apollographql/apollo-server
### [`v3.6.6`](https://togithub.com/apollographql/apollo-server/blob/HEAD/CHANGELOG.md#v366)
[Compare Source](https://togithub.com/apollographql/apollo-server/compare/c3deb0d980dbf983028aa99b7d2b1cc6968de432...1ca36691959aa3e34448fe9838010ccbfc025755)
- ⚠️ **SECURITY** `apollo-server-core`: Apollo Server 3.4.0 introduced a new `documentStore` constructor option (replacing the `experimental_approximateDocumentStoreMiB` option) which allows you to customize an internal cache used by ApolloServer to memoize the results of parsing and validating GraphQL operations. When this option was combined with the `gateway` option, it was possible for Apollo Server to attempt to execute invalid GraphQL operations. Specifically, if a server processed an operation and then its schema was updated with a change that made that operation no longer valid, the server could still attempt to execute the operation again without re-validating it against the new schema. The problem only lasts until the server is restarted. This release changes the semantics of the `documentStore` option so that a different key prefix is used each time the schema is updated. (As a side effect, you no longer have to be careful to avoid sharing a `documentStore` between multiple `ApolloServer` objects.) **This update is highly recommended for any users that specify both `documentStore` and `gateway` in `new ApolloServer()`.**
Configuration
📅 Schedule: "before 6am" in timezone Asia/Hong_Kong.
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
[ ] If you want to rebase/retry this PR, click this checkbox.
This PR contains the following updates:
3.6.5
->3.6.6
3.6.5
->3.6.6
Release Notes
apollographql/apollo-server
### [`v3.6.6`](https://togithub.com/apollographql/apollo-server/blob/HEAD/CHANGELOG.md#v366) [Compare Source](https://togithub.com/apollographql/apollo-server/compare/c3deb0d980dbf983028aa99b7d2b1cc6968de432...1ca36691959aa3e34448fe9838010ccbfc025755) - ⚠️ **SECURITY** `apollo-server-core`: Apollo Server 3.4.0 introduced a new `documentStore` constructor option (replacing the `experimental_approximateDocumentStoreMiB` option) which allows you to customize an internal cache used by ApolloServer to memoize the results of parsing and validating GraphQL operations. When this option was combined with the `gateway` option, it was possible for Apollo Server to attempt to execute invalid GraphQL operations. Specifically, if a server processed an operation and then its schema was updated with a change that made that operation no longer valid, the server could still attempt to execute the operation again without re-validating it against the new schema. The problem only lasts until the server is restarted. This release changes the semantics of the `documentStore` option so that a different key prefix is used each time the schema is updated. (As a side effect, you no longer have to be careful to avoid sharing a `documentStore` between multiple `ApolloServer` objects.) **This update is highly recommended for any users that specify both `documentStore` and `gateway` in `new ApolloServer()`.**Configuration
📅 Schedule: "before 6am" in timezone Asia/Hong_Kong.
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by WhiteSource Renovate. View repository job log here.