spotify-api-graphql-console icon indicating copy to clipboard operation
spotify-api-graphql-console copied to clipboard

Published 20 hours ago verified publisher icon charlypoly

[Snyk] Security upgrade graphiql from 0.9.3 to 0.11.11

Open snyk-bot opened this issue 5 years ago • 0 comments
trafficstars

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Issue Breaking Change Exploit Maturity
medium severity Regular Expression Denial of Service (ReDoS )
SNYK-JS-MARKED-584281		 No No Known Exploit
Commit messages
Package name: graphiql The new version differs by 250 commits.
  • 811cf9d 0.11.11
  • 8db8277 yarn.lock update
  • 8e5c7e2 a less aggressive hint suggestion for variables editor
  • 39ff1e6 Add GraphQL 0.12.x to the peer dependencies. (#642)
  • f350efd Add CDNJS & npm version badges in README.md (#643)
  • 7701b81 switch to markdown-it (#581)
  • a4d9732 check the length of npm_config_argv in prepublish
  • 33432ec Change to yarn to reflect travis test (#632)
  • 5ceca93 Remove border radius for document toggle button (#630)
  • 6398718 The field description should be rendered as markdown (#634)
  • 7a7cb13 fix MenuItem example in README (#635)
  • 830b331 0.11.10
  • e078850 Merge pull request #625 from pleunv/patch-1
  • 8ec26d2 Fix `false` being passed as `className` to ExecuteButton's menu list
  • ddd5a0f Merge pull request #620 from sw-yx/patch-2
  • 6e0c983 Merge pull request #607 from brucewpaul/master
  • b61b769 support react16
  • ca16094 0.11.8
  • e5d3f7a Merge pull request #624 from wincent/glh/clipping-fix-2
  • 95745f8 Add missing half of fix from 4e1510b
  • f5c1c8c 0.11.7
  • ed52220 Merge pull request #623 from wincent/glh/clipping-fix
  • 4e1510b Prevent toolbar menu drop-downs from being clipped
  • 210e67e Merge pull request #618 from sw-yx/patch-1

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Jul 30 '20 00:07 snyk-bot