Closed renovate[bot] closed 5 months ago
Latest commit: 1a3e7bacce5e21707792efa52ecdfd5383cc9d94
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
Click here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
This PR contains the following updates:
16.8.0
->16.8.1
GitHub Vulnerability Alerts
CVE-2023-26144
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.
Note: It was not proven that this vulnerability can crash the process.
Release Notes
graphql/graphql-js (graphql)
### [`v16.8.1`](https://togithub.com/graphql/graphql-js/releases/tag/v16.8.1) [Compare Source](https://togithub.com/graphql/graphql-js/compare/v16.8.0...v16.8.1) ##### v16.8.1 (2023-09-19) ##### Bug Fix 🐞 - [#3967](https://togithub.com/graphql/graphql-js/pull/3967) OverlappingFieldsCanBeMergedRule: Fix performance degradation ([@AaronMoat](https://togithub.com/AaronMoat)) ##### Committers: 1 - Aaron Moat([@AaronMoat](https://togithub.com/AaronMoat))Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled because a matching PR was automerged previously.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.