[Snyk] Upgrade: , , graphql, neo4j-driver, prettier, typescript #486
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade multiple dependencies.
👯♂ The following dependencies are linked and will therefore be updated together.ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
@apollo/server
⚠️ This is a major version upgrade, and may be a breaking change | 24 days ago
from 4.7.5 to 4.11.0 | 15 versions ahead of your current version | a month ago
on 2024-08-08
@neo4j/graphql
from 4.0.0-beta.0 to 5.5.6 | 45 versions ahead of your current version
on 2024-08-15
graphql
from 16.7.1 to 16.9.0 | 5 versions ahead of your current version | 3 months ago
on 2024-06-21
neo4j-driver
from 5.10.0 to 5.23.0 | 13 versions ahead of your current version | a month ago
on 2024-07-25
prettier
from 3.0.0 to 3.3.3 | 15 versions ahead of your current version | 2 months ago
on 2024-07-13
typescript
from 5.1.6 to 5.5.4 | 399 versions ahead of your current version | 2 months ago
on 2024-07-22
Issues fixed by the recommended upgrade:
SNYK-JS-BRACES-6838727
SNYK-JS-MICROMATCH-6838728
SNYK-JS-EXPRESS-6474509
SNYK-JS-GRAPHQL-5905181
SNYK-JS-JOSE-6419224
SNYK-JS-APOLLOSERVER-5876619
Release notes
Package name: @apollo/server
Patch Changes
4686454
]:Patch Changes
#7821
b2e15e7
Thanks @ renovate! - Non-major dependency updates#7900
86d7111
Thanks @ trevor-scheer! - Inline a small dependency that was causing build issues for ESM projectsUpdated dependencies [
b2e15e7
,86d7111
]:Patch Changes
18a3827
]:Patch Changes
5f335a5
]:Patch Changes
c7e514c
]:Package name: graphql
v16.8.2 (2024-06-12)
Bug Fix 🐞
globalThis
check and align with what bundlers can accept (@ JoviDeCroock)Internal 🏠
Committers: 2
v16.8.1 (2023-09-19)
Bug Fix 🐞
Committers: 1
v16.8.0 (2023-08-14)
New Feature 🚀
Committers: 1
v16.7.1 (2023-06-22)
📢 Big shout out to @ phryneas, who managed to reproduce this issue and come up with this fix.
Bug Fix 🐞
process.env
(@ IvanGoncharov)Committers: 1
Package name: neo4j-driver
This fix a potential issue in the
Notification
api.🔧 Fixes
Notification.description
polyfill fromGqlStatusObject
#1205🧹 Housekeeping
This release introduces preview support to the GQLStatusObject #1194 along with other ergonomic preview features. This also speeds up the driver shutdown when connections are waiting to be acquired #1196, thanks, CarsonF, for the contribution.
⭐⚠️ Preview Features
ResultSummary
#1194AbortSignal
toDriver.executeQuery
1199resultTransformer.first
#1200resultTransformer.summary
1201resultTransformers.eager
andresultTransformers.mapped
1202🔧 Fixes
🧹 Housekeeping
Fixes crashes when closing transactions when Queries are still ongoing. Thanks for your contribution, @ reckter.
🔧 Fixes
Housekeeping only.
🧹 Housekeeping
Introduces
clientCertificate
configuration as a mechanism to support mutual TLS as a second factor for authentication, currently a preview feature.⭐ New Features
🧹 Housekeeping
Introduces
auth
configuration toDriver.executeQuery
⭐ New Features
auth
configuration toDriver.executeQuery
#1177🧹 Housekeeping
Improves performance on deserialising
DateTime
. Thanks for your contribution, @ vongruenigen.👏🏼 Improvements
🔧 Fixes
neo4j-javascript
string onboltAgent.product
object 1173See release notes on the wiki
Package name: prettier
🔗 Changelog
🔗 Changelog
🔗 Changelog
diff
🔗 Release note
🔗 Changelog
.eslintrc.json
format #15947🔗 Changelog
tsconfig.json
file withjsonc
parser #15927🔗 Changelog
🔗 Changelog
Package name: typescript
For release notes, check out the release announcement.
For the complete list of fixed issues, check out the
Downloads are available on:
For release notes, check out the release announcement.
For the complete list of fixed issues, check out the
Downloads are available on:
For release notes, check out the release announcement.
For the complete list of fixed issues, check out the
Downloads are available on:
For release notes, check out the release announcement.
For the complete list of fixed issues, check out the
Downloads are available on:
For release notes, check out the release announcement.
For the complete list of fixed issues, check out the
Downloads are available on:
For release notes, check out the release announcement.
For the complete list of fixed issues, check out the
Downloads are available on:
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
[//]: # 'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"","from":"apollo/server","to":"apollo/server"},{"name":"","from":"neo4j/graphql","to":"neo4j/graphql"},{"name":"graphql","from":"16.7.1","to":"16.9.0"},{"name":"neo4j-driver","from":"5.10.0","to":"5.23.0"},{"name":"prettier","from":"3.0.0","to":"3.3.3"},{"name":"typescript","from":"5.1.6","to":"5.5.4"}],"env":"prod","hasFixes":true,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-BRACES-6838727","issue_id":"SNYK-JS-BRACES-6838727","priority_score":169,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00045},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon May 13 2024 14:36:53 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.81},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Uncontrolled resource consumption"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-MICROMATCH-6838728","issue_id":"SNYK-JS-MICROMATCH-6838728","priority_score":124,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"high"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00045},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Mon May 13 2024 14:42:05 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"high"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":5.99},{"name":"likelihood","value":2.06},{"name":"scoreVersion","value":"V5"}],"severity":"high","title":"Inefficient Regular Expression Complexity"},{"exploit_maturity":"no-known-exploit","id":"SNYK-JS-EXPRESS-6474509","issue_id":"SNYK-JS-EXPRESS-6474509","priority_score":74,"priority_score_factors":[{"name":"confidentiality","value":"low"},{"name":"integrity","value":"low"},{"name":"availability","value":"none"},{"name":"scope","value":"changed"},{"name":"exploitCodeMaturity"},{"name":"userInteraction","value":"required"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00044},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Mar 26 2024 07:34:23 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":true},{"name":"isMalicious","value":false},{"name":"businessCriticality","value":"high"},{"name":"relativeImportance","value":"medium"},{"name":"relativePopularityRank","value":99},{"name":"impact","value":4.54},{"name":"likelihood","value":1.61},{"name":"scoreVersion","value":"V5"}],"severity":"medium","title":"Open Redirect"},{"exploit_maturity":"proof-of-concept","id":"SNYK-JS-GRAPHQL-5905181","issue_id":"SNYK-JS-GRAPHQL-5905181","priority_score":89,"priority_score_factors":[{"name":"confidentiality","value":"none"},{"name":"integrity","value":"none"},{"name":"availability","value":"low"},{"name":"scope","value":"unchanged"},{"name":"exploitCodeMaturity","value":"proofOfConcept"},{"name":"userInteraction","value":"none"},{"name":"privilegesRequired","value":"none"},{"name":"attackComplexity","value":"low"},{"name":"attackVector","value":"network"},{"name":"epss","value":0.00053},{"name":"isTrending","value":false},{"name":"publicationDate","value":"Tue Sep 19 2023 09:30:14 GMT+0000 (Coordinated Universal Time)"},{"name":"isReachable","value":false},{"name":"isTransitive","value":false},{...