Closed renovate[bot] closed 2 years ago
Because you closed this PR without merging, Renovate will ignore this update. You will not get PRs for any future 3.x
releases. But if you manually upgrade to 3.x
then Renovate will re-enable minor
and patch
updates automatically.
If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.
This PR contains the following updates:
2.25.2
->3.6.3
Release Notes
apollographql/apollo-server
### [`v3.6.3`](https://togithub.com/apollographql/apollo-server/blob/HEAD/CHANGELOG.md#v363) [Compare Source](https://togithub.com/apollographql/apollo-server/compare/022184a4d01d4452ebbcfeeef6e8ee1aae7a5db7...289acad0e3777bd0010506763c3fd6e4c0289813) - `apollo-server-core`: The inline trace plugin will now include the full query plan and subgraph traces if manually installed in an Apollo Gateway. (Previously, you technically could install this plugin in a Gateway but it would not have any real trace data.) This is recommended for development use only and not in production servers. [PR #6017](https://togithub.com/apollographql/apollo-server/pull/6017) - `apollo-server-core`: The default landing page plugins now take an `includeCookies` option which allows you to specify that Explorer should send cookies to your server. [PR #6014](https://togithub.com/apollographql/apollo-server/pull/6014) - `apollo-server-core`: Apollo Server has a heuristic added in v2.23.0 and improved in v3.1.0 which tries to detect execution errors that come from the `graphql-js` variable value validation phase and report them with an `extensions.code` of `BAD_USER_INPUT` rather than `INTERNAL_SERVER_ERROR`. In this release, the heuristic is improved to include some cases including variables that are non-null lists. [PR #6066](https://togithub.com/apollographql/apollo-server/pull/6066) ### [`v3.6.2`](https://togithub.com/apollographql/apollo-server/blob/HEAD/CHANGELOG.md#v362) [Compare Source](https://togithub.com/apollographql/apollo-server/compare/f3fc7d147a3bc3446f4f3452acfa5f598099b08f...022184a4d01d4452ebbcfeeef6e8ee1aae7a5db7) - ⚠️ **SECURITY** `apollo-server-env`: Update dependency on `node-fetch` to require v2.6.7 rather than v2.6.1. This includes the fix to [CVE-2022-0235](https://nvd.nist.gov/vuln/detail/CVE-2022-0235), a vulnerability where credentials sent along with a request could be sent to a different origin if the fetched URL responds with an attacker-controlled HTTP redirect. This is the default fetcher used by `apollo-datasource-rest`, usage reporting, schema reporting, and `@apollo/gateway` in versions prior to v0.46.0. We do not believe that the way that this is used by usage reporting or schema reporting is vulnerable to the exploit, but if you use `apollo-datasource-rest` in such a way that the servers you talk to might serve a surprising redirect, this upgrade would be helpful. Note that to ensure you're using the appropriate version of `apollo-server-env` with `apollo-datasource-rest`, you need to be using v3.5.1 of that package. (We plan to separate the release process of `apollo-datasource-rest` from Apollo Server soon so that it can have a more reasonable changelog.) If upgrading to this version is challenging, you can also work around this by ensuring that `node-fetch@2.6.7` is the version used in your project, or by specifying a `fetcher` explicitly to your older Gateway, REST datasource, etc. - `apollo-server-core`: The `typeDefs`, `resolvers`, and `parseOptions` constructor arguments are passed directly through to `makeExecutableSchema` from `@graphql-tools/schema` if provided. Now their TypeScript type definitions come directly from that package so that any types accepted by that package can be provided. [PR #5978](https://togithub.com/apollographql/apollo-server/pull/5978) - `apollo-server-fastify`: Drop dependency on `fast-json-stringify`. [PR #5988](https://togithub.com/apollographql/apollo-server/pull/5988) - `apollo-server-azure-functions`: Update TypeScript types package `@azure/functions` from v1 to v3 and change it to a dev dependency. (We were advised to change it to a dev dependency [by the authors of the package](https://togithub.com/Azure/azure-functions-nodejs-worker/pull/467#issuecomment-967737890); if this turns out to be problematic we can revert this part of the change. They also do not believe this is a backwards-incompatible change despite the major version bump; this package does a major version bump when the underlying Azure Functions runtime has a major version bump.) [PR #5919](https://togithub.com/apollographql/apollo-server/pull/5919) ### [`v3.6.1`](https://togithub.com/apollographql/apollo-server/blob/HEAD/CHANGELOG.md#v361) [Compare Source](https://togithub.com/apollographql/apollo-server/compare/8b2c1360c224d23ff64fa49adbee1e62dbdaa917...f3fc7d147a3bc3446f4f3452acfa5f598099b08f) - Correctly remove dependency on `apollo-graphql` as intended in v3.6.0. [Issue #5981](https://togithub.com/apollographql/apollo-server/issues/5981) [PR #5981](https://togithub.com/apollographql/apollo-server/pull/5981) ### [`v3.6.0`](https://togithub.com/apollographql/apollo-server/blob/HEAD/CHANGELOG.md#v360) [Compare Source](https://togithub.com/apollographql/apollo-server/compare/e6c3cbbf820b3ffff1e7e98d41b3bfc08f99b9b0...8b2c1360c224d23ff64fa49adbee1e62dbdaa917) - `apollo-server-core`: Studio usage reporting now reports "referenced operations" for fields in addition to "field executions", which can be seen on the Studio Fields page. This new statistic provides visibility into uses of fields that are not executed. It is also more efficient to generate and (for Apollo Gateways) does not require subgraphs to support federated tracing. Additionally, the new `fieldLevelInstrumentation` option to `ApolloServerPluginUsageReporting` allows you to disable field-level tracing on a per-operation basis, and to report weights for operations to allow for estimates of the field execution count even when not all operations are instrumented. Note that the semantics of the `requestContext.metrics.captureTraces` field have changed. See the [Studio Fields page docs](https://www.apollographql.com/docs/studio/metrics/field-usage/) and the [`fieldLevelInstrumentation` docs](https://www.apollographql.com/docs/apollo-server/api/plugin/usage-reporting/#fieldlevelinstrumentation) for more details. [Issue #5708](https://togithub.com/apollographql/apollo-server/issues/5708) [PR #5956](https://togithub.com/apollographql/apollo-server/pull/5956) [PR #5963](https://togithub.com/apollographql/apollo-server/pull/5963) - `apollo-server-core`: Usage reporting no longer sends a "client reference ID" to Apollo Studio (along with the client name and client version). This little-used feature has not been documented [since 2019](https://togithub.com/apollographql/apollo-server/pull/3180) and is currently entirely ignored by Apollo Studio. This is technically incompatible as the interface `ClientInfo` no longer has the field `clientReferenceId`; if you were one of the few users who explicitly set this field and you get a TypeScript compilation failure upon upgrading to v3.6.0, just stop using the field. [PR #5890](https://togithub.com/apollographql/apollo-server/pull/5890) - `apollo-server-core`: Remove dependency on `apollo-graphql` package (by inlining the code which generates usage reporting signatures). That package has not yet been published with a `graphql@16` peer dependency, so Apollo Server v3.5 did not fully support `graphql@16` without overriding peer dependencies. [Issue #5941](https://togithub.com/apollographql/apollo-server/issues/5941) [PR #5955](https://togithub.com/apollographql/apollo-server/pull/5955) ### [`v3.5.0`](https://togithub.com/apollographql/apollo-server/blob/HEAD/CHANGELOG.md#v350) [Compare Source](https://togithub.com/apollographql/apollo-server/compare/f3fcbfe09957806df06f8de431877dd39d8b97c0...e6c3cbbf820b3ffff1e7e98d41b3bfc08f99b9b0) - Apollo Server now supports `graphql@16`. (There is a very small backwards incompatibility: `ApolloError.originalError` can no longer be `null`, matching the type of `GraphQLError.originalError`. Use `undefined` instead. If this causes challenges, let us know and we can try to adapt.) [PR #5857](https://togithub.com/apollographql/apollo-server/pull/5857) \- `apollo-server-core`: Fix build error when building with `@rollup/plugin-commonjs`. [PR #5797](https://togithub.com/apollographql/apollo-server/pull/5797) - `apollo-server-plugin-response-cache`: Add missing dependency on `apollo-server-types` (broken since v3.0.0). [Issue #5804](https://togithub.com/apollographql/apollo-server/issues/5804) [PR #5816](https://togithub.com/apollographql/apollo-server/pull/5816) - `apollo-server-core`: The default landing page plugins now take `document`, `variables`, and `headers` arguments which fill in default values if you click through to Explorer. [PR #5711](https://togithub.com/apollographql/apollo-server/pull/5711) - `apollo-server-core`: Support for HTTP request batching can now be disabled by passing `allowBatchedHttpRequests: false` to `new ApolloServer`. [PR #5778](https://togithub.com/apollographql/apollo-server/pull/5778) [Issue #5686](https://togithub.com/apollographql/apollo-server/issues/5686) ### [`v3.4.1`](https://togithub.com/apollographql/apollo-server/blob/HEAD/CHANGELOG.md#v341) [Compare Source](https://togithub.com/apollographql/apollo-server/compare/7861ba22c9e4caf037e7a1cec71191b9b0deb71b...f3fcbfe09957806df06f8de431877dd39d8b97c0) - ⚠️ **SECURITY** `apollo-server-core`: Update default version of the GraphQL Playground React app loaded from the CDN to be `@apollographql/graphql-playground-react@1.7.42`. This patches an XSS vulnerability. Note that if you are pinning the Playground React app version in your app with `new ApolloServer({plugins: [ApolloServerPluginLandingPageGraphQLPlayground({version: 'some version'})]})`, you will need to update the specified version to 1.7.42 or later to avoid this vulnerability. If you do not explicitly enable GraphQL Playground via the `ApolloServerPluginLandingPageGraphQLPlayground` plugin, this vulnerability does not affect you. See [advisory GHSA-qm7x-rc44-rrqw](https://togithub.com/apollographql/apollo-server/security/advisories/GHSA-qm7x-rc44-rrqw) for more details. ### [`v3.4.0`](https://togithub.com/apollographql/apollo-server/blob/HEAD/CHANGELOG.md#v340) [Compare Source](https://togithub.com/apollographql/apollo-server/compare/8524df3d3fe98b7ad625c48cb393cd4a59ec1476...7861ba22c9e4caf037e7a1cec71191b9b0deb71b) - `apollo-server-core`: You can now specify your own `DocumentStore` (a `KeyValueStoreConfiguration
📅 Schedule: At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by WhiteSource Renovate. View repository job log here.