Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade mercurius from 11.3.0 to 13.4.0 #34

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Security upgrade mercurius from 11.3.0 to 13.4.0 #34

wants to merge 1 commit into from

Conversation

Jeff-Tian
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
⚠️ Warning 
Failed to update the package-lock.json, please update manually before merging.

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 631/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.2		 Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: mercurius The new version differs by 101 commits.
  • aebe405 Bumped v13.4.0
  • e242c53 fix: undici security vulnerabilities (#1086)
  • f44e683 docs: added favicon (#1085)
  • 7525759 Feat: add the ability to add in additional route properties (#1080)
  • 70b2d88 build(deps): bump @ fastify/static from 6.12.0 to 7.0.0 (#1077)
  • acc0b58 docs: Some broken links fixed (#1072)
  • 9cb5834 build(deps): bump actions/setup-node from 4.0.0 to 4.0.1 (#1065)
  • ffa2a37 pin undici v5.28.1 because it supports Node.js v16
  • e2bf8fe build(deps-dev): bump tsd from 0.29.0 to 0.30.0 (#1062)
  • 292221f Bumped v13.3.2
  • 8ba1a35 Support nodenext (#1056)
  • 39e0eae build(deps): bump undici from 5.28.2 to 6.0.1 (#1059)
  • e58db21 feat: adding validation to verify if baseUrl is already present in the GRAPHQL_ENDPOINT variable to prevent GrahphIql's request get error 404 Not Found (#1052)
  • f4dcc3a Bumped v13.3.0
  • 65a9ec6 Merge pull request #1050 from markrzen/master
  • ca67ab8 feat: support passing options to graphql validate and parse
  • 62f41ee build(deps): bump actions/setup-node from 3.8.1 to 4.0.0 (#1045)
  • b42fc88 Bumped v13.2.2
  • f65fd28 remove the extraa slash (#1042)
  • 3926c82 Bumped v13.2.1
  • 8fd5f1e bugfix: window.baseurl is not working in all the cases to fix this using window.location.pathname (#1041)
  • 0da77e4 build(deps-dev): bump sinon from 16.1.3 to 17.0.0 (#1039)
  • b46b34f Bumped v13.2.0
  • 54bc3ec make url dynamic so even if the graphiql is deployed on baseUrl it can work (#1037)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

@snyk-bot
fix: package.json to reduce vulnerabilities
8e3f51f 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-INFLIGHT-6095116
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@Jeff-Tian @snyk-bot