-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update dependency graphql [SECURITY] #188
base: main
Are you sure you want to change the base?
Conversation
|
3ebd6be
to
511aaa7
Compare
511aaa7
to
0cfa280
Compare
0cfa280
to
c0440f6
Compare
This PR contains the following updates:
14.0.0 || 15.0.0 || 16.0.0 || 16.6.0
->14.0.0 || 15.0.0 || 16.0.0 || 16.6.0 || 16.8
16.6.0
->16.8.1
GitHub Vulnerability Alerts
CVE-2023-26144
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.
Note: It was not proven that this vulnerability can crash the process.
Release Notes
graphql/graphql-js (graphql)
v16.8.2
Compare Source
v16.8.2 (2024-06-12)
Bug Fix 🐞* #4022 fix: remove
globalThis
check and align with what bundlers can accept (@JoviDeCroock)Internal 🏠* #4104 Fix publish scripts (@benjie)
Committers: 2
v16.8.1
Compare Source
v16.8.1 (2023-09-19)
Bug Fix 🐞
Committers: 1
v16.8.0
Compare Source
v16.8.0 (2023-08-14)
New Feature 🚀
Committers: 1
v16.7.1
Compare Source
v16.7.1 (2023-06-22)
📢 Big shout out to @phryneas, who managed to reproduce this issue and come up with this fix.
Bug Fix 🐞
process.env
(@IvanGoncharov)Committers: 1
v16.7.0
Compare Source
v16.7.0 (2023-06-21)
New Feature 🚀
Bug Fix 🐞
Committers: 3
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.