[Snyk] Security upgrade eslint-plugin-graphql from 3.0.3 to 4.0.0

[TatianaMiodo]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-LODASH-1018905	Yes	Proof of Concept
	681/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.2	Command Injection SNYK-JS-LODASH-1040724	Yes	Proof of Concept
	731/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 8.2	Prototype Pollution SNYK-JS-LODASH-567746	Yes	Proof of Concept
	686/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.3	Prototype Pollution SNYK-JS-LODASH-608086	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: eslint-plugin-graphql

The new version differs by 31 commits.

• 0a74881 4.0.0
• 159a326 Update CHANGELOG.md prior to publishing v4.
• 2899fe4 Remove unused `graphql-tools` dependency.
• 43fca49 Merge branch 'kamilkisiela-feat/new-config'
• 95aeda5 Drop Node 8. Support GraphQL 15. Update Babel 7 & ESLint 6.8 (chore(deps): bump eslint-plugin-escompat from 3.1.0 to 3.2.0 github/eslint-plugin-github#271)
• 044ff0e Update package-lock.json
• b3a5f79 Update package.json
• abd47f0 Update
• cc4262e Support legacy config
• 3852df9 Fix
• d83a091 Use new GraphQL Config
• a1a7517 Improve identity template literal tag docs (chore(deps): bump @typescript-eslint/parser from 5.25.0 to 5.26.0 github/eslint-plugin-github#254)
• 4f83993 3.1.1
• b6a466b 3.1.0
• 8249202 required-fields: inline fragments without a field ancestor (chore(deps-dev): bump eslint from 8.13.0 to 8.14.0 github/eslint-plugin-github#240)
• d9aa7a4 Updating CHANGELOG.md (chore(deps): bump @typescript-eslint/parser from 5.22.0 to 5.23.0 github/eslint-plugin-github#249)
• 2a67417 Always guard against undefined type in fieldAvailableOnType (chore(deps): bump @typescript-eslint/parser from 5.21.0 to 5.22.0 github/eslint-plugin-github#247)
• 692c92d Update dependency graphql to v14.4.2 (Plug-in github/eslint-plugin-github#220)
• 24235d8 Update dependency mocha to v6 (chore(deps-dev): bump mocha from 9.2.1 to 9.2.2 github/eslint-plugin-github#213)
• eb0e92e Update dependency eslint to v5.16.0 (chore(deps): bump @typescript-eslint/eslint-plugin from 5.14.0 to 5.15.0 github/eslint-plugin-github#218)
• e176caa Update dependency test-all-versions to v4.1.1 (chore(deps): bump prettier from 2.6.1 to 2.6.2 github/eslint-plugin-github#230)
• a2d6c07 Update dependency lodash to v4.17.13 [SECURITY] (chore(deps): bump @typescript-eslint/parser from 5.17.0 to 5.18.0 github/eslint-plugin-github#234)
• 9a653a6 Update dependency graphql-tools to v4.0.5 (chore(deps): bump @typescript-eslint/eslint-plugin from 5.19.0 to 5.20.0 github/eslint-plugin-github#239)
• afb8647 Pin dependencies (Add an example for accessing the element index in a for...of loop github/eslint-plugin-github#241)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Regular Expression Denial of Service (ReDoS)
🦉 Command Injection
🦉 Prototype Pollution