From cfca4476f7a92398efbd783620a5238d0d77de14 Mon Sep 17 00:00:00 2001
From: Konstantinos Kopanidis <kkopanidis@users.noreply.github.com>
Date: Wed, 20 Sep 2023 13:00:38 +0300
Subject: [PATCH] [Snyk] Security upgrade graphql from 16.6.0 to 16.8.1 (#686)

* fix: libraries/hermes/package.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-GRAPHQL-5905181

* chore: update yarn.lock

---------

Co-authored-by: snyk-bot <snyk-bot@snyk.io>
---
 libraries/hermes/package.json | 2 +-
 yarn.lock                     | 8 ++++----
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/libraries/hermes/package.json b/libraries/hermes/package.json
index 57c8c1433..0f0e74b82 100644
--- a/libraries/hermes/package.json
+++ b/libraries/hermes/package.json
@@ -29,7 +29,7 @@
     "deepdash": "^5.3.9",
     "express": "~4.18.2",
     "express-winston": "^4.2.0",
-    "graphql": "^16.6.0",
+    "graphql": "^16.8.1",
     "graphql-parse-resolve-info": "^4.13.0",
     "graphql-tools": "^8.3.19",
     "graphql-type-json": "^0.3.2",
diff --git a/yarn.lock b/yarn.lock
index 5e3de2afc..df2a27ddb 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -8311,10 +8311,10 @@ graphql@^14.5.3:
   dependencies:
     iterall "^1.2.2"
 
-graphql@^16.6.0:
-  version "16.6.0"
-  resolved "https://registry.yarnpkg.com/graphql/-/graphql-16.6.0.tgz#c2dcffa4649db149f6282af726c8c83f1c7c5fdb"
-  integrity sha512-KPIBPDlW7NxrbT/eh4qPXz5FiFdL5UbaA0XUNz2Rp3Z3hqBSkbj0GVjwFDztsWVauZUWsbKHgMg++sk8UX0bkw==
+graphql@^16.8.1:
+  version "16.8.1"
+  resolved "https://registry.yarnpkg.com/graphql/-/graphql-16.8.1.tgz#1930a965bef1170603702acdb68aedd3f3cf6f07"
+  integrity sha512-59LZHPdGZVh695Ud9lRzPBVTtlX9ZCV150Er2W43ro37wVof0ctenSaskPPjN7lVTIN8mSZt8PHUNKZuNQUuxw==
 
 gtoken@^6.0.0:
   version "6.1.0"