changeset-bot[bot]
commented
10 months ago ⚠️ No Changeset found
Latest commit: 1a3e7bacce5e21707792efa52ecdfd5383cc9d94
Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.
This PR includes no changesets
When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver typesClick here to learn what changesets are, and how to add one.
Click here if you're a maintainer who wants to add a changeset to this PR
github-actions[bot]
This PR contains the following updates:
16.8.0->16.8.1GitHub Vulnerability Alerts
CVE-2023-26144
Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.
Note: It was not proven that this vulnerability can crash the process.
Release Notes
graphql/graphql-js (graphql)
### [`v16.8.1`](https://togithub.com/graphql/graphql-js/releases/tag/v16.8.1) [Compare Source](https://togithub.com/graphql/graphql-js/compare/v16.8.0...v16.8.1) ##### v16.8.1 (2023-09-19) ##### Bug Fix 🐞 - [#3967](https://togithub.com/graphql/graphql-js/pull/3967) OverlappingFieldsCanBeMergedRule: Fix performance degradation ([@AaronMoat](https://togithub.com/AaronMoat)) ##### Committers: 1 - Aaron Moat([@AaronMoat](https://togithub.com/AaronMoat))Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled because a matching PR was automerged previously.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.