codeql/javascript/old-change-notes/2021-02-11-apollo-client.md

lgtm,codescanning

• URIs used in the Apollo-link libraries are now recognized as sinks for js/request-forgery. Affected packages are apollo-link-http, apollo-client, apollo-boost, apollo-client-preset, and apollo-link-ws