fix(deps): update all apollo server non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@graphql-tools/schema (source)	9.0.13 -> 9.0.19
@types/cors (source)	2.8.13 -> 2.8.17
@types/node (source)	18.6.3 -> 18.19.87
@types/ws (source)	8.2.2 -> 8.18.1
@types/ws (source)	8.5.5 -> 8.18.1
apollo-server-express (source)	3.12.0 -> 3.13.0
express (source)	4.18.2 -> 4.21.2
graphql	15.8.0 -> 15.10.1
graphql-ws (source)	5.5.5 -> 5.16.2
graphql-ws (source)	5.14.0 -> 5.16.2
typescript (source)	4.7.4 -> 4.9.5
ws	8.4.2 -> 8.18.1
ws	8.13.0 -> 8.18.1

---

Release Notes

ardatan/graphql-tools (@​graphql-tools/schema)

v9.0.19

Compare Source

Patch Changes

• #​5202
  05c97eb8
  Thanks @​ardatan! - dependencies updates:
  • Updated dependency
    value-or-promise@^1.0.12 ↗︎ (from
    1.0.12, in dependencies)

v9.0.18

Compare Source

Patch Changes

• 1c95368a
  Thanks @​ardatan! - Use ranged versions for dependencies

• Updated dependencies
  [1c95368a]:

  • @​graphql-tools/merge@​8.4.1

v9.0.17

Compare Source

Patch Changes

• Updated dependencies
  [04e3ecb9]:
  • @​graphql-tools/merge@​8.4.0

v9.0.16

Compare Source

Patch Changes

• Updated dependencies
  [b5c8f640]:
  • @​graphql-tools/utils@​9.2.1
  • @​graphql-tools/merge@​8.3.18

v9.0.15

Compare Source

Patch Changes

• Updated dependencies
  [a94217e9,
  62d074be]:
  • @​graphql-tools/utils@​9.2.0
  • @​graphql-tools/merge@​8.3.17

v9.0.14

Compare Source

Patch Changes

• Updated dependencies
  [8555c5c5]:
  • @​graphql-tools/merge@​8.3.16

apollographql/apollo-server (apollo-server-express)

v3.13.0

Compare Source

v3.12.1

Compare Source

expressjs/express (express)

v4.21.2

Compare Source

What's Changed

• Add funding field (v4) by @​bjohansebas in https://github.com/expressjs/express/pull/6065
• deps: [email protected] by @​blakeembrey in https://github.com/expressjs/express/pull/5956
• deps: bump [email protected] by @​jonchurch in https://github.com/expressjs/express/pull/6209
• Release: 4.21.2 by @​UlisesGascon in https://github.com/expressjs/express/pull/6094

Full Changelog: expressjs/express@4.21.1...4.21.2

v4.21.1

Compare Source

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in https://github.com/expressjs/express/pull/6029
• Release: 4.21.1 by @​UlisesGascon in https://github.com/expressjs/express/pull/6031

Full Changelog: expressjs/express@4.21.0...4.21.1

v4.21.0

Compare Source

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in https://github.com/expressjs/express/pull/5935
• [email protected] by @​wesleytodd in https://github.com/expressjs/express/pull/5954
• fix(deps): [email protected] by @​wesleytodd in https://github.com/expressjs/express/pull/5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in https://github.com/expressjs/express/pull/5946

New Contributors

• @​agadzinski93 made their first contribution in https://github.com/expressjs/express/pull/5946

Full Changelog: expressjs/express@4.20.0...4.21.0

v4.20.0

Compare Source

==========

• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • Remove link renderization in html while redirecting
• deps: [email protected]
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: [email protected]
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

v4.19.2

Compare Source

==========

• Improved fix for open redirect allow list bypass

v4.19.1

Compare Source

==========

• Allow passing non-strings to res.location with new encoding handling checks

v4.19.0

Compare Source

==========

• Prevent open redirect allow list bypass due to encodeurl
• deps: [email protected]

v4.18.3

Compare Source

==========

• Fix routing requests without method
• deps: [email protected]
  • Fix strict json error message on Node.js 19+
  • deps: content-type@~1.0.5
  • deps: [email protected]
• deps: [email protected]
  • Add partitioned option

graphql/graphql-js (graphql)

v15.10.1

Compare Source

v15.10.1 (2025-01-14)

Bug Fix 🐞

• #​4326 Re-export GraphQLFormattedError as type (@​enisdenjo)

Committers: 1

• Denis Badurina(@​enisdenjo)

v15.10.0

Compare Source

v15.10.0 (2025-01-13)

New Feature 🚀

• #​4324 Backport GraphQLError toJSON method to v15 (@​enisdenjo)

Committers: 1

• Denis Badurina(@​enisdenjo)

v15.9.0

Compare Source

v15.9.0 (2024-06-21)

New Feature 🚀

• #​4120 backport[v15]: Introduce "recommended" validation rules (@​benjie)

Bug Fix 🐞

• #​3708 Fix crash in node when mixing sync/async resolvers (backport of #​3706) (@​chrskrchr)
• #​4000 Backport "Prevent Infinite Loop in OverlappingFieldsCanBeMergedRule" to v15 (@​benjie)

Internal 🏠

• #​4126 backport(v15): fix publish scripts (@​benjie)

Committers: 2

• Benjie(@​benjie)
• Chris Karcher(@​chrskrchr)

enisdenjo/graphql-ws (graphql-ws)

v5.16.2

Compare Source

Patch Changes

• #​611 6a5fde1 Thanks @​enisdenjo! - No more workspaces

  This version does not contain any code changes.

v5.16.1

Compare Source

Patch Changes

• #​607 a629ec7 Thanks @​enisdenjo! - Release with changesets

  This version does not contain any code changes.

v5.16.0

Compare Source

Bug Fixes

• server: Return all subscriptions regardless of the return invocation order (f442288)
• server: should not send error messages if socket closes before onSubscribe hooks resolves (db47a66), closes #​539

Features

• server: Close code and reason are optional (6ae6e6f), closes #​547

v5.15.0

Compare Source

Bug Fixes

• client: Use TerminatedCloseEvent class extending an Error for rejecting promises when terminating (74b4ceb), closes #​531
• server: Dispose of subscriptions on close even if added late to the subscriptions list (#​534) (e45d6b1), closes #​532

Features

• server: Add is retry flag to connect events (#​507) (9ad853f)

v5.14.3

Compare Source

Bug Fixes

• client: Use closures instead of bindings (with this) (812129d)
• remove package.json workspaces entry in release (63a831e), closes #​524

v5.14.2

Compare Source

Bug Fixes

• client: correct close code for Bad Gateway reason (#​512) (0438650)

v5.14.1

Compare Source

Bug Fixes

• server: Acknowledge connection before notifying the client to avoid race conditions with slow sends (#​506) (8cb82bd), closes #​501

v5.14.0

Compare Source

Features

• client: Async iterator for subscriptions (#​486) (fb4b967)

v5.13.1

Compare Source

Bug Fixes

• Remove unnecessary bun-types directives (e9a56f7), closes #​478

v5.13.0

Compare Source

Features

• server: Use Bun (#​476) (09c7893)
• server: Use Deno (#​477) (0ffd03b)

v5.12.1

Compare Source

Bug Fixes

• Add file extensions to imports/exports in ESM type definitions (48775be)

v5.12.0

Compare Source

Features

• Allow null payloads in messages (#​456) (eeb0265), closes #​455

v5.11.3

Compare Source

Bug Fixes

• ws,uWebSockets,@​fastify/websocket: Handle internal errors that are not instances of Error (#​442) (9884889), closes #​441

v5.11.2

Compare Source

Bug Fixes

• Reorder types paths in package.json for better import resolution (#​406) (37263c5)

v5.11.1

Compare Source

Bug Fixes

• server: Shouldn't send a complete message if client sent it (331fe47), closes #​403

v5.11.0

Compare Source

Features

• client: Provide subscribe payload in generateID (d0bc6e1), closes #​398

v5.10.2

Compare Source

Performance Improvements

• Easier message parser (d44c6f1)

v5.10.1

Compare Source

Bug Fixes

• client: Debounce close by lazyCloseTimeout (c332837), closes #​388

v5.10.0

Compare Source

Features

• server: Use @fastify/websocket (#​382) (dd755b0), closes #​381

v5.9.1

Compare Source

Bug Fixes

• Add types path to package.json exports (#​375) (9f394d7)

v5.9.0

Compare Source

Features

• Descriptive invalid message errors (b46379e), closes #​366

v5.8.2

Compare Source

Bug Fixes

• server: Should clean up subscription reservations on abrupt errors without relying on connection close (611c223)

v5.8.1

Compare Source

Bug Fixes

• client: isFatalConnectionProblem defaults to undefined for using shouldRetry (9d5c573)

v5.8.0

Compare Source

Features

• client: Deprecate isFatalConnectionProblem option in favour of shouldRetry (d8dcf21)

v5.7.0

Compare Source

Features

• client: Terminate the WebSocket abruptly and immediately (53ad515), closes #​290

v5.6.4

Compare Source

Bug Fixes

• Warn about subscriptions-transport-ws clients and provide migration link (e080739), closes #​339 #​325

v5.6.3

Compare Source

Bug Fixes

• client: Stop execution if connectionParams took too long and the server kicked the client off (1e94e45), closes #​331

v5.6.2

Compare Source

Bug Fixes

• server: handleProtocols accepts arrays too and gracefully rejects other types (98dec1a), closes #​318

v5.6.1

Compare Source

Bug Fixes

• server: Handle upgrade requests with multiple subprotocols and omit Sec-WebSocket-Protocol header if none supported (9bae064)

v5.6.0

Compare Source

Features

• TypeScript generic for connection init payload (connectionParams) (#​311) (e67cf80)

microsoft/TypeScript (typescript)

v4.9.5: TypeScript 4.9.5

Compare Source

For release notes, check out the release announcement.

Downloads are available on:

• npm
• NuGet package

Changes:

• 69e88ef Port ignore deprecations to 4.9 (#​52419)
• daf4e81 Port timestamp fix to 4.9 (#​52426)

v4.9.4: TypeScript 4.9.4

Compare Source

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript v4.9.4.

Downloads are available on:

• npm
• NuGet package

Changes:

• e286821 Bump version to 4.9.4 and LKG.
• eb5419f Cherry-pick #​51704 to release 4.9 (#​51712)
• b4d382b Cherry-pick changes for narrowing to tagged literal types.
• e7a02f4 Port of #​51626 and #​51689 to release-4.9 (#​51627)
• 1727912 Cherry-pick fix around visitEachChild to release-4.9. (#​51544)

This list of changes was auto generated.

v4.9.3: TypeScript 4.9

Compare Source

For release notes, check out the release announcement.

Downloads are available on:

• npm
• NuGet package

Changes:

• 93bd577 Bump version to 4.9.3 and LKG.
• 107f832 Update LKG.
• 31bee56 Cherry-pick PR #​50977 into release-4.9 (#​51363) [ #​50872 ]
• 1e2fa7a Update version to 4.9.2-rc and LKG.
• 7ab89e5 Merge remote-tracking branch 'origin/main' into release-4.9
• e5cd686 Update package-lock.json
• 8d40dc1 Update package-lock.json
• 5cfb3a2 Only call return() for an abrupt completion in user code (#​51297)
• a7a9d15 Fix for broken baseline in yieldInForInInDownlevelGenerator (#​51345)
• 7f8426f fix for-in enumeration containing yield in generator (#​51295)

See More

• 3d2b401 Fix assertion functions accessed via wildcard imports (#​51324)
• 64d0d5a fix(51301): Fixing an unused import at the end of a line removes the newline (#​51320)
• 754eeb2 Update CodeQL workflow and configuration, fix found bugs (#​51263)
• d8aad26 Update package-lock.json
• d4f26c8 fix(51245): Class with parameter decorator in arrow function causes "convert to default export" refactoring failure (#​51256)
• 16faf45 Update package-lock.json
• 8b1ecdb fix(50654): "Move to a new file" breaks the declaration of referenced variable (#​50681)
• 170a17f Dom update 2022-10-25 (#​51300)
• 9c4e14d Remove "No type information for this code" from baseline (#​51311)
• 88d25b4 fix(50068): Refactors trigger debug failure when JSX text has a ' and a tag on the same line. (#​51299)
• 8bee69a Update package-lock.json
• 702de1e Fix early call to return/throw on generator (#​51294)
• 2c12b14 Add a GH Action to file a new issue if we go a week without seeing a typescript-error-deltas issue (#​51271)
• 6af270d Update package-lock.json
• 2cc4c16 Update package-lock.json
• 6093491 Fix apparent typo in getStringMappingType (#​51248)
• 61c2609 Update package-lock.json
• ef69116 Generate shortest rootDirs module specifier instead of first possible (#​51244)
• bbb42f4 Fix typo in canWatchDirectoryOrFile found by CodeQL (#​51262)
• a56b254 Include 'this' type parameter in isRelatedTo fast path (#​51230)
• 3abd351 Fix super property transform in async arrow in method (#​51240)
• eed0511 Update package-lock.json
• 2625c1f Make the init config category order predictable (#​51247)
• 1ca99b3 fix(50551): Destructuring assignment with var bypasses "variable is used before being assigned" check (2454) (#​50560)
• 3f28fa1 Update package-lock.json
• 906ebe4 Revert structuredTypeRelatedTo change and fix isUnitLikeType (#​51076)
• 8ac4652 change type (#​51231)
• 245a02c fix(51222): Go-to-definition on return statements should jump to the containing function declaration (#​51227)
• 2dff34e markAliasReferenced should include ExportValue as well (#​51219)
• 5ef2634 Update package-lock.json
• d0f0e35 Remove old tslint comments (#​51220)
• 85d405a Fixed a false positive "await has no effect on the type" diagnostic with mixed generic union (#​50833)
• 1f8959f fix: avoid downleveled dynamic import closing over specifier expression (#​49663)
• 11066b2 Rename internal functions to narrowTypeBySwitchOnTypeOf and narrowTypeByInKeyword (#​51215)
• 4c9afe8 Update package-lock.json
• f25bcb7 fix(49196): add jsdoc snippet for interface member functions (#​51135)
• 7406ee9 fix(51170): Completing an unimplemented property overwrites rest of line (#​51175)
• a1d82fc Remove some unnecessary code discovered by rollup (#​51204)
• 0481773 LEGO: Merge pull request 51200
• 98c19cb LEGO: Merge pull request 51190
• 13c9b05 Update package-lock.json
• 673475e Update package-lock.json
• f6cf510 Add more tracing to node16/nodenext resolution (#​51168)
• 83c5581 Update package-lock.json
• be5f0fe Add an extra regression test for awaited unresolvable recursive union (#​51167)
• 2cb7e77 fix(50416): correctly names disabled export refactors (#​50663) [ #​50416 ]
• 2bcfed0 feat(37440): Provide a quick-fix for non-exported types (#​51038)
• a24201c Remove VSDevMode.ps1 and createPlaygroundBuild (#​51166)
• 2da62a7 fix(51112): omit parameter names that precede the type (#​51142)
• cf1b6b7 feat(51163): show QF to fill in the missing properties for the mapped type. (#​51165)
• bdcc240 Remove bug-causing carve-out in conditional type instantiation that hopefully is no longer required (#​51151)
• 37317a2 Check nested weak types in intersections on target side of relation (#​51140)
• 9f49f9c Update package-lock.json
• 4f54e7e Fix isExhaustiveSwitchStatement to better handle circularities (#​51095)
• 503604c Overloads shouldn't gain @​deprecated tags of other overloads in quick info (#​50904)
• e14a229 Update package-lock.json
• 67256e5 Remove unused declarations array in extractSymbol's TargetRange (#​51091)
• 9c87ded fix(51100): ensure tsserver shuts down when parent process is killed (#​51107)
• c01ae01 Fix nightly publish oops in Gulpfile (#​51131)
• a7d10f1 Update package-lock.json
• d0bfd8c fix(51072): ts.preProcessFile finds import in template string after conditional ex

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.