Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Version Packages #161

Merged
merged 1 commit into from
Feb 6, 2023
Merged

Version Packages #161

merged 1 commit into from
Feb 6, 2023

Conversation

github-actions[bot]
Copy link
Contributor

@github-actions github-actions bot commented Feb 6, 2023
edited
Loading

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@apollo/datasource-rest@5.0.2

Patch Changes

  • #159 ee018a7 Thanks @trevor-scheer! - Update http-cache-semantics package to latest patch, resolving a security
    issue.

    Unlike many security updates Apollo repos receive, this is an actual (non-dev)
    dependency of this package which means it is actually a user-facing security
    issue.

    The potential impact of this issue is limited to a DOS attack (via an
    inefficient regex).

    This security issue would only affect you if either:

    • you pass untrusted (i.e. from your users) cache-control request headers
    • you sending requests to untrusted REST server that might return malicious
      cache-control headers

    Since http-cache-semantics is a careted (^) dependency in this package, the
    security issue can (and might already) be resolved via a package-lock.json
    update within your project (possibly triggered by npm audit or another
    dependency update which has already updated its version of the package in
    question). If npm ls http-cache-semantics reveals a tree of dependencies which
    only include the 4.1.1 version (and no references to any previous versions)
    then you are currently unaffected and this patch should have (for all intents
    and purpose) no effect.

    More details available here: GHSA-rc47-6667-2j5j

  • #160 786c44f Thanks @trevor-scheer! - Add missing @apollo/utils.withrequired type dependency which is part of the
    public typings (via the AugmentedRequest type).

  • #154 bb0cff0 Thanks @JustinSomers! - Addresses duplicate content-type header bug due to upper-cased headers being forwarded. This change instead maps all headers to lowercased headers.

@codesandbox-ci
Copy link

codesandbox-ci bot commented Feb 6, 2023
edited
Loading

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

@github-actions github-actions bot force-pushed the changeset-release/main branch 2 times, most recently from 26633a3 to d139389 Compare February 6, 2023 22:29
@trevor-scheer trevor-scheer merged commit c65c14b into main Feb 6, 2023
@trevor-scheer trevor-scheer deleted the changeset-release/main branch February 6, 2023 22:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@trevor-scheer trevor-scheer trevor-scheer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@trevor-scheer