Skip to content
This repository was archived by the owner on Jan 23, 2024. It is now read-only.

fix(deps): update dependency graphql to v16.8.1 [security]#1001

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-graphql-vulnerability
Open

fix(deps): update dependency graphql to v16.8.1 [security]#1001
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-graphql-vulnerability

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Sep 21, 2023
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
graphql 16.6.0 -> 16.8.1 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-26144

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.

Note: It was not proven that this vulnerability can crash the process.

Release Notes

graphql/graphql-js (graphql)

v16.8.1

Compare Source

v16.8.1 (2023-09-19)
Bug Fix 🐞
Committers: 1

v16.8.0

Compare Source

v16.8.0 (2023-08-14)

New Feature 🚀
Committers: 1

v16.7.1

Compare Source

v16.7.1 (2023-06-22)

📢 Big shout out to @​phryneas, who managed to reproduce this issue and come up with this fix.

Bug Fix 🐞
Committers: 1

v16.7.0

Compare Source

v16.7.0 (2023-06-21)
New Feature 🚀
Bug Fix 🐞
Committers: 3

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate Bot requested a review from a team as a code owner September 21, 2023 19:32
@renovate renovate Bot requested review from Herraj and n0coast and removed request for a team September 21, 2023 19:32
@renovate renovate Bot added the dependencies Pull requests that update a dependency file label Sep 21, 2023
@renovate renovate Bot force-pushed the renovate/npm-graphql-vulnerability branch from 6f0f4e2 to f3a9df0 Compare October 19, 2023 04:50
@renovate renovate Bot force-pushed the renovate/npm-graphql-vulnerability branch 2 times, most recently from 38f6c16 to 93aae44 Compare November 6, 2023 19:08
@renovate renovate Bot force-pushed the renovate/npm-graphql-vulnerability branch from 93aae44 to 2445ea2 Compare November 28, 2023 15:55
@renovate renovate Bot force-pushed the renovate/npm-graphql-vulnerability branch from 2445ea2 to f4b6640 Compare December 12, 2023 16:16
@renovate renovate Bot force-pushed the renovate/npm-graphql-vulnerability branch 2 times, most recently from 79aabe0 to ea151e8 Compare January 11, 2024 23:11
@renovate renovate Bot force-pushed the renovate/npm-graphql-vulnerability branch from ea151e8 to 23beb56 Compare January 23, 2024 01:38
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@n0coast n0coast Awaiting requested review from n0coast n0coast is a code owner automatically assigned from Pocket/backend

@Herraj Herraj Awaiting requested review from Herraj Herraj is a code owner automatically assigned from Pocket/backend

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants