[Snyk] Upgrade gatsby from 5.0.0 to 5.14.6

[X-oss-byte]

Snyk has created this PR to upgrade gatsby from 5.0.0 to 5.14.6.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 152 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Improper Link Resolution Before File Access ('Link Following') SNYK-JS-TARFS-10293725	435	No Known Exploit
	Symlink Attack SNYK-JS-TARFS-9535930	435	Mature
	Sandbox Bypass SNYK-JS-WEBPACK-3358798	435	Proof of Concept
	Path Traversal SNYK-JS-WEBPACKDEVMIDDLEWARE-6476555	435	Proof of Concept
	Denial of Service (DoS) SNYK-JS-WS-7266574	435	Proof of Concept
	Cross-site Request Forgery (CSRF) SNYK-JS-AXIOS-6032459	435	Proof of Concept
	Uncaught Exception SNYK-JS-MULTER-10185673	435	Proof of Concept
	Missing Release of Memory after Effective Lifetime SNYK-JS-MULTER-10185675	435	No Known Exploit
	Uncaught Exception SNYK-JS-MULTER-10773732	435	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	435	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	435	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	435	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	435	Proof of Concept
	Uncaught Exception SNYK-JS-SOCKETIO-7278048	435	No Known Exploit
	Denial of Service (DoS) SNYK-JS-SOCKETIOPARSER-5596892	435	No Known Exploit
	Asymmetric Resource Consumption (Amplification) SNYK-JS-BODYPARSER-7926860	435	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	435	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-CROSSSPAWN-8303230	435	Proof of Concept
	Denial of Service (DoS) SNYK-JS-ENGINEIO-3136336	435	No Known Exploit
	Improper Handling of Extra Parameters SNYK-JS-FOLLOWREDIRECTS-6141137	435	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-UAPARSERJS-3244450	435	Proof of Concept
	Cross-site Scripting (XSS) SNYK-JS-WEBPACK-7840298	435	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-AXIOS-6124857	435	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-9292519	435	Proof of Concept
	Server-side Request Forgery (SSRF) SNYK-JS-AXIOS-9403194	435	No Known Exploit
	Prototype Pollution SNYK-JS-JSON5-3182856	435	Proof of Concept
	Denial of Service (DoS) SNYK-JS-MSGPACKR-6140431	435	No Known Exploit
	Uncaught Exception SNYK-JS-MULTER-10299078	435	No Known Exploit
	Improper Input Validation SNYK-JS-NANOID-8492085	435	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-PATHTOREGEXP-7925106	435	Proof of Concept
	Improper Input Validation SNYK-JS-POSTCSS-5926692	435	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-SIDEWAYFORMULA-3317169	435	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELHELPERS-9397697	435	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELRUNTIME-10044504	435	Proof of Concept
	Regular Expression Denial of Service (ReDoS) SNYK-JS-BABELRUNTIMECOREJS3-9397696	435	Proof of Concept
	Insufficient Visual Distinction of Homoglyphs Presented to User SNYK-JS-BASEX-10118294	435	No Known Exploit
	Cross-site Scripting SNYK-JS-EXPRESS-7926867	435	No Known Exploit
	Information Exposure SNYK-JS-FOLLOWREDIRECTS-6444610	435	Proof of Concept
	Information Exposure SNYK-JS-GATSBY-5671647	435	Proof of Concept
	Information Exposure SNYK-JS-GATSBYCLI-5671903	435	Proof of Concept
	Denial of Service (DoS) SNYK-JS-GRAPHQL-5905181	435	Proof of Concept
	Prototype Pollution SNYK-JS-JSON5-3182856	435	Proof of Concept
	Cross-site Scripting SNYK-JS-SEND-7926862	435	No Known Exploit
	Cross-site Scripting SNYK-JS-SERVESTATIC-7926865	435	No Known Exploit
	Heap-based Buffer Overflow SNYK-JS-SHARP-5922108	435	Mature
	Incomplete List of Disallowed Inputs SNYK-JS-BABELTRAVERSE-5962462	435	Proof of Concept
	Open Redirect SNYK-JS-EXPRESS-6474509	435	No Known Exploit
	Predictable Value Range from Previous Values SNYK-JS-FORMDATA-10841150	435	Proof of Concept

Release notes

Package name: gatsby

• 5.14.6 - 2025-08-06
• 5.14.5 - 2025-06-20
• 5.14.4 - 2025-06-06
• 5.14.3 - 2025-04-09
• 5.14.2 - 2025-04-07
• 5.14.1 - 2024-12-20
• 5.14.0 - 2024-11-06
• 5.14.0-next.4 - 2024-02-20
• 5.14.0-next.3 - 2024-01-23
• 5.14.0-next.2 - 2024-01-05
• 5.14.0-next.1 - 2024-01-04
• 5.14.0-next.0 - 2023-12-15
• 5.14.0-ctf-next.0 - 2024-03-08
• 5.14.0-canary.7 - 2024-02-16
• 5.14.0-alpha-ssr-writestream.3 - 2024-01-25
• 5.14.0-alpha-monorepo-support.17 - 2024-06-04
• 5.14.0-alpha-headers-perf.16 - 2024-05-24
• 5.14.0-alpha-gatsby.9 - 2024-04-29
• 5.14.0-alpha-gatsby.6 - 2024-04-26
• 5.14.0-alpha-fix-ssr-linkfs.5 - 2023-12-21
• 5.14.0-alpha-fix-parcel-segfault.11 - 2024-01-02
• 5.13.7 - 2024-07-12
• 5.13.6 - 2024-05-29
• 5.13.5 - 2024-05-17
• 5.13.4 - 2024-04-10
• 5.13.3 - 2024-01-25
• 5.13.2 - 2024-01-23
• 5.13.1 - 2023-12-22
• 5.13.0 - 2023-12-18
• 5.13.0-next.3 - 2023-12-04
• 5.13.0-next.2 - 2023-11-16
• 5.13.0-next.1 - 2023-08-22
• 5.13.0-next.0 - 2023-07-25
• 5.13.0-alpha-fix-pnpm.21 - 2023-12-20
• 5.13.0-alpha-fix-pnpm.17 - 2023-12-15
• 5.13.0-alpha-fix-pnpm.16 - 2023-12-14
• 5.13.0-alpha-alt-image-cdn.38 - 2023-11-03
• 5.12.12 - 2023-12-07
• 5.12.11 - 2023-11-22
• 5.12.10 - 2023-11-21
• 5.12.9 - 2023-10-26
• 5.12.8 - 2023-10-20
• 5.12.7 - 2023-10-17
• 5.12.6 - 2023-10-09
• 5.12.5 - 2023-09-27
• 5.12.4 - 2023-09-05
• 5.12.3 - 2023-08-28
• 5.12.2 - 2023-08-28
• 5.12.1 - 2023-08-24
• 5.12.0 - 2023-08-24
• 5.12.0-next.1 - 2023-07-03
• 5.12.0-next.0 - 2023-06-15
• 5.11.1-canary-less-lmdb.0 - 2024-12-20
• 5.11.0 - 2023-06-15
• 5.11.0-touch-nodes-fix.4 - 2023-06-14
• 5.11.0-next.1 - 2023-06-05
• 5.11.0-next.0 - 2023-05-16
• 5.10.0 - 2023-05-16
• 5.10.0-next.4 - 2023-05-03
• 5.10.0-next.3 - 2023-04-27
• 5.10.0-next.2 - 2023-04-27
• 5.10.0-next.1 - 2023-04-19
• 5.10.0-next.0 - 2023-04-18
• 5.10.0-infer-block-less.13 - 2023-05-09
• 5.10.0-infer-block-less.12 - 2023-05-09
• 5.10.0-infer-block-less.11 - 2023-05-08
• 5.10.0-infer-block-less.8 - 2023-05-08
• 5.10.0-infer-block-less.7 - 2023-05-05
• 5.10.0-infer-block-less.6 - 2023-05-05
• 5.10.0-infer-block-less.5 - 2023-05-05
• 5.10.0-gatsby-gc.20 - 2023-05-16
• 5.10.0-gatsby-gc.19 - 2023-05-16
• 5.10.0-gatsby-gc.18 - 2023-05-16
• 5.10.0-gatsby-gc.17 - 2023-05-15
• 5.10.0-gatsby-gc.16 - 2023-05-15
• 5.10.0-gatsby-gc.15 - 2023-05-15
• 5.10.0-gatsby-gc.14 - 2023-05-15
• 5.10.0-alpha-adapters.165 - 2023-07-14
• 5.10.0-alpha-adapters.164 - 2023-07-13
• 5.10.0-alpha-adapters.159 - 2023-07-12
• 5.10.0-alpha-adapters.158 - 2023-07-12
• 5.10.0-alpha-adapters.156 - 2023-07-11
• 5.10.0-alpha-adapters.155 - 2023-07-11
• 5.10.0-alpha-adapters.153 - 2023-07-11
• 5.10.0-alpha-adapters.142 - 2023-07-04
• 5.10.0-alpha-adapters.141 - 2023-07-03
• 5.10.0-alpha-adapters.130 - 2023-06-30
• 5.10.0-alpha-adapters.96 - 2023-06-14
• 5.10.0-alpha-adapters.94 - 2023-06-14
• 5.10.0-alpha-adapters.89 - 2023-06-14
• 5.9.1 - 2023-05-09
• 5.9.0 - 2023-04-18
• 5.9.0-touch-nodes-optout.49 - 2023-04-12
• 5.9.0-reduce-contentful-mem-usage.39 - 2023-04-17
• 5.9.0-reduce-contentful-mem-usage.38 - 2023-04-17
• 5.9.0-reduce-contentful-mem-usage.36 - 2023-04-17
• 5.9.0-next.3 - 2023-04-06
• 5.9.0-next.2 - 2023-03-30
• 5.9.0-next.1 - 2023-03-28
• 5.9.0-next.0 - 2023-03-21
• 5.9.0-lmdb-remapchunks.41 - 2023-04-20
• 5.9.0-lmdb-remapchunks.40 - 2023-04-20
• 5.9.0-image-cdn-configurable.4 - 2023-04-11
• 5.9.0-alpha-cg-tailwind.23 - 2023-05-09
• 5.8.1 - 2023-03-29
• 5.8.0 - 2023-03-21
• 5.8.0-touchnodes-memdebug2.19 - 2023-03-23
• 5.8.0-touchnodes-memdebug2.17 - 2023-03-22
• 5.8.0-touchnodes-memdebug.17 - 2023-03-21
• 5.8.0-next.3 - 2023-03-14
• 5.8.0-next.2 - 2023-03-07
• 5.8.0-next.1 - 2023-02-22
• 5.8.0-next.0 - 2023-02-16
• 5.8.0-inference-memdebug.26 - 2023-03-23
• 5.8.0-inference-memdebug.22 - 2023-03-23
• 5.8.0-alpha-rspack.4 - 2023-03-10
• 5.8.0-alpha-react-profiling-env.8 - 2023-03-17
• 5.7.0 - 2023-02-21
• 5.7.0-next.1 - 2023-02-08
• 5.7.0-next.0 - 2023-02-03
• 5.6.1 - 2023-02-16
• 5.6.0 - 2023-02-07
• 5.6.0-next.2 - 2023-01-30
• 5.6.0-next.1 - 2023-01-26
• 5.6.0-next.0 - 2023-01-19
• 5.5.0 - 2023-01-24
• 5.5.0-next.1 - 2023-01-17
• 5.5.0-next.0 - 2023-01-05
• 5.5.0-alpha-initial-webhook-body.31 - 2023-01-16
• 5.5.0-alpha-initial-webhook-body.30 - 2023-01-16
• 5.4.2 - 2023-01-17
• 5.4.1 - 2023-01-13
• 5.4.0 - 2023-01-10
• 5.4.0-next.3 - 2023-01-04
• 5.4.0-next.2 - 2022-12-14
• 5.4.0-next.1 - 2022-12-14
• 5.4.0-next.0 - 2022-12-08
• 5.3.3 - 2022-12-20
• 5.3.2 - 2022-12-14
• 5.3.1 - 2022-12-14
• 5.3.0 - 2022-12-13
• 5.3.0-next.4 - 2022-12-07
• 5.3.0-next.3 - 2022-12-07
• 5.3.0-next.2 - 2022-12-06
• 5.3.0-next.1 - 2022-12-01
• 5.3.0-next.0 - 2022-11-25
• 5.2.0 - 2022-11-25
• 5.2.0-next.1 - 2022-11-23
• 5.2.0-next.0 - 2022-11-17
• 5.1.0 - 2022-11-22
• 5.1.0-next.0 - 2022-11-08
• 5.0.1 - 2022-11-10
• 5.0.0 - 2022-11-08

from gatsby GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 66ab0dc

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR