Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Version Packages #2254

Merged
merged 1 commit into from
Mar 29, 2022
Merged

Version Packages #2254

merged 1 commit into from
Mar 29, 2022

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Mar 27, 2022
edited

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

graphiql@1.8.1

Patch Changes

  • #2257 6cc95851 Thanks @acao! - security fix: replace the vulnerable dset dependency with set-value

    dset is vulnerable to prototype pollution attacks. this is only possible if you are doing all of the following:

    1. running graphiql with an experimental graphql-js release tag that supports @stream and @defer
    2. executing a properly @streamed or @deferred query ala IncrementalDelivery spec, with multipart chunks
    3. consuming a malicious schema that contains field names like proto, prototype, or constructor that return malicious data designed to exploit a prototype pollution attack

monaco-graphql@1.0.14

Patch Changes

  • #2253 63177891 Thanks @acao! - fix worker + n problem when changing config (schema, etc) in monaco-graphql

@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Mar 27, 2022
edited

CLA Not Signed

@acao acao merged commit 3232dc9 into main Mar 29, 2022
@acao acao deleted the changeset-release/main branch March 29, 2022 15:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@acao