Closed jffry93 closed 8 months ago
smithjw1
commented
9 months ago Thanks for reporting this! We'll look to get this updated ASAP. In the meantime, you can remove this version of WP GraphQL from the bundle and install WP GraphQL directly.
The other bundle functions will detect and use that installation.
smithjw1
commented
9 months ago I chatted with @alecgeatches about this, and he pointed out that the scanner is reporting the delta between our version and the most recent version. There isn't a vulnerability.
Scanning the changelog, I see no reported security fixes in the 1.18 or 1.19.
We will work to update this to the latest version, but you can feel confident using the current version until we do so.
I downloaded the vip-decoupled-bundle plugin and added it to the repo and vipbot is catching a vulnerability. I have attached a screenshot of the issue caught below.
Bug Report Bot Comment: wpcomvip-vipgoci-bot (VIP Code Analysis Bot) reported a vulnerability 33 minutes ago.