Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

[Snyk] Upgrade: , apollo-server, , node-fetch, graphql, graphql-middleware #69

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[Snyk] Upgrade: , apollo-server, , node-fetch, graphql, graphql-middleware #69

wants to merge 1 commit into from

Conversation

basharat-j
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@babel/runtime
from 7.13.10 to 7.25.0 | 61 versions ahead of your current version | a month ago
on 2024-07-26
apollo-server
from 2.24.0 to 2.26.2 | 11 versions ahead of your current version | a year ago
on 2023-08-30
@graphql-tools/load
from 6.2.7 to 6.2.8 | 5 versions ahead of your current version | 3 years ago
on 2021-04-14
node-fetch
from 2.6.1 to 2.7.0 | 13 versions ahead of your current version | a year ago
on 2023-08-23
graphql
from 15.5.0 to 15.9.0 | 10 versions ahead of your current version | 3 months ago
on 2024-06-21
graphql-middleware
from 6.0.10 to 6.1.35 | 36 versions ahead of your current version | a year ago
on 2023-07-07

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
high severity Prototype Pollution
SNYK-JS-OBJECTPATH-1585658		 590 No Known Exploit
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-XSS-1584355		 590 No Known Exploit
high severity Cross-site Scripting (XSS)
SNYK-JS-APOLLOSERVER-1912891		 590 No Known Exploit
medium severity Cross-site Request Forgery (CSRF)
SNYK-JS-APOLLOSERVER-3043107		 590 No Known Exploit
medium severity Prototype Pollution
SNYK-JS-OBJECTPATH-1569453		 590 Proof of Concept
low severity Information Exposure
SNYK-JS-APOLLOSERVERCORE-5876618		 590 No Known Exploit
Release notes
Package name: @babel/runtime
  • 7.25.0 - 2024-07-26

    v7.25.0 (2024-07-26)

    Thanks @ davidtaylorhq and @ slatereax for your first PR!

    You can find the release blog post with some highlights at https://babeljs.io/blog/2024/07/26/7.25.0.

    👓 Spec Compliance

    • babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3
    • babel-plugin-transform-typescript
      • #16602 Ensure enum members syntactically determinable to be strings do not get reverse mappings (@ liuxingbaoyu)

    🚀 New Feature

    • babel-helper-create-class-features-plugin, babel-helper-function-name, babel-helper-plugin-utils, babel-helper-wrap-function, babel-plugin-bugfix-safari-class-field-initializer-scope, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-transform-classes, babel-plugin-transform-function-name, babel-preset-env, babel-traverse, babel-types
    • babel-helper-hoist-variables, babel-helper-plugin-utils, babel-plugin-proposal-async-do-expressions, babel-plugin-transform-modules-systemjs, babel-traverse
    • babel-helper-create-class-features-plugin, babel-helper-module-transforms, babel-helper-plugin-utils, babel-helper-split-export-declaration, babel-plugin-transform-classes, babel-traverse, babel-types
    • babel-helper-create-class-features-plugin, babel-helper-environment-visitor, babel-helper-module-transforms, babel-helper-plugin-utils, babel-helper-remap-async-to-generator, babel-helper-replace-supers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-transform-async-generator-functions, babel-plugin-transform-classes, babel-traverse
    • babel-core, babel-parser
    • babel-compat-data, babel-plugin-bugfix-safari-class-field-initializer-scope, babel-preset-env
    • babel-plugin-transform-block-scoping, babel-traverse, babel-types
    • babel-helper-import-to-platform-api, babel-plugin-proposal-json-modules
    • babel-helper-transform-fixture-test-runner, babel-node
    • babel-compat-data, babel-helper-create-regexp-features-plugin, babel-plugin-proposal-duplicate-named-capturing-groups-regex, babel-plugin-transform-duplicate-named-capturing-groups-regex, babel-preset-env, babel-standalone
      • #16445 Add duplicate-named-capturing-groups-regex to preset-env (@ JLHwung)

    🐛 Bug Fix

    🏠 Internal

    • Other
    • babel-generator
    • babel-helper-function-name, babel-plugin-transform-arrow-functions, babel-plugin-transform-function-name, babel-preset-env, babel-traverse

    🏃‍♀️ Performance

    • babel-parser, babel-plugin-proposal-pipeline-operator

    🔬 Output optimization

    • babel-plugin-transform-classes
    • babel-helper-create-class-features-plugin, babel-helper-replace-supers, babel-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-object-super, babel-plugin-transform-private-methods, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
    • babel-plugin-transform-class-properties, babel-plugin-transform-classes

    Committers: 6

  • 7.24.8 - 2024-07-11

    v7.24.8 (2024-07-11)

    Thanks @ H0onnn, @ jkup and @ SreeXD for your first pull requests!

    👓 Spec Compliance

    🐛 Bug Fix

    💅 Polish

    Committers: 9

  • 7.24.7 - 2024-06-05

    v7.24.7 (2024-06-05)

    🐛 Bug Fix

    • babel-node
    • babel-traverse
    • babel-helper-transform-fixture-test-runner, babel-plugin-proposal-explicit-resource-management

    🏠 Internal

    • babel-helpers, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

    Committers: 7

  • 7.24.6 - 2024-05-24

    v7.24.6 (2024-05-24)

    Thanks @ amjed-98, @ blakewilson, @ coelhucas, and @ SukkaW for your first PRs!

    🐛 Bug Fix

    • babel-helper-create-class-features-plugin, babel-plugin-transform-class-properties
    • babel-core, babel-generator, babel-plugin-transform-modules-commonjs
    • babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators
    • babel-helpers, babel-plugin-proposal-decorators, babel-runtime-corejs3
      • #16483 Fix: throw TypeError if addInitializer is called after finished (@ JLHwung)
    • babel-parser, babel-plugin-transform-typescript

    🏠 Internal

    • babel-core, babel-helpers, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
    • babel-helpers
    • babel-cli, babel-helpers, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime
    • babel-parser, babel-traverse
    • Other

    Committers: 9

  • 7.24.5 - 2024-04-29

    v7.24.5 (2024-04-29)

    Thanks @ romgrk and @ sossost for your first PRs!

    🐛 Bug Fix

    • babel-plugin-transform-classes, babel-traverse
    • babel-helpers, babel-plugin-proposal-explicit-resource-management, babel-runtime-corejs3

    💅 Polish

    🏠 Internal

    • Other
    • babel-parser
    • babel-helper-create-class-features-plugin, babel-helper-member-expression-to-functions, babel-helper-module-transforms, babel-helper-split-export-declaration, babel-helper-wrap-function, babel-helpers, babel-plugin-bugfix-firefox-class-in-computed-class-key, babel-plugin-proposal-explicit-resource-management, babel-plugin-transform-block-scoping, babel-plugin-transform-destructuring, babel-plugin-transform-object-rest-spread, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx-self, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-traverse
    • babel-plugin-proposal-partial-application, babel-types
    • babel-plugin-transform-class-properties, babel-preset-env

    🏃‍♀️ Performance

    • babel-helpers, babel-preset-env, babel-runtime-corejs3
      • #16357 Performance: improve objectWithoutPropertiesLoose on V8 (@ romgrk)

    Committers: 6

  • 7.24.4 - 2024-04-03
  • 7.24.1 - 2024-03-19
  • 7.24.0 - 2024-02-28
  • 7.23.9 - 2024-01-25
  • 7.23.8 - 2024-01-08
  • 7.23.7 - 2023-12-29
  • 7.23.6 - 2023-12-11
  • 7.23.5 - 2023-11-29
  • 7.23.4 - 2023-11-20
  • 7.23.2 - 2023-10-11
  • 7.23.1 - 2023-09-25
  • 7.23.0 - 2023-09-25
  • 7.22.15 - 2023-09-04
  • 7.22.11 - 2023-08-24
  • 7.22.10 - 2023-08-07
  • 7.22.6 - 2023-07-04
  • 7.22.5 - 2023-06-08
  • 7.22.3 - 2023-05-27
  • 7.22.0 - 2023-05-26
  • 7.21.5 - 2023-04-28
  • 7.21.4-esm.4 - 2023-04-04
  • 7.21.4-esm.3 - 2023-04-04
  • 7.21.4-esm.2 - 2023-04-04
  • 7.21.4-esm.1 - 2023-04-04
  • 7.21.4-esm - 2023-04-04
  • 7.21.0 - 2023-02-20
  • 7.20.13 - 2023-01-21
  • 7.20.7 - 2022-12-22
  • 7.20.6 - 2022-11-28
  • 7.20.5 - 2022-11-28
  • 7.20.1 - 2022-11-01
  • 7.20.0 - 2022-10-27
  • 7.19.4 - 2022-10-10
  • 7.19.0 - 2022-09-05
  • 7.18.9 - 2022-07-18
  • 7.18.6 - 2022-06-27
  • 7.18.3 - 2022-05-25
  • 7.18.2 - 2022-05-25
  • 7.18.0 - 2022-05-19
  • 7.17.9 - 2022-04-06
  • 7.17.8 - 2022-03-18
  • 7.17.7 - 2022-03-14
  • 7.17.2 - 2022-02-08
  • 7.17.0 - 2022-02-02
  • 7.16.7 - 2021-12-31
  • 7.16.5 - 2021-12-13
  • 7.16.3 - 2021-11-09
  • 7.16.0 - 2021-10-29
  • 7.15.4 - 2021-09-02
  • 7.15.3 - 2021-08-11
  • 7.14.8 - 2021-07-20
  • 7.14.6 - 2021-06-14
  • 7.14.5 - 2021-06-09
  • 7.14.0 - 2021-04-29
  • 7.13.17 - 2021-04-20
  • 7.13.16 - 2021-04-20
  • 7.13.10 - 2021-03-08
from @babel/runtime GitHub release notes
Package name: apollo-server
  • 2.26.2 - 2023-08-30
  • 2.26.1 - 2022-10-20
  • 2.26.0 - 2022-08-18
  • 2.25.4 - 2022-05-25
  • 2.25.3 - 2021-11-04
  • 2.25.2 - 2021-06-22
  • 2.25.1 - 2021-06-08
  • 2.25.0 - 2021-05-27
  • 2.25.0-alpha.1 - 2021-05-27
  • 2.25.0-alpha.0 - 2021-05-26
  • 2.24.1 - 2021-05-18
  • 2.24.0 - 2021-04-30
from apollo-server GitHub release notes
Package name: @graphql-tools/load
  • 6.2.8 - 2021-04-14
  • 6.2.8-alpha-e3d43765.0 - 2021-03-24
  • 6.2.8-alpha-43e9309d.0 - 2021-04-09
  • 6.2.8-alpha-2afd491c.0 - 2021-04-12
  • 6.2.8-alpha-1dce565c.0 - 2021-04-09
  • 6.2.7 - 2021-02-18
from @graphql-tools/load GitHub release notes
Package name: node-fetch from node-fetch GitHub release notes
Package name: graphql
  • 15.9.0 - 2024-06-21

    v15.9.0 (2024-06-21)

    New Feature 🚀

    • #4120 backport[v15]: Introduce "recommended" validation rules (@ benjie)

    Bug Fix 🐞

    • #3708 Fix crash in node when mixing sync/async resolvers (backport of #3706) (@ chrskrchr)
    • #4000 Backport "Prevent Infinite Loop in OverlappingFieldsCanBeMergedRule" to v15 (@ benjie)

    Internal 🏠

    Committers: 2

  • 15.8.0 - 2021-12-07
  • 15.7.2 - 2021-10-28
  • 15.7.1 - 2021-10-27
  • 15.7.0 - 2021-10-26
  • 15.6.1 - 2021-10-05
  • 15.6.0 - 2021-09-20
  • 15.5.3 - 2021-09-06
  • 15.5.2 - 2021-08-30
  • 15.5.1 - 2021-06-20
  • 15.5.0 - 2021-01-26
from graphql GitHub release notes
Package name: graphql-middleware
  • 6.1.35 - 2023-07-07

    6.1.35 (2023-07-07)

    Performance Improvements

  • 6.1.34 - 2023-05-10

    6.1.34 (2023-05-10)

    Bug Fixes

  • 6.1.33 - 2022-10-07

    6.1.33 (2022-10-07)

    Bug Fixes

  • 6.1.32 - 2022-07-27

    6.1.32 (2022-07-27)

    Bug Fixes

  • 6.1.31 - 2022-06-27

    6.1.31 (2022-06-27)

    Bug Fixes

  • 6.1.30 - 2022-06-24

    6.1.30 (2022-06-24)

    Bug Fixes

  • 6.1.29 - 2022-06-07

    6.1.29 (2022-06-07)

    Bug Fixes

  • 6.1.28 - 2022-05-20

    6.1.28 (2022-05-20)

    Bug Fixes

  • 6.1.27 - 2022-05-20

    6.1.27 (2022-05-20)

    Bug Fixes

  • 6.1.26 - 2022-05-10

    6.1.26 (2022-05-10)

    Bug Fixes

  • 6.1.25 - 2022-04-20
  • 6.1.24 - 2022-04-15
  • 6.1.23 - 2022-04-13
  • 6.1.22 - 2022-04-07
  • 6.1.21 - 2022-03-31
  • 6.1.20 - 2022-03-25
  • 6.1.19 - 2022-03-23
  • 6.1.18 - 2022-03-16
  • 6.1.17 - 2022-03-13
  • 6.1.16 - 2022-03-11
  • 6.1.15 - 2022-02-24
  • 6.1.14 - 2022-02-16
  • 6.1.13 - 2021-12-09
  • 6.1.12 - 2021-11-07
  • 6.1.11 - 2021-10-27
  • 6.1.10 - 2021-10-21
  • 6.1.9 - 2021-10-20
  • 6.1.8 - 2021-10-13
  • 6.1.7 - 2021-09-30
  • 6.1.6 - 2021-09-03
  • 6.1.5 - 2021-08-31
  • 6.1.4 - 2021-08-24
  • 6.1.3 - 2021-08-19
  • 6.1.2 - 2021-08-16
  • 6.1.1 - 2021-08-15
  • 6.1.0 - 2021-08-14
  • 6.0.10 - 2021-05-01
from graphql-middleware GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

@snyk-bot
fix: upgrade multiple dependencies with Snyk
c8f091f 
Snyk has created this PR to upgrade:
  - @babel/runtime from 7.13.10 to 7.25.0.
    See this package in npm: https://www.npmjs.com/package/@babel/runtime
  - apollo-server from 2.24.0 to 2.26.2.
    See this package in npm: https://www.npmjs.com/package/apollo-server
  - @graphql-tools/load from 6.2.7 to 6.2.8.
    See this package in npm: https://www.npmjs.com/package/@graphql-tools/load
  - node-fetch from 2.6.1 to 2.7.0.
    See this package in npm: https://www.npmjs.com/package/node-fetch
  - graphql from 15.5.0 to 15.9.0.
    See this package in npm: https://www.npmjs.com/package/graphql
  - graphql-middleware from 6.0.10 to 6.1.35.
    See this package in npm: https://www.npmjs.com/package/graphql-middleware

See this project in Snyk:
https://app.snyk.io/org/bashj79/project/857d1763-c1c1-471f-97e4-a108bca10710?utm_source=github&utm_medium=referral&page=upgrade-pr
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@basharat-j @snyk-bot