From d24c5d58e05b6f3b59b7745a55ba9c8dc6fb3aa3 Mon Sep 17 00:00:00 2001 From: Denis Badurina Date: Mon, 6 Jan 2025 12:44:19 +0100 Subject: [PATCH] Bump dset dependency handling the CVE-2024-21529 (#3620) Co-authored-by: github-actions[bot] --- .changeset/afraid-olives-attend.md | 7 +++++++ .changeset/graphql-yoga-3620-dependencies.md | 5 +++++ packages/graphql-yoga/package.json | 2 +- pnpm-lock.yaml | 10 +++++----- 4 files changed, 18 insertions(+), 6 deletions(-) create mode 100644 .changeset/afraid-olives-attend.md create mode 100644 .changeset/graphql-yoga-3620-dependencies.md diff --git a/.changeset/afraid-olives-attend.md b/.changeset/afraid-olives-attend.md new file mode 100644 index 0000000000..daecc3dee2 --- /dev/null +++ b/.changeset/afraid-olives-attend.md @@ -0,0 +1,7 @@ +--- +'graphql-yoga': patch +--- + +Bump dset dependency handling the CVE-2024-21529 + +https://security.snyk.io/vuln/SNYK-JS-DSET-7116691 diff --git a/.changeset/graphql-yoga-3620-dependencies.md b/.changeset/graphql-yoga-3620-dependencies.md new file mode 100644 index 0000000000..ae86dc6d13 --- /dev/null +++ b/.changeset/graphql-yoga-3620-dependencies.md @@ -0,0 +1,5 @@ +--- +"graphql-yoga": patch +--- +dependencies updates: + - Updated dependency [`dset@^3.1.4` ↗︎](https://www.npmjs.com/package/dset/v/3.1.4) (from `^3.1.1`, in `dependencies`) diff --git a/packages/graphql-yoga/package.json b/packages/graphql-yoga/package.json index 2d0e8f349d..f8dda74efc 100644 --- a/packages/graphql-yoga/package.json +++ b/packages/graphql-yoga/package.json @@ -57,7 +57,7 @@ "@graphql-yoga/subscription": "workspace:^", "@whatwg-node/fetch": "^0.10.1", "@whatwg-node/server": "^0.9.64", - "dset": "^3.1.1", + "dset": "^3.1.4", "lru-cache": "^10.0.0", "tslib": "^2.8.1" }, diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index a308fa5013..f8f7377c37 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -1639,7 +1639,7 @@ importers: specifier: ^0.9.64 version: 0.9.65 dset: - specifier: ^3.1.1 + specifier: ^3.1.4 version: 3.1.4 lru-cache: specifier: ^10.0.0 @@ -23819,7 +23819,7 @@ snapshots: eslint: 9.17.0(jiti@2.4.2) eslint-config-prettier: 9.1.0(eslint@9.17.0(jiti@2.4.2)) eslint-import-resolver-typescript: 3.7.0(eslint-plugin-import@2.31.0)(eslint@9.17.0(jiti@2.4.2)) - eslint-plugin-import: 2.31.0(@typescript-eslint/parser@8.19.0(eslint@9.17.0(jiti@2.4.2))(typescript@5.7.2))(eslint-import-resolver-typescript@3.7.0)(eslint@9.17.0(jiti@2.4.2)) + eslint-plugin-import: 2.31.0(@typescript-eslint/parser@8.19.0(eslint@9.17.0(jiti@2.4.2))(typescript@5.7.2))(eslint-import-resolver-typescript@3.7.0(eslint-plugin-import@2.31.0(@typescript-eslint/parser@8.19.0(eslint@9.17.0(jiti@2.4.2))(typescript@5.7.2))(eslint@9.17.0(jiti@2.4.2)))(eslint@9.17.0(jiti@2.4.2)))(eslint@9.17.0(jiti@2.4.2)) eslint-plugin-jsonc: 2.18.2(eslint@9.17.0(jiti@2.4.2)) eslint-plugin-jsx-a11y: 6.10.2(eslint@9.17.0(jiti@2.4.2)) eslint-plugin-mdx: 3.1.5(eslint@9.17.0(jiti@2.4.2)) @@ -27568,7 +27568,7 @@ snapshots: eslint: 9.17.0(jiti@2.4.2) eslint-import-resolver-node: 0.3.9 eslint-import-resolver-typescript: 3.7.0(eslint-plugin-import@2.31.0)(eslint@9.17.0(jiti@2.4.2)) - eslint-plugin-import: 2.31.0(@typescript-eslint/parser@8.19.0(eslint@9.17.0(jiti@2.4.2))(typescript@5.7.2))(eslint-import-resolver-typescript@3.7.0)(eslint@9.17.0(jiti@2.4.2)) + eslint-plugin-import: 2.31.0(@typescript-eslint/parser@8.19.0(eslint@9.17.0(jiti@2.4.2))(typescript@5.7.2))(eslint-import-resolver-typescript@3.7.0(eslint-plugin-import@2.31.0(@typescript-eslint/parser@8.19.0(eslint@9.17.0(jiti@2.4.2))(typescript@5.7.2))(eslint@9.17.0(jiti@2.4.2)))(eslint@9.17.0(jiti@2.4.2)))(eslint@9.17.0(jiti@2.4.2)) eslint-plugin-jsx-a11y: 6.10.2(eslint@9.17.0(jiti@2.4.2)) eslint-plugin-react: 7.37.3(eslint@9.17.0(jiti@2.4.2)) eslint-plugin-react-hooks: 5.1.0(eslint@9.17.0(jiti@2.4.2)) @@ -27603,7 +27603,7 @@ snapshots: is-glob: 4.0.3 stable-hash: 0.0.4 optionalDependencies: - eslint-plugin-import: 2.31.0(@typescript-eslint/parser@8.19.0(eslint@9.17.0(jiti@2.4.2))(typescript@5.7.2))(eslint-import-resolver-typescript@3.7.0)(eslint@9.17.0(jiti@2.4.2)) + eslint-plugin-import: 2.31.0(@typescript-eslint/parser@8.19.0(eslint@9.17.0(jiti@2.4.2))(typescript@5.7.2))(eslint-import-resolver-typescript@3.7.0(eslint-plugin-import@2.31.0(@typescript-eslint/parser@8.19.0(eslint@9.17.0(jiti@2.4.2))(typescript@5.7.2))(eslint@9.17.0(jiti@2.4.2)))(eslint@9.17.0(jiti@2.4.2)))(eslint@9.17.0(jiti@2.4.2)) transitivePeerDependencies: - supports-color @@ -27652,7 +27652,7 @@ snapshots: eslint: 9.17.0(jiti@2.4.2) eslint-compat-utils: 0.5.1(eslint@9.17.0(jiti@2.4.2)) - eslint-plugin-import@2.31.0(@typescript-eslint/parser@8.19.0(eslint@9.17.0(jiti@2.4.2))(typescript@5.7.2))(eslint-import-resolver-typescript@3.7.0)(eslint@9.17.0(jiti@2.4.2)): + eslint-plugin-import@2.31.0(@typescript-eslint/parser@8.19.0(eslint@9.17.0(jiti@2.4.2))(typescript@5.7.2))(eslint-import-resolver-typescript@3.7.0(eslint-plugin-import@2.31.0(@typescript-eslint/parser@8.19.0(eslint@9.17.0(jiti@2.4.2))(typescript@5.7.2))(eslint@9.17.0(jiti@2.4.2)))(eslint@9.17.0(jiti@2.4.2)))(eslint@9.17.0(jiti@2.4.2)): dependencies: '@rtsao/scc': 1.1.0 array-includes: 3.1.8