Skip to content

Comments

fix(deps): update apollo graphql packages#353

Open
renovate[bot] wants to merge 1 commit intomainfrom
renovate/apollo-graphql-packages
Open

fix(deps): update apollo graphql packages#353
renovate[bot] wants to merge 1 commit intomainfrom
renovate/apollo-graphql-packages

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Jul 24, 2023
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@apollo/gateway (source) 2.10.12.13.1 age confidence
apollo-server (source) 3.9.03.13.0 age confidence
apollo-server-express (source) 3.9.03.13.0 age confidence
apollo-server-plugin-response-cache (source) 3.6.13.8.2 age confidence

Release Notes

apollographql/federation (@​apollo/gateway)

v2.13.1

Compare Source

Patch Changes

  • Allow bumping make-fetch-happen dependency to v15. (#​3374)

    This change allows users to upgrade make-fetch-happen to v15, which in turn will allow updating the cacache dependency from v17 to v20, dropping the tar v6 dependency that is marked as vulnerable.

    The only breaking changes in make-fetch-happen from v11 to v15 are removals of support for old end-of-life Node.js versions.

    There is only one note from the 12.0.0 release of make-fetch-happen that might be of interest when considering the upgrade:

    this changes the underlying http agents to those provided by @​npmcli/agent. Backwards compatibility should be fully implemented but due to the scope of this change it was made a breaking change out of an abundance of caution.

    As a result, it should be possible for most users to upgrade from v11 to v15 without any issues.

    We still keep the dependency to v11 as an alternative for people that cannot upgrade to v15 for some reason. This will be removed in a future version of @apollo/gateway.

    Even for users that stay on v11, there should not be any immediate danger. While cacache had tar v6 as a dependency, it actually never used it. It seems that that dependency had become unused at some point but was never removed. So users on make-fetch-happen v11 are not actually affected by the vulnerability in tar v6.

    The dependency might hold the tar package required by other packages back, though. In case an update from v11 to v15 is not possible, users should consider to use the resolution override feature of their package manager to force the dependency from cacache to tar to either be removed or updated to a newer version. As cacache does not actually use tar, this should not cause any issues.

  • Updated dependencies []:

v2.13.0

Compare Source

Minor Changes
  • Drop Node.js 14/16 support, require Node.js 18+ (#​3364)
Patch Changes

v2.12.2

Compare Source

Patch Changes

v2.12.1

Compare Source

Patch Changes

v2.12.0

Compare Source

Minor Changes
  • Federation 2.12 and Connect 0.3 (#​3276)
Patch Changes

v2.11.5

Compare Source

Patch Changes

v2.11.4

Compare Source

Patch Changes

v2.11.3

Compare Source

Patch Changes

v2.11.2

Compare Source

Patch Changes

v2.11.1

Compare Source

Patch Changes

v2.11.0

Compare Source

Minor Changes
  • Adds connect spec v0.2, available for use with Apollo Router 2.3.0 or greater. (#​3262)
Patch Changes

v2.10.4

Compare Source

Patch Changes

v2.10.3

Compare Source

Patch Changes

v2.10.2

Compare Source

Patch Changes
apollographql/apollo-server (apollo-server)

v3.13.0

Compare Source

v3.12.1

Compare Source

v3.12.0

Compare Source

v3.11.1

Compare Source

v3.11.0

Compare Source

v3.10.4

Compare Source

v3.10.3

Compare Source

v3.10.2

Compare Source

v3.10.1

Compare Source

v3.10.0

Compare Source

apollographql/apollo-server (apollo-server-express)

v3.13.0

Compare Source

v3.12.1

Compare Source

v3.12.0

Compare Source

v3.11.1

Compare Source

v3.11.0

Compare Source

v3.10.4

Compare Source

v3.10.3

Compare Source

v3.10.2

Compare Source

v3.10.1

Compare Source

v3.10.0

Compare Source

apollographql/apollo-server (apollo-server-plugin-response-cache)

v3.8.2

Compare Source

v3.8.1

Compare Source

v3.8.0

Compare Source

v3.7.1

Compare Source

v3.7.0

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from a team as a code owner July 24, 2023 08:18
@renovate renovate bot requested review from bassrock and efixler and removed request for a team July 24, 2023 08:19
@renovate renovate bot added the dependencies Pull requests that update a dependency file label Jul 24, 2023
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 3 times, most recently from 1c11fdb to 9f41f68 Compare July 25, 2023 03:55
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 4 times, most recently from c9cb0d9 to b1eff80 Compare August 9, 2023 22:28
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 4 times, most recently from b4d316b to 42fd35a Compare August 25, 2023 22:42
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 2 times, most recently from 30b8555 to 3446370 Compare September 1, 2023 18:13
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from 3446370 to 5daf10f Compare September 19, 2023 21:28
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from 5daf10f to feb0147 Compare October 1, 2023 23:06
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from feb0147 to af17ceb Compare October 14, 2023 21:13
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 2 times, most recently from 66a83be to 4adf963 Compare November 18, 2023 00:29
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 2 times, most recently from c994896 to 9017f61 Compare November 29, 2023 06:40
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from 9017f61 to 4c90bee Compare December 12, 2023 22:47
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from 4c90bee to 6209724 Compare January 12, 2024 16:48
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 2 times, most recently from 34ddfdb to 7ec89dd Compare January 25, 2024 17:59
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from 7ec89dd to ea8f921 Compare February 20, 2024 20:08
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from e5ea4b0 to 0d4106d Compare July 26, 2024 20:10
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 2 times, most recently from 8216021 to fbdddfb Compare August 28, 2024 18:58
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from fbdddfb to 27ae7aa Compare September 4, 2024 04:27
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from 27ae7aa to 731e4e5 Compare September 19, 2024 02:03
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 2 times, most recently from 40521f4 to 47031eb Compare October 3, 2024 17:27
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from 47031eb to 51dd026 Compare October 17, 2024 09:15
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 3 times, most recently from 5a1e048 to 1b201d7 Compare February 20, 2025 22:19
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 2 times, most recently from 3d26522 to 2068a07 Compare April 14, 2025 14:18
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from 2068a07 to 49ddbe9 Compare April 15, 2025 21:15
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from 49ddbe9 to 3ec1ee0 Compare June 4, 2025 19:51
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 2 times, most recently from 8729894 to e92959e Compare June 26, 2025 20:58
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from e92959e to 11b6c09 Compare September 25, 2025 17:10
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from 11b6c09 to 3337db5 Compare October 10, 2025 19:09
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from 3337db5 to 5695d23 Compare October 21, 2025 21:18
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from 5695d23 to 94ae8a8 Compare November 5, 2025 18:39
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 2 times, most recently from a73a02c to 00c744e Compare November 18, 2025 23:05
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 2 times, most recently from 4e3fecf to 4f14e9b Compare December 10, 2025 04:14
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 3 times, most recently from b1824a8 to 89cf992 Compare January 22, 2026 06:12
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from 89cf992 to b983b9b Compare February 20, 2026 22:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@efixler efixler Awaiting requested review from efixler efixler is a code owner automatically assigned from Pocket/backend

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants