Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(deps): update examples #655

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update examples #655

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented May 25, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@apollo/gateway (source) 2.8.5 -> 2.9.3 age adoption passing confidence
@apollo/server (source) 4.10.4 -> 4.11.2 age adoption passing confidence
@graphql-tools/schema (source) 10.0.3 -> 10.0.7 age adoption passing confidence
@nestjs/apollo 12.1.0 -> 12.2.1 age adoption passing confidence
@nestjs/cli 10.3.2 -> 10.4.5 age adoption passing confidence
@nestjs/common (source) 10.3.8 -> 10.4.6 age adoption passing confidence
@nestjs/core (source) 10.3.8 -> 10.4.6 age adoption passing confidence
@nestjs/graphql 12.1.1 -> 12.2.1 age adoption passing confidence
@nestjs/platform-express (source) 10.3.8 -> 10.4.6 age adoption passing confidence
@nestjs/testing (source) 10.3.8 -> 10.4.6 age adoption passing confidence
@types/node (source) 20.12.12 -> 20.17.3 age adoption passing confidence
@typescript-eslint/eslint-plugin (source) 8.0.0 -> 8.12.2 age adoption passing confidence
@typescript-eslint/parser (source) 8.0.0 -> 8.12.2 age adoption passing confidence
eslint (source) 9.3.0 -> 9.13.0 age adoption passing confidence
express (source) 4.20.0 -> 4.21.1 age adoption passing confidence
graphql 16.8.1 -> 16.9.0 age adoption passing confidence
graphql-yoga (source) 5.3.1 -> 5.7.0 age adoption passing confidence
nodemon (source) 3.1.0 -> 3.1.7 age adoption passing confidence
prettier (source) 3.2.5 -> 3.3.3 age adoption passing confidence
typescript (source) 5.4.5 -> 5.6.3 age adoption passing confidence
yarn (source) 4.2.2 -> 4.5.1 age adoption passing confidence

Release Notes

apollographql/federation (@​apollo/gateway)

v2.9.3

Compare Source

Patch Changes

v2.9.2

Compare Source

Patch Changes

v2.9.1

Compare Source

Patch Changes

v2.9.0

Compare Source

Patch Changes
apollographql/apollo-server (@​apollo/server)

v4.11.2

Compare Source

(No change; there is a change to the @apollo/server-integration-testsuite used to test integrations, and the two packages always have matching versions.)

v4.11.1

Compare Source

Patch Changes

  • #​7952 bb81b2c Thanks @​glasser! - Upgrade dependencies so that automated scans don't detect a vulnerability.

    @apollo/server depends on express which depends on cookie. Versions of express older than v4.21.1 depend on a version of cookie vulnerable to CVE-2024-47764. Users of older express versions who call res.cookie() or res.clearCookie() may be vulnerable to this issue.

    However, Apollo Server does not call this function directly, and it does not expose any object to user code that allows TypeScript users to call this function without an unsafe cast.

    The only way that this direct dependency can cause a vulnerability for users of Apollo Server is if you call startStandaloneServer with a context function that calls Express-specific methods such as res.cookie() or res.clearCookies() on the response object, which is a violation of the TypeScript types provided by startStandaloneServer (which only promise that the response object is a core Node.js http.ServerResponse rather than the Express-specific subclass). So this vulnerability can only affect Apollo Server users who use unsafe JavaScript or unsafe as typecasts in TypeScript.

    However, this upgrade will at least prevent vulnerability scanners from alerting you to this dependency, and we encourage all Express users to upgrade their project's own express dependency to v4.21.1 or newer.

v4.11.0

Compare Source

Minor Changes

  • #​7916 4686454 Thanks @​andrewmcgivery! - Add hideSchemaDetailsFromClientErrors option to ApolloServer to allow hiding 'did you mean' suggestions from validation errors.

    Even with introspection disabled, it is possible to "fuzzy test" a graph manually or with automated tools to try to determine the shape of your schema. This is accomplished by taking advantage of the default behavior where a misspelt field in an operation
    will be met with a validation error that includes a helpful "did you mean" as part of the error text.

    For example, with this option set to true, an error would read Cannot query field "help" on type "Query". whereas with this option set to false it would read Cannot query field "help" on type "Query". Did you mean "hello"?.

    We recommend enabling this option in production to avoid leaking information about your schema to malicious actors.

    To enable, set this option to true in your ApolloServer options:

    const server = new ApolloServer({
  typeDefs,
  resolvers,
  hideSchemaDetailsFromClientErrors: true,
});

v4.10.5

Compare Source

Patch Changes
ardatan/graphql-tools (@​graphql-tools/schema)

v10.0.7

Compare Source

Patch Changes

v10.0.6

Compare Source

Patch Changes

v10.0.5

Compare Source

Patch Changes

v10.0.4

Compare Source

Patch Changes
nestjs/graphql (@​nestjs/apollo)

v12.2.1

Compare Source

12.2.1 (2024-10-23)

Bug fixes
  • graphql
Enhancements
Dependencies
Committers: 4

v12.2.0

Compare Source

v12.2.0 (2024-07-02)
Bug fixes
Enhancements
  • apollo, graphql
    • #​3222 feat(graphql): add support for option newline at the end of schema file (@​sabolch)
Docs
Dependencies
Committers: 6
nestjs/nest-cli (@​nestjs/cli)

v10.4.5

Compare Source

v10.4.4

Compare Source

v10.4.3

Compare Source

v10.4.2

Compare Source

v10.4.1

Compare Source

v10.4.0

Compare Source

nestjs/nest (@​nestjs/common)

v10.4.6

Compare Source

v10.4.5

Compare Source

v10.4.5 (2024-10-16)
Dependencies
Committers: 5

v10.4.4

Compare Source

v10.4.3

Compare Source

v10.4.2

Compare Source

v10.4.1

Compare Source

v10.4.0

Compare Source

v10.3.10

Compare Source

v10.3.9

Compare Source

v10.3.9 (2024-06-03)
Bug fixes
Enhancements
Docs
Dependencies

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented May 25, 2024
edited
Loading

⚠️ No Changeset found

Latest commit: cfa3889

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@codecov-commenter
Copy link

codecov-commenter commented May 25, 2024
edited
Loading

⚠️ Please install the 'codecov app svg image' to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 92.94%. Comparing base (9682f05) to head (9f28a16).

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #655   +/-   ##
=======================================
  Coverage   92.94%   92.94%           
=======================================
  Files          17       17           
  Lines         340      340           
  Branches       98       98           
=======================================
  Hits          316      316           
  Misses         24       24

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@renovate renovate bot changed the title chore(deps): update dependency nodemon to v3.1.1 fix(deps): update examples May 27, 2024
@renovate renovate bot force-pushed the renovate/examples branch 11 times, most recently from c519230 to 2768515 Compare June 4, 2024 19:16
@renovate renovate bot force-pushed the renovate/examples branch 6 times, most recently from 5781cf8 to c035d9b Compare June 11, 2024 20:52
@renovate renovate bot force-pushed the renovate/examples branch 8 times, most recently from 714e87b to 0bf53dd Compare June 19, 2024 09:04
@renovate renovate bot force-pushed the renovate/examples branch 7 times, most recently from e3c30f6 to 6ef3800 Compare October 11, 2024 14:16
@renovate renovate bot force-pushed the renovate/examples branch 9 times, most recently from cd3f3f5 to f5778ac Compare October 20, 2024 03:53
@renovate renovate bot force-pushed the renovate/examples branch 7 times, most recently from 3946936 to 42921f6 Compare October 26, 2024 13:41
@renovate renovate bot force-pushed the renovate/examples branch 5 times, most recently from 527f128 to 7cd4b72 Compare October 30, 2024 18:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@codecov-commenter