graphql-playground-middleware-koa
Advanced tools
Comparing version 1.6.14 to 1.6.15
{ | ||
"name": "graphql-playground-middleware-koa", | ||
"version": "1.6.14", | ||
"version": "1.6.15", | ||
"homepage": "https://github.com/graphcool/graphql-playground/tree/master/packages/graphql-playground-middleware-koa", | ||
@@ -43,4 +43,3 @@ "description": "GraphQL IDE for better development workflows (GraphQL Subscriptions, interactive docs & collaboration).", | ||
"graphql-playground-html": "1.6.19" | ||
}, | ||
"playgroundVersion": "1.7.23" | ||
} | ||
} |
# graphql-playground-middleware-koa | ||
> Koa middleware to expose an endpoint for the GraphQL Playground IDE | ||
> **SECURITY NOTE**: All versions of `graphql-playground-koa` until `1.6.15` or later have a security vulnerability when unsanitized user input is used while invoking `koaPlayground()`. [Read more below](#security-notes) | ||
@@ -32,1 +34,15 @@ ## Installation | ||
``` | ||
## Security Notes | ||
All versions before `1.6.15` were vulnerable to user-defined input to `koaPlayground()`. Read more in [the security notes](https://github.com/prisma/graphql-playground/tree/master/SECURITY.md) | ||
### Security Upgrade Steps | ||
To fix the issue, you can upgrade to `1.6.15` or later. If you aren't able to upgrade, see the security notes for a workaround. | ||
**yarn:** | ||
`yarn add graphql-playground-koa@^1.6.15` | ||
**npm:** | ||
`npm install --save graphql-playground-koa@^1.6.15` |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
7136
48