chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates #14

dependabot · 2024-04-04T15:16:46Z

Bumps the npm_and_yarn group with 8 updates in the / directory:

Package	From	To
graphql	`16.6.0`	`16.8.1`
@apollo/server	`4.4.1`	`4.9.3`
@babel/traverse	`7.20.13`	`7.24.1`
axios	`1.3.0`	`1.6.8`
ip	`1.1.8`	`1.1.9`
semver	`5.7.1`	`5.7.2`
undici	`5.18.0`	`5.28.4`
word-wrap	`1.2.3`	`1.2.5`

Bumps the npm_and_yarn group with 1 update in the /packages/apollo directory: @apollo/server.

Updates graphql from 16.6.0 to 16.8.1

Release notes

Sourced from graphql's releases.

v16.8.1 (2023-09-19)

Bug Fix 🐞

#3967 OverlappingFieldsCanBeMergedRule: Fix performance degradation (@AaronMoat)

Committers: 1

Aaron Moat(@AaronMoat)

v16.8.0 (2023-08-14)

New Feature 🚀

#3950 Support fourfold nested lists (@gschulze)

Committers: 1

Gunnar Schulze(@gschulze)

v16.7.1 (2023-06-22)

📢 Big shout out to @phryneas, who managed to reproduce this issue and come up with this fix.

Bug Fix 🐞

#3923 instanceOf: workaround bundler issue with process.env (@IvanGoncharov)

Committers: 1

Ivan Goncharov(@IvanGoncharov)

v16.7.0 (2023-06-21)

New Feature 🚀

#3887 check "globalThis.process" before accessing it (@kettanaito)

Bug Fix 🐞

#3707 Fix crash in node when mixing sync/async resolvers (backport of #3706) (@chrskrchr)

#3838 Fix/invalid error propagation custom scalars (backport for 16.x.x) (@stenreijers)

Committers: 3

Artem Zakharchenko(@kettanaito)

Chris Karcher(@chrskrchr)

Sten Reijers(@stenreijers)

Commits

8a95335 16.8.1
8f4c64e OverlappingFieldsCanBeMergedRule: Fix performance degradation (#3967)
e4f759d 16.8.0
bec1b49 Support fourfold nested lists (#3950)
bf6a9f0 16.7.1
a08aaee instanceOf: workaround bundler issue with process.env (#3923)
1519fda 16.7.0
84bb146 check "globalThis.process" before accessing it (#3887)
076972e Fix/invalid error propagation custom scalars (backport for 16.x.x) (#3838)
4a82557 Fix crash in node when mixing sync/async resolvers (backport of #3706) (#3707)
See full diff in compare view

Updates @apollo/server from 4.4.1 to 4.9.3

Release notes

Sourced from @apollo/server's releases.

@apollo/server-integration-testsuite@4.9.3

Patch Changes

Updated dependencies [a1c725eaf]:

@apollo/server@4.9.3

@apollo/server@4.9.3

Patch Changes

a1c725eaf Thanks @trevor-scheer! - Ensure API keys are valid header values on startup

Apollo Server previously performed no sanitization or validation of API keys on startup. In the case that an API key was provided which contained characters that are invalid as header values, Apollo Server could inadvertently log the API key in cleartext.

This only affected users who:

Provide an API key with characters that are invalid as header values

Use either schema or usage reporting

Use the default fetcher provided by Apollo Server or configure their own node-fetch fetcher

Apollo Server now trims whitespace from API keys and validates that they are valid header values. If an invalid API key is provided, Apollo Server will throw an error on startup.

For more details, see the security advisory: GHSA-j5g3-5c8r-7qfx

@apollo/server-integration-testsuite@4.9.2

Patch Changes

Updated dependencies [62e7d940d]:

@apollo/server@4.9.2

@apollo/server@4.9.2

Patch Changes

#7699 62e7d940d Thanks @trevor-scheer! - Fix error path attachment for list items

Previously, when errors occurred while resolving a list item, the trace builder would fail to place the error at the correct path and just default to the root node with a warning message:

Could not find node with path x.y.1, defaulting to put errors on root node.

This change places these errors at their correct paths and removes the log.

@apollo/server-integration-testsuite@4.9.1

Patch Changes

Updated dependencies [ebfde0007]:

@apollo/server@4.9.1

@apollo/server@4.9.1

Patch Changes

... (truncated)

Changelog

Sourced from @apollo/server's changelog.

4.9.3

Patch Changes

a1c725eaf Thanks @trevor-scheer! - Ensure API keys are valid header values on startup

Apollo Server previously performed no sanitization or validation of API keys on startup. In the case that an API key was provided which contained characters that are invalid as header values, Apollo Server could inadvertently log the API key in cleartext.

This only affected users who:

Provide an API key with characters that are invalid as header values

Use either schema or usage reporting

Use the default fetcher provided by Apollo Server or configure their own node-fetch fetcher

Apollo Server now trims whitespace from API keys and validates that they are valid header values. If an invalid API key is provided, Apollo Server will throw an error on startup.

For more details, see the security advisory: GHSA-j5g3-5c8r-7qfx

4.9.2

Patch Changes

#7699 62e7d940d Thanks @trevor-scheer! - Fix error path attachment for list items

Previously, when errors occurred while resolving a list item, the trace builder would fail to place the error at the correct path and just default to the root node with a warning message:

Could not find node with path x.y.1, defaulting to put errors on root node.

This change places these errors at their correct paths and removes the log.

4.9.1

Patch Changes

#7672 ebfde0007 Thanks @trevor-scheer! - Add missing nonce on script tag for non-embedded landing page

4.9.0

Minor Changes
#7617 4ff81ca50 Thanks @trevor-scheer! - Introduce new ApolloServerPluginSubscriptionCallback plugin. This plugin implements the subscription callback protocol which is used by Apollo Router. This feature implements subscriptions over HTTP via a callback URL which Apollo Router registers with Apollo Server. This feature is currently in preview and is subject to change.

You can enable callback subscriptions like so:
import { ApolloServerPluginSubscriptionCallback } from "@apollo/server/plugin/subscriptionCallback";
import { ApolloServer } from "@apollo/server";
const server = new ApolloServer({

... (truncated)

Commits

a9d288a Version Packages (#7712)
2c8106c Merge pull request from GHSA-j5g3-5c8r-7qfx
d6ce603 create README for technical details of landing pages (#7671)
e8c00a7 Version Packages (#7702)
62b941a chore(deps): update all non-major dependencies (#7693)
62e7d94 Fix trace placement for errors occurring in lists (#7699)
b72485a chore: update documentation to include install commands for typescript (#7691)
a48e8e0 Version Packages (#7673)
ebfde00 Add missing nonce to script tag (#7672)
1235611 Version Packages (#7661)
Additional commits viewable in compare view

Updates @babel/traverse from 7.20.13 to 7.24.1

Release notes

Sourced from @babel/traverse's releases.

v7.24.1 (2024-03-19)

🐛 Bug Fix

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#16350 Fix decorated class computed keys ordering (@JLHwung)

#16344 Fix decorated class static field private access (@JLHwung)

babel-plugin-proposal-decorators, babel-plugin-proposal-json-modules, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env

#16329 Respect moduleName for @babel/runtime/regenerator imports (@nicolo-ribaudo)

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties

#16331 Fix decorator memoiser binding kind (@JLHwung)

babel-helper-create-class-features-plugin, babel-helper-replace-supers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties

#16325 Fix decorator evaluation private environment (@JLHwung)

📝 Documentation

#16319 Update SECURITY.md (@nicolo-ribaudo)

🏠 Internal

babel-code-frame, babel-highlight

#16359 Replace chalk with picocolors (@nicolo-ribaudo)

babel-helper-fixtures, babel-helpers, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-unicode-sets-regex, babel-preset-env, babel-preset-flow

#16352 Run Babel transform tests on old node if possible (@JLHwung)

babel-helper-module-imports, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-plugin-proposal-record-and-tuple, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx

#16349 Support merging imports in import injector (@nicolo-ribaudo)

Other

#16332 Test Babel 7 plugins compatibility with Babel 8 core (@nicolo-ribaudo)

🔬 Output optimization

babel-helper-replace-supers, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-parameters, babel-plugin-transform-runtime

#16345 Optimize the use of assertThisInitialized after super() (@liuxingbaoyu)

babel-plugin-transform-class-properties, babel-plugin-transform-classes

#16343 Use simpler assertThisInitialized more often (@liuxingbaoyu)

babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-object-rest-spread, babel-traverse

#16342 Consider well-known and registered symbols as literals (@nicolo-ribaudo)

babel-core, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-function-bind, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-plugin-transform-function-name, babel-plugin-transform-modules-systemjs, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx, babel-plugin-transform-runtime, babel-plugin-transform-spread, babel-plugin-transform-typescript, babel-preset-env

#16326 Reduce the use of class names (@liuxingbaoyu)

Committers: 4

Babel Bot (@babel-bot)

Huáng Jùnliàng (@JLHwung)

Nicolò Ribaudo (@nicolo-ribaudo)

@liuxingbaoyu

v7.24.0 (2024-02-28)

Thanks @ajihyf for your first PR!

Release post with summary and highlights: https://babeljs.io/7.24.0

🚀 New Feature

babel-standalone

... (truncated)

Changelog

Sourced from @babel/traverse's changelog.

v7.24.1 (2024-03-19)

🐛 Bug Fix

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators

#16350 Fix decorated class computed keys ordering (@JLHwung)

#16344 Fix decorated class static field private access (@JLHwung)

babel-plugin-proposal-decorators, babel-plugin-proposal-json-modules, babel-plugin-transform-async-generator-functions, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env

#16329 Respect moduleName for @babel/runtime/regenerator imports (@nicolo-ribaudo)

babel-helper-create-class-features-plugin, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-class-properties

#16331 Fix decorator memoiser binding kind (@JLHwung)

babel-helper-create-class-features-plugin, babel-helper-replace-supers, babel-plugin-proposal-decorators, babel-plugin-transform-class-properties

#16325 Fix decorator evaluation private environment (@JLHwung)

📝 Documentation

#16319 Update SECURITY.md (@nicolo-ribaudo)

🏠 Internal

babel-code-frame, babel-highlight

#16359 Replace chalk with picocolors (@nicolo-ribaudo)

babel-helper-fixtures, babel-helpers, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-proposal-pipeline-operator, babel-plugin-transform-unicode-sets-regex, babel-preset-env, babel-preset-flow

#16352 Run Babel transform tests on old node if possible (@JLHwung)

babel-helpers, babel-plugin-transform-async-generator-functions, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-regenerator, babel-plugin-transform-runtime, babel-preset-env, babel-runtime-corejs3, babel-runtime, babel-standalone

#16323 Allow separate helpers to be excluded in Babel 8 (@liuxingbaoyu)

babel-helper-module-imports, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-plugin-proposal-record-and-tuple, babel-plugin-transform-react-jsx-development, babel-plugin-transform-react-jsx

#16349 Support merging imports in import injector (@nicolo-ribaudo)

babel-helper-create-class-features-plugin, babel-plugin-bugfix-safari-id-destructuring-collision-in-function-expression, babel-plugin-bugfix-v8-spread-parameters-in-optional-chaining, babel-plugin-bugfix-v8-static-class-fields-redefine-readonly, babel-plugin-external-helpers, babel-plugin-proposal-async-do-expressions, babel-plugin-proposal-decorators, babel-plugin-proposal-destructuring-private, babel-plugin-proposal-do-expressions, babel-plugin-proposal-duplicate-named-capturing-groups-regex, babel-plugin-proposal-explicit-resource-management, babel-plugin-proposal-export-default-from, babel-plugin-proposal-function-bind, babel-plugin-proposal-function-sent, babel-plugin-proposal-import-attributes-to-assertions, babel-plugin-proposal-import-defer, babel-plugin-proposal-import-wasm-source, babel-plugin-proposal-json-modules, babel-plugin-proposal-optional-chaining-assign, babel-plugin-proposal-partial-application, babel-plugin-proposal-pipeline-operator, babel-plugin-proposal-record-and-tuple, babel-plugin-proposal-regexp-modifiers, babel-plugin-proposal-throw-expressions, babel-plugin-syntax-async-do-expressions, babel-plugin-syntax-decimal, babel-plugin-syntax-decorators, babel-plugin-syntax-destructuring-private, babel-plugin-syntax-do-expressions, babel-plugin-syntax-explicit-resource-management, babel-plugin-syntax-export-default-from, babel-plugin-syntax-flow, babel-plugin-syntax-function-bind, babel-plugin-syntax-function-sent, babel-plugin-syntax-import-assertions, babel-plugin-syntax-import-attributes, babel-plugin-syntax-import-defer, babel-plugin-syntax-import-reflection, babel-plugin-syntax-import-source, babel-plugin-syntax-jsx, babel-plugin-syntax-module-blocks, babel-plugin-syntax-optional-chaining-assign, babel-plugin-syntax-partial-application, babel-plugin-syntax-pipeline-operator, babel-plugin-syntax-record-and-tuple, babel-plugin-syntax-throw-expressions, babel-plugin-syntax-typescript, babel-plugin-transform-arrow-functions, babel-plugin-transform-async-generator-functions, babel-plugin-transform-async-to-generator, babel-plugin-transform-block-scoped-functions, babel-plugin-transform-block-scoping, babel-plugin-transform-class-properties, babel-plugin-transform-class-static-block, babel-plugin-transform-classes, babel-plugin-transform-computed-properties, babel-plugin-transform-destructuring, babel-plugin-transform-dotall-regex, babel-plugin-transform-duplicate-keys, babel-plugin-transform-dynamic-import, babel-plugin-transform-exponentiation-operator, babel-plugin-transform-export-namespace-from, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-plugin-transform-for-of, babel-plugin-transform-function-name, babel-plugin-transform-instanceof, babel-plugin-transform-jscript, babel-plugin-transform-json-strings, babel-plugin-transform-literals, babel-plugin-transform-logical-assignment-operators, babel-plugin-transform-member-expression-literals, babel-plugin-transform-modules-amd, babel-plugin-transform-modules-commonjs, babel-plugin-transform-modules-systemjs, babel-plugin-transform-modules-umd, babel-plugin-transform-new-target, babel-plugin-transform-nullish-coalescing-operator, babel-plugin-transform-numeric-separator, babel-plugin-transform-object-assign, babel-plugin-transform-object-rest-spread, babel-plugin-transform-object-set-prototype-of-to-assign, babel-plugin-transform-object-super, babel-plugin-transform-optional-catch-binding, babel-plugin-transform-optional-chaining, babel-plugin-transform-parameters, babel-plugin-transform-private-methods, babel-plugin-transform-private-property-in-object, babel-plugin-transform-property-literals, babel-plugin-transform-property-mutators, babel-plugin-transform-proto-to-assign, babel-plugin-transform-react-constant-elements, babel-plugin-transform-react-display-name, babel-plugin-transform-react-inline-elements, babel-plugin-transform-react-jsx-compat, babel-plugin-transform-react-jsx-self, babel-plugin-transform-react-jsx-source, babel-plugin-transform-react-pure-annotations, babel-plugin-transform-regenerator, babel-plugin-transform-reserved-words, babel-plugin-transform-runtime, babel-plugin-transform-shorthand-properties, babel-plugin-transform-spread, babel-plugin-transform-sticky-regex, babel-plugin-transform-strict-mode, babel-plugin-transform-template-literals, babel-plugin-transform-typeof-symbol, babel-plugin-transform-typescript, babel-plugin-transform-unicode-escapes, babel-plugin-transform-unicode-property-regex, babel-plugin-transform-unicode-regex, babel-plugin-transform-unicode-sets-regex, babel-preset-env, babel-preset-flow, babel-preset-react, babel-preset-typescript

#16332 Test Babel 7 plugins compatibility with Babel 8 core (@nicolo-ribaudo)

babel-compat-data, babel-plugin-transform-object-rest-spread, babel-preset-env

#16318 [babel 8] Fix @babel/compat-data package.json (@nicolo-ribaudo)

🔬 Output optimization

babel-helper-replace-supers, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-parameters, babel-plugin-transform-runtime

#16345 Optimize the use of assertThisInitialized after super() (@liuxingbaoyu)

babel-plugin-transform-class-properties, babel-plugin-transform-classes

#16343 Use simpler assertThisInitialized more often (@liuxingbaoyu)

babel-plugin-proposal-decorators, babel-plugin-transform-class-properties, babel-plugin-transform-object-rest-spread, babel-traverse

#16342 Consider well-known and registered symbols as literals (@nicolo-ribaudo)

babel-core, babel-plugin-external-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-function-bind, babel-plugin-transform-class-properties, babel-plugin-transform-classes, babel-plugin-transform-flow-comments, babel-plugin-transform-flow-strip-types, babel-plugin-transform-function-name, babel-plugin-transform-modules-systemjs, babel-plugin-transform-parameters, babel-plugin-transform-private-property-in-object, babel-plugin-transform-react-jsx, babel-plugin-transform-runtime, babel-plugin-transform-spread, babel-plugin-transform-typescript, babel-preset-env

#16326 Reduce the use of class names (@liuxingbaoyu)

v7.24.0 (2024-02-28)

🚀 New Feature

babel-standalone

#11696 Export babel tooling packages in @babel/standalone (@ajihyf)

babel-core, babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-transform-class-properties

#16267 Implement noUninitializedPrivateFieldAccess assumption (@nicolo-ribaudo)

babel-helper-create-class-features-plugin, babel-helpers, babel-plugin-proposal-decorators, babel-plugin-proposal-pipeline-operator, babel-plugin-syntax-decorators, babel-plugin-transform-class-properties, babel-runtime-corejs2, babel-runtime-corejs3, babel-runtime

#16242 Support decorator 2023-11 normative updates (@JLHwung)

babel-preset-flow

#16309 [babel 7] Allow setting ignoreExtensions in Flow preset (@nicolo-ribaudo)

... (truncated)

Commits

822b025 v7.24.1
fc0d5ad Update typescript and lint tools (#16351)
69e7928 Consider well-known and registered symbols as literals (#16342)
40110e9 Update source map deps (#16327)
ce59160 v7.24.0
bd5abd5 fix: avoid popContext on unvisited node paths (#16305)
08a057c Use Object.hasOwn when available (#16248)
a0dd614 v7.23.9
1200542 fix: Don't throw in getTypeAnnotation when using TS+inference (#15383)
e428a6d v7.23.7
Additional commits viewable in compare view

Updates axios from 1.3.0 to 1.6.8

Release notes

Sourced from axios's releases.

Release v1.6.8

Release notes:

Bug Fixes

AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#6243) (2656612)

import: use named export for EventEmitter; (7320430)

vulnerability: update follow-redirects to 1.15.6 (#6300) (8786e0f)

Contributors to this release

Jay

Dmitriy Mozgovoy

Mitchell

Emmanuel

Lucas Keller

Aditya Mogili

Miroslav Petrov

Release v1.6.7

Release notes:

Bug Fixes

capture async stack only for rejections with native error objects; (#6203) (1a08f90)

Contributors to this release

Dmitriy Mozgovoy

zhoulixiang

Release v1.6.6

Release notes:

Bug Fixes

fixed missed dispatchBeforeRedirect argument (#5778) (a1938ff)

wrap errors to improve async stack trace (#5987) (123f354)

Contributors to this release

Ilya Priven

Zao Soula

Release v1.6.5

Release notes:

Bug Fixes

ci: refactor notify action as a job of publish action; (#6176) (0736f95)

dns: fixed lookup error handling; (#6175) (f4f2b03)

Contributors to this release

... (truncated)

Changelog

Sourced from axios's changelog.

1.6.8 (2024-03-15)

Bug Fixes

AxiosHeaders: fix AxiosHeaders conversion to an object during config merging (#6243) (2656612)

import: use named export for EventEmitter; (7320430)

vulnerability: update follow-redirects to 1.15.6 (#6300) (8786e0f)

Contributors to this release

Jay

Dmitriy Mozgovoy

Mitchell

Emmanuel

Lucas Keller

Aditya Mogili

Miroslav Petrov

1.6.7 (2024-01-25)

Bug Fixes

capture async stack only for rejections with native error objects; (#6203) (1a08f90)

Contributors to this release

Dmitriy Mozgovoy

zhoulixiang

1.6.6 (2024-01-24)

Bug Fixes

fixed missed dispatchBeforeRedirect argument (#5778) (a1938ff)

wrap errors to improve async stack trace (#5987) (123f354)

Contributors to this release

Ilya Priven

Zao Soula

1.6.5 (2024-01-05)

Bug Fixes

ci: refactor notify action as a job of publish action; (#6176) (0736f95)

... (truncated)

Commits

ab3f0f9 chore(release): v1.6.8 (#6303)
2656612 fix(AxiosHeaders): fix AxiosHeaders conversion to an object during config mer...
7320430 fix(import): use named export for EventEmitter;
8786e0f fix(vulnerability): update follow-redirects to 1.15.6 (#6300)
d844227 chore: update and bump deps (#6238)
caa0625 docs: update README responseEncoding types (#6194)
41c4584 docs: Update README.md to point to current axios version in CDN links (#6196)
bf6974f chore(ci): add npm tag action; (#6231)
a52e4d9 chore(release): v1.6.7 (#6204)
2b69888 chore: remove unnecessary check (#6186)
Additional commits viewable in compare view

Updates follow-redirects from 1.15.2 to 1.15.6

Commits

35a517c Release version 1.15.6 of the npm package.
c4f847f Drop Proxy-Authorization across hosts.
8526b4a Use GitHub for disclosure.
b1677ce Release version 1.15.5 of the npm package.
d8914f7 Preserve fragment in responseUrl.
6585820 Release version 1.15.4 of the npm package.
7a6567e Disallow bracketed hostnames.
05629af Prefer native URL instead of deprecated url.parse.
1cba8e8 Prefer native URL instead of legacy url.resolve.
72bc2a4 Simplify _processResponse error handling.
Additional commits viewable in compare view

Updates ip from 1.1.8 to 1.1.9

Commits

1ecbf2f 1.1.9
6a3ada9 lib: fixed CVE-2023-42282 and added unit test
See full diff in compare view

Updates semver from 5.7.1 to 5.7.2

Release notes

Sourced from semver's releases.

v5.7.2

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

Changelog

Sourced from semver's changelog.

5.7.2 (2023-07-10)

Bug Fixes

2f8fd41 #585 better handling of whitespace (#585) (@joaomoreno, @lukekarrys)

5.7

Add minVersion method

5.6

Move boolean loose param to an options object, with backwards-compatibility protection.

Add ability to opt out of special prerelease version handling with the includePrerelease option flag.

5.5

Add version coercion capabilities

5.4

Add intersection checking

5.3

Add minSatisfying method

5.2

Add prerelease(v) that returns prerelease components

5.1

Add Backus-Naur for ranges

Remove excessively cute inspection methods

5.0

Remove AMD/Browserified build artifacts

Fix ltr and gtr when using the * range

Fix for range * with a prerelease identifier

Commits

f8cc313 chore: release 5.7.2
2f8fd41 fix: better handling of whitespace (#585)
deb5ad5 chore: @npmcli/template-oss@4.16.0
See full diff in compare view

Maintainer changes

This version was pushed to npm by lukekarrys, a new releaser for semver since your current version.

Updates undici from 5.18.0 to 5.28.4

Release notes

Sourced from undici's releases.

v5.28.4

⚠️ Security Release ⚠️

Fixes GHSA-m4v8-wqvr-p9f7 CVE-2024-30260

Fixes GHSA-9qxr-qj54-h672 CVE-2024-30261

Full Changelog: nodejs/undici@v5.28.3...v5.28.4

v5.28.3

⚠️ Security Release ⚠️

Fixes:

CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch

Full Changelog: nodejs/undici@v5.28.2...v5.28.3

v5.28.2

What's Changed

fix: remove optional chainning for compatible with Nodejs12 and below by @bugb in nodejs/undici#2470

fix: remove node: prefix by @tsctx in nodejs/undici#2471

perf: avoid Headers initialization by @tsctx in nodejs/undici#2468

fix: handle SharedArrayBuffer correctly by @tsctx in nodejs/undici#2466

fix: Add null type to signal in RequestInit by @gebsh in nodejs/undici#2455

fix: correctly handle data URL with hashes. by @tsctx in nodejs/undici#2475

fix: check response for timinginfo allow flag by @ToshB in nodejs/undici#2477

Make call to onBodySent conditional in RetryHandler by @MzUgM in nodejs/undici#2478

refactor: better integrity check by @tsctx in nodejs/undici#2462

fix: Added support for inline URL username:password proxy auth by @matt-way in nodejs/undici#2473

build(deps-dev): bump jsdom from 22.1.0 to 23.0.0 by @dependabot in nodejs/undici#2472

build(deps-dev): bump sinon from 16.1.3 to 17.0.1 by @dependabot in nodejs/undici#2405

build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.1 by @dependabot in nodejs/undici#2396

build(deps): bump actions/setup-node from 3.8.1 to 4.0.0 by @dependabot in nodejs/undici#2395

build(deps): bump step-security/harden-runner from 2.5.0 to 2.6.0 by @dependabot in nodejs/undici#2392

build(deps-dev): bump formdata-node from 4.4.1 to 6.0.3 by @dependabot in nodejs/undici#2389

build(deps): bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in nodejs/undici#2302

New Contributors

@bugb made their first contribution in nodejs/undici#2470

@gebsh made their first contribution in nodejs/undici#2455

@ToshB made their first contribution in nodejs/undici#2477

@MzUgM made their first contribution in nodejs/undici#2478

@matt-way made their first contribution in nodejs/undici#2473

Full Changelog: nodejs/undici@v5.28.1...v5.28.2

v5.28.1

What's Changed

perf: Improve normalizeMethod by @tsctx in

…updates Bumps the npm_and_yarn group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [graphql](https://github.com/graphql/graphql-js) | `16.6.0` | `16.8.1` | | [@apollo/server](https://github.com/apollographql/apollo-server/tree/HEAD/packages/server) | `4.4.1` | `4.9.3` | | [@babel/traverse](https://github.com/babel/babel/tree/HEAD/packages/babel-traverse) | `7.20.13` | `7.24.1` | | [axios](https://github.com/axios/axios) | `1.3.0` | `1.6.8` | | [ip](https://github.com/indutny/node-ip) | `1.1.8` | `1.1.9` | | [semver](https://github.com/npm/node-semver) | `5.7.1` | `5.7.2` | | [undici](https://github.com/nodejs/undici) | `5.18.0` | `5.28.4` | | [word-wrap](https://github.com/jonschlinkert/word-wrap) | `1.2.3` | `1.2.5` | Bumps the npm_and_yarn group with 1 update in the /packages/apollo directory: [@apollo/server](https://github.com/apollographql/apollo-server/tree/HEAD/packages/server). Updates `graphql` from 16.6.0 to 16.8.1 - [Release notes](https://github.com/graphql/graphql-js/releases) - [Commits](graphql/graphql-js@v16.6.0...v16.8.1) Updates `@apollo/server` from 4.4.1 to 4.9.3 - [Release notes](https://github.com/apollographql/apollo-server/releases) - [Changelog](https://github.com/apollographql/apollo-server/blob/main/packages/server/CHANGELOG.md) - [Commits](https://github.com/apollographql/apollo-server/commits/@apollo/[email protected]/packages/server) Updates `@babel/traverse` from 7.20.13 to 7.24.1 - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.24.1/packages/babel-traverse) Updates `axios` from 1.3.0 to 1.6.8 - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.3.0...v1.6.8) Updates `follow-redirects` from 1.15.2 to 1.15.6 - [Release notes](https://github.com/follow-redirects/follow-redirects/releases) - [Commits](follow-redirects/follow-redirects@v1.15.2...v1.15.6) Updates `ip` from 1.1.8 to 1.1.9 - [Commits](indutny/node-ip@v1.1.8...v1.1.9) Updates `semver` from 5.7.1 to 5.7.2 - [Release notes](https://github.com/npm/node-semver/releases) - [Changelog](https://github.com/npm/node-semver/blob/v5.7.2/CHANGELOG.md) - [Commits](npm/node-semver@v5.7.1...v5.7.2) Updates `undici` from 5.18.0 to 5.28.4 - [Release notes](https://github.com/nodejs/undici/releases) - [Commits](nodejs/undici@v5.18.0...v5.28.4) Updates `word-wrap` from 1.2.3 to 1.2.5 - [Release notes](https://github.com/jonschlinkert/word-wrap/releases) - [Commits](jonschlinkert/word-wrap@1.2.3...1.2.5) Updates `@apollo/server` from 4.4.1 to 4.9.3 - [Release notes](https://github.com/apollographql/apollo-server/releases) - [Changelog](https://github.com/apollographql/apollo-server/blob/main/packages/server/CHANGELOG.md) - [Commits](https://github.com/apollographql/apollo-server/commits/@apollo/[email protected]/packages/server) --- updated-dependencies: - dependency-name: graphql dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: "@apollo/server" dependency-type: direct:development dependency-group: npm_and_yarn-security-group - dependency-name: "@babel/traverse" dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: axios dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: follow-redirects dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: ip dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: semver dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: undici dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: word-wrap dependency-type: indirect dependency-group: npm_and_yarn-security-group - dependency-name: "@apollo/server" dependency-type: direct:development dependency-group: npm_and_yarn-security-group ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2024-05-02T09:12:45Z

Superseded by #15.

dependabot bot added the dependencies label Apr 4, 2024

dependabot bot mentioned this pull request Apr 4, 2024

chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates #13

Closed

dependabot bot closed this May 2, 2024

dependabot bot deleted the dependabot/npm_and_yarn/npm_and_yarn-security-group-fd2b0423f3 branch May 2, 2024 09:12

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates #14

chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates #14

dependabot bot commented on behalf of github Apr 4, 2024

dependabot bot commented on behalf of github May 2, 2024

chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates #14

chore(deps): bump the npm_and_yarn group across 2 directories with 9 updates #14

Conversation

dependabot bot commented on behalf of github Apr 4, 2024

v16.8.1 (2023-09-19)

Bug Fix 🐞

Committers: 1

v16.8.0 (2023-08-14)

New Feature 🚀

Committers: 1

v16.7.1 (2023-06-22)

Bug Fix 🐞

Committers: 1

v16.7.0 (2023-06-21)

New Feature 🚀

Bug Fix 🐞

Committers: 3

@​apollo/server-integration-testsuite@​4.9.3

Patch Changes

@​apollo/server@​4.9.3

Patch Changes

@​apollo/server-integration-testsuite@​4.9.2

Patch Changes

@​apollo/server@​4.9.2

Patch Changes

@​apollo/server-integration-testsuite@​4.9.1

Patch Changes

@​apollo/server@​4.9.1

Patch Changes

4.9.3

Patch Changes

4.9.2

Patch Changes

4.9.1

Patch Changes

4.9.0

Minor Changes

v7.24.1 (2024-03-19)

🐛 Bug Fix

📝 Documentation

🏠 Internal

🔬 Output optimization

Committers: 4

v7.24.0 (2024-02-28)

🚀 New Feature

v7.24.1 (2024-03-19)

🐛 Bug Fix

📝 Documentation

🏠 Internal

🔬 Output optimization

v7.24.0 (2024-02-28)

🚀 New Feature

Release v1.6.8

Release notes:

Bug Fixes

Contributors to this release

Release v1.6.7

Release notes:

Bug Fixes

Contributors to this release

Release v1.6.6

Release notes:

Bug Fixes

Contributors to this release

Release v1.6.5

Release notes:

Bug Fixes

Contributors to this release

1.6.8 (2024-03-15)

Bug Fixes

Contributors to this release

1.6.7 (2024-01-25)

Bug Fixes

Contributors to this release

1.6.6 (2024-01-24)

Bug Fixes

Contributors to this release

1.6.5 (2024-01-05)

Bug Fixes

v5.7.2

`@apollo/server-integration-testsuite@4`.9.3

`@apollo/server@4`.9.3

`@apollo/server-integration-testsuite@4`.9.2

`@apollo/server@4`.9.2

`@apollo/server-integration-testsuite@4`.9.1

`@apollo/server@4`.9.1