fix(deps): update apollo graphql packages#353
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
renovate
Bot
requested review from
bassrock and
efixler
and removed request for
a team
July 24, 2023 08:19
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
3 times, most recently
from
July 25, 2023 03:55
1c11fdb to
9f41f68
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
4 times, most recently
from
August 9, 2023 22:28
c9cb0d9 to
b1eff80
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
4 times, most recently
from
August 25, 2023 22:42
b4d316b to
42fd35a
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
September 1, 2023 18:13
30b8555 to
3446370
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
September 19, 2023 21:28
3446370 to
5daf10f
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
October 1, 2023 23:06
5daf10f to
feb0147
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
October 14, 2023 21:13
feb0147 to
af17ceb
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
November 18, 2023 00:29
66a83be to
4adf963
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
November 29, 2023 06:40
c994896 to
9017f61
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
December 12, 2023 22:47
9017f61 to
4c90bee
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
January 12, 2024 16:48
4c90bee to
6209724
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
January 25, 2024 17:59
34ddfdb to
7ec89dd
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
February 20, 2024 20:08
7ec89dd to
ea8f921
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
May 30, 2024 03:17
6a8bfc3 to
522fb2a
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
June 19, 2024 19:30
522fb2a to
ff618ed
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
June 29, 2024 18:42
ff618ed to
3edfb6e
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
July 14, 2024 01:25
3edfb6e to
e5ea4b0
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
July 26, 2024 20:10
e5ea4b0 to
0d4106d
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
August 28, 2024 18:58
8216021 to
fbdddfb
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
September 4, 2024 04:27
fbdddfb to
27ae7aa
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
September 19, 2024 02:03
27ae7aa to
731e4e5
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
October 3, 2024 17:27
40521f4 to
47031eb
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
October 17, 2024 09:15
47031eb to
51dd026
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
3 times, most recently
from
February 20, 2025 22:19
5a1e048 to
1b201d7
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
April 14, 2025 14:18
3d26522 to
2068a07
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
April 15, 2025 21:15
2068a07 to
49ddbe9
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
June 4, 2025 19:51
49ddbe9 to
3ec1ee0
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
June 26, 2025 20:58
8729894 to
e92959e
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
September 25, 2025 17:10
e92959e to
11b6c09
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
October 10, 2025 19:09
11b6c09 to
3337db5
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
October 21, 2025 21:18
3337db5 to
5695d23
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
from
November 5, 2025 18:39
5695d23 to
94ae8a8
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
November 18, 2025 23:05
a73a02c to
00c744e
Compare
renovate
Bot
force-pushed
the
renovate/apollo-graphql-packages
branch
2 times, most recently
from
December 10, 2025 04:14
4e3fecf to
4f14e9b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
2.10.5→2.14.23.9.0→3.13.03.9.0→3.13.03.6.1→3.8.2Release Notes
apollographql/federation (@apollo/gateway)
v2.14.2Compare Source
Patch Changes
Filter cloud resource detection to only the anonymous data we process (#3450)
The opt-out telemetry introduced in #3289 ran OpenTelemetry cloud resource detectors (AWS, GCP, Azure, Alibaba Cloud) whose attributes could include infrastructure-identifying values such as account IDs, instance IDs, ARNs, hostnames, function names, and log group/stream names. These attributes are now stripped before export, retaining only the non-identifying
cloud.providerandcloud.platformattributes that Apollo processes on the ingestion side.Updated dependencies []:
v2.14.1Compare Source
Patch Changes
Pass instrumentation scope version as a separate argument when creating the OpenTelemetry meter for telemetry. Fixes #3436. (#3439)
Updated dependencies [
278eb0fc2bc0ef13ba371407df04cfe50fa2887d,8bb88f9c7b90addd5ef29f9e4a3f9c027e6cf690,621568719382df6592749168893e0e533a648ba5]:v2.14.0Compare Source
Minor Changes
Patch Changes
the current calculated length correctly leading to inclusion of additional elements in the error/hints message.
21cf465d4c687daeed71635422718c3c7b7d2d0e,e1fd4ac10f72bb09027995f0811ec6e0021bcd49,5b36fc6b5a494aa6983e0339713dc45a0bd031e3,a20279a0184d9dfbc01a806d849dc8ae22497298]:v2.13.3Compare Source
Patch Changes
b5c17ffa73e2de49bd63182a84a7d5837c0ab2d5]:v2.13.2Compare Source
Patch Changes
Fixed several code paths that access response objects to prevent JavaScript prototype pollution and unintended access to the prototype chain. (#3396)
See the associated GitHub Advisories GHSA-pfjj-6f4p-rvmh for more information.
Updated dependencies [
84e9226b606b176ede097410f5ba35ba03d140ed]:v2.13.1Compare Source
Patch Changes
Allow bumping
make-fetch-happendependency to v15. (#3374)This change allows users to upgrade
make-fetch-happento v15, which in turn will allow updating thecacachedependency from v17 to v20, dropping thetarv6 dependency that is marked as vulnerable.The only breaking changes in
make-fetch-happenfrom v11 to v15 are removals of support for old end-of-life Node.js versions.There is only one note from the 12.0.0 release of
make-fetch-happenthat might be of interest when considering the upgrade:As a result, it should be possible for most users to upgrade from v11 to v15 without any issues.
We still keep the dependency to v11 as an alternative for people that cannot upgrade to v15 for some reason. This will be removed in a future version of
@apollo/gateway.Even for users that stay on v11, there should not be any immediate danger. While
cacachehadtarv6 as a dependency, it actually never used it. It seems that that dependency had become unused at some point but was never removed. So users onmake-fetch-happenv11 are not actually affected by the vulnerability intarv6.The dependency might hold the
tarpackage required by other packages back, though. In case an update from v11 to v15 is not possible, users should consider to use the resolution override feature of their package manager to force the dependency fromcacachetotarto either be removed or updated to a newer version. Ascacachedoes not actually usetar, this should not cause any issues.Updated dependencies []:
v2.13.0Compare Source
Minor Changes
Patch Changes
f4d2f4a1f50a92be37ea7179eddb3681f36d9d15,523b13b715e75033f0bdbc176416e59ac01de8f0,ecbe182423313b3a94c185dee6b659573435b141,4c64006b1604471940e20aa1aa46a0f75a6396df,873577a2b7ae8ce507e0ca4377aed049e1a15075]:v2.12.3Compare Source
Patch Changes
Fixed several code paths that access response objects to prevent JavaScript prototype pollution and unintended access to the prototype chain. (#3397)
See the associated GitHub Advisories GHSA-pfjj-6f4p-rvmh for more information.
Updated dependencies [
4393ceca349aca68981362f210cca023ed3fb97b]:v2.12.2Compare Source
Patch Changes
238d9d71e831e4f3e8d8e334ad6952cc19c073b1]:v2.12.1Compare Source
Patch Changes
b19431e4a92206703e29aba859a5fc7574b9ef8b,09e596e6a0c753071ca822e84f525d73ada395cf,ac1ed2946c48e0fef4b413b192d8c5fbdb2370ae]:v2.12.0Compare Source
Minor Changes
Patch Changes
3e2b0a8569a9fe46726182887ed0b4bfc0b52468,bb4614d338ae03bac51a5fc2439590f172c4e54d,99f2da21de88f9ad9a32ee7ed64b2d4a92887b40,468f27842608f4e390cfc88bc7e6b4b0945f95ff,3fd5157b309f1d3439b2d87c67b0601fb246d04c,b734ea04d118db09cf6077fdd968c8f04a96327a,4bda3a498eba36e187dfd9ae673eca12d3f3502c,e7e67579908d5cd2fa6fe558228dffe4808cd98d,f3ab499eaf62b1a1c0f08b838d2cbde5accb303a,faea2d1174d80593264f2227cfde9a2ba1a59b96,0dbc7cc72ffacf324231e9ccb2de4189f6bf3289,97b9d2edfcfeed99124f9e115f992cbef3804682,f6af504f1ba8283fd00af0d6e3c9c1a665d62736,bc07e979b9fd24c9b94740b170f11023fe99ba1e,a595235d3cf8f67611efd8395332b64d067b5f1f,9cbdcb53f859c877a476e2725faa4cb205506f57]:v2.11.6Compare Source
Patch Changes
Fixed several code paths that access response objects to prevent JavaScript prototype pollution and unintended access to the prototype chain. (#3398)
See the associated GitHub Advisories GHSA-pfjj-6f4p-rvmh for more information.
Updated dependencies [
73ae202f72a31b9f63e779c535d7ecb059ff908a]:v2.11.5Compare Source
Patch Changes
5ee4d966487e714ae6bc6445bf53d75ccbbaf6ae,e1c58611c3c996b4fff98a54e49f00549ff2115d,3e2d1fd315db54a089fedf131cfaa27792bdd049]:v2.11.4Compare Source
Patch Changes
d221ac04c3ee00a3c7a671d9d56e2cfa36943b49,7730c03e128be6754b9e40c086d5cb5c4685ac66,4bda3a498eba36e187dfd9ae673eca12d3f3502c,f3ab499eaf62b1a1c0f08b838d2cbde5accb303a,6adbf7e86927de969aedab665b6a3a8dbf3a6095,2a20dc38dfc40e0b618d5cc826f18a19ddb91aff]:v2.11.3Compare Source
Patch Changes
4faa114215200daf7ad7518be8e50071fcde783c,8c7a2cd655ad3060e9f5c3b106cfbdb59251701c]:v2.11.2Compare Source
Patch Changes
28c08bef6e691aefc6ed07c0e7057f9cd803b317,28c08bef6e691aefc6ed07c0e7057f9cd803b317]:v2.11.1Compare Source
Patch Changes
7799ad1717becf15fb0e82f89619f2ec8a24b4d4,b26794c5724ef23d1f0fd45a40aee3d301557489,51bed5be49d8e87adae59f568315c9e3488a91e0]:v2.11.0Compare Source
Minor Changes
Patch Changes
Corrects a set of denial-of-service (DOS) vulnerabilities that made it possible for an attacker to render gateway inoperable with certain simple query patterns due to uncontrolled resource consumption. All prior-released versions and configurations are vulnerable. (#3238)
See the associated GitHub Advisories GHSA-q2f9-x4p4-7xmh and GHSA-p2q6-pwh5-m6jr for more information.
Updated dependencies [
1462c91879d41884c0a7e60551d8dd0d67c832d3,9614b26e5a17cbf1f6aaf08f6fcb1c95eb12592d,9614b26e5a17cbf1f6aaf08f6fcb1c95eb12592d]:apollographql/apollo-server (apollo-server)
v3.13.0Compare Source
v3.12.1Compare Source
v3.12.0Compare Source
v3.11.1Compare Source
v3.11.0Compare Source
v3.10.4Compare Source
v3.10.3Compare Source
v3.10.2Compare Source
v3.10.1Compare Source
v3.10.0Compare Source
apollographql/apollo-server (apollo-server-express)
v3.13.0Compare Source
v3.12.1Compare Source
v3.12.0Compare Source
v3.11.1Compare Source
v3.11.0Compare Source
v3.10.4Compare Source
v3.10.3Compare Source
v3.10.2Compare Source
v3.10.1Compare Source
v3.10.0Compare Source
apollographql/apollo-server (apollo-server-plugin-response-cache)
v3.8.2Compare Source
v3.8.1Compare Source
v3.8.0Compare Source
v3.7.1Compare Source
v3.7.0Compare Source
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.
This PR was generated by Mend Renovate. View the repository job log.