fix(deps): update all major dependencies (major)

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@apollo/server (source)	4.10.0 -> 5.0.0			dependencies	major
@as-integrations/fastify (source)	2.1.1 -> 3.1.0			dependencies	major
@fastify/static	6.12.0 -> 8.3.0			dependencies	major
@jest/globals (source)	29.7.0 -> 30.2.0			devDependencies	major
@jest/types (source)	29.6.3 -> 30.2.0			devDependencies	major
@mikro-orm/cli (source)	5.9.8 -> 6.5.8			devDependencies	major
@mikro-orm/core (source)	5.9.8 -> 6.5.8			dependencies	major
@mikro-orm/migrations (source)	5.9.8 -> 6.5.8			dependencies	major
@mikro-orm/nestjs	5.2.3 -> 6.1.1			dependencies	major
@mikro-orm/postgresql (source)	5.9.8 -> 6.5.8			dependencies	major
@nestjs/apollo	12.1.0 -> 13.2.1			dependencies	major
@nestjs/common (source)	10.3.3 -> 11.1.6			dependencies	major
@nestjs/core (source)	10.3.3 -> 11.1.6			dependencies	major
@nestjs/cqrs	10.2.7 -> 11.0.3			dependencies	major
@nestjs/graphql	12.1.1 -> 13.2.0			dependencies	major
@nestjs/microservices (source)	10.3.3 -> 11.1.6			dependencies	major
@nestjs/platform-fastify (source)	10.3.3 -> 11.1.6			dependencies	major
@nestjs/swagger	7.3.0 -> 11.2.1			dependencies	major
@types/node (source)	20.11.24 -> 22.18.11			devDependencies	major
@typescript-eslint/eslint-plugin (source)	6.21.0 -> 8.46.1			devDependencies	major
@typescript-eslint/parser (source)	6.21.0 -> 8.46.1			devDependencies	major
actions/checkout	v4 -> v5			action	major
actions/setup-node	v4 -> v6			action	major
codecov/codecov-action	v3 -> v5			action	major
docker/build-push-action	v5 -> v6			action	major
dotenv	16.4.5 -> 17.2.3			dependencies	major
eslint (source)	8.57.0 -> 9.38.0			devDependencies	major
eslint-import-resolver-typescript	3.6.1 -> 4.4.4			devDependencies	major
eslint-plugin-jest	27.9.0 -> 29.0.1			devDependencies	major
husky	8.0.3 -> 9.1.7			devDependencies	major
jest (source)	29.7.0 -> 30.2.0			devDependencies	major
lint-staged	15.2.2 -> 16.2.4			devDependencies	major
pnpm/action-setup	v2.4.0 -> v4.2.0			action	major
rimraf	5.0.5 -> 6.0.1			devDependencies	major
turbo (source)	1.12.4 -> 2.5.8			devDependencies	major

---

Release Notes

apollographql/apollo-server (@​apollo/server)

v5.0.0

Compare Source

BREAKING CHANGES

Apollo Server v5 has very few breaking API changes. It is a small upgrade focused largely on adjusting which versions of Node.js and Express are supported.

Read our migration guide for more details on how to update your app.

• Dropped support for Node.js v14, v16, and v18, which are no longer under long-term support from the Node.js Foundation. Apollo Server 5 supports Node.js v20 and later; v24 is recommended. Ensure you are on a non-EOL version of Node.js before upgrading Apollo Server.
• Dropped support for versions of the graphql library older than v16.11.0. (Apollo Server 4 supports graphql v16.6.0 or later.) Upgrade graphql before upgrading Apollo Server.
• Express integration requires a separate package. In Apollo Server 4, you could import the Express 4 middleware from @apollo/server/express4, or you could import it from the separate package @as-integrations/express4. In Apollo Server 5, you must import it from the separate package. You can migrate your server to the new package before upgrading to Apollo Server 5. (You can also use @as-integrations/express5 for a middleware that works with Express 5.)
• Usage Reporting, Schema Reporting, and Subscription Callback plugins now use the Node.js built-in fetch implementation for HTTP requests by default, instead of the node-fetch npm package. If your server uses an HTTP proxy to make HTTP requests, you need to configure it in a slightly different way. See the migration guide for details.
• The server started with startStandaloneServer no longer uses Express. This is mostly invisible, but it does set slightly fewer headers. If you rely on the fact that this server is based on Express, you should explicitly use the Express middleware.
• The experimental support for incremental delivery directives @defer and @stream (which requires using a pre-release version of graphql v17) now explicitly only works with version 17.0.0-alpha.2 of graphql. Note that this supports the same incremental delivery protocol implemented by Apollo Server 4, which is not the same protocol in the latest alpha version of graphql. As this support is experimental, we may switch over from "only alpha.2 is supported" to "only a newer alpha or final release is supported, with a different protocol" during the lifetime of Apollo Server 5.
• Apollo Server is now compiled by the TypeScript compiler targeting the ES2023 standard rather than the ES2020 standard.
• Apollo Server 5 responds to requests with variable coercion errors (eg, if a number is passed in the variables map for a variable declared in the operation as a String) with a 400 status code, indicating a client error. This is also the behavior of Apollo Server 3. Apollo Server 4 mistakenly responds to these requests with a 200 status code by default; we recommended the use of the status400ForVariableCoercionErrors: true option to restore the intended behavior. That option now defaults to true.
• The unsafe precomputedNonce option to landing page plugins (which was only non-deprecated for 8 days) has been removed.

Patch Changes

There are a few other small changes in v5:

• #​8076 5b26558 Thanks @​valters! - Fix some error logs to properly call logger.error or logger.warn with this set. This fixes errors or crashes from logger implementations that expect this to be set properly in their methods.

• #​7515 100233a Thanks @​trevor-scheer! - ApolloServerPluginSubscriptionCallback now takes a fetcher argument, like the usage and schema reporting plugins. The default value is Node's built-in fetch.

• Updated dependencies [100233a]:

  • @​apollo/server-gateway-interface@​2.0.0

v4.12.2

Compare Source

(No change; there is a change to the @apollo/server-integration-testsuite used to test integrations, and the two packages always have matching versions.)

v4.12.1

Compare Source

Patch Changes

• #​8064 41f98d4 Thanks @​glasser! - Update README.md to recommend Express v5 integration now that Express v5 is released.

v4.12.0

Compare Source

Minor Changes

• #​8054 89e3f84 Thanks @​clenfest! - Adds a new graphql-js validation rule to reject operations that recursively request selections above a specified maximum, which is disabled by default. Use configuration option maxRecursiveSelections=true to enable with a maximum of 10,000,000, or maxRecursiveSelections=<number> for a custom maximum. Enabling this validation can help avoid performance issues with configured validation rules or plugins.

Patch Changes

• #​8031 2550d9f Thanks @​slagiewka! - Add return after sending 400 response in doubly escaped JSON parser middleware

v4.11.3

Compare Source

Patch Changes

• #​8010 f4228e8 Thanks @​glasser! - Compatibility with Next.js Turbopack. Fixes #​8004.

v4.11.2

Compare Source

(No change; there is a change to the @apollo/server-integration-testsuite used to test integrations, and the two packages always have matching versions.)

v4.11.1

Compare Source

Patch Changes

• #​7952 bb81b2c Thanks @​glasser! - Upgrade dependencies so that automated scans don't detect a vulnerability.

  @apollo/server depends on express which depends on cookie. Versions of express older than v4.21.1 depend on a version of cookie vulnerable to CVE-2024-47764. Users of older express versions who call res.cookie() or res.clearCookie() may be vulnerable to this issue.

  However, Apollo Server does not call this function directly, and it does not expose any object to user code that allows TypeScript users to call this function without an unsafe cast.

  The only way that this direct dependency can cause a vulnerability for users of Apollo Server is if you call startStandaloneServer with a context function that calls Express-specific methods such as res.cookie() or res.clearCookies() on the response object, which is a violation of the TypeScript types provided by startStandaloneServer (which only promise that the response object is a core Node.js http.ServerResponse rather than the Express-specific subclass). So this vulnerability can only affect Apollo Server users who use unsafe JavaScript or unsafe as typecasts in TypeScript.

  However, this upgrade will at least prevent vulnerability scanners from alerting you to this dependency, and we encourage all Express users to upgrade their project's own express dependency to v4.21.1 or newer.

v4.11.0

Compare Source

Minor Changes

• #​7916 4686454 Thanks @​andrewmcgivery! - Add hideSchemaDetailsFromClientErrors option to ApolloServer to allow hiding 'did you mean' suggestions from validation errors.

  Even with introspection disabled, it is possible to "fuzzy test" a graph manually or with automated tools to try to determine the shape of your schema. This is accomplished by taking advantage of the default behavior where a misspelt field in an operation
  will be met with a validation error that includes a helpful "did you mean" as part of the error text.

  For example, with this option set to true, an error would read Cannot query field "help" on type "Query". whereas with this option set to false it would read Cannot query field "help" on type "Query". Did you mean "hello"?.

  We recommend enabling this option in production to avoid leaking information about your schema to malicious actors.

  To enable, set this option to true in your ApolloServer options:

  const server = new ApolloServer({
    typeDefs,
    resolvers,
    hideSchemaDetailsFromClientErrors: true,
  });

v4.10.5

Compare Source

Patch Changes

• #​7821 b2e15e7 Thanks @​renovate! - Non-major dependency updates

• #​7900 86d7111 Thanks @​trevor-scheer! - Inline a small dependency that was causing build issues for ESM projects

v4.10.4

Compare Source

Patch Changes

• #​7871 18a3827 Thanks @​tninesling! - Subscription heartbeats are initialized prior to awaiting subscribe(). This allows long-running setup to happen in the returned Promise without the subscription being terminated prior to resolution.

v4.10.3

Compare Source

Patch Changes

• #​7866 5f335a5 Thanks @​tninesling! - Catch errors thrown by subscription generators, and gracefully clean up the subscription instead of crashing.

v4.10.2

Compare Source

Patch Changes

• #​7849 c7e514c Thanks @​TylerBloom! - In the subscription callback server plugin, terminating a subscription now immediately closes the internal async generator. This avoids that generator existing after termination and until the next message is received.

v4.10.1

Compare Source

Patch Changes

• #​7843 72f568e Thanks @​bscherlein! - Improves timing of the willResolveField end hook on fields which return Promises resolving to Arrays. This makes the use of the setCacheHint method more reliable.

apollo-server-integrations/apollo-server-integration-fastify (@​as-integrations/fastify)

v3.1.0

Compare Source

Changes

• Add Apollo Server v5 to peerDeps (#​310, @​lotmek)

v3.0.0

Compare Source

-- BREAKING: Requires Node >= 20
-- BREAKING: Requires Typescript >= 5.4
-- FEATURE: Update to support fastify v5 #​302

fastify/fastify-static (@​fastify/static)

v8.3.0

Compare Source

What's Changed

• docs: use cross-platform compatible info emoji by @​Fdawgs in #​522
• docs: fix typo by @​9w in #​523
• chore(license): update date ranges; standardise style by @​Fdawgs in #​525
• chore: remove reference to simple-get by @​ilteoood in #​528
• build(deps-dev): bump @​types/node from 22.15.34 to 24.0.8 by @​dependabot[bot] in #​527
• test(types): add missing anchors by @​Fdawgs in #​529
• docs(readme): correct compatibility table by @​Fdawgs in #​531
• refactor: remove usage of deprecated request.routeConfig by @​inyourtime in #​530
• build(deps-dev): bump tsd from 0.32.0 to 0.33.0 by @​dependabot[bot] in #​532
• chore(.npmrc): ignore scripts by @​Fdawgs in #​533
• build(deps-dev): remove @​fastify/pre-commit by @​Fdawgs in #​534
• chore(index): add jsdoc comments for static code analysis by @​Fdawgs in #​535
• chore: Replace substr with slice for URL manipulation by @​Uzlopak in #​538
• refactor: small improvements by @​ilteoood in #​539
• fix: if serve: false and root is not defined, only allow sending files with absolute path by @​Uzlopak in #​540
• ci(ci): add concurrency config by @​Fdawgs in #​541

New Contributors

• @​9w made their first contribution in #​523
• @​inyourtime made their first contribution in #​530

Full Changelog: fastify/fastify-static@v8.2.0...v8.3.0

v8.2.0

Compare Source

What's Changed

• build(deps): bump @​fastify/send from 3.3.1 to 4.0.0 by @​dependabot[bot] in #​513
• Add example of sane cache-control settings when hosting a vite SPA by @​codyzu in #​512
• ci(ci): set job permissions by @​Fdawgs in #​514
• docs(readme): fix typo by @​codyzu in #​515
• Fix dirlist by @​jessekrubin in #​511
• docs(readme): update plugin version syntax by @​Fdawgs in #​516
• ci: set permissions at workflow level by @​Fdawgs in #​517
• ci: restore job level permissions by @​Fdawgs in #​518
• build(deps-dev): bump borp from 0.19.0 to 0.20.0 by @​dependabot[bot] in #​519
• build(deps-dev): bump tsd from 0.31.2 to 0.32.0 by @​dependabot[bot] in #​520
• Add globIgnore option by @​mcollina in #​521

New Contributors

• @​codyzu made their first contribution in #​512
• @​jessekrubin made their first contribution in #​511

Full Changelog: fastify/fastify-static@v8.1.1...v8.2.0

v8.1.1

Compare Source

What's Changed

• chore: rename master to main by @​Fdawgs in #​507
• fix: redirect to path with trailing slash even for preCompressed by @​genki in #​509

New Contributors

• @​genki made their first contribution in #​509

Full Changelog: fastify/fastify-static@v8.1.0...v8.1.1

v8.1.0

Compare Source

What's Changed

• build(dependabot): reduce npm updates to monthly by @​Fdawgs in #​504
• refactor: throw typeerror if type check fails by @​Fdawgs in #​505
• docs(readme): conciseness improvements by @​Fdawgs in #​506
• feat: add logLevel option by @​Jacopo47 in #​502

New Contributors

• @​Jacopo47 made their first contribution in #​502

Full Changelog: fastify/fastify-static@v8.0.4...v8.1.0

v8.0.4

Compare Source

What's Changed

• docs(readme): update ci badge syntax by @​Fdawgs in #​486
• fix: updated readme by @​Ankush1oo8 in #​487
• docs(readme): standardize compat table by @​Fdawgs in #​488
• build(deps-dev): finish standard to neostandard migration by @​Fdawgs in #​489
• types: use node: prefix for builtins by @​Fdawgs in #​490
• build(deps-dev): bump neostandard from 0.11.9 to 0.12.0 by @​dependabot in #​491
• build(deps-dev): add eslint, peer dep of neostandard by @​Fdawgs in #​492
• chore(package): add contribs and funding by @​Fdawgs in #​493
• docs(readme): replace link to send by @​Fdawgs in #​496
• Migration to node test runner by @​ilteoood in #​495
• docs(readme): spelling and grammar fixes by @​Fdawgs in #​498
• test: prefix unused params with underscores by @​Fdawgs in #​500
• refactor(index): throw typeerror if checking type by @​Fdawgs in #​499
• perf(index): use optional chaining by @​Fdawgs in #​501

New Contributors

• @​Ankush1oo8 made their first contribution in #​487
• @​ilteoood made their first contribution in #​495

Full Changelog: fastify/fastify-static@v8.0.3...v8.0.4

v8.0.3

Compare Source

What's Changed

• style: remove trailing whitespace by @​Fdawgs in #​478
• Fix types test for Fastify v5.1.0 by @​mcollina in #​479
• Explicit warning about setting cacheControl to false for custom Cache… by @​jablonski in #​481
• docs(readme): update send links by @​Fdawgs in #​482
• refactor: use lowercase for charset by @​Fdawgs in #​483
• fix: add contentType send option by @​Fdawgs in #​484

