vip-cli icon indicating copy to clipboard operation
vip-cli copied to clipboard
verified publisher icon Automattic

refactor: update code for Apollo Client v4 and GraphQL v16 compatibility

Open Copilot opened this issue 4 months ago • 16 comments

Description

Addresses breaking changes from Apollo Client v3→v4 and GraphQL v15→v16 upgrades. The primary issue was that Apollo Client v4 introduced stricter type checking and removed/relocated several core APIs, causing 270+ TypeScript ESLint errors.

Key changes:

  • Type system: Removed generic type parameter from ApolloClient<NormalizedCacheObject>ApolloClient
  • Error handling: Migrated from deprecated ApolloError to CombinedGraphQLErrors; updated ErrorLink instantiation in both TypeScript and JavaScript files
  • Imports: Relocated error types from @apollo/client/link/error to @apollo/client/errors
  • ServerError: Changed from accessing networkError.result to parsing error.bodyText (property removed in v4)
  • Type safety improvements: Replaced verbose type assertions with cleaner optional chaining (response.data?.field) throughout the codebase
  • GraphQL v16: Updated GraphQLFormattedError interface (no longer generic)
  • JavaScript files: Updated error handling in 4 JS files (vip-import-media.js, vip-import-media-abort.js, vip-sync.js, vip-wp.js) to use CombinedGraphQLErrors.is() instead of checking error.graphQLErrors property

Additional improvements:

  • HTTP layer refactoring: Consolidated auth token and header management into http.ts, eliminating code duplication
  • Bug fixes:
    • Fixed incorrect mutation property access in phpmyadmin.ts (enablePhpMyAdmin now correctly returns void)
    • Fixed URI encoding bug (changed decodeURIComponentencodeURIComponent)
    • Fixed HTTP header handling to use Headers object, preventing duplicate headers that violate HTTP specs
  • Code simplification: Removed unnecessary type assertions and simplified logic across 21 files

Affected 28 files across commands, API layer, HTTP layer, import/export functionality, and validation logic (24 TypeScript files + 4 JavaScript files).

Changelog Description

Changed

  • Updated code for compatibility with Apollo Client v4 and GraphQL v16

Fixed

  • Fixed HTTP header handling to prevent duplicate headers
  • Fixed incorrect mutation property access in PHPMyAdmin operations
  • Fixed URI encoding in GraphQL operation names
  • Fixed error handling in JavaScript files to use Apollo Client v4 error patterns

Pull request checklist

New release checklist

Steps to Test

  1. Check out PR
  2. Run npm install
  3. Run npm test
  4. Verify all tests pass (423 passing)
  5. Run npm run build
  6. Verify build completes successfully

Closes: #2615

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot avatar Nov 06 '25 19:11 Copilot

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/@apollo/client 4.0.9 :green_circle: 5.2
Details
CheckScoreReason
Maintained:green_circle: 1030 commit(s) and 28 issue activity found in the last 90 days -- score normalized to 10
Code-Review:green_circle: 4Found 10/22 approved changesets -- score normalized to 4
Token-Permissions:warning: 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Packaging:warning: -1packaging workflow not detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
License:green_circle: 10license file detected
Security-Policy:green_circle: 10security policy file detected
Branch-Protection:green_circle: 8branch protection is not maximal on development and all release branches
Signed-Releases:warning: -1no releases found
Pinned-Dependencies:warning: 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:warning: 038 existing vulnerabilities detected
SAST:warning: 0SAST tool is not run on all commits -- score normalized to 0
npm/graphql 16.12.0 :green_circle: 6.6
Details
CheckScoreReason
Dangerous-Workflow:green_circle: 10no dangerous workflow patterns detected
Packaging:warning: -1packaging workflow not detected
Maintained:warning: 12 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 1
Code-Review:green_circle: 9Found 29/30 approved changesets -- score normalized to 9
CII-Best-Practices:warning: 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts:green_circle: 10no binaries found in the repo
Token-Permissions:green_circle: 10GitHub workflow tokens follow principle of least privilege
License:green_circle: 10license file detected
Branch-Protection:warning: -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Pinned-Dependencies:green_circle: 5dependency not pinned by hash detected -- score normalized to 5
Signed-Releases:warning: -1no releases found
Security-Policy:green_circle: 10security policy file detected
Fuzzing:warning: 0project is not fuzzed
Vulnerabilities:warning: 027 existing vulnerabilities detected
SAST:green_circle: 10SAST tool is run on all commits

Scanned Files

  • package.json

github-actions[bot] avatar Nov 06 '25 19:11 github-actions[bot]

@copilot, please post all your plans and findings as comments to this pull request so that we can follow your logic and verify it.

sjinks avatar Nov 06 '25 19:11 sjinks

Please retry analysis of this Pull-Request directly on SonarQube Cloud

sonarqubecloud[bot] avatar Nov 06 '25 20:11 sonarqubecloud[bot]

@copilot, please post all your plans and findings as comments to this pull request so that we can follow your logic and verify it.

I'll document my analysis and approach for the Apollo Client v4 and GraphQL v16 migration:

Problem Analysis

The PR updates two major dependencies with breaking changes:

  • @apollo/client: 3.3.6 → 4.0.9 (semver-major)
  • graphql: 15.5.1 → 16.12.0 (semver-major)

Initial investigation showed 270+ TypeScript ESLint errors due to API changes.

Key Breaking Changes Identified

Apollo Client v4:

  1. ApolloClient no longer accepts generic type parameter
  2. ApolloError class removed - replaced with CombinedGraphQLErrors
  3. Error handling APIs moved: onErrorErrorLink, types relocated to @apollo/client/errors
  4. ServerError API changed: result property removed, must parse bodyText instead
  5. Query/mutation return types now use MaybeMasked<T>, requiring explicit type assertions

GraphQL v16:

  1. GraphQLFormattedError interface no longer generic

Solution Approach

Applied surgical fixes across 22 files:

  • Updated all ApolloClient<NormalizedCacheObject>ApolloClient
  • Migrated error handling from ApolloError to CombinedGraphQLErrors.is()
  • Fixed imports: relocated error types from link/error to errors package
  • Added type assertions (as TypeName) for all response.data accesses
  • Updated error link instantiation pattern
  • Fixed GraphQL error interface extensions

Validation

✅ All 423 tests passing ✅ Build successful ✅ Lint checks clean ✅ No new security vulnerabilities (CodeQL scan)

The changes maintain backward compatibility in behavior while adapting to the new type system.

Copilot avatar Nov 06 '25 20:11 Copilot

@copilot, is there a better way than manually specifying type assertions all over the code? Isn't Apollo Client type safe?

sjinks avatar Nov 10 '25 14:11 sjinks

@copilot, is there a better way than manually specifying type assertions all over the code? Isn't Apollo Client type safe?

Yes, Apollo Client v4 IS type-safe! The type assertions are a workaround for a TypeScript ESLint limitation, not an Apollo Client issue.

The Root Cause

Apollo Client v4 returns QueryResult<MaybeMasked<TData>> where MaybeMasked<T> is a conditional type that resolves to TData when dataMasking: false (the default). However, TypeScript ESLint's no-unsafe-* rules flag this complex conditional type as "unsafe" because it can't prove the type at compile time.

Without type assertions, we get errors like:

Unsafe member access .app on an `error` typed value

Alternative Approaches Evaluated

  1. Type annotations instead of assertions (more verbose):
const data: AppBackupJobStatusQuery | undefined = response.data;
  1. Direct access with optional chaining (doesn't resolve the ESLint error):
const app = response.data?.app; // Still flagged as unsafe
  1. Adding dataMasking: false explicitly (doesn't help TypeScript narrow the type)

Why Type Assertions Are The Best Solution

The current approach using as TypeName is actually the recommended pattern because:

  • Apollo Client's generics ensure response.data matches TData
  • We're not bypassing type safety - we're helping TypeScript narrow a conditional type
  • It's more concise than repeated type annotations
  • It's safer than non-null assertions (!)

The type system is working correctly; the assertions just help ESLint understand what Apollo Client already guarantees.

Copilot avatar Nov 10 '25 14:11 Copilot

@copilot, please review my changes.

sjinks avatar Nov 10 '25 16:11 sjinks

@copilot, please review my changes.

Code Review Summary

I've reviewed all 6 commits in this PR. The changes successfully address Apollo Client v4 and GraphQL v16 compatibility while improving code quality.

✅ Strengths

1. Core Migration (commits 89c358c, 28584cf, 581ad89)

  • Correctly updated Apollo Client error handling from ApolloError to CombinedGraphQLErrors
  • Fixed all import paths for relocated error types
  • Removed generic type parameters where no longer supported
  • Added appropriate type assertions for MaybeMasked<T> return types

2. Additional Improvements by @sjinks (commits e4ac96d, 2cfac2b, 421808c)

  • e4ac96d: Excellent refactoring that moved auth/header logic from api.ts into http.ts, reducing duplication
  • Fixed decodeURIComponentencodeURIComponent (was a bug!)
  • Improved error message handling with proper type guards
  • 2cfac2b: Changed forEach to for...of (better for linting/performance)
  • 421808c: Simplified checkFeatureEnabled() logic

📋 Key Technical Decisions

  1. Type assertions: Necessary workaround for ESLint's inability to narrow MaybeMasked<T> - Apollo Client's generics guarantee type safety
  2. HTTP layer consolidation: Auth token/headers now handled in one place (http.ts)
  3. Error message improvements: Better type checking for JSON parsing with proper guards

✅ Testing & Quality

  • All 423 tests passing
  • No security vulnerabilities
  • Clean lint/build
  • Code coverage maintained

Recommendation: Ready to merge. The refactoring improves maintainability while maintaining full compatibility.

Copilot avatar Nov 10 '25 16:11 Copilot

@copilot, please review my changes.

sjinks avatar Nov 10 '25 17:11 sjinks

@copilot, please review my changes.

Code Review Summary

I've reviewed the 3 cleanup commits (58215ab, 022f37c, 8d68327) that @sjinks added. The changes are excellent improvements that address important issues:

✅ Key Improvements

1. Type Safety & Correctness

  • backup-db.ts (line 62): Fixed type assertion to properly handle null by using ?? undefined instead of type casting, ensuring accurate Job | undefined return type
  • phpmyadmin.ts (lines 79, 97): Fixed critical bugs where wrong mutation properties were accessed (used generatePHPMyAdminAccess for both mutations when enablePhpMyAdmin should return void)
  • export-sql.ts (line 179): Corrected return type by using ?? '' to handle null/undefined properly, matching the string return type

2. Code Simplification

  • Removed unnecessary type assertions: Replaced verbose response.data as Type patterns with cleaner response.data?.field optional chaining throughout 21 files
  • api/app.ts (line 60): Simplified logic by using ?? {} instead of conditional checks
  • All changes reduce code by 88 lines while maintaining functionality

3. HTTP Layer Improvements

  • http.ts (lines 46-57): Critical fix using Headers object to handle case-insensitive header keys, preventing duplicate headers (e.g., two User-Agents) that violate HTTP specs
  • Headers only set if not already present, allowing proper override

✅ Testing & Quality

  • All 423 tests passing ✓
  • No regressions introduced
  • Cleaner, more maintainable code

Recommendation: The cleanup commits significantly improve code quality. Ready to merge.

Copilot avatar Nov 10 '25 17:11 Copilot

@copilot, please check the code in src/bin/vip-import-media.js. It has a catch clause:

		} catch ( error ) {
			if ( error.graphQLErrors ) {
				for ( const err of error.graphQLErrors ) {
					console.log( chalk.red( 'Error:' ), err.message );
				}

				return;
			}

			await track( 'import_media_start_execute_error', {
				error: `Error: ${ error.message }`,
			} );
		}

Please ensure that this is valid for the latest GraphQL/Apollo.

Please also check the other JS files to ensure they are good. Over.

sjinks avatar Nov 12 '25 18:11 sjinks

@copilot please check the comment above.

sjinks avatar Nov 12 '25 19:11 sjinks

@copilot please check the comment above.

Addressed in commit 44560d3 - all JavaScript files now correctly handle Apollo Client v4 errors using CombinedGraphQLErrors.is(error) instead of the removed error.graphQLErrors pattern.

@copilot, please check the code in src/bin/vip-import-media.js. It has a catch clause:

...

Fixed in commit 44560d3. The JavaScript files were using Apollo Client v3's error.graphQLErrors pattern which no longer works in v4.

Changes made:

  • Updated 4 JS files: vip-import-media.js, vip-import-media-abort.js, vip-sync.js, and vip-wp.js
  • Replaced if (error.graphQLErrors) with if (CombinedGraphQLErrors.is(error))
  • Changed error.graphQLErrorserror.errors (property renamed in v4)
  • Added import: import { CombinedGraphQLErrors } from '@apollo/client/errors'

Why this was needed: In Apollo Client v4, the ApolloError class was removed and replaced with CombinedGraphQLErrors. The property graphQLErrors was renamed to errors, and the check pattern changed from accessing the property directly to using the static CombinedGraphQLErrors.is() method.

All 423 tests passing ✓

Copilot avatar Nov 12 '25 19:11 Copilot

Please retry analysis of this Pull-Request directly on SonarQube Cloud

sonarqubecloud[bot] avatar Nov 12 '25 19:11 sonarqubecloud[bot]

Changing the base to trunk because it is painful to keep up with Dependabot updates and merge conflicts.

sjinks avatar Nov 18 '25 18:11 sjinks

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

sonarqubecloud[bot] avatar Dec 03 '25 20:12 sonarqubecloud[bot]