-
-
Notifications
You must be signed in to change notification settings - Fork 103
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security vulnerability in transitive dependencies #2423
Comments
It seems the a recent version (>5) of graphql-config does not have this dependency chain anymore, and it was already updated in 296f700 so a fresh release of |
@dimaMachina What are the plans for a new release? The last release was almost a year ago. |
@dimaMachina @dotansimha Also seeing this issue also through npm, is it possible to get a release? |
Hi @comatory @dimaMachina, any plans for a new release to fix security vulnerabilities? |
For the ones that needs it fixed without waiting for a new release, you can override the For yarn just add this to package.json : For npm: You will still get a warn saying the versions are incompatible, but the errors go away. |
Issue workflow progress
Progress of the issue based on the
Contributor Workflow
1. The issue provides a reproduction available on GitHub, Stackblitz or CodeSandbox
2. A failing test has been provided
3. A local solution has been provided
4. A pull request is pending review
Describe the bug
Dependabot is reporting a transitive dependency needs updating:
It would be great if graphql-eslint could update its dependencies on graphql-tools once they release their updates.
They updated their version of
ws
in the last week:ardatan/graphql-tools#6273
To Reproduce Steps to reproduce the behavior:
Expected behavior
No more vulnerability in transitive dependencies!
Thanks!
The text was updated successfully, but these errors were encountered: