A due release of graphql-voyager@1.0.0-rc.31+

Question

A due release of graphql-voyager@1.0.0-rc.31+

glensc opened this issue a year ago · comments

Would be nice to get some release out to shut out snyk security scan:

➜ snyk test --severity=medium

Issues with no direct upgrade or patch:
  ✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-NODEFETCH-2342118] in node-fetch@1.7.3
    introduced by graphql-voyager@1.0.0-rc.31 > @material-ui/core@3.9.4 > recompose@0.30.0 > fbjs@0.8.17 > isomorphic-fetch@2.2.1 > node-fetch@1.7.3
  This issue was fixed in versions: 2.6.7, 3.1.1
  ✗ Denial of Service [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-NODEFETCH-674311] in node-fetch@1.7.3
    introduced by graphql-voyager@1.0.0-rc.31 > @material-ui/core@3.9.4 > recompose@0.30.0 > fbjs@0.8.17 > isomorphic-fetch@2.2.1 > node-fetch@1.7.3
  This issue was fixed in versions: 2.6.1, 3.0.0-beta.9
  ✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450] in ua-parser-js@0.7.31
    introduced by graphql-voyager@1.0.0-rc.31 > @material-ui/core@3.9.4 > recompose@0.30.0 > fbjs@0.8.17 > ua-parser-js@0.7.31
  This issue was fixed in versions: 0.7.33, 1.0.33

ps: graphql-voyager@1.0.0-rc.31 tag is missing from github:

https://github.com/IvanGoncharov/graphql-voyager/tags

Ivan Goncharov · Answer 1 · Sat Mar 18 2023 18:35:50 GMT+0800 (China Standard Time)

@glensc Thanks for reporting 👍
I pushed the missing tag and released v1.0.0 since it was long overdue.