chore(deps): update non-major

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@sanity/image-url (source)	^1.0.2 -> ^1.1.0					dependencies	minor
@sanity/mutator (source)	^2.33.2 -> ^2.36.6					dependencies	minor
@sanity/semantic-release-preset (source)	^4.1.1 -> ^4.1.8					devDependencies	patch
@types/debug (source)	^4.1.7 -> ^4.1.12					devDependencies	patch
@types/jest (source)	^29.4.0 -> ^29.5.14					devDependencies	patch
@types/lodash (source)	^4.14.191 -> ^4.17.17					devDependencies	minor
@types/react-dom (source)	^18.0.10 -> ^18.3.7					devDependencies	minor
@types/split2 (source)	^4.0.0 -> ^4.2.3					devDependencies	patch
@types/through2 (source)	^2.0.38 -> ^2.0.41					devDependencies	patch
@types/url-parse (source)	^1.4.8 -> ^1.4.11					dependencies	patch
EndBug/add-and-commit	1bad3ab -> a94899b					action	digest
actions/checkout	3df4ab1 -> 11bd719					action	digest
axios (source)	^0.27.2 -> ^0.30.0					dependencies	minor
debug	^4.3.4 -> ^4.4.1					dependencies	minor
eslint-config-prettier	^8.6.0 -> ^8.10.0					devDependencies	patch
gatsby (source, changelog)	^5.5.0 -> ^5.14.3					devDependencies	minor
gatsby-core-utils (source)	^4.5.0 -> ^4.14.0					dependencies	minor
gatsby-plugin-image (source)	^3.5.0 -> ^3.14.0					devDependencies	minor
gatsby-plugin-utils (source)	^4.5.0 -> ^4.14.0					dependencies	minor
jest (source)	^29.4.1 -> ^29.7.0					devDependencies	patch
oneline	^1.0.3 -> ^1.0.4					dependencies	patch
prettier (source)	^2.8.3 -> ^2.8.8					devDependencies	patch
prettier-plugin-packagejson	^2.4.2 -> ^2.5.14					devDependencies	minor
prettier-plugin-tailwindcss	^0.4.0 -> ^0.6.11					devDependencies	minor
react (source)	^18.2.0 -> ^18.3.1					devDependencies	minor
semantic-release	^21.1.1 -> ^21.1.2					devDependencies	patch
ts-jest (source)	^29.0.5 -> ^29.3.4					devDependencies	minor
typescript (source)	^5.0.0 -> ^5.8.3					devDependencies	minor

---

Release Notes

sanity-io/image-url (@​sanity/image-url)

v1.1.0

Compare Source

Changes

• Add new frame() method
• Add new vanityName() method (thanks @​Isissss!)
• Allow specifying baseUrl in builder typings (thanks @​ryami333!)
• Allow resetting format through .format(undefined) (thanks @​selbekk!)

sanity-io/semantic-release-preset (@​sanity/semantic-release-preset)

v4.1.8

Compare Source

Bug Fixes

• deps: update dependency conventional-changelog-conventionalcommits to v8 (#​124) (1dfce8e)
• deps: update dependency semantic-release to v24 (#​126) (e6e5594)
• deps: update non-major (#​118) (9a6695d)

v4.1.7

Compare Source

Bug Fixes

• deps: update dependency semantic-release to v23 (#​112) (b475f0b)

v4.1.6

Compare Source

Bug Fixes

• deps: update dependency semantic-release to v22 (e67b045)

v4.1.5

Compare Source

Bug Fixes

• deps: Update dependency conventional-changelog-conventionalcommits to v7 (#​104) (2614d5c)
• deps: update dependency semantic-release to v22 (#​106) (0439f36)

axios/axios (axios)

v0.30.0

Compare Source

Release notes:

Bug Fixes

• fix: modify log while request is aborted by @​mori5321 in https://github.com/axios/axios/pull/4917
• fix: update CHANGELOG.md for v0.x by @​TehZarathustra in https://github.com/axios/axios/pull/6271
• fix: modify upgrade guide for 0.28.1's breaking change by @​nafeger in https://github.com/axios/axios/pull/6787
• fix: backport allowAbsoluteUrls vulnerability fix to v0.x by @​thatguyinabeanie in https://github.com/axios/axios/pull/6829
• fix: add allowAbsoluteUrls type by @​thatguyinabeanie in https://github.com/axios/axios/pull/6849

Contributors to this release

• @​mori5321 made their first contribution in https://github.com/axios/axios/pull/4917
• @​TehZarathustra made their first contribution in https://github.com/axios/axios/pull/6271
• @​nafeger made their first contribution in https://github.com/axios/axios/pull/6787
• @​thatguyinabeanie made their first contribution in https://github.com/axios/axios/pull/6829

Full Changelog: axios/axios@v0.29.0...v0.30.0

v0.29.0

Compare Source

Release notes:

Bug Fixes

• fix(backport): backport security fixes in commits #​6167 and #​6163 to v0.x by @​Sean-Powell in https://github.com/axios/axios/pull/6402
• fix: omit nulls in params by @​Willshaw in https://github.com/axios/axios/pull/6394
• fix(backport): fix paramsSerializer function validation by @​solonzhu in https://github.com/axios/axios/pull/6361
• fix: Regular Expression Denial of Service (ReDoS) by @​qiongshusheng in https://github.com/axios/axios/pull/6708

Contributors to this release

• @​Sean-Powell made their first contribution in https://github.com/axios/axios/pull/6402
• @​Willshaw made their first contribution in https://github.com/axios/axios/pull/6394
• @​solonzhu made their first contribution in https://github.com/axios/axios/pull/6361
• @​qiongshusheng made their first contribution in https://github.com/axios/axios/pull/6708

v0.28.1

Compare Source

Release notes:

Release notes:

Bug Fixes

• fix(backport): custom params serializer support (#​6263)
• fix(backport): uncaught ReferenceError req is not defined (#​6307)

v0.28.0

Compare Source

Release notes:

Bug Fixes

• fix(security): fixed CVE-2023-45857 by backporting withXSRFToken option to v0.x (#​6091)

Backports from v1.x:

• Allow null indexes on formSerializer and paramsSerializer v0.x (#​4961)
• Fixing content-type header repeated #​4745
• Fixed timeout error message for HTTP 4738
• Added axios.formToJSON method (#​4735)
• URL params serializer (#​4734)
• Fixed toFormData Blob issue on node>v17 #​4728
• Adding types for progress event callbacks #​4675
• Fixed max body length defaults #​4731
• Added data URL support for node.js (#​4725)
• Added isCancel type assert (#​4293)
• Added the ability for the url-encoded-form serializer to respect the formSerializer config (#​4721)
• Add string[] to AxiosRequestHeaders type (#​4322)
• Allow type definition for axios instance methods (#​4224)
• Fixed AxiosError stack capturing; (#​4718)
• Fixed AxiosError status code type; (#​4717)
• Adding Canceler parameters config and request (#​4711)
• fix(types): allow to specify partial default headers for instance creation (#​4185)
• Added blob to the list of protocols supported by the browser (#​4678)
• Fixing Z_BUF_ERROR when no content (#​4701)
• Fixed race condition on immediate requests cancellation (#​4261)
• Added a clear() function to the request and response interceptors object so a user can ensure that all interceptors have been removed from an Axios instance https://github.com/axios/axios/pull/4248
• Added generic AxiosAbortSignal TS interface to avoid importing AbortController polyfill (#​4229)
• Fix TS definition for AxiosRequestTransformer (#​4201)
• Use type alias instead of interface for AxiosPromise (#​4505)
• Include request and config when creating a CanceledError instance (#​4659)
• Added generic TS types for the exposed toFormData helper (#​4668)
• Optimized the code that checks cancellation (#​4587)
• Replaced webpack with rollup (#​4596)
• Added stack trace to AxiosError (#​4624)
• Updated AxiosError.config to be optional in the type definition (#​4665)
• Removed incorrect argument for NetworkError constructor (#​4656)

debug-js/debug (debug)

v4.4.1

Compare Source

What's Changed

• fix(Issue-996): replace whitespaces in namespaces string with commas globally by @​pdahal-cx in https://github.com/debug-js/debug/pull/997
• fixes #​987 fallback to localStorage.DEBUG if debug is not defined by @​lzilioli in https://github.com/debug-js/debug/pull/988

New Contributors

• @​pdahal-cx made their first contribution in https://github.com/debug-js/debug/pull/997
• @​lzilioli made their first contribution in https://github.com/debug-js/debug/pull/988

Full Changelog: debug-js/debug@4.4.0...4.4.1

v4.4.0

Compare Source

Fixes (hopefully) the inefficient regex warnings in .enable().

Minor version as this is invariably going to break certain users who misuse the .enable() API and expected it to work with regexes, which was never supported nor documented. That's on you, sorry - that functionality won't be added back.

Full Changelog: debug-js/debug@4.3.7...4.4.0

v4.3.7

Compare Source

What's Changed

• Upgrade ms to version 2.1.3 by @​realityking in https://github.com/debug-js/debug/pull/819

Full Changelog: debug-js/debug@4.3.6...4.3.7

v4.3.6

Compare Source

What's Changed

• Avoid using deprecated RegExp.$1 by @​bluwy in https://github.com/debug-js/debug/pull/969

New Contributors

• @​bluwy made their first contribution in https://github.com/debug-js/debug/pull/969

Full Changelog: debug-js/debug@4.3.5...4.3.6

v4.3.5

Compare Source

Patch

• cac39b1 Fix/debug depth (#​926)

Thank you @​calvintwr for the fix.

gatsbyjs/gatsby (gatsby)

v5.14.3

Compare Source

v5.14.2

Compare Source

v5.14.1

Compare Source

v5.14.0: v5.14.0

Compare Source

This release focused on performance improvements and security fixes.

What's Changed

• minor docs improvements: https://github.com/gatsbyjs/gatsby/pull/38816, https://github.com/gatsbyjs/gatsby/pull/39052, https://github.com/gatsbyjs/gatsby/pull/39133, https://github.com/gatsbyjs/gatsby/pull/39060
• security fixes:
  • bump gh-pages: https://github.com/gatsbyjs/gatsby/pull/39089
  • bump underscore: https://github.com/gatsbyjs/gatsby/pull/39092
  • bump thenify: https://github.com/gatsbyjs/gatsby/pull/39095
  • bump axios: https://github.com/gatsbyjs/gatsby/pull/39101 https://github.com/gatsbyjs/gatsby/pull/39118
  • bump ejs: https://github.com/gatsbyjs/gatsby/pull/39093
  • bump set-getter: https://github.com/gatsbyjs/gatsby/pull/39091
  • bump express: https://github.com/gatsbyjs/gatsby/pull/39099
  • bump express: https://github.com/gatsbyjs/gatsby/pull/39098
  • bump css-what: https://github.com/gatsbyjs/gatsby/pull/39107
  • bump rollup: https://github.com/gatsbyjs/gatsby/pull/39112 https://github.com/gatsbyjs/gatsby/pull/39115
  • bump body-parser: https://github.com/gatsbyjs/gatsby/pull/39097 https://github.com/gatsbyjs/gatsby/pull/39132
  • bump webpack-dev-middleware: https://github.com/gatsbyjs/gatsby/pull/39106
  • bump path-to-regexp: https://github.com/gatsbyjs/gatsby/pull/39096
• [gatsby, create-gatsby, gatsby-cli, gatsby-dev-cli, gatsby-plugin-gatsby-cloud, gatsby-plugin-page-creator] perf: disable telemetry reporting https://github.com/gatsbyjs/gatsby/pull/39137

See full release notes

v5.13.7: v5.13.7

Compare Source

2024-07-12

What's Changed

• fix(gatsby-adapter-netlify): support monorepos (#​39005) by @​gatsbybot in https://github.com/gatsbyjs/gatsby/pull/39037

See full release notes: https://github.com/gatsbyjs/gatsby/pull/39046

v5.13.6: v5.13.6

Compare Source

2024-05-29

What's Changed

• perf(gatsby-adapter-netlify): improve adapt() performance (#​38988) by @​gatsbybot in https://github.com/gatsbyjs/gatsby/pull/38991

See full release notes: https://github.com/gatsbyjs/gatsby/pull/39004

v5.13.5: v5.13.5

Compare Source

2024-05-17

What's Changed

• chore: pin @​vercel/webpack-asset-relocator-loader (#​38981) by @​gatsbybot in https://github.com/gatsbyjs/gatsby/pull/38982
• feat: allow dsg/ssr renders without access to datastore if it's not required (#​38974) by @​gatsbybot in https://github.com/gatsbyjs/gatsby/pull/38979

See full release notes: https://github.com/gatsbyjs/gatsby/pull/38984

v5.13.4: v5.13.4

Compare Source

2024-04-10

What's Changed

• fix(gatsby-source-wordpress): only diff wpgraphql schema if the user opts in (#​38856) by @​gatsbybot in https://github.com/gatsbyjs/gatsby/pull/38860
• chore(gatsby-source-wordpress): upgrade file-type (#​38861) by @​gatsbybot in https://github.com/gatsbyjs/gatsby/pull/38863
• fix(gatsby-adapter-netlify): handler generation on windows (#​38900) by @​gatsbybot in https://github.com/gatsbyjs/gatsby/pull/38929

See full release notes: https://github.com/gatsbyjs/gatsby/pull/38969

v5.13.3: v5.13.3

Compare Source

2024-01-24

What's Changed

• perf: use must-revalidate cache-control header as common and only create header routes for routes with different cache-control (#​38820) by @​gatsbybot in https://github.com/gatsbyjs/gatsby/pull/38824
• fix: add missing fs method rewrites to handle fetchRemoteFile in dsg/ssr engine (#​38822) by @​gatsbybot in https://github.com/gatsbyjs/gatsby/pull/38823

See full release notes: https://github.com/gatsbyjs/gatsby/pull/38834

v5.13.2: v5.13.2

Compare Source

2024-01-23

What's Changed

• fix(gatsby): more robust adapter zero-conf handling (#​38778) by @​gatsbybot in https://github.com/gatsbyjs/gatsby/pull/38800
• fix(gatsby): try to automatically recover when parcel segfaults (#​38773) by @​gatsbybot in https://github.com/gatsbyjs/gatsby/pull/38799
• fix(gatsby): fix webpack compilation when pnpm is used (#​38757) by @​gatsbybot in https://github.com/gatsbyjs/gatsby/pull/38804
• chore: swap babel-plugin-lodash with updated version that doesn't use deprecated APIs (#​38797) by @​gatsbybot in https://github.com/gatsbyjs/gatsby/pull/38803
• fix(gatsby): support builtin modules prefixed with node: on build-html (#​38516) by @​gatsbybot in https://github.com/gatsbyjs/gatsby/pull/38818

See full release notes: https://github.com/gatsbyjs/gatsby/pull/38821

v5.13.1: v5.13.1

Compare Source

2013-12-22

What's Changed

• fix(docs): update remote url docs (#​38768) by @​gatsbybot in https://github.com/gatsbyjs/gatsby/pull/38770
• chore(gatsby-cli,gatsby-source-wordpress): bump clipboardy (#​38775) by @​gatsbybot in https://github.com/gatsbyjs/gatsby/pull/38776

See full release notes: https://github.com/gatsbyjs/gatsby/pull/38796.

v5.13.0: v5.13.0

Compare Source

Welcome to [email protected] release (December 2023 #1)

Key highlight of this release:

• Custom Image and File CDN URL generators

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

v5.12.12

Compare Source

v5.12.11

Compare Source

v5.12.10

Compare Source

v5.12.9

Compare Source

v5.12.8

Compare Source

v5.12.7

Compare Source

gatsbyjs/gatsby (gatsby-core-utils)

v4.14.0

Compare Source

🧾 Release notes

Bug Fixes

• update dependency hash-wasm to ^4.11.0 for gatsby-core-utils #​38678 (f8ce66e)
• update dependency fs-extra to ^11.2.0 #​38727 (cb33fe5)

4.13.1 (2024-01-23)

Note: Version bump only for package gatsby-core-utils

v4.13.1

Compare Source

Note: Version bump only for package gatsby-core-utils

v4.13.0

Compare Source

🧾 Release notes

Bug Fixes

• respect 'force' and 'conditions' properties on redirects #​38657 (48d311e)

4.12.1 (2023-10-26)

Bug Fixes

• respect 'force' and 'conditions' properties on redirects #​38657 #​38664 (c43080f)

v4.12.1

Compare Source

Bug Fixes

• respect 'force' and 'conditions' properties on redirects #​38657 #​38664 (c43080f)

gatsbyjs/gatsby (gatsby-plugin-image)

v3.14.0

Compare Source

🧾 Release notes

Bug Fixes

• update dependency fs-extra to ^11.2.0 #​38727 (cb33fe5)

3.13.1 (2024-01-23)

Note: Version bump only for package gatsby-plugin-image

v3.13.1

Compare Source

Note: Version bump only for package gatsby-plugin-image

v3.13.0

Compare Source

🧾 Release notes

Note: Version bump only for package gatsby-plugin-image

3.12.3 (2023-10-26)

Note: Version bump only for package gatsby-plugin-image

3.12.2 (2023-10-20)

Note: Version bump only for package gatsby-plugin-image

3.12.1 (2023-10-09)

Note: Version bump only for package gatsby-plugin-image

v3.12.3

Compare Source

Note: Version bump only for package gatsby-plugin-image

v3.12.2

Compare Source

Note: Version bump only for package gatsby-plugin-image

v3.12.1

---

Configuration

📅 Schedule: Branch creation - "before 3am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate using a curated preset maintained by . View repository job log here

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm warn Unknown env config "store". This will stop working in the next major version of npm.
npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: [email protected]
npm error Found: [email protected]
npm error node_modules/semantic-release
npm error   dev semantic-release@"^21.1.2" from [email protected]
npm error   packages/gatsby-source-sanity
npm error     [email protected]
npm error     node_modules/gatsby-source-sanity
npm error       workspace packages/gatsby-source-sanity from the root project
npm error       1 more (example-blog)
npm error
npm error Could not resolve dependency:
npm error peer semantic-release@"^22.0.12 || ^23.0.2 || ^24.0.0" from @sanity/[email protected]
npm error node_modules/@sanity/semantic-release-preset
npm error   dev @sanity/semantic-release-preset@"^4.1.8" from [email protected]
npm error   packages/gatsby-source-sanity
npm error     [email protected]
npm error     node_modules/gatsby-source-sanity
npm error       workspace packages/gatsby-source-sanity from the root project
npm error       1 more (example-blog)
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /runner/cache/others/npm/_logs/2025-05-20T18_45_47_123Z-eresolve-report.txt
npm error A complete log of this run can be found in: /runner/cache/others/npm/_logs/2025-05-20T18_45_47_123Z-debug-0.log

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
gatsby-source-sanity	❌ Failed (Inspect)			May 20, 2025 6:46pm

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click for details)
Warn		[email protected] has a License Policy Violation. License: CC-BY-3.0 (package/build/licenses.md) From: ? → npm/[email protected] ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		[email protected] has a License Policy Violation. License: CC-BY-3.0 (package/node_modules/spdx-exceptions/package.json) From: ? → npm/[email protected] ℹ Read more on: This package | This alert | What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected]. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore npm/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report