Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(gatsby): major dep bump for eslint-plugin-graphql #27492

Merged
merged 1 commit into from
Oct 16, 2020
Merged

chore(gatsby): major dep bump for eslint-plugin-graphql #27492

merged 1 commit into from
Oct 16, 2020

Conversation

pieh
Copy link
Contributor

@pieh pieh commented Oct 16, 2020

This fixes npm audit that currently is displayed when installing gatsby:

➜  gatsby npm audit

                       === npm audit security report ===

┌──────────────────────────────────────────────────────────────────────────────┐
│                                Manual Review                                 │
│            Some vulnerabilities require your attention to resolve            │
│                                                                              │
│         Visit https://go.npm.me/audit-guide for additional guidance          │
└──────────────────────────────────────────────────────────────────────────────┘
┌───────────────┬──────────────────────────────────────────────────────────────┐
│ Low           │ Denial of Service                                            │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Package       │ node-fetch                                                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Patched in    │ >=2.6.1 <3.0.0-beta.1|| >= 3.0.0-beta.9                      │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Dependency of │ gatsby                                                       │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ Path          │ gatsby > eslint-plugin-graphql > graphql-config >            │
│               │ graphql-request > cross-fetch > node-fetch                   │
├───────────────┼──────────────────────────────────────────────────────────────┤
│ More info     │ https://npmjs.com/advisories/1556                            │
└───────────────┴──────────────────────────────────────────────────────────────┘
found 1 low severity vulnerability in 2011 scanned packages
  1 vulnerability requires manual review. See the full report for details.
➜  gatsby npm list eslint-plugin-graphql
[email protected] /Users/misiek/test/audit-tmp/gatsby
└─┬ [email protected]
  └── [email protected]

Changelog for eslint-plugin-graphql@4 - https://github.com/apollographql/eslint-plugin-graphql/blob/master/CHANGELOG.md#v400 Only breaking change listed is dropping Node 8 support and 10 being new minimum (which is fine for us)

@gatsbot gatsbot bot added the status: triage needed Issue or pull request that need to be triaged and assigned to a reviewer label Oct 16, 2020
@pieh pieh added type: maintenance An issue or pull request describing a change that isn't a bug, feature or documentation change and removed status: triage needed Issue or pull request that need to be triaged and assigned to a reviewer labels Oct 16, 2020
vladar
vladar approved these changes Oct 16, 2020
View reviewed changes
Copy link
Contributor

@vladar vladar left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I checked their Changelog and the only breaking thing is dropping Node 8 support. So we should be good to go!

Edit: oh, missed the note at the bottom of the PR :)

@pieh pieh added the bot: merge on green Gatsbot will merge these PRs automatically when all tests passes label Oct 16, 2020
pvdz
pvdz approved these changes Oct 16, 2020
View reviewed changes
yarn.lock
@@ -25,6 +25,13 @@
resolved "https://registry.yarnpkg.com/@ardatan/aggregate-error/-/aggregate-error-0.0.1.tgz#1403ac5de10d8ca689fc1f65844c27179ae1d44f"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

More green than red ;(

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

graphql-config major bump (that's dep of eslint-plugin-graphql) added quite a bit of graphql-tools/* packages to the mix :(

@gatsbybot gatsbybot merged commit 07e5752 into master Oct 16, 2020
@delete-merged-branch delete-merged-branch bot deleted the bump-eslint-plugin-graphql branch October 16, 2020 11:26
pragmaticpat pushed a commit to pragmaticpat/gatsby that referenced this pull request Apr 28, 2022
@gatsbybot
chore(gatsby): major dep bump for eslint-plugin-graphql (gatsbyjs#27492)
139e432
This was referenced Apr 15, 2024
Open
Open
Open
Open
Open
Open
Open
@monizb monizb mentioned this pull request Apr 15, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vladar vladar vladar approved these changes

@pvdz pvdz pvdz approved these changes

Assignees
No one assigned
Labels
bot: merge on green Gatsbot will merge these PRs automatically when all tests passes type: maintenance An issue or pull request describing a change that isn't a bug, feature or documentation change
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@pieh @vladar @pvdz @gatsbybot