Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump qs, apollo-server-koa and koa-bodyparser #32

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build(deps): bump qs, apollo-server-koa and koa-bodyparser #32

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Dec 6, 2022
edited
Loading

Bumps qs to 6.11.0 and updates ancestor dependencies qs, qs, apollo-server-koa and koa-bodyparser. These dependencies need to be updated together.

Updates qs from 6.7.0 to 6.11.0

Changelog

Sourced from qs's changelog.

6.11.0

  • [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option (#442)
  • [readme] fix version badge

6.10.5

  • [Fix] stringify: with arrayFormat: comma, properly include an explicit [] on a single-item array (#434)

6.10.4

  • [Fix] stringify: with arrayFormat: comma, include an explicit [] on a single-item array (#441)
  • [meta] use npmignore to autogenerate an npmignore file
  • [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, object-inspect, tape

6.10.3

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [actions] reuse common workflows
  • [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape

6.10.2

  • [Fix] stringify: actually fix cyclic references (#426)
  • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] add note and links for coercing primitive values (#408)
  • [actions] update codecov uploader
  • [actions] update workflows
  • [Tests] clean up stringify tests slightly
  • [Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, safe-publish-latest, tape

6.10.1

  • [Fix] stringify: avoid exception on repeated object values (#402)

6.10.0

  • [New] stringify: throw on cycles, instead of an infinite loop (#395, #394, #393)
  • [New] parse: add allowSparse option for collapsing arrays with missing indices (#312)
  • [meta] fix README.md (#399)
  • [meta] only run npm run dist in publish, not install
  • [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbols, tape
  • [Tests] fix tests on node v0.6
  • [Tests] use ljharb/actions/node/install instead of ljharb/actions/node/run
  • [Tests] Revert "[meta] ignore eclint transitive audit warning"

6.9.7

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] add note and links for coercing primitive values (#408)
  • [Tests] clean up stringify tests slightly
  • [meta] fix README.md (#399)
  • Revert "[meta] ignore eclint transitive audit warning"

... (truncated)

Commits
  • 56763c1 v6.11.0
  • ddd3e29 [readme] fix version badge
  • c313472 [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option
  • 95bc018 v6.10.5
  • 0e903c0 [Fix] stringify: with arrayFormat: comma, properly include an explicit `[...
  • ba9703c v6.10.4
  • 4e44019 [Fix] stringify: with arrayFormat: comma, include an explicit [] on a s...
  • 113b990 [Dev Deps] update object-inspect
  • c77f38f [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, tape
  • 2cf45b2 [meta] use npmignore to autogenerate an npmignore file
  • Additional commits viewable in compare view

Updates qs from 6.5.2 to 6.11.0

Changelog

Sourced from qs's changelog.

6.11.0

  • [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option (#442)
  • [readme] fix version badge

6.10.5

  • [Fix] stringify: with arrayFormat: comma, properly include an explicit [] on a single-item array (#434)

6.10.4

  • [Fix] stringify: with arrayFormat: comma, include an explicit [] on a single-item array (#441)
  • [meta] use npmignore to autogenerate an npmignore file
  • [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, object-inspect, tape

6.10.3

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [actions] reuse common workflows
  • [Dev Deps] update eslint, @ljharb/eslint-config, object-inspect, tape

6.10.2

  • [Fix] stringify: actually fix cyclic references (#426)
  • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] add note and links for coercing primitive values (#408)
  • [actions] update codecov uploader
  • [actions] update workflows
  • [Tests] clean up stringify tests slightly
  • [Dev Deps] update eslint, @ljharb/eslint-config, aud, object-inspect, safe-publish-latest, tape

6.10.1

  • [Fix] stringify: avoid exception on repeated object values (#402)

6.10.0

  • [New] stringify: throw on cycles, instead of an infinite loop (#395, #394, #393)
  • [New] parse: add allowSparse option for collapsing arrays with missing indices (#312)
  • [meta] fix README.md (#399)
  • [meta] only run npm run dist in publish, not install
  • [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbols, tape
  • [Tests] fix tests on node v0.6
  • [Tests] use ljharb/actions/node/install instead of ljharb/actions/node/run
  • [Tests] Revert "[meta] ignore eclint transitive audit warning"

6.9.7

  • [Fix] parse: ignore __proto__ keys (#428)
  • [Fix] stringify: avoid encoding arrayformat comma when encodeValuesOnly = true (#424)
  • [Robustness] stringify: avoid relying on a global undefined (#427)
  • [readme] remove travis badge; add github actions/codecov badges; update URLs
  • [Docs] add note and links for coercing primitive values (#408)
  • [Tests] clean up stringify tests slightly
  • [meta] fix README.md (#399)
  • Revert "[meta] ignore eclint transitive audit warning"

... (truncated)

Commits
  • 56763c1 v6.11.0
  • ddd3e29 [readme] fix version badge
  • c313472 [New] [Fix] stringify: revert 0e903c0; add commaRoundTrip option
  • 95bc018 v6.10.5
  • 0e903c0 [Fix] stringify: with arrayFormat: comma, properly include an explicit `[...
  • ba9703c v6.10.4
  • 4e44019 [Fix] stringify: with arrayFormat: comma, include an explicit [] on a s...
  • 113b990 [Dev Deps] update object-inspect
  • c77f38f [Dev Deps] update eslint, @ljharb/eslint-config, aud, has-symbol, tape
  • 2cf45b2 [meta] use npmignore to autogenerate an npmignore file
  • Additional commits viewable in compare view

Updates apollo-server-koa from 2.4.8 to 2.26.1

Changelog

Sourced from apollo-server-koa's changelog.

v2.26.1

  • Update fork of graphql-upload to a version that specifies its dependency on @types/fs-capacitor more precisely to fix a build breakage. [Issue #7060](apollographql/apollo-server#7060)

v2.26.0

  • Backport [PR #5537](apollographql/apollo-server#5537) from Apollo Server 3. This fixes a TypeScript declaration relating to the Fetch API. We believe this will make it possible to use Apollo Server 2 with Apollo Gateway 0.52.0. (This change does not provide any functionality other than hopefully fixing some TypeScript builds, so if it turns out that this breaks your TypeScript build instead, just don't take the upgrade. We encourage you to upgrade to actively supported Apollo major versions instead.) [PR #6829](apollographql/apollo-server#6829)

v2.25.4

  • ⚠️ SECURITY: If your server does not explicitly enable graphql-upload support via the uploads option to new ApolloServer and your schema does not use the Upload scalar (other than in its own definition), Apollo Server will not process the multipart/form-data requests sent by graphql-upload clients. This fixes a Cross-Site Request Forgery (CSRF) vulnerability where origins could cause browsers to execute mutations using a user's cookies even when those origins are not allowed by your CORS policy. If you do use uploads in your server, the vulnerability still exists with this version; you should instead upgrade to Apollo Server v3.7 and enable the CSRF prevention feature. (The AS3.7 CSRF prevention feature also protects against other forms of CSRF such as timing attacks against read-only query operations.) See advisory GHSA-2p3c-p3qw-69r4 for more details.

v2.25.3

  • ⚠️ SECURITY apollo-server-core: Update default version of the GraphQL Playground React app loaded from the CDN to be @apollographql/[email protected]. This patches an XSS vulnerability. Note that if you are pinning the Playground React app version in your app with new ApolloServer({playground: {version: 'some version'}}), you will need to update the specified version to 1.7.42 or later to avoid this vulnerability. If you disable GraphQL Playground with new ApolloServer({playground: false}), this vulnerability does not affect you. See advisory GHSA-qm7x-rc44-rrqw for more details.

v2.25.2

v2.25.1

  • apollo-server-core, apollo-server-express: Upgrade subscriptions-transport-ws dependency and remove unneeded runtime dependency on ws. This should enable you to install Apollo Server without depending on versions of ws vulnerable to CVE-2021-32640. Note that the superficial integration of the unmaintained subscriptions-transport-ws package will be removed in Apollo Server 3; you can also avoid this vulnerability by disabling the built-in subscription support with new ApolloServer({subscriptions: false}) and using a maintained package such as graphql-ws instead. (Instead of taking this upgrade, you can also upgrade ws to 5.2.3, which was just released.)

v2.25.0

  • apollo-server-core: You may now specify your Studio graph as a graph ref (id@variant) via the APOLLO_GRAPH_REF environment variable or new ApolloServer({apollo: {graphRef}}) instead of specifying graph ID and graph variant separately. The apollo object passed to plugin serverWillStart and to gateway load now contains a graphRef field.
  • apollo-server-core: Fix a race condition where schema reporting could lead to a delay at process shutdown. [PR #5222](apollographql/apollo-server#5222)
  • apollo-server-core: Allow the Fetch API implementation to be overridden for the schema reporting and usage reporting plugins via a new fetcher option. [PR #5179](apollographql/apollo-server#5179)
  • apollo-server-core: The server.executeOperation method (designed for testing) can now take its query as a DocumentNode (eg, a gql-tagged string) in addition to as a string. (This matches the behavior of the apollo-server-testing createTestClient function which is now deprecated.) We now recommend this method instead of apollo-server-testing in our docs. [Issue #4952](apollographql/apollo-server#4952)
  • apollo-server-testing: Replace README with a deprecation notice explaining how to use server.executeOperation instead. [Issue #4952](apollographql/apollo-server#4952)

v2.24.1

  • apollo-server-core: Fix a typo that could lead to TypeScript compilation when combined with a recent version of @types/node. (This bug had no runtime effect.) [PR #5149](apollographql/apollo-server#5149)

v2.24.0

  • apollo-server-core: Apollo Studio usage reporting uses a more efficient format which sends fewer detailed traces to Apollo's server. This change should not have a major effect on the experience of using Apollo Studio. [PR #4142](apollographql/apollo-server#4142)

v2.23.0

  • apollo-server-core: Add optional argument to ApolloServer.executeOperation allowing the caller to manually specify an argument to the config function analogous to that provided by integration packages. [PR #4166](apollographql/apollo-server#4166) [Issue #2886](apollographql/apollo-server#2886)
  • [email protected]: New BaseRedisCache class which takes an ioredis-compatible Redis client as an argument. The existing classes RedisCache and RedisClusterCache (which pass their arguments to ioredis constructors) are now implemented in terms of this class. This allows you to use any of the ioredis constructor forms rather than just the ones recognized by our classes. This also fixes a long-standing bug where the Redis cache implementations returned a number from delete(); it now returns a number, matching what the KeyValueCache interface and the TypeScript types expect. [PR #5034](apollographql/apollo-server#5034) [PR #5088](apollographql/apollo-server#5088) [Issue #4870](apollographql/apollo-server#4870) [Issue #5006](apollographql/apollo-server#5006)
  • apollo-server-core: Fix type for formatResponse function. It never is called with a null argument, and is allowed to return null. [Issue #5009](apollographql/apollo-server#5009) [PR #5089](apollographql/apollo-server#5089)
  • apollo-server-lambda: Fix regression in v2.21.2 where thrown errors were replaced by throwing the JS Error class itself. [PR #5085](apollographql/apollo-server#5085)
  • apollo-server-core: If a client sends a variable of the wrong type, this is now reported as an error with an extensions.code of BAD_USER_INPUT rather than INTERNAL_SERVER_ERROR. [PR #5091](apollographql/apollo-server#5091) [Issue #3498](apollographql/apollo-server#3498)
  • apollo-server-lambda: Explicitly support API Gateway payloadFormatVersion 2.0. Previously some codepaths did appropriate checks to partially support 2.0 and other codepaths could lead to errors like event.path.endsWith is not a function (especially since v2.21.1). Note that this changes the TypeScript typing of the onHealthCheck callback passed to createHandler to indicate that it can receive either type of event. If you are using TypeScript and care about having a precise typing for the argument to your onHealthCheck callback, you should determine which payload format you want to support and write new ApolloServer<APIGatewayProxyEvent>(...) or new ApolloServer<APIGatewayProxyEventV2>(...) (importing these types from aws-lambda), or differentiate between the two formats by checking to see if 'path' in event. [Issue #5084](apollographql/apollo-server#5084) [Issue #5016](apollographql/apollo-server#5016)

v2.22.2

... (truncated)

Commits

Updates koa-bodyparser from 3.2.0 to 4.3.0

Changelog

Sourced from koa-bodyparser's changelog.

4.3.0 / 2020-03-24

features

others

  • [6fd7e9c] - docs: add multipart tips (dead-horse )
  • [57c0022] - Fix typo in README.md (#112) (Adrian Pascu )

4.2.1 / 2018-05-21

others

  • [b270d5d] - deps: upgrade co-body (#104) (Haoliang Gao )
  • [d234345] - docs(readme): update opts encode -> encoding (#103) (Matthew Scragg )
  • [db193f5] - chore:replace indexOf with includes (#90) (coderzzp )

4.2.0 / 2017-03-21

  • feat: ctx.request.rawBody to get raw request body (#70)

4.1.0 / 2017-03-02

  • deps: upgrade co-body@5 (#64)

4.0.0 / 2017-02-27

  • refactor: use async function and support koa@2 (#62)

2.3.0 / 2016-11-14

  • feat: support dynamic disable body parser

2.2.0 / 2016-05-16

  • feat: support enableTypes and text (#44)

2.1.0 / 2016-05-10

  • deps: co-body@4

2.0.1 / 2015-08-12

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump qs, apollo-server-koa and koa-bodyparser
a1f2868 
Bumps [qs](https://github.com/ljharb/qs) to 6.11.0 and updates ancestor dependencies [qs](https://github.com/ljharb/qs), [qs](https://github.com/ljharb/qs), [apollo-server-koa](https://github.com/apollographql/apollo-server/tree/HEAD/packages/apollo-server-koa) and [koa-bodyparser](https://github.com/koajs/bodyparser). These dependencies need to be updated together.


Updates `qs` from 6.7.0 to 6.11.0
- [Release notes](https://github.com/ljharb/qs/releases)
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.7.0...v6.11.0)

Updates `qs` from 6.5.2 to 6.11.0
- [Release notes](https://github.com/ljharb/qs/releases)
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.7.0...v6.11.0)

Updates `apollo-server-koa` from 2.4.8 to 2.26.1
- [Release notes](https://github.com/apollographql/apollo-server/releases)
- [Changelog](https://github.com/apollographql/apollo-server/blob/[email protected]/CHANGELOG.md)
- [Commits](https://github.com/apollographql/apollo-server/commits/[email protected]/packages/apollo-server-koa)

Updates `koa-bodyparser` from 3.2.0 to 4.3.0
- [Release notes](https://github.com/koajs/bodyparser/releases)
- [Changelog](https://github.com/koajs/bodyparser/blob/master/History.md)
- [Commits](koajs/bodyparser@3.2.0...4.3.0)

---
updated-dependencies:
- dependency-name: qs
  dependency-type: indirect
- dependency-name: qs
  dependency-type: indirect
- dependency-name: apollo-server-koa
  dependency-type: direct:production
- dependency-name: koa-bodyparser
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Dec 6, 2022
@dependabot dependabot bot mentioned this pull request Dec 6, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants