-
Notifications
You must be signed in to change notification settings - Fork 731
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump apollo-server from 2.16.1 to 2.25.3 in /SimpleUploadServer #2020
Bump apollo-server from 2.16.1 to 2.25.3 in /SimpleUploadServer #2020
Conversation
Bumps [apollo-server](https://github.com/apollographql/apollo-server/tree/HEAD/packages/apollo-server) from 2.16.1 to 2.25.3. - [Release notes](https://github.com/apollographql/apollo-server/releases) - [Changelog](https://github.com/apollographql/apollo-server/blob/main/CHANGELOG.md) - [Commits](https://github.com/apollographql/apollo-server/commits/[email protected]/packages/apollo-server) --- updated-dependencies: - dependency-name: apollo-server dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]>
Squashed commit of the following: commit 3262cd0 Author: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Date: Thu Nov 18 03:49:51 2021 +0000 fix(deps): update dependency gatsby-theme-apollo-docs to v5.3.8 (#2038) Co-authored-by: Renovate Bot <[email protected]> commit d93568f Author: Calvin Cestari <[email protected]> Date: Wed Nov 17 12:51:58 2021 -0800 Release `0.50.0` (#2031) * Update version number for release * Updated changelog for release * Update documentation for release changes * Update changelog for #2015 commit 46957a3 Author: Hesham Salman <[email protected]> Date: Wed Nov 17 15:15:54 2021 -0500 Update SQLite.swift to version 13.0 (#2015) * Update Package.swift and podspec * Updated XcodeProj * Bump SQLite.swift minimum required version to 0.13.1 Co-authored-by: Calvin Cestari <[email protected]> commit 8d48031 Author: hwillson <[email protected]> Date: Fri Nov 12 16:24:18 2021 -0500 Gateway clarification based on license change commit 55c5db8 Author: Calvin Cestari <[email protected]> Date: Fri Nov 12 10:47:33 2021 -0800 Update apollo-tooling to v2.33.9 (#2028) * Update to v2.33.9 of the CLI tooling * Update StarWarsAPI output generated by updated tooling * Update test with expected output * Keep the parameter spacing commit ece5b5b Author: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Date: Wed Nov 10 22:13:58 2021 +0000 fix(deps): update dependency gatsby-theme-apollo-docs to v5.3.6 (#2026) Co-authored-by: Renovate Bot <[email protected]> commit a8a35ae Author: Anthony Miller <[email protected]> Date: Tue Nov 9 11:50:36 2021 -0800 Attempted fix for integration test failing on CI (#2024) commit a1e857c Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon Nov 8 16:24:21 2021 -0800 Bump apollo-server from 2.16.1 to 2.25.3 in /SimpleUploadServer (#2020) Bumps [apollo-server](https://github.com/apollographql/apollo-server/tree/HEAD/packages/apollo-server) from 2.16.1 to 2.25.3. - [Release notes](https://github.com/apollographql/apollo-server/releases) - [Changelog](https://github.com/apollographql/apollo-server/blob/main/CHANGELOG.md) - [Commits](https://github.com/apollographql/apollo-server/commits/[email protected]/packages/apollo-server) --- updated-dependencies: - dependency-name: apollo-server dependency-type: direct:production ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> commit 6bf4362 Author: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Date: Tue Nov 9 00:03:55 2021 +0000 fix(deps): update dependency gatsby-theme-apollo-docs to v5.3.2 (#2021) Co-authored-by: Renovate Bot <[email protected]> commit 3bfde02 Author: Mike Pitre <[email protected]> Date: Mon Nov 8 13:58:36 2021 -0500 GET method for `ApolloSchemaDownloader` (#2010) * GET method for ApolloSchemaDownloader * Minor improvements to HTTP method enum * Remove ApolloSchemaDownload scope from name * Add documentation * Add HTTP method string constants as output * Add error for unsupported HTTP method when using Apollo Registry * Move HTTP method support into DownloadMethod * Build requests based on DownloadMethod * Add tests for DownloadMethod HTTP method configurations * Clean up and clarify documentation * Add associated values to URL-related errors Co-authored-by: Calvin Cestari <[email protected]> commit 9cab672 Author: Calvin Cestari <[email protected]> Date: Wed Nov 3 12:48:57 2021 -0700 Expose `cacheKey` function as `public` (#2014) * Expose cacheKey function as public * Remove @testable attribute to require public access to cacheKey function commit f2a4983 Author: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Date: Thu Oct 28 01:40:10 2021 +0000 fix(deps): update dependency gatsby-theme-apollo-docs to v5.3.1 (#2006) Co-authored-by: Renovate Bot <[email protected]>
Should this PR have also changed the apollo-server version in the package.json file? |
@danabrooks I don't believe so. This was a minor version bump going from Are you possibly meaning why we're not bumping up to 3.x? |
@calvincestari - No, nothing to do with 3.x, but in our forked version of apollo-ios that we've been using, the 2.16.1 version was popping up on a scan showing possible vulnerabilities in some of the indirect dependencies. The scanner was finding this version in the package.json file. I changed it in our fork by changing the package.json file, then updating the package-lock.json and committing both files. I was just thinking it might show up on some scans in the future. Thanks! |
Hmm, the same problem exists with the Node-based documentation generation system. The vulnerability scanners are a bit overzealous in what they check, i.e.: not everything is production shipped code. We do need to upgrade |
Understood - I'll keep an eye out for the changes. |
Bumps apollo-server from 2.16.1 to 2.25.3.
Changelog
Sourced from apollo-server's changelog.
... (truncated)
Commits
a725306
Release70a4312
Releasef47c11d
Release42983b0
Release19572d7
Releasec8c0748
Releasedf92f39
docs: replace spectrum with community forum (#5228)9e1bf7d
Releasef2349d0
Release4e5f03e
ReleaseDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)@dependabot use these labels
will set the current labels as the default for future PRs for this repo and language@dependabot use these reviewers
will set the current reviewers as the default for future PRs for this repo and language@dependabot use these assignees
will set the current assignees as the default for future PRs for this repo and language@dependabot use this milestone
will set the current milestone as the default for future PRs for this repo and languageYou can disable automated security fix PRs for this repo from the Security Alerts page.