Skip to content

Commit

Permalink
fix(deps): update module github.com/vektah/gqlparser/v2 to v2.5.14 [s…
Browse files Browse the repository at this point in the history
…ecurity] (#238)

[![Mend
Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
|
[github.com/vektah/gqlparser/v2](https://togithub.com/vektah/gqlparser)
| `v2.5.11` -> `v2.5.14` |
[![age](https://developer.mend.io/api/mc/badges/age/go/github.com%2fvektah%2fgqlparser%2fv2/v2.5.14?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/go/github.com%2fvektah%2fgqlparser%2fv2/v2.5.14?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/go/github.com%2fvektah%2fgqlparser%2fv2/v2.5.11/v2.5.14?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/go/github.com%2fvektah%2fgqlparser%2fv2/v2.5.11/v2.5.14?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

### GitHub Vulnerability Alerts

#### [CVE-2023-49559](https://nvd.nist.gov/vuln/detail/CVE-2023-49559)

An issue in vektah gqlparser open-source-library v.2.5.10 allows a
remote attacker to cause a denial of service via a crafted script to the
parserDirectives function.

---

### Release Notes

<details>
<summary>vektah/gqlparser (github.com/vektah/gqlparser/v2)</summary>

###
[`v2.5.14`](https://togithub.com/vektah/gqlparser/releases/tag/v2.5.14)

[Compare
Source](https://togithub.com/vektah/gqlparser/compare/v2.5.13...v2.5.14)

#### What's Changed

- Add ParseQueryWithLimit by
[@&#8203;StevenACoffman](https://togithub.com/StevenACoffman) in
[https://github.com/vektah/gqlparser/pull/304](https://togithub.com/vektah/gqlparser/pull/304)

**Full Changelog**:
vektah/gqlparser@v2.5.13...v2.5.14

###
[`v2.5.13`](https://togithub.com/vektah/gqlparser/releases/tag/v2.5.13)

[Compare
Source](https://togithub.com/vektah/gqlparser/compare/v2.5.12...v2.5.13)

#### What's Changed

- Bump the actions-deps group in /validator/imported with 6 updates by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/vektah/gqlparser/pull/298](https://togithub.com/vektah/gqlparser/pull/298)
- Bump prettier from 3.2.5 to 3.3.0 in /validator/imported in the
actions-deps group by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/vektah/gqlparser/pull/299](https://togithub.com/vektah/gqlparser/pull/299)
- Bump the actions-deps group in /validator/imported with 7 updates by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/vektah/gqlparser/pull/301](https://togithub.com/vektah/gqlparser/pull/301)
- Bump braces from 3.0.2 to 3.0.3 in /validator/imported by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/vektah/gqlparser/pull/302](https://togithub.com/vektah/gqlparser/pull/302)
- Token limit fix CVE-2023-49559 by
[@&#8203;uvzz](https://togithub.com/uvzz) in
[https://github.com/vektah/gqlparser/pull/291](https://togithub.com/vektah/gqlparser/pull/291)

#### New Contributors

- [@&#8203;uvzz](https://togithub.com/uvzz) made their first
contribution in
[https://github.com/vektah/gqlparser/pull/291](https://togithub.com/vektah/gqlparser/pull/291)

**Full Changelog**:
vektah/gqlparser@v2.5.12...v2.5.13

###
[`v2.5.12`](https://togithub.com/vektah/gqlparser/releases/tag/v2.5.12)

[Compare
Source](https://togithub.com/vektah/gqlparser/compare/v2.5.11...v2.5.12)

##### What's Changed

- Disallow empty parens
([#&#8203;292](https://togithub.com/vektah/gqlparser/issues/292)). by
[@&#8203;yuchenshi](https://togithub.com/yuchenshi) in
[https://github.com/vektah/gqlparser/pull/293](https://togithub.com/vektah/gqlparser/pull/293)
- WithBuiltin FormatterOption added by
[@&#8203;atzedus](https://togithub.com/atzedus) in
[https://github.com/vektah/gqlparser/pull/294](https://togithub.com/vektah/gqlparser/pull/294)
- Redo github actions by
[@&#8203;StevenACoffman](https://togithub.com/StevenACoffman) in
[https://github.com/vektah/gqlparser/pull/295](https://togithub.com/vektah/gqlparser/pull/295)
- Bump github.com/stretchr/testify from 1.4.0 to 1.9.0 in the
actions-deps group by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/vektah/gqlparser/pull/296](https://togithub.com/vektah/gqlparser/pull/296)
- Bump the actions-deps group in /validator/imported with 8 updates by
[@&#8203;dependabot](https://togithub.com/dependabot) in
[https://github.com/vektah/gqlparser/pull/297](https://togithub.com/vektah/gqlparser/pull/297)

##### New Contributors

- [@&#8203;yuchenshi](https://togithub.com/yuchenshi) made their first
contribution in
[https://github.com/vektah/gqlparser/pull/293](https://togithub.com/vektah/gqlparser/pull/293)

**Full Changelog**:
vektah/gqlparser@v2.5.11...v2.5.12

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no
schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend
Renovate](https://www.mend.io/free-developer-tools/renovate/). View the
[repository job log](https://developer.mend.io/github/infratographer/x).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4xOC4xNyIsInVwZGF0ZWRJblZlciI6IjM4LjE4LjE3IiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
  • Loading branch information
renovate[bot] authored Aug 8, 2024
1 parent b014b9c commit b59d830
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
2 changes: 1 addition & 1 deletion go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ require (
github.com/spf13/viper v1.18.2
github.com/testcontainers/testcontainers-go v0.29.1
github.com/testcontainers/testcontainers-go/modules/postgres v0.29.1
github.com/vektah/gqlparser/v2 v2.5.11
github.com/vektah/gqlparser/v2 v2.5.14
github.com/zsais/go-gin-prometheus v0.1.0
go.opentelemetry.io/contrib/instrumentation/github.com/gin-gonic/gin/otelgin v0.49.0
go.opentelemetry.io/contrib/instrumentation/github.com/labstack/echo/otelecho v0.49.0
Expand Down
4 changes: 2 additions & 2 deletions go.sum
Original file line number Diff line number Diff line change
Expand Up @@ -390,8 +390,8 @@ github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6Kllzaw
github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc=
github.com/valyala/fasttemplate v1.2.2 h1:lxLXG0uE3Qnshl9QyaK6XJxMXlQZELvChBOCmQD0Loo=
github.com/valyala/fasttemplate v1.2.2/go.mod h1:KHLXt3tVN2HBp8eijSv/kGJopbvo7S+qRAEEKiv+SiQ=
github.com/vektah/gqlparser/v2 v2.5.11 h1:JJxLtXIoN7+3x6MBdtIP59TP1RANnY7pXOaDnADQSf8=
github.com/vektah/gqlparser/v2 v2.5.11/go.mod h1:1rCcfwB2ekJofmluGWXMSEnPMZgbxzwj6FaZ/4OT8Cc=
github.com/vektah/gqlparser/v2 v2.5.14 h1:dzLq75BJe03jjQm6n56PdH1oweB8ana42wj7E4jRy70=
github.com/vektah/gqlparser/v2 v2.5.14/go.mod h1:WQQjFc+I1YIzoPvZBhUQX7waZgg3pMLi0r8KymvAE2w=
github.com/vertica/vertica-sql-go v1.3.3 h1:fL+FKEAEy5ONmsvya2WH5T8bhkvY27y/Ik3ReR2T+Qw=
github.com/vertica/vertica-sql-go v1.3.3/go.mod h1:jnn2GFuv+O2Jcjktb7zyc4Utlbu9YVqpHH/lx63+1M4=
github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4=
Expand Down

0 comments on commit b59d830

Please sign in to comment.