fix(deps): update dependency graphql to v16.8.1 [security] - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
graphql	16.7.1 -> 16.8.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2023-26144

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.

Note: It was not proven that this vulnerability can crash the process.

---

Release Notes

graphql/graphql-js (graphql)

v16.8.1

Compare Source

v16.8.1 (2023-09-19)

Bug Fix 🐞

• #​3967 OverlappingFieldsCanBeMergedRule: Fix performance degradation (@​AaronMoat)

Committers: 1

• Aaron Moat(@​AaronMoat)

v16.8.0

Compare Source

v16.8.0 (2023-08-14)

New Feature 🚀

• #​3950 Support fourfold nested lists (@​gschulze)

Committers: 1

• Gunnar Schulze(@​gschulze)

---

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[sonarcloud]

Kudos, SonarCloud Quality Gate passed!   

0 Bugs
0 Vulnerabilities
0 Security Hotspots
0 Code Smells

No Coverage information
No Duplication information

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock

➤ YN0000: ┌ Resolution step
➤ YN0002: │ @aws-sdk/token-providers@npm:3.523.0 doesn't provide @aws-sdk/credential-provider-node (pc9a53), requested by @aws-sdk/client-sso-oidc
➤ YN0002: │ @aws-sdk/token-providers@npm:3.525.0 doesn't provide @aws-sdk/credential-provider-node (pcac39), requested by @aws-sdk/client-sso-oidc
➤ YN0002: │ @lerna/version@npm:5.6.2 doesn't provide nx (p20b2d), requested by @nrwl/devkit
➤ YN0002: │ @shared/utils@workspace:shared/utils doesn't provide @swc/core (p28398), requested by @swc/jest
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (p25b1e), requested by @reach/dialog
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (p2322a), requested by @socialgouv/react-accessible-accordion
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (pda81a), requested by react-feather
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (pc8483), requested by react-tabs
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (pae870), requested by styled-components
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react (p5018a), requested by use-onclickoutside
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react-dom (p7bd1d), requested by @reach/dialog
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react-dom (p315a7), requested by @socialgouv/react-accessible-accordion
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react-dom (p463ae), requested by styled-components
➤ YN0002: │ @socialgouv/cdtn-ui@npm:4.102.2 doesn't provide react-is (p5206e), requested by styled-components
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (p6560d), requested by @tiptap/core
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (p1fe9b), requested by @tiptap/extension-code-block
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (pda644), requested by @tiptap/extension-dropcursor
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (pa1b36), requested by @tiptap/extension-gapcursor
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (p6fff9), requested by @tiptap/extension-history
➤ YN0002: │ @tiptap/starter-kit@npm:2.1.12 doesn't provide @tiptap/pm (p85123), requested by @tiptap/extension-horizontal-rule
➤ YN0002: │ babel-plugin-styled-components@npm:2.1.4 [bb3ef] doesn't provide @babel/core (p6f303), requested by @babel/plugin-syntax-jsx
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @testing-library/dom (p3b203), requested by @testing-library/user-event
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (p76d20), requested by @tiptap-pro/extension-details-content
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (p17edc), requested by @tiptap-pro/extension-details-summary
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (pd7d9d), requested by @tiptap-pro/extension-details
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (pb6f97), requested by @tiptap/extension-link
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (p06ec2), requested by @tiptap/extension-placeholder
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (pb36e0), requested by @tiptap/extension-table-cell
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (pe4bdb), requested by @tiptap/extension-table-header
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (p2de94), requested by @tiptap/extension-table-row
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (p2e5c3), requested by @tiptap/extension-table
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @tiptap/core (pbd616), requested by @tiptap/react
➤ YN0002: │ frontend@workspace:targets/frontend doesn't provide @urql/core (padd8a), requested by @urql/devtools
➤ YN0060: │ frontend@workspace:targets/frontend provides react (pf2b7a) with version 18.2.0, which doesn't satisfy what @reach/accordion and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react (p6bbce) with version 18.2.0, which doesn't satisfy what @reach/dialog and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react (p33600) with version 18.2.0, which doesn't satisfy what @reach/menu-button and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react (pfc100) with version 18.2.0, which doesn't satisfy what @reach/visually-hidden requests
➤ YN0060: │ frontend@workspace:targets/frontend provides react (p90d1a) with version 18.2.0, which doesn't satisfy what react-sortable-hoc requests
➤ YN0060: │ frontend@workspace:targets/frontend provides react-dom (p19c5b) with version 18.2.0, which doesn't satisfy what @reach/accordion and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react-dom (p3bf58) with version 18.2.0, which doesn't satisfy what @reach/dialog and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react-dom (p9cf59) with version 18.2.0, which doesn't satisfy what @reach/menu-button and some of its descendants request
➤ YN0060: │ frontend@workspace:targets/frontend provides react-dom (p29f85) with version 18.2.0, which doesn't satisfy what @reach/visually-hidden requests
➤ YN0060: │ frontend@workspace:targets/frontend provides react-dom (pe4e63) with version 18.2.0, which doesn't satisfy what react-sortable-hoc requests
➤ YN0000: │ Some peer dependencies are incorrectly met; run yarn explain peer-requirements <hash> for details, where <hash> is the six-letter p-prefixed code
➤ YN0000: └ Completed in 2s 148ms
➤ YN0000: ┌ Fetch step
➤ YN0035: │ @tiptap-pro/extension-details-content@npm:2.3.3: The remote server failed to provide the requested resource
➤ YN0035: │   Response Code: 500 (Internal Server Error)
➤ YN0035: │   Request Method: GET
➤ YN0035: │   Request URL: https://registry.tiptap.dev/@tiptap-pro/extension-details-content/-/extension-details-content-2.3.3.tgz
➤ YN0035: │   Request Retry Count: 3 (can be increased via httpRetry)
➤ YN0035: │ @tiptap-pro/extension-details-summary@npm:2.3.3: The remote server failed to provide the requested resource
➤ YN0035: │   Response Code: 500 (Internal Server Error)
➤ YN0035: │   Request Method: GET
➤ YN0035: │   Request URL: https://registry.tiptap.dev/@tiptap-pro/extension-details-summary/-/extension-details-summary-2.3.3.tgz
➤ YN0035: │   Request Retry Count: 3 (can be increased via httpRetry)
➤ YN0035: │ @tiptap-pro/extension-details@npm:2.3.3: The remote server failed to provide the requested resource
➤ YN0035: │   Response Code: 500 (Internal Server Error)
➤ YN0035: │   Request Method: GET
➤ YN0035: │   Request URL: https://registry.tiptap.dev/@tiptap-pro/extension-details/-/extension-details-2.3.3.tgz
➤ YN0035: │   Request Retry Count: 3 (can be increased via httpRetry)
➤ YN0013: │ 2207 packages were already cached, 3 had to be fetched
➤ YN0000: └ Completed in 17s 124ms
➤ YN0000: Failed with errors in 19s 279ms