Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(deps): update dependency graphql to v16.8.1 [security] #27

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update dependency graphql to v16.8.1 [security] #27

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 21, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
graphql 16.5.0 -> 16.8.1 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-26144

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.

Note: It was not proven that this vulnerability can crash the process.

Release Notes

graphql/graphql-js (graphql)

v16.8.1

Compare Source

v16.8.1 (2023-09-19)
Bug Fix 🐞
Committers: 1

v16.8.0

Compare Source

v16.8.0 (2023-08-14)

New Feature 🚀
Committers: 1

v16.7.1

Compare Source

v16.7.1 (2023-06-22)

📢 Big shout out to @​phryneas, who managed to reproduce this issue and come up with this fix.

Bug Fix 🐞
Committers: 1

v16.7.0

Compare Source

v16.7.0 (2023-06-21)
New Feature 🚀
Bug Fix 🐞
Committers: 3

v16.6.0

Compare Source

v16.6.0 (2022-08-16)

New Feature 🚀
Bug Fix 🐞
Committers: 2

Configuration

📅 Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from 39e2d30 to 7fccb7c Compare October 19, 2023 15:03
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from 7fccb7c to c452dd7 Compare November 30, 2023 16:34
@renovate renovate bot requested a review from trevor-scheer as a code owner November 30, 2023 16:34
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from c452dd7 to 0c797ac Compare January 30, 2024 12:52
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Feb 4, 2024
edited
Loading

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json
npm ERR! code ERESOLVE
npm ERR! ERESOLVE could not resolve
npm ERR! 
npm ERR! While resolving: [email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/graphql
npm ERR!   dev graphql@"16.5.0" from the root project
npm ERR!   peer graphql@"^14.0.0 || ^15.0.0 || ^16.0.0" from @apollo/[email protected]
npm ERR!   node_modules/@apollo/client
npm ERR!     @apollo/client@"^3.6.9" from @apollo/[email protected]
npm ERR!     node_modules/@apollo/server-integration-testsuite
npm ERR!       dev @apollo/server-integration-testsuite@"4.0.0-alpha.2" from the root project
npm ERR!   14 more (@apollo/server, ...)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer graphql@"16.8.1" from [email protected]
npm ERR! packages/lambda
npm ERR!   [email protected]
npm ERR!   node_modules/apollo-server-integration-lambda
npm ERR!     workspace packages/lambda from the root project
npm ERR! 
npm ERR! Conflicting peer dependency: [email protected]
npm ERR! node_modules/graphql
npm ERR!   peer graphql@"16.8.1" from [email protected]
npm ERR!   packages/lambda
npm ERR!     [email protected]
npm ERR!     node_modules/apollo-server-integration-lambda
npm ERR!       workspace packages/lambda from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! 
npm ERR! For a full report see:
npm ERR! /tmp/renovate/cache/others/npm/_logs/2024-04-25T08_58_43_232Z-eresolve-report.txt

npm ERR! A complete log of this run can be found in: /tmp/renovate/cache/others/npm/_logs/2024-04-25T08_58_43_232Z-debug-0.log

@renovate Renovate
Copy link
Contributor Author

renovate bot commented Jun 4, 2024
edited
Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json
npm error code ERESOLVE
npm error ERESOLVE could not resolve
npm error
npm error While resolving: [email protected]
npm error Found: [email protected]
npm error node_modules/graphql
npm error   dev graphql@"16.5.0" from the root project
npm error   peer graphql@"^14.0.0 || ^15.0.0 || ^16.0.0" from @apollo/[email protected]
npm error   node_modules/@apollo/client
npm error     @apollo/client@"^3.6.9" from @apollo/[email protected]
npm error     node_modules/@apollo/server-integration-testsuite
npm error       dev @apollo/server-integration-testsuite@"4.0.0-alpha.2" from the root project
npm error   14 more (@apollo/server, ...)
npm error
npm error Could not resolve dependency:
npm error peer graphql@"16.8.1" from [email protected]
npm error packages/lambda
npm error   [email protected]
npm error   node_modules/apollo-server-integration-lambda
npm error     workspace packages/lambda from the root project
npm error
npm error Conflicting peer dependency: [email protected]
npm error node_modules/graphql
npm error   peer graphql@"16.8.1" from [email protected]
npm error   packages/lambda
npm error     [email protected]
npm error     node_modules/apollo-server-integration-lambda
npm error       workspace packages/lambda from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /tmp/renovate/cache/others/npm/_logs/2024-12-02T12_24_25_147Z-eresolve-report.txt
npm error A complete log of this run can be found in: /tmp/renovate/cache/others/npm/_logs/2024-12-02T12_24_25_147Z-debug-0.log

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@trevor-scheer trevor-scheer Awaiting requested review from trevor-scheer trevor-scheer is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
🎄 dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants