search

movio / bramble

A federated GraphQL API gateway
https://movio.github.io/bramble/
MIT License
497 stars 55 forks source link

Fixed DoS vulnerability in graphql-go package #133

Closed azadasanali closed 2 years ago

azadasanali commented 2 years ago

Currently there is DoS vulnerability in graphql-go package. This has been fixed in the latest release v1.3.0 of the package

I would like to upgrade the package to latest version in this PR.

Link to vulnerability

image

codecov-commenter commented 2 years ago

Codecov Report

Merging #133 (fa04c6e) into main (13268f2) will increase coverage by 0.03%. The diff coverage is n/a.

Impacted file tree graph

@@            Coverage Diff             @@
##             main     #133      +/-   ##
==========================================
+ Coverage   69.51%   69.55%   +0.03%     
==========================================
  Files          24       24              
  Lines        2624     2624              
==========================================
+ Hits         1824     1825       +1     
+ Misses        669      668       -1     
  Partials      131      131
Impacted Files Coverage Δ
auth.go 87.42% <0.00%> (+0.62%) :arrow_up:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 13268f2...fa04c6e. Read the comment docs.

pkqk commented 2 years ago

Thanks @azadasanali

Dependabot thought the vulnerability was fixed but the commit it is pointing to is from 2020 so I'm not sure how that counts as being up to date.