New Contributors

• @​jablonski made their first contribution in #​481

Full Changelog: fastify/fastify-static@v8.0.2...v8.0.3

v8.0.2

Compare Source

What's Changed

• fix: respect custom status code when successfully send file by @​climba03003 in #​476

Full Changelog: fastify/fastify-static@v8.0.1...v8.0.2

v8.0.1

Compare Source

What's Changed

• chore: update fastify to ^5.0.0 by @​Fdawgs in #​473

Full Changelog: fastify/fastify-static@v8.0.0...v8.0.1

v8.0.0

Compare Source

What's Changed

• build(deps-dev): bump pino from 8.21.0 to 9.1.0 by @​dependabot in #​453
• Merge next into master by @​jsumners in #​454
• build(deps): bump glob from 10.4.5 to 11.0.0 by @​dependabot in #​456
• build(deps-dev): bump @​types/node from 20.14.13 to 22.0.0 by @​dependabot in #​457
• chore: remove coveralls as dev dependency by @​Uzlopak in #​463
• chore: migrate to neostandard by @​Uzlopak in #​462
• chore: remove handlebars by @​Uzlopak in #​464

Full Changelog: fastify/fastify-static@v7.0.4...v8.0.0

v7.0.4

Compare Source

What's Changed

• Fix for files with % in filename by @​chetbox in #​452

New Contributors

• @​chetbox made their first contribution in #​452

Full Changelog: fastify/fastify-static@v7.0.3...v7.0.4

v7.0.3

Compare Source

What's Changed

• build(deps-dev): bump tsd from 0.30.7 to 0.31.0 by @​dependabot in #​446
• fix: wildcard head return content-length header by @​climba03003 in #​448

Full Changelog: fastify/fastify-static@v7.0.2...v7.0.3

v7.0.2

Compare Source

What's Changed

• chore(.gitignore): add .tap/ dir by @​Fdawgs in #​437
• build(deps-dev): bump @​typescript-eslint/parser from 6.21.0 to 7.1.0 by @​dependabot in #​442
• Retain path when using fallback precompressed path by @​colatkinson in #​445

New Contributors

• @​colatkinson made their first contribution in #​445

Full Changelog: fastify/fastify-static@v7.0.1...v7.0.2

v7.0.1

Compare Source

What's Changed

• build(deps-dev): bump @​fastify/compress from 6.5.0 to 7.0.0 by @​dependabot in #​433
• Optimize dirList by @​gurgunday in #​435
• fix: file not found errors when the root has a trailing slash by @​gurgunday in #​436

Full Changelog: fastify/fastify-static@v7.0.0...v7.0.1

v7.0.0

Compare Source

What's Changed

• build(deps-dev): bump tsd from 0.29.0 to 0.30.0 by @​dependabot in #​424
• docs(readme): replace fastify.io links with fastify.dev by @​Fdawgs in #​425
• docs(readme): replace fastify.io links with fastify.dev by @​Fdawgs in #​426
• chore(package): fix repository url by @​Fdawgs in #​429
• chore: improve types for setHeaders option by @​EvanHahn in #​428
• Upgrade glob to v10 by @​gurgunday in #​406

New Contributors

• @​EvanHahn made their first contribution in #​428

Full Changelog: fastify/fastify-static@v6.12.0...v7.0.0

jestjs/jest (@​jest/globals)

v30.2.0

Compare Source

Chore & Maintenance

• [*] Update example repo for testing React Native projects (#​15832)
• [*] Update jest-watch-typeahead to v3 (#​15830)

v30.1.2

Compare Source

Fixes

• [jest-snapshot-utils] Correct snapshot header regexp to work with newline across OSes (#​15803)

v30.1.1

Compare Source

Fixes

• [jest-snapshot-utils] Fix deprecated goo.gl snapshot warning not handling Windows end-of-line sequences (#​15800)
• [jest-snapshot-utils] Improve messaging about goo.gl snapshot link change (#​15821)

[v30.1.0](https://redirect.github.com/jestjs/jest/bl

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.