Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade: , , , autoprefixer, graphql, postcss #133

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

iamsatyanchal
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade multiple dependencies.

👯‍♂ The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name Versions Released on

@apollo/client
from 3.5.8 to 3.11.4 | 144 versions ahead of your current version | a month ago
on 2024-08-07
@headlessui/react
from 1.0.0 to 1.7.19 | 42 versions ahead of your current version | 5 months ago
on 2024-04-15
@heroicons/react
from 1.0.1 to 1.0.6 | 5 versions ahead of your current version | 3 years ago
on 2022-03-02
autoprefixer
from 10.2.5 to 10.4.20 | 30 versions ahead of your current version | a month ago
on 2024-08-02
graphql
from 15.5.0 to 15.9.0 | 10 versions ahead of your current version | 3 months ago
on 2024-06-21
postcss
from 8.4.5 to 8.4.41 | 36 versions ahead of your current version | a month ago
on 2024-08-05

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-BROWSERSLIST-1090194
586 Proof of Concept
Release notes
Package name: @apollo/client
  • 3.11.4 - 2024-08-07

    Patch Changes

    • #11994 41b17e5 Thanks @ jerelmiller! - Update the Modifier function type to allow cache.modify to return deeply partial data.

    • #11989 e609156 Thanks @ phryneas! - Fix a potential crash when calling clearStore while a query was running.

      Previously, calling client.clearStore() while a query was running had one of these results:

      • useQuery would stay in a loading: true state.
      • useLazyQuery would stay in a loading: true state, but also crash with a "Cannot read property 'data' of undefined" error.

      Now, in both cases, the hook will enter an error state with a networkError, and the promise returned by the useLazyQuery execute function will return a result in an error state.

    • #11994 41b17e5 Thanks @ jerelmiller! - Prevent accidental distribution on cache.modify field modifiers when a field is a union type array.

  • 3.11.3 - 2024-08-05

    Patch Changes

    • #11984 5db1659 Thanks @ jerelmiller! - Fix an issue where multiple fetches with results that returned errors would sometimes set the data property with an errorPolicy of none.

    • #11974 c95848e Thanks @ jerelmiller! - Fix an issue where fetchMore would write its result data to the cache when using it with a no-cache fetch policy.

    • #11974 c95848e Thanks @ jerelmiller! - Fix an issue where executing fetchMore with a no-cache fetch policy could sometimes result in multiple network requests.

    • #11974 c95848e Thanks @ jerelmiller! -

      Potentially disruptive change

      When calling fetchMore with a query that has a no-cache fetch policy, fetchMore will now throw if an updateQuery function is not provided. This provides a mechanism to merge the results from the fetchMore call with the query's previous result.

  • 3.11.2 - 2024-07-31

    Patch Changes

  • 3.11.1 - 2024-07-23

    Patch Changes

    • #11969 061cab6 Thanks @ jerelmiller! - Remove check for window.__APOLLO_CLIENT__ when determining whether to connect to Apollo Client Devtools when connectToDevtools or devtools.enabled is not specified. This now simply checks to see if the application is in development mode.

    • #11971 ecf77f6 Thanks @ jerelmiller! - Prevent the setTimeout for suggesting devtools from running in non-browser environments.

  • 3.11.0 - 2024-07-22

    Potentially Breaking Fixes

    • #11789 5793301 Thanks @ phryneas! - Changes usages of the GraphQLError type to GraphQLFormattedError.

      This was a type bug - these errors were never GraphQLError instances
      to begin with, and the GraphQLError class has additional properties that can
      never be correctly rehydrated from a GraphQL result.
      The correct type to use here is GraphQLFormattedError.

      Similarly, please ensure to use the type FormattedExecutionResult
      instead of ExecutionResult - the non-"Formatted" versions of these types
      are for use on the server only, but don't get transported over the network.

    • #11626 228429a Thanks @ phryneas! - Call nextFetchPolicy with "variables-changed" even if there is a fetchPolicy specified.

      Previously this would only be called when the current fetchPolicy was equal to the fetchPolicy option or the option was not specified. If you use nextFetchPolicy as a function, expect to see this function called more often.

      Due to this bug, this also meant that the fetchPolicy might be reset to the initial fetchPolicy, even when you specified a nextFetchPolicy function. If you previously relied on this behavior, you will need to update your nextFetchPolicy callback function to implement this resetting behavior.

      As an example, if your code looked like the following:

      useQuery(QUERY, {
        nextFetchPolicy(currentFetchPolicy, info) {
          // your logic here
        }
      );

      Update your function to the following to reimplement the resetting behavior:

      useQuery(QUERY, {
        nextFetchPolicy(currentFetchPolicy, info) {
          if (info.reason === 'variables-changed') {
            return info.initialFetchPolicy;
          }
          // your logic here
        }
      );

    Minor Changes

    • #11923 d88c7f8 Thanks @ jerelmiller! - Add support for subscribeToMore function to useQueryRefHandlers.

    • #11854 3812800 Thanks @ jcostello-atlassian! - Support extensions in useSubscription

    • #11923 d88c7f8 Thanks @ jerelmiller! - Add support for subscribeToMore function to useLoadableQuery.

    • #11863 98e44f7 Thanks @ phryneas! - Reimplement useSubscription to fix rules of React violations.

    • #11869 a69327c Thanks @ phryneas! - Rewrite big parts of useQuery and useLazyQuery to be more compliant with the Rules of React and React Compiler

    • #11936 1b23337 Thanks @ jerelmiller! - Add the ability to specify a name for the client instance for use with Apollo Client Devtools. This is useful when instantiating multiple clients to identify the client instance more easily. This deprecates the connectToDevtools option in favor of a new devtools configuration.

      new ApolloClient({
        devtools: {
          enabled: true,
          name: "Test Client",
        },
      });

      This option is backwards-compatible with connectToDevtools and will be used in the absense of a devtools option.

    • #11923 d88c7f8 Thanks @ jerelmiller! - Add support for subscribeToMore function to useBackgroundQuery.

    • #11930 a768575 Thanks @ jerelmiller! - Deprecates experimental schema testing utilities introduced in 3.10 in favor of recommending @ apollo/graphql-testing-library.

    Patch Changes

  • 3.11.0-rc.2 - 2024-07-15

    Patch Changes

    • #11951 0de03af Thanks @ phryneas! - add React 19 RC to peerDependencies

    • #11937 78332be Thanks @ phryneas! - createSchemaFetch: simulate serialized errors instead of an ApolloError instance

    • #11944 8f3d7eb Thanks @ sneyderdev! - Allow IgnoreModifier to be returned from a optimisticResponse function when inferring from a TypedDocumentNode when used with a generic argument.

    • #11954 4a6e86a Thanks @ phryneas! - Document (and deprecate) the previously undocumented errors property on the useQuery QueryResult type.

  • 3.11.0-rc.1 - 2024-07-10

    Patch Changes

  • 3.11.0-rc.0 - 2024-07-09

    Minor Changes

    • #11923 d88c7f8 Thanks @ jerelmiller! - Add support for subscribeToMore function to useQueryRefHandlers.

    • #11854 3812800 Thanks @ jcostello-atlassian! - Support extensions in useSubscription

    • #11923 d88c7f8 Thanks @ jerelmiller! - Add support for subscribeToMore function to useLoadableQuery.

    • #11863 98e44f7 Thanks @ phryneas! - Reimplement useSubscription to fix rules of React violations.

    • #11869 a69327c Thanks @ phryneas! - Rewrite big parts of useQuery and useLazyQuery to be more compliant with the Rules of React and React Compiler

    • #11936 1b23337 Thanks @ jerelmiller! - Add the ability to specify a name for the client instance for use with Apollo Client Devtools. This is useful when instantiating multiple clients to identify the client instance more easily. This deprecates the connectToDevtools option in favor of a new devtools configuration.

      new ApolloClient({
        devtools: {
          enabled: true,
          name: "Test Client",
        },
      });

      This option is backwards-compatible with connectToDevtools and will be used in the absense of a devtools option.

    • #11923 d88c7f8 Thanks @ jerelmiller! - Add support for subscribeToMore function to useBackgroundQuery.

    • #11789 5793301 Thanks @ phryneas! - Changes usages of the GraphQLError type to GraphQLFormattedError.

      This was a type bug - these errors were never GraphQLError instances
      to begin with, and the GraphQLError class has additional properties that can
      never be correctly rehydrated from a GraphQL result.
      The correct type to use here is GraphQLFormattedError.

      Similarly, please ensure to use the type FormattedExecutionResult
      instead of ExecutionResult - the non-"Formatted" versions of these types
      are for use on the server only, but don't get transported over the network.

    • #11930 a768575 Thanks @ jerelmiller! - Deprecates experimental schema testing utilities introduced in 3.10 in favor of recommending @ apollo/graphql-testing-library.

    Patch Changes

  • 3.10.8 - 2024-06-27

    Patch Changes

    • #11911 1f0460a Thanks @ jerelmiller! - Allow undefined to be returned from a cache.modify modifier function when a generic type argument is used.
  • 3.10.7 - 2024-06-26

    Patch Changes

  • 3.10.6 - 2024-06-21
  • 3.10.5 - 2024-06-12
  • 3.10.4 - 2024-05-15
  • 3.10.3 - 2024-05-07
  • 3.10.2 - 2024-05-03
  • 3.10.1 - 2024-04-24
  • 3.10.0 - 2024-04-24
  • 3.10.0-rc.1 - 2024-04-15
  • 3.10.0-rc.0 - 2024-04-02
  • 3.10.0-alpha.1 - 2024-03-18
  • 3.9.11 - 2024-04-10
  • 3.9.10 - 2024-04-01
  • 3.9.9 - 2024-03-22
  • 3.9.8 - 2024-03-20
  • 3.9.7 - 2024-03-13
  • 3.9.6 - 2024-03-06
  • 3.9.5 - 2024-02-15
  • 3.9.4 - 2024-02-07
  • 3.9.3 - 2024-02-06
  • 3.9.2 - 2024-02-01
  • 3.9.1 - 2024-01-31
  • 3.9.0 - 2024-01-30
  • 3.9.0-rc.1 - 2024-01-18
  • 3.9.0-rc.0 - 2024-01-17
  • 3.9.0-beta.1 - 2023-12-21
  • 3.9.0-beta.0 - 2023-12-18
  • 3.9.0-alpha.5 - 2023-12-05
  • 3.9.0-alpha.4 - 2023-11-08
  • 3.9.0-alpha.3 - 2023-11-02
  • 3.9.0-alpha.2 - 2023-10-11
  • 3.9.0-alpha.1 - 2023-09-21
  • 3.9.0-alpha.0 - 2023-09-19
  • 3.8.10 - 2024-01-18
  • 3.8.9 - 2024-01-09
  • 3.8.8 - 2023-11-29
  • 3.8.7 - 2023-11-02
  • 3.8.6 - 2023-10-16
  • 3.8.5 - 2023-10-05
  • 3.8.4 - 2023-09-19
  • 3.8.3 - 2023-09-05
  • 3.8.2 - 2023-09-01
  • 3.8.1 - 2023-08-10
  • 3.8.0 - 2023-08-07
  • 3.8.0-rc.2 - 2023-08-01
  • 3.8.0-rc.1 - 2023-07-17
  • 3.8.0-rc.0 - 2023-07-13
  • 3.8.0-beta.7 - 2023-07-10
  • 3.8.0-beta.6 - 2023-07-05
  • 3.8.0-beta.5 - 2023-06-28
  • 3.8.0-beta.4 - 2023-06-20
  • 3.8.0-beta.3 - 2023-06-15
  • 3.8.0-beta.2 - 2023-06-07
  • 3.8.0-beta.1 - 2023-05-31
  • 3.8.0-beta.0 - 2023-05-26
  • 3.8.0-alpha.15 - 2023-05-17
  • 3.8.0-alpha.14 - 2023-05-16
  • 3.8.0-alpha.13 - 2023-05-03
  • 3.8.0-alpha.12 - 2023-04-13
  • 3.8.0-alpha.11 - 2023-03-28
  • 3.8.0-alpha.10 - 2023-03-17
  • 3.8.0-alpha.9 - 2023-03-15
  • 3.8.0-alpha.8 - 2023-03-02
  • 3.8.0-alpha.7 - 2023-02-15
  • 3.8.0-alpha.6 - 2023-02-07
  • 3.8.0-alpha.5 - 2023-01-19
  • 3.8.0-alpha.4 - 2023-01-13
  • 3.8.0-alpha.3 - 2023-01-03
  • 3.8.0-alpha.2 - 2022-12-21
  • 3.8.0-alpha.1 - 2022-12-21
  • 3.8.0-alpha.0 - 2022-12-09
  • 3.7.17 - 2023-07-05
  • 3.7.16 - 2023-06-20
  • 3.7.15 - 2023-05-26
  • 3.7.14 - 2023-05-03
  • 3.7.13 - 2023-04-27
  • 3.7.12 - 2023-04-12
  • 3.7.11 - 2023-03-31
  • 3.7.10 - 2023-03-02
  • 3.7.9 - 2023-02-17
  • 3.7.8 - 2023-02-15
  • 3.7.7 - 2023-02-03
  • 3.7.6 - 2023-01-31
  • 3.7.5 - 2023-01-24
  • 3.7.4 - 2023-01-13
  • 3.7.3 - 2022-12-15
  • 3.7.2 - 2022-12-06
  • 3.7.1 - 2022-10-20
  • 3.7.0 - 2022-09-30
  • 3.7.0-rc.0 - 2022-09-21
  • 3.7.0-beta.8 - 2022-09-21
  • 3.7.0-beta.7 - 2022-09-08
  • 3.7.0-beta.6 - 2022-06-27
  • 3.7.0-beta.5 - 2022-06-10
  • 3.7.0-beta.4 - 2022-06-10
  • 3.7.0-beta.3 - 2022-06-07
  • 3.7.0-beta.2 - 2022-06-07
  • 3.7.0-beta.1 - 2022-05-26
  • 3.7.0-beta.0 - 2022-05-25
  • 3.7.0-alpha.6 - 2022-05-19
  • 3.7.0-alpha.5 - 2022-05-16
  • 3.7.0-alpha.4 - 2022-05-13
  • 3.7.0-alpha.3 - 2022-05-09
  • 3.7.0-alpha.2 - 2022-05-03
  • 3.7.0-alpha.1 - 2022-05-03
  • 3.7.0-alpha.0 - 2022-04-27
  • 3.6.10 - 2022-09-29
  • 3.6.9 - 2022-06-21
  • 3.6.8 - 2022-06-10
  • 3.6.7 - 2022-06-10
  • 3.6.6 - 2022-05-26
  • 3.6.5 - 2022-05-23
  • 3.6.4 - 2022-05-16
  • 3.6.3 - 2022-05-05
  • 3.6.2 - 2022-05-03
  • 3.6.1 - 2022-04-28
  • 3.6.0 - 2022-04-26
  • 3.6.0-rc.1 - 2022-04-19
  • 3.6.0-rc.0 - 2022-04-18
  • 3.6.0-beta.13 - 2022-04-14
  • 3.6.0-beta.12 - 2022-04-11
  • 3.6.0-beta.11 - 2022-04-05
  • 3.6.0-beta.10 - 2022-03-29
  • 3.6.0-beta.9 - 2022-03-10
  • 3.6.0-beta.8 - 2022-03-10
  • 3.6.0-beta.7 - 2022-03-10
  • 3.6.0-beta.6 - 2022-02-15
  • 3.6.0-beta.5 - 2022-02-04
  • 3.6.0-beta.4 - 2022-02-03
  • 3.6.0-beta.3 - 2021-11-23
  • 3.6.0-beta.2 - 2021-11-22
  • 3.6.0-beta.1 - 2021-11-16
  • 3.6.0-beta.0 - 2021-11-16
  • 3.5.10 - 2022-02-24
  • 3.5.9 - 2022-02-15
  • 3.5.8 - 2022-01-24
from @apollo/client GitHub release notes
Package name: @headlessui/react
  • 1.7.19 - 2024-04-15
  • 1.7.18 - 2024-01-08
  • 1.7.17 - 2023-08-17
  • 1.7.16 - 2023-07-27
  • 1.7.15 - 2023-06-01
  • 1.7.14 - 2023-04-12
  • 1.7.13 - 2023-03-03
  • 1.7.12 - 2023-02-24
  • 1.7.11 - 2023-02-15
  • 1.7.10 - 2023-02-06
  • 1.7.9 - 2023-02-03
  • 1.7.8 - 2023-01-27
  • 1.7.7 - 2022-12-16
  • 1.7.6 - 2022-12-15
  • 1.7.5 - 2022-12-08
  • 1.7.4 - 2022-11-03
  • 1.7.3 - 2022-09-30
  • 1.7.2 - 2022-09-15
  • 1.7.1 - 2022-09-12
  • 1.7.0 - 2022-09-06
  • 1.6.6 - 2022-07-07
  • 1.6.5 - 2022-06-20
  • 1.6.4 - 2022-05-29
  • 1.6.3 - 2022-05-25
  • 1.6.2 - 2022-05-19
  • 1.6.1 - 2022-05-03
  • 1.6.0 - 2022-04-25
  • 1.5.0 - 2022-02-17
  • 1.4.3 - 2022-01-14
  • 1.4.2 - 2021-11-08
  • 1.4.1 - 2021-08-30
  • 1.4.0 - 2021-07-29
  • 1.3.0 - 2021-06-21
  • 1.2.0 - 2021-05-10
  • 1.2.0-e56dd07 - 2021-06-15
  • 1.2.0-d0e27ff - 2021-05-20
  • 1.2.0-2279cd9 - 2021-05-12
  • 1.1.1 - 2021-04-28
  • 1.1.1-c13e6b7 - 2021-05-04
  • 1.1.1-ab92811 - 2021-05-03
  • 1.1.1-084a249 - 2021-05-07
  • 1.1.0 - 2021-04-26
  • 1.0.0 - 2021-04-14
from @headlessui/react GitHub release notes
Package name: @heroicons/react
  • 1.0.6 - 2022-03-02

    Added

    • Add forwardRef support for React components (#614)

    Fixed

    • Add sideEffects to package.json files (#572)
    • Fix folder icons (#598)
    • Fix Vue TypeScript declarations (#608)
    • Move stroke-width from path to svg (#631)
  • 1.0.5 - 2021-10-22

    Fixed

    • Add MIT license to package.json files (#317)
    • Add aria-hidden="true" attribute (#261)
    • Fix solid arrows-expand fill color (#515)
    • Add {"type": "module"} to esm package.json files
  • 1.0.4 - 2021-08-17

    Fixed

    • Fix Vue type declarations (#322)
  • 1.0.3 - 2021-07-26

    Added

    • Add Vue type declarations (#254)
  • 1.0.2 - 2021-07-09

    Fixed

    • Add correct plus icons
  • 1.0.1 - 2021-04-14

    Added

    • Add small arrow icons (arrow-sm-up, arrow-sm-right, arrow-sm-down, arrow-sm-left)
from @heroicons/react GitHub release notes
Package name: autoprefixer
  • 10.4.20 - 2024-08-02
    • Fixed fit-content prefix for Firefox.
  • 10.4.19 - 2024-03-20
    • Removed end value has mixed support, consider using flex-end warning since end/start now have good support.
  • 10.4.18 - 2024-03-01
    • Fixed removing -webkit-box-orient on -webkit-line-clamp (@ Goodwine).
  • 10.4.17 - 2024-01-17
    • Fixed user-select: contain prefixes.
  • 10.4.16 - 2023-09-20
  • 10.4.15 - 2023-08-13
  • 10.4.14 - 2023-03-09
    • Improved startup time and reduced JS bundle size (by @ Knagis).
  • 10.4.13 - 2022-10-27
    • Fixed missed prefixes on vendor prefixes in name of CSS Custom Property.
  • 10.4.12 - 2022-09-20
    • Fixed support of unit-less zero angle in backgrounds (by @ yisibl).
  • 10.4.11 - 2022-09-14
    • Fixed text-decoration prefixes by moving to MDN data (by @ romainmenke).
  • 10.4.10 - 2022-09-13
  • 10.4.9 - 2022-09-11
  • 10.4.8 - 2022-07-29
  • 10.4.7 - 2022-05-02
  • 10.4.6 - 2022-05-01
  • 10.4.5 - 2022-04-23
  • 10.4.4 - 2022-03-16
  • 10.4.3 - 2022-03-15
  • 10.4.2 - 2022-01-07
  • 10.4.1 - 2021-12-29
  • 10.4.0 - 2021-10-28
  • 10.3.7 - 2021-10-04
  • 10.3.6 - 2021-09-26
  • 10.3.5 - 2021-09-22
  • 10.3.4 - 2021-09-02
  • 10.3.3 - 2021-08-26
  • 10.3.2 - 2021-08-21
  • 10.3.1 - 2021-07-12
  • 10.3.0 - 2021-07-10
  • 10.2.6 - 2021-05-26
  • 10.2.5 - 2021-03-05
from autoprefixer GitHub release notes
Package name: graphql
  • 15.9.0 - 2024-06-21

    v15.9.0 (2024-06-21)

    New Feature 🚀

    • #4120 backport[v15]: Introduce "recommended" validation rules (@ benjie)

    Bug Fix 🐞

    • #3708 Fix crash in node when mixing sync/async resolvers (backport of #3706) (@ chrskrchr)
    • #4000 Backport "Prevent Infinite Loop in OverlappingFieldsCanBeMergedRule" to v15 (@ benjie)

    Internal 🏠

    Committers: 2

  • 15.8.0 - 2021-12-07
  • 15.7.2 - 2021-10-28
  • 15.7.1 - 2021-10-27
  • 15.7.0 - 2021-10-26
  • 15.6.1 - 2021-10-05
  • 15.6.0 - 2021-09-20
  • 15.5.3 - 2021-09-06
  • 15.5.2 - 2021-08-30
  • 15.5.1 - 2021-06-20
  • 15.5.0 - 2021-01-26
from graphql GitHub release notes
Package name: postcss

Snyk has created this PR to upgrade:
  - @apollo/client from 3.5.8 to 3.11.4.
    See this package in npm: https://www.npmjs.com/package/@apollo/client
  - @headlessui/react from 1.0.0 to 1.7.19.
    See this package in npm: https://www.npmjs.com/package/@headlessui/react
  - @heroicons/react from 1.0.1 to 1.0.6.
    See this package in npm: https://www.npmjs.com/package/@heroicons/react
  - autoprefixer from 10.2.5 to 10.4.20.
    See this package in npm: https://www.npmjs.com/package/autoprefixer
  - graphql from 15.5.0 to 15.9.0.
    See this package in npm: https://www.npmjs.com/package/graphql
  - postcss from 8.4.5 to 8.4.41.
    See this package in npm: https://www.npmjs.com/package/postcss

See this project in Snyk:
https://app.snyk.io/org/quickhalewebtech/project/a1340cc5-f5ed-4b31-b999-6d88bc113dcb?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

nextFetchPolicy function is not called sometimes
2 participants