Skip to content

chore(deps): update all non-major dependencies #279

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update all non-major dependencies #279

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Nov 25, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Confidence Type Update
@apollo/server (source) 4.9.5 -> 4.12.2 age confidence devDependencies minor
@apollo/server-integration-testsuite (source) 4.9.5 -> 4.12.2 age confidence devDependencies minor
@oly_op/cspell-dict 1.0.115 -> 1.1.16 age confidence devDependencies minor
@oly_op/eslint-config (source) 6.1.0 -> 6.7.23 age confidence devDependencies minor
@oly_op/prettier-config (source) 1.3.2 -> 1.9.8 age confidence devDependencies minor
@types/jest (source) 29.5.8 -> 29.5.14 age confidence devDependencies patch
@types/node (source) 20.17.47 -> 20.19.11 age confidence devDependencies minor
@typescript-eslint/eslint-plugin (source) 6.11.0 -> 6.21.0 age confidence devDependencies minor
eslint (source) 8.54.0 -> 8.57.1 age confidence devDependencies minor
eslint-plugin-import 2.29.0 -> 2.32.0 age confidence devDependencies minor
eslint-plugin-promise 6.1.1 -> 6.6.0 age confidence devDependencies minor
fastify (source) 5.3.2 -> 5.5.0 age confidence devDependencies minor
graphql 16.8.1 -> 16.11.0 age confidence devDependencies minor
node (source) 20.9.0 -> 20.19.4 age confidence volta minor
node 7.1.0 -> 7.1.1 age confidence orb patch
npm (source) 10.2.4 -> 10.9.3 age confidence volta minor
prettier (source) 3.1.0 -> 3.6.2 age confidence devDependencies minor
rimraf 5.0.5 -> 5.0.10 age confidence devDependencies patch
ts-jest (source) 29.1.1 -> 29.4.1 age confidence devDependencies minor
ts-node (source) 10.9.1 -> 10.9.2 age confidence devDependencies patch
tsx (source) 4.19.4 -> 4.20.4 age confidence devDependencies minor
typescript (source) 5.4.5 -> 5.9.2 age confidence devDependencies minor

Release Notes

apollographql/apollo-server (@​apollo/server)

v4.12.2

Compare Source

(No change; there is a change to the @apollo/server-integration-testsuite used to test integrations, and the two packages always have matching versions.)

v4.12.1

Compare Source

Patch Changes

v4.12.0

Compare Source

Minor Changes
  • #​8054 89e3f84 Thanks @​clenfest! - Adds a new graphql-js validation rule to reject operations that recursively request selections above a specified maximum, which is disabled by default. Use configuration option maxRecursiveSelections=true to enable with a maximum of 10,000,000, or maxRecursiveSelections=<number> for a custom maximum. Enabling this validation can help avoid performance issues with configured validation rules or plugins.
Patch Changes

v4.11.3

Compare Source

Patch Changes

v4.11.2

Compare Source

(No change; there is a change to the @apollo/server-integration-testsuite used to test integrations, and the two packages always have matching versions.)

v4.11.1

Compare Source

Patch Changes

  • #​7952 bb81b2c Thanks @​glasser! - Upgrade dependencies so that automated scans don't detect a vulnerability.

    @apollo/server depends on express which depends on cookie. Versions of express older than v4.21.1 depend on a version of cookie vulnerable to CVE-2024-47764. Users of older express versions who call res.cookie() or res.clearCookie() may be vulnerable to this issue.

    However, Apollo Server does not call this function directly, and it does not expose any object to user code that allows TypeScript users to call this function without an unsafe cast.

    The only way that this direct dependency can cause a vulnerability for users of Apollo Server is if you call startStandaloneServer with a context function that calls Express-specific methods such as res.cookie() or res.clearCookies() on the response object, which is a violation of the TypeScript types provided by startStandaloneServer (which only promise that the response object is a core Node.js http.ServerResponse rather than the Express-specific subclass). So this vulnerability can only affect Apollo Server users who use unsafe JavaScript or unsafe as typecasts in TypeScript.

    However, this upgrade will at least prevent vulnerability scanners from alerting you to this dependency, and we encourage all Express users to upgrade their project's own express dependency to v4.21.1 or newer.

v4.11.0

Compare Source

Minor Changes

  • #​7916 4686454 Thanks @​andrewmcgivery! - Add hideSchemaDetailsFromClientErrors option to ApolloServer to allow hiding 'did you mean' suggestions from validation errors.

    Even with introspection disabled, it is possible to "fuzzy test" a graph manually or with automated tools to try to determine the shape of your schema. This is accomplished by taking advantage of the default behavior where a misspelt field in an operation
    will be met with a validation error that includes a helpful "did you mean" as part of the error text.

    For example, with this option set to true, an error would read Cannot query field "help" on type "Query". whereas with this option set to false it would read Cannot query field "help" on type "Query". Did you mean "hello"?.

    We recommend enabling this option in production to avoid leaking information about your schema to malicious actors.

