Bump form-data, gatsby, gatsby-mdx, gatsby-plugin-sharp, gatsby-remark-copy-linked-files and gatsby-transformer-sharp

[dependabot]

Bumps form-data to 2.5.6 and updates ancestor dependencies form-data, gatsby, gatsby-mdx, gatsby-plugin-sharp, gatsby-remark-copy-linked-files and gatsby-transformer-sharp. These dependencies need to be updated together.

Updates form-data from 2.3.2 to 2.5.6

Changelog

Sourced from form-data's changelog.

v2.5.6 - 2026-06-12

Commits

• [Fix] escape CR, LF, and " in field names and filenames b620316
• [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, tape 12be578
• [Dev Deps] update js-randomness-predictor 46cfd23
• [Tests] use safe-buffer so the header-injection test runs on node < 4 633044a
• [Deps] update hasown e3b96ee

v2.5.5 - 2025-07-18

Commits

• [meta] actually ensure the readme backup isn’t published 10626c0
• [Fix] use proper dependency 026abe5

v2.5.4 - 2025-07-17

Fixed

• [Fix] append: avoid a crash on nullish values [#577](https://github.com/form-data/form-data/issues/577)

Commits

• [eslint] update linting config 8bf2492
• [meta] add auto-changelog b5101ad
• [Tests] handle predict-v8-randomness failures in node < 17 and node > 23 0e93122
• [Fix] Switch to using crypto random for boundary values b88316c
• [Fix] validate boundary type in setBoundary() method 131ae5e
• [Tests] Switch to newer v8 prediction library; enable node 24 testing c97cfbe
• [Refactor] use hasown 97ac9c2
• [meta] remove local commit hooks be99d4e
• [Dev Deps] remove unused deps ddbc89b
• [meta] fix scripts to use prepublishOnly e351a97
• [Dev Deps] remove unused script 8f23366
• [Dev Deps] add missing peer dep 02ff026
• [meta] fix readme capitalization 2fd5f61

v2.5.3 - 2025-02-14

Merged

• [Fix] set Symbol.toStringTag when available [#573](https://github.com/form-data/form-data/issues/573)

Fixed

• [Fix] set Symbol.toStringTag when available (#573) [#396](https://github.com/form-data/form-data/issues/396)

Commits

... (truncated)

Commits

• c713349 v2.5.6
• 46cfd23 [Dev Deps] update js-randomness-predictor
• 633044a [Tests] use safe-buffer so the header-injection test runs on node < 4
• e3b96ee [Deps] update hasown
• 12be578 [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, tape
• b620316 [Fix] escape CR, LF, and " in field names and filenames
• 40de5a7 v2.5.5
• 026abe5 [Fix] use proper dependency
• 10626c0 [meta] actually ensure the readme backup isn’t published
• efe6c26 v2.5.4
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ljharb, a new releaser for form-data since your current version.

Install script changes

This version modifies prepublish script that runs during installation. Review the package contents before updating.

Updates gatsby from 2.0.2 to 2.32.13

Release notes

Sourced from gatsby's releases.

gatsby-source-wordpress@7.13.5 and 6 more...

2024-08-26

Updated packages

• gatsby-source-wordpress@7.13.5
• gatsby-remark-responsive-iframe@6.13.2
• gatsby-remark-prismjs@7.13.2
• gatsby-remark-images@7.13.2
• gatsby-remark-images@6.13.2
• gatsby-remark-graphviz@5.13.2
• gatsby-remark-copy-linked-files@6.13.2
• gatsby-plugin-offline@6.13.3

What's Changed

• fix: pin cheerio (#39066) by @​gatsbybot in gatsbyjs/gatsby#39069

See full release notes: gatsbyjs/gatsby#39070

v2.32 (February 2021 #1)

Welcome to gatsby@2.32.0 release (February 2021. 1)

Key highlights of this release:

• Stable API in beta image plugin
• Support for beta image plugin in Contentful
• Default sharp settings in beta image plugin
• Support for art direction in beta image plugin
• Performance improvements for larger sites (10000+ pages)

Also check out notable bugfixes.

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

v2.31 (January 2021 #2)

Welcome to gatsby@2.31.0 release (January 2021 #2)

Key highlights of this release:

• Performance improvements
• Support for Gatsby's fragments in GraphiQL
• Use Fast Refresh by default for React 17
• Important gatsby-plugin-image updates

Also check out notable bugfixes.

... (truncated)

Commits

• 5a654fa chore(release): Publish
• c8b9b7c fix(gatsby-telemetry): Read installedGatsbyVersion correctly for workspaces (...
• 08cc344 chore(release): Publish
• 9095266 fix(gatsby-plugin-netlify-cms): align mini-css-extract-plugin version (#31093)
• 83c26f8 chore(release): Publish
• 8d7c3a1 fix(gatsby-source-wordpress): schema customization errors (#30358) (#30650)
• 4ffcf78 fix(gatsby-source-contentful): Contentful page limit backoff (#30549) (#30618)
• fc61c88 feat(gatsby-source-contentful): Increase Contentful sync by up to 10x (#30422...
• b3315a0 fix(gatsby-source-contentful): Improve network error handling (#30257) (#30617)
• 0eac672 fix(gatsby): fix incorrect intersection of filtered results (#30594) (#30619)
• Additional commits viewable in compare view

Install script changes

This version adds postinstall script that runs during installation. Review the package contents before updating.

Updates gatsby-mdx from 0.1.4 to 0.6.3

Updates gatsby-plugin-sharp from 2.0.5 to 2.14.4

Release notes

Sourced from gatsby-plugin-sharp's releases.

gatsby-source-wordpress@7.13.5 and 6 more...

2024-08-26

Updated packages

• gatsby-source-wordpress@7.13.5
• gatsby-remark-responsive-iframe@6.13.2
• gatsby-remark-prismjs@7.13.2
• gatsby-remark-images@7.13.2
• gatsby-remark-images@6.13.2
• gatsby-remark-graphviz@5.13.2
• gatsby-remark-copy-linked-files@6.13.2
• gatsby-plugin-offline@6.13.3

What's Changed

• fix: pin cheerio (#39066) by @​gatsbybot in gatsbyjs/gatsby#39069

See full release notes: gatsbyjs/gatsby#39070

Changelog

Sourced from gatsby-plugin-sharp's changelog.

2.14.4 (2021-05-04)

Note: Version bump only for package gatsby-plugin-sharp

2.14.3 (2021-02-25)

Other Changes

• Update index.js #29758 #29761 (997985a)

2.14.2 (2021-02-24)

Bug Fixes

• Fix defaults handling Fix #29564 Fix #29589 (be9d9f9)

2.14.1 (2021-02-05)

Note: Version bump only for package gatsby-plugin-sharp

2.14.0 (2021-02-02)

🧾 Release notes

Features

• Add gatsbyImageData resolver #28236 #29095 #29162 fix #29163 #29067 #29137 (a823622)
• Add image plugin defaults #29147 (8b6bfa6)
• Add support for backgroundColor in sharp #29141 (eb2bede)

Bug Fixes

• make sure to pass the failOnError option to base64 generation #29254 #29290 (c68b5e6)
• Sanitize tmp filename #29246 (c0f1b5c)
• ignore incorrect duotone options #28999 (298eb31)

Chores

• update minor and patch for gatsby-plugin-sharp #28968 (17bb011)

2.13.4 (2021-01-29)

Note: Version bump only for package gatsby-plugin-sharp

2.13.3 (2021-01-28)

Note: Version bump only for package gatsby-plugin-sharp

2.13.2 (2021-01-26)

... (truncated)

Commits

• 5a654fa chore(release): Publish
• 65274d6 chore(release): Publish
• 997985a Update index.js (#29758) (#29761)
• 6fa14e4 chore(release): Publish
• be9d9f9 fix(gatsby-plugin-sharp): Fix defaults handling (#29564) (#29589)
• 1bbde7f chore(release): Publish
• 7797522 chore(release): Publish
• c68b5e6 fix(gatsby-plugin-sharp): make sure to pass the failOnError option to base64 ...
• c0f1b5c fix(gatsby-plugin-sharp): Sanitize tmp filename (#29246)
• a823622 feat(gatsby-source-contentful): Add gatsbyImageData resolver (#28236)
• Additional commits viewable in compare view

Updates gatsby-remark-copy-linked-files from 2.0.5 to 2.10.0

Release notes

Sourced from gatsby-remark-copy-linked-files's releases.

gatsby-source-wordpress@7.13.5 and 6 more...

2024-08-26

Updated packages

• gatsby-source-wordpress@7.13.5
• gatsby-remark-responsive-iframe@6.13.2
• gatsby-remark-prismjs@7.13.2
• gatsby-remark-images@7.13.2
• gatsby-remark-images@6.13.2
• gatsby-remark-graphviz@5.13.2
• gatsby-remark-copy-linked-files@6.13.2
• gatsby-plugin-offline@6.13.3

What's Changed

• fix: pin cheerio (#39066) by @​gatsbybot in gatsbyjs/gatsby#39069

See full release notes: gatsbyjs/gatsby#39070

Changelog

Sourced from gatsby-remark-copy-linked-files's changelog.

2.10.0 (2021-02-02)

🧾 Release notes

Note: Version bump only for package gatsby-remark-copy-linked-files

2.9.0 (2021-01-20)

🧾 Release notes

Bug Fixes

• update vulnerable packages, include React 17 in peerDeps #28545 (18b5f30)

2.8.0 (2021-01-06)

🧾 Release notes

Note: Version bump only for package gatsby-remark-copy-linked-files

2.7.0 (2020-12-15)

🧾 Release notes

Chores

• update dependency cross-env to ^7.0.3 #28505 (a819b9b)

2.6.0 (2020-12-02)

🧾 Release notes

Note: Version bump only for package gatsby-remark-copy-linked-files

2.5.0 (2020-11-20)

🧾 Release notes

Chores

• update babel monorepo #27528 (539dbb0)

2.4.0 (2020-11-12)

🧾 Release notes

Note: Version bump only for package gatsby-remark-copy-linked-files

... (truncated)

Commits

• 7797522 chore(release): Publish
• d4a8ad2 chore(release): Publish next pre-minor
• 18b5f30 fix(security): update vulnerable packages, include React 17 in peerDeps (#28545)
• 2059ead chore(release): Publish next pre-minor
• 9eb5031 chore(release): Publish next pre-minor
• a819b9b chore(deps): update dependency cross-env to ^7.0.3 (#28505)
• 443c8d0 chore(release): Publish next pre-minor
• fe83465 chore(release): Publish next pre-minor
• 539dbb0 chore(deps): update babel monorepo (#27528)
• 3ed71f9 chore(release): Publish pre-release
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by ascorbic, a new releaser for gatsby-remark-copy-linked-files since your current version.

Updates gatsby-transformer-sharp from 2.1.2 to 2.12.1

Release notes

Sourced from gatsby-transformer-sharp's releases.

gatsby-source-wordpress@7.13.5 and 6 more...

2024-08-26

Updated packages

• gatsby-source-wordpress@7.13.5
• gatsby-remark-responsive-iframe@6.13.2
• gatsby-remark-prismjs@7.13.2
• gatsby-remark-images@7.13.2
• gatsby-remark-images@6.13.2
• gatsby-remark-graphviz@5.13.2
• gatsby-remark-copy-linked-files@6.13.2
• gatsby-plugin-offline@6.13.3

What's Changed

• fix: pin cheerio (#39066) by @​gatsbybot in gatsbyjs/gatsby#39069

See full release notes: gatsbyjs/gatsby#39070

Changelog

Sourced from gatsby-transformer-sharp's changelog.

2.12.1 (2021-03-08)

Other Changes

• will git stop being weird #29897 #30005 (b576211)

2.12.0 (2021-02-02)

🧾 Release notes

Features

• Add image plugin defaults #29147 (8b6bfa6)
• Add support for backgroundColor in sharp #29141 (eb2bede)

Chores

• update minor and patch for gatsby-transformer-sharp #28969 (4cf7b43)

2.11.0 (2021-01-20)

🧾 Release notes

Features

• Change fullWidth to use breakpoints #29002 (9bcc12c)
• Add support for aspectRatio #28941 (ed19fa0)

Bug Fixes

• update vulnerable packages, include React 17 in peerDeps #28545 (18b5f30)
• PathPrefix isn't being passed/set for GatsbyImage fix #28845 (5874414)

Chores

• change fluid to fullWidth #28987 (381e13c)
• Update image API to remove maxWidth/maxHeight #28985 (a8c2f39)
• Fix all /packages links to /plugins Fix #28816 (200e307)
• Fix spelling Fix #28761 (b960334)

2.10.1 (2021-01-13)

Bug Fixes

• PathPrefix isn't being passed/set for GatsbyImage fix #28845 fix #28991 (c762050)

2.10.0 (2021-01-06)

🧾 Release notes

... (truncated)

Commits

• 37079ab chore(release): Publish
• b576211 will git stop being weird (#29897) (#30005)
• 7797522 chore(release): Publish
• 4cf7b43 chore(deps): update minor and patch for gatsby-transformer-sharp (#28969)
• 7ce988e chore(release): Publish next
• 8b6bfa6 feat(gatsby-plugin-sharp): Add image plugin defaults (#29147)
• eb2bede feat(gatsby-plugin-image): Add support for backgroundColor in sharp (#29141)
• d4a8ad2 chore(release): Publish next pre-minor
• 18b5f30 fix(security): update vulnerable packages, include React 17 in peerDeps (#28545)
• 9bcc12c feat(gatsby-plugin-image): Change fullWidth to use breakpoints (#29002)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	gatsby-link@​2.0.2 ⏵ 2.11.0			+5	-4
	gatsby-mdx@​0.1.4 ⏵ 0.6.3	+1		+26
	lodash@​4.17.11 ⏵ 4.18.1	+1	+75	+1
	prop-types@​15.6.2 ⏵ 15.8.1			+1
	query-string@​6.14.1
	gatsby-remark-copy-linked-files@​2.0.5 ⏵ 2.10.0	+1			+3
	gatsby-transformer-sharp@​2.1.3 ⏵ 2.12.1	+1		+17	-7
	gatsby-plugin-sharp@​2.0.5 ⏵ 2.14.4	-1
	gatsby@​2.0.12 ⏵ 2.32.13	-5

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		Critical CVE: Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/npm parse-url CVE: GHSA-j9fq-vwqv-2fm2 Server-Side Request Forgery (SSRF) in GitHub repository ionicabizau/parse-url (CRITICAL) Affected versions: < 8.1.0 Patched version: 8.1.0 From: ? → npm/gatsby-plugin-sharp@2.14.4 → npm/gatsby@2.32.13 → npm/parse-url@6.0.5 ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/parse-url@6.0.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm cheerio is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/gatsby-plugin-offline@2.0.5 → npm/gatsby-remark-copy-linked-files@2.10.0 → npm/gatsby-remark-images@2.0.3 → npm/cheerio@1.2.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/cheerio@1.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm clipboardy is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/gatsby@2.32.13 → npm/clipboardy@2.3.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/clipboardy@2.3.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm damerau-levenshtein is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/gatsby@2.32.13 → npm/damerau-levenshtein@1.0.8 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/damerau-levenshtein@1.0.8. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/gatsby-plugin-offline@2.0.5 → npm/gatsby-remark-copy-linked-files@2.10.0 → npm/gatsby-remark-images@2.0.3 → npm/entities@4.5.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@4.5.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm entities is 91.0% likely obfuscated Confidence: 0.91 Location: Package overview From: ? → npm/gatsby-plugin-offline@2.0.5 → npm/gatsby-remark-copy-linked-files@2.10.0 → npm/gatsby-remark-images@2.0.3 → npm/entities@6.0.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/entities@6.0.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm es-abstract is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/gatsby@2.32.13 → npm/es-abstract@1.24.2 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/es-abstract@1.24.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Protestware or unwanted behavior: npm es5-ext Note: The script attempts to run a local post-install script, which could potentially contain malicious code. The error handling suggests that it is designed to fail silently, which is a common tactic in malicious scripts. From: ? → npm/gatsby@2.32.13 → npm/es5-ext@0.10.64 ℹ Read more on: This package | This alert | What is protestware? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Consider that consuming this package may come along with functionality unrelated to its primary purpose. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/es5-ext@0.10.64. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm eslint-plugin-react is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/gatsby@2.32.13 → npm/eslint-plugin-react@7.37.5 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint-plugin-react@7.37.5. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm eslint is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/gatsby@2.32.13 → npm/eslint@6.8.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/eslint@6.8.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm highlight.js is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/gatsby@2.32.13 → npm/highlight.js@10.7.3 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/highlight.js@10.7.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm htmlparser2 is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/gatsby-plugin-offline@2.0.5 → npm/gatsby-remark-copy-linked-files@2.10.0 → npm/gatsby-remark-images@2.0.3 → npm/htmlparser2@10.1.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/htmlparser2@10.1.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm node-libs-browser is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/gatsby@2.32.13 → npm/node-libs-browser@2.2.1 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/node-libs-browser@2.2.1. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm probe-image-size is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/gatsby-plugin-sharp@2.14.4 → npm/gatsby-transformer-sharp@2.12.1 → npm/gatsby-remark-copy-linked-files@2.10.0 → npm/probe-image-size@6.0.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/probe-image-size@6.0.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm webpack-dev-middleware is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/gatsby@2.32.13 → npm/webpack-dev-middleware@3.7.3 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/webpack-dev-middleware@3.7.3. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		Obfuscated code: npm webpack is 90.0% likely obfuscated Confidence: 0.90 Location: Package overview From: ? → npm/gatsby@2.32.13 → npm/webpack@4.47.0 ℹ Read more on: This package | This alert | What is obfuscated code? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Packages should not obfuscate their code. Consider not using packages with obfuscated code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/webpack@4.47.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report