apollographql/apollo-server
### [`v3.7.0`](https://togithub.com/apollographql/apollo-server/blob/HEAD/CHANGELOG.md#v370)
[Compare Source](https://togithub.com/apollographql/apollo-server/compare/c4a3f346533885df825297853610c1367fa984de...58afc1a0e6660aa192b41483048cd75021be5cf7)
- ⚠️ **SECURITY** `apollo-server-core`: Apollo Server now includes protection against [CSRF](https://owasp.org/www-community/attacks/csrf) and XS-Search attacks. We **highly recommend** enabling this feature by passing `csrfPrevention: true` to `new ApolloServer()`. If you rely on the ability to execute GraphQL operations via HTTP `GET` requests using a client other than Apollo Client Web, Apollo iOS, or Apollo Kotlin (formerly Apollo Android), you may need to first change the configuration of that client. See [the CSRF prevention docs](https://www.apollographql.com/docs/apollo-server/security/cors#preventing-cross-site-request-forgery-csrf) for more details. This vulnerability was reported by Jeffrey Hofmann; the feature was designed with advice from Luca Carettoni of Doyensec.
### [`v3.6.8`](https://togithub.com/apollographql/apollo-server/blob/HEAD/CHANGELOG.md#v368)
[Compare Source](https://togithub.com/apollographql/apollo-server/compare/7678672824691c1af87a982492b45a473f35d4b1...c4a3f346533885df825297853610c1367fa984de)
- `apollo-server-fastify`: This package now depends on the `@fastify/accepts` and `@fastify/cors` packages rather than their older deprecated names `fastify-accepts` and `fastify-cors`. There is no behavior change (except that you will no longer see deprecation messages). [PR #6366](https://togithub.com/apollographql/apollo-server/pull/6366)
- `apollo-server-types`: The `Logger` TypeScript interface is now re-exported from the new `@apollo/utils.logger` package instead of defined directly in this package; other packages import it from the new package. There should be no observable change. [PR #6229](https://togithub.com/apollographql/apollo-serverpull/6229)
Configuration
📅 Schedule: "before 6am" in timezone Asia/Hong_Kong.
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
[ ] If you want to rebase/retry this PR, click this checkbox.
This PR contains the following updates:
3.6.7->3.7.03.6.7->3.7.0Release Notes
apollographql/apollo-server
### [`v3.7.0`](https://togithub.com/apollographql/apollo-server/blob/HEAD/CHANGELOG.md#v370) [Compare Source](https://togithub.com/apollographql/apollo-server/compare/c4a3f346533885df825297853610c1367fa984de...58afc1a0e6660aa192b41483048cd75021be5cf7) - ⚠️ **SECURITY** `apollo-server-core`: Apollo Server now includes protection against [CSRF](https://owasp.org/www-community/attacks/csrf) and XS-Search attacks. We **highly recommend** enabling this feature by passing `csrfPrevention: true` to `new ApolloServer()`. If you rely on the ability to execute GraphQL operations via HTTP `GET` requests using a client other than Apollo Client Web, Apollo iOS, or Apollo Kotlin (formerly Apollo Android), you may need to first change the configuration of that client. See [the CSRF prevention docs](https://www.apollographql.com/docs/apollo-server/security/cors#preventing-cross-site-request-forgery-csrf) for more details. This vulnerability was reported by Jeffrey Hofmann; the feature was designed with advice from Luca Carettoni of Doyensec. ### [`v3.6.8`](https://togithub.com/apollographql/apollo-server/blob/HEAD/CHANGELOG.md#v368) [Compare Source](https://togithub.com/apollographql/apollo-server/compare/7678672824691c1af87a982492b45a473f35d4b1...c4a3f346533885df825297853610c1367fa984de) - `apollo-server-fastify`: This package now depends on the `@fastify/accepts` and `@fastify/cors` packages rather than their older deprecated names `fastify-accepts` and `fastify-cors`. There is no behavior change (except that you will no longer see deprecation messages). [PR #6366](https://togithub.com/apollographql/apollo-server/pull/6366) - `apollo-server-types`: The `Logger` TypeScript interface is now re-exported from the new `@apollo/utils.logger` package instead of defined directly in this package; other packages import it from the new package. There should be no observable change. [PR #6229](https://togithub.com/apollographql/apollo-serverpull/6229)Configuration
📅 Schedule: "before 6am" in timezone Asia/Hong_Kong.
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by WhiteSource Renovate. View repository job log here.