Skip to content
This repository was archived by the owner on Aug 6, 2021. It is now read-only.

[Snyk] Security upgrade graphql-request from 1.8.2 to 2.0.0 #12

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade graphql-request from 1.8.2 to 2.0.0 #12

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • code-gov-repo-metrics/package.json
    • code-gov-repo-metrics/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 591/1000
Why? Recently disclosed, Has a fix available, CVSS 5.9		 Denial of Service
SNYK-JS-NODEFETCH-674311		 Yes No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: graphql-request The new version differs by 19 commits.
  • d7f4f2f chore: fix lint error
  • 01ae7d0 feat: drop node 8 support
  • 930ab90 chore: update renovate config
  • 4ed1401 refactor: upgrade and run prettier
  • a6e8e0a fix: build
  • b69791c feat: export `Options` type (#155)
  • 2246c4d docs: fix example by setting global fetch variable (#157)
  • 5cb1aa1 fix: subclass Error by explicitly setting prototype (#101)
  • c22d4b0 feat: drop cross-fetch polyfill dep (#127)
  • d09a567 refactor: remove unused `async` keywords (#163)
  • be27ac6 feat: remove dom dependency (#108)
  • 9d5e344 feat: simplify typings by using full RequestInit type (#107)
  • b0abe80 Merge pull request #114 from brikou/feature/npmignore
  • c037f23 Add missing .npmignore
  • 70d3555 Merge pull request #110 from brikou/feature/examples_ts_typings_only
  • 4c6e037 Use TData interface
  • 9f3fd07 Update link to circleci (#104)
  • a0dbcf0 Add TS typings to example
  • 62c0f75 [RFR] Add examples dir (#105)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

@snyk-bot
fix: code-gov-repo-metrics/package.json & code-gov-repo-metrics/packa…
56d88cd 
…ge-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-NODEFETCH-674311
# for free to subscribe to this conversation on GitHub. Already have an account? #.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@snyk-bot