fix: update async-graphql to resolve CVE-2024-47614#4

Draft

dannyneira wants to merge 1 commit into

mainfrom

independabot/async-graphql-CVE-2024-47614

Member

dannyneira commented May 17, 2026

Summary

Updates async-graphql from 7.0.1 to the patched 7.0.10 release to resolve CVE-2024-47614 / GHSA-5gc2-7c65-8fq8.
Aligns async-graphql-axum to 7.0.10 so the test server stays compatible with the repo's Axum 0.7 dependency line.
Refreshes Cargo.lock with the compatible dependency set.

Vulnerability

Advisory: GHSA-5gc2-7c65-8fq8
Dependabot alert: https://github.com/warpdotdev/graphql-ws-client/security/dependabot/5
Package: async-graphql
Ecosystem: Rust / Cargo
Vulnerable range: < 7.0.10
Patched version: 7.0.10
Dependency relationship: direct dev-dependency

Verification

cargo build --manifest-path /workspace/graphql-ws-client/Cargo.toml
cargo test --manifest-path /workspace/graphql-ws-client/Cargo.toml
cargo audit --file /workspace/graphql-ws-client/Cargo.lock (no vulnerabilities; allowed warnings only)

Conversation: https://staging.warp.dev/conversation/4896c142-871b-48c1-b1ee-55745bf26f17
Run: https://oz.staging.warp.dev/runs/019e36aa-7c5d-7d77-adb0-fad0e20ce587
This PR was generated with Oz.


          fix: update async-graphql to resolve CVE-2024-47614

e2ba8bd

Co-Authored-By: Oz <oz-agent@warp.dev>

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet