Skip to content

chore(deps): update all non-major dependencies #7

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update all non-major dependencies #7

wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Aug 3, 2022
edited
Loading

This PR contains the following updates:

Package Change Age Confidence Type Update
@apollo/server-integration-testsuite (source) 4.0.0-alpha.2 -> 4.12.2 age confidence devDependencies minor
@apollo/utils.withrequired (source) 1.0.0 -> 1.0.1 age confidence devDependencies patch
@types/aws-lambda (source) 8.10.101 -> 8.10.156 age confidence devDependencies patch
@types/jest (source) 28.1.6 -> 28.1.8 age confidence devDependencies patch
jest-junit 14.0.0 -> 14.0.1 age confidence devDependencies patch
node (source) 16.16.0 -> 16.20.2 age confidence volta minor
npm (source) 8.15.1 -> 8.19.4 age confidence volta minor
prettier (source) 2.7.1 -> 2.8.8 age confidence devDependencies minor
ts-jest (source) 28.0.7 -> 28.0.8 age confidence devDependencies patch
ts-node (source) 10.9.1 -> 10.9.2 age confidence devDependencies patch
typescript (source) 4.7.4 -> 4.9.5 age confidence devDependencies minor

Release Notes

apollographql/apollo-server (@​apollo/server-integration-testsuite)

v4.12.2

Compare Source

Patch Changes

  • #​8070 0dee3c9 Thanks @​glasser! - Provide dual-build CJS and ESM for @apollo/server-integration-testsuite.

    We previously provided only a CJS build of this package, unlike @apollo/server
    itself and the other helper packages that come with it. We may make all of
    Apollo Server ESM-only in AS5; this is a step in that direction. Specifically,
    only providing this package for CJS makes it challenging to run the tests in
    ts-jest in some ESM-only setups, because the copy of @apollo/server fetched
    directly in your ESM-based test may differ from the copy fetched indirectly via
    @apollo/server-integration-testsuite, causing the "lockstep versioning" test
    to fail.

  • Updated dependencies:

v4.12.1

Compare Source

Patch Changes

v4.12.0

Compare Source

Patch Changes

v4.11.3

Compare Source

Patch Changes

v4.11.2

Compare Source

Patch Changes

v4.11.1

Compare Source

Patch Changes

  • #​7952 bb81b2c Thanks @​glasser! - Upgrade dependencies so that automated scans don't detect a vulnerability.

    @apollo/server depends on express which depends on cookie. Versions of express older than v4.21.1 depend on a version of cookie vulnerable to CVE-2024-47764. Users of older express versions who call res.cookie() or res.clearCookie() may be vulnerable to this issue.

    However, Apollo Server does not call this function directly, and it does not expose any object to user code that allows TypeScript users to call this function without an unsafe cast.

    The only way that this direct dependency can cause a vulnerability for users of Apollo Server is if you call startStandaloneServer with a context function that calls Express-specific methods such as res.cookie() or res.clearCookies() on the response object, which is a violation of the TypeScript types provided by startStandaloneServer (which only promise that the response object is a core Node.js http.ServerResponse rather than the Express-specific subclass). So this vulnerability can only affect Apollo Server users who use unsafe JavaScript or unsafe as typecasts in TypeScript.

    However, this upgrade will at least prevent vulnerability scanners from alerting you to this dependency, and we encourage all Express users to upgrade their project's own express dependency to v4.21.1 or newer.

  • Updated dependencies [bb81b2c]:

v4.11.0

Compare Source

Patch Changes

v4.10.5

Compare Source

Patch Changes

v4.10.4

Compare Source

Patch Changes

v4.10.3

Compare Source

Patch Changes

v4.10.2

Compare Source

Patch Changes

v4.10.1

Compare Source

Patch Changes

v4.10.0

Compare Source

Minor Changes
  • #​7786 869ec98 Thanks @​ganemone! - Restore missing v1 skipValidation option as dangerouslyDisableValidation. Note that enabling this option exposes your server to potential security and unexpected runtime issues. Apollo will not support issues that arise as a result of using this option.
Patch Changes

v4.9.5

Compare Source

Patch Changes

v4.9.4

Compare Source

Patch Changes

v4.9.3

Compare Source

Patch Changes

v4.9.2

Compare Source

Patch Changes

v4.9.1

Compare Source

Patch Changes

v4.9.0

Compare Source

Patch Changes

v4.8.1

Compare Source

Patch Changes

v4.8.0

Compare Source

Patch Changes

v4.7.5

Compare Source

Patch Changes

v4.7.4

Compare Source

Patch Changes

  • #​7604 aeb511c7d Thanks @​renovate! - Update graphql-http dependency

  • 0adaf80d1 Thanks @​trevor-scheer! - Address Content Security Policy issues

    The previous implementation of CSP nonces within the landing pages did not take full advantage of the security benefit of using them. Nonces should only be used once per request, whereas Apollo Server was generating one nonce and reusing it for the lifetime of the instance. The reuse of nonces degrades the security benefit of using them but does not pose a security risk on its own. The CSP provides a defense-in-depth measure against a potential XSS, so in the absence of a known XSS vulnerability there is likely no risk to the user.

    The mentioned fix also coincidentally addresses an issue with using crypto functions on startup within Cloudflare Workers. Crypto functions are now called during requests only, which resolves the error that Cloudflare Workers were facing. A recent change introduced a precomputedNonce configuration option to mitigate this issue, but it was an incorrect approach given the nature of CSP nonces. This configuration option is now deprecated and should not be used for any reason since it suffers from the previously mentioned issue of reusing nonces.

    Additionally, this change adds other applicable CSPs for the scripts, styles, images, manifest, and iframes that the landing pages load.

    A final consequence of this change is an extension of the renderLandingPage plugin hook. This hook can now return an object with an html property which returns a Promise<string> in addition to a string (which was the only option before).

  • Updated dependencies [0adaf80d1]:

v4.7.3

Compare Source

Patch Changes

v4.7.2

Compare Source

Patch Changes

v4.7.1

Compare Source

Patch Changes

v4.7.0

Compare Source

Patch Changes

v4.6.0

Compare Source

Patch Changes

v4.5.0

Compare Source

Patch Changes

v4.4.1

Compare Source

Patch Changes

v4.4.0

Compare Source

Patch Changes

v4.3.3

Compare Source

Patch Changes

v4.3.2

Compare Source

Patch Changes

v4.3.1

Compare Source

Patch Changes

v4.3.0

Compare Source

Patch Changes

v4.2.2

Compare Source

Patch Changes

v4.2.1

Compare Source

Patch Changes

v4.2.0

Compare Source

Minor Changes

  • #​7171 37b3b7fb5 Thanks @​glasser! - If a POST body contains a non-string operationName or a non-object variables or extensions, fail with status code 400 instead of ignoring the field.

    In addition to being a reasonable idea, this provides more compliance with the "GraphQL over HTTP" spec.

    This is a backwards incompatible change, but we are still early in the Apollo Server 4 adoption cycle and this is in line with the change already made in Apollo Server 4 to reject requests providing variables or extensions as strings. If this causes major problems for users who have already upgraded to Apollo Server 4 in production, we can consider reverting or partially reverting this change.

Patch Changes

v4.1.1

Compare Source

Patch Changes

v4.1.0

Compare Source

Minor Changes

  • 2a2d1e3b4 Thanks @​glasser! - The cache-control HTTP response header set by the cache control plugin now properly reflects the cache policy of all operations in a batched HTTP request. (If you write the cache-control response header via a different mechanism to a format that the plugin would not produce, the plugin no longer writes the header.) For more information, see advisory GHSA-8r69-3cvp-wxc3.

  • 2a2d1e3b4 Thanks @​glasser! - Plugins processing multiple operations in a batched HTTP request now have a shared requestContext.request.http object. Changes to HTTP response headers and HTTP status code made by plugins operating on one operation can be immediately seen by plugins operating on other operations in the same HTTP request.

  • 2a2d1e3b4 Thanks @​glasser! - New field GraphQLRequestContext.requestIsBatched available to plugins.

  • #​7114 c1651bfac Thanks @​trevor-scheer! - Directly depend on Apollo Server rather than as a peer

Patch Changes

v4.0.5

Compare Source

Patch Changes

v4.0.4

Compare Source

Patch Changes

v4.0.3

Compare Source

Patch Changes

  • #​7073 e7f524eac Thanks @​glasser! - Never interpret GET requests as batched. In previous versions of Apollo Server 4, a GET request whose body was a JSON array with N elements would be interpreted as a batch of the operation specified in the query string repeated N times. Now we just ignore the body for GET requests (like in Apollo Server 3), and never treat them as batched.

  • #​7071 0ed389ce8 Thanks @​glasser! - Fix v4 regression: gateway implementations should be able to set HTTP response headers and the status code.

  • Updated dependencies [e7f524eac, 0ed389ce8]:

v4.0.2

Compare Source

Patch Changes

v4.0.1

Compare Source

Patch Changes

v4.0.0

Compare Source

Initial release of @apollo/server-integration-testsuite.

v4.0.0-rc.18

Compare Source

Patch Changes

v4.0.0-rc.17

Compare Source

Patch Changes

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 5ebd878 to 463c632 Compare August 6, 2022 11:43
@renovate renovate bot changed the title chore(deps): update dependency @apollo/server-integration-testsuite to v4.0.0-alpha.2 chore(deps): update dependency npm to v8.16.0 Aug 6, 2022
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 463c632 to f22c3a2 Compare August 9, 2022 21:39
@renovate renovate bot changed the title chore(deps): update dependency npm to v8.16.0 chore(deps): update all non-major dependencies to v4.0.0-alpha.3 Aug 10, 2022
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from f22c3a2 to bbe55b5 Compare August 10, 2022 10:51
@renovate renovate bot changed the title chore(deps): update all non-major dependencies to v4.0.0-alpha.3 chore(deps): update all non-major dependencies Aug 10, 2022
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 10 times, most recently from e6278b7 to c35c0df Compare August 17, 2022 12:57
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from d0592f0 to 7fbf252 Compare August 24, 2022 11:33
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 7 times, most recently from 87e42ef to 91a9840 Compare September 2, 2022 00:18
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 91a9840 to a30b31f Compare September 5, 2022 20:01
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from a1cb84b to 764af7a Compare May 16, 2024 18:44
@renovate
Copy link
Contributor Author

renovate bot commented May 16, 2024
edited
Loading

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! While resolving: server-v4-integration-demos@undefined
npm ERR! Found: [email protected]
npm ERR! node_modules/graphql
npm ERR!   dev graphql@"16.5.0" from the root project
npm ERR!   peer graphql@"^16.5.0" from [email protected]
npm ERR!   packages/fastify
npm ERR!     [email protected]
npm ERR!     node_modules/apollo-server-integration-fastify
npm ERR!       workspace packages/fastify from the root project
npm ERR!   1 more (apollo-server-integration-lambda)
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer graphql@"^16.6.0" from @apollo/[email protected]
npm ERR! node_modules/@apollo/server-integration-testsuite
npm ERR!   dev @apollo/server-integration-testsuite@"4.12.2" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /runner/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /runner/cache/others/npm/_logs/2025-10-21T16_42_48_958Z-debug-0.log

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from d823f02 to 903bf3d Compare June 18, 2024 02:24
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 903bf3d to d8fc8fa Compare July 9, 2024 22:18
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from c5e9cbe to 1550181 Compare July 24, 2024 15:16
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 9b8f0d5 to 3682fae Compare August 8, 2024 19:20
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 996e7b5 to 73a91ac Compare August 28, 2024 01:52
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from ee5b534 to d8327e7 Compare October 30, 2024 01:53
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from d8327e7 to 1768ff1 Compare November 25, 2024 22:36
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 1768ff1 to 9350818 Compare January 3, 2025 02:09
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 9350818 to 7348006 Compare March 24, 2025 05:33
@apollo-bot2
Copy link

Detected SAST Vulnerabilities

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from a885d6e to 6885345 Compare April 9, 2025 21:39
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 6885345 to 5041eb0 Compare May 14, 2025 20:04
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 5041eb0 to 3626a4c Compare May 29, 2025 18:55
@renovate renovate bot requested a review from glasser as a code owner May 29, 2025 18:55
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 3626a4c to b392771 Compare June 5, 2025 22:06
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from b392771 to dfc8f24 Compare June 16, 2025 14:03
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from adb1102 to d371cdf Compare July 19, 2025 10:24
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from e0391a7 to 0893d9c Compare October 4, 2025 01:00
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 0893d9c to 56c30d1 Compare October 15, 2025 22:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@trevor-scheer trevor-scheer Awaiting requested review from trevor-scheer

@glasser glasser Awaiting requested review from glasser glasser is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

🎄 dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@apollo-bot2