eslint-plugin-graphql
eslint-plugin-graphql copied to clipboard
apollographql
Update `graphql-config` to ^4.0.2
This PR:
- Updates graphql-config to v4 (^4.0.2)
TODO:
- [ ] Make sure all of the significant new logic is covered by tests
- [x] Rebase your changes on master so that they can be merged easily
- [x] Make sure all tests pass
- [x] Update CHANGELOG.md with your change
- [ ] If this was a change that affects the external API, update the README
@dahukish: Thank you for submitting a pull request! Before we can merge it, you'll need to sign the Apollo Contributor License Agreement here: https://contribute.apollographql.com/
@abernix @staylor @kamilkisiela @jnwng would you consider reviewing and merging this PR?
This is causing [email protected] dependency security warnings (see https://github.com/advisories/GHSA-6fc8-4gx4-v693) , via:
[email protected]
-> @graphql-tools/[email protected]
-> [email protected] (vulnerable)
@abernix @staylor @kamilkisiela @jnwng Hi guys, could this PR being merged? c: There are some security issues because of usage of old graphql-config. E.x high severity one: https://github.com/advisories/GHSA-r683-j2x4-v87g
Any update on this? Seems like a quick change and we keep having security alerts because of it not being merged and released. Anything I can do to help merge the P.R.?
@dahukish @vinassefranche @mishalov Are there any user-visible (breaking) changes? In other words, do you think we need to bump the major or minor (or patch) version of eslint-plugin-graphql before releasing this change?
@benjamn as no test was modified in this pull request, I think a patch version would be enough. There does not seem to be any change caused by this apart from the vulnerabilities being fixed