    To enable, set this option to true in your ApolloServer options:

    const server = new ApolloServer({
  typeDefs,
  resolvers,
  hideSchemaDetailsFromClientErrors: true,
});

v4.10.5

Compare Source

Patch Changes

v4.10.4

Compare Source

Patch Changes
  • #​7871 18a3827 Thanks @​tninesling! - Subscription heartbeats are initialized prior to awaiting subscribe(). This allows long-running setup to happen in the returned Promise without the subscription being terminated prior to resolution.

v4.10.3

Compare Source

Patch Changes
  • #​7866 5f335a5 Thanks @​tninesling! - Catch errors thrown by subscription generators, and gracefully clean up the subscription instead of crashing.

v4.10.2

Compare Source

Patch Changes
  • #​7849 c7e514c Thanks @​TylerBloom! - In the subscription callback server plugin, terminating a subscription now immediately closes the internal async generator. This avoids that generator existing after termination and until the next message is received.

v4.10.1

Compare Source

Patch Changes
  • #​7843 72f568e Thanks @​bscherlein! - Improves timing of the willResolveField end hook on fields which return Promises resolving to Arrays. This makes the use of the setCacheHint method more reliable.

v4.10.0

Compare Source

Minor Changes

  • #​7786 869ec98 Thanks @​ganemone! - Restore missing v1 skipValidation option as dangerouslyDisableValidation. Note that enabling this option exposes your server to potential security and unexpected runtime issues. Apollo will not support issues that arise as a result of using this option.

  • #​7803 e9a0d6e Thanks @​favna! - allow stringifyResult to return a Promise<string>

    Users who implemented the stringifyResult hook can now expect error responses to be formatted with the hook as well. Please take care when updating to this version to ensure this is the desired behavior, or implement the desired behavior accordingly in your stringifyResult hook. This was considered a non-breaking change as we consider that it was an oversight in the original PR that introduced stringifyResult hook.

Patch Changes
apollographql/apollo-server (@​apollo/server-integration-testsuite)

v4.12.2

Compare Source

Patch Changes

  • #​8070 0dee3c9 Thanks @​glasser! - Provide dual-build CJS and ESM for @apollo/server-integration-testsuite.

    We previously provided only a CJS build of this package, unlike @apollo/server
    itself and the other helper packages that come with it. We may make all of
    Apollo Server ESM-only in AS5; this is a step in that direction. Specifically,
    only providing this package for CJS makes it challenging to run the tests in
    ts-jest in some ESM-only setups, because the copy of @apollo/server fetched
    directly in your ESM-based test may differ from the copy fetched indirectly via
    @apollo/server-integration-testsuite, causing the "lockstep versioning" test
    to fail.

  • Updated dependencies:

v4.12.1

Compare Source

Patch Changes

v4.12.0

Compare Source

Patch Changes

v4.11.3

Compare Source

Patch Changes

v4.11.2

Compare Source

Patch Changes

v4.11.1

Compare Source

Patch Changes

  • #​7952 bb81b2c Thanks @​glasser! - Upgrade dependencies so that automated scans don't detect a vulnerability.

    @apollo/server depends on express which depends on cookie. Versions of express older than v4.21.1 depend on a version of cookie vulnerable to CVE-2024-47764. Users of older express versions who call res.cookie() or res.clearCookie() may be vulnerable to this issue.

    However, Apollo Server does not call this function directly, and it does not expose any object to user code that allows TypeScript users to call this function without an unsafe cast.

    The only way that this direct dependency can cause a vulnerability for users of Apollo Server is if you call startStandaloneServer with a context function that calls Express-specific methods such as res.cookie() or res.clearCookies() on the response object, which is a violation of the TypeScript types provided by startStandaloneServer (which only promise that the response object is a core Node.js http.ServerResponse rather than the Express-specific subclass). So this vulnerability can only affect Apollo Server users who use unsafe JavaScript or unsafe as typecasts in TypeScript.

    However, this upgrade will at least prevent vulnerability scanners from alerting you to this dependency, and we encourage all Express users to upgrade their project's own express dependency to v4.21.1 or newer.

  • Updated dependencies [bb81b2c]:

v4.11.0

Compare Source

Patch Changes

v4.10.5

Compare Source

Patch Changes

v4.10.4

Compare Source

Patch Changes

v4.10.3

Compare Source

Patch Changes

v4.10.2

Compare Source

Patch Changes

v4.10.1

Compare Source

Patch Changes

v4.10.0

Compare Source

Minor Changes
  • #​7786 869ec98 Thanks @​ganemone! - Restore missing v1 skipValidation option as dangerouslyDisableValidation. Note that enabling this option exposes your server to potential security and unexpected runtime issues. Apollo will not support issues that arise as a result of using this option.
Patch Changes
olyop/cspell-dict (@​oly_op/cspell-dict)

v1.1.16

Compare Source

v1.1.14

Compare Source

v1.1.13

Compare Source

v1.1.12

Compare Source

v1.1.11

Compare Source

v1.1.10

Compare Source

v1.1.9

Compare Source

v1.1.8

Compare Source

v1.1.7

Compare Source

v1.1.6

Compare Source

v1.1.5

Compare Source

v1.1.4

Compare Source

v1.1.2

Compare Source

v1.1.1

Compare Source

v1.0.116

Compare Source

olyop/eslint-config (@​oly_op/eslint-config)

v6.7.23

Compare Source

v6.7.22

Compare Source

v6.7.21

Compare Source

v6.7.20

Compare Source

v6.7.19

Compare Source

v6.7.18

Compare Source

v6.7.17

Compare Source

v6.7.16

Compare Source

v6.7.15

Compare Source

v6.7.14

Compare Source

v6.7.13

Compare Source

v6.7.12

Compare Source

v6.7.11

Compare Source

v6.7.10

Compare Source

v6.7.9

Compare Source

v6.7.8

Compare Source

v6.7.7

Compare Source

v6.7.6

Compare Source

v6.7.5

Compare Source

v6.7.4

Compare Source

v6.7.3

Compare Source

v6.7.2

Compare Source

v6.7.1

Compare Source

v6.7.0

Compare Source

v6.6.1

Compare Source

v6.6.0

Compare Source

v6.5.7

Compare Source

v6.5.6

Compare Source

v6.5.5

Compare Source

v6.5.4

Compare Source

v6.5.3

Compare Source

v6.5.2

Compare Source

v6.5.1

Compare Source

v6.5.0

Compare Source

v6.4.2

Compare Source

v6.4.1

Compare Source

v6.4.0

Compare Source

v6.3.0

Compare Source

v6.2.1

Compare Source

v6.2.0

Compare Source

olyop/prettier-config (@​oly_op/prettier-config)

v1.9.8

Compare Source

v1.9.7

Compare Source

v1.9.6

Compare Source

v1.9.5

Compare Source

[v1.9.4](https://redirect.github.com/olyop/prettier-config/compare/05da211ca894ade6e2a8aa2e7a3778ecd94e38db...13934a4067f8e710dfd057c980f

Configuration

📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate Renovate
Copy link
Contributor Author

renovate bot commented Nov 25, 2023

Branch automerge failure

This PR was configured for branch automerge. However, this is not possible, so it has been raised as a PR instead.

  • Branch has one or more failed status checks

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from 8e0f39b to 60608da Compare November 26, 2023 03:26
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Nov 26, 2023
edited
Loading

⚠ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

  • any of the package files in this branch needs updating, or
  • the branch becomes conflicted, or
  • you click the rebase/retry checkbox if found above, or
  • you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: package-lock.json
npm ERR! code ERESOLVE
npm ERR! ERESOLVE unable to resolve dependency tree
npm ERR! 
npm ERR! While resolving: @as-integrations/[email protected]
npm ERR! Found: [email protected]
npm ERR! node_modules/cspell
npm ERR!   dev cspell@"7.3.9" from the root project
npm ERR! 
npm ERR! Could not resolve dependency:
npm ERR! peer cspell@"8.0.0" from @oly_op/[email protected]
npm ERR! node_modules/@oly_op/cspell-dict
npm ERR!   dev @oly_op/cspell-dict@"1.1.10" from the root project
npm ERR! 
npm ERR! Fix the upstream dependency conflict, or retry
npm ERR! this command with --force, or --legacy-peer-deps
npm ERR! to accept an incorrect (and potentially broken) dependency resolution.
npm ERR! 
npm ERR! See /tmp/renovate/cache/others/npm/eresolve-report.txt for a full report.

npm ERR! A complete log of this run can be found in:
npm ERR!     /tmp/renovate/cache/others/npm/_logs/2024-05-07T15_55_16_738Z-debug-0.log

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 10 times, most recently from a1ed2d1 to d6709eb Compare December 1, 2023 22:44
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 8 times, most recently from b9f73f9 to 545f6ea Compare December 10, 2023 10:11
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 6 times, most recently from 3c54c9a to cd2587e Compare December 18, 2023 06:51
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from cd2587e to 888d8a0 Compare December 18, 2023 18:24
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 452cdb3 to cf1be18 Compare April 7, 2025 15:52
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from cf1be18 to 0a493b6 Compare April 13, 2025 09:26
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from 393ac58 to 9d546ed Compare April 28, 2025 19:33
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from bb26eac to 9a7adb4 Compare May 16, 2025 22:21
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 9a7adb4 to 187c502 Compare June 3, 2025 00:59
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 187c502 to 8d20883 Compare June 12, 2025 05:08
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 6 times, most recently from 7f941b0 to f9b3254 Compare June 27, 2025 07:12
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from f9b3254 to 97384c0 Compare July 16, 2025 03:34
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from aae8b02 to 9119fef Compare August 5, 2025 17:40
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 6 times, most recently from c211363 to 687c946 Compare August 12, 2025 14:47
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 687c946 to 3e0a8e7 Compare August 15, 2025 10:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants