Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency graphql to v16.8.1 [security] #203

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

chore(deps): update dependency graphql to v16.8.1 [security] #203

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 22, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
graphql 16.6.0 -> 16.8.1 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-26144

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.

Note: It was not proven that this vulnerability can crash the process.

Release Notes

graphql/graphql-js (graphql)

v16.8.1

Compare Source

v16.8.1 (2023-09-19)
Bug Fix 🐞
Committers: 1

v16.8.0

Compare Source

v16.8.0 (2023-08-14)

New Feature 🚀
Committers: 1

v16.7.1

Compare Source

v16.7.1 (2023-06-22)

📢 Big shout out to @​phryneas, who managed to reproduce this issue and come up with this fix.

Bug Fix 🐞
Committers: 1

v16.7.0

Compare Source

v16.7.0 (2023-06-21)
New Feature 🚀
Bug Fix 🐞
Committers: 3

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/London, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from 8074b32 to aa03613 Compare October 27, 2023 18:12
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch 2 times, most recently from 6095030 to a275418 Compare November 15, 2023 08:09
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch 2 times, most recently from fa4dc19 to f0ed299 Compare January 16, 2024 06:13
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch 3 times, most recently from 0f44d8a to 7ab19a4 Compare February 7, 2024 09:18
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch 4 times, most recently from f343fdf to 2c87502 Compare February 16, 2024 15:56
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from 2c87502 to 1808e0c Compare March 2, 2024 03:10
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch 2 times, most recently from 50bff2a to d72adee Compare March 22, 2024 06:56
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch 4 times, most recently from 9814ec2 to e7c5a29 Compare March 28, 2024 08:17
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from e7c5a29 to 0f7ba08 Compare May 11, 2024 05:35
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch 2 times, most recently from c162690 to ed70a15 Compare June 28, 2024 03:58
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from ed70a15 to ef67d4a Compare July 4, 2024 04:14
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from ef67d4a to 0bbface Compare July 23, 2024 04:50
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from 0bbface to 531e1f3 Compare August 13, 2024 04:03
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch 5 times, most recently from de4e21e to 4c80e09 Compare September 17, 2024 15:52
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch 2 times, most recently from 60f47f0 to 1b1d2d0 Compare September 20, 2024 10:51
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch 5 times, most recently from cdb05b2 to 606634c Compare September 29, 2024 09:34
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch 3 times, most recently from 0bff862 to dcd3b27 Compare October 17, 2024 03:46
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from dcd3b27 to d3a495c Compare October 31, 2024 23:34
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch 2 times, most recently from 4bfd319 to ec508b3 Compare November 18, 2024 15:17
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from ec508b3 to 46b2c2d Compare November 26, 2024 07:37
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from 46b2c2d to 7d1be65 Compare November 26, 2024 11:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants