search

apollographql / eslint-plugin-graphql

:vertical_traffic_light: Check your GraphQL query strings against a schema.
https://www.npmjs.com/package/eslint-plugin-graphql
1.21k stars 103 forks source link

ws security vulnerability #312

Open alfonsoar opened 3 years ago

alfonsoar commented 3 years ago

Hello,

There is a security vulnerability with the ws package that this plugin transitively depends on. Can we update graphql-config to version 4.x.x (since that is the latests version that contains a patched version of ws). Also happy to contribute this back if you are accepting PRs. 

└─┬ eslint-plugin-graphql@4.0.0
  └─┬ graphql-config@3.4.1
    └─┬ @graphql-tools/url-loader@6.10.1
      ├─┬ subscriptions-transport-ws@0.9.19
      │ └── ws@7.4.5  deduped
      └── ws@7.4.5
znarf commented 11 months ago

Fixed in https://github.com/apollographql/eslint-plugin-graphql/pull/342