Update dependency graphql to v16.8.1 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
graphql	16.6.0 -> 16.8.1

GitHub Vulnerability Alerts

CVE-2023-26144

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.

Note: It was not proven that this vulnerability can crash the process.

---

Release Notes

graphql/graphql-js (graphql)

v16.8.1

Compare Source

v16.8.1 (2023-09-19)

Bug Fix 🐞

• #​3967 OverlappingFieldsCanBeMergedRule: Fix performance degradation (@​AaronMoat)

Committers: 1

• Aaron Moat(@​AaronMoat)

v16.8.0

Compare Source

v16.8.0 (2023-08-14)

New Feature 🚀

• #​3950 Support fourfold nested lists (@​gschulze)

Committers: 1

• Gunnar Schulze(@​gschulze)

v16.7.1

Compare Source

v16.7.1 (2023-06-22)

📢 Big shout out to @​phryneas, who managed to reproduce this issue and come up with this fix.

Bug Fix 🐞

• #​3923 instanceOf: workaround bundler issue with process.env (@​IvanGoncharov)

Committers: 1

• Ivan Goncharov(@​IvanGoncharov)

v16.7.0

Compare Source

v16.7.0 (2023-06-21)

New Feature 🚀

• #​3887 check "globalThis.process" before accessing it (@​kettanaito)

Bug Fix 🐞

• #​3707 Fix crash in node when mixing sync/async resolvers (backport of #​3706) (@​chrskrchr)
• #​3838 Fix/invalid error propagation custom scalars (backport for 16.x.x) (@​stenreijers)

Committers: 3

• Artem Zakharchenko(@​kettanaito)
• Chris Karcher(@​chrskrchr)
• Sten Reijers(@​stenreijers)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: [email protected]
npm WARN Found: [email protected]
npm WARN node_modules/graphql
npm WARN   graphql@"16.8.1" from the root project
npm WARN 
npm WARN Could not resolve dependency:
npm WARN peer graphql@"14.x || 15.x" from [email protected]
npm WARN node_modules/graphql-request
npm WARN   graphql-request@"^3.4.0" from the root project
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: @plantswap-libs/[email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/eslint
npm ERR!   peer eslint@"^6.0.0 || ^7.0.0 || >=8.0.0" from @eslint-community/[email protected]
npm ERR!   node_modules/@eslint-community/eslint-utils
npm ERR!     @eslint-community/eslint-utils@"^4.2.0" from [email protected]
npm ERR!   peer eslint@"*" from @typescript-eslint/[email protected]
npm ERR!   node_modules/@plantswap-libs/eslint-config-plantswap/node_modules/@typescript-eslint/experimental-utils
npm ERR!     @typescript-eslint/experimental-utils@"4.33.0" from @typescript-eslint/[email protected]
npm ERR!     node_modules/@plantswap-libs/eslint-config-plantswap/node_modules/@typescript-eslint/eslint-plugin
npm ERR!       @typescript-eslint/eslint-plugin@"^4.7.0" from @plantswap-libs/[email protected]
npm ERR!       node_modules/@plantswap-libs/eslint-config-plantswap
npm ERR!         dev @plantswap-libs/eslint-config-plantswap@"^0.0.1" from the root project
npm ERR!   11 more (eslint-utils, @typescript-eslint/experimental-utils, ...)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer eslint@"^7.2.0" from @plantswap-libs/[email protected]
npm ERR! node_modules/@plantswap-libs/eslint-config-plantswap
npm ERR!   dev @plantswap-libs/eslint-config-plantswap@"^0.0.1" from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: [email protected]
npm ERR! node_modules/eslint
npm ERR!   peer eslint@"^7.2.0" from @plantswap-libs/[email protected]
npm ERR!   node_modules/@plantswap-libs/eslint-config-plantswap
npm ERR!     dev @plantswap-libs/eslint-config-plantswap@"^0.0.1" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! 
npm ERR! For a full report see:
npm ERR! /tmp/worker/27302e/74a4b9/cache/others/npm/_logs/2023-09-21T18_51_14_503Z-eresolve-report.txt

npm ERR! A complete log of this run can be found in: /tmp/worker/27302e/74a4b9/cache/others/npm/_logs/2023-09-21T18_51_14_503Z-debug-0.log

[renovate]

Renovate Ignore Notification

Because you closed this PR without merging, Renovate will ignore this update (^16.0.0). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.

If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.