Skip to content

[Snyk] Security upgrade apollo-server-core from 3.4.0 to 3.11.0

Denis Rudnei de Souza requested to merge snyk-fix-5d55afe9f0740c9991767eabaaa0920d into master

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this Merge Request

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 611/1000
Why? Recently disclosed, Has a fix available, CVSS 6.5		 Cache Poisoning
SNYK-JS-APOLLOSERVERCORE-3098876 		No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: apollo-server-core The new version differs by 250 commits.
  • 538151b Release
  • 3e840fa update package-lock
  • 69be2f7 Merge pull request from GHSA-8r69-3cvp-wxc3
  • 40fcd3d Backport #7107 (docs: document new usage reporting option)
  • f519e1d Release
  • 8ca2c11 Backport usage reporting improvements #7101 to AS3 (#7106)
  • 0e8d85f Update docs (mostly) for v4 release on version-3
  • 24a841b chore(deps): update dependency fastify to v3.29.3 (main) (#7010)
  • f826989 chore(deps): update dependency express to v4.18.2 (main) (#7005)
  • 985c079 Release
  • cd31e33 usage reporting: fix memory leak (#7000)
  • c367260 docs: update `schema` section to fix broken link
  • a925339 chore(deps): update dependency body-parser to v1.20.1 (main) (#6996)
  • 78e1439 chore(deps): update dependency supertest to v6.3.0 (main) (#6987)
  • 0e42833 chore(deps): update all non-major dependencies (main) (#6975)
  • 63ef4b7 chore(deps): update all non-major dependencies (main) (#6974)
  • e4102e3 chore(deps): update dependency @ types/lodash to v4.14.186 (main) (#6969)
  • dd42df2 Roll back typescript to 4.7 (backport of #6954) (#6955)
  • dcfe8ea renovate: roll back to typescript@4.7
  • cba2360 chore(deps): update dependency @ types/aws-lambda to v8.10.106 (main) (#6945)
  • 8734b11 chore(deps): update dependency @ types/aws-lambda to v8.10.105 (main) (#6943)
  • ca928e4 Upgrade `typescript` version and resolve "unconstrained generic" errors (#6940)
  • 89e8463 [docs] Add footnote about known plugin error handling issues (#6939)
  • 2bf7f66 chore(deps): update all non-major dependencies (main) (#6852)

See the full diff

Check the changes in this Merge Request to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

Merge request reports