chore: bump up graphql version to v16.8.1 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
graphql	16.6.0 -> 16.8.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

GitHub Vulnerability Alerts

CVE-2023-26144

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.

Note: It was not proven that this vulnerability can crash the process.

---

Release Notes

graphql/graphql-js (graphql)

v16.8.1

Compare Source

v16.8.1 (2023-09-19)

Bug Fix 🐞

• #​3967 OverlappingFieldsCanBeMergedRule: Fix performance degradation (@​AaronMoat)

Committers: 1

• Aaron Moat(@​AaronMoat)

v16.8.0

Compare Source

v16.8.0 (2023-08-14)

New Feature 🚀

• #​3950 Support fourfold nested lists (@​gschulze)

Committers: 1

• Gunnar Schulze(@​gschulze)

v16.7.1

Compare Source

v16.7.1 (2023-06-22)

📢 Big shout out to @​phryneas, who managed to reproduce this issue and come up with this fix.

Bug Fix 🐞

• #​3923 instanceOf: workaround bundler issue with process.env (@​IvanGoncharov)

Committers: 1

• Ivan Goncharov(@​IvanGoncharov)

v16.7.0

Compare Source

v16.7.0 (2023-06-21)

New Feature 🚀

• #​3887 check "globalThis.process" before accessing it (@​kettanaito)

Bug Fix 🐞

• #​3707 Fix crash in node when mixing sync/async resolvers (backport of #​3706) (@​chrskrchr)
• #​3838 Fix/invalid error propagation custom scalars (backport for 16.x.x) (@​stenreijers)

Committers: 3

• Artem Zakharchenko(@​kettanaito)
• Chris Karcher(@​chrskrchr)
• Sten Reijers(@​stenreijers)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[perfsee]

perfsee

Bundle main

diff ------------------- Bundle Size Diff -------------------------

@@                       EntryPoint: main                        @@
##                       main …vulnerability                 +/- ##
===================================================================
= Bundle              3.11 MB        3.11 MB                       
= Initial JS          1.12 MB        1.12 MB                       
= Initial CSS             0 B            0 B                       
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~#
= Assets                   76             76                       
= Chunks                   75             75                       
= Packages                 79             79                       
= Duplicates                0              0                       

[codecov]

Codecov Report

Merging #484 (ca88d85) into main (c8fdb9e) will decrease coverage by 0.05%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##             main     #484      +/-   ##
==========================================
- Coverage   79.79%   79.75%   -0.05%     
==========================================
  Files         404      404              
  Lines       37359    37359              
  Branches     2301     2300       -1     
==========================================
- Hits        29811    29794      -17     
- Misses       7348     7365      +17     
  Partials      200      200              

see 4 files with indirect coverage changes