Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix(deps): update module github.com/vektah/gqlparser/v2 to v2.5.14 [s…
…ecurity] (#238) [![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [github.com/vektah/gqlparser/v2](https://togithub.com/vektah/gqlparser) | `v2.5.11` -> `v2.5.14` | [![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fvektah%2fgqlparser%2fv2/v2.5.14?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fvektah%2fgqlparser%2fv2/v2.5.14?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fvektah%2fgqlparser%2fv2/v2.5.11/v2.5.14?slim=true)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fvektah%2fgqlparser%2fv2/v2.5.11/v2.5.14?slim=true)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2023-49559](https://nvd.nist.gov/vuln/detail/CVE-2023-49559) An issue in vektah gqlparser open-source-library v.2.5.10 allows a remote attacker to cause a denial of service via a crafted script to the parserDirectives function. --- ### Release Notes <details> <summary>vektah/gqlparser (github.com/vektah/gqlparser/v2)</summary> ### [`v2.5.14`](https://togithub.com/vektah/gqlparser/releases/tag/v2.5.14) [Compare Source](https://togithub.com/vektah/gqlparser/compare/v2.5.13...v2.5.14) #### What's Changed - Add ParseQueryWithLimit by [@​StevenACoffman](https://togithub.com/StevenACoffman) in [https://github.com/vektah/gqlparser/pull/304](https://togithub.com/vektah/gqlparser/pull/304) **Full Changelog**: vektah/gqlparser@v2.5.13...v2.5.14 ### [`v2.5.13`](https://togithub.com/vektah/gqlparser/releases/tag/v2.5.13) [Compare Source](https://togithub.com/vektah/gqlparser/compare/v2.5.12...v2.5.13) #### What's Changed - Bump the actions-deps group in /validator/imported with 6 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/vektah/gqlparser/pull/298](https://togithub.com/vektah/gqlparser/pull/298) - Bump prettier from 3.2.5 to 3.3.0 in /validator/imported in the actions-deps group by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/vektah/gqlparser/pull/299](https://togithub.com/vektah/gqlparser/pull/299) - Bump the actions-deps group in /validator/imported with 7 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/vektah/gqlparser/pull/301](https://togithub.com/vektah/gqlparser/pull/301) - Bump braces from 3.0.2 to 3.0.3 in /validator/imported by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/vektah/gqlparser/pull/302](https://togithub.com/vektah/gqlparser/pull/302) - Token limit fix CVE-2023-49559 by [@​uvzz](https://togithub.com/uvzz) in [https://github.com/vektah/gqlparser/pull/291](https://togithub.com/vektah/gqlparser/pull/291) #### New Contributors - [@​uvzz](https://togithub.com/uvzz) made their first contribution in [https://github.com/vektah/gqlparser/pull/291](https://togithub.com/vektah/gqlparser/pull/291) **Full Changelog**: vektah/gqlparser@v2.5.12...v2.5.13 ### [`v2.5.12`](https://togithub.com/vektah/gqlparser/releases/tag/v2.5.12) [Compare Source](https://togithub.com/vektah/gqlparser/compare/v2.5.11...v2.5.12) ##### What's Changed - Disallow empty parens ([#​292](https://togithub.com/vektah/gqlparser/issues/292)). by [@​yuchenshi](https://togithub.com/yuchenshi) in [https://github.com/vektah/gqlparser/pull/293](https://togithub.com/vektah/gqlparser/pull/293) - WithBuiltin FormatterOption added by [@​atzedus](https://togithub.com/atzedus) in [https://github.com/vektah/gqlparser/pull/294](https://togithub.com/vektah/gqlparser/pull/294) - Redo github actions by [@​StevenACoffman](https://togithub.com/StevenACoffman) in [https://github.com/vektah/gqlparser/pull/295](https://togithub.com/vektah/gqlparser/pull/295) - Bump github.com/stretchr/testify from 1.4.0 to 1.9.0 in the actions-deps group by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/vektah/gqlparser/pull/296](https://togithub.com/vektah/gqlparser/pull/296) - Bump the actions-deps group in /validator/imported with 8 updates by [@​dependabot](https://togithub.com/dependabot) in [https://github.com/vektah/gqlparser/pull/297](https://togithub.com/vektah/gqlparser/pull/297) ##### New Contributors - [@​yuchenshi](https://togithub.com/yuchenshi) made their first contribution in [https://github.com/vektah/gqlparser/pull/293](https://togithub.com/vektah/gqlparser/pull/293) **Full Changelog**: vektah/gqlparser@v2.5.11...v2.5.12 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View the [repository job log](https://developer.mend.io/github/infratographer/x). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4xOC4xNyIsInVwZGF0ZWRJblZlciI6IjM4LjE4LjE3IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
- Loading branch information