New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update all non-major dependencies #7
base: main
Are you sure you want to change the base?
Conversation
5ebd878
to
463c632
Compare
463c632
to
f22c3a2
Compare
f22c3a2
to
bbe55b5
Compare
e6278b7
to
c35c0df
Compare
d0592f0
to
7fbf252
Compare
87e42ef
to
91a9840
Compare
91a9840
to
a30b31f
Compare
74749ef
to
10c7c83
Compare
⚠ Artifact update problemRenovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is. ♻ Renovate will retry this branch, including artifacts, only when one of the following happens:
The artifact failure details are included below: File name: package-lock.json
|
136da8c
to
638b815
Compare
31912c6
to
9f9e97c
Compare
9f9e97c
to
2e9f2e4
Compare
2e9f2e4
to
599d5f1
Compare
a04f1b5
to
4fce528
Compare
2e1a59a
to
7bdc469
Compare
7bdc469
to
7f4f6d3
Compare
603e9cf
to
62bb490
Compare
a3494d9
to
71d620a
Compare
71d620a
to
1a7f07a
Compare
1a7f07a
to
1894fd3
Compare
1894fd3
to
4a36fbb
Compare
4a36fbb
to
71a3c64
Compare
efaeabe
to
a1cb84b
Compare
a1cb84b
to
764af7a
Compare
|
This PR contains the following updates:
4.0.0-alpha.2
->4.10.4
1.0.0
->1.0.1
8.10.101
->8.10.138
28.1.6
->28.1.8
14.0.0
->14.0.1
16.16.0
->16.20.2
8.15.1
->8.19.4
2.7.1
->2.8.8
28.0.7
->28.0.8
10.9.1
->10.9.2
4.7.4
->4.9.5
Release Notes
apollographql/apollo-server (@apollo/server-integration-testsuite)
v4.10.4
Compare Source
Patch Changes
18a3827
]:v4.10.3
Compare Source
Patch Changes
5f335a5
]:v4.10.2
Compare Source
Patch Changes
c7e514c
]:v4.10.1
Compare Source
Patch Changes
72f568e
]:v4.10.0
Compare Source
Minor Changes
869ec98
Thanks @ganemone! - Restore missing v1skipValidation
option asdangerouslyDisableValidation
. Note that enabling this option exposes your server to potential security and unexpected runtime issues. Apollo will not support issues that arise as a result of using this option.Patch Changes
#7740
fe68c1b
Thanks @barnisanov! - Uninstalledbody-parser
and usedexpress
built-inbody-parser
functionality instead(mainly the json middleware)Updated dependencies [
869ec98
,9bd7748
,63dc50f
,fe68c1b
,e9a0d6e
]:v4.9.5
Compare Source
Patch Changes
#7717
681bdd0dc
Thanks @renovate! - Update graphql-http dependencyUpdated dependencies [
07585fe39
,4fac1628c
]:v4.9.4
Compare Source
Patch Changes
ddce036e1
]:v4.9.3
Compare Source
Patch Changes
a1c725eaf
]:v4.9.2
Compare Source
Patch Changes
62e7d940d
]:v4.9.1
Compare Source
Patch Changes
ebfde0007
]:v4.9.0
Compare Source
Patch Changes
#7659
4784f46fb
Thanks @renovate! - Update graphql-http dependencyUpdated dependencies [
4ff81ca50
,4784f46fb
]:v4.8.1
Compare Source
Patch Changes
#7636
42fc65cb2
Thanks @trevor-scheer! - Update test suite for compatibility with Node v20Updated dependencies [
42fc65cb2
]:v4.8.0
Compare Source
Patch Changes
#7649
d33acdfdd
Thanks @mastrzyz! - Add missingsupertest
dependency#7632
64f8177ab
Thanks @renovate! - Update graphql-http dependencyUpdated dependencies [
f8a8ea08f
]:v4.7.5
Compare Source
Patch Changes
4fadf3ddc
]:v4.7.4
Compare Source
Patch Changes
#7604
aeb511c7d
Thanks @renovate! - Updategraphql-http
dependency0adaf80d1
Thanks @trevor-scheer! - Address Content Security Policy issuesThe previous implementation of CSP nonces within the landing pages did not take full advantage of the security benefit of using them. Nonces should only be used once per request, whereas Apollo Server was generating one nonce and reusing it for the lifetime of the instance. The reuse of nonces degrades the security benefit of using them but does not pose a security risk on its own. The CSP provides a defense-in-depth measure against a potential XSS, so in the absence of a known XSS vulnerability there is likely no risk to the user.
The mentioned fix also coincidentally addresses an issue with using crypto functions on startup within Cloudflare Workers. Crypto functions are now called during requests only, which resolves the error that Cloudflare Workers were facing. A recent change introduced a
precomputedNonce
configuration option to mitigate this issue, but it was an incorrect approach given the nature of CSP nonces. This configuration option is now deprecated and should not be used for any reason since it suffers from the previously mentioned issue of reusing nonces.Additionally, this change adds other applicable CSPs for the scripts, styles, images, manifest, and iframes that the landing pages load.
A final consequence of this change is an extension of the
renderLandingPage
plugin hook. This hook can now return an object with anhtml
property which returns aPromise<string>
in addition to astring
(which was the only option before).Updated dependencies [
0adaf80d1
]:v4.7.3
Compare Source
Patch Changes
75b668d9e
]:v4.7.2
Compare Source
Patch Changes
c3f04d050
]:v4.7.1
Compare Source
Patch Changes
5d3c45be9
]:v4.7.0
Compare Source
Patch Changes
#7509
5c20aa02e
Thanks @renovate! - Updategraphql-http
dependency#7475
b9ac2d6b2
Thanks @renovate! - Update graphql-http dependencyUpdated dependencies [
22a5be934
]:v4.6.0
Compare Source
Patch Changes
#7454
f6e3ae021
Thanks @trevor-scheer! - Start building packages with TS 5.x, which should have no effect for usersUpdated dependencies [
1e808146a
,f6e3ae021
,e0db95b96
]:v4.5.0
Compare Source
Patch Changes
7cc163ac8
,8cbc61406
,b694bb1dd
]:v4.4.1
Compare Source
Patch Changes
#7381
29038a4d3
Thanks @renovate! - Update graphql-http dependencyUpdated dependencies [
021460e95
]:v4.4.0
Compare Source
Patch Changes
f2d433b4f
]:v4.3.3
Compare Source
Patch Changes
#7338
01bc39838
Thanks @trevor-scheer! - Update graphql-http to 1.13.0Updated dependencies [
9de18b34c
,8c635d104
]:v4.3.2
Compare Source
Patch Changes
#7316
37d884650
Thanks @renovate! - Update graphql-http dependencyUpdated dependencies [
f246ddb71
,e25cb58ff
]:v4.3.1
Compare Source
Patch Changes
#7285
35fa72bdd
Thanks @glasser! - Adds an integration test verifying that Rover's introspection query works. This should not break any integration that passes other tests.#7276
15c912f4c
Thanks @renovate! - Update graphql-http dependencyUpdated dependencies [
ec28b4b33
,322b5ebbc
,3b0ec8529
]:v4.3.0
Compare Source
Patch Changes
#7228
f97e55304
Thanks @dnalborczyk! - Improve compatibility with Cloudflare workers by avoiding the use of the Nodeurl
package. This change is intended to be a no-op.Updated dependencies [
3a4823e0d
,d057e2ffc
,f97e55304
,d7e9b9759
,d7e9b9759
]:v4.2.2
Compare Source
Patch Changes
#7203
2042ee761
Thanks @glasser! - Fix v4.2.0 (#7171) regression where"operationName": null
,"variables": null
, and"extensions": null
in POST bodies were improperly rejected.Updated dependencies [
2042ee761
]:v4.2.1
Compare Source
Patch Changes
#7187
3fd7b5f26
Thanks @trevor-scheer! - Update@apollo/utils.keyvaluecache
dependency to the latest patch which correctly specifies its version oflru-cache
.Updated dependencies [
3fd7b5f26
]:v4.2.0
Compare Source
Minor Changes
#7171
37b3b7fb5
Thanks @glasser! - If a POST body contains a non-stringoperationName
or a non-objectvariables
orextensions
, fail with status code 400 instead of ignoring the field.In addition to being a reasonable idea, this provides more compliance with the "GraphQL over HTTP" spec.
This is a backwards incompatible change, but we are still early in the Apollo Server 4 adoption cycle and this is in line with the change already made in Apollo Server 4 to reject requests providing
variables
orextensions
as strings. If this causes major problems for users who have already upgraded to Apollo Server 4 in production, we can consider reverting or partially reverting this change.Patch Changes
#7170
4ce738193
Thanks @trevor-scheer! - Update @apollo/utils packages to v2 (dropping node 12 support)#7179
c8129c23f
Thanks @renovate! - Fix a few tests to support (but not require) TypeScript 4.9.#7171
37b3b7fb5
Thanks @glasser! - The integration test suite now incorporates thegraphql-http
package's audit suite for the "GraphQL over HTTP" specification.#7183
46af8255c
Thanks @glasser! - Apollo Server tries to detect if execution errors are variable coercion errors in order to give them acode
extension ofBAD_USER_INPUT
rather thanINTERNAL_SERVER_ERROR
. Previously this would unconditionally set thecode
; now, it only sets thecode
if nocode
is already set, so that (for example) custom scalarparseValue
methods can throw errors with specificcode
s. (Note that a separate graphql-js bug can lead to these extensions being lost; see https://github.com/graphql/graphql-js/pull/3785 for details.)Updated dependencies [
4ce738193
,37b3b7fb5
,b1548c1d6
,7ff96f533
,46af8255c
]:v4.1.1
Compare Source
Patch Changes
c835637be
]:v4.1.0
Compare Source
Minor Changes
2a2d1e3b4
Thanks @glasser! - Thecache-control
HTTP response header set by the cache control plugin now properly reflects the cache policy of all operations in a batched HTTP request. (If you write thecache-control
response header via a different mechanism to a format that the plugin would not produce, the plugin no longer writes the header.) For more information, see advisory GHSA-8r69-3cvp-wxc3.2a2d1e3b4
Thanks @glasser! - Plugins processing multiple operations in a batched HTTP request now have a sharedrequestContext.request.http
object. Changes to HTTP response headers and HTTP status code made by plugins operating on one operation can be immediately seen by plugins operating on other operations in the same HTTP request.2a2d1e3b4
Thanks @glasser! - New fieldGraphQLRequestContext.requestIsBatched
available to plugins.#7114
c1651bfac
Thanks @trevor-scheer! - Directly depend on Apollo Server rather than as a peerPatch Changes
2a2d1e3b4
,2a2d1e3b4
,2a2d1e3b4
]:v4.0.5
Compare Source
Patch Changes
15d8d65e0
,e4e7738be
,e4e7738be
,15d8d65e0
]:v4.0.4
Compare Source
Patch Changes
#7080
540f3d97c
Thanks @martinnabhan! - Recognize malformed JSON error messages from Next.js.Updated dependencies []:
v4.0.3
Compare Source
Patch Changes
#7073
e7f524eac
Thanks @glasser! - Never interpretGET
requests as batched. In previous versions of Apollo Server 4, aGET
request whose body was a JSON array with N elements would be interpreted as a batch of the operation specified in the query string repeated N times. Now we just ignore the body forGET
requests (like in Apollo Server 3), and never treat them as batched.#7071
0ed389ce8
Thanks @glasser! - Fix v4 regression: gateway implementations should be able to set HTTP response headers and the status code.Updated dependencies [
e7f524eac
,0ed389ce8
]:v4.0.2
Compare Source
Patch Changes
#7035
b3f400063
Thanks @barryhagan! - Errors resulting from an attempt to use introspection when it is not enabled now have an additionalvalidationErrorCode: 'INTROSPECTION_DISABLED'
extension; this value is part of a new enumApolloServerValidationErrorCode
exported from@apollo/server/errors
.#7066
f11d55a83
Thanks @trevor-scheer! - Add a test to validate error message and code for invalid operation names via GET#7055
d0d8f4be7
Thanks @trevor-scheer! - Fix build configuration issue and align on CJS correctlyUpdated dependencies [
b3f400063
]:v4.0.1
Compare Source
Patch Changes
#7049
3daee02c6
Thanks @glasser! - Raise minimumengines
requirement from Node.js v14.0.0 to v14.16.0. This is the minimum version of Node 14 supported by theengines
requirement ofgraphql@16.6.0
.Updated dependencies [
3daee02c6
,3daee02c6
]:v4.0.0
Compare Source
Initial release of
@apollo/server-integration-testsuite
.v4.0.0-rc.18
Compare Source
Patch Changes
#7001
63d568d13
Thanks @glasser! - Test the behavior of didResolveOperation hooks throwing.Updated dependencies []:
v4.0.0-rc.17
Compare Source
Patch Changes
233b44eea
]:v4.0.0-rc.16
Compare Source
Patch Changes
#6986
db5d715a3
Thanks @glasser! - The cache control plugin setscache-control: no-store
for uncacheable responses. PasscalculateHttpHeaders: 'if-cacheable'
to the cache control plugin to restore AS3 behavior.Updated dependencies [
db5d715a3
]:v4.0.0-rc.15
Compare Source
Patch Changes
d20842824
,e1455d583
]:v4.0.0-rc.14
Compare Source
Patch Changes
#6961
a782c791f
Thanks @glasser! - Require graphql@16.6 as a peer dependency.Updated dependencies [
a782c791f
,d3ea2d4ef
]:v4.0.0-alpha.13
Compare Source
Patch Changes
#6936
a404bf17e
Thanks @trevor-scheer! - Add test for batch requests with no elementsUpdated dependencies [
a404bf17e
,a404bf17e
,a404bf17e
]:v4.0.0-alpha.12
Compare Source
Patch Changes
#6827
0c2909aa1
Thanks @glasser! - Experimental support for incremental delivery (@defer
/@stream
) when combined with a prerelease ofgraphql-js
.#6850
256f2424b
Thanks @renovate! - Expand jest peer deps to include v29#6910
6541f92c9
Thanks @trevor-scheer! - Update snapshot format to future jest v29 default#6827
0c2909aa1
Thanks @glasser! - Support application/graphql-response+json content-type if requested via Accept header, as per graphql-over-http spec.Include
charset=utf-8
in content-type headers.Updated dependencies [
0c2909aa1
,0c2909aa1
]:v4.0.0-alpha.11
Compare Source
Patch Changes
115ab2fa8
Thanks @trevor-scheer! - Relax message requirement for malformed JSON POST to allow default 'Bad Request'response.
6b37d169b
]:v4.0.0-alpha.10
Compare Source
Patch Changes
15b1cb2e9
Thanks @glasser! - Errors thrown in resolvers and context functions can useextensions.http
to affect the response status code and headers. The default behavior when a context function throws is now to always use status code 500 rather than comparingextensions.code
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.