Skip to content

fix(deps): update all major dependencies (major) #74

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix(deps): update all major dependencies (major) #74

wants to merge 1 commit into from
+157 −157

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 8, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Confidence Type Update
@apollo/server (source) 4.10.0 -> 5.0.0 age confidence dependencies major
@as-integrations/fastify (source) 2.1.1 -> 3.0.0 age confidence dependencies major
@fastify/static 6.12.0 -> 8.2.0 age confidence dependencies major
@jest/globals (source) 29.7.0 -> 30.0.5 age confidence devDependencies major
@jest/types (source) 29.6.3 -> 30.0.5 age confidence devDependencies major
@mikro-orm/cli (source) 5.9.8 -> 6.4.16 age confidence devDependencies major
@mikro-orm/core (source) 5.9.8 -> 6.4.16 age confidence dependencies major
@mikro-orm/migrations (source) 5.9.8 -> 6.4.16 age confidence dependencies major
@mikro-orm/nestjs 5.2.3 -> 6.1.1 age confidence dependencies major
@mikro-orm/postgresql (source) 5.9.8 -> 6.4.16 age confidence dependencies major
@nestjs/apollo 12.1.0 -> 13.1.0 age confidence dependencies major
@nestjs/common (source) 10.3.3 -> 11.1.6 age confidence dependencies major
@nestjs/core (source) 10.3.3 -> 11.1.6 age confidence dependencies major
@nestjs/cqrs 10.2.7 -> 11.0.3 age confidence dependencies major
@nestjs/graphql 12.1.1 -> 13.1.0 age confidence dependencies major
@nestjs/microservices (source) 10.3.3 -> 11.1.6 age confidence dependencies major
@nestjs/platform-fastify (source) 10.3.3 -> 11.1.6 age confidence dependencies major
@nestjs/swagger 7.3.0 -> 11.2.0 age confidence dependencies major
@types/node (source) 20.11.24 -> 22.17.2 age confidence devDependencies major
@typescript-eslint/eslint-plugin (source) 6.21.0 -> 8.40.0 age confidence devDependencies major
@typescript-eslint/parser (source) 6.21.0 -> 8.40.0 age confidence devDependencies major
actions/checkout v4 -> v5 age confidence action major
codecov/codecov-action v3 -> v5 age confidence action major
docker/build-push-action v5 -> v6 age confidence action major
dotenv 16.4.5 -> 17.2.1 age confidence dependencies major
eslint (source) 8.57.0 -> 9.34.0 age confidence devDependencies major
eslint-import-resolver-typescript 3.6.1 -> 4.4.4 age confidence devDependencies major
eslint-plugin-jest 27.9.0 -> 29.0.1 age confidence devDependencies major
husky 8.0.3 -> 9.1.7 age confidence devDependencies major
jest (source) 29.7.0 -> 30.0.5 age confidence devDependencies major
lint-staged 15.2.2 -> 16.1.5 age confidence devDependencies major
pnpm/action-setup v2.4.0 -> v4.1.0 age confidence action major
rimraf 5.0.5 -> 6.0.1 age confidence devDependencies major
turbo (source) 1.12.4 -> 2.5.6 age confidence devDependencies major

Release Notes

apollographql/apollo-server (@​apollo/server)

v5.0.0

Compare Source

BREAKING CHANGES

Apollo Server v5 has very few breaking API changes. It is a small upgrade focused largely on adjusting which versions of Node.js and Express are supported.

Read our migration guide for more details on how to update your app.

  • Dropped support for Node.js v14, v16, and v18, which are no longer under long-term support from the Node.js Foundation. Apollo Server 5 supports Node.js v20 and later; v24 is recommended. Ensure you are on a non-EOL version of Node.js before upgrading Apollo Server.
  • Dropped support for versions of the graphql library older than v16.11.0. (Apollo Server 4 supports graphql v16.6.0 or later.) Upgrade graphql before upgrading Apollo Server.
  • Express integration requires a separate package. In Apollo Server 4, you could import the Express 4 middleware from @apollo/server/express4, or you could import it from the separate package @as-integrations/express4. In Apollo Server 5, you must import it from the separate package. You can migrate your server to the new package before upgrading to Apollo Server 5. (You can also use @as-integrations/express5 for a middleware that works with Express 5.)
  • Usage Reporting, Schema Reporting, and Subscription Callback plugins now use the Node.js built-in fetch implementation for HTTP requests by default, instead of the node-fetch npm package. If your server uses an HTTP proxy to make HTTP requests, you need to configure it in a slightly different way. See the migration guide for details.
  • The server started with startStandaloneServer no longer uses Express. This is mostly invisible, but it does set slightly fewer headers. If you rely on the fact that this server is based on Express, you should explicitly use the Express middleware.
  • The experimental support for incremental delivery directives @defer and @stream (which requires using a pre-release version of graphql v17) now explicitly only works with version 17.0.0-alpha.2 of graphql. Note that this supports the same incremental delivery protocol implemented by Apollo Server 4, which is not the same protocol in the latest alpha version of graphql. As this support is experimental, we may switch over from "only alpha.2 is supported" to "only a newer alpha or final release is supported, with a different protocol" during the lifetime of Apollo Server 5.
  • Apollo Server is now compiled by the TypeScript compiler targeting the ES2023 standard rather than the ES2020 standard.
  • Apollo Server 5 responds to requests with variable coercion errors (eg, if a number is passed in the variables map for a variable declared in the operation as a String) with a 400 status code, indicating a client error. This is also the behavior of Apollo Server 3. Apollo Server 4 mistakenly responds to these requests with a 200 status code by default; we recommended the use of the status400ForVariableCoercionErrors: true option to restore the intended behavior. That option now defaults to true.
  • The unsafe precomputedNonce option to landing page plugins (which was only non-deprecated for 8 days) has been removed.
Patch Changes

There are a few other small changes in v5:

  • #​8076 5b26558 Thanks @​valters! - Fix some error logs to properly call logger.error or logger.warn with this set. This fixes errors or crashes from logger implementations that expect this to be set properly in their methods.

  • #​7515 100233a Thanks @​trevor-scheer! - ApolloServerPluginSubscriptionCallback now takes a fetcher argument, like the usage and schema reporting plugins. The default value is Node's built-in fetch.

  • Updated dependencies [100233a]:

v4.12.2

Compare Source

(No change; there is a change to the @apollo/server-integration-testsuite used to test integrations, and the two packages always have matching versions.)

v4.12.1

Compare Source

Patch Changes

v4.12.0

Compare Source

Minor Changes
  • #​8054 89e3f84 Thanks @​clenfest! - Adds a new graphql-js validation rule to reject operations that recursively request selections above a specified maximum, which is disabled by default. Use configuration option maxRecursiveSelections=true to enable with a maximum of 10,000,000, or maxRecursiveSelections=<number> for a custom maximum. Enabling this validation can help avoid performance issues with configured validation rules or plugins.
Patch Changes

v4.11.3

Compare Source

Patch Changes

v4.11.2

Compare Source

(No change; there is a change to the @apollo/server-integration-testsuite used to test integrations, and the two packages always have matching versions.)

v4.11.1

Compare Source

Patch Changes

  • #​7952 bb81b2c Thanks @​glasser! - Upgrade dependencies so that automated scans don't detect a vulnerability.

    @apollo/server depends on express which depends on cookie. Versions of express older than v4.21.1 depend on a version of cookie vulnerable to CVE-2024-47764. Users of older express versions who call res.cookie() or res.clearCookie() may be vulnerable to this issue.

    However, Apollo Server does not call this function directly, and it does not expose any object to user code that allows TypeScript users to call this function without an unsafe cast.

    The only way that this direct dependency can cause a vulnerability for users of Apollo Server is if you call startStandaloneServer with a context function that calls Express-specific methods such as res.cookie() or res.clearCookies() on the response object, which is a violation of the TypeScript types provided by startStandaloneServer (which only promise that the response object is a core Node.js http.ServerResponse rather than the Express-specific subclass). So this vulnerability can only affect Apollo Server users who use unsafe JavaScript or unsafe as typecasts in TypeScript.

    However, this upgrade will at least prevent vulnerability scanners from alerting you to this dependency, and we encourage all Express users to upgrade their project's own express dependency to v4.21.1 or newer.

v4.11.0

Compare Source

Minor Changes

  • #​7916 4686454 Thanks @​andrewmcgivery! - Add hideSchemaDetailsFromClientErrors option to ApolloServer to allow hiding 'did you mean' suggestions from validation errors.

    Even with introspection disabled, it is possible to "fuzzy test" a graph manually or with automated tools to try to determine the shape of your schema. This is accomplished by taking advantage of the default behavior where a misspelt field in an operation
    will be met with a validation error that includes a helpful "did you mean" as part of the error text.

    For example, with this option set to true, an error would read Cannot query field "help" on type "Query". whereas with this option set to false it would read Cannot query field "help" on type "Query". Did you mean "hello"?.

    We recommend enabling this option in production to avoid leaking information about your schema to malicious actors.

    To enable, set this option to true in your ApolloServer options:

    const server = new ApolloServer({
  typeDefs,
  resolvers,
  hideSchemaDetailsFromClientErrors: true,
});

v4.10.5

Compare Source

Patch Changes

v4.10.4

Compare Source

Patch Changes
  • #​7871 18a3827 Thanks @​tninesling! - Subscription heartbeats are initialized prior to awaiting subscribe(). This allows long-running setup to happen in the returned Promise without the subscription being terminated prior to resolution.

v4.10.3

Compare Source

Patch Changes
  • #​7866 5f335a5 Thanks @​tninesling! - Catch errors thrown by subscription generators, and gracefully clean up the subscription instead of crashing.

v4.10.2

Compare Source

Patch Changes
  • #​7849 c7e514c Thanks @​TylerBloom! - In the subscription callback server plugin, terminating a subscription now immediately closes the internal async generator. This avoids that generator existing after termination and until the next message is received.

v4.10.1

Compare Source

Patch Changes
  • #​7843 72f568e Thanks @​bscherlein! - Improves timing of the willResolveField end hook on fields which return Promises resolving to Arrays. This makes the use of the setCacheHint method more reliable.
apollo-server-integrations/apollo-server-integration-fastify (@​as-integrations/fastify)

v3.0.0

Compare Source

-- BREAKING: Requires Node >= 20
-- BREAKING: Requires Typescript >= 5.4
-- FEATURE: Update to support fastify v5 #​302

fastify/fastify-static (@​fastify/static)

v8.2.0

Compare Source

v8.1.1

Compare Source

What's Changed

New Contributors

Full Changelog: fastify/fastify-static@v8.1.0...v8.1.1

v8.1.0

Compare Source

What's Changed

New Contributors

Full Changelog: fastify/fastify-static@v8.0.4...v8.1.0

v8.0.4

Compare Source

What's Changed

New Contributors

Full Changelog: fastify/fastify-static@v8.0.3...v8.0.4

v8.0.3

Compare Source

What's Changed

New Contributors

Full Changelog: fastify/fastify-static@v8.0.2...v8.0.3

v8.0.2

Compare Source

What's Changed

Full Changelog: fastify/fastify-static@v8.0.1...v8.0.2

v8.0.1

Compare Source

What's Changed

Full Changelog: fastify/fastify-static@v8.0.0...v8.0.1

v8.0.0

Compare Source

What's Changed

Full Changelog: fastify/fastify-static@v7.0.4...v8.0.0

v7.0.4

Compare Source

What's Changed

New Contributors

Full Changelog: fastify/fastify-static@v7.0.3...v7.0.4

v7.0.3

Compare Source

What's Changed

Full Changelog: fastify/fastify-static@v7.0.2...v7.0.3

v7.0.2

Compare Source

What's Changed

New Contributors

Full Changelog: fastify/fastify-static@v7.0.1...v7.0.2

v7.0.1

Compare Source

What's Changed

Full Changelog: fastify/fastify-static@v7.0.0...v7.0.1

v7.0.0

Compare Source

What's Changed

New Contributors

Full Changelog: fastify/fastify-static@v6.12.0...v7.0.0

jestjs/jest (@​jest/globals)

v30.0.5

Compare Source

Features
  • [jest-config] Allow testMatch to take a string value
  • [jest-worker] Let workerIdleMemoryLimit accept 0 to always restart worker child processes
Fixes

v30.0.4

Compare Source

Features
  • [expect] The Inverse type is now exported (#​15714)
  • [expect] feat: support async functions in toBe (#​15704)
Fixes
  • [jest] jest --onlyFailures --listTests now correctly lists only failed tests (#​15700)
  • [jest-snapshot] Handle line endings in snapshots (#​15708)

v30.0.3

Compare Source

Fixes
  • [jest-config] Fix ESM TS config loading in a CJS project (#​15694)
  • [jest-core] jest --onlyFailures --listTests now correctly lists only failed tests(#​15700)
Features
  • [jest-diff] Show non-printable control characters to diffs (#​15696)

v30.0.2

Compare Source

Fixes
  • [jest-matcher-utils] Make 'deepCyclicCopyObject' safer by setting descriptors to a null-prototype object (#​15689)
  • [jest-util] Make garbage collection protection property writable (#​15689)

v30.0.1

Compare Source

Features
  • [jest-resolver] Implement the defaultAsyncResolver (#​15679)
Fixes
  • [jest-resolver] Resolve builtin modules correctly (#​15683)
  • [jest-environment-node, jest-util] Avoid setting globals cleanup protection symbol when feature is off (#​15684)
Chore & Maintenance
  • [*] Remove and deprecate jest-repl package (#​15673)
  • [jest-resolver] Replace custom isBuiltinModule with node's isBuiltin (#​15685)

v30.0.0

Compare Source

Features
  • [*] Renamed globalsCleanupMode to globalsCleanup and --waitNextEventLoopTurnForUnhandledRejectionEvents to --waitForUnhandledRejections
  • [expect] Add ArrayOf asymmetric matcher for validating array elements. (#​15567)
  • [babel-jest] Add option excludeJestPreset to allow opting out of babel-preset-jest (#​15164)
  • [expect] Revert #​15038 to fix expect(fn).toHaveBeenCalledWith(expect.objectContaining(...)) when there are multiple calls (#​15508)
  • [jest-circus, jest-cli, jest-config] Add waitNextEventLoopTurnForUnhandledRejectionEvents flag to minimise performance impact of correct detection of unhandled promise rejections introduced in #​14315 (#​14681)
  • [jest-circus] Add a waitBeforeRetry option to jest.retryTimes (#​14738)
  • [jest-circus] Add a retryImmediately option to jest.retryTimes (#​14696)
  • [jest-circus, jest-jasmine2] Allow setupFilesAfterEnv to export an async function (#​10962)
  • [jest-circus, jest-test-result] Add startedAt timestamp in TestCaseResultObject within onTestCaseResult (#​15145)
  • [jest-cli] Export buildArgv (#​15310)
  • [jest-config] [BREAKING] Add mts and cts to default moduleFileExtensions config (#​14369)
  • [jest-config] [BREAKING] Update testMatch and testRegex default option for supporting mjs, cjs, mts, and cts (#​14584)
  • [jest-config] Loads config file from provided path in package.json (#​14044)
  • [jest-config] Allow loading jest.config.cts files (#​14070)
  • [jest-config] Show rootDir in error message when a preset fails to load (#​15194)
  • [jest-config] Support loading TS config files using esbuild-register via docblock loader ([#​15190](https://redirect.gi

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from adrianmjim as a code owner January 8, 2024 09:48
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch 3 times, most recently from 92cc168 to 132f1f3 Compare January 15, 2024 08:27
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch 2 times, most recently from 168e9fa to d84e471 Compare January 25, 2024 04:53
@renovate renovate bot changed the title chore(deps): update all major dependencies to v6 (major) chore(deps): update all major dependencies (major) Jan 25, 2024
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch 8 times, most recently from 68316ef to ce0d625 Compare January 31, 2024 18:23
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch from ce0d625 to 10dc814 Compare February 1, 2024 17:22
@renovate renovate bot changed the title chore(deps): update all major dependencies (major) fix(deps): update all major dependencies (major) Feb 1, 2024
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch 5 times, most recently from 8acca9c to 1cdda7f Compare February 11, 2024 19:16
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch 5 times, most recently from a01f85d to 68d568a Compare February 19, 2024 18:16
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch from 68d568a to 4642f27 Compare February 22, 2024 00:24
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch 2 times, most recently from 06eb434 to 280111a Compare May 5, 2025 11:09
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch 2 times, most recently from 4659881 to 00cedb4 Compare May 11, 2025 19:30
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch from 00cedb4 to 7753174 Compare May 17, 2025 16:11
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch 3 times, most recently from 1067cb7 to e17b0e2 Compare May 26, 2025 05:59
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch 4 times, most recently from fb78cdd to cf690a0 Compare June 7, 2025 02:48
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch from cf690a0 to 682099c Compare June 14, 2025 00:00
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch from 682099c to 7fe9039 Compare June 22, 2025 04:09
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch 2 times, most recently from f1e8138 to 3070479 Compare July 7, 2025 20:48
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch from 3070479 to 31cdfc5 Compare July 20, 2025 08:12
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch 7 times, most recently from 3912932 to 1cd6581 Compare August 9, 2025 03:11
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch 3 times, most recently from b335e99 to 8f5dc85 Compare August 16, 2025 03:32
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch from 8f5dc85 to 91dcbcf Compare August 18, 2025 18:57
@renovate renovate bot force-pushed the renovate/major-all-major-dependencies branch from 91dcbcf to f970649 Compare August 22, 2025 23:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adrianmjim adrianmjim Awaiting requested review from adrianmjim adrianmjim is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
breaking dependencies
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants