fix(with-apollo-and-redux): resolve install failure and handle upstream API errors#91457
fix(with-apollo-and-redux): resolve install failure and handle upstream API errors#91457ZaforAbdullah wants to merge 5 commits intovercel:canaryfrom
Conversation
|
Allow CI Workflow Run
Note: this should only be enabled once the PR is ready to go and can only be enabled by a maintainer |
| await apolloClient.query({ | ||
| query: ALL_POSTS_QUERY, | ||
| variables: allPostsQueryVars, | ||
| }); |
There was a problem hiding this comment.
Here you'd want to error at build time, not hide the error or hope to catch it during rendering. You might end up shipping bad UI
There was a problem hiding this comment.
It call https://nextjs-graphql-with-prisma-simple-foo.vercel.app/api endpoint which is empty, hence the example project can't be build at all.
There was a problem hiding this comment.
Mm but that's another issue then, that project should serve data... I don't have time to look into at the moment - but I'll try later
There was a problem hiding this comment.
https://nextjs-graphql-with-prisma-simple-foo.vercel.app/api
I found the origin of the url project: https://github.com/prisma-labs/nextjs-graphql-api-examples
There was a problem hiding this comment.
Yes. I asked them about it, they'll look into it. 🙏
| "deepmerge": "^4.2.2", | ||
| "graphql": "14.5.8", | ||
| "lodash": "4.17.20", | ||
| "graphql": "^16.13.1", |
There was a problem hiding this comment.
pin these, aka remove ^ - arguably the other deps should also be like but we lost control, let's not diverge with these
There was a problem hiding this comment.
graphql is now pinned to 16.13.1 with no ^
|
Hi @icyJoseph |
3 participants
For Contributors
Fixing a bug
examples/change onlyWhat?
Three fixes to the
with-apollo-and-reduxexample:package.json— bumpgraphqlfrom14.5.8to16.13.1@apollo/client@^3requiresgraphql@^15 || ^16; the old pin causesnpm installto fail withERESOLVE.package.json— bumplodashfrom^4.17.21to^4.17.23Fixes three high-severity CVEs (Command Injection, ReDoS, Prototype Pollution) in the version used by
lib/apollo.jsfor Apollo cache deduplication.pages/index.js,pages/apollo.js— wrapapolloClient.query()intry/catchinsidegetStaticPropsAn upstream API 500 throws an unhandled
ApolloError, which Next.js surfaces as a page-level 500. The catch block falls back to an empty Apollo cache and letsPostListhandle the error via its ownuseQuerycall.components/PostList.js— addif (!data) return nullguardWhen
getStaticPropsreturns an empty cache (e.g. upstream unavailable), SSR rendersPostListwithdata = undefined. The existingerror/loadingguards do not fire at that point, so destructuringdatacrashes. The null guard prevents the crash.Why?
The example fails on a clean install due to the peer dependency conflict, and crashes with a 500 if the upstream API is unavailable — both of which make the example unusable as a reference.
How?
Minimal, targeted changes — no API surface or architecture changes. The
try/catchpattern is idiomatic forgetStaticPropsand the!dataguard is a one-line defensive check.