chore: Bump the graphql group with 8 updates

[dependabot]

Bumps the graphql group with 8 updates:

Package	Update
@apollo/client	3.7.15 to 3.7.16
@apollo/server	4.7.1 to 4.7.5
@graphql-tools/schema	9.0.19 to 10.0.0
@graphql-codegen/typed-document-node	5.0.0 to 5.0.1
@graphql-codegen/typescript-operations	3.0.4 to 4.0.1
@graphql-eslint/eslint-plugin	3.18.0 to 3.20.0
@graphql-inspector/cli	3.4.19 to 4.0.1
graphql-codegen-typescript-validation-schema	0.10.0 to 0.11.1

Updates @apollo/client from 3.7.15 to 3.7.16

Release notes

Sourced from @​apollo/client's releases.

v3.7.16

Patch Changes

• #10806 cb1540504 Thanks @​phryneas! - Fix a bug in PersistedQueryLink that would cause it to permanently skip persisted queries after a 400 or 500 status code.

• #10807 b32369592 Thanks @​phryneas! - PersistedQueryLink will now also check for error codes in extensions.

• #10982 b9be7a814 Thanks @​sdeleur-sc! - Update relayStylePagination to avoid populating startCursor when only a single cursor is present under the edges field. Use that cursor only as the endCursor.

• #10962 772cfa3cb Thanks @​jerelmiller! - Remove useGETForQueries option in BatchHttpLink.Options type since it is not supported.

Potentially breaking change in PersistedQueryLink

Previously, if the PersistedQueryLink encountered a single 400 or 500 error, it would stop sending any persisted queries in the future. This allowed you to use the link even if a server had no support for persisted queries.

We have decided to change this behavior, so now the PersistedQueryLink will only stop trying to send query hashes if the server responds with a PERSISTED_QUERY_NOT_SUPPORTED error code as it was unclear whether a 400 or 500 status code was in fact because the server did not support persisted queries.

If you relied on the previous behaviour, maybe because you were communicating with a server that might or might not support persisted queries, but would return with a different kind of error, you can use the disable option callback to override this behavior like this:

createPersistedQueryLink({
  // ... other options ...
  disable({ operation }){
    const { response } = operation.getContext();
    return (
      response &&
      response.status &&
      (response.status === 400 || response.status === 500)
    );
  }
})

Alternatively, consider removing the link entirely when your server does not support persisted queries.

Changelog

Sourced from @​apollo/client's changelog.

3.7.16

Patch Changes

• #10806 cb1540504 Thanks @​phryneas! - Fix a bug in PersistedQueryLink that would cause it to permanently skip persisted queries after a 400 or 500 status code.

• #10807 b32369592 Thanks @​phryneas! - PersistedQueryLink will now also check for error codes in extensions.

• #10982 b9be7a814 Thanks @​sdeleur-sc! - Update relayStylePagination to avoid populating startCursor when only a single cursor is present under the edges field. Use that cursor only as the endCursor.

• #10962 772cfa3cb Thanks @​jerelmiller! - Remove useGETForQueries option in BatchHttpLink.Options type since it is not supported.

Commits

• 2e59045 Version Packages (#10965)
• e9daa02 Add 3.9 to roadmap (#10996)
• cb15405 PersistedQueryLink: do not permanently skip persisted queries after a 400 o...
• f26ff2e renovate: add package groups (#10803)
• b9be7a8 Don't set startCursor in relayStylePagination when only one cursor is present...
• 05f4d6d chore: make tag name dynamic in postpublish message for prereleases (#10981)
• b323695 PersistedQueryLink: also check for extension error codes (#10807)
• 772cfa3 Remove useGETForQueries option in BatchHttpLink.Options (#10962)
• a1dac63 chore(deps): update dependency @​typescript-eslint/parser to v5.59.9 (#10946)
• 582d063 chore(deps): update dependency eslint to v8.42.0 (#10948)
• Additional commits viewable in compare view

Updates @apollo/server from 4.7.1 to 4.7.5

Release notes

Sourced from @​apollo/server's releases.

@​apollo/server-integration-testsuite@​4.7.5

Patch Changes

• Updated dependencies [4fadf3ddc]:
  • @​apollo/cache-control-types@​1.0.3
  • @​apollo/server@​4.7.5
  • @​apollo/usage-reporting-protobuf@​4.1.1

@​apollo/server@​4.7.5

Patch Changes

• #7614 4fadf3ddc Thanks @​Cellule! - Publish TypeScript typings for CommonJS modules output.

  This allows TypeScript projects that use CommonJS modules with moduleResolution: "node16" or moduleResolution: "nodeNext" to correctly resolves the typings of apollo's packages as CommonJS instead of ESM.

• Updated dependencies [4fadf3ddc]:

  • @​apollo/cache-control-types@​1.0.3
  • @​apollo/server-gateway-interface@​1.1.1
  • @​apollo/usage-reporting-protobuf@​4.1.1

@​apollo/server-integration-testsuite@​4.7.4

Patch Changes

• #7604 aeb511c7d Thanks @​renovate! - Update graphql-http dependency

• 0adaf80d1 Thanks @​trevor-scheer! - Address Content Security Policy issues

  The previous implementation of CSP nonces within the landing pages did not take full advantage of the security benefit of using them. Nonces should only be used once per request, whereas Apollo Server was generating one nonce and reusing it for the lifetime of the instance. The reuse of nonces degrades the security benefit of using them but does not pose a security risk on its own. The CSP provides a defense-in-depth measure against a potential XSS, so in the absence of a known XSS vulnerability there is likely no risk to the user.

  The mentioned fix also coincidentally addresses an issue with using crypto functions on startup within Cloudflare Workers. Crypto functions are now called during requests only, which resolves the error that Cloudflare Workers were facing. A recent change introduced a precomputedNonce configuration option to mitigate this issue, but it was an incorrect approach given the nature of CSP nonces. This configuration option is now deprecated and should not be used for any reason since it suffers from the previously mentioned issue of reusing nonces.

  Additionally, this change adds other applicable CSPs for the scripts, styles, images, manifest, and iframes that the landing pages load.

  A final consequence of this change is an extension of the renderLandingPage plugin hook. This hook can now return an object with an html property which returns a Promise<string> in addition to a string (which was the only option before).

• Updated dependencies [0adaf80d1]:

  • @​apollo/server@​4.7.4

@​apollo/server@​4.7.4

Patch Changes

• 0adaf80d1 Thanks @​trevor-scheer! - Address Content Security Policy issues

  The previous implementation of CSP nonces within the landing pages did not take full advantage of the security benefit of using them. Nonces should only be used once per request, whereas Apollo Server was generating one nonce and reusing it for the lifetime of the instance. The reuse of nonces degrades the security benefit of using them but does not pose a security risk on its own. The CSP provides a defense-in-depth measure against a potential XSS, so in the absence of a known XSS vulnerability there is likely no risk to the user.

  The mentioned fix also coincidentally addresses an issue with using crypto functions on startup within Cloudflare Workers. Crypto functions are now called during requests only, which resolves the error that Cloudflare Workers were facing. A recent change introduced a precomputedNonce configuration option to mitigate this issue, but it was an incorrect approach given the nature of CSP nonces. This configuration option is now deprecated and should not be used for any reason since it suffers from the previously mentioned issue of reusing nonces.

... (truncated)

Changelog

Sourced from @​apollo/server's changelog.

4.7.5

Patch Changes

• #7614 4fadf3ddc Thanks @​Cellule! - Publish TypeScript typings for CommonJS modules output.

  This allows TypeScript projects that use CommonJS modules with moduleResolution: "node16" or moduleResolution: "nodeNext" to correctly resolves the typings of apollo's packages as CommonJS instead of ESM.

• Updated dependencies [4fadf3ddc]:

  • @​apollo/cache-control-types@​1.0.3
  • @​apollo/server-gateway-interface@​1.1.1
  • @​apollo/usage-reporting-protobuf@​4.1.1

4.7.4

Patch Changes

• 0adaf80d1 Thanks @​trevor-scheer! - Address Content Security Policy issues

  The previous implementation of CSP nonces within the landing pages did not take full advantage of the security benefit of using them. Nonces should only be used once per request, whereas Apollo Server was generating one nonce and reusing it for the lifetime of the instance. The reuse of nonces degrades the security benefit of using them but does not pose a security risk on its own. The CSP provides a defense-in-depth measure against a potential XSS, so in the absence of a known XSS vulnerability there is likely no risk to the user.

  The mentioned fix also coincidentally addresses an issue with using crypto functions on startup within Cloudflare Workers. Crypto functions are now called during requests only, which resolves the error that Cloudflare Workers were facing. A recent change introduced a precomputedNonce configuration option to mitigate this issue, but it was an incorrect approach given the nature of CSP nonces. This configuration option is now deprecated and should not be used for any reason since it suffers from the previously mentioned issue of reusing nonces.

  Additionally, this change adds other applicable CSPs for the scripts, styles, images, manifest, and iframes that the landing pages load.

  A final consequence of this change is an extension of the renderLandingPage plugin hook. This hook can now return an object with an html property which returns a Promise<string> in addition to a string (which was the only option before).

4.7.3

Patch Changes

• #7601 75b668d9e Thanks @​trevor-scheer! - Provide a new configuration option for landing page plugins precomputedNonce which allows users to provide a nonce and avoid calling into uuid functions on startup. This is useful for Cloudflare Workers where random number generation is not available on startup (only during requests). Unless you are using Cloudflare Workers, you can ignore this change.

  The example below assumes you've provided a PRECOMPUTED_NONCE variable in your wrangler.toml file.

  Example usage:

  const server = new ApolloServer({
    // ...
    plugins: [
      ApolloServerPluginLandingPageLocalDefault({
        precomputedNonce: PRECOMPUTED_NONCE,
      }),
    ],
  });

... (truncated)

Commits

• 65a8ac8 Version Packages (#7620)
• 4fadf3d Publish CommonJS Typescript Types (#7614)
• 4dd276a Version Packages (#7609)
• 0adaf80 Merge pull request from GHSA-68jh-rf6x-836f
• 2f4b034 Version Packages (#7602)
• 75b668d Allow landing page to be configured with a precomputed nonce (fix for CF work...
• 51b79ac Version Packages (#7600)
• c3f04d0 Update @apollo/utils.usagereporting dependency (#7599)
• 0233a2d Update codegen types and enforce keeping types up-to-date (#7580)
• See full diff in compare view

Updates @graphql-tools/schema from 9.0.19 to 10.0.0

Changelog

Sourced from @​graphql-tools/schema's changelog.

10.0.0

Major Changes

• #5274 944a68e8 Thanks @​ardatan! - Drop Node 14 support. Require Node.js >= 16

Patch Changes

• Updated dependencies [944a68e8, 944a68e8]:
  • @​graphql-tools/merge@​9.0.0
  • @​graphql-tools/utils@​10.0.0

Commits

• 6a1206a Upcoming Release Changes (#5267)
• 11c99d1 chore(deps): update all non-major dependencies (#5283)
• 944a68e Drop Node 14 & remove deprecated stuff as breaking changes (#5274)
• See full diff in compare view

Updates @graphql-codegen/typed-document-node from 5.0.0 to 5.0.1

Release notes

Sourced from @​graphql-codegen/typed-document-node's releases.

Release 2022-08-04T13:12:01.667Z

@​graphql-codegen/graphql-modules-preset@​2.5.0

Minor Changes

• #6796 8b6e8e664 Thanks @​kamilkisiela! - Introduce requireRootResolvers flag

Release 2022-08-04T13:05:23.977Z

No release notes provided.

Release 2022-08-04T13:02:57.827Z

No release notes provided.

Changelog

Sourced from @​graphql-codegen/typed-document-node's changelog.

5.0.1

Patch Changes

• Updated dependencies [2276708d0]:
  • @​graphql-codegen/visitor-plugin-common@​4.0.1

Commits

• a509268 Upcoming Release Changes (#9501)
• See full diff in compare view

Updates @graphql-codegen/typescript-operations from 3.0.4 to 4.0.1

Release notes

Sourced from @​graphql-codegen/typescript-operations's releases.

Release 2022-08-04T13:12:01.667Z

@​graphql-codegen/graphql-modules-preset@​2.5.0

Minor Changes

• #6796 8b6e8e664 Thanks @​kamilkisiela! - Introduce requireRootResolvers flag

Release 2022-08-04T13:05:23.977Z

No release notes provided.

Release 2022-08-04T13:02:57.827Z

No release notes provided.

@​graphql-codegen/typescript-react-query@​4.0.0

Major Changes

• 5c7592b4d: Introduces breaking changes to support react-query@4.0.0:

  • react query package is now @tanstack/react-query -> import changes
  • introduced a legacyMode flag (false by default)

  /!\ If you are using the 'react-query' package or react-query < 4, please set the legacyMode option to true. /!\

@​graphql-codegen/typescript-urql@​3.6.3

Patch Changes

• ab66ba104: Add useQuery argument generic type

@​graphql-codegen/typescript-react-query@​3.6.2

Patch Changes

• Updated dependencies [2cbcbb371]
  • @​graphql-codegen/visitor-plugin-common@​2.12.0
  • @​graphql-codegen/plugin-helpers@​2.6.0

@​graphql-codegen/typescript-urql@​3.6.2

Patch Changes

• Updated dependencies [2cbcbb371]
  • @​graphql-codegen/visitor-plugin-common@​2.12.0
  • @​graphql-codegen/plugin-helpers@​2.6.0

@​graphql-codegen/typescript-react-apollo@​3.3.2

Patch Changes

• Updated dependencies [2cbcbb371]
  • @​graphql-codegen/visitor-plugin-common@​2.12.0
  • @​graphql-codegen/plugin-helpers@​2.6.0

@​graphql-codegen/typescript-vue-apollo@​3.3.2

... (truncated)

Changelog

Sourced from @​graphql-codegen/typescript-operations's changelog.

4.0.1

Patch Changes

• #9497 2276708d0 Thanks @​eddeee888! - Revert default ID scalar input type to string

  We changed the ID Scalar input type from string to string | number in the latest major version of typescript plugin. This causes issues for server plugins (e.g. typescript-resolvers) that depends on typescript plugin. This is because the scalar type needs to be manually inverted on setup which is confusing.

• Updated dependencies [2276708d0]:

  • @​graphql-codegen/visitor-plugin-common@​4.0.1
  • @​graphql-codegen/typescript@​4.0.1

4.0.0

Major Changes

• #9375 ba84a3a27 Thanks @​eddeee888! - Implement Scalars with input/output types

  In GraphQL, Scalar types can be different for client and server. For example, given the native GraphQL ID:

  • A client may send string or number in the input
  • A client receives string in its selection set (i.e output)
  • A server receives string in the resolver (GraphQL parses string or number received from the client to string)
  • A server may return string or number (GraphQL serializes the value to string before sending it to the client )

  Currently, we represent every Scalar with only one type. This is what codegen generates as base type:

  export type Scalars = {
    ID: string;
  };

  Then, this is used in both input and output type e.g.

  export type Book = {
    __typename?: 'Book';
    id: Scalars['ID']; // Output's ID can be `string` 👍
  };
  export type QueryBookArgs = {
  id: Scalars['ID']; // Input's ID can be string or number. However, the type is only string here 👎
  };

  This PR extends each Scalar to have input and output:

  export type Scalars = {

... (truncated)

Commits

• a509268 Upcoming Release Changes (#9501)
• 2276708 Revert default ID scalar input type to string (#9497)
• 5c7b3b3 Upcoming Release Changes (#9355)
• e1dc75f Added support for enumSuffix (#9304)
• ba84a3a Update typescript, typescript-operations and typescript-resolvers plugins Sca...
• 5950f5a fix: Don't generate invalid type names with mergeFragmentTypes (#9369)
• 3848a2b Add @defer directive support (#9196)
• See full diff in compare view

Updates @graphql-eslint/eslint-plugin from 3.18.0 to 3.20.0

Commits

• 99bdd63 Upcoming Release Changes (#1732)
• 018b2da bundle with tsup to strip out development code, check with bob (#1729)
• c96ced1 chore(deps): update dependency svelte to v4.0.3 (#1731)
• 8701588 fix(deps): update dependency next to v13.4.8 (#1730)
• 0abf8ea chore(deps): update dependency svelte to v4.0.2 (#1728)
• 50e853c chore(deps): lock file maintenance (#1727)
• 819c046 prettify
• 9905ab1 Create FUNDING.yml
• 964fb2f Upcoming Release Changes (#1726)
• 5f3f1a5 fix Parsing error: Cannot read properties of undefined (reading '0') eslint...
• Additional commits viewable in compare view

Updates @graphql-inspector/cli from 3.4.19 to 4.0.1

Changelog

Sourced from @​graphql-inspector/cli's changelog.

4.0.1

Patch Changes

• Updated dependencies [e448617f, 733fec4a, e448617f, 733fec4a]:
  • @​graphql-inspector/commands@​4.0.1
  • @​graphql-inspector/loaders@​4.0.1
  • @​graphql-inspector/audit-command@​4.0.1
  • @​graphql-inspector/coverage-command@​5.0.1
  • @​graphql-inspector/diff-command@​4.0.1
  • @​graphql-inspector/docs-command@​4.0.1
  • @​graphql-inspector/introspect-command@​4.0.1
  • @​graphql-inspector/serve-command@​4.0.1
  • @​graphql-inspector/similar-command@​4.0.1
  • @​graphql-inspector/validate-command@​4.0.1

4.0.0

Major Changes

• #2510 7944118e Thanks @​TuvalSimha! - Update major dependcies & drop node 14

Patch Changes

• #2484 81a1b57e Thanks @​renovate! - dependencies updates:

  • Updated dependency @babel/core@7.21.8 ↗︎ (from 7.21.5, in dependencies)

• #2510 7944118e Thanks @​TuvalSimha! - dependencies updates:

  • Updated dependency @babel/core@7.22.1 ↗︎ (from 7.21.8, in dependencies)
  • Updated dependency tslib@2.5.3 ↗︎ (from 2.5.0, in dependencies)

• Updated dependencies [7944118e, f4b2b1dd, 7944118e, 7944118e, 7944118e,

... (truncated)

Commits

• ca4d628 chore(release): update monorepo packages versions (#2551)
• ebe3e2f chore(release): update monorepo packages versions (#2508)
• 7944118 Update all dependencies, drop support for Node 14 (#2510)
• 3fbb246 fix
• 3675467 more
• 81a1b57 chore(deps): update dependency @​babel/core to v7.21.8 (#2484)
• See full diff in compare view

Updates graphql-codegen-typescript-validation-schema from 0.10.0 to 0.11.1

Release notes

Sourced from graphql-codegen-typescript-validation-schema's releases.

v0.11.1

What's Changed

• fixed documents for useTypeImports by @​Code-Hex in Code-Hex/graphql-codegen-typescript-validation-schema#393
• fixed #394 by @​Code-Hex in Code-Hex/graphql-codegen-typescript-validation-schema#395

Full Changelog: Code-Hex/graphql-codegen-typescript-validation-schema@v0.11.0...v0.11.1

v0.11.0

What's Changed

• add useTypeImports config by @​Toanzzz in Code-Hex/graphql-codegen-typescript-validation-schema#377
• Update typescript-eslint monorepo to v5.59.8 by @​renovate in Code-Hex/graphql-codegen-typescript-validation-schema#378
• Update dependency @​types/jest to v29.5.2 by @​renovate in Code-Hex/graphql-codegen-typescript-validation-schema#379
• Update dependency @​graphql-codegen/cli to v4.0.1 by @​renovate in Code-Hex/graphql-codegen-typescript-validation-schema#380
• Update dependency typescript to v5.1.3 by @​renovate in Code-Hex/graphql-codegen-typescript-validation-schema#381
• Update dependency eslint to v8.42.0 by @​renovate in Code-Hex/graphql-codegen-typescript-validation-schema#383
• Update typescript-eslint monorepo to v5.59.9 by @​renovate in Code-Hex/graphql-codegen-typescript-validation-schema#385
• Update dependency @​graphql-tools/utils to v10.0.1 by @​renovate in Code-Hex/graphql-codegen-typescript-validation-schema#387
• feat: add validationSchemaExportType to config w/ resolve deps by @​Code-Hex in Code-Hex/graphql-codegen-typescript-validation-schema#389
• added simple-import-sort by @​Code-Hex in Code-Hex/graphql-codegen-typescript-validation-schema#390
• fix #386 by @​Code-Hex in Code-Hex/graphql-codegen-typescript-validation-schema#391
• fixed documents for validationSchemaExportType by @​Code-Hex in Code-Hex/graphql-codegen-typescript-validation-schema#392

New Contributors

• @​Toanzzz made their first contribution in Code-Hex/graphql-codegen-typescript-validation-schema#377

Full Changelog: Code-Hex/graphql-codegen-typescript-validation-schema@v0.10.0...v0.11.0

Commits

• 5f5c589 v0.11.1
• 25370e3 Merge pull request #395 from Code-Hex/fix/394
• e80fd49 fixed #394
• a838cf4 Merge pull request #393 from Code-Hex/fix/documents-useTypeImports
• 871dc44 fixed documents for useTypeImports
• 623a5bd v0.11.0
• 453d8e5 Merge pull request #392 from Code-Hex/fix/documents
• ea3d975 fixed documents for validationSchemaExportType
• 3fd4ed6 Merge pull request #391 from Code-Hex/fix/386
• dcb20dc fixed tests for refactoring
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

[github-actions]

Deployed d565a8c to https://gentle-forest-03418aa03-2112.westeurope.3.azurestaticapps.net