You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Please provide a gif or image of the issue for a quicker response/fix.
# npm audit report
graphiql 0.5.0 - 1.4.7-canary-85a66743.0
Severity: high
GraphiQL introspection schema template injection attack - https://github.com/advisories/GHSA-x4r7-m2q9-69c8
Depends on vulnerable versions of markdown-it
No fix available
node_modules/graphiql
graphql-playground-react *
Depends on vulnerable versions of graphiql
node_modules/graphql-playground-react
markdown-it <12.3.2
Severity: moderate
Uncontrolled Resource Consumption in markdown-it - https://github.com/advisories/GHSA-6vfc-qv3f-vr6c
No fix available
node_modules/graphiql/node_modules/markdown-it
graphiql 0.5.0 - 1.4.7-canary-85a66743.0
Depends on vulnerable versions of markdown-it
node_modules/graphiql
graphql-playground-react *
Depends on vulnerable versions of graphiql
node_modules/graphql-playground-react
node-fetch <=2.6.6
Severity: high
The `size` option isn't honored after following a redirect in node-fetch - https://github.com/advisories/GHSA-w7rc-rwvf-8q5r
node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor - https://github.com/advisories/GHSA-r683-j2x4-v87g
fix available via `npm audit fix`
node_modules/isomorphic-fetch/node_modules/node-fetch
isomorphic-fetch 2.0.0 - 2.2.1
Depends on vulnerable versions of node-fetch
node_modules/isomorphic-fetch
fbjs 0.7.0 - 1.0.0
Depends on vulnerable versions of isomorphic-fetch
node_modules/fbjs
react 0.15.0-alpha.1 - 16.4.2
Depends on vulnerable versions of fbjs
node_modules/react
react-dom 0.15.0-alpha.1 - 16.4.2
Depends on vulnerable versions of fbjs
Depends on vulnerable versions of react
node_modules/react-dom
react-codemirror >=1.0.0
Depends on vulnerable versions of react-dom
node_modules/react-codemirror
9 vulnerabilities (5 low, 1 moderate, 3 high)
The text was updated successfully, but these errors were encountered:
This issue pertains to the following package(s):
What OS and OS version are you experiencing the issue(s) on?
N/A
What version of graphql-playground(-electron/-middleware) are you experiencing the issue(s) on?
1.7.28
What is the expected behavior?
There should be no security warnings from GitHub/npm.
What is the actual behavior?
[email protected]
has the following advisory: GHSA-x4r7-m2q9-69c8.It also pulls in a version of
markdown-it
with GHSA-6vfc-qv3f-vr6cAdditionally, the version this module depends on of
isomorphic-fetch
pulls in anode-fetch
with GHSA-r683-j2x4-v87g & GHSA-w7rc-rwvf-8q5rWhat steps may we take to reproduce the behavior?
npm install graphql-playground-react && npm audit
Please provide a gif or image of the issue for a quicker response/fix.
The text was updated successfully, but these errors were encountered: