chore(deps): CVEs cleanup, updated nock, vite and vitest to latest major (#6457)

Author: dotansimha

integration-tests/package.json

@@ -36,7 +36,7 @@
     "slonik": "30.4.4",
     "strip-ansi": "7.1.0",
     "tslib": "2.8.1",
-    "vitest": "2.0.5",
+    "vitest": "3.0.4",
     "zod": "3.24.1"
   }
 }

package.json

@@ -97,20 +97,22 @@
     "turbo": "2.3.3",
     "typescript": "5.7.3",
     "vite-tsconfig-paths": "5.1.4",
-    "vitest": "2.0.5"
+    "vitest": "3.0.4"
   },
   "pnpm": {
     "overrides.csstype": "To fix type check error https://github.com/JedWatson/react-select/issues/5952",
     "overrides.mjml": "Our patch removes html-minifier from mjml-core, we dont need this dependency and its causing false-alarm (CVE https://nvd.nist.gov/vuln/detail/cve-2022-37620)",
     "overrides.ip": "There is no update with fix for ip package, we use fork https://github.com/indutny/node-ip/issues/150#issuecomment-2325961380",
+    "overrides.miniflare": "To address CVE: https://github.com/graphql-hive/console/security/dependabot/245",
     "overrides": {
       "csstype": "3.1.2",
       "[email protected]>html-minifier": "-",
       "[email protected]>html-minifier": "-",
       "ws@^8.0.0": "^8.18.0",
       "ws@*": ">=8.18.0 || >=7.5.10 || >=6.2.3 || >=5.2.4",
       "cookie@<0.7.0": "0.7.2",
-      "ip": "npm:[email protected]"
+      "ip": "npm:[email protected]",
+      "miniflare@3>undici": "5.28.5"
     },
     "patchedDependencies": {
       "[email protected]": "patches/[email protected]",

packages/libraries/apollo/package.json

@@ -56,8 +56,8 @@
     "express": "4.21.2",
     "graphql": "16.9.0",
     "graphql-ws": "5.16.1",
-    "nock": "14.0.0-beta.19",
-    "vitest": "2.0.5",
+    "nock": "14.0.0",
+    "vitest": "3.0.4",
     "ws": "8.18.0"
   },
   "publishConfig": {

packages/libraries/core/package.json

@@ -57,9 +57,9 @@
     "@types/async-retry": "1.4.8",
     "@types/lodash.sortby": "4.7.9",
     "graphql": "16.9.0",
-    "nock": "14.0.0-beta.19",
+    "nock": "14.0.0",
     "tslib": "2.8.1",
-    "vitest": "2.0.5"
+    "vitest": "3.0.4"
   },
   "publishConfig": {
     "registry": "https://registry.npmjs.org",

packages/libraries/yoga/package.json

@@ -59,8 +59,8 @@
     "@whatwg-node/fetch": "0.10.1",
     "graphql-ws": "5.16.1",
     "graphql-yoga": "5.10.8",
-    "nock": "14.0.0-beta.19",
-    "vitest": "2.0.5",
+    "nock": "14.0.0",
+    "vitest": "3.0.4",
     "ws": "8.18.0"
   },
   "publishConfig": {

packages/libraries/yoga/tests/yoga.spec.ts

@@ -4,7 +4,7 @@ import { createClient } from 'graphql-ws';
 import { useServer as useWSServer } from 'graphql-ws/lib/use/ws';
 import { createLogger, createSchema, createYoga } from 'graphql-yoga';
 import nock from 'nock';
-import { beforeAll, describe, expect, test, vi } from 'vitest';
+import { afterEach, describe, expect, test, vi } from 'vitest';
 import { WebSocket, WebSocketServer } from 'ws';
 import { useDeferStream } from '@graphql-yoga/plugin-defer-stream';
 import { useDisableIntrospection } from '@graphql-yoga/plugin-disable-introspection';
@@ -14,7 +14,7 @@ import { Response } from '@whatwg-node/fetch';
 import { createHiveTestingLogger } from '../../core/tests/test-utils';
 import { createHive, useHive } from '../src/index.js';
 
-beforeAll(() => {
+afterEach(() => {
   nock.cleanAll();
 });
 
@@ -375,17 +375,14 @@ test('reports usage with response cache', async ({ expect }) => {
   const graphqlScope = nock('http://localhost')
     .post('/usage', body => {
       usageCount++;
-      expect(body.map).toMatchInlineSnapshot(`
-        {
-          f25063b60ab942d0c0d14cdd9cd3172de2e7ebc4: {
-            fields: [
-              Query.hi,
-            ],
-            operation: {hi},
-            operationName: anonymous,
-          },
-        }
-      `);
+
+      expect(body.map).toEqual({
+        f25063b60ab942d0c0d14cdd9cd3172de2e7ebc4: {
+          fields: ['Query.hi'],
+          operation: '{hi}',
+          operationName: 'anonymous',
+        },
+      });
 
       return true;
     })
@@ -432,7 +429,7 @@ test('reports usage with response cache', async ({ expect }) => {
   await new Promise<void>((resolve, reject) => {
     const timeout = setTimeout(() => {
       resolve();
-    }, 1000);
+    }, 2000);
     let requestCount = 0;
 
     graphqlScope.on('request', () => {
@@ -459,8 +456,8 @@ test('reports usage with response cache', async ({ expect }) => {
       }
     })().catch(reject);
   });
-  expect(usageCount).toBe(3);
   graphqlScope.done();
+  expect(usageCount).toBe(3);
 });
 
 test('does not report usage for operation that does not pass validation', async ({ expect }) => {

packages/services/api/package.json

@@ -67,7 +67,7 @@
     "supertokens-node": "16.7.5",
     "tslib": "2.8.1",
     "undici": "6.21.1",
-    "vitest": "2.0.5",
+    "vitest": "3.0.4",
     "zod": "3.24.1",
     "zod-validation-error": "3.4.0"
   }

packages/services/broker-worker/package.json

@@ -15,7 +15,7 @@
     "itty-router": "4.2.2",
     "toucan-js": "3.4.0",
     "undici": "6.21.1",
-    "vitest": "2.0.5",
+    "vitest": "3.0.4",
     "workers-loki-logger": "0.1.15",
     "zod": "3.24.1"
   }

packages/services/demo/federation/package.json

@@ -11,6 +11,6 @@
     "graphql-yoga": "5.10.8"
   },
   "devDependencies": {
-    "wrangler": "3.100.0"
+    "wrangler": "3.107.2"
   }
 }

packages/web/app/package.json

@@ -130,7 +130,7 @@
     "urql": "4.1.0",
     "use-debounce": "10.0.4",
     "valtio": "1.13.2",
-    "vite": "5.4.12",
+    "vite": "6.0.11",
     "vite-tsconfig-paths": "5.1.4",
     "wonka": "6.3.4",
     "yup": "1.6.1",