Update Apollo GraphQL packages to v4.13.0#53
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
db5c96d to
204444f
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
302caa6 to
4be893c
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
4be893c to
5df6324
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
ed889da to
2a2f1ab
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
2a2f1ab to
5310324
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
5310324 to
cde3135
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
cde3135 to
a236fd5
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
a236fd5 to
d09f1f5
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
2f89c64 to
fda528d
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
e1d1519 to
24d1137
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
24d1137 to
e39347c
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
e39347c to
9d047db
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
9d047db to
70b7d60
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
70b7d60 to
83feeba
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
83feeba to
88ed5e6
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
88ed5e6 to
2bb241b
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
2bb241b to
5740612
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
5740612 to
fc587e1
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
5bd7b3f to
19895c5
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
799c80f to
3bf980f
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
252f620 to
dd3abe3
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
dd3abe3 to
6bd0e82
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
6bd0e82 to
00a3a4a
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
00a3a4a to
f5615f6
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
f5615f6 to
075ce17
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
075ce17 to
6787537
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
87b14b8 to
37723a5
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
561bf9c to
1cae9c6
Compare
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
1cae9c6 to
c2856fc
Compare
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
4.11.3→4.13.0Release Notes
apollographql/apollo-server (@apollo/server)
v4.13.0Compare Source
Minor Changes
#8180⚠️ SECURITY
e9d49d1Thanks @github-actions! -@apollo/server/standalone:The default configuration of
startStandaloneServerwas vulnerable to denial of service (DoS) attacks through specially crafted request bodies with exotic character set encodings.In accordance with RFC 7159, we now only accept request bodies encoded in UTF-8, UTF-16 (LE or BE), or UTF-32 (LE or BE).
Any other character set will be rejected with a
415 Unsupported Media Typeerror.Additionally, upstream libraries used by this version of Apollo Server may not support all of these encodings, so some requests may still fail even if they pass this check.
If you were not using
startStandaloneServer, you were not affected by this vulnerability.Generally, please note that we provide
startStandaloneServeras a convenience tool for quickly getting started with Apollo Server.For production deployments, we recommend using Apollo Server with a more fully-featured web server framework such as Express, Koa, or Fastify, where you have more control over security-related configuration options.
Also please note that Apollo Server 4.x is considered EOL as of January 26, 2026, and Apollo no longer commits to providing support or updates for it. Please prioritize migrating to Apollo Server 5.x for continued support and updates.
v4.12.2Compare Source
(No change; there is a change to the
@apollo/server-integration-testsuiteused to test integrations, and the two packages always have matching versions.)v4.12.1Compare Source
Patch Changes
41f98d4Thanks @glasser! - Update README.md to recommend Express v5 integration now that Express v5 is released.v4.12.0Compare Source
Minor Changes
89e3f84Thanks @clenfest! - Adds a new graphql-js validation rule to reject operations that recursively request selections above a specified maximum, which is disabled by default. Use configuration optionmaxRecursiveSelections=trueto enable with a maximum of 10,000,000, ormaxRecursiveSelections=<number>for a custom maximum. Enabling this validation can help avoid performance issues with configured validation rules or plugins.Patch Changes
2550d9fThanks @slagiewka! - Add return after sending 400 response in doubly escaped JSON parser middlewareConfiguration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.