Skip to content

chore: upgrade codemirror-graphql from 1.0.2 to 2.2.4 #604

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
llimllib wants to merge 4 commits into
base: main
Choose a base branch
from
Open

chore: upgrade codemirror-graphql from 1.0.2 to 2.2.4 #604

llimllib wants to merge 4 commits into from

Conversation

@llimllib
Copy link

@llimllib llimllib commented Jan 9, 2026
edited
Loading

🚥 Resolves ISSUE_ID

🧰 Changes

We had a vulnerability in 'ws', which was brought in by codemirror-graphql,
reported in mdx-renderer, so upgrade that library. Following the upgrade,
it no longer has a dependency on ws, which is nice

  • also make a tiny fix in the syntax for the ci github action
  • add jsdom as a devDep because the tests won't run otherwise

cf https://github.com/readmeio/mdx-renderer/pull/283

🧬 QA & Testing

All I did was run the tests, verify that they passed, and that they included a graphql test

@llimllib
chore: upgrade codemirror-graphql from 1.0.2 to 2.2.4
26e5381 
We had a vulnerability in 'ws', which was brought in by codemirror-graphql,
reported in mdx-renderer, so upgrade that library. Following the upgrade,
it no longer has a dependency on ws, which is nice
@llimllib llimllib requested a review from erunion as a code owner January 9, 2026 18:09
@llimllib
Copy link
Author

llimllib commented Jan 9, 2026

I'm not sure why I'm getting the package-lock failure, I am using node 22.21 to create it?

domharrington
domharrington approved these changes Jan 9, 2026
View reviewed changes
Copy link
Member

@domharrington domharrington left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hell yeah! The best dependency is no dependency.

@llimllib
Copy link
Author

llimllib commented Jan 9, 2026

The CI is not running and I don't know why not

@llimllib
Copy link
Author

llimllib commented Jan 9, 2026

Oh actually it seems to have failed but is just spinning? weird

@llimllib
Copy link
Author

llimllib commented Jan 9, 2026

I'm going to leave this open until Jon can review it, this seems like his project

@erunion
Copy link
Member

erunion commented Jan 10, 2026

Poured through our graphql dependencies in the main app and everything looks to allow either v15 or v16 so this should be fine. will publish and test on monday

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@domharrington domharrington domharrington approved these changes

@erunion erunion Awaiting requested review from erunion erunion is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@llimllib @erunion @domharrington