Can we update eslint-plugin-graphql to use graphql-config version 3.4.1?

kmcgoldrick · September 1, 2021, 8:22pm

I’m getting vulnerability warnings because the graphql-config version 3.0.2 that is currently being used is dependent on an old version of @graphql-tools/url-loader that has a ws vulnerability. The dependency tree is eslint-plugin-graphql > graphql-config > @graphql-tools/url-loader > ws

I can’t push to the eslint-plugin-graphql repo otherwise I would make a PR.

Either can I have access to open a PR or does someone want to take this? Thank you!

Dylan_Wulf · September 3, 2021, 8:00pm

Looks like someone else already made a PR: Update graphql-config to version 4 by vsumner · Pull Request #311 · apollographql/eslint-plugin-graphql · GitHub

Hopefully the maintainers will see it. Looks like it’s already been open for 8 days with no updates.

Topic		Replies	Views
GraphQL Subscriptions with ExpressWS Help server	0	299	March 12, 2023
Subscriptions - WebSocket connection to 'ws://localhost:4000/graphql' failed: Help client , server , web	6	18540	May 30, 2023
Need help - Updating the apollo gateway from 0.26.1 to 2.0.0 Help	8	1312	January 30, 2023
Why subscription example from the official docs is not working correctly? General server	26	6437	November 11, 2022
Unable to reach subscription server Help server	0	844	November 11, 2022

Can we update eslint-plugin-graphql to use graphql-config version 3.4.1?

Related Topics