GHSA-9w87-4j72-gcv7

Опубликовано: 02 сент. 2020

Источник: github

Github: Прошло ревью

Описание

Insecure Default Configuration in graphql-code-generator

Versions of graphql-code-generator prior to 0.18.2 have an Insecure Default Configuration. The packages sets NODE_TLS_REJECT_UNAUTHORIZED to 0, disabling certificate verification for the entire project. This results in Insecure Communication for the process.

Recommendation

Upgrade to version 0.18.2 or later.

Ссылки

https://github.com/dotansimha/graphql-code-generator/issues/1806
https://www.npmjs.com/advisories/834

Пакеты

Наименование

graphql-code-generator

npm

Затронутые версииВерсия исправления

< 0.18.2

0.18.2