Commit b59d830
authored
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?v=4&size=40){kind=avatar}
fix(deps): update module github.com/vektah/gqlparser/v2 to v2.5.14 [security] (#238)
[](https://renovatebot.com)
This PR contains the following updates:
| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[github.com/vektah/gqlparser/v2](https://togithub.com/vektah/gqlparser)
| `v2.5.11` -> `v2.5.14` |
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
[](https://docs.renovatebot.com/merge-confidence/)
|
### GitHub Vulnerability Alerts
#### [CVE-2023-49559](https://nvd.nist.gov/vuln/detail/CVE-2023-49559)
An issue in vektah gqlparser open-source-library v.2.5.10 allows a
remote attacker to cause a denial of service via a crafted script to the
parserDirectives function.
---
### Release Notes
<details>
<summary>vektah/gqlparser (github.com/vektah/gqlparser/v2)</summary>
###
[`v2.5.14`](https://togithub.com/vektah/gqlparser/releases/tag/v2.5.14)
[Compare
Source](https://togithub.com/vektah/gqlparser/compare/v2.5.13...v2.5.14)
#### What's Changed
- Add ParseQueryWithLimit by
[@​StevenACoffman](https://togithub.com/StevenACoffman) in
[https://github.com/vektah/gqlparser/pull/304](https://togithub.com/vektah/gqlparser/pull/304)
**Full Changelog**:
vektah/gqlparser@v2.5.13...v2.5.14
###
[`v2.5.13`](https://togithub.com/vektah/gqlparser/releases/tag/v2.5.13)
[Compare
Source](https://togithub.com/vektah/gqlparser/compare/v2.5.12...v2.5.13)
#### What's Changed
- Bump the actions-deps group in /validator/imported with 6 updates by
[@​dependabot](https://togithub.com/dependabot) in
[https://github.com/vektah/gqlparser/pull/298](https://togithub.com/vektah/gqlparser/pull/298)
- Bump prettier from 3.2.5 to 3.3.0 in /validator/imported in the
actions-deps group by
[@​dependabot](https://togithub.com/dependabot) in
[https://github.com/vektah/gqlparser/pull/299](https://togithub.com/vektah/gqlparser/pull/299)
- Bump the actions-deps group in /validator/imported with 7 updates by
[@​dependabot](https://togithub.com/dependabot) in
[https://github.com/vektah/gqlparser/pull/301](https://togithub.com/vektah/gqlparser/pull/301)
- Bump braces from 3.0.2 to 3.0.3 in /validator/imported by
[@​dependabot](https://togithub.com/dependabot) in
[https://github.com/vektah/gqlparser/pull/302](https://togithub.com/vektah/gqlparser/pull/302)
- Token limit fix CVE-2023-49559 by
[@​uvzz](https://togithub.com/uvzz) in
[https://github.com/vektah/gqlparser/pull/291](https://togithub.com/vektah/gqlparser/pull/291)
#### New Contributors
- [@​uvzz](https://togithub.com/uvzz) made their first
contribution in
[https://github.com/vektah/gqlparser/pull/291](https://togithub.com/vektah/gqlparser/pull/291)
**Full Changelog**:
vektah/gqlparser@v2.5.12...v2.5.13
###
[`v2.5.12`](https://togithub.com/vektah/gqlparser/releases/tag/v2.5.12)
[Compare
Source](https://togithub.com/vektah/gqlparser/compare/v2.5.11...v2.5.12)
##### What's Changed
- Disallow empty parens
([#​292](https://togithub.com/vektah/gqlparser/issues/292)). by
[@​yuchenshi](https://togithub.com/yuchenshi) in
[https://github.com/vektah/gqlparser/pull/293](https://togithub.com/vektah/gqlparser/pull/293)
- WithBuiltin FormatterOption added by
[@​atzedus](https://togithub.com/atzedus) in
[https://github.com/vektah/gqlparser/pull/294](https://togithub.com/vektah/gqlparser/pull/294)
- Redo github actions by
[@​StevenACoffman](https://togithub.com/StevenACoffman) in
[https://github.com/vektah/gqlparser/pull/295](https://togithub.com/vektah/gqlparser/pull/295)
- Bump github.com/stretchr/testify from 1.4.0 to 1.9.0 in the
actions-deps group by
[@​dependabot](https://togithub.com/dependabot) in
[https://github.com/vektah/gqlparser/pull/296](https://togithub.com/vektah/gqlparser/pull/296)
- Bump the actions-deps group in /validator/imported with 8 updates by
[@​dependabot](https://togithub.com/dependabot) in
[https://github.com/vektah/gqlparser/pull/297](https://togithub.com/vektah/gqlparser/pull/297)
##### New Contributors
- [@​yuchenshi](https://togithub.com/yuchenshi) made their first
contribution in
[https://github.com/vektah/gqlparser/pull/293](https://togithub.com/vektah/gqlparser/pull/293)
**Full Changelog**:
vektah/gqlparser@v2.5.11...v2.5.12
</details>
---
### Configuration
📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.
♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box
---
This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job log](https://developer.mend.io/github/infratographer/x).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4xOC4xNyIsInVwZGF0ZWRJblZlciI6IjM4LjE4LjE3IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->
Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>](https://renovatebot.com){kind=link}
1 parent b014b9c commit b59d830
2 files changed
+3
-3
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
35 | 35 | | |
36 | 36 | | |
37 | 37 | | |
38 | | - | |
| 38 | + | |
39 | 39 | | |
40 | 40 | | |
41 | 41 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
390 | 390 | | |
391 | 391 | | |
392 | 392 | | |
393 | | - | |
394 | | - | |
| 393 | + | |
| 394 | + | |
395 | 395 | | |
396 | 396 | | |
397 | 397 | | |
| |||
0 commit comments