Skip to content

fix(deps): update dependency gatsby-source-wordpress to v4 [security] #59

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix(deps): update dependency gatsby-source-wordpress to v4 [security] #59

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link

@renovate renovate bot commented Aug 6, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
gatsby-source-wordpress (source) ^3.2.5 -> ^4.0.0 age confidence

GitHub Vulnerability Alerts

CVE-2021-32770

Impact

The gatsby-source-wordpress plugin prior to versions 4.0.8 and 5.9.2 leaks .htaccess HTTP Basic Authentication variables into the app.js bundle during build-time. Users who are not initializing basic authentication credentials in the gatsby-config.js are not affected.

Example affected gatsby-config.js:

      resolve: 'gatsby-source-wordpress',
        auth: {
          htaccess: {
            username: leaked_username
            password: leaked_password,
          },
        },

Patches

A patch has been introduced in [email protected] and [email protected] which mitigates the issue by filtering all variables specified in the auth: { } section. Users that depend on this functionality are advised to upgrade to the latest release of gatsby-source-wordpress, run gatsby clean followed by a gatsby build.

Workarounds

There is no known workaround at this time, other than manually editing the app.js file post-build.

For more information

Email us at [email protected]

Release Notes

gatsbyjs/gatsby (gatsby-source-wordpress)

v4.0.8

Compare Source

🧾 Release notes

Features
Bug Fixes
Chores
Other Changes
4.0.8 (2021-07-13)
Other Changes
  • run setGatsbyApiToState in onPreInit to delete auth options #​32339 (f49a976)
4.0.7 (2021-07-10)
Bug Fixes
4.0.6 (2021-04-07)
Bug Fixes
4.0.5 (2021-03-08)
Bug Fixes
4.0.4 (2021-03-01)
Bug Fixes
4.0.3 (2021-02-24)
Other Changes
4.0.2 (2021-02-24)

Note: Version bump only for package gatsby-source-wordpress

4.0.1 (2021-02-05)

Note: Version bump only for package gatsby-source-wordpress

v4.0.7

Compare Source

🧾 Release notes

Features
Bug Fixes
Chores
Other Changes
4.0.8 (2021-07-13)
Other Changes
  • run setGatsbyApiToState in onPreInit to delete auth options #​32339 (f49a976)
4.0.7 (2021-07-10)
Bug Fixes
4.0.6 (2021-04-07)
Bug Fixes
4.0.5 (2021-03-08)
Bug Fixes
4.0.4 (2021-03-01)
Bug Fixes
4.0.3 (2021-02-24)
Other Changes
4.0.2 (2021-02-24)

Note: Version bump only for package gatsby-source-wordpress

4.0.1 (2021-02-05)

Note: Version bump only for package gatsby-source-wordpress

v4.0.6

Compare Source

🧾 Release notes

Features
Bug Fixes
Chores
Other Changes
4.0.8 (2021-07-13)
Other Changes
  • run setGatsbyApiToState in onPreInit to delete auth options #​32339 (f49a976)
4.0.7 (2021-07-10)
Bug Fixes
4.0.6 (2021-04-07)
Bug Fixes
4.0.5 (2021-03-08)
Bug Fixes
4.0.4 (2021-03-01)
Bug Fixes
4.0.3 (2021-02-24)
Other Changes
4.0.2 (2021-02-24)

Note: Version bump only for package gatsby-source-wordpress

4.0.1 (2021-02-05)

Note: Version bump only for package gatsby-source-wordpress

v4.0.5

Compare Source

🧾 Release notes

Features
Bug Fixes
Chores
Other Changes
4.0.8 (2021-07-13)
Other Changes
  • run setGatsbyApiToState in onPreInit to delete auth options #​32339 (f49a976)
4.0.7 (2021-07-10)
Bug Fixes
4.0.6 (2021-04-07)
Bug Fixes
4.0.5 (2021-03-08)
Bug Fixes
4.0.4 (2021-03-01)
Bug Fixes
4.0.3 (2021-02-24)
Other Changes
4.0.2 (2021-02-24)

Note: Version bump only for package gatsby-source-wordpress

4.0.1 (2021-02-05)

Note: Version bump only for package gatsby-source-wordpress

v4.0.4

Compare Source

🧾 Release notes

Features
Bug Fixes
Chores
Other Changes
4.0.8 (2021-07-13)
Other Changes
  • run setGatsbyApiToState in onPreInit to delete auth options #​32339 (f49a976)
4.0.7 (2021-07-10)
Bug Fixes
4.0.6 (2021-04-07)
Bug Fixes
4.0.5 (2021-03-08)
Bug Fixes
4.0.4 (2021-03-01)
Bug Fixes
4.0.3 (2021-02-24)
Other Changes
4.0.2 (2021-02-24)

Note: Version bump only for package gatsby-source-wordpress

4.0.1 (2021-02-05)

Note: Version bump only for package gatsby-source-wordpress

v4.0.3

Compare Source

🧾 Release notes

Features
Bug Fixes
Chores
Other Changes
4.0.8 (2021-07-13)
Other Changes
  • run setGatsbyApiToState in onPreInit to delete auth options #​32339 (f49a976)
4.0.7 (2021-07-10)
Bug Fixes
4.0.6 (2021-04-07)
Bug Fixes
4.0.5 (2021-03-08)
Bug Fixes
4.0.4 (2021-03-01)
Bug Fixes
4.0.3 (2021-02-24)
Other Changes
4.0.2 (2021-02-24)

Note: Version bump only for package gatsby-source-wordpress

4.0.1 (2021-02-05)

Note: Version bump only for package gatsby-source-wordpress

v4.0.2

Compare Source

🧾 Release notes

Features

Configuration

📅 Schedule: Branch creation - "" in timezone Asia/Tokyo, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/npm-gatsby-source-wordpress-vulnerability branch from 819a163 to aa0d94d Compare August 10, 2025 14:57
@renovate renovate bot force-pushed the renovate/npm-gatsby-source-wordpress-vulnerability branch from aa0d94d to cd14f80 Compare August 19, 2025 13:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants