Skip to content

refactor: Bump linkify-it and graphiql#3377

Open
dependabot[bot] wants to merge 1 commit into
alphafrom
dependabot/npm_and_yarn/multi-52b974dfa9
Open

refactor: Bump linkify-it and graphiql#3377
dependabot[bot] wants to merge 1 commit into
alphafrom
dependabot/npm_and_yarn/multi-52b974dfa9

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Bumps linkify-it to 5.0.2 and updates ancestor dependency graphiql. These dependencies need to be updated together.

Updates linkify-it from 3.0.3 to 5.0.2

Changelog

Sourced from linkify-it's changelog.

5.0.2 / 2026-07-02

  • Fixed DoS in mailto: links (restrict user name to 64 chars).
  • Restricted user/pass part length in links.

5.0.1 / 2026-05-23

  • Fixed DoS in fuzzy links/emails search.
  • Reworked search logic - check each pattern separate, use g regexes instead of slice.
  • Removed internal cache - useless overcomplication.

5.0.0 / 2023-12-01

  • Rewrite to ESM.

4.0.1 / 2022-05-02

  • Fix http:// incorrectly returned as a link by matchStart.

4.0.0 / 2022-04-22

  • Add matchAtStart method to match full URLs at the start of the string.
  • Fixed paired symbols ((), {}, "", etc.) after punctuation.
  • --- option now affects parsing of emails (e.g. user@example.com---)
Commits

Updates graphiql from 2.0.8 to 5.2.4

Release notes

Sourced from graphiql's releases.

graphiql@5.2.4

Patch Changes

graphiql@5.2.4-alpha.0

Patch Changes

  • Updated dependencies [5f44a27]:
    • @​graphiql/react@​0.37.6-alpha.0
    • @​graphiql/plugin-doc-explorer@​0.4.3-alpha.0
    • @​graphiql/plugin-history@​0.4.3-alpha.0

graphiql@5.2.3

Patch Changes

  • #4181 f1a210e Thanks @​trevor-scheer! - Fix schema prop to skip introspection when IntrospectionQuery data is provided

    Previously, passing an IntrospectionQuery result as the schema prop would still trigger a network introspection request. The shouldIntrospect check only recognized GraphQLSchema instances (via isSchema), not raw introspection data. Now, when an IntrospectionQuery is passed, a schema is built from it directly using buildClientSchema and introspection is skipped.

  • #4211 e7b30c1 Thanks @​davidjb! - Add *.css to sideEffects to allow import of CSS in Webpack Javascript

  • Updated dependencies [f1a210e, 6f5d5d2, 40359eb, e7b30c1]:

    • @​graphiql/react@​0.37.4
    • @​graphiql/plugin-doc-explorer@​0.4.2
    • @​graphiql/plugin-history@​0.4.2

graphiql@5.2.2

Patch Changes

  • #4133 1bc6568 Thanks @​dimaMachina! - to fix esm.sh example we should pin monaco-editor peer dependency to versions ≥ 0.20.0 and < 0.53, since monaco-editor@^0.53.0 isn't supported yet with monaco-graphql

  • Updated dependencies [1bc6568]:

    • @​graphiql/react@​0.37.3

graphiql@5.2.1

Patch Changes

graphiql@5.2.0

Minor Changes

... (truncated)

Changelog

Sourced from graphiql's changelog.

5.2.4

Patch Changes

5.2.3

Patch Changes

  • #4181 f1a210e Thanks @​trevor-scheer! - Fix schema prop to skip introspection when IntrospectionQuery data is provided

    Previously, passing an IntrospectionQuery result as the schema prop would still trigger a network introspection request. The shouldIntrospect check only recognized GraphQLSchema instances (via isSchema), not raw introspection data. Now, when an IntrospectionQuery is passed, a schema is built from it directly using buildClientSchema and introspection is skipped.

  • #4211 e7b30c1 Thanks @​davidjb! - Add *.css to sideEffects to allow import of CSS in Webpack Javascript

  • Updated dependencies [f1a210e, 6f5d5d2, 40359eb, e7b30c1]:

    • @​graphiql/react@​0.37.4
    • @​graphiql/plugin-doc-explorer@​0.4.2
    • @​graphiql/plugin-history@​0.4.2

5.2.2

Patch Changes

  • #4133 1bc6568 Thanks @​dimaMachina! - to fix esm.sh example we should pin monaco-editor peer dependency to versions ≥ 0.20.0 and < 0.53, since monaco-editor@^0.53.0 isn't supported yet with monaco-graphql

  • Updated dependencies [1bc6568]:

    • @​graphiql/react@​0.37.3

5.2.1

Patch Changes

5.2.0

Minor Changes

  • #4081 4950dec Thanks @​dimaMachina! - feat: add loader for initial loading of operation editor fix: adjust command palette width, border and remove box-shadow feat: add short cut Cmd/Ctrl + , for opening GraphiQL settings dialog

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for graphiql since your current version.


@dependabot dependabot Bot added dependencies Bot label; pull requests that updates a dependency file javascript Pull requests that update javascript code labels Jun 30, 2026
Bumps [linkify-it](https://github.com/markdown-it/linkify-it) to 5.0.2 and updates ancestor dependency [graphiql](https://github.com/graphql/graphiql/tree/HEAD/packages/graphiql). These dependencies need to be updated together.


Updates `linkify-it` from 3.0.3 to 5.0.2
- [Changelog](https://github.com/markdown-it/linkify-it/blob/master/CHANGELOG.md)
- [Commits](markdown-it/linkify-it@3.0.3...5.0.2)

Updates `graphiql` from 2.0.8 to 5.2.4
- [Release notes](https://github.com/graphql/graphiql/releases)
- [Changelog](https://github.com/graphql/graphiql/blob/main/packages/graphiql/CHANGELOG.md)
- [Commits](https://github.com/graphql/graphiql/commits/graphiql@5.2.4/packages/graphiql)

---
updated-dependencies:
- dependency-name: graphiql
  dependency-version: 5.2.4
  dependency-type: direct:production
- dependency-name: linkify-it
  dependency-version: 5.0.1
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/multi-52b974dfa9 branch from 5ac2f10 to c3c2883 Compare July 4, 2026 15:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Bot label; pull requests that updates a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants