Elgato_dark/console
1
0
Fork 0
mirror of https://github.com/graphql-hive/console synced 2026-04-21 14:37:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

fix: bump axios and address vulnerability (#7667)

Browse source
This commit is contained in:
Laurin 2026-02-10 10:43:51 +01:00 committed by GitHub
parent 1dc9f0dfd4
commit 0803cedb3a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 251 additions and 56 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
.changeset/real-carrots-eat.md Normal file
View file

@ -0,0 +1,5 @@
---
'hive': patch
---
Update dependency `axios` to `1.13.5`, to address vulnerability `CVE-2026-25639`.

51
integration-tests/tests/api/schema/schema-version.spec.ts
View file

@ -68,33 +68,36 @@ test.concurrent(
},
);
test.concurrent('valid monolith schema ignores the schema composition auto fix', async () => {
const { createOrg } = await initSeed().createOwner();
const { createProject } = await createOrg();
const { createTargetAccessToken } = await createProject(ProjectType.Single);
const token = await createTargetAccessToken({});
test.concurrent(
'valid monolith schema ignores the schema composition auto fix',
async ({ expect }) => {
const { createOrg } = await initSeed().createOwner();
const { createProject } = await createOrg();
const { createTargetAccessToken } = await createProject(ProjectType.Single);
const token = await createTargetAccessToken({});
const sdl = /* GraphQL */ `
schema {
query: RootQueryType
}
const sdl = /* GraphQL */ `
schema {
query: RootQueryType
}
type Link {
link: String
}
type Link {
link: String
}
type RootQueryType {
foo: Link
}
`;
type RootQueryType {
foo: Link
}
`;
await token
.publishSchema({
sdl,
})
.then(r => r.expectNoGraphQLErrors());
await token
.publishSchema({
sdl,
})
.then(r => r.expectNoGraphQLErrors());
const schema = await token.fetchLatestValidSchema();
const schema = await token.fetchLatestValidSchema();
expect(schema.latestValidVersion?.sdl).toMatchInlineSnapshot(sdl);
});
expect(schema.latestValidVersion?.sdl).toMatchInlineSnapshot(sdl);
},
);

251
pnpm-lock.yaml
View file

@ -1350,7 +1350,7 @@ importers:
version: 1.0.9(pino@10.3.0)
'@graphql-hive/plugin-opentelemetry':
specifier: 1.3.0
version: 1.3.0(encoding@0.1.13)(graphql@16.12.0)(ioredis@5.8.2)(pino@10.3.0)(ws@8.18.0)
version: 1.3.0(encoding@0.1.13)(graphql@16.12.0)(pino@10.3.0)(ws@8.18.0)
'@opentelemetry/api':
specifier: 1.9.0
version: 1.9.0
@ -10570,8 +10570,8 @@ packages:
resolution: {integrity: sha512-M0JtH+hlOL5pLQwHOLNYZaXuhqmvS8oExsqB1SBYgA4Dk7u/xx+YdGHXaK5pyUfed5mYXdlYiphWq3G8cRi5JQ==}
engines: {node: '>=4'}
axios@1.12.2:
resolution: {integrity: sha512-vMJzPewAlRyOgxV2dU0Cuz2O8zzzx9VYtbJOaBgXFeLc4IV/Eg50n4LowmehOOR61S8ZMpc2K5Sa7g6A4jfkUw==}
axios@1.13.5:
resolution: {integrity: sha512-cz4ur7Vb0xS4/KUN0tPWe44eqxrIu31me+fbang3ijiNscE129POzipJJA6zniq2C/Z6sJCjMimjS8Lc/GAs8Q==}
axobject-query@3.2.1:
resolution: {integrity: sha512-jsyHu61e6N4Vbz/v18DHwWYKK0bSWLqn47eeDSKPB7m8tqMHF9YJ+mhIk2lVteyZrY8tnSj/jHOv4YiTCuCJgg==}
@ -12102,10 +12102,6 @@ packages:
resolution: {integrity: sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==}
engines: {node: '>= 0.4'}
es-set-tostringtag@2.0.2:
resolution: {integrity: sha512-BuDyupZt65P9D2D2vA/zqcI3G5xRsklm5N3xCwuiy+/vKy8i0ifdsQP1sLgO4tZDSCaQUSnmC48khknGMV3D2Q==}
engines: {node: '>= 0.4'}
es-set-tostringtag@2.1.0:
resolution: {integrity: sha512-j6vWzfrGVfyXxge+O0x5sh6cvxAog0a/4Rdd2K36zCMV5eJ+/+tOAngRO8cODMNWbVRdVlmGZQL2YS3yR8bIUA==}
engines: {node: '>= 0.4'}
@ -12704,6 +12700,10 @@ packages:
resolution: {integrity: sha512-KrGhL9Q4zjj0kiUt5OO4Mr/A/jlI2jDYs5eHBpYHPcBEVSiipAvn2Ko2HnPe20rmcuuvMHNdZFp+4IlGTMF0Ow==}
engines: {node: '>= 6'}
form-data@4.0.5:
resolution: {integrity: sha512-8RipRLol37bNs2bhoV67fiTEvdTrbMUYcFTiy3+wuuOnUog2QBHCZWXDRijWQfAkhBj2Uf5UnVaiWwA5vdd82w==}
engines: {node: '>= 6'}
format@0.2.2:
resolution: {integrity: sha512-wzsgA6WOq+09wrU1tsJ09udeR/YZRaeArL9e1wPbFg3GG2yDnC2ldKpxs4xunpFF9DgqCqOIra3bc1HWrJ37Ww==}
engines: {node: '>=0.4.x'}
@ -12838,10 +12838,6 @@ packages:
resolution: {integrity: sha512-QZjmEOC+IT1uk6Rx0sX22V6uHWVwbdbxf1faPqJ1QhLdGgsRGCZoyaQBm/piRdJy/D2um6hM1UP7ZEeQ4EkP+Q==}
engines: {node: '>=18'}
get-intrinsic@1.2.4:
resolution: {integrity: sha512-5uYhsJH8VJBTv7oslg4BznJYhDoRI6waYCxMmCdnTrcCrHA/fCFKoTFz2JKKE0HdDFUF7/oQuhzumXJK7paBRQ==}
engines: {node: '>= 0.4'}
get-intrinsic@1.3.0:
resolution: {integrity: sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==}
engines: {node: '>= 0.4'}
@ -22697,6 +22693,56 @@ snapshots:
- winston
- ws
'@graphql-hive/gateway-runtime@2.5.0(graphql@16.12.0)(pino@10.3.0)(ws@8.18.0)':
dependencies:
'@envelop/core': 5.4.0
'@envelop/disable-introspection': 9.0.0(@envelop/core@5.4.0)(graphql@16.12.0)
'@envelop/generic-auth': 11.0.0(@envelop/core@5.4.0)(graphql@16.12.0)
'@envelop/instrumentation': 1.0.0
'@graphql-hive/core': 0.18.0(graphql@16.12.0)(pino@10.3.0)
'@graphql-hive/logger': 1.0.9(pino@10.3.0)
'@graphql-hive/pubsub': 2.1.1(ioredis@5.8.2)
'@graphql-hive/signal': 2.0.0
'@graphql-hive/yoga': 0.46.0(graphql-yoga@5.17.1(graphql@16.12.0))(graphql@16.12.0)(pino@10.3.0)
'@graphql-mesh/cross-helpers': 0.4.10(graphql@16.12.0)
'@graphql-mesh/fusion-runtime': 1.6.2(@types/node@25.0.2)(graphql@16.12.0)(pino@10.3.0)
'@graphql-mesh/hmac-upstream-signature': 2.0.8(graphql@16.12.0)
'@graphql-mesh/plugin-response-cache': 0.104.18(graphql@16.12.0)
'@graphql-mesh/transport-common': 1.0.12(graphql@16.12.0)(pino@10.3.0)
'@graphql-mesh/types': 0.104.16(graphql@16.12.0)(ioredis@5.8.2)
'@graphql-mesh/utils': 0.104.16(graphql@16.12.0)
'@graphql-tools/batch-delegate': 10.0.8(graphql@16.12.0)
'@graphql-tools/delegate': 12.0.2(graphql@16.12.0)
'@graphql-tools/executor-common': 1.0.5(graphql@16.12.0)
'@graphql-tools/executor-http': 3.0.7(@types/node@25.0.2)(graphql@16.12.0)
'@graphql-tools/federation': 4.2.6(@types/node@25.0.2)(graphql@16.12.0)
'@graphql-tools/stitch': 10.1.6(graphql@16.12.0)
'@graphql-tools/utils': 10.11.0(graphql@16.12.0)
'@graphql-tools/wrap': 11.1.2(graphql@16.12.0)
'@graphql-yoga/plugin-apollo-usage-report': 0.12.1(@envelop/core@5.4.0)(graphql-yoga@5.17.1(graphql@16.12.0))(graphql@16.12.0)
'@graphql-yoga/plugin-csrf-prevention': 3.16.2(graphql-yoga@5.17.1(graphql@16.12.0))
'@graphql-yoga/plugin-defer-stream': 3.16.2(graphql-yoga@5.17.1(graphql@16.12.0))(graphql@16.12.0)
'@graphql-yoga/plugin-persisted-operations': 3.16.2(graphql-yoga@5.17.1(graphql@16.12.0))(graphql@16.12.0)
'@types/node': 25.0.2
'@whatwg-node/disposablestack': 0.0.6
'@whatwg-node/promise-helpers': 1.3.2
'@whatwg-node/server': 0.10.17
'@whatwg-node/server-plugin-cookies': 1.0.5
graphql: 16.12.0
graphql-ws: 6.0.6(graphql@16.12.0)(ws@8.18.0)
graphql-yoga: 5.17.1(graphql@16.12.0)
tslib: 2.8.1
transitivePeerDependencies:
- '@fastify/websocket'
- '@logtape/logtape'
- '@nats-io/nats-core'
- crossws
- ioredis
- pino
- uWebSockets.js
- winston
- ws
'@graphql-hive/gateway-runtime@2.5.0(graphql@16.9.0)(ioredis@5.8.2)(pino@10.3.0)(ws@8.18.0)':
dependencies:
'@envelop/core': 5.4.0
@ -22882,6 +22928,45 @@ snapshots:
- winston
- ws
'@graphql-hive/plugin-opentelemetry@1.3.0(encoding@0.1.13)(graphql@16.12.0)(pino@10.3.0)(ws@8.18.0)':
dependencies:
'@graphql-hive/core': 0.18.0(graphql@16.12.0)(pino@10.3.0)
'@graphql-hive/gateway-runtime': 2.5.0(graphql@16.12.0)(pino@10.3.0)(ws@8.18.0)
'@graphql-hive/logger': 1.0.9(pino@10.3.0)
'@graphql-mesh/cross-helpers': 0.4.10(graphql@16.12.0)
'@graphql-mesh/transport-common': 1.0.12(graphql@16.12.0)(pino@10.3.0)
'@graphql-mesh/types': 0.104.16(graphql@16.12.0)(ioredis@5.8.2)
'@graphql-mesh/utils': 0.104.16(graphql@16.12.0)
'@graphql-tools/utils': 10.11.0(graphql@16.12.0)
'@opentelemetry/api': 1.9.0
'@opentelemetry/api-logs': 0.208.0
'@opentelemetry/auto-instrumentations-node': 0.67.2(@opentelemetry/api@1.9.0)(@opentelemetry/core@2.2.0(@opentelemetry/api@1.9.0))(encoding@0.1.13)
'@opentelemetry/context-async-hooks': 2.2.0(@opentelemetry/api@1.9.0)
'@opentelemetry/core': 2.2.0(@opentelemetry/api@1.9.0)
'@opentelemetry/exporter-trace-otlp-grpc': 0.208.0(@opentelemetry/api@1.9.0)
'@opentelemetry/exporter-trace-otlp-http': 0.208.0(@opentelemetry/api@1.9.0)
'@opentelemetry/instrumentation': 0.208.0(@opentelemetry/api@1.9.0)
'@opentelemetry/resources': 2.2.0(@opentelemetry/api@1.9.0)
'@opentelemetry/sdk-logs': 0.208.0(@opentelemetry/api@1.9.0)
'@opentelemetry/sdk-node': 0.208.0(@opentelemetry/api@1.9.0)
'@opentelemetry/sdk-trace-base': 2.2.0(@opentelemetry/api@1.9.0)
'@opentelemetry/semantic-conventions': 1.38.0
'@whatwg-node/promise-helpers': 1.3.2
graphql: 16.12.0
tslib: 2.8.1
transitivePeerDependencies:
- '@fastify/websocket'
- '@logtape/logtape'
- '@nats-io/nats-core'
- crossws
- encoding
- ioredis
- pino
- supports-color
- uWebSockets.js
- winston
- ws
'@graphql-hive/plugin-opentelemetry@1.3.0(encoding@0.1.13)(graphql@16.9.0)(ioredis@5.8.2)(pino@10.3.0)(ws@8.18.0)':
dependencies:
'@graphql-hive/core': 0.18.0(graphql@16.9.0)(pino@10.3.0)
@ -23362,6 +23447,37 @@ snapshots:
- pino
- winston
'@graphql-mesh/fusion-runtime@1.6.2(@types/node@25.0.2)(graphql@16.12.0)(pino@10.3.0)':
dependencies:
'@envelop/core': 5.4.0
'@envelop/instrumentation': 1.0.0
'@graphql-hive/logger': 1.0.9(pino@10.3.0)
'@graphql-mesh/cross-helpers': 0.4.10(graphql@16.12.0)
'@graphql-mesh/transport-common': 1.0.12(graphql@16.12.0)(pino@10.3.0)
'@graphql-mesh/types': 0.104.16(graphql@16.12.0)(ioredis@5.8.2)
'@graphql-mesh/utils': 0.104.16(graphql@16.12.0)
'@graphql-tools/batch-execute': 10.0.4(graphql@16.12.0)
'@graphql-tools/delegate': 12.0.2(graphql@16.12.0)
'@graphql-tools/executor': 1.4.13(graphql@16.12.0)
'@graphql-tools/federation': 4.2.6(@types/node@25.0.2)(graphql@16.12.0)
'@graphql-tools/merge': 9.1.5(graphql@16.12.0)
'@graphql-tools/stitch': 10.1.6(graphql@16.12.0)
'@graphql-tools/stitching-directives': 4.0.8(graphql@16.12.0)
'@graphql-tools/utils': 10.11.0(graphql@16.12.0)
'@graphql-tools/wrap': 11.1.2(graphql@16.12.0)
'@whatwg-node/disposablestack': 0.0.6
'@whatwg-node/promise-helpers': 1.3.2
graphql: 16.12.0
graphql-yoga: 5.17.1(graphql@16.12.0)
tslib: 2.8.1
transitivePeerDependencies:
- '@logtape/logtape'
- '@nats-io/nats-core'
- '@types/node'
- ioredis
- pino
- winston
'@graphql-mesh/fusion-runtime@1.6.2(@types/node@25.0.2)(graphql@16.9.0)(ioredis@5.8.2)(pino@10.3.0)':
dependencies:
'@envelop/core': 5.4.0
@ -23393,6 +23509,21 @@ snapshots:
- pino
- winston
'@graphql-mesh/hmac-upstream-signature@2.0.8(graphql@16.12.0)':
dependencies:
'@graphql-mesh/cross-helpers': 0.4.10(graphql@16.12.0)
'@graphql-mesh/types': 0.104.16(graphql@16.12.0)(ioredis@5.8.2)
'@graphql-mesh/utils': 0.104.16(graphql@16.12.0)
'@graphql-tools/executor-common': 1.0.5(graphql@16.12.0)
'@graphql-tools/utils': 10.10.3(graphql@16.12.0)
'@whatwg-node/promise-helpers': 1.3.2
graphql: 16.12.0
json-stable-stringify: 1.3.0
tslib: 2.8.1
transitivePeerDependencies:
- '@nats-io/nats-core'
- ioredis
'@graphql-mesh/hmac-upstream-signature@2.0.8(graphql@16.12.0)(ioredis@5.8.2)':
dependencies:
'@graphql-mesh/cross-helpers': 0.4.10(graphql@16.12.0)
@ -23502,6 +23633,25 @@ snapshots:
- '@nats-io/nats-core'
- ioredis
'@graphql-mesh/plugin-response-cache@0.104.18(graphql@16.12.0)':
dependencies:
'@envelop/core': 5.4.0
'@envelop/response-cache': 9.0.0(@envelop/core@5.4.0)(graphql@16.12.0)
'@graphql-mesh/cross-helpers': 0.4.10(graphql@16.12.0)
'@graphql-mesh/string-interpolation': 0.5.9(graphql@16.12.0)
'@graphql-mesh/types': 0.104.16(graphql@16.12.0)(ioredis@5.8.2)
'@graphql-mesh/utils': 0.104.16(graphql@16.12.0)
'@graphql-tools/utils': 10.9.1(graphql@16.12.0)
'@graphql-yoga/plugin-response-cache': 3.15.4(graphql-yoga@5.16.2(graphql@16.12.0))(graphql@16.12.0)
'@whatwg-node/promise-helpers': 1.3.2
cache-control-parser: 2.0.6
graphql: 16.12.0
graphql-yoga: 5.16.2(graphql@16.12.0)
tslib: 2.8.1
transitivePeerDependencies:
- '@nats-io/nats-core'
- ioredis
'@graphql-mesh/plugin-response-cache@0.104.18(graphql@16.12.0)(ioredis@5.8.2)':
dependencies:
'@envelop/core': 5.4.0
@ -23589,6 +23739,25 @@ snapshots:
- pino
- winston
'@graphql-mesh/transport-common@1.0.12(graphql@16.12.0)(pino@10.3.0)':
dependencies:
'@envelop/core': 5.4.0
'@graphql-hive/logger': 1.0.9(pino@10.3.0)
'@graphql-hive/pubsub': 2.1.1(ioredis@5.8.2)
'@graphql-hive/signal': 2.0.0
'@graphql-mesh/types': 0.104.16(graphql@16.12.0)(ioredis@5.8.2)
'@graphql-tools/executor': 1.4.13(graphql@16.12.0)
'@graphql-tools/executor-common': 1.0.5(graphql@16.12.0)
'@graphql-tools/utils': 10.10.3(graphql@16.12.0)
graphql: 16.12.0
tslib: 2.8.1
transitivePeerDependencies:
- '@logtape/logtape'
- '@nats-io/nats-core'
- ioredis
- pino
- winston
'@graphql-mesh/transport-common@1.0.12(graphql@16.9.0)(ioredis@5.8.2)(pino@10.3.0)':
dependencies:
'@envelop/core': 5.4.0
@ -23705,6 +23874,30 @@ snapshots:
- '@nats-io/nats-core'
- ioredis
'@graphql-mesh/utils@0.104.16(graphql@16.12.0)':
dependencies:
'@envelop/instrumentation': 1.0.0
'@graphql-mesh/cross-helpers': 0.4.10(graphql@16.12.0)
'@graphql-mesh/string-interpolation': 0.5.9(graphql@16.12.0)
'@graphql-mesh/types': 0.104.16(graphql@16.12.0)(ioredis@5.8.2)
'@graphql-tools/batch-delegate': 10.0.5(graphql@16.12.0)
'@graphql-tools/delegate': 11.1.3(graphql@16.12.0)
'@graphql-tools/utils': 10.9.1(graphql@16.12.0)
'@graphql-tools/wrap': 11.0.5(graphql@16.12.0)
'@whatwg-node/disposablestack': 0.0.6
'@whatwg-node/fetch': 0.10.13
'@whatwg-node/promise-helpers': 1.3.1
dset: 3.1.4
graphql: 16.12.0
js-yaml: 4.1.1
lodash.get: 4.4.2
lodash.topath: 4.5.2
tiny-lru: 11.4.7
tslib: 2.8.1
transitivePeerDependencies:
- '@nats-io/nats-core'
- ioredis
'@graphql-mesh/utils@0.104.16(graphql@16.12.0)(ioredis@5.8.2)':
dependencies:
'@envelop/instrumentation': 1.0.0
@ -29621,7 +29814,7 @@ snapshots:
'@slack/types': 2.16.0
'@types/node': 22.10.5
'@types/retry': 0.12.0
axios: 1.12.2(debug@4.4.1)
axios: 1.13.5(debug@4.4.1)
eventemitter3: 5.0.1
form-data: 4.0.4
is-electron: 2.2.2
@ -32190,10 +32383,10 @@ snapshots:
axe-core@4.7.0: {}
axios@1.12.2(debug@4.4.1):
axios@1.13.5(debug@4.4.1):
dependencies:
follow-redirects: 1.15.11(debug@4.4.1)
form-data: 4.0.4
form-data: 4.0.5
proxy-from-env: 1.1.0
transitivePeerDependencies:
- debug
@ -33515,7 +33708,7 @@ snapshots:
dependencies:
call-bind: 1.0.7
es-get-iterator: 1.1.2
get-intrinsic: 1.2.4
get-intrinsic: 1.3.0
is-arguments: 1.1.1
is-date-object: 1.0.5
is-regex: 1.1.4
@ -33853,7 +34046,7 @@ snapshots:
arraybuffer.prototype.slice: 1.0.2
available-typed-arrays: 1.0.5
call-bind: 1.0.7
es-set-tostringtag: 2.0.2
es-set-tostringtag: 2.1.0
es-to-primitive: 1.2.1
function.prototype.name: 1.1.6
get-intrinsic: 1.3.0
@ -33910,7 +34103,7 @@ snapshots:
call-bind: 1.0.7
define-properties: 1.2.1
es-abstract: 1.22.3
es-set-tostringtag: 2.0.2
es-set-tostringtag: 2.1.0
function-bind: 1.1.2
get-intrinsic: 1.3.0
globalthis: 1.0.3
@ -33927,12 +34120,6 @@ snapshots:
dependencies:
es-errors: 1.3.0
es-set-tostringtag@2.0.2:
dependencies:
get-intrinsic: 1.3.0
has-tostringtag: 1.0.2
hasown: 2.0.2
es-set-tostringtag@2.1.0:
dependencies:
es-errors: 1.3.0
@ -34785,6 +34972,14 @@ snapshots:
hasown: 2.0.2
mime-types: 2.1.35
form-data@4.0.5:
dependencies:
asynckit: 0.4.0
combined-stream: 1.0.8
es-set-tostringtag: 2.1.0
hasown: 2.0.2
mime-types: 2.1.35
format@0.2.2: {}
formdata-polyfill@4.0.10:
@ -34927,14 +35122,6 @@ snapshots:
get-east-asian-width@1.4.0: {}
get-intrinsic@1.2.4:
dependencies:
es-errors: 1.3.0
function-bind: 1.1.2
has-proto: 1.0.1
has-symbols: 1.1.0
hasown: 2.0.2
get-intrinsic@1.3.0:
dependencies:
call-bind-apply-helpers: 1.0.2
@ -41619,7 +41806,7 @@ snapshots:
twilio@4.23.0(debug@4.4.1):
dependencies:
axios: 1.12.2(debug@4.4.1)
axios: 1.13.5(debug@4.4.1)
dayjs: 1.11.13
https-proxy-agent: 5.0.1
jsonwebtoken: 9.0.2