search

caioagiani / nestjs-graphql

NestJS API GraphQL
5 stars 1 forks source link

fix(deps): update dependency apollo-server-express to v2.25.4 #30

Closed renovate[bot] closed 2 years ago

renovate[bot] commented 2 years ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
apollo-server-express 2.25.2 -> 2.25.4 age adoption passing confidence

Release Notes

apollographql/apollo-server ### [`v2.25.4`](https://togithub.com/apollographql/apollo-server/compare/apollo-server-express@2.25.3...apollo-server-express@2.25.4) [Compare Source](https://togithub.com/apollographql/apollo-server/compare/apollo-server-express@2.25.3...apollo-server-express@2.25.4) ### [`v2.25.3`](https://togithub.com/apollographql/apollo-server/blob/HEAD/CHANGELOG.md#v2253) [Compare Source](https://togithub.com/apollographql/apollo-server/compare/apollo-server-express@2.25.2...apollo-server-express@2.25.3) - ⚠️ **SECURITY** `apollo-server-core`: Update default version of the GraphQL Playground React app loaded from the CDN to be `@apollographql/graphql-playground-react@1.7.42`. This patches an XSS vulnerability. Note that if you are pinning the Playground React app version in your app with `new ApolloServer({playground: {version: 'some version'}})`, you will need to update the specified version to 1.7.42 or later to avoid this vulnerability. If you disable GraphQL Playground with `new ApolloServer({playground: false})`, this vulnerability does not affect you. See [advisory GHSA-qm7x-rc44-rrqw](https://togithub.com/apollographql/apollo-server/security/advisories/GHSA-qm7x-rc44-rrqw) for more details.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] commented 2 years ago

Renovate Ignore Notification

As this PR has been closed unmerged, Renovate will now ignore this update (2.25.4). You will still receive a PR once a newer version is released, so if you wish to permanently ignore this dependency, please add it to the ignoreDeps array of your renovate config.

If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened.