Skip to content

Commit

Permalink
upgrade graphql, other security related upgrades (#3488)
Browse files Browse the repository at this point in the history
  • Loading branch information
@acao
acao authored Jan 8, 2024
1 parent eb8ce03 commit d5028be
Show file tree
Hide file tree
Showing 26 changed files with 327 additions and 232 deletions.
7 changes: 7 additions & 0 deletions .changeset/plenty-bees-fry.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---
'graphql-language-service-cli': patch
'graphql-language-service-server': patch
'vscode-graphql': patch
---

Bump graphql & graphql-tools version to fix potential runtime security bugs
2 changes: 1 addition & 1 deletion examples/cm6-graphql-legacy-parcel/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
"@codemirror/basic-setup": "^0.20.0",
"@codemirror/language": "^0.20.0",
"codemirror-graphql": "^2.0.2",
"graphql": "^16.4.0"
"graphql": "^16.8.1"
},
"devDependencies": {
"parcel-bundler": "^1.12.4",
Expand Down
2 changes: 1 addition & 1 deletion examples/cm6-graphql-parcel/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
"@codemirror/theme-one-dark": "6.0.0",
"@codemirror/view": "6.1.2",
"cm6-graphql": "0.0.1",
"graphql": "^16.4.0"
"graphql": "^16.8.1"
},
"devDependencies": {
"parcel": "^2.6.2",
Expand Down
2 changes: 1 addition & 1 deletion examples/graphiql-create-react-app/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
"private": true,
"dependencies": {
"graphiql": "^2.2.0",
"graphql": "^16.4.0",
"graphql": "^16.8.1",
"react": "^18.2.0",
"react-dom": "^18.2.0",
"react-scripts": "5.0.1"
Expand Down
2 changes: 1 addition & 1 deletion examples/graphiql-parcel/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@
},
"dependencies": {
"graphiql": "^2.2.0",
"graphql": "^16.4.0",
"graphql": "^16.8.1",
"react": "^18.2.0",
"react-dom": "^18.2.0"
},
Expand Down
2 changes: 1 addition & 1 deletion examples/graphiql-webpack/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@
"@graphiql/toolkit": "^0.9.1",
"@graphiql/react": "^0.20.2",
"graphiql": "^3.1.0",
"graphql": "^16.4.0",
"graphql": "^16.8.1",
"graphql-ws": "^5.5.5",
"react": "^18.2.0",
"regenerator-runtime": "^0.13.9"
Expand Down
2 changes: 1 addition & 1 deletion examples/monaco-graphql-nextjs/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@
},
"dependencies": {
"@graphiql/toolkit": "^0.9.1",
"graphql": "^16.4.0",
"graphql": "^16.8.1",
"graphql-ws": "^5.5.5",
"jsonc-parser": "^3.2.0",
"marked": "^4.2.12",
Expand Down
2 changes: 1 addition & 1 deletion examples/monaco-graphql-react-vite/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
"version": "0.0.0",
"dependencies": {
"@graphiql/toolkit": "^0.9.1",
"graphql": "^16.4.0",
"graphql": "^16.8.1",
"graphql-language-service": "^5.2.0",
"jsonc-parser": "^3.2.0",
"monaco-editor": "^0.39.0",
Expand Down
2 changes: 1 addition & 1 deletion examples/monaco-graphql-webpack/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@
"start": "cross-env NODE_ENV=development webpack-cli serve"
},
"dependencies": {
"graphql": "^16.4.0",
"graphql": "^16.8.1",
"graphql-language-service": "^5.2.0",
"json-schema": "^0.4.0",
"jsonc-parser": "^3.2.0",
Expand Down
3 changes: 3 additions & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,5 +136,8 @@
"typescript": "^4.6.3",
"vitest": "^0.32.2",
"wsrun": "^5.2.4"
},
"resolutions": {
"@babel/traverse": "^7.23.2"
}
}
2 changes: 1 addition & 1 deletion packages/cm6-graphql/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
"@lezer/highlight": "^1.0.0",
"@lezer/lr": "^1.1.0",
"esbuild": "0.18.10",
