fix(deps): update dependency graphql to v16.8.1 [security] (#9228)

[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [graphql](https://github.com/graphql/graphql-js) | [`16.8.0` -> `16.8.1`](https://renovatebot.com/diffs/npm/graphql/16.8.0/16.8.1) | [![age](https://developer.mend.io/api/mc/badges/age/npm/graphql/16.8.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/graphql/16.8.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/graphql/16.8.0/16.8.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/graphql/16.8.0/16.8.1?slim=true)](https://docs.renovatebot.com/merge-confidence/) | Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance. **Note:** It was not proven that this vulnerability can crash the process. --- <details> <summary>graphql/graphql-js (graphql)</summary> [`v16.8.1`](https://github.com/graphql/graphql-js/releases/tag/v16.8.1) [Compare Source](https://github.com/graphql/graphql-js/compare/v16.8.0...v16.8.1) - [#3967](https://github.com/graphql/graphql-js/pull/3967) OverlappingFieldsCanBeMergedRule: Fix performance degradation ([@AaronMoat](https://github.com/AaronMoat)) - Aaron Moat([@AaronMoat](https://github.com/AaronMoat)) </details> --- 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/redwoodjs/redwood).  Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
redwoodjs · Sep 21, 2023 · fe83c98 · fe83c98
1 parent a2741d0
commit fe83c98
Show file tree

Hide file tree

Showing 11 changed files with 27 additions and 27 deletions.
diff --git a/packages/babel-config/package.json b/packages/babel-config/package.json
@@ -40,7 +40,7 @@
     "babel-plugin-module-resolver": "5.0.0",
     "core-js": "3.32.2",
     "fast-glob": "3.3.1",
-    "graphql": "16.8.0",
+    "graphql": "16.8.1",
     "typescript": "5.2.2"
   },
   "devDependencies": {

diff --git a/packages/codemods/package.json b/packages/codemods/package.json
@@ -39,7 +39,7 @@
     "deepmerge": "4.3.1",
     "execa": "5.1.1",
     "fast-glob": "3.3.1",
-    "graphql": "16.8.0",
+    "graphql": "16.8.1",
     "jest": "29.7.0",
     "jscodeshift": "0.15.0",
     "pascalcase": "1.0.0",

diff --git a/packages/forms/package.json b/packages/forms/package.json
@@ -38,15 +38,15 @@
     "@types/react": "18.2.14",
     "@types/react-dom": "18.2.6",
     "@types/testing-library__jest-dom": "5.14.8",
-    "graphql": "16.8.0",
+    "graphql": "16.8.1",
     "jest": "29.7.0",
     "nodemon": "2.0.22",
     "react": "18.2.0",
     "react-dom": "18.2.0",
     "typescript": "5.2.2"
   },
   "peerDependencies": {
-    "graphql": "16.8.0",
+    "graphql": "16.8.1",
     "react": "18.2.0"
   },
   "gitHead": "3905ed045508b861b495f8d5630d76c7a157d8f1"

diff --git a/packages/graphql-server/package.json b/packages/graphql-server/package.json
@@ -35,7 +35,7 @@
     "@opentelemetry/api": "1.4.1",
     "@redwoodjs/api": "6.3.0",
     "core-js": "3.32.2",
-    "graphql": "16.8.0",
+    "graphql": "16.8.1",
     "graphql-scalars": "1.22.2",
     "graphql-tag": "2.12.6",
     "graphql-yoga": "4.0.2",

diff --git a/packages/internal/package.json b/packages/internal/package.json
@@ -51,7 +51,7 @@
     "esbuild": "0.18.19",
     "fast-glob": "3.3.1",
     "fs-extra": "11.1.1",
-    "graphql": "16.8.0",
+    "graphql": "16.8.1",
     "kill-port": "1.6.1",
     "prettier": "2.8.8",
     "rimraf": "5.0.1",

diff --git a/packages/prerender/package.json b/packages/prerender/package.json
@@ -35,7 +35,7 @@
     "babel-plugin-ignore-html-and-css-imports": "0.1.0",
     "cheerio": "1.0.0-rc.12",
     "core-js": "3.32.2",
-    "graphql": "16.8.0",
+    "graphql": "16.8.1",
     "mime-types": "2.1.35"
   },
   "devDependencies": {

diff --git a/packages/realtime/package.json b/packages/realtime/package.json
@@ -30,7 +30,7 @@
     "@graphql-yoga/subscription": "4.0.0",
     "@n1ru4l/graphql-live-query": "0.10.0",
     "@n1ru4l/in-memory-live-query-store": "0.10.0",
-    "graphql": "16.8.0",
+    "graphql": "16.8.1",
     "ioredis": "5.3.2"
   },
   "devDependencies": {

diff --git a/packages/structure/package.json b/packages/structure/package.json
@@ -41,7 +41,7 @@
     "dotenv-defaults": "5.0.2",
     "enquirer": "2.4.1",
     "fast-glob": "3.3.1",
-    "graphql": "16.8.0",
+    "graphql": "16.8.1",
     "lazy-get-decorator": "2.2.1",
     "line-column": "1.0.2",
     "lodash": "4.17.21",

diff --git a/packages/studio/package.json b/packages/studio/package.json
@@ -37,7 +37,7 @@
     "fast-json-parse": "1.0.3",
     "fastify": "4.23.2",
     "fastify-raw-body": "4.2.2",
-    "graphql": "16.8.0",
+    "graphql": "16.8.1",
     "graphql-scalars": "1.22.2",
     "graphql-yoga": "3.9.1",
     "jsonwebtoken": "9.0.0",
@@ -84,7 +84,7 @@
     "aws-lambda": "1.0.7",
     "buffer": "6.0.3",
     "graphiql": "2.4.7",
-    "graphql": "16.8.0",
+    "graphql": "16.8.1",
     "graphql-scalars": "1.22.2",
     "jest": "29.7.0",
     "json-bigint-patch": "0.0.8",

diff --git a/packages/web/package.json b/packages/web/package.json
@@ -39,7 +39,7 @@
     "@babel/runtime-corejs3": "7.22.15",
     "@redwoodjs/auth": "6.3.0",
     "core-js": "3.32.2",
-    "graphql": "16.8.0",
+    "graphql": "16.8.1",
     "graphql-tag": "2.12.6",
     "react-helmet-async": "1.3.0",
     "react-hot-toast": "2.4.1",

diff --git a/yarn.lock b/yarn.lock
@@ -8359,7 +8359,7 @@ __metadata:
     core-js: 3.32.2
     esbuild: 0.18.19
     fast-glob: 3.3.1
-    graphql: 16.8.0
+    graphql: 16.8.1
     jest: 29.7.0
     typescript: 5.2.2
   languageName: unknown
@@ -8540,7 +8540,7 @@ __metadata:
     execa: 5.1.1
     fast-glob: 3.3.1
     fs-extra: 11.1.1
-    graphql: 16.8.0
+    graphql: 16.8.1
     jest: 29.7.0
     jscodeshift: 0.15.0
     pascalcase: 1.0.0
@@ -8695,7 +8695,7 @@ __metadata:
     "@types/react-dom": 18.2.6
     "@types/testing-library__jest-dom": 5.14.8
     core-js: 3.32.2
-    graphql: 16.8.0
+    graphql: 16.8.1
     jest: 29.7.0
     nodemon: 2.0.22
     pascalcase: 1.0.0
@@ -8704,7 +8704,7 @@ __metadata:
     react-hook-form: 7.46.1
     typescript: 5.2.2
   peerDependencies:
-    graphql: 16.8.0
+    graphql: 16.8.1
     react: 18.2.0
   languageName: unknown
   linkType: soft
@@ -8737,7 +8737,7 @@ __metadata:
     "@whatwg-node/fetch": 0.9.9
     aws-lambda: 1.0.7
     core-js: 3.32.2
-    graphql: 16.8.0
+    graphql: 16.8.1
     graphql-scalars: 1.22.2
     graphql-tag: 2.12.6
     graphql-yoga: 4.0.2
@@ -8779,7 +8779,7 @@ __metadata:
     esbuild: 0.18.19
     fast-glob: 3.3.1
     fs-extra: 11.1.1
-    graphql: 16.8.0
+    graphql: 16.8.1
     graphql-tag: 2.12.6
     jest: 29.7.0
     kill-port: 1.6.1
@@ -8903,7 +8903,7 @@ __metadata:
     babel-plugin-tester: 11.0.4
     cheerio: 1.0.0-rc.12
     core-js: 3.32.2
-    graphql: 16.8.0
+    graphql: 16.8.1
     jest: 29.7.0
     mime-types: 2.1.35
     typescript: 5.2.2
@@ -8943,7 +8943,7 @@ __metadata:
     "@n1ru4l/graphql-live-query": 0.10.0
     "@n1ru4l/in-memory-live-query-store": 0.10.0
     esbuild: 0.18.19
-    graphql: 16.8.0
+    graphql: 16.8.1
     ioredis: 5.3.2
     jest: 29.7.0
     nodemon: 2.0.22
@@ -9016,7 +9016,7 @@ __metadata:
     dotenv-defaults: 5.0.2
     enquirer: 2.4.1
     fast-glob: 3.3.1
-    graphql: 16.8.0
+    graphql: 16.8.1
     jest: 29.7.0
     lazy-get-decorator: 2.2.1
     line-column: 1.0.2
@@ -9084,7 +9084,7 @@ __metadata:
     fastify: 4.23.2
     fastify-raw-body: 4.2.2
     graphiql: 2.4.7
-    graphql: 16.8.0
+    graphql: 16.8.1
     graphql-scalars: 1.22.2
     graphql-yoga: 3.9.1
     jest: 29.7.0
@@ -9250,7 +9250,7 @@ __metadata:
     "@types/react-dom": 18.2.6
     "@types/testing-library__jest-dom": 5.14.8
     core-js: 3.32.2
-    graphql: 16.8.0
+    graphql: 16.8.1
     graphql-tag: 2.12.6
     jest: 29.7.0
     jest-runner-tsd: 5.0.0
@@ -21463,10 +21463,10 @@ __metadata:
   languageName: node
   linkType: hard
 
-"graphql@npm:16.8.0, graphql@npm:^15.0.0 || ^16.0.0, graphql@npm:^16.0.0":
-  version: 16.8.0
-  resolution: "graphql@npm:16.8.0"
-  checksum: f7ca0302e8d658012db90b428ec66c1453afe53fbffa21404a28b5bdec5b0e88641d38416ef3d582acad7ddde2effe729e2b050a1483a2e9d4a6111e892e4903
+"graphql@npm:16.8.1, graphql@npm:^15.0.0 || ^16.0.0, graphql@npm:^16.0.0":
+  version: 16.8.1
+  resolution: "graphql@npm:16.8.1"
+  checksum: 129c318156b466f440914de80dbf7bc67d17f776f2a088a40cb0da611d19a97c224b1c6d2b13cbcbc6e5776e45ed7468b8432f9c3536724e079b44f1a3d57a8a
   languageName: node
   linkType: hard