From 403f7483177a988ab5fc4bb42c9c9e73d9f5dcde Mon Sep 17 00:00:00 2001
From: admin-token-bot <36773031+admin-token-bot@users.noreply.github.com>
Date: Mon, 13 Feb 2023 15:22:35 +0000
Subject: [PATCH] [Snyk] Upgrade @apollo/client from 3.5.10 to 3.7.3 (#2552)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Snyk has created this PR to upgrade @apollo/client from 3.5.10 to
3.7.3.
:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
- The recommended version is **48 versions** ahead of your current
version.
- The recommended version was released **2 months ago**, on 2022-12-15.
The recommended version fixes:
Severity | Issue | PriorityScore (*) | Exploit Maturity |
:-------------------------:|:-------------------------|-------------------------|:-------------------------
| Prototype
Pollution
[SNYK-JS-LOADERUTILS-3043105](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105)
| **375/1000**
**Why?** CVSS 7.5 | No Known Exploit
| Prototype
Pollution
[SNYK-JS-LOADERUTILS-3043105](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105)
| **375/1000**
**Why?** CVSS 7.5 | No Known Exploit
| Remote Code Execution
(RCE)
[SNYK-JS-EJS-2803307](https://snyk.io/vuln/SNYK-JS-EJS-2803307) |
**375/1000**
**Why?** CVSS 7.5 | Proof of Concept
| Denial of Service
(DoS)
[SNYK-JS-DECODEURICOMPONENT-3149970](https://snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970)
| **375/1000**
**Why?** CVSS 7.5 | Proof of Concept
| Prototype
Pollution
[SNYK-JS-ASYNC-2441827](https://snyk.io/vuln/SNYK-JS-ASYNC-2441827) |
**375/1000**
**Why?** CVSS 7.5 | Proof of Concept
| Regular Expression
Denial of Service (ReDoS)
[SNYK-JS-TERSER-2806366](https://snyk.io/vuln/SNYK-JS-TERSER-2806366) |
**375/1000**
**Why?** CVSS 7.5 | No Known Exploit
| Denial of Service
(DoS)
[SNYK-JS-NWSAPI-2841516](https://snyk.io/vuln/SNYK-JS-NWSAPI-2841516) |
**375/1000**
**Why?** CVSS 7.5 | No Known Exploit
| Regular Expression
Denial of Service (ReDoS)
[SNYK-JS-LOADERUTILS-3105943](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943)
| **375/1000**
**Why?** CVSS 7.5 | No Known Exploit
| Regular Expression
Denial of Service (ReDoS)
[SNYK-JS-LOADERUTILS-3042992](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992)
| **375/1000**
**Why?** CVSS 7.5 | No Known Exploit
| Regular Expression
Denial of Service (ReDoS)
[SNYK-JS-LOADERUTILS-3105943](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943)
| **375/1000**
**Why?** CVSS 7.5 | No Known Exploit
| Regular Expression
Denial of Service (ReDoS)
[SNYK-JS-LOADERUTILS-3042992](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992)
| **375/1000**
**Why?** CVSS 7.5 | No Known Exploit
| Prototype
Pollution
[SNYK-JS-JSON5-3182856](https://snyk.io/vuln/SNYK-JS-JSON5-3182856) |
**375/1000**
**Why?** CVSS 7.5 | Proof of Concept
| Prototype
Pollution
[SNYK-JS-JSON5-3182856](https://snyk.io/vuln/SNYK-JS-JSON5-3182856) |
**375/1000**
**Why?** CVSS 7.5 | Proof of Concept
(*) Note that the real score may have changed since the PR was raised.
Release notes
Package name: @apollo/client
from @apollo/client
GitHub release notes
Commit messages
Package name: @apollo/client
- 2f79f03
Version Packages (#10341)
- b823f6c
Fix Changesets release workflow from default branch (#10370)
- 46b58e9
Fixes support for defer in mutations (#10368)
- 52d5af2
docs/updating-subscription-library-anchor-link (#10320)
- 1398e42
chore(deps): update actions/setup-node action to v3 (#10352)
- 6739721
chore(deps): update mad9000/actions-find-and-replace-string action to v3
(#10354)
- b3e4574
Update static-typing.md (#10358)
- f4f00b6
chore(deps): update dependency mocha to v10.2.0
- 0daf29f
chore(deps): update dependency @ types/node to v18.11.13
- ac7696e
chore(deps): update dependency recast to v0.22.0
- 543d687
chore(deps): update dependency @ types/node to v18.11.12
- 14857a5
chore(deps): update dependency @ types/jest to v29.2.4
- 7819c51
chore(deps): update dependency @ graphql-tools/schema to v9.0.12
- c02a17b
chore(changesets): run changeset-version in prerelease workflow
- 6cf377f
Changesets updates (#10342)
- 7d92393
Better handle cached data with deferred queries (#10334)
- f982a8d
Introduce Changesets (#10337)
- 7bff5ac
Roadmap updates (#10336)
- 21c7d26
Exclude "cursor" argument to prevent separate cache instance
(#10144)
- 9f8fae1
chore(deps): update dependency jest-junit to v15 (#10301)
- a557704
chore(deps): update dependency @ types/node to v18 (#9840)
- ce86613
Bump @ apollo/client npm version to 3.7.2.
- 365fcea
chore: update CHANGELOG in preparation for 3.7.2 (#10335)
- 39d83c9
chore(deps): update dependency @ types/react to v18.0.26
Compare
**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*
For more information:
🧐 [View latest project
report](https://app.snyk.io/org/sandbox-2ba/project/9043c51f-3f0d-45c6-8455-b658274f2872?utm_source=github&utm_medium=referral&page=upgrade-pr)
🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/sandbox-2ba/project/9043c51f-3f0d-45c6-8455-b658274f2872/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/sandbox-2ba/project/9043c51f-3f0d-45c6-8455-b658274f2872/settings/integration?pkg=@apollo/client&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
Co-authored-by: snyk-bot
---
examples/web/package.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/examples/web/package.json b/examples/web/package.json
index 1280562a37..d5135e3209 100644
--- a/examples/web/package.json
+++ b/examples/web/package.json
@@ -3,7 +3,7 @@
"version": "0.1.0",
"private": true,
"dependencies": {
- "@apollo/client": "^3.5.9",
+ "@apollo/client": "^3.7.3",
"@testing-library/jest-dom": "^5.16.2",
"@testing-library/react": "^12.1.2",
"@testing-library/user-event": "^13.5.0",