-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Upgrade @apollo/client from 3.3.11 to 3.12.4 #1754
base: canary
Are you sure you want to change the base?
Conversation
Snyk has created this PR to upgrade @apollo/client from 3.3.11 to 3.12.4. See this package in npm: @apollo/client See this project in Snyk: https://app.snyk.io/org/sammyfilly/project/e7858787-e4f8-4199-b0a4-f0fd87f932b1?utm_source=github&utm_medium=referral&page=upgrade-pr
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
Run & review this pull request in StackBlitz Codeflow. |
Reviewer's Guide by SourceryUpgrade @apollo/client from 3.3.11 to 3.12.4 to fix a moderate Information Exposure vulnerability and implement data masking. Flow diagram showing data masking behaviorflowchart TD
Q[Query/Fragment] --> DM{Data Masking<br/>Enabled?}
DM -->|Yes| CM[Check Field Masking]
CM --> AF{Accessing<br/>Field?}
AF -->|Yes| CV{Field in<br/>Selection Set?}
CV -->|Yes| AA[Allow Access]
CV -->|No| DA[Deny Access]
AF -->|No| AA
DM -->|No| AA
style DM fill:#f96,stroke:#333,stroke-width:2px
style CV fill:#f96,stroke:#333,stroke-width:2px
File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
|
Deployment failed with the following error:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have skipped reviewing this pull request. Here's why:
- It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
- We don't review packaging changes - Let us know if you'd like us to change this.
Snyk has created this PR to upgrade @apollo/client from 3.3.11 to 3.12.4.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 275 versions ahead of your current version.
The recommended version was released a month ago.
Issues fixed by the recommended upgrade:
SNYK-JS-APOLLOCLIENT-1085706
Release notes
Package name: @apollo/client
Patch Changes
4334d30
Thanks @ charpeni! - Fix an issue withrefetchQueries
where comparingDocumentNode
s internally by references could lead to an unknown query, even though theDocumentNode
was indeed an active query—with a different reference.Patch Changes
#12214
8bfee88
Thanks @ phryneas! - Data masking: prevent infinite recursion ofContainsFragmentsRefs
type#12204
851deb0
Thanks @ jerelmiller! - FixUnmasked
unwrapping tuple types into an array of their subtypes.#12204
851deb0
Thanks @ jerelmiller! - EnsureMaybeMasked
does not try and unwrap types that contain index signatures.#12204
851deb0
Thanks @ jerelmiller! - EnsureMaybeMasked
does not try to unwrap the type asUnmasked
if the type containsany
.Patch Changes
84af347
Thanks @ jerelmiller! - Update peer deps to allow for React 19 stable release.Patch Changes
e1efe74
Thanks @ phryneas! - Fix import extension in masking entry point.Minor Changes
Data masking 🎭
#12042
1c0ecbf
Thanks @ jerelmiller! - Introduces data masking in Apollo Client.Data masking enforces that only the fields requested by the query or fragment is available to that component. Data masking is best paired with colocated fragments.
To enable data masking in Apollo Client, set the
dataMasking
option totrue
.For detailed information on data masking, including how to incrementally adopt it in an existing applications, see the data masking documentation.
#12131
21c3f08
Thanks @ jerelmiller! - Allownull
as a validfrom
value inuseFragment
.More Patch Changes
#12126
d10d702
Thanks @ jerelmiller! - Maintain the existing document if its unchanged by the codemod and move to more naive whitespace formatting#12150
9ed1e1e
Thanks @ jerelmiller! - Fix issue when usingUnmasked
with older versions of TypeScript when used with array fields.#12116
8ae6e4e
Thanks @ jerelmiller! - Prevent field accessor warnings when using@ unmask(mode: "migrate")
on objects that are passed intocache.identify
.#12120
6a98e76
Thanks @ jerelmiller! - Provide a codemod that applies@ unmask
to all named fragments for all operations and fragments.Learn how to use the codemod in the incremental adoption documentation.
