Closed renovate[bot] closed 2 months ago
socket-security[bot]
commented
2 months ago New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
| Package | New capabilities | Transitives | Size | Publisher |
|---|---|---|---|---|
| npm/@apollo/server@4.11.0 | environment, network Transitive: eval, filesystem, unsafe | +68 |
8.03 MB | apollo-bot |
🚮 Removed packages: npm/@apollo/server@4.9.5)
renovate[bot]
commented
2 months ago Because you closed this PR without merging, Renovate will ignore this update (^4.9.3). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.
If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.
This PR contains the following updates:
4.9.5->4.11.0Release Notes
apollographql/apollo-server (@apollo/server)
### [`v4.11.0`](https://togithub.com/apollographql/apollo-server/blob/HEAD/packages/server/CHANGELOG.md#4110) [Compare Source](https://togithub.com/apollographql/apollo-server/compare/@apollo/server@4.10.5...@apollo/server@4.11.0) ##### Minor Changes - [#7916](https://togithub.com/apollographql/apollo-server/pull/7916) [`4686454`](https://togithub.com/apollographql/apollo-server/commit/46864546e131d0079785575f621d69862e635663) Thanks [@andrewmcgivery](https://togithub.com/andrewmcgivery)! - Add `hideSchemaDetailsFromClientErrors` option to ApolloServer to allow hiding 'did you mean' suggestions from validation errors. Even with introspection disabled, it is possible to "fuzzy test" a graph manually or with automated tools to try to determine the shape of your schema. This is accomplished by taking advantage of the default behavior where a misspelt field in an operation will be met with a validation error that includes a helpful "did you mean" as part of the error text. For example, with this option set to `true`, an error would read `Cannot query field "help" on type "Query".` whereas with this option set to `false` it would read `Cannot query field "help" on type "Query". Did you mean "hello"?`. We recommend enabling this option in production to avoid leaking information about your schema to malicious actors. To enable, set this option to `true` in your `ApolloServer` options: ```javascript const server = new ApolloServer({ typeDefs, resolvers, hideSchemaDetailsFromClientErrors: true, }); ``` ### [`v4.10.5`](https://togithub.com/apollographql/apollo-server/blob/HEAD/packages/server/CHANGELOG.md#4105) [Compare Source](https://togithub.com/apollographql/apollo-server/compare/@apollo/server@4.10.4...@apollo/server@4.10.5) ##### Patch Changes - [#7821](https://togithub.com/apollographql/apollo-server/pull/7821) [`b2e15e7`](https://togithub.com/apollographql/apollo-server/commit/b2e15e7db6902769d02de2b06ff920ce74701c51) Thanks [@renovate](https://togithub.com/apps/renovate)! - Non-major dependency updates - [#7900](https://togithub.com/apollographql/apollo-server/pull/7900) [`86d7111`](https://togithub.com/apollographql/apollo-server/commit/86d711133f3746d094cfb3b39e21fdfa3723181b) Thanks [@trevor-scheer](https://togithub.com/trevor-scheer)! - Inline a small dependency that was causing build issues for ESM projects ### [`v4.10.4`](https://togithub.com/apollographql/apollo-server/blob/HEAD/packages/server/CHANGELOG.md#4104) [Compare Source](https://togithub.com/apollographql/apollo-server/compare/@apollo/server@4.10.3...@apollo/server@4.10.4) ##### Patch Changes - [#7871](https://togithub.com/apollographql/apollo-server/pull/7871) [`18a3827`](https://togithub.com/apollographql/apollo-server/commit/18a3827d63c3916f6aaccbc4bdef3e0d550d91a7) Thanks [@tninesling](https://togithub.com/tninesling)! - Subscription heartbeats are initialized prior to awaiting subscribe(). This allows long-running setup to happen in the returned Promise without the subscription being terminated prior to resolution. ### [`v4.10.3`](https://togithub.com/apollographql/apollo-server/blob/HEAD/packages/server/CHANGELOG.md#4103) [Compare Source](https://togithub.com/apollographql/apollo-server/compare/@apollo/server@4.10.2...@apollo/server@4.10.3) ##### Patch Changes - [#7866](https://togithub.com/apollographql/apollo-server/pull/7866) [`5f335a5`](https://togithub.com/apollographql/apollo-server/commit/5f335a527b6549219366fa44f4bea829e7359aaf) Thanks [@tninesling](https://togithub.com/tninesling)! - Catch errors thrown by subscription generators, and gracefully clean up the subscription instead of crashing. ### [`v4.10.2`](https://togithub.com/apollographql/apollo-server/blob/HEAD/packages/server/CHANGELOG.md#4102) [Compare Source](https://togithub.com/apollographql/apollo-server/compare/@apollo/server@4.10.1...@apollo/server@4.10.2) ##### Patch Changes - [#7849](https://togithub.com/apollographql/apollo-server/pull/7849) [`c7e514c`](https://togithub.com/apollographql/apollo-server/commit/c7e514cf67b05521c66d0561448b3c36b2facee6) Thanks [@TylerBloom](https://togithub.com/TylerBloom)! - In the subscription callback server plugin, terminating a subscription now immediately closes the internal async generator. This avoids that generator existing after termination and until the next message is received. ### [`v4.10.1`](https://togithub.com/apollographql/apollo-server/blob/HEAD/packages/server/CHANGELOG.md#4101) [Compare Source](https://togithub.com/apollographql/apollo-server/compare/@apollo/server@4.10.0...@apollo/server@4.10.1) ##### Patch Changes - [#7843](https://togithub.com/apollographql/apollo-server/pull/7843) [`72f568e`](https://togithub.com/apollographql/apollo-server/commit/72f568edd512a865e37e4777bf16a319433ca5ba) Thanks [@bscherlein](https://togithub.com/bscherlein)! - Improves timing of the `willResolveField` end hook on fields which return Promises resolving to Arrays. This makes the use of the `setCacheHint` method more reliable. ### [`v4.10.0`](https://togithub.com/apollographql/apollo-server/blob/HEAD/packages/server/CHANGELOG.md#4100) [Compare Source](https://togithub.com/apollographql/apollo-server/compare/@apollo/server@4.9.5...@apollo/server@4.10.0) ##### Minor Changes - [#7786](https://togithub.com/apollographql/apollo-server/pull/7786) [`869ec98`](https://togithub.com/apollographql/apollo-server/commit/869ec980458df3b22dcc2ed128cedc9d3a85c54b) Thanks [@ganemone](https://togithub.com/ganemone)! - Restore missing v1 `skipValidation` option as `dangerouslyDisableValidation`. Note that enabling this option exposes your server to potential security and unexpected runtime issues. Apollo will not support issues that arise as a result of using this option. - [#7803](https://togithub.com/apollographql/apollo-server/pull/7803) [`e9a0d6e`](https://togithub.com/apollographql/apollo-server/commit/e9a0d6ed035d1a4f509ce39f0558dc17dfb9ccd0) Thanks [@favna](https://togithub.com/favna)! - allow `stringifyResult` to return a `PromiseConfiguration
📅 Schedule: Branch creation - "after 10am on monday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.