🚨 Note jsonwebtoken has dropped support for Node < 12 (Node v10 went end of life 2021-04-30, Node v11 EOL was 2019-06-01); in order to get these security fixes we had no choice but to also drop support for Node versions prior to v12.
v4.12.11
Improve error message when enum creation fails (thanks @​tsnobip)
Fix "max stack size exceeded" in pg-sql2 (thanks @​roytan883)
Add error listener to subscription listener PG client to avoid crashes (thanks @​enisdenjo)
Add error listener to other PG clients
v4.12.10
Fixes potential memory leak in subscriptions (thanks @​enisdenjo)
Fixes order of logic in subscriptions code (determine context last)
Ensure operation is available before validating subscriptions (thanks @​enisdenjo)
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
AntBush
commented
1 week ago
Bumps postgraphile from 4.12.9 to 4.13.0.
Release notes
Sourced from postgraphile's releases.
Changelog
Sourced from postgraphile's changelog.
Commits
eb16e9e4.13.0df19851fix: upgrade Graphile Engine (#1702)4adbd42chore: update to Node 16 LTS in CI & published docker images (#1678)4f1db5achore(deps): Bump decode-uri-component from 0.2.0 to 0.2.2 in /postgraphiql (...85d0341chore(deps): Bump express from 4.17.1 to 4.18.2 in /postgraphiql (#1693)b9ae04dchore(deps-dev): Bump express from 4.17.1 to 4.17.3 (#1692)3997456chore(deps): Bump jsonwebtoken from 8.5.1 to 9.0.0 (#1698)c85fc16chore(deps): Bump qs from 6.5.2 to 6.5.3 (#1690)fa76feechore(deps): Bump json5 from 2.1.3 to 2.2.2 (#1700)7375afdchore(deps): Bump decode-uri-component from 0.2.0 to 0.2.2 (#1688)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show