-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Upgrade @apollo/client from 3.3.11 to 3.12.2 #1732
base: canary
Are you sure you want to change the base?
Conversation
Snyk has created this PR to upgrade @apollo/client from 3.3.11 to 3.12.2. See this package in npm: @apollo/client See this project in Snyk: https://app.snyk.io/org/sammyfilly/project/e7858787-e4f8-4199-b0a4-f0fd87f932b1?utm_source=github&utm_medium=referral&page=upgrade-pr
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
Run & review this pull request in StackBlitz Codeflow. |
Deployment failed with the following error:
|
|
Reviewer's Guide by SourceryThis PR upgrades @apollo/client from 3.3.11 to 3.12.2. This addresses a medium severity information exposure vulnerability and includes several other fixes and improvements. Class diagram showing new data masking feature in Apollo Client 3.12.2classDiagram
class ApolloClient {
+dataMasking: boolean
+configure()
}
class DataMasking {
+mode: string
+unmask()
+migrate()
}
class Fragment {
+@unmask
+@unmask(mode: 'migrate')
}
ApolloClient --> DataMasking : enables
DataMasking --> Fragment : applies to
note for DataMasking "New feature in 3.12.2
Enforces field access control"
File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have skipped reviewing this pull request. Here's why:
- It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
- We don't review packaging changes - Let us know if you'd like us to change this.
Snyk has created this PR to upgrade @apollo/client from 3.3.11 to 3.12.2.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 273 versions ahead of your current version.
The recommended version was released a month ago.
Issues fixed by the recommended upgrade:
SNYK-JS-APOLLOCLIENT-1085706
Release notes
Package name: @apollo/client
Patch Changes
84af347
Thanks @ jerelmiller! - Update peer deps to allow for React 19 stable release.Patch Changes
e1efe74
Thanks @ phryneas! - Fix import extension in masking entry point.Minor Changes
Data masking 🎭
#12042
1c0ecbf
Thanks @ jerelmiller! - Introduces data masking in Apollo Client.Data masking enforces that only the fields requested by the query or fragment is available to that component. Data masking is best paired with colocated fragments.
To enable data masking in Apollo Client, set the
dataMasking
option totrue
.For detailed information on data masking, including how to incrementally adopt it in an existing applications, see the data masking documentation.
#12131
21c3f08
Thanks @ jerelmiller! - Allownull
as a validfrom
value inuseFragment
.More Patch Changes
#12126
d10d702
Thanks @ jerelmiller! - Maintain the existing document if its unchanged by the codemod and move to more naive whitespace formatting#12150
9ed1e1e
Thanks @ jerelmiller! - Fix issue when usingUnmasked
with older versions of TypeScript when used with array fields.#12116
8ae6e4e
Thanks @ jerelmiller! - Prevent field accessor warnings when using@ unmask(mode: "migrate")
on objects that are passed intocache.identify
.#12120
6a98e76
Thanks @ jerelmiller! - Provide a codemod that applies@ unmask
to all named fragments for all operations and fragments.Learn how to use the codemod in the incremental adoption documentation.
#12134
cfaf4ef
Thanks @ jerelmiller! - Fix issue where data went missing when an unmasked fragment in migrate mode selected fields that the parent did not.#12154
d933def
Thanks @ phryneas! - Data masking types: handle overlapping nested array types and fragments on interface types.#12139
5a53e15
Thanks @ phryneas! - Fix issue where masked data would sometimes get returned when the field was part of a child fragment from a fragment unmasked by the parent query.#12123
8422a30
Thanks @ jerelmiller! - Warn when using data masking with "no-cache" operations.#12139
5a53e15
Thanks @ phryneas! - Fix issue where the warning emitted by@ unmask(mode: "migrate")
would trigger unnecessarily when the fragment was used alongside a masked fragment inside an inline fragment.#12114
1d4ce00
Thanks @ jerelmiller! - Fix error when combining@ unmask
and@ defer
directives on a fragment spread when data masking is enabled.#12130
1e7d009
Thanks @ jerelmiller! - Fix error thrown when applying unmask migrate mode warnings on interface types with selection sets that contain inline fragment conditions.#12152
78137ec
Thanks @ phryneas! - Add a helper that will skip the TS unmasking alorithm when no fragments are present on type level#12126
d10d702
Thanks @ jerelmiller! - Ensure documents unchanged by the codemod are left untouched.#12133
a6ece37
Thanks @ jerelmiller! - Ensurenull
is retained in nullable types when unmasking a type with theUnmasked
helper type.#12139
5a53e15
Thanks @ phryneas! - Fix issue that threw errors when masking partial data with@ unmask(mode: "migrate")
.Patch Changes
d933def
Thanks @ phryneas! - Data masking types: handle overlapping nested array types and fragments on interface types.Patch Changes
#12150
9ed1e1e
Thanks @ jerelmiller! - Fix issue when usingUnmasked
with older versions of TypeScript when used with array fields.#12152
78137ec
Thanks @ phryneas! - Add a helper that will skip the TS unmasking alorithm when no fragments are present on type levelPatch Changes
#12139
5a53e15
Thanks @ phryneas! - Fix issue where masked data would sometimes get returned when the field was part of a child fragment from a fragment unmasked by the parent query.#12139
5a53e15
Thanks @ phryneas! - Fix issue where the warning emitted by@ unmask(mode: "migrate")
would trigger unnecessarily when the fragment was used alongside a masked fragment inside an inline fragment.#12139
5a53e15
Thanks @ phryneas! - Fix issue that threw errors when masking partial data with@ unmask(mode: "migrate")
.Minor Changes
21c3f08
Thanks @ jerelmiller! - Allownull
as a validfrom
value inuseFragment
.Patch Changes
#12126
d10d702
Thanks @ jerelmiller! - Maintain the existing document if its unchanged by the codemod and move to more naive whitespace formatting#12134
cfaf4ef
Thanks @ jerelmiller! - Fix issue where data went missing when an unmasked fragment in migrate mode selected fields that the parent did not.#12130
1e7d009
Thanks @ jerelmiller! - Fix error thrown when applying unmask migrate mode warnings on interface types with selection sets that contain inline fragment conditions.#12126
d10d702
Thanks @ jerelmiller! - Ensure documents unchanged by the codemod are left untouched.#12133
a6ece37
Thanks @ jerelmiller! - Ensurenull
is retained in nullable types when unmasking a type with theUnmasked
helper type.Patch Changes
#12116
8ae6e4e
Thanks @ jerelmiller! - Prevent field accessor warnings when using@ unmask(mode: "migrate")
on objects that are passed intocache.identify
.#12120
6a98e76
Thanks @ jerelmiller! - Provide a codemod that applies@ unmask
to all named fragments for all operations and fragments. To use the codemod, run the following command:To customize the tag used to search for GraphQL operations, use the
--tag
option. By default the codemod looks forgql
andgraphql
tags.To apply the directive in migrate mode in order to receive runtime warnings on potentially masked fields, use the
--mode migrate
option.For more information on the options that can be used with
jscodeshift
, check out thejscodeshift
documentation.#12121
1085a95
Thanks @ jerelmiller! - Warn when using data masking with "no-cache" operations.#12114
1d4ce00
Thanks @ jerelmiller! - Fix error when combining@ unmask
and@ defer
directives on a fragment spread when data masking is enabled.Patch Changes
1765668
Thanks @ mgmolisani! - Fixed a bug when evaluating the devtools flag with the new syntaxdevtools.enabled
that could result totrue
when explicitly set tofalse
.Patch Changes
a3f95c6
Thanks @ jerelmiller! - Fix an issue where errors returned from afetchMore
call from a Suspense hook would cause a Suspense boundary to be shown indefinitely.Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information:
Summary by Sourcery
Upgrade @apollo/client from 3.3.11 to 3.12.2.
Bug Fixes:
Enhancements: