Skip to content

fix: Security upgrade @apollo/server from 4.12.1 to 4.13.0#10082

Merged
mtrezza merged 5 commits intoparse-community:release-8.x.xfrom
rjcodedev:release-8.x.x
Mar 31, 2026
Merged

fix: Security upgrade @apollo/server from 4.12.1 to 4.13.0#10082
mtrezza merged 5 commits intoparse-community:release-8.x.xfrom
rjcodedev:release-8.x.x

Conversation

@rjcodedev
Copy link
Copy Markdown

@rjcodedev rjcodedev commented Feb 28, 2026
edited by coderabbitai bot
Loading

Pull Request

Issue

@apollo/server  4.2.0 - 4.12.2
Severity: high
Apollo Serve vulnerable to Denial of Service with `startStandaloneServer` - https://github.com/advisories/GHSA-mp6q-xf9x-fwf7
fix available via `npm audit fix --force`
Will install parse-server@9.2.0, which is a breaking change
node_modules/@apollo/server
  parse-server  2.2.14 - 9.2.0-alpha.2
  Depends on vulnerable versions of @apollo/server
  Depends on vulnerable versions of lodash
  node_modules/parse-server

Closes: 10037

Summary by CodeRabbit

  • Chores
    • Released patch version update (8.6.3 → 8.6.4)
    • Updated server dependency to latest compatible version

@rjcodedev
Update package.json
5cc3ab0 
Signed-off-by: Prafull <87638003+rjcodedev@users.noreply.github.com>
@rjcodedev
Update package-lock.json
0eedba1 
Signed-off-by: Prafull <87638003+rjcodedev@users.noreply.github.com>
@parse-github-assistant
Copy link
Copy Markdown

parse-github-assistant bot commented Feb 28, 2026

🚀 Thanks for opening this pull request!

@coderabbitai
Copy link
Copy Markdown

coderabbitai bot commented Feb 28, 2026
edited
Loading

Important

Review skipped

Auto reviews are disabled on base/target branches other than the default branch.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 08f08026-f152-455c-b6b0-b105ed896862

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@parseplatformorg
Copy link
Copy Markdown
Contributor

parseplatformorg commented Feb 28, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@rjcodedev rjcodedev mentioned this pull request Feb 28, 2026
Open
mtrezza
mtrezza reviewed Feb 28, 2026
View reviewed changes
coderabbitai[bot]
coderabbitai bot previously approved these changes Feb 28, 2026
View reviewed changes
@rjcodedev
Update package.json
e25dafe 
Signed-off-by: Prafull <87638003+rjcodedev@users.noreply.github.com>
@rjcodedev
Update package-lock.json
e2e1bdb 
Signed-off-by: Prafull <87638003+rjcodedev@users.noreply.github.com>
@rjcodedev
Copy link
Copy Markdown
Author

rjcodedev commented Feb 28, 2026

Hey @mtrezza ,

Please check now.

@codecov
Copy link
Copy Markdown

codecov bot commented Feb 28, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.44%. Comparing base (053109b) to head (1766966).
⚠️ Report is 3 commits behind head on release-8.x.x.

Additional details and impacted files 
@@              Coverage Diff               @@
##           release-8.x.x   #10082   +/-   ##
==============================================
  Coverage          92.44%   92.44%           
==============================================
  Files                192      192           
  Lines              16120    16120           
  Branches             226      226           
==============================================
  Hits               14902    14902           
  Misses              1196     1196           
  Partials              22       22

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@mtrezza mtrezza merged commit 18a1560 into parse-community:release-8.x.x Mar 31, 2026
25 of 28 checks passed
parseplatformorg pushed a commit that referenced this pull request Mar 31, 2026
@semantic-release-bot
chore(release): 8.6.72 [skip ci]
8191b6d 
## [8.6.72](8.6.71...8.6.72) (2026-03-31)

### Bug Fixes

* Security upgrade @apollo/server from 4.12.1 to 4.13.0 ([#10082](#10082)) ([18a1560](18a1560))
@parseplatformorg
Copy link
Copy Markdown
Contributor

parseplatformorg commented Mar 31, 2026

🎉 This change has been released in version 8.6.72

@parseplatformorg parseplatformorg added the state:released-8.x.x Released as LTS version label Mar 31, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mtrezza mtrezza mtrezza left review comments

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees

No one assigned

Labels

state:released-8.x.x Released as LTS version

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rjcodedev @parseplatformorg @mtrezza