Skip to content

chore(deps): update rust crate async-graphql to v7.0.10 [security] - autoclosed #343

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

chore(deps): update rust crate async-graphql to v7.0.10 [security] - autoclosed #343

wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Oct 3, 2024

This PR contains the following updates:

Package Type Update Change
async-graphql dependencies patch 7.0.7 -> 7.0.10

GitHub Vulnerability Alerts

CVE-2024-47614

Impact

  • Service Disruption: The server may become unresponsive or extremely slow, potentially leading to downtime.
  • Resource Exhaustion: Excessive use of server resources, such as CPU and memory, could negatively impact other services running on the same infrastructure.
  • User Experience Degradation: Users may experience delays or failures when accessing the service, which could lead to frustration and loss of trust in the service.

Patches

  1. Upgrade to v7.0.10
  2. Use SchemaBuilder.limit_directives to limit the maximum number of directives for a single field.

Release Notes

async-graphql/async-graphql (async-graphql)

v7.0.10

  • add SchemeBuilder.limit_directives method to set the maximum number of directives on a single field.
  • remove needless ?Sized #​1593
  • fix: generate each variant description correctly. #​1589
  • Make From<T> for [Error] set source #​1561
  • feat(graphiql): add support for WS connection params #​1597

v7.0.9

  • add on_ping callback to WebSocket

v7.0.8

  • chore: Make Extensions nullable #​1563
  • expose rejection in async_graphql_axum #​1571
  • Updated crate time to 3.36, as it fixes a compilation error in rust 1.80 #​1572
  • Impl Debug for dynamic::FieldValue & Improve error messages for its methods #​1582
  • Support scraping #[doc = ...] attributes when generating descriptions #​1581
  • add Websocket::keepalive_timeout method to sets a timeout for receiving an acknowledgement of the keep-alive ping.

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/crate-async-graphql-vulnerability branch 3 times, most recently from 53555f5 to 7eced8b Compare October 4, 2024 15:13
@renovate renovate bot force-pushed the renovate/crate-async-graphql-vulnerability branch from 7eced8b to 53936bb Compare October 4, 2024 16:31
@renovate renovate bot changed the title chore(deps): update rust crate async-graphql to v7.0.10 [security] chore(deps): update rust crate async-graphql to v7.0.10 [security] - autoclosed Oct 4, 2024
@renovate renovate bot closed this Oct 4, 2024
@renovate renovate bot deleted the renovate/crate-async-graphql-vulnerability branch October 4, 2024 16:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants