-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Upgrade graphql-tag from 2.11.0 to 2.12.1 #11
base: master
Are you sure you want to change the base?
Conversation
Snyk has created this PR to upgrade graphql-tag from 2.11.0 to 2.12.1. See this package in npm: https://www.npmjs.com/package/graphql-tag See this project in Snyk: https://app.snyk.io/org/turkdevops/project/18f99a0f-7bc6-4939-b136-a6db015fc290?utm_source=github&utm_medium=upgrade-pr
Thanks for your submission. It appears that you've created a pull request using one of our repository's branches. Since this is Thanks again! |
*Ruff* 🐶 The test environment for this pull request has been destroyed 💥 This may have happened explicitly via a command, because the environment expired, or because the pull request was closed. What is this?Pull Dog is a GitHub app that makes test environments for your pull requests using Docker, from a Visit our website to learn more. Commands
TroubleshootingNeed help? Don't hesitate to file an issue in our repository Configuration {
"isLazy": false,
"dockerComposeYmlFilePaths": [
"docker-compose.yml"
],
"expiry": "00:00:00",
"conversationMode": "singleComment"
} Trace ID |
Hard-Coded Secrets (16)
graphql-tools/packages/loaders/prisma/src/prisma-yml/__snapshots__/Environment.test.ts.snap Line 127 in a797d98
graphql-tools/packages/loaders/prisma/src/prisma-yml/__snapshots__/Environment.test.ts.snap Line 150 in a797d98
graphql-tools/packages/loaders/prisma/src/prisma-yml/__snapshots__/PrismaDefinition.test.ts.snap Line 127 in a797d98
graphql-tools/packages/loaders/prisma/src/prisma-yml/__snapshots__/PrismaDefinition.test.ts.snap Line 150 in a797d98
More info on how to fix Hard-Coded Secrets in General. Insecure Use of Dangerous Function (12)Line 7 in a797d98
graphql-tools/scripts/build-api-docs.js Line 34 in a797d98
More info on how to fix Insecure Use of Dangerous Function in Javascript and Typescript. Insecure File Management (33)graphql-tools/scripts/build-api-docs.js Line 74 in a797d98
graphql-tools/scripts/build-api-docs.js Line 82 in a797d98
graphql-tools/scripts/build-api-docs.js Line 86 in a797d98
graphql-tools/scripts/build-api-docs.js Line 90 in a797d98
graphql-tools/scripts/build-api-docs.js Line 111 in a797d98
graphql-tools/scripts/build-api-docs.js Line 120 in a797d98
graphql-tools/scripts/build-api-docs.js Line 130 in a797d98
graphql-tools/scripts/build-api-docs.js Line 134 in a797d98
graphql-tools/scripts/build-api-docs.js Line 168 in a797d98
graphql-tools/scripts/build-api-docs.js Line 172 in a797d98
More info on how to fix Insecure File Management in Javascript and Typescript. Insecure Use of Crypto (13)
More info on how to fix Insecure Use of Crypto in Typescript. Insecure Access Control (5)
More info on how to fix Insecure Access Control in Typescript. Insecure Use of Regular Expressions (3)More info on how to fix Insecure Use of Regular Expressions in Typescript. 👉 Go to the dashboard for detailed results. 📥 Happy? Share your feedback with us. |
Snyk has created this PR to upgrade graphql-tag from 2.11.0 to 2.12.1.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
Release notes
Package name: graphql-tag
Bump npm version to 2.12.1.
Bump npm version to 2.12.0.
package.json
sideEffects
changes to clearly identify thatgraphql-tag
doesn't have side effects.@ hwillson in #313
Commit messages
Package name: graphql-tag
Compare
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
🧐 View latest project report
🛠 Adjust upgrade PR settings
🔕 Ignore this dependency or unsubscribe from future upgrade PRs