NexusIQ vulnerability for apollo-server-core 3.10.0

Nexus IQ is blocking the build due to vulnerability.
Found security vulnerability sonatype-2022-3692 “Denial of Service (DoS)”

Would the vulnerability be mitigated once the cache is set to bounded?

Awaiting your response.

Hi @ry-naveen22, that is correct. Configuring the cache or disabling persisted queries are other mitigation strategies. More info here: Configuring cache backends - Apollo GraphQL Docs

Hello @trevor.scheer, thank you for the quick response.
Hoping for a non vulnerable versions in coming release!

Cheers…!
You are doing a great work!!

Kind Regards,
Naveen

1 Like

No problem. Apollo Server 4 will have a bounded cache by default. Coming soon :slightly_smiling_face: