cloud-pricing-api
cloud-pricing-api copied to clipboard
chore(deps): bump apollo-server-core from 3.6.7 to 3.10.0
Bumps apollo-server-core from 3.6.7 to 3.10.0.
Changelog
Sourced from apollo-server-core's changelog.
v3.10.0
- Add
document
,variables
,headers
as an option in theApolloServerPluginLandingPageLocalDefault
plugins. The embedded version of Apollo Sandbox can now use these options as an initial state. [PR #6628](apollographql/apollo-server#6628)- Add
generateCacheKey
toApolloServerPluginResponseCache
to allow for custom cache keys. [PR #6655](apollographql/apollo-server#6655)v3.9.0
- ⚠️ SECURITY
apollo-server-core
: The default configuration of Apollo Server is vulnerable to denial of service attacks via memory exhaustion. If you do not currently specify thecache
option tonew ApolloServer()
, we strongly recommend you specifycache: 'bounded'
, which replaces the default in-memory unbounded cache with a 30MB in-memory cache, or disable automatic persisted queries withpersistedQueries: false
. Apollo Server now logs a warning in production if you do not configure the cache or disable APQs. See the docs for more details.- The
apollo-server-caching
package is no longer published. The TypeScript typesKeyValueCache
andKeyValueCacheSetOptions
and the classesPrefixingKeyValueCache
andInMemoryLRUCache
can be imported from@apollo/utils.keyvaluecache
instead. The first three exports are identical;InMemoryLRUCache
is based onlru-cache
v7 instead of v6, and no longer supports creating unbounded caches (which was the default behavior forapollo-server-caching
'sInMemoryLRUCache
). [PR #6522](apollographql/apollo-server#6522)- The
apollo-server-cache-redis
andapollo-server-cache-memcached
packages are no longer published (though previous versions continue to work). We recommend that users of these packages migrate to@apollo/utils.keyvadapter
, which lets you connect to Redis, Memcached, or any other backend supported by the Keyv project. See the new cache backend docs for more details. [PR #6541](apollographql/apollo-server#6541)- Avoid unhandled rejection errors if the end hook from a
parsingDidStart
plugin method rejects. [Issue #6567](apollographql/apollo-server#6567) [PR #6559](apollographql/apollo-server#6559)v3.8.2
apollo-server-core
: Fix usage reporting plugin "willResolveField called after stopTiming!" error caused by a race condition related to null bubbling. [Issue #4472](apollographql/apollo-server#4472) [PR #6398](apollographql/apollo-server#6398)v3.8.1
- This is a patch release strictly for republishing over what appears to be a hiccup in NPMs service. [Issue #6469](apollographql/apollo-server#6469)
v3.8.0
- Add
embed
as an option in theApolloServerPluginLandingPageLocalDefault
andApolloServerPluginLandingPageProductionDefault
plugins. If you pass theembed
option toApolloServerPluginLandingPageLocalDefault
, the Apollo Studio Sandbox will be embedded on your Apollo Server endpoint. If you pass theembed
option toApolloServerPluginLandingPageProductionDefault
, the Apollo Studio embedded Explorer will be embedded on your Apollo Server endpoint. In both cases, users can use the embedded app to run GraphQL operations without any special CORS setup.- Add a few missing dependencies to packages. [PR #6393](apollographql/apollo-server#6393)
- Factor out some usage reporting code to a shared package in the
apollo-utils
repository. Should not be a visible change. [PR #6449](apollographql/apollo-server#6449)v3.7.0
- ⚠️ SECURITY
apollo-server-core
: Apollo Server now includes protection against CSRF and XS-Search attacks. We highly recommend enabling this feature by passingcsrfPrevention: true
tonew ApolloServer()
. If you rely on the ability to execute GraphQL operations via HTTPGET
requests using a client other than Apollo Client Web, Apollo iOS, or Apollo Kotlin (formerly Apollo Android), you may need to first change the configuration of that client. See the CSRF prevention docs for more details. This vulnerability was reported by Jeffrey Hofmann; the feature was designed with advice from Luca Carettoni of Doyensec.v3.6.8
apollo-server-fastify
: This package now depends on the@fastify/accepts
and@fastify/cors
packages rather than their older deprecated namesfastify-accepts
andfastify-cors
. There is no behavior change (except that you will no longer see deprecation messages). [PR #6366](apollographql/apollo-server#6366)apollo-server-types
: TheLogger
TypeScript interface is now re-exported from the new@apollo/utils.logger
package instead of defined directly in this package; other packages import it from the new package. There should be no observable change. [PR #6229](apollographql/apollo-server#6229)
Commits
4041aae
Releasee9ae0f2
fix: "without going through" typo (#6661)07639bb
NEBULA-1385: AddinitialState
to embeddable sandbox based on config (#6628)36ecbb1
Release9387cba
Update caching docs (#6547)549070e
Reinstate bounded documentStore (#6548)ac8f9bf
Warn on unconfiguredcache
(#6545)f66fddc
Addcache: "bounded"
configuration option (#6536)67d9036
Implement simpleUnboundedCache
(#6535)29bb2f7
Use newKeyValueCache
and friends from@apollo/utils.keyvaluecache
(#6522)- Additional commits viewable in compare view
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase
.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
-
@dependabot rebase
will rebase this PR -
@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it -
@dependabot merge
will merge this PR after your CI passes on it -
@dependabot squash and merge
will squash and merge this PR after your CI passes on it -
@dependabot cancel merge
will cancel a previously requested merge and block automerging -
@dependabot reopen
will reopen this PR if it is closed -
@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually -
@dependabot ignore this major version
will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this minor version
will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) -
@dependabot ignore this dependency
will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)