Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated @graphql-tools/prisma-loader package #8765

Merged
merged 4 commits into from Dec 27, 2022
Merged

Updated @graphql-tools/prisma-loader package #8765

merged 4 commits into from Dec 27, 2022

Conversation

aniketdd
Copy link
Contributor

Updated @graphql-tools/prisma-loader package to resolve jsonwebtoken vulnerability.

Description

Fixes High vulnerability GHSA-27h2-hvpr-p74q.
To be Merged upon @graphql-tools/prisma-loader@7.2.49 is released. (ardatan/graphql-tools#4926)

Related # (issue)

Type of change

  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Screenshots/Sandbox (if appropriate/relevant):

NA

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

  • High vulnerability was resolved using in the version 7.2.49 of @graphql-tools/prisma-loader package

Test Environment:

  • OS:MacOS
  • @graphql-codegen/cli:v2.16.1
  • NodeJS:v18.12.1

Checklist:

  • I have followed the CONTRIBUTING doc and the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

Further comments

If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution you did and what alternatives you considered, etc...

@aniketdd
Updated @graphql-tools/prisma-loader package
7dbb57b 
Updated @graphql-tools/prisma-loader package to resolve jsonwebtoken vulnerability.
@changeset-bot
Copy link

changeset-bot bot commented Dec 23, 2022
edited

🦋 Changeset detected

Latest commit: e5338bf

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 2 packages
Name Type
@graphql-codegen/cli Patch
@graphql-cli/codegen Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

saihaj
saihaj requested changes Dec 23, 2022
View reviewed changes
Copy link
Collaborator

@saihaj saihaj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Can you:

  1. run yarn so the lock file is synced
  2. run yarn changeset and add patch for this change so we can get a release out

@saihaj saihaj merged commit a9c5414 into dotansimha:master Dec 27, 2022
@github-actions github-actions bot mentioned this pull request Dec 27, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@saihaj saihaj saihaj requested changes

@obgibson obgibson obgibson approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@aniketdd @saihaj @obgibson