A due release of graphql-voyager@1.0.0-rc.31+
glensc opened this issue · comments
Would be nice to get some release out to shut out snyk security scan:
➜ snyk test --severity=medium
Issues with no direct upgrade or patch:
✗ Information Exposure [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-NODEFETCH-2342118] in node-fetch@1.7.3
introduced by graphql-voyager@1.0.0-rc.31 > @material-ui/core@3.9.4 > recompose@0.30.0 > fbjs@0.8.17 > isomorphic-fetch@2.2.1 > node-fetch@1.7.3
This issue was fixed in versions: 2.6.7, 3.1.1
✗ Denial of Service [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-NODEFETCH-674311] in node-fetch@1.7.3
introduced by graphql-voyager@1.0.0-rc.31 > @material-ui/core@3.9.4 > recompose@0.30.0 > fbjs@0.8.17 > isomorphic-fetch@2.2.1 > node-fetch@1.7.3
This issue was fixed in versions: 2.6.1, 3.0.0-beta.9
✗ Regular Expression Denial of Service (ReDoS) [Medium Severity][https://security.snyk.io/vuln/SNYK-JS-UAPARSERJS-3244450] in ua-parser-js@0.7.31
introduced by graphql-voyager@1.0.0-rc.31 > @material-ui/core@3.9.4 > recompose@0.30.0 > fbjs@0.8.17 > ua-parser-js@0.7.31
This issue was fixed in versions: 0.7.33, 1.0.33
ps: graphql-voyager@1.0.0-rc.31
tag is missing from github:
@glensc Thanks for reporting 👍
I pushed the missing tag and released v1.0.0
since it was long overdue.