jsdevtools / graphql-jsdevtools

0 stars 0 forks source link

[Snyk] Security upgrade apollo from 2.5.1 to 2.33.10 #60

Open snyk-bot opened 2 years ago

snyk-bot commented 2 years ago

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 696/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 7.5
Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: apollo The new version differs by 250 commits.
  • 78c9c03 Release
  • 457452e Changelog updates pre-release
  • 9907758 fix(apollo-tools): add undeclared peer dependency graphql (#2049)
  • 0ebcebb Update jest dependencies (#2583)
  • c87ae48 chore(deps): update dependency @ oclif/config to v1.18.3 (#2557)
  • 761911c chore(deps): update dependency ajv to 6.12.3 [security] (#2571)
  • f0e8a2a chore(deps): update dependency ws to 5.2.3 [security] (#2568)
  • 8db848b Renovate config updates
  • f547f4a chore(deps): update dependency cimg/go to v1.17.8 (#2539)
  • d66d98a chore(deps): update dependency table to v6.8.0 (#2540)
  • 6297858 chore(deps): update dependency @ types/node-fetch to v2.6.1 (#2573)
  • fec9113 chore(deps): update dependency @ types/lodash to v4.14.180 (#2577)
  • 8e63f3e chore(deps): update dependency yarn to v1.22.18 (#2578)
  • a7f9123 chore(deps): update dependency hosted-git-info to 2.8.9 [security] (#2559)
  • 6d0c2bb chore(deps): update dependency json-schema to 0.4.0 [security] (#2560)
  • 2eda662 chore(deps): update dependency nth-check to 2.0.1 [security] (#2563)
  • d819667 chore(deps): update dependency path-parse to 1.0.7 [security] (#2564)
  • b978978 chore(deps): update dependency tar to 6.1.9 [security] (#2565)
  • 64e6c84 chore(deps): update dependency tmpl to 1.0.5 [security] (#2566)
  • 387a542 chore(deps): update dependency y18n to 4.0.1 [security] (#2569)
  • 4dcd8db chore(deps): update dependency pathval to 1.1.1 [security] (#2570)
  • 8f502ca chore(deps): update dependency trim-newlines to 3.0.1 [security] (#2567)
  • 0657aef Update generated graphql types (#2581)
  • 6f67fa2 Typo
See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.