chore(deps): update all non-major dependencies #29
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
^4.4.1
->^4.7.5
^4.4.1
->^4.7.5
^29.4.3
->^29.6.1
^0.29.2
->^0.33.0
^8.35.0
->^8.44.0
^8.6.0
->^8.8.0
^16.6.0
->^16.7.1
^1.5.0
->^1.7.1
^29.4.3
->^29.6.1
8.0.0
->8.6.7
^2.8.4
->^2.8.8
^29.0.5
->^29.1.1
^1.1.2
->^1.2.1
^0.29.2
->^0.33.0
Release Notes
apollographql/apollo-server (@apollo/server)
v4.7.5
Compare Source
Patch Changes
#7614
4fadf3ddc
Thanks @Cellule! - Publish TypeScript typings for CommonJS modules output.This allows TypeScript projects that use CommonJS modules with
moduleResolution: "node16"
ormoduleResolution: "nodeNext"
to correctly resolves the typings of apollo's packages as CommonJS instead of ESM.
Updated dependencies [
4fadf3ddc
]:v4.7.4
Compare Source
Patch Changes
0adaf80d1
Thanks @trevor-scheer! - Address Content Security Policy issuesThe previous implementation of CSP nonces within the landing pages did not take full advantage of the security benefit of using them. Nonces should only be used once per request, whereas Apollo Server was generating one nonce and reusing it for the lifetime of the instance. The reuse of nonces degrades the security benefit of using them but does not pose a security risk on its own. The CSP provides a defense-in-depth measure against a potential XSS, so in the absence of a known XSS vulnerability there is likely no risk to the user.
The mentioned fix also coincidentally addresses an issue with using crypto functions on startup within Cloudflare Workers. Crypto functions are now called during requests only, which resolves the error that Cloudflare Workers were facing. A recent change introduced a
precomputedNonce
configuration option to mitigate this issue, but it was an incorrect approach given the nature of CSP nonces. This configuration option is now deprecated and should not be used for any reason since it suffers from the previously mentioned issue of reusing nonces.Additionally, this change adds other applicable CSPs for the scripts, styles, images, manifest, and iframes that the landing pages load.
A final consequence of this change is an extension of the
renderLandingPage
plugin hook. This hook can now return an object with anhtml
property which returns aPromise<string>
in addition to astring
(which was the only option before).v4.7.3
Compare Source
Patch Changes
#7601
75b668d9e
Thanks @trevor-scheer! - Provide a new configuration option for landing page pluginsprecomputedNonce
which allows users to provide a nonce and avoid calling intouuid
functions on startup. This is useful for Cloudflare Workers where random number generation is not available on startup (only during requests). Unless you are using Cloudflare Workers, you can ignore this change.The example below assumes you've provided a
PRECOMPUTED_NONCE
variable in yourwrangler.toml
file.Example usage:
v4.7.2
Compare Source
Patch Changes
c3f04d050
Thanks @trevor-scheer! - Update@apollo/utils.usagereporting
dependency. Previously, installing@apollo/gateway
and@apollo/server
could result in duplicate / differently versioned installs of@apollo/usage-reporting-protobuf
. This is because the@apollo/server-gateway-interface
package was updated to use the latest protobuf, but the@apollo/utils.usagereporting
package was not. After this change, users should always end up with a single install of the protobuf package when installing both@apollo/server
and@apollo/gateway
latest versions.v4.7.1
Compare Source
Patch Changes
5d3c45be9
Thanks @mayakoneval! - 🐛 Bug Fix for Apollo Server Landing Pages on Safari. A Content Security Policy was added to our landing page html so that Safari can run the inline scripts we use to call the Embedded Sandbox & Explorer.v4.7.0
Compare Source
Minor Changes
#7504
22a5be934
Thanks @mayakoneval! - In the Apollo Server Landing Page Local config, you can now opt out of the telemetry that Apollo Studio runs in theembedded Sandbox & Explorer landing pages. This telemetry includes Google Analytics for event tracking and
Sentry for error tracking.
Example of the new config option:
v4.6.0
Compare Source
Minor Changes
#7465
1e808146a
Thanks @trevor-scheer! - Introduce new opt-in configuration option to mitigate v4 status code regressionApollo Server v4 accidentally started responding to requests with an invalid
variables
object with a 200 status code, where v3 previously responded with a 400. In order to not break current behavior (potentially breaking users who have creatively worked around this issue) and offer a mitigation, we've added the following configuration option which we recommend for all users.Specifically, this regression affects cases where input variable coercion fails. Variables of an incorrect type (i.e.
String
instead ofInt
) or unexpectedlynull
are examples that fail variable coercion. Additionally, missing or incorrect fields on input objects as well as custom scalars that throw during validation will also fail variable coercion. For more specifics on variable coercion, see the "Input Coercion" sections in the GraphQL spec.This will become the default behavior in Apollo Server v5 and the configuration option will be ignored / no longer needed.
Patch Changes
#7454
f6e3ae021
Thanks @trevor-scheer! - Start building packages with TS 5.x, which should have no effect for users#7433
e0db95b96
Thanks @KGAdamCook! - Previously, when users provided their owndocumentStore
, Apollo Server used a random prefix per schema in order to guarantee there was no shared state from one schema to the next. Now Apollo Server uses a hash of the schema, which enables the provided document store to be shared if you choose to do so.v4.5.0
Compare Source
Minor Changes
#7431
7cc163ac8
Thanks @mayakoneval! - In the Apollo Server Landing Page Local config, you can now automatically turn off autopolling on your endpoints as well as pass headers used to introspect your schema, embed an operation from a collection, and configure whether the endpoint input box is editable. In the Apollo Server Landing Page Prod config, you can embed an operation from a collection & we fixed a bug introduced in release 4.4.0Example of all new config options:
#7430
b694bb1dd
Thanks @mayakoneval! - We now send your @apollo/server version to the embedded Explorer & Sandbox used in the landing pages for analytics.Patch Changes
#7432
8cbc61406
Thanks @mayakoneval! - Bug fix: TL;DR revert a previous change that stops passing includeCookies from the prod landing page config.Who was affected?
Any Apollo Server instance that passes a
graphRef
to a production landing page with a non-defaultincludeCookies
value that does not match theInclude cookies
setting on your registered variant on studio.apollographql.com.How were they affected?
From release 4.4.0 to this patch release, folks affected would have seen their Explorer requests being sent with cookies included only if they had set
Include cookies
on their variant. Cookies would not have been included by default.apollographql/apollo-server (@apollo/server-integration-testsuite)
v4.7.5
Compare Source
Patch Changes
4fadf3ddc
]:v4.7.4
Compare Source
Patch Changes
#7604
aeb511c7d
Thanks @renovate! - Updategraphql-http
dependency0adaf80d1
Thanks @trevor-scheer! - Address Content Security Policy issuesThe previous implementation of CSP nonces within the landing pages did not take full advantage of the security benefit of using them. Nonces should only be used once per request, whereas Apollo Server was generating one nonce and reusing it for the lifetime of the instance. The reuse of nonces degrades the security benefit of using them but does not pose a security risk on its own. The CSP provides a defense-in-depth measure against a potential XSS, so in the absence of a known XSS vulnerability there is likely no risk to the user.
The mentioned fix also coincidentally addresses an issue with using crypto functions on startup within Cloudflare Workers. Crypto functions are now called during requests only, which resolves the error that Cloudflare Workers were facing. A recent change introduced a
precomputedNonce
configuration option to mitigate this issue, but it was an incorrect approach given the nature of CSP nonces. This configuration option is now deprecated and should not be used for any reason since it suffers from the previously mentioned issue of reusing nonces.Additionally, this change adds other applicable CSPs for the scripts, styles, images, manifest, and iframes that the landing pages load.
A final consequence of this change is an extension of the
renderLandingPage
plugin hook. This hook can now return an object with anhtml
property which returns aPromise<string>
in addition to astring
(which was the only option before).Updated dependencies [
0adaf80d1
]:v4.7.3
Compare Source
Patch Changes
75b668d9e
]:v4.7.2
Compare Source
Patch Changes
c3f04d050
]:v4.7.1
Compare Source
Patch Changes
5d3c45be9
]:v4.7.0
Compare Source
Patch Changes
#7509
5c20aa02e
Thanks @renovate! - Updategraphql-http
dependency#7475
b9ac2d6b2
Thanks @renovate! - Update graphql-http dependencyUpdated dependencies [
22a5be934
]:v4.6.0
Compare Source
Patch Changes
#7454
f6e3ae021
Thanks @trevor-scheer! - Start building packages with TS 5.x, which should have no effect for usersUpdated dependencies [
1e808146a
,f6e3ae021
,e0db95b96
]:v4.5.0
Compare Source
Patch Changes
7cc163ac8
,8cbc61406
,b694bb1dd
]:facebook/jest (@jest/globals)
v29.6.1
Compare Source
Fixes
[jest-circus]
Revert #14110 as it was a breaking change (#14304)v29.6.0
Compare Source
Features
[jest-circus, jest-snapshot]
Add support for snapshot matchers in concurrent tests (#14139)[jest-cli]
Include type definitions to generated config files (#14078)[jest-snapshot]
Support arrays as property matchers (#14025)[jest-core, jest-circus, jest-reporter, jest-runner]
Added support for reporting about start individual test cases using jest-circus (#14174)Fixes
[jest-circus]
Prevent false test failures caused by promise rejections handled asynchronously (#14110)[jest-config]
Handle frozen config object (#14054)[jest-config]
AllowcoverageDirectory
andcollectCoverageFrom
in project config (#14180)[jest-core]
Always use workers in watch mode to avoid crashes (#14059).[jest-environment-jsdom, jest-environment-node]
Fix assignment ofcustomExportConditions
viatestEnvironmentOptions
when custom env subclass defines a default value (#13989)[jest-matcher-utils]
Fix copying value of inherited getters (#14007)[jest-mock]
Tweak typings to allowjest.replaceProperty()
replace methods (#14008)[jest-mock]
Improve user input validation and error messages ofspyOn
andreplaceProperty
methods (#14087)[jest-runtime]
Bindjest.isolateModulesAsync
tothis
(#14083)[jest-runtime]
ForwardwrapperLength
to theScript
constructor ascolumnOffset
for accurate debugging (#14148)[jest-runtime]
Guard_isMockFunction
access within
(#14188)[jest-snapshot]
Fix a potential bug when not using prettier and improve performance (#14036)[@jest/transform]
Do not instrument.json
modules (#14048)[jest-worker]
Restart a shut down worker before sending it a task (#14015)Chore & Maintenance
[*]
Updatesemver
dependency to get vulnerability fix (#14262)[docs]
Updated documentation for the--runTestsByPath
CLI command (#14004)[docs]
Updated documentation regarding the synchronous fallback when asynchronous code transforms are unavailable (#14056)[docs]
Update jest statistics of use and downloads in website Index.v29.5.0
Compare Source
Features
[jest-changed-files]
Support Sapling (#13941)[jest-circus, @​jest/cli, jest-config]
Add feature to randomize order of tests via CLI flag or through the config file(#12922)[jest-cli, jest-config, @​jest/core, jest-haste-map, @​jest/reporters, jest-runner, jest-runtime, @​jest/types]
AddworkerThreads
configuration option to allow using worker threads for parallelization (#13939)[jest-cli]
ExportyargsOptions
(#13970)[jest-config]
AddopenHandlesTimeout
option to configure possible open handles warning. (#13875)[@jest/create-cache-key-function]
Allow passinglength
argument tocreateCacheKey()
function and set its default value to16
on Windows (#13827)[jest-message-util]
Add support for AggregateError (#13946 & #13947)[jest-message-util]
Add support for Error causes intest
andit
(#13935 & #13966)[jest-reporters]
AddsummaryThreshold
option to summary reporter to allow overriding the internal threshold that is used to print the summary of all failed tests when the number of test suites surpasses it (#13895)[jest-runtime]
Expose@sinonjs/fake-timers
async APIs functionsadvanceTimersByTimeAsync(msToRun)
(tickAsync(msToRun)
),advanceTimersToNextTimerAsync(steps)
(nextAsync
),runAllTimersAsync
(runAllAsync
), andrunOnlyPendingTimersAsync
(runToLastAsync
) (#13981)[jest-runtime, @​jest/transform]
Allow V8 coverage provider to collect coverage from files which were not loaded explicitly (#13974)[jest-snapshot]
Add support tocts
andmts
TypeScript files to inline snapshots (#13975)[jest-worker]
Addstart
method to worker farms (#13937)[jest-worker]
Support passing a URL as path to worker (#13982)Fixes
[babel-plugin-jest-hoist]
Fix unwanted hoisting of nestedjest
usages (#13952)[jest-circus]
Send test case results fortodo
tests (#13915)[jest-circus]
Update message printed on test timeout (#13830)[jest-circus]
Avoid creating the word "testfalse" whentakesDoneCallback
isfalse
in the message printed on test timeout AND updated timeouts test (#13954)[jest-environment-jsdom]
Stop settingdocument
tonull
on teardown (#13972)[@jest/expect-utils]
UpdatetoStrictEqual()
to be able to checkjest.fn().mock.calls
(#13960)[@jest/test-result]
AllowTestResultsProcessor
type to return a Promise (#13950)Chore & Maintenance
[jest-snapshot]
Remove dependency onjest-haste-map
(#13977)vitest-dev/vitest (@vitest/coverage-c8)
v0.33.0
Compare Source
🚨 Breaking Changes
0.32.0
changed the defaultinclude
globs to be compatible with Jest. After a discussion with the community, we are reverting this change because it turned out to be non-intuitive.🐞 Bug Fixes
View changes on GitHub
v0.32.4
Compare Source
🐞 Bug Fixes
View changes on GitHub
v0.32.3
Compare Source
🚀 Features
concurrent
option tosequence
config - by @fenghan34 and @sheremet-va in https://github.com/vitest-dev/vitest/issues/3604 (f427f)bench
name - by @fenghan34 in https://github.com/vitest-dev/vitest/issues/3711 (a749a)test.extend
- by @fenghan34 in https://github.com/vitest-dev/vitest/issues/3554 (2db1a)🐞 Bug Fixes
CTRL+C
to terminate run - by @AriPerkkio in https://github.com/vitest-dev/vitest/issues/3642 (fa663)toBeCalledTimes
- by @antfu in https://github.com/vitest-dev/vitest/issues/3696 (d3640)v8
to prevent crash on dynamic CJS files - by @AriPerkkio in https://github.com/vitest-dev/vitest/issues/3657 (40f18)retry
andrepeats
0 - by @Dunqing in https://github.com/vitest-dev/vitest/issues/3638 (6d146)h
key - by @AriPerkkio in https://github.com/vitest-dev/vitest/issues/3618 (60c36)View changes on GitHub
v0.32.2
Compare Source
🐞 Bug Fixes
View changes on GitHub
v0.32.1
Compare Source
🚀 Features
registerConsoleShortcuts
fromvitest/node
- by @deot in https://github.com/vitest-dev/vitest/issues/3563 (bc49b)expect.unreachable
- by @fenghan34 and @sheremet-va in https://github.com/vitest-dev/vitest/issues/3556 (8e385)describe
/test
name support anonymous function - by @btea in https://github.com/vitest-dev/vitest/issues/3562 (3d436)🐞 Bug Fixes
performance
fromperf_hooks
- by @Max10240 and wangbaolong.wbl in https://github.com/vitest-dev/vitest/issues/3578 and https://github.com/vitest-dev/vitest/issues/3579 (24ec8)vitest
- by @userquin in https://github.com/vitest-dev/vitest/issues/3580 (b4ac8)View changes on GitHub
v0.32.0
Compare Source
🚨 Breaking Changes
test.js
to be a test file. Also any file in__tests__
is now considered to be a test, not just files withtest
orspec
suffix.@vitest/coverage-v8
package - by @AriPerkkio in https://github.com/vitest-dev/vitest/issues/3339 (82112)@vitest/coverage-c8
is deprecated as Vitest no longer uses c8 package for coverage output. It will not be updated anymore, and Vitest will fail in the next version if the user hasc8
as their coverage provider. Please, install the new@vitest/coverage-v8
package if you previously used@vitest/coverage-c8
.spy.mockRestore
on auto-mocked named exports will no longer restore their implementation to the actual function. This behavior better matches what Jest does.🚀 Features
expect.soft
- by @Dunqing in https://github.com/vitest-dev/vitest/issues/3507 [(7c687)](https:Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR has been generated by Mend Renovate. View repository job log here.