Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade @apollo/client from 3.1.1 to 3.8.4 #1675

Open
wants to merge 1 commit into
base: canary
Choose a base branch
from

Conversation

NOUIY
Copy link
Owner

@NOUIY NOUIY commented Oct 11, 2023

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to upgrade @apollo/client from 3.1.1 to 3.8.4.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 274 versions ahead of your current version.
  • The recommended version was released 22 days ago, on 2023-09-19.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Information Exposure
SNYK-JS-APOLLOCLIENT-1085706
479/1000
Why? Has a fix available, CVSS 5.3
No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: @apollo/client
  • 3.8.4 - 2023-09-19

    Patch Changes

    • #11195 9e59b251d Thanks @ phryneas! - For invariant.log etc., error arguments are now serialized correctly in the link to the error page.
  • 3.8.3 - 2023-09-05

    Patch Changes

  • 3.8.2 - 2023-09-01

    Patch Changes

    • #10072 51045c336 Thanks @ Huulivoide! - Fixes race conditions in useReactiveVar that may prevent updates to the reactive variable from propagating through the hook.

    • #11162 d9685f53c Thanks @ jerelmiller! - Ensures GraphQL errors returned in subscription payloads adhere to the errorPolicy set in client.subscribe(...) calls.

    • #11134 96492e142 Thanks @ alessbell! - Use separate type imports in useSuspenseQuery and useBackgroundQuery to workaround SWC compiler issue.

    • #11117 6b8198109 Thanks @ phryneas! - Adds a new devtools registration mechanism and tweaks the mechanism behind the
      "devtools not found" mechanic.

    • #11186 f1d429f32 Thanks @ jerelmiller! - Fix an issue where race conditions when rapidly switching between variables would sometimes result in the wrong data returned from the query. Specifically this occurs when a query is triggered with an initial set of variables (VariablesA), then triggers the same query with another set of variables (VariablesB) but switches back to the VariablesA before the response for VariablesB is returned. Previously this would result in the data for VariablesB to be displayed while VariablesA was active. The data is for VariablesA is now properly returned.

    • #11163 a8a9e11e9 Thanks @ bignimbus! - Fix typo in error message: "occured" -> "occurred"

    • #11180 7d9c481e5 Thanks @ jerelmiller! - Fixes an issue where refetching from useBackgroundQuery via refetch with an error after an error was already fetched would get stuck in a loading state.

  • 3.8.1 - 2023-08-10

    Patch Changes

    • #11141 c469b1616 Thanks @ jerelmiller! - Remove newly exported response iterator helpers that caused problems on some installs where @ types/node was not available.

      IMPORTANT

      The following exports were added in version 3.8.0 that are removed with this patch.

      • isAsyncIterableIterator
      • isBlob
      • isNodeReadableStream
      • isNodeResponse
      • isReadableStream
      • isStreamableBlob
  • 3.8.0 - 2023-08-07
    Read more
  • 3.8.0-rc.2 - 2023-08-01

    3.8.0-rc.2

    Minor Changes

    • #11112 b4aefcfe9 Thanks @ jerelmiller! - Adds support for a skipToken sentinel that can be used as options in useSuspenseQuery and useBackgroundQuery to skip execution of a query. This works identically to the skip option but is more type-safe and as such, becomes the recommended way to skip query execution. As such, the skip option has been deprecated in favor of skipToken.

      We are considering the removal of the skip option from useSuspenseQuery and useBackgroundQuery in the next major. We are releasing with it now to make migration from useQuery easier and make skipToken more discoverable.

      import { skipToken } from "@ apollo/client";

      const id: number | undefined;

      const { data } = useSuspenseQuery(
      query,
      id ? { variables: { id } } : skipToken
      );

      Breaking change

      Previously useBackgroundQuery would always return a queryRef whenever query execution was skipped. This behavior been updated to return a queryRef only when query execution is enabled. If initializing the hook with it skipped, queryRef is now returned as undefined.

      To migrate, conditionally render the component that accepts the queryRef as props.

      Before

      function Parent() {
      const [queryRef] = useBackgroundQuery(query, skip ? skipToken : undefined);
      // ^? QueryReference<TData | undefined>

      return <Child queryRef={queryRef} />;
      }

      function Child({
      queryRef,
      }: {
      queryRef: QueryReference<TData | undefined>;
      }) {
      const { data } = useReadQuery(queryRef);
      }

      After

      function Parent() {
      const [queryRef] = useBackgroundQuery(query, skip ? skipToken : undefined);
      // ^? QueryReference<TData> | undefined

      return queryRef ? <Child queryRef={queryRef} /> : null;
      }

      function Child({ queryRef }: { queryRef: QueryReference<TData> }) {
      const { data } = useReadQuery(queryRef);
      }

    Patch Changes

    • #11086 0264fee06 Thanks @ jerelmiller! - Fix an issue where a call to refetch, fetchMore, or changing skip to false that returned a result deeply equal to data in the cache would get stuck in a pending state and never resolve.

    • #11115 78739e3ef Thanks @ phryneas! - Enforce export type for all type-level exports.

    • #11103 e3d611daf Thanks @ caylahamann! - Fixes a bug in useMutation so that onError is called when an error is returned from the request with errorPolicy set to 'all' .

    • #11083 f766e8305 Thanks @ phryneas! - Adjust the rerender timing of useQuery to more closely align with useFragment. This means that cache updates delivered to both hooks should trigger renders at relatively the same time. Previously, the useFragment might rerender much faster leading to some confusion.

    • #11082 0f1cde3a2 Thanks @ phryneas! - Restore Apollo Client 3.7 getApolloContext behaviour

  • 3.8.0-rc.1 - 2023-07-17

    3.8.0-rc.1

    Patch Changes

    • #11071 4473e925a Thanks @ jerelmiller! - #10509 introduced some helpers for determining the type of operation for a GraphQL query. This imported the OperationTypeNode from graphql-js which is not available in GraphQL 14. To maintain compatibility with graphql-js v14, this has been reverted to use plain strings.
  • 3.8.0-rc.0 - 2023-07-13

    3.8.0-rc.0

    Minor Changes

    • #11058 89bf33c42 Thanks @ phryneas! - (Batch)HttpLink: Propagate AbortErrors to the user when a user-provided signal is passed to the link. Previously, these links would swallow all AbortErrors, potentially causing queries and mutations to never resolve. As a result of this change, users are now expected to handle AbortErrors when passing in a user-provided signal.

    • #11040 125ef5b2a Thanks @ phryneas! - HttpLink/BatchHttpLink: Abort the AbortController signal more granularly.
      Before this change, when HttpLink/BatchHttpLink created an AbortController
      internally, the signal would always be .aborted after the request was completed. This could cause issues with Sentry Session Replay and Next.js App Router Cache invalidations, which just replayed the fetch with the same options - including the cancelled AbortSignal.

      With this change, the AbortController will only be .abort()ed by outside events,
      not as a consequence of the request completing.

    Patch Changes

    • #11053 c0ca70720 Thanks @ phryneas! - Add SuspenseCache as a lazy hidden property on ApolloClient.
      This means that SuspenseCache is now an implementation details of Apollo Client
      and you no longer need to manually instantiate it and no longer need to pass it
      into ApolloProvider.
      Trying to instantiate a SuspenseCache instance in your code will now throw an
      error.

      Migration:

      -import { SuspenseCache } from '@ apollo/client';

      -const suspenseCache = new SuspenseCache();

      -<ApolloProvider client={client} suspenseCache={suspenseCache} />;
      +<ApolloProvider client={client} />;

  • 3.8.0-beta.7 - 2023-07-10
    Read more
  • 3.8.0-beta.6 - 2023-07-05

    3.8.0-beta.6

    Patch Changes

    • #11027 e47cfd04e Thanks @ phryneas! - Prevents the DevTool installation warning to be turned into a documentation link.

    • #11013 5ed2cfdaf Thanks @ alessbell! - Make private fields inFlightLinkObservables and fetchCancelFns protected in QueryManager in order to make types available in @ apollo/experimental-nextjs-app-support package when extending the ApolloClient class.

    • #11032 6a4da900a Thanks @ jerelmiller! - Throw errors in useSuspenseQuery for errors returned in incremental chunks when errorPolicy is none. This provides a more consistent behavior of the errorPolicy in the hook.

      Potentially breaking change

      Previously, if you issued a query with @ defer and relied on errorPolicy: 'none' to set the error property returned from useSuspenseQuery when the error was returned in an incremental chunk, this error is now thrown. Switch the errorPolicy to all to avoid throwing the error and instead return it in the error property.

    • #11025 6092b6edf Thanks @ jerelmiller! - useSuspenseQuery and useBackgroundQuery will now properly apply changes to its options between renders.

  • 3.8.0-beta.5 - 2023-06-28
  • 3.8.0-beta.4 - 2023-06-20
  • 3.8.0-beta.3 - 2023-06-15
  • 3.8.0-beta.2 - 2023-06-07
  • 3.8.0-beta.1 - 2023-05-31
  • 3.8.0-beta.0 - 2023-05-26
  • 3.8.0-alpha.15 - 2023-05-17
  • 3.8.0-alpha.14 - 2023-05-16
  • 3.8.0-alpha.13 - 2023-05-03
  • 3.8.0-alpha.12 - 2023-04-13
  • 3.8.0-alpha.11 - 2023-03-28
  • 3.8.0-alpha.10 - 2023-03-17
  • 3.8.0-alpha.9 - 2023-03-15
  • 3.8.0-alpha.8 - 2023-03-02
  • 3.8.0-alpha.7 - 2023-02-15
  • 3.8.0-alpha.6 - 2023-02-07
  • 3.8.0-alpha.5 - 2023-01-19
  • 3.8.0-alpha.4 - 2023-01-13
  • 3.8.0-alpha.3 - 2023-01-03
  • 3.8.0-alpha.2 - 2022-12-21
  • 3.8.0-alpha.1 - 2022-12-21
  • 3.8.0-alpha.0 - 2022-12-09
  • 3.7.17 - 2023-07-05
  • 3.7.16 - 2023-06-20
  • 3.7.15 - 2023-05-26
  • 3.7.14 - 2023-05-03
  • 3.7.13 - 2023-04-27
  • 3.7.12 - 2023-04-12
  • 3.7.11 - 2023-03-31
  • 3.7.10 - 2023-03-02
  • 3.7.9 - 2023-02-17
  • 3.7.8 - 2023-02-15
  • 3.7.7 - 2023-02-03
  • 3.7.6 - 2023-01-31
  • 3.7.5 - 2023-01-24
  • 3.7.4 - 2023-01-13
  • 3.7.3 - 2022-12-15
  • 3.7.2 - 2022-12-06
  • 3.7.1 - 2022-10-20
  • 3.7.0 - 2022-09-30
  • 3.7.0-rc.0 - 2022-09-21
  • 3.7.0-beta.8 - 2022-09-21
  • 3.7.0-beta.7 - 2022-09-08
  • 3.7.0-beta.6 - 2022-06-27
  • 3.7.0-beta.5 - 2022-06-10
  • 3.7.0-beta.4 - 2022-06-10
  • 3.7.0-beta.3 - 2022-06-07
  • 3.7.0-beta.2 - 2022-06-07
  • 3.7.0-beta.1 - 2022-05-26
  • 3.7.0-beta.0 - 2022-05-25
  • 3.7.0-alpha.6 - 2022-05-19
  • 3.7.0-alpha.5 - 2022-05-16
  • 3.7.0-alpha.4 - 2022-05-13
  • 3.7.0-alpha.3 - 2022-05-09
  • 3.7.0-alpha.2 - 2022-05-03
  • 3.7.0-alpha.1 - 2022-05-03
  • 3.7.0-alpha.0 - 2022-04-27
  • 3.6.10 - 2022-09-29
  • 3.6.9 - 2022-06-21
  • 3.6.8 - 2022-06-10
  • 3.6.7 - 2022-06-10
  • 3.6.6 - 2022-05-26
  • 3.6.5 - 2022-05-23
  • 3.6.4 - 2022-05-16
  • 3.6.3 - 2022-05-05
  • 3.6.2 - 2022-05-03
  • 3.6.1 - 2022-04-28
  • 3.6.0 - 2022-04-26
  • 3.6.0-rc.1 - 2022-04-19
  • 3.6.0-rc.0 - 2022-04-18
  • 3.6.0-beta.13 - 2022-04-14
  • 3.6.0-beta.12 - 2022-04-11
  • 3.6.0-beta.11 - 2022-04-05
  • 3.6.0-beta.10 - 2022-03-29
  • 3.6.0-beta.9 - 2022-03-10
  • 3.6.0-beta.8 - 2022-03-10
  • 3.6.0-beta.7 - 2022-03-10
  • 3.6.0-beta.6 - 2022-02-15
  • 3.6.0-beta.5 - 2022-02-04
  • 3.6.0-beta.4 - 2022-02-03
  • 3.6.0-beta.3 - 2021-11-23
  • 3.6.0-beta.2 - 2021-11-22
  • 3.6.0-beta.1 - 2021-11-16
  • 3.6.0-beta.0 - 2021-11-16
  • 3.5.10 - 2022-02-24
  • 3.5.9 - 2022-02-15
  • 3.5.8 - 2022-01-24
  • 3.5.7 - 2022-01-10
  • 3.5.6 - 2021-12-07
  • 3.5.5 - 2021-11-23
  • 3.5.4 - 2021-11-19
  • 3.5.3 - 2021-11-17
  • 3.5.2 - 2021-11-10
  • 3.5.1 - 2021-11-09
  • 3.5.0 - 2021-11-08
  • 3.5.0-rc.3 - 2021-11-03
  • 3.5.0-rc.2 - 2021-10-22
  • 3.5.0-rc.1 - 2021-10-04
  • 3.5.0-rc.0 - 2021-10-04
  • 3.5.0-beta.18 - 2021-10-01
  • 3.5.0-beta.17 - 2021-09-27
  • 3.5.0-beta.16 - 2021-09-20
  • 3.5.0-beta.15 - 2021-09-17
  • 3.5.0-beta.14 - 2021-09-17
  • 3.5.0-beta.13 - 2021-09-13
  • 3.5.0-beta.12 - 2021-09-10
  • 3.5.0-beta.11 - 2021-08-30
  • 3.5.0-beta.10 - 2021-08-30
  • 3.5.0-beta.9 - 2021-08-26
  • 3.5.0-beta.8 - 2021-08-24
  • 3.5.0-beta.7 - 2021-08-23
  • 3.5.0-beta.6 - 2021-08-18
  • 3.5.0-beta.5 - 2021-08-09
  • 3.5.0-beta.4 - 2021-08-04
  • 3.5.0-beta.3 - 2021-08-03
  • 3.5.0-beta.2 - 2021-08-02
  • 3.5.0-beta.1 - 2021-07-29
  • 3.5.0-beta.0 - 2021-07-28
  • 3.4.17 - 2021-11-08
  • 3.4.16 - 2021-10-04
  • 3.4.15 - 2021-09-27
  • 3.4.14 - 2021-09-27
  • 3.4.13 - 2021-09-20
  • 3.4.12 - 2021-09-17
  • 3.4.11 - 2021-09-10
  • 3.4.10 - 2021-08-27
  • 3.4.9 - 2021-08-24
  • 3.4.8 - 2021-08-16
  • 3.4.7 - 2021-08-09
  • 3.4.6 - 2021-08-09
  • 3.4.5 - 2021-08-04
  • 3.4.4 - 2021-08-03
  • 3.4.3 - 2021-08-02
  • 3.4.2 - 2021-08-02
  • 3.4.1 - 2021-07-29
  • 3.4.0 - 2021-07-28
  • 3.4.0-rc.23 - 2021-07-23
  • 3.4.0-rc.22 - 2021-07-22
  • 3.4.0-rc.21 - 2021-07-19
  • 3.4.0-rc.20 - 2021-07-15
  • 3.4.0-rc.19 - 2021-07-12
  • 3.4.0-rc.18 - 2021-07-09
  • 3.4.0-rc.17 - 2021-07-06
  • 3.4.0-rc.16 - 2021-07-06
  • 3.4.0-rc.15 - 2021-06-28
  • 3.4.0-rc.14 - 2021-06-24
  • 3.4.0-rc.13 - 2021-06-23
  • 3.4.0-rc.12 - 2021-06-22
  • 3.4.0-rc.11 - 2021-06-17
  • 3.4.0-rc.10 - 2021-06-16
  • 3.4.0-rc.9 - 2021-06-16
  • 3.4.0-rc.8 - 2021-06-16
  • 3.4.0-rc.7 - 2021-06-15
  • 3.4.0-rc.6 - 2021-06-08
  • 3.4.0-rc.5 - 2021-06-07
  • 3.4.0-rc.4 - 2021-06-04
  • 3.4.0-rc.3 - 2021-06-02
  • 3.4.0-rc.2 - 2021-05-26
  • 3.4.0-rc.1 - 2021-05-25
  • 3.4.0-rc.0 - 2021-05-19
  • 3.4.0-beta.28 - 2021-05-19
  • 3.4.0-beta.27 - 2021-05-18
  • 3.4.0-beta.26 - 2021-05-12
  • 3.4.0-beta.25 - 2021-05-11
  • 3.4.0-beta.24 - 2021-05-05
  • 3.4.0-beta.23 - 2021-04-13
  • 3.4.0-beta.22 - 2021-04-10
  • 3.4.0-beta.21 - 2021-04-07
  • 3.4.0-beta.20 - 2021-04-05
  • 3.4.0-beta.19 - 2021-03-26
  • 3.4.0-beta.18 - 2021-03-26
  • 3.4.0-beta.17 - 2021-03-25
  • 3.4.0-beta.16 - 2021-03-24
  • 3.4.0-beta.15 - 2021-03-17
  • 3.4.0-beta.14 - 2021-03-15
  • 3.4.0-beta.13 - 2021-03-11
  • 3.4.0-beta.12 - 2021-03-03
  • 3.4.0-beta.11 - 2021-02-14
  • 3.4.0-beta.10 - 2021-02-09
  • 3.4.0-beta.9 - 2021-02-09
  • 3.4.0-beta.8 - 2021-02-05
  • 3.4.0-beta.7 - 2021-02-04
  • 3.4.0-beta.6 - 2021-01-29
  • 3.4.0-beta.5 - 2021-01-29
  • 3.4.0-beta.4 - 2020-12-16
  • 3.4.0-beta.3 - 2020-12-12
  • 3.4.0-beta.2 - 2020-12-04
  • 3.4.0-beta.1 - 2020-12-03
  • 3.4.0-beta.0 - 2020-12-01
  • 3.3.21 - 2021-07-06
  • 3.3.20 - 2021-06-08
  • 3.3.19 - 2021-05-18
  • 3.3.18 - 2021-05-13
  • 3.3.17 - 2021-05-11
  • 3.3.16 - 2021-04-30
  • 3.3.15 - 2021-04-13
  • 3.3.14 - 2021-04-05
  • 3.3.13 - 2021-03-24
  • 3.3.12 - 2021-03-15
  • 3.3.11 - 2021-02-15
  • 3.3.10 - 2021-02-14
  • 3.3.9 - 2021-02-09
  • 3.3.8 - 2021-02-05
  • 3.3.7 - 2021-01-14
  • 3.3.6 - 2020-12-11
  • 3.3.5 - 2020-12-10
  • 3.3.4 - 2020-12-04
  • 3.3.3 - 2020-12-02
  • 3.3.2 - 2020-12-01
  • 3.3.1 - 2020-11-24
  • 3.3.0 - 2020-11-24
  • 3.3.0-rc.5 - 2020-11-24
  • 3.3.0-rc.4 - 2020-11-22
  • 3.3.0-rc.3 - 2020-11-20
  • 3.3.0-rc.2 - 2020-11-18
  • 3.3.0-rc.1 - 2020-11-17
  • 3.3.0-rc.0 - 2020-11-04
  • 3.3.0-beta.17 - 2020-11-02
  • 3.3.0-beta.16 - 2020-10-27
  • 3.3.0-beta.15 - 2020-10-26
  • 3.3.0-beta.14 - 2020-10-19
  • 3.3.0-beta.13 - 2020-10-16
  • 3.3.0-beta.12 - 2020-10-13
  • 3.3.0-beta.11 - 2020-10-10
  • 3.3.0-beta.10 - 2020-10-02
  • 3.3.0-beta.9 - 2020-10-01
  • 3.3.0-beta.8 - 2020-10-01
  • 3.3.0-beta.7 - 2020-09-30
  • 3.3.0-beta.6 - 2020-09-28
  • 3.3.0-beta.5 - 2020-09-25
  • 3.3.0-beta.4 - 2020-09-25
  • 3.3.0-beta.3 - 2020-09-24
  • 3.3.0-beta.2 - 2020-09-23
  • 3.3.0-beta.1 - 2020-09-17
  • 3.3.0-beta.0 - 2020-09-14
  • 3.2.9 - 2020-11-24
  • 3.2.8 - 2020-11-24
  • 3.2.7 - 2020-11-17
  • 3.2.6 - 2020-11-16
  • 3.2.5 - 2020-10-19
  • 3.2.4 - 2020-10-13
  • 3.2.3 - 2020-10-10
  • 3.2.2 - 2020-10-01
  • 3.2.1 - 2020-09-23
  • 3.2.0 - 2020-09-14
  • 3.2.0-rc.0 - 2020-09-11
  • 3.2.0-beta.12 - 2020-09-10
  • 3.2.0-beta.11 - 2020-09-10
  • 3.2.0-beta.10 - 2020-09-08
  • 3.2.0-beta.9 - 2020-08-28
  • 3.2.0-beta.8 - 2020-08-28
  • 3.2.0-beta.7 - 2020-08-27
  • 3.2.0-beta.6 - 2020-08-25
  • 3.2.0-beta.5 - 2020-08-25
  • 3.2.0-beta.4 - 2020-08-20
  • 3.2.0-beta.3 - 2020-08-18
  • 3.2.0-beta.2 - 2020-08-10
  • 3.2.0-beta.1 - 2020-08-06
  • 3.2.0-beta.0 - 2020-08-04
  • 3.1.5 - 2020-09-09
  • 3.1.4 - 2020-08-27
  • 3.1.3 - 2020-08-06
  • 3.1.2 - 2020-08-03
  • 3.1.2-pre.0 - 2020-07-31
  • 3.1.1 - 2020-07-29
from @apollo/client GitHub release notes

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants