Gatsby-source-datocms - datocms-client vulnerabilities

Describe the issue:

Is an update of the gatbsy-source-datocms package planned to replace the datocms-client dependency, which is deprecated and has multiple vulnerabilities in its dependencies?

Hey @jcdglsn, Iโ€™ll check on this for you and get back to you ASAP.

Hello, since Gastby development has stalled we donโ€™t have much incentive into doing a big upgrade of our source plugin at the moment.

Also on the security side I am not sure where the attack vector could be. Our source plugin is fetching data from a Dato project that you should be controlling, so in theory it should only process data that is already controlled by you? What do you think? Where else an attack could come from?

If thereโ€™s a good enough incentive we could consider at least upgrading the dependencies all the way through to remove the most important vulnerabilities.