-
Notifications
You must be signed in to change notification settings - Fork 398
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(deps): update apollo graphql packages #2704
Open
renovate
wants to merge
1
commit into
master
Choose a base branch
from
renovate/apollo-graphql-packages
base: master
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
March 10, 2023 12:18
0b1e8d2
to
5e7c46c
Compare
renovate
bot
force-pushed
the
renovate/apollo-graphql-packages
branch
3 times, most recently
from
March 10, 2023 19:05
4251eb8
to
3fe8a8a
Compare
renovate
bot
changed the title
chore(deps): update dependency @apollo/subgraph to v2.3.3
chore(deps): update apollo graphql packages
Mar 10, 2023
renovate
bot
force-pushed
the
renovate/apollo-graphql-packages
branch
15 times, most recently
from
March 17, 2023 17:14
155b213
to
c868a7c
Compare
renovate
bot
force-pushed
the
renovate/apollo-graphql-packages
branch
8 times, most recently
from
March 21, 2023 16:14
b3e30ed
to
2c8cf77
Compare
renovate
bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
June 18, 2024 19:00
03475e2
to
66fe20b
Compare
renovate
bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
July 2, 2024 07:54
d921923
to
76138d1
Compare
renovate
bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
July 13, 2024 01:54
76138d1
to
6b2e33f
Compare
renovate
bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
July 25, 2024 23:26
839c0e0
to
cfe33fd
Compare
renovate
bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
August 8, 2024 17:49
cfe33fd
to
b478cec
Compare
renovate
bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
August 27, 2024 18:16
8d2ceb1
to
5698bd3
Compare
renovate
bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
September 18, 2024 00:53
5698bd3
to
d061cfe
Compare
renovate
bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
September 27, 2024 07:11
d061cfe
to
67f3b56
Compare
renovate
bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
October 6, 2024 18:07
67f3b56
to
cb466c4
Compare
renovate
bot
force-pushed
the
renovate/apollo-graphql-packages
branch
6 times, most recently
from
October 23, 2024 08:48
7bc473c
to
bd30383
Compare
renovate
bot
force-pushed
the
renovate/apollo-graphql-packages
branch
3 times, most recently
from
November 5, 2024 13:38
bedab39
to
88c0278
Compare
renovate
bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
November 12, 2024 16:43
88c0278
to
14b87df
Compare
renovate
bot
force-pushed
the
renovate/apollo-graphql-packages
branch
3 times, most recently
from
November 27, 2024 14:21
89759c1
to
eddd355
Compare
renovate
bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
December 3, 2024 12:17
2f42034
to
7ce025b
Compare
renovate
bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
December 9, 2024 12:50
7ce025b
to
08d827b
Compare
renovate
bot
changed the title
chore(deps): update apollo graphql packages
fix(deps): update apollo graphql packages
Dec 10, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.8.5
->2.9.3
4.9.3
->4.11.2
4.0.0
->4.0.1
4.1.0
->4.1.3
2.2.3
->2.9.3
Release Notes
apollographql/federation (@apollo/gateway)
v2.9.3
Compare Source
Patch Changes
345661c558773e4eb5d5f0b28464a8d1acdc2a2d
,7fe1465cf35c2efe37ac5c73fac2b7ea04173318
,cc4573471696ef78d04fa00c4cf8e5c50314ba9f
,062572b3253e8640b60a0bf58b83945094b76b6f
,df5eb3cb0e2b4802fcd425ab9c23714de2707db3
,1c99cb0dcc6c639ac351210932623ab0bd6907e4
]:v2.9.2
Compare Source
Patch Changes
2192f355f50db33fe0807d16153f357696b9f190
,e1e2605b30efc488b57f62ba43436606a38a3607
,5ac01b534318105e904c1e6598070f753add3bb1
]:v2.9.1
Compare Source
Patch Changes
Fix bugs in composition when merging nulls in directive applications and when handling renames. (#3134)
Updated dependencies [
b8e4ab5352a4dfd262af49493fdd42e86e5e3d99
,e6c05b6c96023aa3dec79889431f8217fcb3806d
]:v2.9.0
Compare Source
Patch Changes
Avoid type explosion for inline fragments where the type condition is an interface that implements the parent type. (#3122)
Reduce memory overhead during satisfiability checking when there are many options. (#3109)
Updated dependencies [
02c2a34a62c3717a4885449172e404f19ebf66c9
,0ccfd937d4b4a576f890665ceebbd7986fac5d0c
,e0a5075c0d12a0e2f7ef303b246e3216a139d3e0
]:apollographql/apollo-server (@apollo/server)
v4.11.2
Compare Source
(No change; there is a change to the
@apollo/server-integration-testsuite
used to test integrations, and the two packages always have matching versions.)v4.11.1
Compare Source
Patch Changes
#7952
bb81b2c
Thanks @glasser! - Upgrade dependencies so that automated scans don't detect a vulnerability.@apollo/server
depends onexpress
which depends oncookie
. Versions ofexpress
older than v4.21.1 depend on a version ofcookie
vulnerable to CVE-2024-47764. Users of olderexpress
versions who callres.cookie()
orres.clearCookie()
may be vulnerable to this issue.However, Apollo Server does not call this function directly, and it does not expose any object to user code that allows TypeScript users to call this function without an unsafe cast.
The only way that this direct dependency can cause a vulnerability for users of Apollo Server is if you call
startStandaloneServer
with a context function that calls Express-specific methods such asres.cookie()
orres.clearCookies()
on the response object, which is a violation of the TypeScript types provided bystartStandaloneServer
(which only promise that the response object is a core Node.jshttp.ServerResponse
rather than the Express-specific subclass). So this vulnerability can only affect Apollo Server users who use unsafe JavaScript or unsafeas
typecasts in TypeScript.However, this upgrade will at least prevent vulnerability scanners from alerting you to this dependency, and we encourage all Express users to upgrade their project's own
express
dependency to v4.21.1 or newer.v4.11.0
Compare Source
Minor Changes
#7916
4686454
Thanks @andrewmcgivery! - AddhideSchemaDetailsFromClientErrors
option to ApolloServer to allow hiding 'did you mean' suggestions from validation errors.Even with introspection disabled, it is possible to "fuzzy test" a graph manually or with automated tools to try to determine the shape of your schema. This is accomplished by taking advantage of the default behavior where a misspelt field in an operation
will be met with a validation error that includes a helpful "did you mean" as part of the error text.
For example, with this option set to
true
, an error would readCannot query field "help" on type "Query".
whereas with this option set tofalse
it would readCannot query field "help" on type "Query". Did you mean "hello"?
.We recommend enabling this option in production to avoid leaking information about your schema to malicious actors.
To enable, set this option to
true
in yourApolloServer
options:v4.10.5
Compare Source
Patch Changes
#7821
b2e15e7
Thanks @renovate! - Non-major dependency updates#7900
86d7111
Thanks @trevor-scheer! - Inline a small dependency that was causing build issues for ESM projectsv4.10.4
Compare Source
Patch Changes
18a3827
Thanks @tninesling! - Subscription heartbeats are initialized prior to awaiting subscribe(). This allows long-running setup to happen in the returned Promise without the subscription being terminated prior to resolution.v4.10.3
Compare Source
Patch Changes
5f335a5
Thanks @tninesling! - Catch errors thrown by subscription generators, and gracefully clean up the subscription instead of crashing.v4.10.2
Compare Source
Patch Changes
c7e514c
Thanks @TylerBloom! - In the subscription callback server plugin, terminating a subscription now immediately closes the internal async generator. This avoids that generator existing after termination and until the next message is received.v4.10.1
Compare Source
Patch Changes
72f568e
Thanks @bscherlein! - Improves timing of thewillResolveField
end hook on fields which return Promises resolving to Arrays. This makes the use of thesetCacheHint
method more reliable.v4.10.0
Compare Source
Minor Changes
#7786
869ec98
Thanks @ganemone! - Restore missing v1skipValidation
option asdangerouslyDisableValidation
. Note that enabling this option exposes your server to potential security and unexpected runtime issues. Apollo will not support issues that arise as a result of using this option.#7803
e9a0d6e
Thanks @favna! - allowstringifyResult
to return aPromise<string>
Users who implemented the
stringifyResult
hook can now expect error responses to be formatted with the hook as well. Please take care when updating to this version to ensure this is the desired behavior, or implement the desired behavior accordingly in yourstringifyResult
hook. This was considered a non-breaking change as we consider that it was an oversight in the original PR that introducedstringifyResult
hook.Patch Changes
#7793
9bd7748
Thanks @bnjjj! - General availability of subscription callback protocol#7799
63dc50f
Thanks @stijnbe! - Fix type of ApolloServerPluginUsageReporting reportTimer#7740
fe68c1b
Thanks @barnisanov! - Uninstalledbody-parser
and usedexpress
built-inbody-parser
functionality instead(mainly the json middleware)v4.9.5
Compare Source
Patch Changes
#7741
07585fe39
Thanks @mayakoneval! - Pin major releases of embeddable Explorer & Sandbox code.#7769
4fac1628c
Thanks @cwikla! - Change SchemaReporter.pollTimer from being a NodeJS.Timer to a NodeJS.Timeoutv4.9.4
Compare Source
Patch Changes
#7747
ddce036e1
Thanks @trevor-scheer! - The minimum version ofgraphql
officially supported by Apollo Server 4 as a peer dependency, v16.6.0, contains a serious bug that can crash your Node server. This bug is fixed in the immediate next version,graphql@16.7.0
, and we strongly encourage you to upgrade your installation ofgraphql
to at least v16.7.0 to avoid this bug. (For backwards compatibility reasons, we cannot change Apollo Server 4's minimum peer dependency, but will change it when we release Apollo Server 5.)Apollo Server 4 contained a particular line of code that makes triggering this crashing bug much more likely. This line was already removed in Apollo Server v3.8.2 (see #6398) but the fix was accidentally not included in Apollo Server 4. We are now including this change in Apollo Server 4, which will reduce the likelihood of hitting this crashing bug for users of
graphql
v16.6.0. That said, taking this@apollo/server
upgrade does not prevent this bug from being triggered in other ways, and the real fix to this crashing bug is to upgradegraphql
.apollographql/apollo-server (@apollo/server-plugin-landing-page-graphql-playground)
v4.0.1
Compare Source
Patch Changes
f4c3cd9b6
Thanks @trevor-scheer! - Officially deprecate Playground plugin via README updateapollographql/apollo-server (@apollo/server-plugin-response-cache)
v4.1.3
Compare Source
Patch Changes
#7614
4fadf3ddc
Thanks @Cellule! - Publish TypeScript typings for CommonJS modules output.This allows TypeScript projects that use CommonJS modules with
moduleResolution: "node16"
ormoduleResolution: "nodeNext"
to correctly resolves the typings of apollo's packages as CommonJS instead of ESM.
