This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade @graphql-yoga/node from 2.6.0 to 3.9.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
*Warning:* This is a major version upgrade, and may be a breaking change.
- The recommended version is **1869 versions** ahead of your current version.
- The recommended version was released **a year ago**, on 2023-04-18.
The recommended version fixes:
Severity | Issue | PriorityScore (*) | Exploit Maturity |
:-------------------------:|:-------------------------|-------------------------|:-------------------------
| Regular Expression Denial of Service (ReDoS) [SNYK-JS-UNDICI-3323845](https://snyk.io/vuln/SNYK-JS-UNDICI-3323845) | **696/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Proof of Concept
| Server-side Request Forgery (SSRF) [SNYK-JS-UNDICI-2980286](https://snyk.io/vuln/SNYK-JS-UNDICI-2980286) | **696/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | No Known Exploit
| CRLF Injection [SNYK-JS-UNDICI-3323844](https://snyk.io/vuln/SNYK-JS-UNDICI-3323844) | **696/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Proof of Concept
| CRLF Injection [SNYK-JS-UNDICI-2953389](https://snyk.io/vuln/SNYK-JS-UNDICI-2953389) | **696/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Proof of Concept
| CRLF Injection [SNYK-JS-UNDICI-2980276](https://snyk.io/vuln/SNYK-JS-UNDICI-2980276) | **696/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | No Known Exploit
| Information Exposure [SNYK-JS-UNDICI-5962466](https://snyk.io/vuln/SNYK-JS-UNDICI-5962466) | **696/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | No Known Exploit
| Permissive Cross-domain Policy with Untrusted Domains [SNYK-JS-UNDICI-6252336](https://snyk.io/vuln/SNYK-JS-UNDICI-6252336) | **696/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | No Known Exploit
| Information Exposure [SNYK-JS-UNDICI-2957529](https://snyk.io/vuln/SNYK-JS-UNDICI-2957529) | **696/1000** **Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Proof of Concept
(*) Note that the real score may have changed since the PR was raised.
Release notes Package name: @graphql-yoga/node
❌ Please link an issue that describes the reason for this pull request, otherwise your pull request will be closed. Make sure to write it as Closes: #123 in the PR description, so I can recognize it.
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade @graphql-yoga/node from 2.6.0 to 3.9.1.
:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.*Warning:* This is a major version upgrade, and may be a breaking change. - The recommended version is **1869 versions** ahead of your current version. - The recommended version was released **a year ago**, on 2023-04-18. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- | Regular Expression Denial of Service (ReDoS)
[SNYK-JS-UNDICI-3323845](https://snyk.io/vuln/SNYK-JS-UNDICI-3323845) | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Proof of Concept | Server-side Request Forgery (SSRF)
[SNYK-JS-UNDICI-2980286](https://snyk.io/vuln/SNYK-JS-UNDICI-2980286) | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | No Known Exploit | CRLF Injection
[SNYK-JS-UNDICI-3323844](https://snyk.io/vuln/SNYK-JS-UNDICI-3323844) | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Proof of Concept | CRLF Injection
[SNYK-JS-UNDICI-2953389](https://snyk.io/vuln/SNYK-JS-UNDICI-2953389) | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Proof of Concept | CRLF Injection
[SNYK-JS-UNDICI-2980276](https://snyk.io/vuln/SNYK-JS-UNDICI-2980276) | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | No Known Exploit | Information Exposure
[SNYK-JS-UNDICI-5962466](https://snyk.io/vuln/SNYK-JS-UNDICI-5962466) | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | No Known Exploit | Permissive Cross-domain Policy with Untrusted Domains
[SNYK-JS-UNDICI-6252336](https://snyk.io/vuln/SNYK-JS-UNDICI-6252336) | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | No Known Exploit | Information Exposure
[SNYK-JS-UNDICI-2957529](https://snyk.io/vuln/SNYK-JS-UNDICI-2957529) | **696/1000**
**Why?** Proof of Concept exploit, Has a fix available, CVSS 7.5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: @graphql-yoga/node
@ graphql-yoga/plugin-response-cache@3.4.0
...