search

keystonejs / keystone-5

https://v5.keystonejs.com
MIT License
64 stars 33 forks source link

Bump gql upload to 15 #415

Open toplenboren opened 1 year ago

toplenboren commented 1 year ago

Hello!

We are using keystone-v5 in our open source condominium management software.

We recently encountered a bug, when keystone crashes while processing multipart requests. It seems that the issue might be related to the old versions of the dicer and busboy packages.

Our issue looks awfully similar to this security flaw: GHSA-wm7h-9275-46v2 and has already been fixed in the apollo-graphql v15.0.0 release.

Considering this, we decided to bump the dependency from 11.0.0 to version 15.0.2.

P.S Our project is too big to migrate to v6 fast :-( that's why I decided to patch v5 instead.

changeset-bot[bot] commented 1 year ago

🦋 Changeset detected

Latest commit: c648fb420dec6ac71706d59a7a6f13f53c81e417

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 4 packages | Name | Type | | ----------------------------------- | ----- | | @keystonejs/app-graphql | Patch | | @keystonejs/fields | Patch | | @keystonejs/fields-cloudinary-image | Patch | | @keystonejs/keystone | Patch |

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR