Skip to content

Commit d25c1e1

Browse files
wschurmanwschurman
authored
fix: upgrade Apollo server for security advisory (#38)
1 parent 509b590 commit d25c1e1

File tree

2 files changed

+109
-74
lines changed

2 files changed

+109
-74
lines changed

packages/entity-example/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@
2323
"license": "MIT",
2424
"dependencies": {
2525
"@expo/entity": "^0.4.0",
26-
"apollo-server-koa": "^2.13.0",
26+
"apollo-server-koa": "^2.14.2",
2727
"graphql": "^15.0.0",
2828
"koa": "^2.11.0",
2929
"koa-body": "^4.1.1",

yarn.lock

Lines changed: 108 additions & 73 deletions
Original file line numberDiff line numberDiff line change
@@ -311,17 +311,17 @@
311311
which "^1.3.1"
312312

313313
"@expo/entity-cache-adapter-redis@file:packages/entity-cache-adapter-redis":
314-
version "0.3.0"
314+
version "0.4.0"
315315
dependencies:
316316
ioredis "^4.16.1"
317317

318318
"@expo/entity-database-adapter-knex@file:packages/entity-database-adapter-knex":
319-
version "0.3.0"
319+
version "0.4.0"
320320
dependencies:
321321
knex "^0.20.11"
322322

323323
"@expo/entity@file:packages/entity":
324-
version "0.3.0"
324+
version "0.4.0"
325325
dependencies:
326326
"@expo/results" "^0.3.0"
327327
dataloader "^2.0.0"
@@ -1949,42 +1949,43 @@ anymatch@^2.0.0:
19491949
micromatch "^3.1.4"
19501950
normalize-path "^2.1.1"
19511951

1952-
apollo-cache-control@^0.10.0:
1953-
version "0.10.0"
1954-
resolved "https://registry.yarnpkg.com/apollo-cache-control/-/apollo-cache-control-0.10.0.tgz#ed056d1ce4fb520cab584890a2132a8429f346a1"
1955-
integrity sha512-UIcPlrPdRTOKrF7kc5/WD5i6EVkGEEqgOK/fMj92fnnxR1KnQDiN82lqaxu02eZJvWjFJjik0JVJNXKOJXVrpQ==
1952+
apollo-cache-control@^0.11.0:
1953+
version "0.11.0"
1954+
resolved "https://registry.yarnpkg.com/apollo-cache-control/-/apollo-cache-control-0.11.0.tgz#7075492d04c5424e7c6769380b503e8f75b39d61"
1955+
integrity sha512-dmRnQ9AXGw2SHahVGLzB/p4UW/taFBAJxifxubp8hqY5p9qdlSu4MPRq8zvV2ULMYf50rBtZyC4C+dZLqmHuHQ==
19561956
dependencies:
1957-
apollo-server-env "^2.4.3"
1958-
graphql-extensions "^0.12.0"
1957+
apollo-server-env "^2.4.4"
1958+
apollo-server-plugin-base "^0.9.0"
19591959

1960-
apollo-datasource@^0.7.0:
1961-
version "0.7.0"
1962-
resolved "https://registry.yarnpkg.com/apollo-datasource/-/apollo-datasource-0.7.0.tgz#2a6d82edb2eba21b4ddf21877009ba39ff821945"
1963-
integrity sha512-Yja12BgNQhzuFGG/5Nw2MQe0hkuQy2+9er09HxeEyAf2rUDIPnhPrn1MDoZTB8MU7UGfjwITC+1ofzKkkrZobA==
1960+
apollo-datasource@^0.7.1:
1961+
version "0.7.1"
1962+
resolved "https://registry.yarnpkg.com/apollo-datasource/-/apollo-datasource-0.7.1.tgz#0b06da999ace50b7f5fe509f2a03f7de97974334"
1963+
integrity sha512-h++/jQAY7GA+4TBM+7ezvctFmmGNLrAPf51KsagZj+NkT9qvxp585rdsuatynVbSl59toPK2EuVmc6ilmQHf+g==
19641964
dependencies:
19651965
apollo-server-caching "^0.5.1"
1966-
apollo-server-env "^2.4.3"
1966+
apollo-server-env "^2.4.4"
19671967

1968-
apollo-engine-reporting-protobuf@^0.5.0:
1969-
version "0.5.0"
1970-
resolved "https://registry.yarnpkg.com/apollo-engine-reporting-protobuf/-/apollo-engine-reporting-protobuf-0.5.0.tgz#69fae95cdeacb39b9ff06851420cc2c2a7b9fc8b"
1971-
integrity sha512-OgMwtLcuL+YAaO2xgkPbnRJnISLDSNE5F11p7oq+1ws+ws71CPfHAthDCxSObCPSALdhsLAGD0v3u3soBuNmMg==
1968+
apollo-engine-reporting-protobuf@^0.5.1:
1969+
version "0.5.1"
1970+
resolved "https://registry.yarnpkg.com/apollo-engine-reporting-protobuf/-/apollo-engine-reporting-protobuf-0.5.1.tgz#b6e66e6e382f9bcdc2ac8ed168b047eb1470c1a8"
1971+
integrity sha512-TSfr9iAaInV8dhXkesdcmqsthRkVcJkzznmiM+1Ob/GScK7r6hBYCjVDt2613EHAg9SUzTOltIKlGD+N+GJRUw==
19721972
dependencies:
19731973
"@apollo/protobufjs" "^1.0.3"
19741974

1975-
apollo-engine-reporting@^1.8.0:
1976-
version "1.8.0"
1977-
resolved "https://registry.yarnpkg.com/apollo-engine-reporting/-/apollo-engine-reporting-1.8.0.tgz#46a098fe4625b8c9f8866cc9601b3e2ab4ac4db3"
1978-
integrity sha512-VPVpIGW6lbYXga6sqq/fG8ZaPR70bFuxvCov6X0npuVQPXwgZrzBp50cHx9uIaBVxDDxD3leeznsQbmF37RAww==
1975+
apollo-engine-reporting@^2.0.0:
1976+
version "2.0.0"
1977+
resolved "https://registry.yarnpkg.com/apollo-engine-reporting/-/apollo-engine-reporting-2.0.0.tgz#af007b4a8a481fa97baef0eac51a7824f1ec3310"
1978+
integrity sha512-FvNwORsh3nxEfvQqd2xbd468a0q/R3kYar/Bk6YQdBX5qwqUhqmOcOSxLFk8Zb77HpwHij5CPpPWJb53TU1zcA==
19791979
dependencies:
1980-
apollo-engine-reporting-protobuf "^0.5.0"
1980+
apollo-engine-reporting-protobuf "^0.5.1"
19811981
apollo-graphql "^0.4.0"
19821982
apollo-server-caching "^0.5.1"
1983-
apollo-server-env "^2.4.3"
1983+
apollo-server-env "^2.4.4"
19841984
apollo-server-errors "^2.4.1"
1985-
apollo-server-types "^0.4.0"
1985+
apollo-server-plugin-base "^0.9.0"
1986+
apollo-server-types "^0.5.0"
19861987
async-retry "^1.2.1"
1987-
graphql-extensions "^0.12.0"
1988+
uuid "^8.0.0"
19881989

19891990
apollo-env@^0.6.4:
19901991
version "0.6.4"
@@ -2021,26 +2022,26 @@ apollo-server-caching@^0.5.1:
20212022
dependencies:
20222023
lru-cache "^5.0.0"
20232024

2024-
apollo-server-core@^2.13.0:
2025-
version "2.13.0"
2026-
resolved "https://registry.yarnpkg.com/apollo-server-core/-/apollo-server-core-2.13.0.tgz#d0273781d37d46dca0e96944dd25ac845094b1ec"
2027-
integrity sha512-PqfsexbyObaQYb2jODs8v/XzrJcn+5mh0jA8ZfQCg5GENlua/CjeTZbRm2X0p3qpwc2E5jFAXSshrIWvhQAGZQ==
2025+
apollo-server-core@^2.14.2:
2026+
version "2.14.2"
2027+
resolved "https://registry.yarnpkg.com/apollo-server-core/-/apollo-server-core-2.14.2.tgz#4ab055b96b8be7821a726c81e8aa412deb7f3644"
2028+
integrity sha512-8G6Aoz+k+ecuQco1KNLFbMrxhe/8uR4AOaOYEvT/N5m/6lrkPYzvBAxbpRIub5AxEwpBPcIrI452rR3PD9DItA==
20282029
dependencies:
20292030
"@apollographql/apollo-tools" "^0.4.3"
20302031
"@apollographql/graphql-playground-html" "1.6.24"
20312032
"@types/graphql-upload" "^8.0.0"
20322033
"@types/ws" "^7.0.0"
2033-
apollo-cache-control "^0.10.0"
2034-
apollo-datasource "^0.7.0"
2035-
apollo-engine-reporting "^1.8.0"
2034+
apollo-cache-control "^0.11.0"
2035+
apollo-datasource "^0.7.1"
2036+
apollo-engine-reporting "^2.0.0"
20362037
apollo-server-caching "^0.5.1"
2037-
apollo-server-env "^2.4.3"
2038+
apollo-server-env "^2.4.4"
20382039
apollo-server-errors "^2.4.1"
2039-
apollo-server-plugin-base "^0.8.0"
2040-
apollo-server-types "^0.4.0"
2041-
apollo-tracing "^0.10.0"
2040+
apollo-server-plugin-base "^0.9.0"
2041+
apollo-server-types "^0.5.0"
2042+
apollo-tracing "^0.11.0"
20422043
fast-json-stable-stringify "^2.0.0"
2043-
graphql-extensions "^0.12.0"
2044+
graphql-extensions "^0.12.2"
20442045
graphql-tag "^2.9.2"
20452046
graphql-tools "^4.0.0"
20462047
graphql-upload "^8.0.2"
@@ -2049,10 +2050,10 @@ apollo-server-core@^2.13.0:
20492050
subscriptions-transport-ws "^0.9.11"
20502051
ws "^6.0.0"
20512052

2052-
apollo-server-env@^2.4.3:
2053-
version "2.4.3"
2054-
resolved "https://registry.yarnpkg.com/apollo-server-env/-/apollo-server-env-2.4.3.tgz#9bceedaae07eafb96becdfd478f8d92617d825d2"
2055-
integrity sha512-23R5Xo9OMYX0iyTu2/qT0EUb+AULCBriA9w8HDfMoChB8M+lFClqUkYtaTTHDfp6eoARLW8kDBhPOBavsvKAjA==
2053+
apollo-server-env@^2.4.4:
2054+
version "2.4.4"
2055+
resolved "https://registry.yarnpkg.com/apollo-server-env/-/apollo-server-env-2.4.4.tgz#12d2d0896dcb184478cba066c7a683ab18689ca1"
2056+
integrity sha512-c2oddDS3lwAl6QNCIKCLEzt/dF9M3/tjjYRVdxOVN20TidybI7rAbnT4QOzf4tORnGXtiznEAvr/Kc9ahhKADg==
20562057
dependencies:
20572058
node-fetch "^2.1.2"
20582059
util.promisify "^1.0.0"
@@ -2062,10 +2063,10 @@ apollo-server-errors@^2.4.1:
20622063
resolved "https://registry.yarnpkg.com/apollo-server-errors/-/apollo-server-errors-2.4.1.tgz#16ad49de6c9134bfb2b7dede9842e73bb239dbe2"
20632064
integrity sha512-7oEd6pUxqyWYUbQ9TA8tM0NU/3aGtXSEibo6+txUkuHe7QaxfZ2wHRp+pfT1LC1K3RXYjKj61/C2xEO19s3Kdg==
20642065

2065-
apollo-server-koa@^2.13.0:
2066-
version "2.13.0"
2067-
resolved "https://registry.yarnpkg.com/apollo-server-koa/-/apollo-server-koa-2.13.0.tgz#c0bb58881c36ac1925e150180b522c5ea3c31f24"
2068-
integrity sha512-tNtDWvJWmOMJRX8Szo7lzWw7K+1l4j4Sc+Y2ZGfr83qSGi0CJM87DoRIPsCNXD2AQwiTJC2f8zKByVpS6NsoFQ==
2066+
apollo-server-koa@^2.14.2:
2067+
version "2.14.2"
2068+
resolved "https://registry.yarnpkg.com/apollo-server-koa/-/apollo-server-koa-2.14.2.tgz#95d098dd6cf831e2e466908956c2dee8b8b6d59b"
2069+
integrity sha512-pQuQPQeIkUdsjn3anRN5y1nZSM+tu/H2rCLae3l2gBZknj8ABJ20EeBKFjnB2/6OuHo3FQJSZVt9zeRbMfWKSw==
20692070
dependencies:
20702071
"@apollographql/graphql-playground-html" "1.6.24"
20712072
"@koa/cors" "^2.2.1"
@@ -2076,39 +2077,39 @@ apollo-server-koa@^2.13.0:
20762077
"@types/koa-compose" "^3.2.2"
20772078
"@types/koa__cors" "^2.2.1"
20782079
accepts "^1.3.5"
2079-
apollo-server-core "^2.13.0"
2080-
apollo-server-types "^0.4.0"
2080+
apollo-server-core "^2.14.2"
2081+
apollo-server-types "^0.5.0"
20812082
graphql-subscriptions "^1.0.0"
20822083
graphql-tools "^4.0.0"
2083-
koa "2.11.0"
2084+
koa "2.12.0"
20842085
koa-bodyparser "^4.2.1"
20852086
koa-compose "^4.1.0"
20862087
koa-router "^7.4.0"
20872088
type-is "^1.6.16"
20882089

2089-
apollo-server-plugin-base@^0.8.0:
2090-
version "0.8.0"
2091-
resolved "https://registry.yarnpkg.com/apollo-server-plugin-base/-/apollo-server-plugin-base-0.8.0.tgz#6ab055f5fd18b0c225643aafc46787d622e0a47c"
2092-
integrity sha512-H8sJlOVJrF0IhYIFMv7NOgB6BFgqobXSZrj1y9ju6dq13OotsqcZC4fJOYc9oWzb/+/mqg/odtVioE71mj68yg==
2090+
apollo-server-plugin-base@^0.9.0:
2091+
version "0.9.0"
2092+
resolved "https://registry.yarnpkg.com/apollo-server-plugin-base/-/apollo-server-plugin-base-0.9.0.tgz#777f720a1ee827a66b8c159073ca30645f8bc625"
2093+
integrity sha512-LWcPrsy2+xqwlNseh/QaGa/MPNopS8c4qGgh0g0cAn0lZBRrJ9Yab7dq+iQ6vdUBwIhUWYN6s9dwUWCZw2SL8g==
20932094
dependencies:
2094-
apollo-server-types "^0.4.0"
2095+
apollo-server-types "^0.5.0"
20952096

2096-
apollo-server-types@^0.4.0:
2097-
version "0.4.0"
2098-
resolved "https://registry.yarnpkg.com/apollo-server-types/-/apollo-server-types-0.4.0.tgz#74c2ed18ef46021f83a5a2dc0b844518b13044bf"
2099-
integrity sha512-U+6qKCdrucVSMEVvLSqSwxIGr3VI6vcfbhpD86sdb8MgHHGH6egjNAcLrPVRk1AyXs8RV0Ysus+vlj8rpouBzA==
2097+
apollo-server-types@^0.5.0:
2098+
version "0.5.0"
2099+
resolved "https://registry.yarnpkg.com/apollo-server-types/-/apollo-server-types-0.5.0.tgz#51f39c5fa610ece8b07f1fbcf63c47d4ac150340"
2100+
integrity sha512-zhtsqqqfdeoJQAfc41Sy6WnnBVxKNgZ34BKXf/Q+kXmw7rbZ/B5SG3SJMvj1iFsbzZxILmWdUsE9aD20lEr0bg==
21002101
dependencies:
2101-
apollo-engine-reporting-protobuf "^0.5.0"
2102+
apollo-engine-reporting-protobuf "^0.5.1"
21022103
apollo-server-caching "^0.5.1"
2103-
apollo-server-env "^2.4.3"
2104+
apollo-server-env "^2.4.4"
21042105

2105-
apollo-tracing@^0.10.0:
2106-
version "0.10.0"
2107-
resolved "https://registry.yarnpkg.com/apollo-tracing/-/apollo-tracing-0.10.0.tgz#24fc911c0d5145e3ef20a6cdc8d0b807b8cc7eee"
2108-
integrity sha512-yuqA1KT0FQUfzVK3ZIk0hRIE8eUKx9Oklq83AGQxLtS/oafBj/VOCZAtJNJkyEqMJxXQT9uIBtbfO1789Gczkw==
2106+
apollo-tracing@^0.11.0:
2107+
version "0.11.0"
2108+
resolved "https://registry.yarnpkg.com/apollo-tracing/-/apollo-tracing-0.11.0.tgz#8821eb60692f77c06660fb6bc147446f600aecfe"
2109+
integrity sha512-I9IFb/8lkBW8ZwOAi4LEojfT7dMfUSkpnV8LHQI8Rcj0HtzL9HObQ3woBmzyGHdGHLFuD/6/VHyFD67SesSrJg==
21092110
dependencies:
2110-
apollo-server-env "^2.4.3"
2111-
graphql-extensions "^0.12.0"
2111+
apollo-server-env "^2.4.4"
2112+
apollo-server-plugin-base "^0.9.0"
21122113

21132114
apollo-utilities@^1.0.1, apollo-utilities@^1.3.0:
21142115
version "1.3.3"
@@ -4312,14 +4313,14 @@ graceful-fs@^4.1.11, graceful-fs@^4.1.15, graceful-fs@^4.1.2, graceful-fs@^4.1.6
43124313
resolved "https://registry.yarnpkg.com/graceful-fs/-/graceful-fs-4.2.4.tgz#2256bde14d3632958c465ebc96dc467ca07a29fb"
43134314
integrity sha512-WjKPNJF79dtJAVniUlGGWHYGz2jWxT6VhN/4m1NdkbZ2nOsEF+cI1Edgql5zCRhs/VsQYRvrXctxktVXZUkixw==
43144315

4315-
graphql-extensions@^0.12.0:
4316-
version "0.12.0"
4317-
resolved "https://registry.yarnpkg.com/graphql-extensions/-/graphql-extensions-0.12.0.tgz#c0102d7bbe94ad6fc39806fd09bd37868ac928a2"
4318-
integrity sha512-kBRLtNeknrFl0W/UQQYebj6qnvb1E1RpQ2+C7Y8pwMc6yV8+9pWFx5RP0HzfeEuScCmK93i3H5sdPedoQWwENw==
4316+
graphql-extensions@^0.12.2:
4317+
version "0.12.2"
4318+
resolved "https://registry.yarnpkg.com/graphql-extensions/-/graphql-extensions-0.12.2.tgz#f22210e812939b7caa2127589f30e6a1c671540f"
4319+
integrity sha512-vFaZua5aLiCOOzxfY5qzHZ6S52BCqW7VVOwzvV52Wb5edRm3dn6u+1MR9yYyEqUHSf8LvdhEojYlOkKiaQ4ghA==
43194320
dependencies:
43204321
"@apollographql/apollo-tools" "^0.4.3"
4321-
apollo-server-env "^2.4.3"
4322-
apollo-server-types "^0.4.0"
4322+
apollo-server-env "^2.4.4"
4323+
apollo-server-types "^0.5.0"
43234324

43244325
graphql-subscriptions@^1.0.0:
43254326
version "1.1.0"
@@ -5678,7 +5679,36 @@ koa-router@^8.0.8:
56785679
path-to-regexp "1.x"
56795680
urijs "^1.19.2"
56805681

5681-
koa@2.11.0, koa@^2.11.0:
5682+
koa@2.12.0:
5683+
version "2.12.0"
5684+
resolved "https://registry.yarnpkg.com/koa/-/koa-2.12.0.tgz#c92bfb42defd86f365c31bf63fe918db11fc5c74"
5685+
integrity sha512-WlUBj6PXoVhjI5ljMmlyK+eqkbVFW5XQu8twz6bd4WM2E67IwKgPMu5wIFXGxAsZT7sW5xAB54KhY8WAEkLPug==
5686+
dependencies:
5687+
accepts "^1.3.5"
5688+
cache-content-type "^1.0.0"
5689+
content-disposition "~0.5.2"
5690+
content-type "^1.0.4"
5691+
cookies "~0.8.0"
5692+
debug "~3.1.0"
5693+
delegates "^1.0.0"
5694+
depd "^1.1.2"
5695+
destroy "^1.0.4"
5696+
encodeurl "^1.0.2"
5697+
escape-html "^1.0.3"
5698+
fresh "~0.5.2"
5699+
http-assert "^1.3.0"
5700+
http-errors "^1.6.3"
5701+
is-generator-function "^1.0.7"
5702+
koa-compose "^4.1.0"
5703+
koa-convert "^1.2.0"
5704+
on-finished "^2.3.0"
5705+
only "~0.0.2"
5706+
parseurl "^1.3.2"
5707+
statuses "^1.5.0"
5708+
type-is "^1.6.16"
5709+
vary "^1.1.2"
5710+
5711+
koa@^2.11.0:
56825712
version "2.11.0"
56835713
resolved "https://registry.yarnpkg.com/koa/-/koa-2.11.0.tgz#fe5a51c46f566d27632dd5dc8fd5d7dd44f935a4"
56845714
integrity sha512-EpR9dElBTDlaDgyhDMiLkXrPwp6ZqgAIBvhhmxQ9XN4TFgW+gEz6tkcsNI6BnUbUftrKDjVFj4lW2/J2aNBMMA==
@@ -8721,6 +8751,11 @@ uuid@^7.0.1, uuid@^7.0.3:
87218751
resolved "https://registry.yarnpkg.com/uuid/-/uuid-7.0.3.tgz#c5c9f2c8cf25dc0a372c4df1441c41f5bd0c680b"
87228752
integrity sha512-DPSke0pXhTZgoF/d+WSt2QaKMCFSfx7QegxEWT+JOuHF5aWrKEn0G+ztjuJg/gG8/ItK+rbPCD/yNv8yyih6Cg==
87238753

8754+
uuid@^8.0.0:
8755+
version "8.1.0"
8756+
resolved "https://registry.yarnpkg.com/uuid/-/uuid-8.1.0.tgz#6f1536eb43249f473abc6bd58ff983da1ca30d8d"
8757+
integrity sha512-CI18flHDznR0lq54xBycOVmphdCYnQLKn8abKn7PXUiKUGdEd+/l9LWNJmugXel4hXq7S+RMNl34ecyC9TntWg==
8758+
87248759
v8-compile-cache@^2.0.3:
87258760
version "2.1.0"
87268761
resolved "https://registry.yarnpkg.com/v8-compile-cache/-/v8-compile-cache-2.1.0.tgz#e14de37b31a6d194f5690d67efc4e7f6fc6ab30e"

0 commit comments

Comments
 (0)