Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update graphql-config to ^4.0.2 #317

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Update graphql-config to ^4.0.2 #317

wants to merge 1 commit into from

Conversation

dahukish
Copy link

This PR:

  • Updates graphql-config to v4 (^4.0.2)

TODO:

  • Make sure all of the significant new logic is covered by tests
  • Rebase your changes on master so that they can be merged easily
  • Make sure all tests pass
  • Update CHANGELOG.md with your change
  • If this was a change that affects the external API, update the README

@apollo-cla
Copy link

@dahukish: Thank you for submitting a pull request! Before we can merge it, you'll need to sign the Apollo Contributor License Agreement here: https://contribute.apollographql.com/

@dahukish dahukish force-pushed the bump-graphql-config-to-v4 branch from 579971a to 8b6ebcb Compare October 19, 2021 15:50
@dahukish dahukish mentioned this pull request Oct 19, 2021
Closed
4 tasks
@karlhorky
Copy link

@abernix @staylor @kamilkisiela @jnwng would you consider reviewing and merging this PR?

This is causing [email protected] dependency security warnings (see GHSA-6fc8-4gx4-v693) , via:

[email protected]
-> @graphql-tools/[email protected]
-> [email protected] (vulnerable)

@mishalov
Copy link

mishalov commented Feb 2, 2022
edited
Loading

@abernix @staylor @kamilkisiela @jnwng Hi guys, could this PR being merged? c: There are some security issues because of usage of old graphql-config. E.x high severity one: GHSA-r683-j2x4-v87g

@karlhorky
Copy link

cc @lennyburdette

@vinassefranche
Copy link

Any update on this?
Seems like a quick change and we keep having security alerts because of it not being merged and released.
Anything I can do to help merge the P.R.?

@benjamn
Copy link
Member

benjamn commented Jun 29, 2022

@dahukish @vinassefranche @mishalov Are there any user-visible (breaking) changes? In other words, do you think we need to bump the major or minor (or patch) version of eslint-plugin-graphql before releasing this change?

@vinassefranche
Copy link

@benjamn as no test was modified in this pull request, I think a patch version would be enough. There does not seem to be any change caused by this apart from the vulnerabilities being fixed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@dahukish @apollo-cla @karlhorky @mishalov @vinassefranche @benjamn