Skip to content

[Snyk] Security upgrade apollo-server from 2.3.1 to 2.25.3#10

Open
snyk-bot wants to merge 1 commit intomasterfrom
snyk-fix-096ad2118deef54bd88138d3f91309cf
Open

[Snyk] Security upgrade apollo-server from 2.3.1 to 2.25.3#10
snyk-bot wants to merge 1 commit intomasterfrom
snyk-fix-096ad2118deef54bd88138d3f91309cf

Conversation

@snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Nov 16, 2021

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 641/1000
Why? Recently disclosed, Has a fix available, CVSS 7.1		 Cross-site Scripting (XSS)
SNYK-JS-APOLLOSERVER-1912891		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: apollo-server The new version differs by 250 commits.
  • a725306 Release
  • 5069bd8 apollo-server-core: update GraphQL Playground React app
  • 378cce6 Merge pull request #5022 from apollographql/sb/custom-directive-edits
  • 851cdba Update v2 codesandbox links (#5520)
  • 18ec8e8 docs(fix typo: saem -> same) (#5474)
  • a121f86 Revert "Add 3.0 release notice to 2.0 docs (#5443)"
  • 4ccdae0 Release
  • 6f894bb Mess around more with package-lock until it's happy
  • 08c92eb Support graphql@15 in operation registry plugin (#5445)
  • 43f3b5b Clean package-lock.json (#5446)
  • 06151ad Add 3.0 release notice to 2.0 docs (#5443)
  • e456b41 renovate config: group non-major dependencies
  • c0bc794 Add AS3 preview docs to nav (#5164)
  • 0922120 Updating blog post link (#5392)
  • eefa7c2 Merge pull request #5380 from apollographql/sb/gatsby-theme
  • c926472 Bump docs theme version
  • 6a99e90 Merge pull request #5368 from hamstu/patch-1
  • 35e0de6 docs: fix small typo
  • 70a4312 Release
  • e719b78 CHANGELOG: 2.25.2
  • dc8693f Update Express types files, allow further upgrades (#5352)
  • 6b9c2a0 docs: correct link to GraphQLResolveInfo details (#5332)
  • 78ab403 Renovate: note disallowed major version bumps
  • c7bb352 Renovate: disable circleci manager

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@snyk-bot