[Snyk] Upgrade @apollo/client from 3.7.7 to 3.13.8

[nejidevelops]

Snyk has created this PR to upgrade @apollo/client from 3.7.7 to 3.13.8.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 125 versions ahead of your current version.

• The recommended version was released a month ago.

Release notes

Package name: @apollo/client

• 3.13.8 - 2025-04-17
  

  Patch Changes

  • #12567 c19d415 Thanks @ thearchitector! - Fix in-flight multipart urql subscription cancellation
• 3.13.7 - 2025-04-10
  

  Patch Changes

  • #12540 0098932 Thanks @ phryneas! - Refactor: Move notification scheduling logic from QueryInfo to ObservableQuery

  • #12540 0098932 Thanks @ phryneas! - Refactored cache emit logic for ObservableQuery. This should be an invisible change.

• 3.13.6 - 2025-04-04
  

  Patch Changes

  • #12285 cdc55ff Thanks @ phryneas! - keep ObservableQuery created by useQuery non-active before it is first subscribed
• 3.13.5 - 2025-03-20
• 3.13.4 - 2025-03-10
• 3.13.3 - 2025-03-07
• 3.13.2 - 2025-03-06
• 3.13.1 - 2025-02-14
• 3.13.0 - 2025-02-13
• 3.13.0-rc.0 - 2025-02-07
• 3.12.11 - 2025-02-07
• 3.12.10 - 2025-02-06
• 3.12.9 - 2025-02-03
• 3.12.8 - 2025-01-27
• 3.12.7 - 2025-01-22
• 3.12.6 - 2025-01-14
• 3.12.5 - 2025-01-09
• 3.12.4 - 2024-12-19
• 3.12.3 - 2024-12-12
• 3.12.2 - 2024-12-05
• 3.12.1 - 2024-12-05
• 3.12.0 - 2024-12-04
• 3.12.0-rc.4 - 2024-11-27
• 3.12.0-rc.3 - 2024-11-20
• 3.12.0-rc.2 - 2024-11-19
• 3.12.0-rc.1 - 2024-11-15
• 3.12.0-rc.0 - 2024-11-13
• 3.12.0-alpha.0 - 2024-10-01
• 3.11.11-rc.0 - 2024-11-13
• 3.11.10 - 2024-11-11
• 3.11.9 - 2024-11-07
• 3.11.8 - 2024-09-05
• 3.11.7 - 2024-09-04
• 3.11.6 - 2024-09-03
• 3.11.5 - 2024-08-28
• 3.11.4 - 2024-08-07
• 3.11.3 - 2024-08-05
• 3.11.2 - 2024-07-31
• 3.11.1 - 2024-07-23
• 3.11.0 - 2024-07-22
• 3.11.0-rc.2 - 2024-07-15
• 3.11.0-rc.1 - 2024-07-10
• 3.11.0-rc.0 - 2024-07-09
• 3.10.8 - 2024-06-27
• 3.10.7 - 2024-06-26
• 3.10.6 - 2024-06-21
• 3.10.5 - 2024-06-12
• 3.10.4 - 2024-05-15
• 3.10.3 - 2024-05-07
• 3.10.2 - 2024-05-03
• 3.10.1 - 2024-04-24
• 3.10.0 - 2024-04-24
• 3.10.0-rc.1 - 2024-04-15
• 3.10.0-rc.0 - 2024-04-02
• 3.10.0-alpha.1 - 2024-03-18
• 3.9.11 - 2024-04-10
• 3.9.10 - 2024-04-01
• 3.9.9 - 2024-03-22
• 3.9.8 - 2024-03-20
• 3.9.7 - 2024-03-13
• 3.9.6 - 2024-03-06
• 3.9.5 - 2024-02-15
• 3.9.4 - 2024-02-07
• 3.9.3 - 2024-02-06
• 3.9.2 - 2024-02-01
• 3.9.1 - 2024-01-31
• 3.9.0 - 2024-01-30
• 3.9.0-rc.1 - 2024-01-18
• 3.9.0-rc.0 - 2024-01-17
• 3.9.0-beta.1 - 2023-12-21
• 3.9.0-beta.0 - 2023-12-18
• 3.9.0-alpha.5 - 2023-12-05
• 3.9.0-alpha.4 - 2023-11-08
• 3.9.0-alpha.3 - 2023-11-02
• 3.9.0-alpha.2 - 2023-10-11
• 3.9.0-alpha.1 - 2023-09-21
• 3.9.0-alpha.0 - 2023-09-19
• 3.8.10 - 2024-01-18
• 3.8.9 - 2024-01-09
• 3.8.8 - 2023-11-29
• 3.8.7 - 2023-11-02
• 3.8.6 - 2023-10-16
• 3.8.5 - 2023-10-05
• 3.8.4 - 2023-09-19
• 3.8.3 - 2023-09-05
• 3.8.2 - 2023-09-01
• 3.8.1 - 2023-08-10
• 3.8.0 - 2023-08-07
• 3.8.0-rc.2 - 2023-08-01
• 3.8.0-rc.1 - 2023-07-17
• 3.8.0-rc.0 - 2023-07-13
• 3.8.0-beta.7 - 2023-07-10
• 3.8.0-beta.6 - 2023-07-05
• 3.8.0-beta.5 - 2023-06-28
• 3.8.0-beta.4 - 2023-06-20
• 3.8.0-beta.3 - 2023-06-15
• 3.8.0-beta.2 - 2023-06-07
• 3.8.0-beta.1 - 2023-05-31
• 3.8.0-beta.0 - 2023-05-26
• 3.8.0-alpha.15 - 2023-05-17
• 3.8.0-alpha.14 - 2023-05-16
• 3.8.0-alpha.13 - 2023-05-03
• 3.8.0-alpha.12 - 2023-04-13
• 3.8.0-alpha.11 - 2023-03-28
• 3.8.0-alpha.10 - 2023-03-17
• 3.8.0-alpha.9 - 2023-03-15
• 3.8.0-alpha.8 - 2023-03-02
• 3.8.0-alpha.7 - 2023-02-15
• 3.8.0-alpha.6 - 2023-02-07
• 3.8.0-alpha.5 - 2023-01-19
• 3.8.0-alpha.4 - 2023-01-13
• 3.8.0-alpha.3 - 2023-01-03
• 3.8.0-alpha.2 - 2022-12-21
• 3.8.0-alpha.1 - 2022-12-21
• 3.8.0-alpha.0 - 2022-12-09
• 3.7.17 - 2023-07-05
• 3.7.16 - 2023-06-20
• 3.7.15 - 2023-05-26
• 3.7.14 - 2023-05-03
• 3.7.13 - 2023-04-27
• 3.7.12 - 2023-04-12
• 3.7.11 - 2023-03-31
• 3.7.10 - 2023-03-02
• 3.7.9 - 2023-02-17
• 3.7.8 - 2023-02-15
• 3.7.7 - 2023-02-03

from @apollo/client GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[gemini-code-assist]

Hello @nejidevelops, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

Summary of Changes

Hello team, gemini-code-assist here to provide a summary of this pull request. This PR, automatically generated by Snyk, aims to upgrade the @apollo/client dependency from version 3.7.7 to 3.13.8. This is a significant version jump, covering 125 versions according to the Snyk description, and includes numerous changes and fixes in the Apollo Client library itself, as detailed in the provided release notes. The primary goal is to keep dependencies up-to-date, which helps in managing existing vulnerabilities and quickly addressing new ones.

Highlights

• Dependency Upgrade: The core change is the upgrade of the @apollo/client package from version 3.7.7 to 3.13.8.
• Automated PR: This pull request was automatically created by Snyk to propose the dependency update.
• Sub-dependency Updates: The upgrade of @apollo/client necessitates updates to several of its internal dependencies, including @wry/context, @wry/equality, @wry/trie, and optimism, and introduces new ones like @wry/caches and rehackt.

Changelog

Click here to see the changelog

• package-lock.json
  • Updated @apollo/client version from 3.7.7 to 3.13.8 (lines 840-842).
  • Updated @wry/context version from 0.7.0 to 0.7.4 (lines 6475-6477).
  • Updated @wry/equality version from 0.5.3 to 0.5.7 (lines 6483-6485).
  • Updated @wry/trie version from 0.3.2 to 0.5.0 (lines 6491-6493).
  • Updated optimism version from 0.16.2 to 0.18.1 and updated its dependencies (lines 13405-13413).
  • Added @wry/caches dependency (lines 6466-6472).
  • Added rehackt dependency (lines 14907-14911).
  • Added lru_map dependency (lines 12170-12174).
  • Removed response-iterator dependency (lines 14957-14961).
  • Moved string_decoder dependency entry (lines 15553-15559 and 15540-15547).
  • Marked various @esbuild optional dependencies as dev: true (e.g., lines 8692, 8699, 8706, etc.).
• package.json
  • Updated @apollo/client dependency range from ^3.7.7 to ^3.13.8 (line 29).

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point in your pull request via creating an issue comment (i.e. comment on the pull request page) using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in issue comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist is currently in preview and may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments to provide feedback.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

---

Dependency bumps,
A hundred versions leap,
Lock file changes,
New code to keep.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request, automatically generated by Snyk, proposes a significant upgrade for the @apollo/client package from version ^3.7.7 to ^3.13.8. While keeping dependencies up-to-date is crucial for security and functionality, there's a critical concern regarding the target version specified in this PR.

Summary of Findings

• Suspect Target Version and Release Date for @apollo/client: The PR targets @apollo/client v3.13.8, but the Snyk-provided metadata indicates a release date of 2025-04-17. This future date is highly unusual and raises concerns about the version's validity, stability, and suitability for the project. This needs to be verified before proceeding.
• Necessity of Thorough Testing for Large Version Jump: Should the target version 3.13.8 be validated as correct and stable, the upgrade from v3.7.7 represents a jump of 125 versions. Such a significant change requires comprehensive testing of all Apollo Client functionalities (including queries, mutations, caching, and custom configurations) to identify and address any potential regressions or behavioral changes.

Merge Readiness

This pull request should not be merged in its current state due to the critical concern regarding the validity and release date of the target @apollo/client version (3.13.8 allegedly released on 2025-04-17).

It's essential to first verify if this version is correct, stable, and intended for use. If the version information is incorrect, this PR may need to be closed and a new one generated with a verified stable version, or this PR should be manually corrected.

If, against current public information, version 3.13.8 is confirmed as valid and appropriate, the substantial version jump still mandates extensive testing to ensure no regressions are introduced.

I am unable to approve this PR. Please investigate the versioning issue and ensure thorough testing before considering this for merge.

[gemini-code-assist]

This PR proposes upgrading @apollo/client from ^3.7.7 to ^3.13.8. The PR description and Snyk metadata list the release date for version 3.13.8 as 2025-04-17. This future release date is a significant concern and needs immediate clarification.

Could you please verify the following:

1. Is 3.13.8 the correct and stable version intended for this upgrade? Publicly available information (e.g., npmjs.com) as of May 2024 suggests that stable versions are around 3.9.x or 3.10.x release candidates.
2. What is the actual release date and stability status of version 3.13.8?

Upgrading to a potentially non-existent, misdated, or unstable pre-release version could introduce significant risks to the application's stability and security.

If this version is indeed valid (e.g., from a specific, trusted release channel not yet public on npmjs.com), please ensure it's appropriate for your project's stability requirements. Even if validated, the substantial version jump (125 versions according to the PR description) necessitates thorough testing across all application areas that utilize Apollo Client. This includes, but is not limited to, queries, mutations, caching behavior, and any custom links or configurations.