chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@apollo/server-integration-testsuite (source)	4.0.0-alpha.2 -> 4.10.4					devDependencies	minor
@apollo/utils.withrequired (source)	1.0.0 -> 1.0.1					devDependencies	patch
@types/aws-lambda (source)	8.10.101 -> 8.10.138					devDependencies	patch
@types/jest (source)	28.1.6 -> 28.1.8					devDependencies	patch
jest-junit	14.0.0 -> 14.0.1					devDependencies	patch
node (source)	16.16.0 -> 16.20.2					volta	minor
npm (source)	8.15.1 -> 8.19.4					volta	minor
prettier (source)	2.7.1 -> 2.8.8					devDependencies	minor
ts-jest (source)	28.0.7 -> 28.0.8					devDependencies	patch
ts-node (source)	10.9.1 -> 10.9.2					devDependencies	patch
typescript (source)	4.7.4 -> 4.9.5					devDependencies	minor

---

Release Notes

apollographql/apollo-server (@​apollo/server-integration-testsuite)

v4.10.4

Compare Source

Patch Changes

• Updated dependencies [18a3827]:
  • @​apollo/server@​4.10.4

v4.10.3

Compare Source

Patch Changes

• Updated dependencies [5f335a5]:
  • @​apollo/server@​4.10.3

v4.10.2

Compare Source

Patch Changes

• Updated dependencies [c7e514c]:
  • @​apollo/server@​4.10.2

v4.10.1

Compare Source

Patch Changes

• Updated dependencies [72f568e]:
  • @​apollo/server@​4.10.1

v4.10.0

Compare Source

Minor Changes

• #​7786 869ec98 Thanks @​ganemone! - Restore missing v1 skipValidation option as dangerouslyDisableValidation. Note that enabling this option exposes your server to potential security and unexpected runtime issues. Apollo will not support issues that arise as a result of using this option.

Patch Changes

• #​7740 fe68c1b Thanks @​barnisanov! - Uninstalled body-parser and used express built-in body-parser functionality instead(mainly the json middleware)

• Updated dependencies [869ec98, 9bd7748, 63dc50f, fe68c1b, e9a0d6e]:

  • @​apollo/server@​4.10.0

v4.9.5

Compare Source

Patch Changes

• #​7717 681bdd0dc Thanks @​renovate! - Update graphql-http dependency

• Updated dependencies [07585fe39, 4fac1628c]:

  • @​apollo/server@​4.9.5

v4.9.4

Compare Source

Patch Changes

• Updated dependencies [ddce036e1]:
  • @​apollo/server@​4.9.4

v4.9.3

Compare Source

Patch Changes

• Updated dependencies [a1c725eaf]:
  • @​apollo/server@​4.9.3

v4.9.2

Compare Source

Patch Changes

• Updated dependencies [62e7d940d]:
  • @​apollo/server@​4.9.2

v4.9.1

Compare Source

Patch Changes

• Updated dependencies [ebfde0007]:
  • @​apollo/server@​4.9.1

v4.9.0

Compare Source

Patch Changes

• #​7659 4784f46fb Thanks @​renovate! - Update graphql-http dependency

• Updated dependencies [4ff81ca50, 4784f46fb]:

  • @​apollo/server@​4.9.0

v4.8.1

Compare Source

Patch Changes

• #​7636 42fc65cb2 Thanks @​trevor-scheer! - Update test suite for compatibility with Node v20

• Updated dependencies [42fc65cb2]:

  • @​apollo/server@​4.8.1

v4.8.0

Compare Source

Patch Changes

• #​7649 d33acdfdd Thanks @​mastrzyz! - Add missing supertest dependency

• #​7632 64f8177ab Thanks @​renovate! - Update graphql-http dependency

• Updated dependencies [f8a8ea08f]:

  • @​apollo/server@​4.8.0

v4.7.5

Compare Source

Patch Changes

• Updated dependencies [4fadf3ddc]:
  • @​apollo/cache-control-types@​1.0.3
  • @​apollo/server@​4.7.5
  • @​apollo/usage-reporting-protobuf@​4.1.1

v4.7.4

Compare Source

Patch Changes

• #​7604 aeb511c7d Thanks @​renovate! - Update graphql-http dependency

• 0adaf80d1 Thanks @​trevor-scheer! - Address Content Security Policy issues

  The previous implementation of CSP nonces within the landing pages did not take full advantage of the security benefit of using them. Nonces should only be used once per request, whereas Apollo Server was generating one nonce and reusing it for the lifetime of the instance. The reuse of nonces degrades the security benefit of using them but does not pose a security risk on its own. The CSP provides a defense-in-depth measure against a potential XSS, so in the absence of a known XSS vulnerability there is likely no risk to the user.

  The mentioned fix also coincidentally addresses an issue with using crypto functions on startup within Cloudflare Workers. Crypto functions are now called during requests only, which resolves the error that Cloudflare Workers were facing. A recent change introduced a precomputedNonce configuration option to mitigate this issue, but it was an incorrect approach given the nature of CSP nonces. This configuration option is now deprecated and should not be used for any reason since it suffers from the previously mentioned issue of reusing nonces.

  Additionally, this change adds other applicable CSPs for the scripts, styles, images, manifest, and iframes that the landing pages load.

  A final consequence of this change is an extension of the renderLandingPage plugin hook. This hook can now return an object with an html property which returns a Promise<string> in addition to a string (which was the only option before).

• Updated dependencies [0adaf80d1]:

  • @​apollo/server@​4.7.4

v4.7.3

Compare Source

Patch Changes

• Updated dependencies [75b668d9e]:
  • @​apollo/server@​4.7.3

v4.7.2

Compare Source

Patch Changes

• Updated dependencies [c3f04d050]:
  • @​apollo/server@​4.7.2

v4.7.1

Compare Source

Patch Changes

• Updated dependencies [5d3c45be9]:
  • @​apollo/server@​4.7.1

v4.7.0

Compare Source

Patch Changes

• #​7509 5c20aa02e Thanks @​renovate! - Update graphql-http dependency

• #​7475 b9ac2d6b2 Thanks @​renovate! - Update graphql-http dependency

• Updated dependencies [22a5be934]:

  • @​apollo/server@​4.7.0

v4.6.0

Compare Source

Patch Changes

• #​7454 f6e3ae021 Thanks @​trevor-scheer! - Start building packages with TS 5.x, which should have no effect for users

• Updated dependencies [1e808146a, f6e3ae021, e0db95b96]:

  • @​apollo/server@​4.6.0

v4.5.0

Compare Source

Patch Changes

• Updated dependencies [7cc163ac8, 8cbc61406, b694bb1dd]:
  • @​apollo/server@​4.5.0

v4.4.1

Compare Source

Patch Changes

• #​7381 29038a4d3 Thanks @​renovate! - Update graphql-http dependency

• Updated dependencies [021460e95]:

  • @​apollo/usage-reporting-protobuf@​4.1.0
  • @​apollo/server@​4.4.1

v4.4.0

Compare Source

Patch Changes

• Updated dependencies [f2d433b4f]:
  • @​apollo/server@​4.4.0

v4.3.3

Compare Source

Patch Changes

• #​7338 01bc39838 Thanks @​trevor-scheer! - Update graphql-http to 1.13.0

• Updated dependencies [9de18b34c, 8c635d104]:

  • @​apollo/server@​4.3.3

v4.3.2

Compare Source

Patch Changes

• #​7316 37d884650 Thanks @​renovate! - Update graphql-http dependency

• Updated dependencies [f246ddb71, e25cb58ff]:

  • @​apollo/server@​4.3.2

v4.3.1

Compare Source

Patch Changes

• #​7285 35fa72bdd Thanks @​glasser! - Adds an integration test verifying that Rover's introspection query works. This should not break any integration that passes other tests.

• #​7276 15c912f4c Thanks @​renovate! - Update graphql-http dependency

• Updated dependencies [ec28b4b33, 322b5ebbc, 3b0ec8529]:

  • @​apollo/server@​4.3.1

v4.3.0

Compare Source

Patch Changes

• #​7228 f97e55304 Thanks @​dnalborczyk! - Improve compatibility with Cloudflare workers by avoiding the use of the Node url package. This change is intended to be a no-op.

• Updated dependencies [3a4823e0d, d057e2ffc, f97e55304, d7e9b9759, d7e9b9759]:

  • @​apollo/server@​4.3.0

v4.2.2

Compare Source

Patch Changes

• #​7203 2042ee761 Thanks @​glasser! - Fix v4.2.0 (#​7171) regression where "operationName": null, "variables": null, and "extensions": null in POST bodies were improperly rejected.

• Updated dependencies [2042ee761]:

  • @​apollo/server@​4.2.2

v4.2.1

Compare Source

Patch Changes

• #​7187 3fd7b5f26 Thanks @​trevor-scheer! - Update @apollo/utils.keyvaluecache dependency to the latest patch which correctly specifies its version of lru-cache.

• Updated dependencies [3fd7b5f26]:

  • @​apollo/server@​4.2.1

v4.2.0

Compare Source

Minor Changes

• #​7171 37b3b7fb5 Thanks @​glasser! - If a POST body contains a non-string operationName or a non-object variables or extensions, fail with status code 400 instead of ignoring the field.

  In addition to being a reasonable idea, this provides more compliance with the "GraphQL over HTTP" spec.

  This is a backwards incompatible change, but we are still early in the Apollo Server 4 adoption cycle and this is in line with the change already made in Apollo Server 4 to reject requests providing variables or extensions as strings. If this causes major problems for users who have already upgraded to Apollo Server 4 in production, we can consider reverting or partially reverting this change.

Patch Changes

• #​7170 4ce738193 Thanks @​trevor-scheer! - Update @​apollo/utils packages to v2 (dropping node 12 support)

• #​7179 c8129c23f Thanks @​renovate! - Fix a few tests to support (but not require) TypeScript 4.9.

• #​7171 37b3b7fb5 Thanks @​glasser! - The integration test suite now incorporates the graphql-http package's audit suite for the "GraphQL over HTTP" specification.

• #​7183 46af8255c Thanks @​glasser! - Apollo Server tries to detect if execution errors are variable coercion errors in order to give them a code extension of BAD_USER_INPUT rather than INTERNAL_SERVER_ERROR. Previously this would unconditionally set the code; now, it only sets the code if no code is already set, so that (for example) custom scalar parseValue methods can throw errors with specific codes. (Note that a separate graphql-js bug can lead to these extensions being lost; see https://github.com/graphql/graphql-js/pull/3785 for details.)

• Updated dependencies [4ce738193, 37b3b7fb5, b1548c1d6, 7ff96f533, 46af8255c]:

  • @​apollo/server@​4.2.0

v4.1.1

Compare Source

Patch Changes

• Updated dependencies [c835637be]:
  • @​apollo/server@​4.1.1

v4.1.0

Compare Source

Minor Changes

• 2a2d1e3b4 Thanks @​glasser! - The cache-control HTTP response header set by the cache control plugin now properly reflects the cache policy of all operations in a batched HTTP request. (If you write the cache-control response header via a different mechanism to a format that the plugin would not produce, the plugin no longer writes the header.) For more information, see advisory GHSA-8r69-3cvp-wxc3.

• 2a2d1e3b4 Thanks @​glasser! - Plugins processing multiple operations in a batched HTTP request now have a shared requestContext.request.http object. Changes to HTTP response headers and HTTP status code made by plugins operating on one operation can be immediately seen by plugins operating on other operations in the same HTTP request.

• 2a2d1e3b4 Thanks @​glasser! - New field GraphQLRequestContext.requestIsBatched available to plugins.

• #​7114 c1651bfac Thanks @​trevor-scheer! - Directly depend on Apollo Server rather than as a peer

Patch Changes

• Updated dependencies [2a2d1e3b4, 2a2d1e3b4, 2a2d1e3b4]:
  • @​apollo/server@​4.1.0

v4.0.5

Compare Source

Patch Changes

• Updated dependencies [15d8d65e0, e4e7738be, e4e7738be, 15d8d65e0]:
  • @​apollo/server@​4.0.5

v4.0.4

Compare Source

Patch Changes

• #​7080 540f3d97c Thanks @​martinnabhan! - Recognize malformed JSON error messages from Next.js.

• Updated dependencies []:

  • @​apollo/server@​4.0.4

v4.0.3

Compare Source

Patch Changes

• #​7073 e7f524eac Thanks @​glasser! - Never interpret GET requests as batched. In previous versions of Apollo Server 4, a GET request whose body was a JSON array with N elements would be interpreted as a batch of the operation specified in the query string repeated N times. Now we just ignore the body for GET requests (like in Apollo Server 3), and never treat them as batched.

• #​7071 0ed389ce8 Thanks @​glasser! - Fix v4 regression: gateway implementations should be able to set HTTP response headers and the status code.

• Updated dependencies [e7f524eac, 0ed389ce8]:

  • @​apollo/server@​4.0.3

v4.0.2

Compare Source

Patch Changes

• #​7035 b3f400063 Thanks @​barryhagan! - Errors resulting from an attempt to use introspection when it is not enabled now have an additional validationErrorCode: 'INTROSPECTION_DISABLED' extension; this value is part of a new enum ApolloServerValidationErrorCode exported from @apollo/server/errors.

• #​7066 f11d55a83 Thanks @​trevor-scheer! - Add a test to validate error message and code for invalid operation names via GET

• #​7055 d0d8f4be7 Thanks @​trevor-scheer! - Fix build configuration issue and align on CJS correctly

• Updated dependencies [b3f400063]:

  • @​apollo/server@​4.0.2

v4.0.1

Compare Source

Patch Changes

• #​7049 3daee02c6 Thanks @​glasser! - Raise minimum engines requirement from Node.js v14.0.0 to v14.16.0. This is the minimum version of Node 14 supported by the engines requirement of graphql@16.6.0.

• Updated dependencies [3daee02c6, 3daee02c6]:

  • @​apollo/server@​4.0.1

v4.0.0

Compare Source

Initial release of @apollo/server-integration-testsuite.

v4.0.0-rc.18

Compare Source

Patch Changes

• #​7001 63d568d13 Thanks @​glasser! - Test the behavior of didResolveOperation hooks throwing.

• Updated dependencies []:

  • @​apollo/server@​4.0.0-rc.18

v4.0.0-rc.17

Compare Source

Patch Changes

• Updated dependencies [233b44eea]:
  • @​apollo/server@​4.0.0-rc.17

v4.0.0-rc.16

Compare Source

Patch Changes

• #​6986 db5d715a3 Thanks @​glasser! - The cache control plugin sets cache-control: no-store for uncacheable responses. Pass calculateHttpHeaders: 'if-cacheable' to the cache control plugin to restore AS3 behavior.

• Updated dependencies [db5d715a3]:

  • @​apollo/server@​4.0.0-rc.16

v4.0.0-rc.15

Compare Source

Patch Changes

• Updated dependencies [d20842824, e1455d583]:
  • @​apollo/usage-reporting-protobuf@​4.0.0-rc.2
  • @​apollo/server@​4.0.0-rc.15

v4.0.0-rc.14

Compare Source

Patch Changes

• #​6961 a782c791f Thanks @​glasser! - Require graphql@16.6 as a peer dependency.

• Updated dependencies [a782c791f, d3ea2d4ef]:

  • @​apollo/server@​4.0.0-rc.14

v4.0.0-alpha.13

Compare Source

Patch Changes

• #​6936 a404bf17e Thanks @​trevor-scheer! - Add test for batch requests with no elements

• Updated dependencies [a404bf17e, a404bf17e, a404bf17e]:

  • @​apollo/server@​4.0.0-alpha.13

v4.0.0-alpha.12

Compare Source

Patch Changes

• #​6827 0c2909aa1 Thanks @​glasser! - Experimental support for incremental delivery (@defer/@stream) when combined with a prerelease of graphql-js.

• #​6850 256f2424b Thanks @​renovate! - Expand jest peer deps to include v29

• #​6910 6541f92c9 Thanks @​trevor-scheer! - Update snapshot format to future jest v29 default

• #​6827 0c2909aa1 Thanks @​glasser! - Support application/graphql-response+json content-type if requested via Accept header, as per graphql-over-http spec.
  Include charset=utf-8 in content-type headers.

• Updated dependencies [0c2909aa1, 0c2909aa1]:

  • @​apollo/server@​4.0.0-alpha.12

v4.0.0-alpha.11

Compare Source

Patch Changes

• #​6906 115ab2fa8 Thanks @​trevor-scheer! - Relax message requirement for malformed JSON POST to allow default 'Bad Request'
  response.
• Updated dependencies [6b37d169b]:
  • @​apollo/server@​4.0.0-alpha.11

v4.0.0-alpha.10

Compare Source

Patch Changes

• #​6857 15b1cb2e9 Thanks @​glasser! - Errors thrown in resolvers and context functions can use extensions.http to affect the response status code and headers. The default behavior when a context function throws is now to always use status code 500 rather than comparing extensions.code

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm WARN cli npm v10.5.2 does not support Node.js v16.20.2. This version of npm supports the following node versions: `^18.17.0 || >=20.5.0`. You can find the latest version at https://nodejs.org/.
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! While resolving: server-v4-integration-demos@undefined
npm ERR! Found: graphql@16.5.0
npm ERR! node_modules/graphql
npm ERR!   dev graphql@"16.5.0" from the root project
npm ERR!   peer graphql@"^16.5.0" from apollo-server-integration-fastify@0.0.0
npm ERR!   packages/fastify
npm ERR!     apollo-server-integration-fastify@0.0.0
npm ERR!     node_modules/apollo-server-integration-fastify
npm ERR!       workspace packages/fastify from the root project
npm ERR!   1 more (apollo-server-integration-lambda)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer graphql@"^16.6.0" from @apollo/server-integration-testsuite@4.10.4
npm ERR! node_modules/@apollo/server-integration-testsuite
npm ERR!   dev @apollo/server-integration-testsuite@"4.10.4" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! 
npm ERR! For a full report see:
npm ERR! /tmp/renovate/cache/others/npm/_logs/2024-04-18T17_02_49_311Z-eresolve-report.txt

npm ERR! A complete log of this run can be found in: /tmp/renovate/cache/others/npm/_logs/2024-04-18T17_02_49_311Z-debug-0.log

[renovate]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json

npm warn cli npm v10.8.0 does not support Node.js v16.20.2. This version of npm supports the following node versions: `^18.17.0 || >=20.5.0`. You can find the latest version at https://nodejs.org/.
npm error code ERESOLVE
npm error ERESOLVE unable to resolve dependency tree
npm error
npm error While resolving: server-v4-integration-demos@undefined
npm error Found: graphql@16.5.0
npm error node_modules/graphql
npm error   dev graphql@"16.5.0" from the root project
npm error   peer graphql@"^16.5.0" from apollo-server-integration-fastify@0.0.0
npm error   packages/fastify
npm error     apollo-server-integration-fastify@0.0.0
npm error     node_modules/apollo-server-integration-fastify
npm error       workspace packages/fastify from the root project
npm error   1 more (apollo-server-integration-lambda)
npm error
npm error Could not resolve dependency:
npm error peer graphql@"^16.6.0" from @apollo/server-integration-testsuite@4.10.4
npm error node_modules/@apollo/server-integration-testsuite
npm error   dev @apollo/server-integration-testsuite@"4.10.4" from the root project
npm error
npm error Fix the upstream dependency conflict, or retry
npm error this command with --force or --legacy-peer-deps
npm error to accept an incorrect (and potentially broken) dependency resolution.
npm error
npm error
npm error For a full report see:
npm error /tmp/renovate/cache/others/npm/_logs/2024-05-16T18_44_05_356Z-eresolve-report.txt
npm error A complete log of this run can be found in: /tmp/renovate/cache/others/npm/_logs/2024-05-16T18_44_05_356Z-debug-0.log