[Snyk] Security upgrade apollo-server-core from 3.4.0 to 3.11.0
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this Merge Request
- Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
- package.json
- package-lock.json
Vulnerabilities that will be fixed
With an upgrade:
Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity |
---|---|---|---|---|
611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5 |
Cache Poisoning SNYK-JS-APOLLOSERVERCORE-3098876 |
No | No Known Exploit |
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: apollo-server-core
The new version differs by 250 commits.- 538151b Release
- 3e840fa update package-lock
- 69be2f7 Merge pull request from GHSA-8r69-3cvp-wxc3
- 40fcd3d Backport #7107 (docs: document new usage reporting option)
- f519e1d Release
- 8ca2c11 Backport usage reporting improvements #7101 to AS3 (#7106)
- 0e8d85f Update docs (mostly) for v4 release on version-3
- 24a841b chore(deps): update dependency fastify to v3.29.3 (main) (#7010)
- f826989 chore(deps): update dependency express to v4.18.2 (main) (#7005)
- 985c079 Release
- cd31e33 usage reporting: fix memory leak (#7000)
- c367260 docs: update `schema` section to fix broken link
- a925339 chore(deps): update dependency body-parser to v1.20.1 (main) (#6996)
- 78e1439 chore(deps): update dependency supertest to v6.3.0 (main) (#6987)
- 0e42833 chore(deps): update all non-major dependencies (main) (#6975)
- 63ef4b7 chore(deps): update all non-major dependencies (main) (#6974)
- e4102e3 chore(deps): update dependency @ types/lodash to v4.14.186 (main) (#6969)
- dd42df2 Roll back typescript to 4.7 (backport of #6954) (#6955)
- dcfe8ea renovate: roll back to typescript@4.7
- cba2360 chore(deps): update dependency @ types/aws-lambda to v8.10.106 (main) (#6945)
- 8734b11 chore(deps): update dependency @ types/aws-lambda to v8.10.105 (main) (#6943)
- ca928e4 Upgrade `typescript` version and resolve "unconstrained generic" errors (#6940)
- 89e8463 [docs] Add footnote about known plugin error handling issues (#6939)
- 2bf7f66 chore(deps): update all non-major dependencies (main) (#6852)
Check the changes in this Merge Request to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information: 🧐 View latest project report
Learn how to fix vulnerabilities with free interactive lessons: