If you self host Hive the supergraph is not exposed through any endpoint which blocks you from using it in a gateway such as the ones described here: https://docs.graphql-hive.com/features/registry-usage

Adds support for:

1. configuring the logger level via the LOG_LEVEL env var
2. request logging (Fixes #593). a. ~Can be disabled with LOG_DISABLE_REQUEST_LOGGING~ b. really simple and lightweight format. Personally, i found the built-in request logging too awkward and this plugin to be a bit more than what I'm looking for.

example logs from running (dockerized) locally:

server_1          | {"level":30,"time":1668522424590,"pid":1,"hostname":"5b5d04c96b55","msg":"[200] (172.19.0.11) POST /graphql 'organizationActivities' (+6CDHcG1SB+PXYOPpJiD1A/0000000004)"}

What do we show currently?

• total number of requests
• requests per minute
• number of unique operations
• success and failure rates
• p90, p95, p99 of latency
• top 5 clients names (with number of requests)
• top 5 client versions (with number of requests)
• operations over time (total and failures)
• RPM over time
• latency over time
• latency histogram (super heavy)
• list of unique operations (with p90, p95, p99, number of requests, failure rate)

What filters do we have?

• date range
• operations

What filters do we want to have?

• client names
• date range
• operations (if the number of selected operations is greater than half, let's use NOT IN (not-selected-list)

What else do we want to show?

• hide histogram
• dedicated page for a single operation

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | fastify-cors | 6.0.2 -> 6.1.0 | | | | |

Release Notes

Configuration

📅 Schedule: Branch creation - "after 8pm,before 8:00am" in timezone Europe/Warsaw, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

• [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

First of all, I wanted to say how much I appreciate the Docker Compose file you've put together.

I've been following the instructions at https://docs.graphql-hive.com/self-hosting/get-started and found that, once I give supertokens an API key longer than 20 characters (this also needs updating in your docs) and sign up/in, I'm always greeted with the following screen;

At the same time, a big red error is thrown in the server container. Here's the full log

[hive] is not enabled.
{"level":30,"time":1665948830035,"pid":1,"hostname":"67e225610f13","msg":"Service \"graphql-api\" is ready"}
{"level":30,"time":1665948830037,"pid":1,"hostname":"67e225610f13","msg":"Server listening at http://0.0.0.0:3001"}
{"level":20,"time":1665948830039,"pid":1,"hostname":"67e225610f13","msg":"Redis connection established"}
{"level":30,"time":1665948830040,"pid":1,"hostname":"67e225610f13","msg":"Redis connection ready"}
{"level":20,"time":1665948847104,"pid":1,"hostname":"67e225610f13","msg":"Running idempotent job (id=user:create:676c4f3b-00a5-4587-b754-e85355510037, traceId=baf81cc3d30a7) - (requestId=vJKdugLgQIqwQlRORDfgaA/0000000000)"}
{"level":20,"time":1665948847104,"pid":1,"hostname":"67e225610f13","msg":"Starting new job (id=user:create:676c4f3b-00a5-4587-b754-e85355510037, traceId=baf81cc3d30a7, attempt=1) - (requestId=vJKdugLgQIqwQlRORDfgaA/0000000000)"}
{"level":20,"time":1665948847109,"pid":1,"hostname":"67e225610f13","msg":"Fetching organizations - (requestId=vJKdugLgQIqwQlRORDfgaA/0000000001)"}
{"level":20,"time":1665948847110,"pid":1,"hostname":"67e225610f13","msg":"Running idempotent job (id=user:create:676c4f3b-00a5-4587-b754-e85355510037, traceId=9113001d92cc3) - (requestId=vJKdugLgQIqwQlRORDfgaA/0000000001)"}
{"level":20,"time":1665948847110,"pid":1,"hostname":"67e225610f13","msg":"Starting new job (id=user:create:676c4f3b-00a5-4587-b754-e85355510037, traceId=9113001d92cc3, attempt=1) - (requestId=vJKdugLgQIqwQlRORDfgaA/0000000001)"}
{"level":20,"time":1665948847110,"pid":1,"hostname":"67e225610f13","msg":"Job not found (id=user:create:676c4f3b-00a5-4587-b754-e85355510037, traceId=baf81cc3d30a7, attempt=1) - (requestId=vJKdugLgQIqwQlRORDfgaA/0000000000)"}
{"level":20,"time":1665948847110,"pid":1,"hostname":"67e225610f13","msg":"Trying to create a job (id=user:create:676c4f3b-00a5-4587-b754-e85355510037, traceId=baf81cc3d30a7, attempt=1) - (requestId=vJKdugLgQIqwQlRORDfgaA/0000000000)"}
{"level":20,"time":1665948847111,"pid":1,"hostname":"67e225610f13","msg":"Job not found (id=user:create:676c4f3b-00a5-4587-b754-e85355510037, traceId=9113001d92cc3, attempt=1) - (requestId=vJKdugLgQIqwQlRORDfgaA/0000000001)"}
{"level":20,"time":1665948847111,"pid":1,"hostname":"67e225610f13","msg":"Trying to create a job (id=user:create:676c4f3b-00a5-4587-b754-e85355510037, traceId=9113001d92cc3, attempt=1) - (requestId=vJKdugLgQIqwQlRORDfgaA/0000000001)"}
{"level":20,"time":1665948847123,"pid":1,"hostname":"67e225610f13","msg":"Job is pending (id=user:create:676c4f3b-00a5-4587-b754-e85355510037, traceId=9113001d92cc3) - (requestId=vJKdugLgQIqwQlRORDfgaA/0000000001)"}
{"level":20,"time":1665948847123,"pid":1,"hostname":"67e225610f13","msg":"Starting new job (id=user:create:676c4f3b-00a5-4587-b754-e85355510037, traceId=9113001d92cc3, attempt=2) - (requestId=vJKdugLgQIqwQlRORDfgaA/0000000001)"}
{"level":20,"time":1665948847124,"pid":1,"hostname":"67e225610f13","msg":"Job created (id=user:create:676c4f3b-00a5-4587-b754-e85355510037, traceId=baf81cc3d30a7, attempt=1) - (requestId=vJKdugLgQIqwQlRORDfgaA/0000000000)"}
{"level":20,"time":1665948847124,"pid":1,"hostname":"67e225610f13","msg":"Executing job (id=user:create:676c4f3b-00a5-4587-b754-e85355510037, traceId=baf81cc3d30a7, attempt=1) - (requestId=vJKdugLgQIqwQlRORDfgaA/0000000000)"}
{"level":20,"time":1665948847126,"pid":1,"hostname":"67e225610f13","msg":"Awaiting job (id=user:create:676c4f3b-00a5-4587-b754-e85355510037, traceId=9113001d92cc3, time=0) - (requestId=vJKdugLgQIqwQlRORDfgaA/0000000001)"}
{"context":{"package":"slonik","poolId":"Yt6aBGjkQMq4bQkC5tUtRA-0","logLevel":20,"stats":{"idleConnectionCount":0,"totalConnectionCount":1,"waitingRequestCount":0}},"message":"created a new client connection","sequence":"0","time":1665948847185,"version":"2.0.0"}
{"context":{"package":"slonik","poolId":"Yt6aBGjkQMq4bQkC5tUtRA-0","logLevel":20,"stats":{"idleConnectionCount":0,"totalConnectionCount":1,"waitingRequestCount":0}},"message":"client is checked out from the pool","sequence":"1","time":1665948847186,"version":"2.0.0"}
{"context":{"package":"slonik","poolId":"Yt6aBGjkQMq4bQkC5tUtRA-0","connectionId":"Yt6aBGjkQMq4bQkC5tUtRA-1","queryId":"Yt6aBGjkQMq4bQkC5tUtRA-2","logLevel":20,"sql":"\n        SELECT\n          *\n        FROM\n          public.\"users\"\n        WHERE\n          \"supertoken_user_id\" = $1\n        LIMIT 1\n      ","values":["676c4f3b-00a5-4587-b754-e85355510037"]},"message":"executing query","sequence":"2","time":1665948847187,"version":"2.0.0"}
{"context":{"package":"slonik","poolId":"Yt6aBGjkQMq4bQkC5tUtRA-0","connectionId":"Yt6aBGjkQMq4bQkC5tUtRA-1","queryId":"Yt6aBGjkQMq4bQkC5tUtRA-2","logLevel":20,"executionTime":"22ms","rowCount":null},"message":"query execution result","sequence":"3","time":1665948847211,"version":"2.0.0"}
{"level":30,"time":1665948847213,"pid":1,"hostname":"67e225610f13","msg":"Creating new user (input={\"superTokensUserId\":\"676c4f3b-00a5-4587-b754-e85355510037\",\"externalAuthUserId\":null,\"email\":\"[email protected]\"}) - (requestId=vJKdugLgQIqwQlRORDfgaA/0000000000)"}
{"context":{"package":"slonik","poolId":"Yt6aBGjkQMq4bQkC5tUtRA-0","logLevel":20,"stats":{"idleConnectionCount":0,"totalConnectionCount":1,"waitingRequestCount":0}},"message":"client is checked out from the pool","sequence":"4","time":1665948847215,"version":"2.0.0"}
{"context":{"package":"slonik","poolId":"Yt6aBGjkQMq4bQkC5tUtRA-0","connectionId":"Yt6aBGjkQMq4bQkC5tUtRA-3","queryId":"Yt6aBGjkQMq4bQkC5tUtRA-4","logLevel":20,"sql":"\n            INSERT INTO public.users\n              (\"email\", \"supertoken_user_id\", \"full_name\", \"display_name\", \"external_auth_user_id\")\n            VALUES\n              ($1, $2, $3, $4, $5)\n            RETURNING *\n          ","values":["[email protected]","676c4f3b-00a5-4587-b754-e85355510037","milesbardon","milesbardon",null]},"message":"executing query","sequence":"5","time":1665948847216,"version":"2.0.0"}
{"context":{"package":"slonik","poolId":"Yt6aBGjkQMq4bQkC5tUtRA-0","connectionId":"Yt6aBGjkQMq4bQkC5tUtRA-3","queryId":"Yt6aBGjkQMq4bQkC5tUtRA-4","logLevel":20,"executionTime":"18ms","rowCount":1},"message":"query execution result","sequence":"6","time":1665948847234,"version":"2.0.0"}
{"level":20,"time":1665948847235,"pid":1,"hostname":"67e225610f13","msg":"Marking job as completed (id=user:create:676c4f3b-00a5-4587-b754-e85355510037, traceId=baf81cc3d30a7, attempt=1) - (requestId=vJKdugLgQIqwQlRORDfgaA/0000000000)"}
{"level":20,"time":1665948847236,"pid":1,"hostname":"67e225610f13","msg":"Job completed (id=user:create:676c4f3b-00a5-4587-b754-e85355510037, traceId=baf81cc3d30a7) - (requestId=vJKdugLgQIqwQlRORDfgaA/0000000000)"}
Flag "startTransaction" is enabled but Sentry failed to find a transaction.
Try to create a transaction before GraphQL execution phase is started.
Flag "startTransaction" is enabled but Sentry failed to find a transaction.
Try to create a transaction before GraphQL execution phase is started.
❌   🧘 Yoga -   NotFoundError: Resource not found.
    at many (file:///usr/src/app/index.js:151706:15)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at async createConnection (file:///usr/src/app/index.js:154218:18)
    at async Object.getOrganizations (file:///usr/src/app/index.js:204124:23)
    at async Promise.all (index 0)
    at async file:///usr/src/app/index.js:205917:17
    at async YogaServer.getResultForParams (file:///usr/src/app/index.js:208740:18)
    at async YogaServer.getResponse (file:///usr/src/app/index.js:208804:16)
    at async YogaServer.handle (file:///usr/src/app/index.js:208517:26)
    at async file:///usr/src/app/index.js:210566:24 {
  path: [ 'organizations' ],
  locations: [ { line: 2, column: 3 } ],
  extensions: [Object: null prototype] {}
} 
{"level":20,"time":1665948847629,"pid":1,"hostname":"67e225610f13","msg":"Resolving the job (id=user:create:676c4f3b-00a5-4587-b754-e85355510037, traceId=9113001d92cc3, attempt=2, status=COMPLETED) - (requestId=vJKdugLgQIqwQlRORDfgaA/0000000001)"}
{"context":{"package":"slonik","poolId":"Yt6aBGjkQMq4bQkC5tUtRA-0","logLevel":20,"stats":{"idleConnectionCount":0,"totalConnectionCount":1,"waitingRequestCount":0}},"message":"client is checked out from the pool","sequence":"7","time":1665948847630,"version":"2.0.0"}
{"context":{"package":"slonik","poolId":"Yt6aBGjkQMq4bQkC5tUtRA-0","connectionId":"Yt6aBGjkQMq4bQkC5tUtRA-5","queryId":"Yt6aBGjkQMq4bQkC5tUtRA-6","logLevel":20,"sql":"\n          SELECT o.*\n          FROM public.organizations as o\n          LEFT JOIN public.organization_member as om ON (om.organization_id = o.id)\n          WHERE om.user_id = $1\n          ORDER BY o.created_at DESC\n        ","values":["64980911-0d2d-40cc-9f0f-5b3327b52d4b"]},"message":"executing query","sequence":"8","time":1665948847632,"version":"2.0.0"}
{"context":{"package":"slonik","poolId":"Yt6aBGjkQMq4bQkC5tUtRA-0","connectionId":"Yt6aBGjkQMq4bQkC5tUtRA-5","queryId":"Yt6aBGjkQMq4bQkC5tUtRA-6","logLevel":20,"executionTime":"30ms","rowCount":null},"message":"query execution result","sequence":"9","time":1665948847662,"version":"2.0.0"}
{"context":{"package":"slonik","poolId":"Yt6aBGjkQMq4bQkC5tUtRA-0","connectionId":"Yt6aBGjkQMq4bQkC5tUtRA-5","logLevel":50,"queryId":"Yt6aBGjkQMq4bQkC5tUtRA-6"},"message":"NotFoundError","sequence":"10","time":1665948847662,"version":"2.0.0"}
{"context":{"package":"slonik","poolId":"Yt6aBGjkQMq4bQkC5tUtRA-0","logLevel":20,"stats":{"idleConnectionCount":0,"totalConnectionCount":0,"waitingRequestCount":0}},"message":"client connection is closed and removed from the client pool","sequence":"11","time":1665948847663,"version":"2.0.0"}

Would you be able to help me understand where I've gone wrong? The docker-compose config is exactly as specified in your documentation, without any changes (after running the config command to inject the env variables)

1. create an API token as described in Managing Tokens (as shown in the last screen shot there this is an API token). Copy it's value (YOUR-TOKEN will be used as the value for this issue).
2. Hook up the Hive Client in an express app as described in Other Servers.

const hive = createHive({
  enabled: true,
  debug: true,
  token: 'YOUR-TOKEN',
  usage: true
})

3. Run the server with hive client configured.
4. In logs i can observe [hive][usage] Failed to send data (HTTP status 400): Authentication failed..

When changing the header from Authentication: Bearer YOUR-TOKEN to be 'X-API-Token': YOUR-TOKEN, then i can see that usage statistics are successfully sent to target in the cloud hive. And the Operation tab statistics are updated correctly. I did this since this is how i was able to send usage data via REST (as described in documentation).

I am using latest version of hive-client dependency (npm i @graphql-hive/[email protected]).

The question is: should i encode (somehow) my YEAR-TOKEN with JWT?

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | bullmq | 3.5.1 -> 3.5.3 | | | | |

Release Notes

Configuration

📅 Schedule: Branch creation - "after 8pm,before 8:00am" in timezone Europe/Warsaw, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

• [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

This PR contains the following updates:

| Package | Type | Update | Change | |---|---|---|---| | postgres | service | minor | 13.1-alpine -> 13.9-alpine | | postgres | | minor | 13.4-alpine -> 13.9-alpine |

Configuration

📅 Schedule: Branch creation - "after 8pm,before 8:00am" in timezone Europe/Warsaw, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

• [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | @slonik/migrator (source) | 0.8.5 -> 0.11.3 | | | | | | slonik | 30.1.2 -> 30.4.4 | | | | |

Release Notes

Configuration

📅 Schedule: Branch creation - "after 8pm,before 8:00am" in timezone Europe/Warsaw, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

• [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

After running yarn setup, when I checked containers I observed the Kafka related container crashed.

Getting the below error in the container logs:

===> User
uid=1000(appuser) gid=1000(appuser) groups=1000(appuser)
===> Configuring ...
===> Running preflight checks ... 
===> Check if /var/lib/kafka/data is writable ...
Command [/usr/local/bin/dub path /var/lib/kafka/data writable] FAILED !

It seems there is an issue with Kafka, you can go through issue similar to this.

Hello, when running hive schema:publish /path/to/schema I get the following error:

 ❯ hive schema:publish
 ›   ModuleLoadError: [MODULE_NOT_FOUND] require failed to load /path/to/project/node_modules/@graphql-hive/cli/dist/commands/schema/publish.js
 ›   Code: MODULE_NOT_FOUND

 ❯ hive --version
@graphql-hive/cli/0.14.6 darwin-arm64 node-v16.13.0

I have no clue what is happening here... I have installed "@graphql-hive/cli": "^0.14.6" as a dev dependency using Yarn. Ran yarn install and even yarn upgrade to see if that changes anything but no. Also tried version 0.13.0 but that didn't make a difference.

The file mentioned in the error exists on disk and looks complete enough.

It's also not only for schema:publish but for any command, I can execute hive schema en see the help for the available commands but any actual command is throwing a similar error with the exception for hive update and hive help which seem to function correctly.

Any clue what I'm missing here?

Vulnerable Library - @hive/webhooks-0.0.0.tgz

Path to dependency file: /package.json

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Vulnerabilities

| CVE | Severity | CVSS | Dependency | Type | Fixed in (@hive/webhooks version) | Remediation Available | | ------------- | ------------- | ----- | ----- | ----- | ------------- | --- | | CVE-2023-22467 | High | 7.5 | luxon-3.0.4.tgz | Transitive | N/A* | ❌ |

*For some transitive vulnerabilities, there is no version of direct dependency with a fix. Check the section "Details" below to see if there is a version of transitive dependency where vulnerability is fixed.

Details

CVE-2023-22467

Vulnerable Library - luxon-3.0.4.tgz

Immutable date wrapper

Library home page: https://registry.npmjs.org/luxon/-/luxon-3.0.4.tgz

Dependency Hierarchy:

• @hive/webhooks-0.0.0.tgz (Root Library)
  • bullmq-3.5.3.tgz
    • cron-parser-4.6.0.tgz
      • :x: luxon-3.0.4.tgz (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

Luxon is a library for working with dates and times in JavaScript. On the 1.x branch prior to 1.38.1, the 2.x branch prior to 2.5.2, and the 3.x branch on 3.2.1, Luxon's `DateTime.fromRFC2822() has quadratic (N^2) complexity on some specific inputs. This causes a noticeable slowdown for inputs with lengths above 10k characters. Users providing untrusted data to this method are therefore vulnerable to (Re)DoS attacks. This issue also appears in Moment as CVE-2022-31129. Versions 1.38.1, 2.5.2, and 3.2.1 contain patches for this issue. As a workaround, limit the length of the input.

Publish Date: 2023-01-04

URL: CVE-2023-22467

CVSS 3 Score Details (7.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: None
  • Integrity Impact: None
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/moment/luxon/security/advisories/GHSA-3xq5-wjfh-ppjc

Release Date: 2023-01-04

Fix Resolution: luxon - 1.28.1,2.5.2,3.2.1

Step up your Open Source Security Game with Mend here

Make it super easy to create a token dedicated for a job.

• hive schema:publish needs registry:read-write
• hive schema:check requires registry:read-only (or of course registry:read-write)
• hive schema:delete needs registry:read-write
• Usage reporting works with registry:read-write

I guess we could have "presets" in the Token Creation modal or some other solution.

Vulnerable Library - core-7.20.7.tgz

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Vulnerabilities

| CVE | Severity | CVSS | Dependency | Type | Fixed in (core version) | Remediation Available | | ------------- | ------------- | ----- | ----- | ----- | ------------- | --- | | CVE-2022-46175 | High | 8.8 | json5-2.2.1.tgz | Transitive | 7.20.12 | ❌ |

Details

CVE-2022-46175

Vulnerable Library - json5-2.2.1.tgz

JSON for humans.

Library home page: https://registry.npmjs.org/json5/-/json5-2.2.1.tgz

Dependency Hierarchy:

• core-7.20.7.tgz (Root Library)
  • :x: json5-2.2.1.tgz (Vulnerable Library)

Found in HEAD commit: 40a4cd39ffbba3ad066aec50316a018b1c1b1f3c

Found in base branch: main

Vulnerability Details

JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The parse method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named __proto__, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by JSON5.parse and not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from JSON5.parse. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution. JSON5.parse should restrict parsing of __proto__ keys when parsing JSON strings to objects. As a point of reference, the JSON.parse method included in JavaScript ignores __proto__ keys. Simply changing JSON5.parse to JSON.parse in the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2, 2.2.2, and later.

Publish Date: 2022-12-24

URL: CVE-2022-46175

CVSS 3 Score Details (8.8)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: High
  • Integrity Impact: High
  • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://www.cve.org/CVERecord?id=CVE-2022-46175

Release Date: 2022-12-24

Fix Resolution (json5): 2.2.2

Direct dependency fix Resolution (@babel/core): 7.20.12

Step up your Open Source Security Game with Mend here

• Drop itty-router in favor of @whatwg-node/router
• Remove polyfills in favor of ponyfills
• Use withErrorHandling middleware instead of try/catch inside the fetch event listener.
• Put sentry into the server context