#12134
cfaf4ef
Thanks @ jerelmiller! - Fix issue where data went missing when an unmasked fragment in migrate mode selected fields that the parent did not.#12154
d933def
Thanks @ phryneas! - Data masking types: handle overlapping nested array types and fragments on interface types.#12139
5a53e15
Thanks @ phryneas! - Fix issue where masked data would sometimes get returned when the field was part of a child fragment from a fragment unmasked by the parent query.#12123
8422a30
Thanks @ jerelmiller! - Warn when using data masking with "no-cache" operations.#12139
5a53e15
Thanks @ phryneas! - Fix issue where the warning emitted by@ unmask(mode: "migrate")
would trigger unnecessarily when the fragment was used alongside a masked fragment inside an inline fragment.#12114
1d4ce00
Thanks @ jerelmiller! - Fix error when combining@ unmask
and@ defer
directives on a fragment spread when data masking is enabled.#12130
1e7d009
Thanks @ jerelmiller! - Fix error thrown when applying unmask migrate mode warnings on interface types with selection sets that contain inline fragment conditions.#12152
78137ec
Thanks @ phryneas! - Add a helper that will skip the TS unmasking alorithm when no fragments are present on type level#12126
d10d702
Thanks @ jerelmiller! - Ensure documents unchanged by the codemod are left untouched.#12133
a6ece37
Thanks @ jerelmiller! - Ensurenull
is retained in nullable types when unmasking a type with theUnmasked
helper type.#12139
5a53e15
Thanks @ phryneas! - Fix issue that threw errors when masking partial data with@ unmask(mode: "migrate")
.Patch Changes
d933def
Thanks @ phryneas! - Data masking types: handle overlapping nested array types and fragments on interface types.Patch Changes
#12150
9ed1e1e
Thanks @ jerelmiller! - Fix issue when usingUnmasked
with older versions of TypeScript when used with array fields.#12152
78137ec
Thanks @ phryneas! - Add a helper that will skip the TS unmasking alorithm when no fragments are present on type levelPatch Changes
#12139
5a53e15
Thanks @ phryneas! - Fix issue where masked data would sometimes get returned when the field was part of a child fragment from a fragment unmasked by the parent query.#12139
5a53e15
Thanks @ phryneas! - Fix issue where the warning emitted by@ unmask(mode: "migrate")
would trigger unnecessarily when the fragment was used alongside a masked fragment inside an inline fragment.#12139
5a53e15
Thanks @ phryneas! - Fix issue that threw errors when masking partial data with@ unmask(mode: "migrate")
.Minor Changes
21c3f08
Thanks @ jerelmiller! - Allownull
as a validfrom
value inuseFragment
.Patch Changes
#12126
d10d702
Thanks @ jerelmiller! - Maintain the existing document if its unchanged by the codemod and move to more naive whitespace formatting#12134
cfaf4ef
Thanks @ jerelmiller! - Fix issue where data went missing when an unmasked fragment in migrate mode selected fields that the parent did not.#12130
1e7d009
Thanks @ jerelmiller! - Fix error thrown when applying unmask migrate mode warnings on interface types with selection sets that contain inline fragment conditions.#12126
d10d702
Thanks @ jerelmiller! - Ensure documents unchanged by the codemod are left untouched.#12133
a6ece37
Thanks @ jerelmiller! - Ensurenull
is retained in nullable types when unmasking a type with theUnmasked
helper type.Patch Changes
#12116
8ae6e4e
Thanks @ jerelmiller! - Prevent field accessor warnings when using@ unmask(mode: "migrate")
on objects that are passed intocache.identify
.#12120
6a98e76
Thanks @ jerelmiller! - Provide a codemod that applies@ unmask
to all named fragments for all operations and fragments. To use the codemod, run the following command:To customize the tag used to search for GraphQL operations, use the
--tag
option. By default the codemod looks forgql
andgraphql
tags.To apply the directive in migrate mode in order to receive runtime warnings on potentially masked fields, use the
--mode migrate
option.For more information on the options that can be used with
jscodeshift
, check out thejscodeshift
documentation.#12121
1085a95
Thanks @ jerelmiller! - Warn when using data masking with "no-cache" operations.#12114
1d4ce00
Thanks @ jerelmiller! - Fix error when combining@ unmask
and@ defer
directives on a fragment spread when data masking is enabled.Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
Summary by Sourcery
Upgrade @apollo/client from 3.3.11 to 3.12.4.
New Features:
null
as a validfrom
value inuseFragment
.Bug Fixes:
refetchQueries
where comparingDocumentNode
s internally by references could lead to an unknown query.ContainsFragmentsRefs
type.Unmasked
unwrapping tuple types into an array of their subtypes.MaybeMasked
does not try and unwrap types that contain index signatures.MaybeMasked
does not try to unwrap the type asUnmasked
if the type containsany
.