chore(deps): update dependency react-dev-utils to 11.0.4 [security] #134
Conversation
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
|
❌ Deploy Preview for apollo-router-docs failed. 🔨 Explore the source changes: 4db9265 🔍 Inspect the deploy log: https://app.netlify.com/sites/apollo-router-docs/deploys/618ec331e60d6c00089d1a62 |
|
federation docs run gatsby This will allow the docs team to not be stuck trying to understand each repository's specifics, and we will bump the docs org wise once the deams decides to do so. |
Renovate Ignore NotificationAs this PR has been closed unmerged, Renovate will now ignore this update (11.0.4). You will still receive a PR once a newer version is released, so if you wish to permanently ignore this dependency, please add it to the If this PR was closed by mistake or you changed your mind, you can simply rename this PR and you will soon get a fresh replacement PR opened. |
### Configure AWS sigv4 authentication for subgraph requests Secure your router to subgraph communication on AWS using [Signature Version 4](https://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html) (Sigv4)! This changeset provides you with a way to set up hardcoded credentials, as well as a default provider chain. We recommend using the default provider chain configuration. Full use example: ```yaml authentication: subgraph: all: # configuration that will apply to all subgraphs aws_sig_v4: default_chain: profile_name: "my-test-profile" # https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#ec2-instance-profile region: "us-east-1" # https://docs.aws.amazon.com/general/latest/gr/rande.html service_name: "lambda" # https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_aws-services-that-work-with-iam.html assume_role: # https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html role_arn: "test-arn" session_name: "test-session" external_id: "test-id" subgraphs: products: aws_sig_v4: hardcoded: # Not recommended, prefer using default_chain as shown above access_key_id: "my-access-key" secret_access_key: "my-secret-access-key" region: "us-east-1" service_name: "vpc-lattice-svcs" # "s3", "lambda" etc. ``` Full documentation can be found in the [router documentation](https://www.apollographql.com/docs/router/configuration/authn-subgraph).
This PR contains the following updates:
4.2.3->11.0.4GitHub Vulnerability Alerts
CVE-2021-24033
react-dev-utils prior to v11.0.4 exposes a function, getProcessForPort, where an input argument is concatenated into a command string to be executed. This function is typically used from react-scripts (in Create React App projects), where the usage is safe. Only when this function is manually invoked with user-provided values (ie: by custom code) is there the potential for command injection. If you're consuming it from react-scripts then this issue does not affect you.
Configuration
📅 Schedule: "" (UTC).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.