Skip to content

libms-npm: bump @apollo/server from 4.11.0 to 4.12.2 in /servers/lib #1263

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: dependabot-merge
Choose a base branch
from
Open

libms-npm: bump @apollo/server from 4.11.0 to 4.12.2 in /servers/lib #1263

wants to merge 1 commit into from
+32 −94

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 8, 2025

Bumps @apollo/server from 4.11.0 to 4.12.2.

Release notes

Sourced from @​apollo/server's releases.

@​apollo/server-integration-testsuite@​4.12.2

Patch Changes

  • #8070 0dee3c9 Thanks @​glasser! - Provide dual-build CJS and ESM for @apollo/server-integration-testsuite.

    We previously provided only a CJS build of this package, unlike @apollo/server itself and the other helper packages that come with it. We may make all of Apollo Server ESM-only in AS5; this is a step in that direction. Specifically, only providing this package for CJS makes it challenging to run the tests in ts-jest in some ESM-only setups, because the copy of @apollo/server fetched directly in your ESM-based test may differ from the copy fetched indirectly via @apollo/server-integration-testsuite, causing the "lockstep versioning" test to fail.

  • Updated dependencies:

    • @​apollo/server@​4.12.2

@​apollo/server@​4.12.2

(No change; there is a change to the @apollo/server-integration-testsuite used to test integrations, and the two packages always have matching versions.)

@​apollo/server-integration-testsuite@​4.12.2-alpha.0

Patch Changes

  • #8070 0dee3c9 Thanks @​glasser! - Provide dual-build CJS and ESM for @apollo/server-integration-testsuite.

    We previously provided only a CJS build of this package, unlike @apollo/server itself and the other helper packages that come with it. We may make all of Apollo Server ESM-only in AS5; this is a step in that direction. Specifically, only providing this package for CJS makes it challenging to run the tests in ts-jest in some ESM-only setups, because the copy of @apollo/server fetched directly in your ESM-based test may differ from the copy fetched indirectly via @apollo/server-integration-testsuite, causing the "lockstep versioning" test to fail.

  • Updated dependencies []:

    • @​apollo/server@​4.12.2-alpha.0

@​apollo/server@​4.12.2-alpha.0

No release notes provided.

@​apollo/server-integration-testsuite@​4.12.1

Patch Changes

  • Updated dependencies [41f98d4]:
    • @​apollo/server@​4.12.1

@​apollo/server@​4.12.1

Patch Changes

  • #8064 41f98d4 Thanks @​glasser! - Update README.md to recommend Express v5 integration now that Express v5 is released.

... (truncated)

Changelog

Sourced from @​apollo/server's changelog.

4.12.2

(No change; there is a change to the @apollo/server-integration-testsuite used to test integrations, and the two packages always have matching versions.)

4.12.1

Patch Changes

  • #8064 41f98d4 Thanks @​glasser! - Update README.md to recommend Express v5 integration now that Express v5 is released.

4.12.0

Minor Changes

  • #8054 89e3f84 Thanks @​clenfest! - Adds a new graphql-js validation rule to reject operations that recursively request selections above a specified maximum, which is disabled by default. Use configuration option maxRecursiveSelections=true to enable with a maximum of 10,000,000, or maxRecursiveSelections=<number> for a custom maximum. Enabling this validation can help avoid performance issues with configured validation rules or plugins.

Patch Changes

4.11.3

Patch Changes

4.11.2

(No change; there is a change to the @apollo/server-integration-testsuite used to test integrations, and the two packages always have matching versions.)

4.11.1

Patch Changes

  • #7952 bb81b2c Thanks @​glasser! - Upgrade dependencies so that automated scans don't detect a vulnerability.

    @apollo/server depends on express which depends on cookie. Versions of express older than v4.21.1 depend on a version of cookie vulnerable to CVE-2024-47764. Users of older express versions who call res.cookie() or res.clearCookie() may be vulnerable to this issue.

    However, Apollo Server does not call this function directly, and it does not expose any object to user code that allows TypeScript users to call this function without an unsafe cast.

    The only way that this direct dependency can cause a vulnerability for users of Apollo Server is if you call startStandaloneServer with a context function that calls Express-specific methods such as res.cookie() or res.clearCookies() on the response object, which is a violation of the TypeScript types provided by startStandaloneServer (which only promise that the response object is a core Node.js http.ServerResponse rather than the Express-specific subclass). So this vulnerability can only affect Apollo Server users who use unsafe JavaScript or unsafe as typecasts in TypeScript.

    However, this upgrade will at least prevent vulnerability scanners from alerting you to this dependency, and we encourage all Express users to upgrade their project's own express dependency to v4.21.1 or newer.

Commits
  • 492a7b4 Version Packages (#8072)
  • b477de2 Version Packages (alpha) (#8071)
  • 079a973 Version Packages (#8065)
  • 41f98d4 docs: support Express v5, recommend new separate Express packages (#8064)
  • 047357a Switch from Volta to Mise for installing dependencies (#8058)
  • 8c6579e Version Packages (#8047)
  • 89e3f84 Add optional validation to reject operations with many recursive selections (...
  • 9dd92ee Merge pull request #8031 from slagiewka/migration_middleware_return
  • c25b78b Update @apollo-server README with 2025 Summit Dates (#8042)
  • b3712f7 docs(migration): return after sending 400
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
libms-npm: bump @apollo/server from 4.11.0 to 4.12.2 in /servers/lib
35213d3 
Bumps [@apollo/server](https://github.com/apollographql/apollo-server/tree/HEAD/packages/server) from 4.11.0 to 4.12.2.
- [Release notes](https://github.com/apollographql/apollo-server/releases)
- [Changelog](https://github.com/apollographql/apollo-server/blob/main/packages/server/CHANGELOG.md)
- [Commits](https://github.com/apollographql/apollo-server/commits/@apollo/server@4.12.2/packages/server)

---
updated-dependencies:
- dependency-name: "@apollo/server"
  dependency-version: 4.12.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jun 8, 2025

Assignees

The following users could not be added as assignees: octocat. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jun 8, 2025

The reviewers field in the dependabot.yml file will be removed soon. Please use the code owners file to specify reviewers for Dependabot PRs. For more information, see this blog post.

@dependabot dependabot bot requested a review from prasadtalasila June 8, 2025 05:40
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Jun 8, 2025
@dependabot dependabot bot mentioned this pull request Jun 8, 2025
Closed
@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Jun 8, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@codecov Codecov
Copy link

codecov bot commented Jun 8, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 2.95%. Comparing base (4e17864) to head (35213d3).

❗ There is a different number of reports uploaded between BASE (4e17864) and HEAD (35213d3). Click for more details.

HEAD has 4 uploads less than BASE
Flag BASE (4e17864) HEAD (35213d3)
client-unit-integration-tests 4 0
Additional details and impacted files 
@@                 Coverage Diff                  @@
##           dependabot-merge   #1263       +/-   ##
====================================================
- Coverage             86.47%   2.95%   -83.52%     
====================================================
  Files                   106      15       -91     
  Lines                  2669     169     -2500     
  Branches                409       9      -400     
====================================================
- Hits                   2308       5     -2303     
+ Misses                  358     164      -194     
+ Partials                  3       0        -3

see 91 files with indirect coverage changes

Components Coverage Δ
Website ∅ <ø> (∅)
Lib Microservice 2.95% <ø> (ø)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prasadtalasila prasadtalasila Awaiting requested review from prasadtalasila

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants