Skip to content
This repository was archived by the owner on Jan 29, 2026. It is now read-only.

fix(deps): update dependency graphql to v16.8.1 [security] - autoclosed#62

Closed
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-graphql-vulnerability
Closed

fix(deps): update dependency graphql to v16.8.1 [security] - autoclosed#62
renovate[bot] wants to merge 1 commit intomainfrom
renovate/npm-graphql-vulnerability

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Sep 21, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
graphql 16.6.0 -> 16.8.1 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-26144

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.

Note: It was not proven that this vulnerability can crash the process.

Release Notes

graphql/graphql-js (graphql)

v16.8.1

Compare Source

v16.8.1 (2023-09-19)
Bug Fix 🐞
Committers: 1

v16.8.0

Compare Source

v16.8.0 (2023-08-14)

New Feature 🚀
Committers: 1

v16.7.1

Compare Source

v16.7.1 (2023-06-22)

📢 Big shout out to @​phryneas, who managed to reproduce this issue and come up with this fix.

Bug Fix 🐞
Committers: 1

v16.7.0

Compare Source

v16.7.0 (2023-06-21)
New Feature 🚀
Bug Fix 🐞
Committers: 3

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested review from a team as code owners September 21, 2023 18:50
@renovate renovate bot requested review from jpetto and nina-py September 21, 2023 18:50
@renovate renovate bot added the dependencies Pull requests that update a dependency file label Sep 21, 2023
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch 2 times, most recently from 55fdd31 to 57b0fd2 Compare September 28, 2023 18:36
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from 57b0fd2 to c58392f Compare October 17, 2023 16:03
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from c58392f to 7622f0f Compare January 25, 2024 23:04
@renovate renovate bot requested a review from a team as a code owner January 25, 2024 23:04
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from 7622f0f to 364d413 Compare January 29, 2024 15:49
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from 364d413 to 45e8360 Compare February 26, 2024 15:10
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch 3 times, most recently from 2e41b00 to a50b468 Compare April 11, 2024 15:53
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch 2 times, most recently from 0a78b1c to a8db4ac Compare April 17, 2024 18:56
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from a8db4ac to 51cb992 Compare May 20, 2024 21:29
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch 2 times, most recently from 6f796b6 to e2df4a4 Compare June 6, 2024 21:00
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from e2df4a4 to c3f7cae Compare July 23, 2024 15:13
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from c3f7cae to 58379cb Compare August 30, 2024 01:40
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch 2 times, most recently from 780e821 to 5b0c117 Compare October 3, 2024 16:52
@renovate renovate bot changed the title fix(deps): update dependency graphql to v16.8.1 [security] fix(deps): update dependency graphql to v16.8.1 [security] - autoclosed Dec 8, 2024
@renovate renovate bot closed this Dec 8, 2024
@renovate renovate bot deleted the renovate/npm-graphql-vulnerability branch December 8, 2024 18:36
@renovate renovate bot changed the title fix(deps): update dependency graphql to v16.8.1 [security] - autoclosed fix(deps): update dependency graphql to v16.8.1 [security] Dec 8, 2024
@renovate renovate bot reopened this Dec 8, 2024
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from 08f374f to 5b0c117 Compare December 8, 2024 22:05
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from 5b0c117 to 3fa1b49 Compare February 6, 2025 23:14
@renovate renovate bot changed the title fix(deps): update dependency graphql to v16.8.1 [security] fix(deps): update dependency graphql to v16.8.1 [security] - autoclosed Feb 7, 2025
@renovate renovate bot closed this Feb 7, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@jpetto jpetto Awaiting requested review from jpetto jpetto was automatically assigned from Pocket/backend

@nina-py nina-py Awaiting requested review from nina-py nina-py was automatically assigned from Pocket/backend

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants