From efd052de377a303d68fb5e97f55ad3e99dcd989a Mon Sep 17 00:00:00 2001 From: Trevor Scheer Date: Tue, 29 Mar 2022 14:33:54 -0700 Subject: [PATCH 1/2] Update to latest apollo-tools package --- package-lock.json | 22 +++++++++++++--------- package.json | 2 +- packages/apollo-server-core/package.json | 2 +- 3 files changed, 15 insertions(+), 11 deletions(-) diff --git a/package-lock.json b/package-lock.json index d9e9d5d63df..6f8b8a35390 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8,7 +8,7 @@ "hasInstallScript": true, "license": "MIT", "dependencies": { - "@apollographql/apollo-tools": "0.5.2", + "@apollographql/apollo-tools": "0.5.3", "apollo-datasource": "file:packages/apollo-datasource", "apollo-datasource-rest": "file:packages/apollo-datasource-rest", "apollo-reporting-protobuf": "file:packages/apollo-reporting-protobuf", @@ -202,12 +202,15 @@ "license": "MIT" }, "node_modules/@apollographql/apollo-tools": { - "version": "0.5.2", - "resolved": "https://registry.npmjs.org/@apollographql/apollo-tools/-/apollo-tools-0.5.2.tgz", - "integrity": "sha512-KxZiw0Us3k1d0YkJDhOpVH5rJ+mBfjXcgoRoCcslbgirjgLotKMzOcx4PZ7YTEvvEROmvG7X3Aon41GvMmyGsw==", + "version": "0.5.3", + "resolved": "https://registry.npmjs.org/@apollographql/apollo-tools/-/apollo-tools-0.5.3.tgz", + "integrity": "sha512-VcsXHfTFoCodDAgJZxN04GdFK1kqOhZQnQY/9Fa147P+I8xfvOSz5d+lKAPB+hwSgBNyd7ncAKGIs4+utbL+yA==", "engines": { "node": ">=8", "npm": ">=6" + }, + "peerDependencies": { + "graphql": "^14.2.1 || ^15.0.0 || ^16.0.0" } }, "node_modules/@apollographql/graphql-playground-html": { @@ -21461,7 +21464,7 @@ "version": "3.6.6", "license": "MIT", "dependencies": { - "@apollographql/apollo-tools": "^0.5.1", + "@apollographql/apollo-tools": "^0.5.3", "@apollographql/graphql-playground-html": "1.6.29", "@graphql-tools/mock": "^8.1.2", "@graphql-tools/schema": "^8.0.0", @@ -21788,9 +21791,10 @@ } }, "@apollographql/apollo-tools": { - "version": "0.5.2", - "resolved": "https://registry.npmjs.org/@apollographql/apollo-tools/-/apollo-tools-0.5.2.tgz", - "integrity": "sha512-KxZiw0Us3k1d0YkJDhOpVH5rJ+mBfjXcgoRoCcslbgirjgLotKMzOcx4PZ7YTEvvEROmvG7X3Aon41GvMmyGsw==" + "version": "0.5.3", + "resolved": "https://registry.npmjs.org/@apollographql/apollo-tools/-/apollo-tools-0.5.3.tgz", + "integrity": "sha512-VcsXHfTFoCodDAgJZxN04GdFK1kqOhZQnQY/9Fa147P+I8xfvOSz5d+lKAPB+hwSgBNyd7ncAKGIs4+utbL+yA==", + "requires": {} }, "@apollographql/graphql-playground-html": { "version": "1.6.29", @@ -27168,7 +27172,7 @@ "apollo-server-core": { "version": "file:packages/apollo-server-core", "requires": { - "@apollographql/apollo-tools": "^0.5.1", + "@apollographql/apollo-tools": "^0.5.3", "@apollographql/graphql-playground-html": "1.6.29", "@graphql-tools/mock": "^8.1.2", "@graphql-tools/schema": "^8.0.0", diff --git a/package.json b/package.json index fefe736dfe0..9031a6308d7 100644 --- a/package.json +++ b/package.json @@ -29,7 +29,7 @@ "npm": "8.x" }, "dependencies": { - "@apollographql/apollo-tools": "0.5.2", + "@apollographql/apollo-tools": "0.5.3", "apollo-datasource": "file:packages/apollo-datasource", "apollo-datasource-rest": "file:packages/apollo-datasource-rest", "apollo-reporting-protobuf": "file:packages/apollo-reporting-protobuf", diff --git a/packages/apollo-server-core/package.json b/packages/apollo-server-core/package.json index 5cd2539892b..42a8ee5c1b3 100644 --- a/packages/apollo-server-core/package.json +++ b/packages/apollo-server-core/package.json @@ -25,7 +25,7 @@ "node": ">=12.0" }, "dependencies": { - "@apollographql/apollo-tools": "^0.5.1", + "@apollographql/apollo-tools": "^0.5.3", "@apollographql/graphql-playground-html": "1.6.29", "@graphql-tools/mock": "^8.1.2", "@graphql-tools/schema": "^8.0.0", From 76fbfa61277c941014e60f032c60f453255a151f Mon Sep 17 00:00:00 2001 From: Trevor Scheer Date: Tue, 29 Mar 2022 14:53:13 -0700 Subject: [PATCH 2/2] Changelog entry --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a10c812f237..db7e75a6805 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,6 +9,8 @@ The version headers in this history reflect the versions of Apollo Server itself ## vNEXT +- `apollo-server-core`: Update `@apollographql/apollo-tools` dependency to the latest version which now properly lists its peer dependencies. This is problematic for Yarn3 PnP users (as reported in https://github.com/apollographql/apollo-server/issues/6269) [PR #6273](https://github.com/apollographql/apollo-server/pull/6273) + ## v3.6.6 - ⚠️ **SECURITY** `apollo-server-core`: Apollo Server 3.4.0 introduced a new `documentStore` constructor option (replacing the `experimental_approximateDocumentStoreMiB` option) which allows you to customize an internal cache used by ApolloServer to memoize the results of parsing and validating GraphQL operations. When this option was combined with the `gateway` option, it was possible for Apollo Server to attempt to execute invalid GraphQL operations. Specifically, if a server processed an operation and then its schema was updated with a change that made that operation no longer valid, the server could still attempt to execute the operation again without re-validating it against the new schema. The problem only lasts until the server is restarted. This release changes the semantics of the `documentStore` option so that a different key prefix is used each time the schema is updated. (As a side effect, you no longer have to be careful to avoid sharing a `documentStore` between multiple `ApolloServer` objects.) **This update is highly recommended for any users that specify both `documentStore` and `gateway` in `new ApolloServer()`.**