Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

replace dset with set-value for @defer and @stream #2257

Merged
merged 1 commit into from Mar 29, 2022
Merged

replace dset with set-value for @defer and @stream #2257

merged 1 commit into from Mar 29, 2022

Conversation

acao
Copy link
Member

@acao acao commented Mar 29, 2022
edited

replace dset which is vulnerable to prototype pollution (#2256) with set-value

In order to test the fix, you must perform a @stream or @defer query like this:

query MyQuery {
  streamable @stream(if: true) {
    text
  }
}

@changeset-bot
Copy link

changeset-bot bot commented Mar 29, 2022
edited

🦋 Changeset detected

Latest commit: 39757f7

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 1 package
Name Type
graphiql Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@acao acao requested review from timsuchanek and a team March 29, 2022 14:19
@github-actions
Copy link
Contributor

github-actions bot commented Mar 29, 2022
edited

The latest changes of this PR are available as canary in npm (based on the declared changesets):

graphiql@1.8.1-canary-5353bffe.0

@acao acao force-pushed the replace-dset branch 2 times, most recently from 5ea72db to c960fc0 Compare March 29, 2022 14:29
@codecov
Copy link

codecov bot commented Mar 29, 2022
edited

Codecov Report

Merging #2257 (39757f7) into main (2d91916) will decrease coverage by 0.99%.
The diff coverage is 74.00%.

@@            Coverage Diff             @@
##             main    #2257      +/-   ##
==========================================
- Coverage   65.70%   64.71%   -1.00%     
==========================================
  Files          85       81       -4     
  Lines        5106     5314     +208     
  Branches     1631     1700      +69     
==========================================
+ Hits         3355     3439      +84     
- Misses       1747     1871     +124     
  Partials        4        4
Impacted Files Coverage Δ
packages/codemirror-graphql/src/hint.ts 94.73% <ø> (ø)
packages/codemirror-graphql/src/lint.ts 100.00% <ø> (ø)
packages/codemirror-graphql/src/results/mode.ts 47.05% <ø> (ø)
...kages/codemirror-graphql/src/utils/forEachState.ts 100.00% <ø> (ø)
...ckages/codemirror-graphql/src/utils/mode-indent.ts 0.00% <0.00%> (ø)
packages/codemirror-graphql/src/variables/hint.ts 89.70% <ø> (ø)
packages/codemirror-graphql/src/variables/mode.ts 79.48% <ø> (ø)
packages/graphiql/src/utility/fillLeafs.ts 5.33% <ø> (ø)
...kages/graphiql/src/utility/introspectionQueries.ts 100.00% <ø> (ø)
packages/graphiql/src/utility/onHasCompletion.ts 2.17% <0.00%> (ø)
... and 71 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 6317789...39757f7. Read the comment docs.

@acao acao merged commit 6cc9585 into main Mar 29, 2022
@acao acao deleted the replace-dset branch March 29, 2022 15:28
@github-actions github-actions bot mentioned this pull request Mar 29, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@timsuchanek timsuchanek Awaiting requested review from timsuchanek

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@acao