v4.1.2
Compare Source
Patch Changes
f6e3ae021
Thanks @trevor-scheer! - Start building packages with TS 5.x, which should have no effect for usersv4.1.1
Compare Source
Patch Changes
4668f4594
Thanks @Igloczek! - Export types from response cache pluginapollographql/federation (@apollo/subgraph)
v2.9.3
Compare Source
Patch Changes
cc4573471696ef78d04fa00c4cf8e5c50314ba9f
,062572b3253e8640b60a0bf58b83945094b76b6f
,df5eb3cb0e2b4802fcd425ab9c23714de2707db3
,1c99cb0dcc6c639ac351210932623ab0bd6907e4
]:v2.9.2
Compare Source
Patch Changes
2192f355f50db33fe0807d16153f357696b9f190
,5ac01b534318105e904c1e6598070f753add3bb1
]:v2.9.1
Compare Source
Patch Changes
b8e4ab5352a4dfd262af49493fdd42e86e5e3d99
,e6c05b6c96023aa3dec79889431f8217fcb3806d
]:v2.9.0
Compare Source
Patch Changes
02c2a34a62c3717a4885449172e404f19ebf66c9
,0ccfd937d4b4a576f890665ceebbd7986fac5d0c
,e0a5075c0d12a0e2f7ef303b246e3216a139d3e0
]:v2.8.5
Compare Source
Patch Changes
v2.8.4
Compare Source
Patch Changes
Add descriptions for federation directives (#3095)
Updated dependencies [
5f4bb160d024678d6facd471c43c8ec61c86e701
,672aca7cbeb0a6a38586357a4e154f2dd91caa0c
]:v2.8.3
Compare Source
Patch Changes
50d648ccffb05591878de75dc5522914ed48698f
,f753d55e9a49d11389ee4f8d7976533447e95ede
,3af790517d662f3bec9064c0bf243014c579e9cd
]:v2.8.2
Compare Source
Patch Changes
b2e5ab66f84688ec304cfcf2c6f749c86aded549
]:v2.8.1
Compare Source
Patch Changes
v2.8.0
Compare Source
Patch Changes
Various set context bugfixes (#3017)
Updated dependencies [
c4744da360235d8bb8270ea048f0e0fa5d03be1e
,8a936d741a0c05835ff2533714cf330d18209179
]:v2.7.8
Compare Source
Patch Changes
Triggering a clean 2.7.8 release now that harmonizer build has been fixed. (#3010)
Updated dependencies [
2ad72802044310a528e8944f4538efe519424504
]:v2.7.7
Compare Source
Patch Changes
No logical changes since 2.7.5 or 2.7.6, but we fixed a bug in the release process, so we need to publish a new patch version (2.7.7). (#2999)
Updated dependencies [
bee0b0828b4fb6a1d3172ac330560e2ab6c046bb
]:v2.7.6
Compare Source
Patch Changes
v2.7.5
Compare Source
Patch Changes
v2.7.4
Compare Source
Patch Changes
d80b7f0ca1456567a0866a32d2b2abf940598f77
]:v2.7.3
Compare Source
Patch Changes
ec04c50b4fb832bfd281ecf9c0c2dd7656431b96
,a494631918156f0431ceace74281c076cf1d5d51
]:v2.7.2
Compare Source
Patch Changes
33b937b18d3c7ca6af14b904696b536399e597d1
,09cd3e55e810ee513127b7440f5b11af7540c9b0
,d7189a86c27891af408d3d0184db6133d3342967
]:v2.7.1
Compare Source
Patch Changes
493f5acd16ad92adf99c963659cd40dc5eac1219
]:v2.7.0
Compare Source
Minor Changes
Implement progressive
@override
functionality (#2911)The progressive
@override
feature brings a new argument to the@override
directive:label: String
. When a label is added to an@override
application, the override becomes conditional, depending on parameters provided to the query planner (a set of which labels should be overridden). Note that this feature will be supported in router for enterprise users only.Out-of-the-box, the router will support a percentage-based use case for progressive
@override
. For example:The above example will override the root
hello
field from the "original" subgraph 5% of the time.More complex use cases will be supported by the router via the use of coprocessors/rhai to resolve arbitrary labels to true/false values (i.e. via a feature flag service).
Patch Changes
6ae42942b13dccd246ccc994faa2cb36cd62cb3c
,66833fb8d04c9376f6ed476fed6b1ca237f477b7
,931f87c6766c7439936df706727cbdc0cd6bcfd8
]:v2.6.3
Compare Source
Patch Changes
v2.6.2
Compare Source
Patch Changes
7b5b836d15247c997712a47847f603aa5887312e
,74ca7dd617927a20d79b824851f7651ef3c40a4e
]:v2.6.1
Compare Source
Patch Changes
0d5ab01a
]:v2.6.0
Compare Source
Patch Changes
b18841be
,e325b499
]:v2.5.7
Compare Source
Patch Changes
v2.5.6
Compare Source
Patch Changes
c719214a
]:v2.5.5
Compare Source
Patch Changes
Fix specific case for requesting __typename on interface entity type (#2775)
In certain cases, when resolving a __typename on an interface entity (due to it actual being requested in the operation), that fetch group could previously be trimmed / treated as useless. At a glance, it appears to be a redundant step, i.e.:
It's actually necessary to preserve this in the case that we're coming from an interface object to an (entity) interface so that we can resolve the concrete __typename correctly.
Updated dependencies []:
v2.5.4
Compare Source
Patch Changes
v2.5.3
Compare Source
Patch Changes
4b9a512b
,c6e0e76d
,1add932c
]:v2.5.2
Compare Source
Patch Changes
35179f08
]:v2.5.1
Compare Source
Patch Changes
b9052fdd
]:v2.5.0
Compare Source
Minor Changes
Introduce the new
@authenticated
directive for composition (#2644)Users may now compose
@authenticated
applications from their subgraphs into a supergraph. This addition will support a future version of Apollo Router that enables authenticated access to specific types and fields via directive applications.The directive is defined as follows:
In order to compose your
@authenticated
usages, you must update your subgraph's federation spec version to v2.5 and add the@authenticated
import to your existing imports like so:@​link(url: "https://specs.apollo.dev/federation/v2.5", import: [..., "@​authenticated"])
Patch Changes
fe1e3d7b
,6b18af50
,9396c0d6
,2b5796a9
,4f3c3b9e
]:v2.4.13
Compare Source
Patch Changes
v2.4.12
Compare Source
Patch Changes
693c2433
]:v2.4.11
Compare Source
Patch Changes
a740e071
]:v2.4.10
Compare Source
Patch Changes
b6be9f96
]:v2.4.9
Compare Source
Patch Changes
7ac83456
,d60349b3
,1bb7c512
,02eab3ac
,fd4545c2
]:v2.4.8
Compare Source
Patch Changes
62e0d254
,7f1ef73e
]:v2.4.7
Compare Source
Patch Changes
2d44f346
]:v2.4.6
Compare Source
Patch Changes
5cd17e69
,e136ad87
]:v2.4.5
Compare Source
Patch Changes
Supersedes v2.4.4 due to a publishing error with no dist/ folder (#2583)
Updated dependencies [
c96e24c4
]:v2.4.4
Compare Source
Patch Changes
v2.4.3
Compare Source
Patch Changes
Resolve
Promise
references before calling__resolveType
on interface (#2556)Since the introduction of entity interfaces, users could not return
a
Promise
from__resolveReference
while implementing a synchronous,custom
__resolveType
function. This change fixes/permits this use case.Additional background / implementation details:
Returning a
Promise
from__resolveReference
has historically neverbeen an issue. However, with the introduction of entity interfaces, the
calling of an interface's
__resolveType
function became a new concern.__resolveType
functions expect a reference (and shouldn't be concernedwith whether those references are wrapped in a
Promise
). In order toaddress this, we can
await
the reference before calling the__resolveType
(this handles both the non-Promise
andPromise
case).Updated dependencies [
f6a8c1ce
]:v2.4.2
Compare Source
Patch Changes
2c370508
,179b4602
]:v2.4.1
Compare Source
Patch Changes
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.