Skip to content

fix(deps): update apollo graphql packages #289

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update apollo graphql packages #289

wants to merge 1 commit into from

Conversation

@svc-secops
Copy link
Contributor

@svc-secops svc-secops commented May 3, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence Type Update
@apollo/client (source) 3.12.3 -> 3.14.0 age adoption passing confidence dependencies minor
@apollo/client-devtools-vscode 4.20.1 -> 4.21.11 age adoption passing confidence dependencies minor
@apollo/subgraph (source) 2.9.3 -> 2.12.1 age adoption passing confidence dependencies minor
ghcr.io/apollographql/router v2.2.0 -> v2.8.2 age adoption passing confidence final minor

Release Notes

apollographql/apollo-client (@​apollo/client)

v3.14.0

Compare Source

Minor Changes
Patch Changes

v3.13.9

Compare Source

Patch Changes
  • #​12804 32c9aa9 Thanks @​phryneas! - Fix a possible race condition on queries that were reobserved before they were subscribed to the first time.

v3.13.8

Compare Source

Patch Changes

v3.13.7

Compare Source

Patch Changes

v3.13.6

Compare Source

Patch Changes

v3.13.5

Compare Source

Patch Changes
  • #​12461 12c8d06 Thanks @​jerelmiller! - Fix an issue where a cache-first query would return the result for previous variables when a cache update is issued after simultaneously changing variables and skipping the query.

v3.13.4

Compare Source

Patch Changes

v3.13.3

Compare Source

Patch Changes

  • #​12362 f6d387c Thanks @​jerelmiller! - Fixes an issue where calling observableQuery.getCurrentResult() when the errorPolicy was set to all would return the networkStatus as NetworkStatus.ready when there were errors returned in the result. This has been corrected to report NetworkStatus.error.

    This bug also affected the useQuery and useLazyQuery hooks and may affect you if you check for networkStatus in your component.

v3.13.2

Compare Source

Patch Changes

  • #​12409 6aa2f3e Thanks @​phryneas! - To mitigate problems when Apollo Client ends up more than once in the bundle, some unique symbols were converted into Symbol.for calls.

  • #​12392 644bb26 Thanks @​Joja81! - Fixes an issue where the DeepOmit type would turn optional properties into required properties. This should only affect you if you were using the omitDeep or stripTypename utilities exported by Apollo Client.

  • #​12404 4332b88 Thanks @​jerelmiller! - Show NaN rather than converting to null in debug messages from MockLink for unmatched variables values.

v3.13.1

Compare Source

Patch Changes

v3.13.0

Compare Source

Minor Changes

  • #​12066 c01da5d Thanks @​jerelmiller! - Adds a new useSuspenseFragment hook.

    useSuspenseFragment suspends until data is complete. It is a drop-in replacement for useFragment when you prefer to use Suspense to control the loading state of a fragment. See the documentation for more details.

  • #​12174 ba5cc33 Thanks @​jerelmiller! - Ensure errors thrown in the onCompleted callback from useMutation don't call onError.

  • #​12340 716d02e Thanks @​phryneas! - Deprecate the onCompleted and onError callbacks of useQuery and useLazyQuery.
    For more context, please see the related issue on GitHub.

  • #​12276 670f112 Thanks @​Cellule! - Provide a more type-safe option for the previous data value passed to observableQuery.updateQuery. Using it could result in crashes at runtime as this callback could be called with partial data even though its type reported the value as a complete result.

    The updateQuery callback function is now called with a new type-safe previousData property and a new complete property in the 2nd argument that determines whether previousData is a complete or partial result.

    As a result of this change, it is recommended to use the previousData property passed to the 2nd argument of the callback rather than using the previous data value from the first argument since that value is not type-safe. The first argument is now deprecated and will be removed in a future version of Apollo Client.

    observableQuery.updateQuery(
  (unsafePreviousData, { previousData, complete }) => {
    previousData;
    // ^? TData | DeepPartial<TData> | undefined

    if (complete) {
      previousData;
      // ^? TData
    } else {
      previousData;
      // ^? DeepPartial<TData> | undefined
    }
  }
);

  • #​12174 ba5cc33 Thanks @​jerelmiller! - Reject the mutation promise if errors are thrown in the onCompleted callback of useMutation.

Patch Changes

  • #​12276 670f112 Thanks @​Cellule! - Fix the return type of the updateQuery function to allow for undefined. updateQuery had the ability to bail out of the update by returning a falsey value, but the return type enforced a query value.

    observableQuery.updateQuery(
  (unsafePreviousData, { previousData, complete }) => {
    if (!complete) {
      // Bail out of the update by returning early
      return;
    }

    // ...
  }
);

  • #​12296 2422df2 Thanks @​Cellule! - Deprecate option ignoreResults in useMutation.
    Once this option is removed, existing code still using it might see increase in re-renders.
    If you don't want to synchronize your component state with the mutation, please use useApolloClient to get your ApolloClient instance and call client.mutate directly.

  • #​12338 67c16c9 Thanks @​phryneas! - In case of a multipart response (e.g. with @defer), query deduplication will
    now keep going until the final chunk has been received.

  • #​12276 670f112 Thanks @​Cellule! - Fix the type of the variables property passed as the 2nd argument to the subscribeToMore callback. This was previously reported as the variables type for the subscription itself, but is now properly typed as the query variables.

v3.12.11

Compare Source

Patch Changes

  • #​12351 3da908b Thanks @​jerelmiller! - Fixes an issue where the wrong networkStatus and loading value was emitted from observableQuery when calling fetchMore with a no-cache fetch policy. The networkStatus now properly reports as ready and loading as false after the result is returned.

  • #​12354 a24ef94 Thanks @​phryneas! - Fix missing main.d.cts file

v3.12.10

Compare Source

Patch Changes

v3.12.9

Compare Source

Patch Changes

v3.12.8

Compare Source

Patch Changes

v3.12.7

Compare Source

Patch Changes

v3.12.6

Compare Source

Patch Changes

v3.12.5

Compare Source

Patch Changes

  • #​12252 cb9cd4e Thanks @​jerelmiller! - Changes the default behavior of the MaybeMasked type to preserve types unless otherwise specified. This change makes it easier to upgrade from older versions of the client where types could have unexpectedly changed in the application due to the default of trying to unwrap types into unmasked types. This change also fixes the compilation performance regression experienced when simply upgrading the client since types are now preserved by default.

    A new mode option has now been introduced to allow for the old behavior. See the next section on migrating if you wish to maintain the old default behavior after upgrading to this version.

Migrating from <= v3.12.4

If you've adopted data masking and have opted in to using masked types by setting the enabled property to true, you can remove this configuration entirely:

-declare module "@&#8203;apollo/client" {
-  interface DataMasking {
-    mode: "unmask"
-  }
-}

If you prefer to specify the behavior explicitly, change the property from enabled: true, to mode: "preserveTypes":

declare module "@&#8203;apollo/client" {
  interface DataMasking {
-    enabled: true
+    mode: "preserveTypes"
  }
}

If you rely on the default behavior in 3.12.4 or below and would like to continue to use unmasked types by default, set the mode to unmask:

declare module "@&#8203;apollo/client" {
  interface DataMasking {
    mode: "unmask";
  }
}

v3.12.4

Compare Source

Patch Changes
  • #​12236 4334d30 Thanks @​charpeni! - Fix an issue with refetchQueries where comparing DocumentNodes internally by references could lead to an unknown query, even though the DocumentNode was indeed an active query—with a different reference.
apollographql/apollo-client-devtools (@​apollo/client-devtools-vscode)

v4.21.11

Compare Source

v4.21.10

Compare Source

Patch Changes

v4.21.9

Compare Source

Patch Changes

v4.21.8

Compare Source

Patch Changes

v4.21.7

Compare Source

Patch Changes

v4.21.6

Compare Source

Patch Changes

v4.21.5

Compare Source

v4.21.4

Compare Source

Patch Changes

v4.21.3

Compare Source

Patch Changes

v4.21.2

Compare Source

Patch Changes
  • #​1713 0302538 Thanks @​braineo! - fix calling client.stop twice causing app crashing by checking if handler exist before sending tab command

v4.21.1

Compare Source

Patch Changes

v4.21.0

Compare Source

Minor Changes

v4.20.2

Compare Source

Patch Changes
apollographql/federation (@​apollo/subgraph)

v2.12.1

Compare Source

Patch Changes

v2.12.0

Compare Source

Minor Changes
  • Federation 2.12 and Connect 0.3 (#​3276)
Patch Changes

v2.11.5

Compare Source

Patch Changes

v2.11.4

Compare Source

Patch Changes

v2.11.3

Compare Source

Patch Changes

v2.11.2

Compare Source

Patch Changes

v2.11.1

Compare Source

Patch Changes

v2.11.0

Compare Source

Minor Changes
  • Adds connect spec v0.2, available for use with Apollo Router 2.3.0 or greater. (#​3262)
Patch Changes

v2.10.4

Compare Source

Patch Changes

v2.10.3

Compare Source

Patch Changes

v2.10.2

Compare Source

Patch Changes

v2.10.1

Compare Source

Patch Changes

v2.10.0

Compare Source

Patch Changes

v2.9.5

Compare Source

Patch Changes

v2.9.4

Compare Source

Patch Changes
apollographql/router (ghcr.io/apollographql/router)

v2.8.2

Compare Source

🐛 Fixes
Support arrays in complex @key fields for entity caching (PR #​8367)

Entity caching now supports arrays (including arrays of objects and scalars) in complex @key fields when resolving entities by key. This improves entity matching when using complex @key fields as primary cache keys.

By @​aaronArinder, @​bnjjj, and @​duckki in https://github.com/apollographql/router/pull/8367

Parse scientific notation correctly in Rhai scripts (PR #​8528)

The router now correctly parses scientific notation (like 1.5e10) in Rhai scripts and JSON operations. Previously, the Rhai scripting engine failed to parse these numeric formats, causing runtime errors when your scripts processed data containing exponential notation.

This fix upgrades Rhai from 1.21.0 to 1.23.6, resolving the parsing issue and ensuring your scripts handle scientific notation seamlessly.

By @​BrynCooke in https://github.com/apollographql/router/pull/8528

Support enum types in @cacheTag directive format (PR #​8496)

Composition validation no longer raises an error when using enum types in the @cacheTag directive's format argument. Previously, only scalar types were accepted.

Example:

type Query {
  testByCountry(id: ID!, country: Country!): Test
    @&#8203;cacheTag(format: "test-{.id}-{.country}")
}

By @​bnjjj in https://github.com/apollographql/router/pull/8496

Improve debugging data with caching flag and enhanced warnings (PR #​8459)

Debugging data now includes a flag that indicates to Apollo Sandbox whether the data should be cached, preventing unnecessary local computation. This update also includes improved warnings.

By @​bnjjj in https://github.com/apollographql/router/pull/8459

Display cache tags from subgraph responses in debugger (PR #​8531)

The debugger now displays cache tags generated from subgraph responses (in extensions). For performance reasons, these generated cache tags are only displayed when the data has been cached in debug mode.

By @​bnjjj in https://github.com/apollographql/router/pull/8531

📚 Documentation
Clarify guidance for OpenTelemetry "Recommended" attributes in telemetry documentation

The router telemetry documentation now clarifies that OpenTelemetry's "Recommended" attributes from their development-status GraphQL semantic conventions are experimental and still evolving. Apollo recommends using required attributes instead of recommended attributes because of high cardinality, security, and performance risks with attributes like graphql.document.

Learn more in Router Telemetry.

By @​abernix

🧪 Experimental
Prevent panic when record/replay plugin encounters non-UTF-8 header values (PR #​8485)

The record/replay plugin no longer panics when externalizing headers with invalid UTF-8 values. Instead, the plugin writes the header keys and errors to a header_errors object for both requests and responses.

By @​rohan-b99 in https://github.com/apollographql/router/pull/8485

v2.8.1

Compare Source

🔒 Security

[!NOTE]
For more information on the impact of the fixes in this release and how your deployment might be affected or remediated, see the corresponding GitHub Security Advisory (GHSA) linked on the entries below. In both listed cases, updating to a patched Router version will resolve any vulnerabilities.

Fix authorization plugin handling of polymorphic types

Updates the auth plugin to correctly handle access control requirements when processing polymorphic types.

When querying interface types/fields, the auth plugin was verifying only whether all implementations shared the same access control requirements. In cases where interface types/fields did not specify the same access control requirements as the implementations, this could result in unauthorized access to protected data.

The auth plugin was updated to correctly verify that all polymorphic access control requirements are satisfied by the current context.

See GHSA-x33c-7c2v-mrj9 for additional details and the associated CVE number.

By [@​dariuszkuc](https://redirect.github.com/dariuszk

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - "after 8am and before 4pm on tuesday" in timezone America/Los_Angeles.

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

This PR has been generated by Renovate Bot.

@changeset-bot
Copy link

changeset-bot bot commented May 3, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: 22c8309

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions
Copy link
Contributor

github-actions bot commented May 3, 2025
edited
Loading

You can download the latest build of the extension for this PR here:
vscode-apollo-0.0.0-build-1764001731.pr-289.commit-e0eb3d7.zip.

To install the extension, download the file, unzip it and install it in VS Code by selecting "Install from VSIX..." in the Extensions view.

Alternatively, run

code --install-extension vscode-apollo-0.0.0-build-1764001731.pr-289.commit-e0eb3d7.vsix --force

from the command line.

For older builds, please see the edit history of this comment.

@svc-secops svc-secops force-pushed the renovate/apollo-graphql-packages branch from e2af702 to 808ade3 Compare May 8, 2025 13:46
@svc-secops svc-secops force-pushed the renovate/apollo-graphql-packages branch from 808ade3 to 8496bf2 Compare June 7, 2025 11:05
@svc-secops svc-secops force-pushed the renovate/apollo-graphql-packages branch 2 times, most recently from 4110dca to 7398af0 Compare June 29, 2025 11:58
@svc-secops svc-secops force-pushed the renovate/apollo-graphql-packages branch from 7398af0 to 274ceb9 Compare July 16, 2025 11:34
@svc-secops svc-secops force-pushed the renovate/apollo-graphql-packages branch 2 times, most recently from 1df153b to 5727d61 Compare August 1, 2025 14:57
@svc-secops svc-secops force-pushed the renovate/apollo-graphql-packages branch from 5727d61 to 8ca14f6 Compare August 12, 2025 15:33
@svc-secops svc-secops force-pushed the renovate/apollo-graphql-packages branch 3 times, most recently from ce1430e to f52debb Compare August 28, 2025 11:27
@svc-secops svc-secops force-pushed the renovate/apollo-graphql-packages branch 2 times, most recently from 2033424 to d45a5e8 Compare September 6, 2025 11:26
@svc-secops svc-secops force-pushed the renovate/apollo-graphql-packages branch 3 times, most recently from b0f976f to b5c1a37 Compare September 16, 2025 12:30
@svc-secops svc-secops force-pushed the renovate/apollo-graphql-packages branch 3 times, most recently from 0274d81 to b75a9a0 Compare September 24, 2025 12:45
@svc-secops svc-secops force-pushed the renovate/apollo-graphql-packages branch 3 times, most recently from 04e4aea to 1b4f1aa Compare October 4, 2025 13:42
@svc-secops svc-secops force-pushed the renovate/apollo-graphql-packages branch 2 times, most recently from 19bdd1c to 50fe276 Compare October 14, 2025 12:16
@svc-secops svc-secops force-pushed the renovate/apollo-graphql-packages branch 2 times, most recently from 9989a69 to 85da1a4 Compare November 1, 2025 18:19
@svc-secops svc-secops force-pushed the renovate/apollo-graphql-packages branch from 85da1a4 to bdcbc8e Compare November 5, 2025 15:09
@svc-secops svc-secops force-pushed the renovate/apollo-graphql-packages branch 2 times, most recently from f35bc91 to d52d026 Compare November 11, 2025 16:08
@svc-secops svc-secops force-pushed the renovate/apollo-graphql-packages branch from d52d026 to fc3bfcb Compare November 19, 2025 14:31
@svc-secops svc-secops force-pushed the renovate/apollo-graphql-packages branch from fc3bfcb to 22c8309 Compare November 24, 2025 16:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

🎄 dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@svc-secops