An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function.
Release Notes
vektah/gqlparser (github.com/vektah/gqlparser/v2)
### [`v2.5.14`](https://togithub.com/vektah/gqlparser/releases/tag/v2.5.14)
[Compare Source](https://togithub.com/vektah/gqlparser/compare/v2.5.13...v2.5.14)
#### What's Changed
- Add ParseQueryWithLimit by [@StevenACoffman](https://togithub.com/StevenACoffman) in [https://github.com/vektah/gqlparser/pull/304](https://togithub.com/vektah/gqlparser/pull/304)
**Full Changelog**: https://github.com/vektah/gqlparser/compare/v2.5.13...v2.5.14
### [`v2.5.13`](https://togithub.com/vektah/gqlparser/releases/tag/v2.5.13)
[Compare Source](https://togithub.com/vektah/gqlparser/compare/v2.5.12...v2.5.13)
#### What's Changed
- Bump the actions-deps group in /validator/imported with 6 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/vektah/gqlparser/pull/298](https://togithub.com/vektah/gqlparser/pull/298)
- Bump prettier from 3.2.5 to 3.3.0 in /validator/imported in the actions-deps group by [@dependabot](https://togithub.com/dependabot) in [https://github.com/vektah/gqlparser/pull/299](https://togithub.com/vektah/gqlparser/pull/299)
- Bump the actions-deps group in /validator/imported with 7 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/vektah/gqlparser/pull/301](https://togithub.com/vektah/gqlparser/pull/301)
- Bump braces from 3.0.2 to 3.0.3 in /validator/imported by [@dependabot](https://togithub.com/dependabot) in [https://github.com/vektah/gqlparser/pull/302](https://togithub.com/vektah/gqlparser/pull/302)
- Token limit fix CVE-2023-49559 by [@uvzz](https://togithub.com/uvzz) in [https://github.com/vektah/gqlparser/pull/291](https://togithub.com/vektah/gqlparser/pull/291)
#### New Contributors
- [@uvzz](https://togithub.com/uvzz) made their first contribution in [https://github.com/vektah/gqlparser/pull/291](https://togithub.com/vektah/gqlparser/pull/291)
**Full Changelog**: https://github.com/vektah/gqlparser/compare/v2.5.12...v2.5.13
### [`v2.5.12`](https://togithub.com/vektah/gqlparser/releases/tag/v2.5.12)
[Compare Source](https://togithub.com/vektah/gqlparser/compare/v2.5.11...v2.5.12)
#### What's Changed
- Disallow empty parens ([#292](https://togithub.com/vektah/gqlparser/issues/292)). by [@yuchenshi](https://togithub.com/yuchenshi) in [https://github.com/vektah/gqlparser/pull/293](https://togithub.com/vektah/gqlparser/pull/293)
- WithBuiltin FormatterOption added by [@atzedus](https://togithub.com/atzedus) in [https://github.com/vektah/gqlparser/pull/294](https://togithub.com/vektah/gqlparser/pull/294)
- Redo github actions by [@StevenACoffman](https://togithub.com/StevenACoffman) in [https://github.com/vektah/gqlparser/pull/295](https://togithub.com/vektah/gqlparser/pull/295)
- Bump github.com/stretchr/testify from 1.4.0 to 1.9.0 in the actions-deps group by [@dependabot](https://togithub.com/dependabot) in [https://github.com/vektah/gqlparser/pull/296](https://togithub.com/vektah/gqlparser/pull/296)
- Bump the actions-deps group in /validator/imported with 8 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/vektah/gqlparser/pull/297](https://togithub.com/vektah/gqlparser/pull/297)
#### New Contributors
- [@yuchenshi](https://togithub.com/yuchenshi) made their first contribution in [https://github.com/vektah/gqlparser/pull/293](https://togithub.com/vektah/gqlparser/pull/293)
**Full Changelog**: https://github.com/vektah/gqlparser/compare/v2.5.11...v2.5.12
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
v2.5.11->v2.5.14⚠ Dependency Lookup Warnings ⚠
Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.
GitHub Vulnerability Alerts
CVE-2023-49559
An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function.
Release Notes
vektah/gqlparser (github.com/vektah/gqlparser/v2)
### [`v2.5.14`](https://togithub.com/vektah/gqlparser/releases/tag/v2.5.14) [Compare Source](https://togithub.com/vektah/gqlparser/compare/v2.5.13...v2.5.14) #### What's Changed - Add ParseQueryWithLimit by [@StevenACoffman](https://togithub.com/StevenACoffman) in [https://github.com/vektah/gqlparser/pull/304](https://togithub.com/vektah/gqlparser/pull/304) **Full Changelog**: https://github.com/vektah/gqlparser/compare/v2.5.13...v2.5.14 ### [`v2.5.13`](https://togithub.com/vektah/gqlparser/releases/tag/v2.5.13) [Compare Source](https://togithub.com/vektah/gqlparser/compare/v2.5.12...v2.5.13) #### What's Changed - Bump the actions-deps group in /validator/imported with 6 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/vektah/gqlparser/pull/298](https://togithub.com/vektah/gqlparser/pull/298) - Bump prettier from 3.2.5 to 3.3.0 in /validator/imported in the actions-deps group by [@dependabot](https://togithub.com/dependabot) in [https://github.com/vektah/gqlparser/pull/299](https://togithub.com/vektah/gqlparser/pull/299) - Bump the actions-deps group in /validator/imported with 7 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/vektah/gqlparser/pull/301](https://togithub.com/vektah/gqlparser/pull/301) - Bump braces from 3.0.2 to 3.0.3 in /validator/imported by [@dependabot](https://togithub.com/dependabot) in [https://github.com/vektah/gqlparser/pull/302](https://togithub.com/vektah/gqlparser/pull/302) - Token limit fix CVE-2023-49559 by [@uvzz](https://togithub.com/uvzz) in [https://github.com/vektah/gqlparser/pull/291](https://togithub.com/vektah/gqlparser/pull/291) #### New Contributors - [@uvzz](https://togithub.com/uvzz) made their first contribution in [https://github.com/vektah/gqlparser/pull/291](https://togithub.com/vektah/gqlparser/pull/291) **Full Changelog**: https://github.com/vektah/gqlparser/compare/v2.5.12...v2.5.13 ### [`v2.5.12`](https://togithub.com/vektah/gqlparser/releases/tag/v2.5.12) [Compare Source](https://togithub.com/vektah/gqlparser/compare/v2.5.11...v2.5.12) #### What's Changed - Disallow empty parens ([#292](https://togithub.com/vektah/gqlparser/issues/292)). by [@yuchenshi](https://togithub.com/yuchenshi) in [https://github.com/vektah/gqlparser/pull/293](https://togithub.com/vektah/gqlparser/pull/293) - WithBuiltin FormatterOption added by [@atzedus](https://togithub.com/atzedus) in [https://github.com/vektah/gqlparser/pull/294](https://togithub.com/vektah/gqlparser/pull/294) - Redo github actions by [@StevenACoffman](https://togithub.com/StevenACoffman) in [https://github.com/vektah/gqlparser/pull/295](https://togithub.com/vektah/gqlparser/pull/295) - Bump github.com/stretchr/testify from 1.4.0 to 1.9.0 in the actions-deps group by [@dependabot](https://togithub.com/dependabot) in [https://github.com/vektah/gqlparser/pull/296](https://togithub.com/vektah/gqlparser/pull/296) - Bump the actions-deps group in /validator/imported with 8 updates by [@dependabot](https://togithub.com/dependabot) in [https://github.com/vektah/gqlparser/pull/297](https://togithub.com/vektah/gqlparser/pull/297) #### New Contributors - [@yuchenshi](https://togithub.com/yuchenshi) made their first contribution in [https://github.com/vektah/gqlparser/pull/293](https://togithub.com/vektah/gqlparser/pull/293) **Full Changelog**: https://github.com/vektah/gqlparser/compare/v2.5.11...v2.5.12Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.