Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(deps): update all non-major dependencies #29

Merged
merged 1 commit into from
Jul 10, 2023

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 6, 2023

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@apollo/server ^4.4.1 -> ^4.7.5 age adoption passing confidence
@apollo/server-integration-testsuite ^4.4.1 -> ^4.7.5 age adoption passing confidence
@jest/globals ^29.4.3 -> ^29.6.1 age adoption passing confidence
@vitest/coverage-c8 (source) ^0.29.2 -> ^0.33.0 age adoption passing confidence
eslint (source) ^8.35.0 -> ^8.44.0 age adoption passing confidence
eslint-config-prettier ^8.6.0 -> ^8.8.0 age adoption passing confidence
graphql ^16.6.0 -> ^16.7.1 age adoption passing confidence
h3 ^1.5.0 -> ^1.7.1 age adoption passing confidence
jest (source) ^29.4.3 -> ^29.6.1 age adoption passing confidence
pnpm (source) 8.0.0 -> 8.6.7 age adoption passing confidence
prettier (source) ^2.8.4 -> ^2.8.8 age adoption passing confidence
ts-jest (source) ^29.0.5 -> ^29.1.1 age adoption passing confidence
unbuild ^1.1.2 -> ^1.2.1 age adoption passing confidence
vitest ^0.29.2 -> ^0.33.0 age adoption passing confidence

Release Notes

apollographql/apollo-server (@​apollo/server)

v4.7.5

Compare Source

Patch Changes

v4.7.4

Compare Source

Patch Changes
  • 0adaf80d1 Thanks @​trevor-scheer! - Address Content Security Policy issues

    The previous implementation of CSP nonces within the landing pages did not take full advantage of the security benefit of using them. Nonces should only be used once per request, whereas Apollo Server was generating one nonce and reusing it for the lifetime of the instance. The reuse of nonces degrades the security benefit of using them but does not pose a security risk on its own. The CSP provides a defense-in-depth measure against a potential XSS, so in the absence of a known XSS vulnerability there is likely no risk to the user.

    The mentioned fix also coincidentally addresses an issue with using crypto functions on startup within Cloudflare Workers. Crypto functions are now called during requests only, which resolves the error that Cloudflare Workers were facing. A recent change introduced a precomputedNonce configuration option to mitigate this issue, but it was an incorrect approach given the nature of CSP nonces. This configuration option is now deprecated and should not be used for any reason since it suffers from the previously mentioned issue of reusing nonces.

    Additionally, this change adds other applicable CSPs for the scripts, styles, images, manifest, and iframes that the landing pages load.

    A final consequence of this change is an extension of the renderLandingPage plugin hook. This hook can now return an object with an html property which returns a Promise<string> in addition to a string (which was the only option before).

v4.7.3

Compare Source

Patch Changes
  • #​7601 75b668d9e Thanks @​trevor-scheer! - Provide a new configuration option for landing page plugins precomputedNonce which allows users to provide a nonce and avoid calling into uuid functions on startup. This is useful for Cloudflare Workers where random number generation is not available on startup (only during requests). Unless you are using Cloudflare Workers, you can ignore this change.

    The example below assumes you've provided a PRECOMPUTED_NONCE variable in your wrangler.toml file.

    Example usage:

    const server = new ApolloServer({
      // ...
      plugins: [
        ApolloServerPluginLandingPageLocalDefault({
          precomputedNonce: PRECOMPUTED_NONCE,
        }),
      ],
    });

v4.7.2

Compare Source

Patch Changes
  • #​7599 c3f04d050 Thanks @​trevor-scheer! - Update @apollo/utils.usagereporting dependency. Previously, installing @apollo/gateway and @apollo/server could result in duplicate / differently versioned installs of @apollo/usage-reporting-protobuf. This is because the @apollo/server-gateway-interface package was updated to use the latest protobuf, but the @apollo/utils.usagereporting package was not. After this change, users should always end up with a single install of the protobuf package when installing both @apollo/server and @apollo/gateway latest versions.

v4.7.1

Compare Source

Patch Changes
  • #​7539 5d3c45be9 Thanks @​mayakoneval! - 🐛 Bug Fix for Apollo Server Landing Pages on Safari. A Content Security Policy was added to our landing page html so that Safari can run the inline scripts we use to call the Embedded Sandbox & Explorer.

v4.7.0

Compare Source

Minor Changes
  • #​7504 22a5be934 Thanks @​mayakoneval! - In the Apollo Server Landing Page Local config, you can now opt out of the telemetry that Apollo Studio runs in the
    embedded Sandbox & Explorer landing pages. This telemetry includes Google Analytics for event tracking and
    Sentry for error tracking.

    Example of the new config option:

    const server = new ApolloServer({
      typeDefs,
      resolvers,
      plugins: [
        process.env.NODE_ENV === 'production'
          ? ApolloServerPluginLandingPageProductionDefault({
              graphRef: 'my-graph-id@my-graph-variant',
              embed: {
                runTelemetry: false
              },
            })
          : ApolloServerPluginLandingPageLocalDefault({
              embed: {
                runTelemetry: false
              },
            }),
      ],
    });
    

v4.6.0

Compare Source

Minor Changes
  • #​7465 1e808146a Thanks @​trevor-scheer! - Introduce new opt-in configuration option to mitigate v4 status code regression

    Apollo Server v4 accidentally started responding to requests with an invalid variables object with a 200 status code, where v3 previously responded with a 400. In order to not break current behavior (potentially breaking users who have creatively worked around this issue) and offer a mitigation, we've added the following configuration option which we recommend for all users.

    new ApolloServer({
      // ...
      status400ForVariableCoercionErrors: true,
    });

    Specifically, this regression affects cases where input variable coercion fails. Variables of an incorrect type (i.e. String instead of Int) or unexpectedly null are examples that fail variable coercion. Additionally, missing or incorrect fields on input objects as well as custom scalars that throw during validation will also fail variable coercion. For more specifics on variable coercion, see the "Input Coercion" sections in the GraphQL spec.

    This will become the default behavior in Apollo Server v5 and the configuration option will be ignored / no longer needed.

Patch Changes
  • #​7454 f6e3ae021 Thanks @​trevor-scheer! - Start building packages with TS 5.x, which should have no effect for users

  • #​7433 e0db95b96 Thanks @​KGAdamCook! - Previously, when users provided their own documentStore, Apollo Server used a random prefix per schema in order to guarantee there was no shared state from one schema to the next. Now Apollo Server uses a hash of the schema, which enables the provided document store to be shared if you choose to do so.

v4.5.0

Compare Source

Minor Changes
  • #​7431 7cc163ac8 Thanks @​mayakoneval! - In the Apollo Server Landing Page Local config, you can now automatically turn off autopolling on your endpoints as well as pass headers used to introspect your schema, embed an operation from a collection, and configure whether the endpoint input box is editable. In the Apollo Server Landing Page Prod config, you can embed an operation from a collection & we fixed a bug introduced in release 4.4.0

    Example of all new config options:

    const server = new ApolloServer({
      typeDefs,
      resolvers,
      plugins: [
        process.env.NODE_ENV === 'production'
          ? ApolloServerPluginLandingPageProductionDefault({
              graphRef: 'my-graph-id@my-graph-variant',
              collectionId: 'abcdef',
              operationId: '12345'
              embed: true,
              footer: false,
            })
          : ApolloServerPluginLandingPageLocalDefault({
              collectionId: 'abcdef',
              operationId: '12345'
              embed: {
                initialState: {
                  pollForSchemaUpdates: false,
                  sharedHeaders: {
                    "HeaderNeededForIntrospection": "ValueForIntrospection"
                  },
                },
                endpointIsEditable: true,
              },
              footer: false,
            }),
      ],
    });
    
    
  • #​7430 b694bb1dd Thanks @​mayakoneval! - We now send your @​apollo/server version to the embedded Explorer & Sandbox used in the landing pages for analytics.

Patch Changes
  • #​7432 8cbc61406 Thanks @​mayakoneval! - Bug fix: TL;DR revert a previous change that stops passing includeCookies from the prod landing page config.

    Who was affected?

    Any Apollo Server instance that passes a graphRef to a production landing page with a non-default includeCookies value that does not match the Include cookies setting on your registered variant on studio.apollographql.com.

    How were they affected?

    From release 4.4.0 to this patch release, folks affected would have seen their Explorer requests being sent with cookies included only if they had set Include cookies on their variant. Cookies would not have been included by default.

apollographql/apollo-server (@​apollo/server-integration-testsuite)

v4.7.5

Compare Source

Patch Changes

v4.7.4

Compare Source

Patch Changes
  • #​7604 aeb511c7d Thanks @​renovate! - Update graphql-http dependency

  • 0adaf80d1 Thanks @​trevor-scheer! - Address Content Security Policy issues

    The previous implementation of CSP nonces within the landing pages did not take full advantage of the security benefit of using them. Nonces should only be used once per request, whereas Apollo Server was generating one nonce and reusing it for the lifetime of the instance. The reuse of nonces degrades the security benefit of using them but does not pose a security risk on its own. The CSP provides a defense-in-depth measure against a potential XSS, so in the absence of a known XSS vulnerability there is likely no risk to the user.

    The mentioned fix also coincidentally addresses an issue with using crypto functions on startup within Cloudflare Workers. Crypto functions are now called during requests only, which resolves the error that Cloudflare Workers were facing. A recent change introduced a precomputedNonce configuration option to mitigate this issue, but it was an incorrect approach given the nature of CSP nonces. This configuration option is now deprecated and should not be used for any reason since it suffers from the previously mentioned issue of reusing nonces.

    Additionally, this change adds other applicable CSPs for the scripts, styles, images, manifest, and iframes that the landing pages load.

    A final consequence of this change is an extension of the renderLandingPage plugin hook. This hook can now return an object with an html property which returns a Promise<string> in addition to a string (which was the only option before).

  • Updated dependencies [0adaf80d1]:

v4.7.3

Compare Source

Patch Changes

v4.7.2

Compare Source

Patch Changes

v4.7.1

Compare Source

Patch Changes

v4.7.0

Compare Source

Patch Changes

v4.6.0

Compare Source

Patch Changes

v4.5.0

Compare Source

Patch Changes
facebook/jest (@​jest/globals)

v29.6.1

Compare Source

Fixes

v29.6.0

Compare Source

Features
  • [jest-circus, jest-snapshot] Add support for snapshot matchers in concurrent tests (#​14139)
  • [jest-cli] Include type definitions to generated config files (#​14078)
  • [jest-snapshot] Support arrays as property matchers (#​14025)
  • [jest-core, jest-circus, jest-reporter, jest-runner] Added support for reporting about start individual test cases using jest-circus (#​14174)
Fixes
  • [jest-circus] Prevent false test failures caused by promise rejections handled asynchronously (#​14110)
  • [jest-config] Handle frozen config object (#​14054)
  • [jest-config] Allow coverageDirectory and collectCoverageFrom in project config (#​14180)
  • [jest-core] Always use workers in watch mode to avoid crashes (#​14059).
  • [jest-environment-jsdom, jest-environment-node] Fix assignment of customExportConditions via testEnvironmentOptions when custom env subclass defines a default value (#​13989)
  • [jest-matcher-utils] Fix copying value of inherited getters (#​14007)
  • [jest-mock] Tweak typings to allow jest.replaceProperty() replace methods (#​14008)
  • [jest-mock] Improve user input validation and error messages of spyOn and replaceProperty methods (#​14087)
  • [jest-runtime] Bind jest.isolateModulesAsync to this (#​14083)
  • [jest-runtime] Forward wrapperLength to the Script constructor as columnOffset for accurate debugging (#​14148)
  • [jest-runtime] Guard _isMockFunction access with in (#​14188)
  • [jest-snapshot] Fix a potential bug when not using prettier and improve performance (#​14036)
  • [@jest/transform] Do not instrument .json modules (#​14048)
  • [jest-worker] Restart a shut down worker before sending it a task (#​14015)
Chore & Maintenance
  • [*] Update semver dependency to get vulnerability fix (#​14262)
  • [docs] Updated documentation for the --runTestsByPath CLI command (#​14004)
  • [docs] Updated documentation regarding the synchronous fallback when asynchronous code transforms are unavailable (#​14056)
  • [docs] Update jest statistics of use and downloads in website Index.

v29.5.0

Compare Source

Features
  • [jest-changed-files] Support Sapling (#​13941)
  • [jest-circus, @&#8203;jest/cli, jest-config] Add feature to randomize order of tests via CLI flag or through the config file(#​12922)
  • [jest-cli, jest-config, @&#8203;jest/core, jest-haste-map, @&#8203;jest/reporters, jest-runner, jest-runtime, @&#8203;jest/types] Add workerThreads configuration option to allow using worker threads for parallelization (#​13939)
  • [jest-cli] Export yargsOptions (#​13970)
  • [jest-config] Add openHandlesTimeout option to configure possible open handles warning. (#​13875)
  • [@jest/create-cache-key-function] Allow passing length argument to createCacheKey() function and set its default value to 16 on Windows (#​13827)
  • [jest-message-util] Add support for AggregateError (#​13946 & #​13947)
  • [jest-message-util] Add support for Error causes in test and it (#​13935 & #​13966)
  • [jest-reporters] Add summaryThreshold option to summary reporter to allow overriding the internal threshold that is used to print the summary of all failed tests when the number of test suites surpasses it (#​13895)
  • [jest-runtime] Expose @sinonjs/fake-timers async APIs functions advanceTimersByTimeAsync(msToRun) (tickAsync(msToRun)), advanceTimersToNextTimerAsync(steps) (nextAsync), runAllTimersAsync (runAllAsync), and runOnlyPendingTimersAsync (runToLastAsync) (#​13981)
  • [jest-runtime, @&#8203;jest/transform] Allow V8 coverage provider to collect coverage from files which were not loaded explicitly (#​13974)
  • [jest-snapshot] Add support to cts and mts TypeScript files to inline snapshots (#​13975)
  • [jest-worker] Add start method to worker farms (#​13937)
  • [jest-worker] Support passing a URL as path to worker (#​13982)
Fixes
  • [babel-plugin-jest-hoist] Fix unwanted hoisting of nested jest usages (#​13952)
  • [jest-circus] Send test case results for todo tests (#​13915)
  • [jest-circus] Update message printed on test timeout (#​13830)
  • [jest-circus] Avoid creating the word "testfalse" when takesDoneCallback is false in the message printed on test timeout AND updated timeouts test (#​13954)
  • [jest-environment-jsdom] Stop setting document to null on teardown (#​13972)
  • [@jest/expect-utils] Update toStrictEqual() to be able to check jest.fn().mock.calls (#​13960)
  • [@jest/test-result] Allow TestResultsProcessor type to return a Promise (#​13950)
Chore & Maintenance
  • [jest-snapshot] Remove dependency on jest-haste-map (#​13977)
vitest-dev/vitest (@​vitest/coverage-c8)

v0.33.0

Compare Source

   🚨 Breaking Changes
  • Revert default include patterns  -  by @​so1ve #​3729
    • 0.32.0 changed the default include globs to be compatible with Jest. After a discussion with the community, we are reverting this change because it turned out to be non-intuitive.
   🐞 Bug Fixes
    View changes on GitHub

v0.32.4

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v0.32.3

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v0.32.2

Compare Source

   🐞 Bug Fixes
    View changes on GitHub

v0.32.1

Compare Source

   🚀 Features
   🐞 Bug Fixes
    View changes on GitHub

v0.32.0

Compare Source

   🚨 Breaking Changes
  • Throw an error, if the module cannot be resolved  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/3307 (1ad63)
    • Vitest used to fall back to the original import when it could not resolve it to the file path or the virtual module. This leads to hard-to-find module graph mismatches if you had incorrect alias or relied on relative imports to be resolved to the project root (which is usual behavior in TypeScript) because the code accidentally "worked". With this release, Vitest will now throw an error if it cannot resolve the module - there are possible edge cases that are not covered yet, so if you have any problems with this, please open a separate issue with reproduction.
  • Improve globs  -  by @​nickmccurdy in https://github.com/vitest-dev/vitest/issues/3392 (19ecc)
    • Vitest now has glob patterns similar to Jest for better compatibility. It's possible that some files will be considered test files when previously they were not. For example, Vitest now considers test.js to be a test file. Also any file in __tests__ is now considered to be a test, not just files with test or spec suffix.
  • Add @vitest/coverage-v8 package  -  by @​AriPerkkio in https://github.com/vitest-dev/vitest/issues/3339 (82112)
    • Vitest now uses v8 code coverage directly for better performance. @vitest/coverage-c8 is deprecated as Vitest no longer uses c8 package for coverage output. It will not be updated anymore, and Vitest will fail in the next version if the user has c8 as their coverage provider. Please, install the new @vitest/coverage-v8 package if you previously used @vitest/coverage-c8.
  • mocker: Don't restore mock to the original if the module is automocked  -  by @​sheremet-va in https://github.com/vitest-dev/vitest/issues/3518 (c1004)
    • spy.mockRestore on auto-mocked named exports will no longer restore their implementation to the actual function. This behavior better matches what Jest does.
   🚀 Features

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/all-minor-patch branch 4 times, most recently from 4587e84 to 9e17f5f Compare March 11, 2023 00:40
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 10 times, most recently from 8197599 to ab16022 Compare March 20, 2023 18:24
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 7 times, most recently from a52a814 to dc59f4e Compare March 27, 2023 20:55
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 9 times, most recently from 7bc7dd7 to 06f00c0 Compare April 4, 2023 04:18
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 7 times, most recently from 23f0c7f to e528028 Compare June 22, 2023 19:25
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 7 times, most recently from bf326df to 6779b58 Compare July 1, 2023 03:57
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 7 times, most recently from fb4db89 to b27001a Compare July 10, 2023 01:14
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 3 times, most recently from b7fc904 to fbaf20e Compare July 10, 2023 21:31
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from fbaf20e to 677fa0a Compare July 10, 2023 21:34
@tobiasdiez tobiasdiez merged commit 608fca2 into main Jul 10, 2023
@renovate renovate bot deleted the renovate/all-minor-patch branch July 10, 2023 21:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant