Closed renovate[bot] closed 10 months ago
Latest commit: 7740ff2e45e68cb6c6dd66416e22e3943ae50746
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
Click here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
This PR contains the following updates:
16.8.0
->16.8.1
GitHub Vulnerability Alerts
CVE-2023-26144
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.
Note: It was not proven that this vulnerability can crash the process.
Release Notes
graphql/graphql-js (graphql)
### [`v16.8.1`](https://togithub.com/graphql/graphql-js/releases/tag/v16.8.1) [Compare Source](https://togithub.com/graphql/graphql-js/compare/v16.8.0...v16.8.1) ##### v16.8.1 (2023-09-19) ##### Bug Fix 🐞 - [#3967](https://togithub.com/graphql/graphql-js/pull/3967) OverlappingFieldsCanBeMergedRule: Fix performance degradation ([@AaronMoat](https://togithub.com/AaronMoat)) ##### Committers: 1 - Aaron Moat([@AaronMoat](https://togithub.com/AaronMoat))Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.