"graphql": "^16.4.0",
"graphql": "^16.8.1",
"rollup": "^2.60.2",
"rollup-plugin-dts": "^4.0.1",
"rollup-plugin-esbuild": "^4.9.1",
Expand Down
2 changes: 1 addition & 1 deletion packages/codemirror-graphql/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@
"@codemirror/language": "^6.0.0",
"codemirror": "^5.65.3",
"cross-env": "^7.0.2",
"graphql": "^16.4.0",
"graphql": "^16.8.1",
"rimraf": "^3.0.2",
"sane": "2.0.0"
}
Expand Down
2 changes: 1 addition & 1 deletion packages/graphiql-plugin-code-exporter/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@
"devDependencies": {
"@graphiql/react": "^0.20.2",
"@vitejs/plugin-react": "^4.0.1",
"graphql": "^16.4.0",
"graphql": "^16.8.1",
"postcss-nesting": "^10.1.7",
"react": "^18.2.0",
"react-dom": "^18.2.0",
Expand Down
2 changes: 1 addition & 1 deletion packages/graphiql-plugin-explorer/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@
"devDependencies": {
"@graphiql/react": "^0.20.2",
"@vitejs/plugin-react": "^4.0.1",
"graphql": "^16.4.0",
"graphql": "^16.8.1",
"react": "^18.2.0",
"react-dom": "^18.2.0",
"typescript": "^4.6.3",
Expand Down
2 changes: 1 addition & 1 deletion packages/graphiql-react/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,7 @@
"@testing-library/react": "14.0.0",
"@types/set-value": "^4.0.1",
"@vitejs/plugin-react": "^4.0.1",
"graphql": "^16.4.0",
"graphql": "^16.8.1",
"postcss-nesting": "^10.1.7",
"react": "^18.2.0",
"react-dom": "^18.2.0",
Expand Down
2 changes: 1 addition & 1 deletion packages/graphiql-toolkit/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@
"meros": "^1.1.4"
},
"devDependencies": {
"graphql": "^16.4.0",
"graphql": "^16.8.1",
"graphql-ws": "^5.5.5",
"isomorphic-fetch": "^3.0.0",
"subscriptions-transport-ws": "0.11.0"
Expand Down
2 changes: 1 addition & 1 deletion packages/graphiql/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@
"cypress": "^12.6.0",
"express": "^4.18.2",
"fork-ts-checker-webpack-plugin": "7.3.0",
"graphql": "^16.4.0",
"graphql": "^16.8.1",
"graphql-http": "^1.19.0",
"graphql-subscriptions": "^2.0.0",
"html-webpack-plugin": "^5.5.0",
Expand Down
2 changes: 1 addition & 1 deletion packages/graphql-language-service-cli/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,6 @@
"yargs": "^16.2.0"
},
"devDependencies": {
"graphql": "^16.4.0"
"graphql": "^16.8.1"
}
}
14 changes: 7 additions & 7 deletions packages/graphql-language-service-server/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,15 +37,15 @@
"graphql": "^15.5.0 || ^16.0.0"
},
"dependencies": {
"@babel/parser": "^7.22.6",
"@babel/types": "^7.22.5",
"@graphql-tools/code-file-loader": "8.0.1",
"@vue/compiler-sfc": "^3.2.41",
"@babel/parser": "^7.23.6",
"@babel/types": "^7.23.5",
"@graphql-tools/code-file-loader": "8.0.3",
"@vue/compiler-sfc": "^3.4.5",
"cosmiconfig-toml-loader": "^1.0.0",
"dotenv": "10.0.0",
"fast-glob": "^3.2.7",
"glob": "^7.2.0",
"graphql-config": "5.0.2",
"graphql-config": "5.0.3",
"graphql-language-service": "^5.2.0",
"mkdirp": "^1.0.4",
"node-abort-controller": "^3.0.1",
Expand All @@ -54,14 +54,14 @@
"vscode-languageserver": "^8.0.1",
"vscode-languageserver-types": "^3.17.2",
"vscode-uri": "^3.0.2",
"svelte2tsx": "^0.6.19",
"svelte2tsx": "^0.6.27",
"svelte": "^4.1.1",
"source-map-js": "1.0.2"
},
"devDependencies": {
"@types/glob": "^8.1.0",
"@types/mkdirp": "^1.0.1",
"cross-env": "^7.0.2",
"graphql": "^16.4.0"
"graphql": "^16.8.1"
}
}
2 changes: 1 addition & 1 deletion packages/graphql-language-service-server/src/findGraphQLTags.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
*
*/

import {
import type {
Expression,
TaggedTemplateExpression,
TemplateLiteral,
Expand Down
5 changes: 3 additions & 2 deletions packages/graphql-language-service-server/src/parsers/vue.ts
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
import { parse, compileScript, SFCScriptBlock } from '@vue/compiler-sfc';
import { RangeMapper, SourceParser } from './types';
import { Position, Range } from 'graphql-language-service';
import { BlockStatement, Statement } from '@babel/types';

type ParseVueSFCResult =
| { type: 'error'; errors: Error[] }
Expand Down Expand Up @@ -39,8 +40,8 @@ export function parseVueSFC(source: string): ParseVueSFCResult {
return {
type: 'ok',
scriptOffset: scriptBlock.loc.start.line - 1,
scriptSetupAst: scriptBlock?.scriptSetupAst,
scriptAst: scriptBlock?.scriptAst,
scriptSetupAst: scriptBlock?.scriptSetupAst as Statement[],
scriptAst: scriptBlock?.scriptAst as BlockStatement[],
};
}

Expand Down
4 changes: 2 additions & 2 deletions packages/graphql-language-service/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,8 @@
"@types/json-schema": "7.0.9",
"@types/picomatch": "^2.3.0",
"benchmark": "^2.1.4",
"graphql": "^16.4.0",
"graphql-config": "5.0.2",
"graphql": "^16.8.1",
"graphql-config": "5.0.3",
"lodash": "^4.17.15",
"platform": "^1.3.5",
"ts-node": "^8.10.2",
Expand Down
2 changes: 1 addition & 1 deletion packages/monaco-graphql/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@
},
"devDependencies": {
"execa": "^7.1.1",
"graphql": "^16.4.0",
"graphql": "^16.8.1",
"monaco-editor": "^0.39.0",
"prettier": "3.0.0-alpha.12",
"vscode-languageserver-types": "^3.17.1"
Expand Down
6 changes: 3 additions & 3 deletions packages/vscode-graphql-execution/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -102,15 +102,15 @@
"vsce": "^2.13.0"
},
"dependencies": {
"@graphql-tools/code-file-loader": "8.0.1",
"@graphql-tools/code-file-loader": "8.0.3",
"@urql/core": "2.6.1",
"@whatwg-node/fetch": "0.2.8",
"capitalize": "2.0.4",
"cosmiconfig": "8.2.0",
"cosmiconfig-toml-loader": "^1.0.0",
"dotenv": "10.0.0",
"graphql": "^16.4.0",
"graphql-config": "5.0.2",
"graphql": "^16.8.1",
"graphql-config": "5.0.3",
"graphql-tag": "2.12.6",
"graphql-ws": "5.10.0",
"svelte": "^4.1.1",
Expand Down
2 changes: 1 addition & 1 deletion packages/vscode-graphql/package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,7 +172,7 @@
"vsce": "^2.13.0"
},
"dependencies": {
"graphql": "^16.4.0",
"graphql": "^16.8.1",
"graphql-language-service-server": "^2.11.6",
"vscode-languageclient": "8.0.2"
}
Expand Down
Loading

0 comments on commit d5028be

Please sign in to comment.