soames-gatsby-theme 0.1.3 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +12 -6
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -18,14 +18,20 @@ npm install soames-gatsby-theme
18
18
 
19
19
  ## Known Security Notices
20
20
 
21
- During installation, you may encounter audit warnings for two high-severity vulnerabilities related to the cookie and path-to-regexp packages. These packages are used internally by Gatsby’s development tooling, specifically:
21
+ After installation, `npm audit` will report a number of vulnerabilities. All remaining issues fall into two categories:
22
22
 
23
- cookie is included via express and socket.io, which Gatsby uses for its hot-reloading dev server.
23
+ **Gatsby dev-server tooling** packages used only during local development (`gatsby develop`) and not included in the production static build:
24
24
 
25
- path-to-regexp is also included by express and only used during local development.
25
+ - `cookie`, `path-to-regexp` used by express and socket.io for Gatsby’s hot-reloading dev server
26
+ - `@parcel/reporter-dev-server` — Gatsby’s internal build tooling
27
+ - `webpack`, `serialize-javascript` — bundler used at build time, not present in the output
28
+ - `tmp` — used by CLI tooling (inquirer) internal to Gatsby’s dependency tree
26
29
 
27
- These dependencies are not included in the production build of your site. Gatsby generates static HTML, CSS, and JS files that do not use these server-side tools.
30
+ **Build-time data-fetching dependencies** packages used to pull content from WordPress at build time and not included in the deployed site:
28
31
 
29
- As of this version, these issues do not pose a risk to end users or affect the final deployed site. They will be resolved in future versions as Gatsby and its related plugins are updated.
32
+ - `showdown` pulled in by `@wordpress/blocks` for block rendering; no upstream fix available as of this version
33
+ - `file-type`, `uuid` — used by `gatsby-source-wordpress` for media processing and internal queuing
30
34
 
31
- You can safely ignore these warnings unless you're modifying or redistributing the Gatsby development server code itself.
35
+ Gatsby generates static HTML, CSS, and JS files. None of the packages above are included in your deployed site or exposed to end users.
36
+
37
+ These issues cannot be resolved without breaking changes to core Gatsby dependencies and will be addressed in future versions as Gatsby and its plugins are updated. You can safely ignore these warnings unless you are modifying or redistributing the Gatsby development tooling itself.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "soames-gatsby-theme",
3
- "version": "0.1.3",
3
+ "version": "0.1.4",
4
4
  "description": "A customizable Gatsby theme for personal websites using WordPress as a headless CMS.",
5
5
  "main": "dist/gatsby-config.js",
6
6
  "scripts": {