dependabot[bot] commented 3 months ago

Bumps @apollo/client from 3.3.6 to 3.11.5.

Release notes

Sourced from @apollo/client's releases.

v3.11.5

Patch Changes

#12027 eb3e21b Thanks @JavaScriptBach! - Type MutationResult.reset as an arrow function

#12020 82d8cb4 Thanks @jerelmiller! - Better conform to Rules of React by avoiding write of ref in render for useFragment.

v3.11.4

Patch Changes

#11994 41b17e5 Thanks @jerelmiller! - Update the Modifier function type to allow cache.modify to return deeply partial data.

#11989 e609156 Thanks @phryneas! - Fix a potential crash when calling clearStore while a query was running.

Previously, calling client.clearStore() while a query was running had one of these results:

useQuery would stay in a loading: true state.

useLazyQuery would stay in a loading: true state, but also crash with a "Cannot read property 'data' of undefined" error.

Now, in both cases, the hook will enter an error state with a networkError, and the promise returned by the useLazyQuery execute function will return a result in an error state.

#11994 41b17e5 Thanks @jerelmiller! - Prevent accidental distribution on cache.modify field modifiers when a field is a union type array.

v3.11.3

Patch Changes

#11984 5db1659 Thanks @jerelmiller! - Fix an issue where multiple fetches with results that returned errors would sometimes set the data property with an errorPolicy of none.

#11974 c95848e Thanks @jerelmiller! - Fix an issue where fetchMore would write its result data to the cache when using it with a no-cache fetch policy.

#11974 c95848e Thanks @jerelmiller! - Fix an issue where executing fetchMore with a no-cache fetch policy could sometimes result in multiple network requests.

#11974 c95848e Thanks @jerelmiller! -

Potentially disruptive change

When calling fetchMore with a query that has a no-cache fetch policy, fetchMore will now throw if an updateQuery function is not provided. This provides a mechanism to merge the results from the fetchMore call with the query's previous result.

v3.11.2

Patch Changes

#11980 38c0a2c Thanks @jerelmiller! - Fix missing getServerSnapshot error when using useSubscription on the server.

v3.11.1

Patch Changes

#11969 061cab6 Thanks @jerelmiller! - Remove check for window.__APOLLO_CLIENT__ when determining whether to connect to Apollo Client Devtools when connectToDevtools or devtools.enabled is not specified. This now simply checks to see if the application is in development mode.

#11971 ecf77f6 Thanks @jerelmiller! - Prevent the setTimeout for suggesting devtools from running in non-browser environments.

... (truncated)

Changelog

Sourced from @apollo/client's changelog.

3.11.5

Patch Changes

#12027 eb3e21b Thanks @JavaScriptBach! - Type MutationResult.reset as an arrow function

#12020 82d8cb4 Thanks @jerelmiller! - Better conform to Rules of React by avoiding write of ref in render for useFragment.

3.11.4

Patch Changes

#11994 41b17e5 Thanks @jerelmiller! - Update the Modifier function type to allow cache.modify to return deeply partial data.

#11989 e609156 Thanks @phryneas! - Fix a potential crash when calling clearStore while a query was running.

Previously, calling client.clearStore() while a query was running had one of these results:

useQuery would stay in a loading: true state.

useLazyQuery would stay in a loading: true state, but also crash with a "Cannot read property 'data' of undefined" error.

Now, in both cases, the hook will enter an error state with a networkError, and the promise returned by the useLazyQuery execute function will return a result in an error state.

#11994 41b17e5 Thanks @jerelmiller! - Prevent accidental distribution on cache.modify field modifiers when a field is a union type array.

3.11.3

Patch Changes

#11984 5db1659 Thanks @jerelmiller! - Fix an issue where multiple fetches with results that returned errors would sometimes set the data property with an errorPolicy of none.

#11974 c95848e Thanks @jerelmiller! - Fix an issue where fetchMore would write its result data to the cache when using it with a no-cache fetch policy.

#11974 c95848e Thanks @jerelmiller! - Fix an issue where executing fetchMore with a no-cache fetch policy could sometimes result in multiple network requests.

#11974 c95848e Thanks @jerelmiller! -

Potentially disruptive change

When calling fetchMore with a query that has a no-cache fetch policy, fetchMore will now throw if an updateQuery function is not provided. This provides a mechanism to merge the results from the fetchMore call with the query's previous result.

3.11.2

Patch Changes

#11980 38c0a2c Thanks @jerelmiller! - Fix missing getServerSnapshot error when using useSubscription on the server.

3.11.1

Patch Changes

... (truncated)

Commits

36d2cae Version Packages (#12036)
82d8cb4 Remove double initialization and unneeded useLazyRef from useFragment to avoi...
eb3e21b Type MutationResult.reset as an arrow function (#12027)
4210ab1 Update ROADMAP.md
a3c26e3 Add some tests for watchFragment for nested fragments and the fragment regi...
5a1985f Update default value referenced in comments for cache sizes (#12013)
c64c709 chore(deps): update cimg/node docker tag to v22.6.0 (#12000)
793fe3d chore(deps): update dependency @types/node to v20.16.1 (#12009)
7721dbc Update: refetching.mdx (#12010)
143ae5a Merge pull request #12005 from apollographql/docs/add-summit-callout
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

github-actions[bot] commented 3 months ago

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package

Version

Score

Details

npm/@apollo/client

3.11.5

:green_circle: 5.5

Details

Check	Score	Reason
Code-Review	:green_circle: 7	Found 14/19 approved changesets -- score normalized to 7
Maintained	:green_circle: 10	30 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices	:warning: 0	no effort to earn an OpenSSF best practices badge detected
License	:green_circle: 10	license file detected
Signed-Releases	:warning: -1	no releases found
Branch-Protection	:green_circle: 8	branch protection is not maximal on development and all release branches
Dangerous-Workflow	:green_circle: 10	no dangerous workflow patterns detected
Packaging	:warning: -1	packaging workflow not detected
Binary-Artifacts	:green_circle: 10	no binaries found in the repo
Token-Permissions	:warning: 0	detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies	:warning: 0	dependency not pinned by hash detected -- score normalized to 0
Fuzzing	:warning: 0	project is not fuzzed
Security-Policy	:green_circle: 10	security policy file detected
SAST	:warning: 0	SAST tool is not run on all commits -- score normalized to 0
Vulnerabilities	:warning: 0	33 existing vulnerabilities detected