Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update dependency graphql to v16.8.1 [security] - autoclosed #62

Closed
wants to merge 1 commit into from
Closed

fix(deps): update dependency graphql to v16.8.1 [security] - autoclosed #62

wants to merge 1 commit into from
+6 −6

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 21, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
graphql 16.6.0 -> 16.8.1 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-26144

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.

Note: It was not proven that this vulnerability can crash the process.

Release Notes

graphql/graphql-js (graphql)

v16.8.1

Compare Source

v16.8.1 (2023-09-19)
Bug Fix 🐞
Committers: 1

v16.8.0

Compare Source

v16.8.0 (2023-08-14)

New Feature 🚀
Committers: 1

v16.7.1

Compare Source

v16.7.1 (2023-06-22)

📢 Big shout out to @​phryneas, who managed to reproduce this issue and come up with this fix.

Bug Fix 🐞
Committers: 1

v16.7.0

Compare Source

v16.7.0 (2023-06-21)
New Feature 🚀
Bug Fix 🐞
Committers: 3

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Sorry, something went wrong.

@renovate renovate bot requested review from a team as code owners September 21, 2023 18:50
@renovate renovate bot requested review from jpetto and nina-py September 21, 2023 18:50
@renovate renovate bot added the dependencies Pull requests that update a dependency file label Sep 21, 2023
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch 2 times, most recently from 55fdd31 to 57b0fd2 Compare September 28, 2023 18:36
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from 57b0fd2 to c58392f Compare October 17, 2023 16:03
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from c58392f to 7622f0f Compare January 25, 2024 23:04
@renovate renovate bot requested a review from a team as a code owner January 25, 2024 23:04
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from 7622f0f to 364d413 Compare January 29, 2024 15:49
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from 364d413 to 45e8360 Compare February 26, 2024 15:10
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch 3 times, most recently from 2e41b00 to a50b468 Compare April 11, 2024 15:53
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch 2 times, most recently from 0a78b1c to a8db4ac Compare April 17, 2024 18:56
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from a8db4ac to 51cb992 Compare May 20, 2024 21:29
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch 2 times, most recently from 6f796b6 to e2df4a4 Compare June 6, 2024 21:00
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from e2df4a4 to c3f7cae Compare July 23, 2024 15:13
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from c3f7cae to 58379cb Compare August 30, 2024 01:40
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch 2 times, most recently from 780e821 to 5b0c117 Compare October 3, 2024 16:52
@renovate renovate bot changed the title fix(deps): update dependency graphql to v16.8.1 [security] fix(deps): update dependency graphql to v16.8.1 [security] - autoclosed Dec 8, 2024
@renovate renovate bot closed this Dec 8, 2024
@renovate renovate bot deleted the renovate/npm-graphql-vulnerability branch December 8, 2024 18:36
@renovate renovate bot changed the title fix(deps): update dependency graphql to v16.8.1 [security] - autoclosed fix(deps): update dependency graphql to v16.8.1 [security] Dec 8, 2024
@renovate renovate bot reopened this Dec 8, 2024
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from 08f374f to 5b0c117 Compare December 8, 2024 22:05
@renovate renovate bot force-pushed the renovate/npm-graphql-vulnerability branch from 5b0c117 to 3fa1b49 Compare February 6, 2025 23:14
@renovate renovate bot changed the title fix(deps): update dependency graphql to v16.8.1 [security] fix(deps): update dependency graphql to v16.8.1 [security] - autoclosed Feb 7, 2025
@renovate renovate bot closed this Feb 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jpetto jpetto

@nina-py nina-py

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants