.com/json5/json5/blob/main/CHANGELOG.md)
- [Commits](json5/json5@v2.1.3...v2.2.3)

Updates `minimatch` from 3.0.4 to 3.1.2
- [Changelog](https://github.com/isaacs/minimatch/blob/main/changelog.md)
- [Commits](isaacs/minimatch@v3.0.4...v3.1.2)

Updates `path-parse` from 1.0.6 to 1.0.7
- [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7)

Updates `sharp` from 0.25.3 to 0.32.6
- [Release notes](https://github.com/lovell/sharp/releases)
- [Changelog](https://github.com/lovell/sharp/blob/v0.32.6/docs/changelog.md)
- [Commits](lovell/sharp@v0.25.3...v0.32.6)

Updates `simple-get` from 3.1.0 to 4.0.1
- [Commits](feross/simple-get@v3.1.0...v4.0.1)

---
updated-dependencies:
- dependency-name: gatsby
  dependency-version: 4.25.7
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: gatsby-plugin-sharp
  dependency-version: 4.25.1
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.17.21
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: "@babel/traverse"
  dependency-version: 7.27.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ansi-html
  dependency-version: 0.0.9
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: braces
  dependency-version: 3.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cross-fetch
  dependency-version: 3.2.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cross-spawn
  dependency-version: 6.0.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: decode-uri-component
  dependency-version: 0.2.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: devcert
  dependency-version: 1.2.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: engine.io
  dependency-version: 6.2.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: flat
  dependency-version: 5.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fsevents
  dependency-version: 2.1.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: got
  dependency-version: 9.6.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: http-cache-semantics
  dependency-version: 4.1.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: json5
  dependency-version: 1.0.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: loader-utils
  dependency-version: 2.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash-es
  dependency-version: 4.17.21
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: micromatch
  dependency-version: 4.0.8
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.0.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimist
  dependency-version: 1.2.5
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: node-fetch
  dependency-version: 2.7.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: parse-path
  dependency-version: 7.1.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: parse-url
  dependency-version: 8.1.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-parse
  dependency-version: 1.0.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: postcss
  dependency-version: 8.5.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: shell-quote
  dependency-version: 1.8.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: socket.io-parser
  dependency-version: 4.2.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar-fs
  dependency-version: 2.1.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: tar
  dependency-version: 6.2.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: terser
  dependency-version: 5.39.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ua-parser-js
  dependency-version: 1.0.40
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: ws
  dependency-version: 8.2.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@babel/traverse"
  dependency-version: 7.27.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: cross-spawn
  dependency-version: 7.0.6
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: decode-uri-component
  dependency-version: 0.2.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: fsevents
  dependency-version: 1.2.13
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: json5
  dependency-version: 2.2.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: minimatch
  dependency-version: 3.1.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: path-parse
  dependency-version: 1.0.7
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: sharp
  dependency-version: 0.32.6
  dependency-type: direct:production
  dependency-group: npm_and_yarn
- dependency-name: simple-get
  dependency-version: 4.0.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels May 16, 2025
@sourcery-ai
Copy link

sourcery-ai bot commented May 16, 2025

Reviewer's Guide

This PR systematically bumps dependency versions in both the root project and the gatsby-plugin-ghost-manifest plugin, updating package manifests and regenerating lockfiles to align with the new releases.

File-Level Changes

Change Details Files
Bump core project dependencies
  • Upgrade Gatsby core and related plugins to v4.x
  • Update utility libraries (lodash, decode-uri-component, path-parse, tar-fs, tar)
  • Refresh image processing dependencies (gatsby-plugin-sharp)
  • Regenerate root yarn.lock
package.json
yarn.lock
Bump plugin-specific dependencies
  • Upgrade Babel traverse and cross-spawn
  • Update manifest generation libs (sharp, fsevents, json5, minimatch, decode-uri-component, path-parse)
  • Refresh plugin yarn.lock
plugins/gatsby-plugin-ghost-manifest/package.json
plugins/gatsby-plugin-ghost-manifest/yarn.lock

Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it. You can also reply to a
    review comment with @sourcery-ai issue to create an issue from it.
  • Generate a pull request title: Write @sourcery-ai anywhere in the pull
    request title to generate a title at any time. You can also comment
    @sourcery-ai title on the pull request to (re-)generate the title at any time.
  • Generate a pull request summary: Write @sourcery-ai summary anywhere in
    the pull request body to generate a PR summary at any time exactly where you
    want it. You can also comment @sourcery-ai summary on the pull request to
    (re-)generate the summary at any time.
  • Generate reviewer's guide: Comment @sourcery-ai guide on the pull
    request to (re-)generate the reviewer's guide at any time.
  • Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
    pull request to resolve all Sourcery comments. Useful if you've already
    addressed all the comments and don't want to see them anymore.
  • Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
    request to dismiss all existing Sourcery reviews. Especially useful if you
    want to start fresh with a new review - don't forget to comment
    @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants

Comments