-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Revert cloneDeep-ing request headers #10215
Merged
MrDoomBringer
merged 3 commits into
apollographql:main
from
MrDoomBringer:cloneDeepSymbols
Nov 8, 2022
Merged
Revert cloneDeep-ing request headers #10215
MrDoomBringer
merged 3 commits into
apollographql:main
from
MrDoomBringer:cloneDeepSymbols
Nov 8, 2022
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
MrDoomBringer
force-pushed
the
cloneDeepSymbols
branch
from
October 20, 2022 15:01
2d5f4b1
to
495fddd
Compare
@MrDoomBringer Can you add some tests so we don't break this again in the future? |
On second thought, what if b4ffcb6 was a mistake/regression? Could we revert those changes (or find another way) instead of trying to make |
MrDoomBringer
changed the title
Fix some dynamic header issues by supporting Symbols in cloneDeep
Revert attempt to cloneDeep request headers
Oct 27, 2022
MrDoomBringer
force-pushed
the
cloneDeepSymbols
branch
from
October 31, 2022 19:06
a27b87c
to
b335697
Compare
MrDoomBringer
changed the title
Revert attempt to cloneDeep request headers
Fix some dynamic header issues by supporting Symbols in cloneDeep
Oct 31, 2022
MrDoomBringer
force-pushed
the
cloneDeepSymbols
branch
from
November 1, 2022 17:24
d42ee1b
to
b335697
Compare
MrDoomBringer
changed the title
Fix some dynamic header issues by supporting Symbols in cloneDeep
Revert attempt to cloneDeep request headers
Nov 1, 2022
MrDoomBringer
changed the title
Revert attempt to cloneDeep request headers
Revert cloneDeep-ing request headers
Nov 1, 2022
MrDoomBringer
force-pushed
the
cloneDeepSymbols
branch
from
November 8, 2022 15:31
b335697
to
7aab83f
Compare
This was referenced Dec 8, 2022
Merged
cbush
pushed a commit
to mongodb/docs-realm
that referenced
this pull request
Feb 13, 2023
<h3>Snyk has created this PR to upgrade @apollo/client from 3.5.10 to 3.7.3.</h3> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/> - The recommended version is **48 versions** ahead of your current version. - The recommended version was released **2 months ago**, on 2022-12-15. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Prototype Pollution<br/> [SNYK-JS-LOADERUTILS-3043105](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Prototype Pollution<br/> [SNYK-JS-LOADERUTILS-3043105](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Remote Code Execution (RCE)<br/> [SNYK-JS-EJS-2803307](https://snyk.io/vuln/SNYK-JS-EJS-2803307) | **375/1000** <br/> **Why?** CVSS 7.5 | Proof of Concept <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Denial of Service (DoS)<br/> [SNYK-JS-DECODEURICOMPONENT-3149970](https://snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970) | **375/1000** <br/> **Why?** CVSS 7.5 | Proof of Concept <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Prototype Pollution<br/> [SNYK-JS-ASYNC-2441827](https://snyk.io/vuln/SNYK-JS-ASYNC-2441827) | **375/1000** <br/> **Why?** CVSS 7.5 | Proof of Concept <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-TERSER-2806366](https://snyk.io/vuln/SNYK-JS-TERSER-2806366) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Denial of Service (DoS)<br/> [SNYK-JS-NWSAPI-2841516](https://snyk.io/vuln/SNYK-JS-NWSAPI-2841516) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-LOADERUTILS-3105943](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-LOADERUTILS-3042992](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-LOADERUTILS-3105943](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-LOADERUTILS-3042992](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Prototype Pollution<br/> [SNYK-JS-JSON5-3182856](https://snyk.io/vuln/SNYK-JS-JSON5-3182856) | **375/1000** <br/> **Why?** CVSS 7.5 | Proof of Concept <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Prototype Pollution<br/> [SNYK-JS-JSON5-3182856](https://snyk.io/vuln/SNYK-JS-JSON5-3182856) | **375/1000** <br/> **Why?** CVSS 7.5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised. <details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>@apollo/client</b></summary> <ul> <li> <b>3.7.3</b> - <a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.7.3">2022-12-15</a></br><h3>Patch Changes</h3> <ul> <li> <p><a href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10334" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10334/hovercard">#10334</a> <a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/7d923939dd7e6db7d69f04f598c666104b076e78"><code>7d923939d</code></a> Thanks <a href="https://snyk.io/redirect/github/jerelmiller">@ jerelmiller</a>! - Better handle deferred queries that have cached or partial cached data for them</p> </li> <li> <p><a href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10368" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10368/hovercard">#10368</a> <a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/46b58e9762abbffaee5c9abda8e309bea6d7a785"><code>46b58e976</code></a> Thanks <a href="https://snyk.io/redirect/github/alessbell">@ alessbell</a>! - Fix: unblocks support for defer in mutations</p> <p>If the <code>@ defer</code> directive is present in the document passed to <code>mutate</code>, the Promise will resolve with the final merged data after the last multipart chunk has arrived in the response.</p> </li> </ul> </li> <li> <b>3.7.2</b> - <a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.7.2">2022-12-06</a></br><h2>Improvements (from <a href="https://snyk.io/redirect/github/apollographql/apollo-client/blob/main/CHANGELOG.md"><code>CHANGELOG.md</code></a>)</h2> <ul> <li> <p>Only show dev tools suggestion in the console when <code>connectToDevTools</code> is <code>true</code>.<br> <a href="https://snyk.io/redirect/github/chris110408">@ chris110408</a> in <a href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10258" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10258/hovercard">#10258</a></p> </li> <li> <p>Pass <code>TCache</code> generic to <code>MutationHookOptions</code> for better type support in <code>useMutation</code>.<br> <a href="https://snyk.io/redirect/github/igrlk">@ igrlk</a> in <a href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10223" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10223/hovercard">#10223</a></p> </li> <li> <p>Add <code>name</code> property to <code>ApolloError</code> to ensure better type safety and help error reporting tools better identify the error.<br> <a href="https://snyk.io/redirect/github/aaronadamsCA">@ aaronadamsCA</a> in <a href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/9323" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/9323/hovercard">#9323</a></p> </li> <li> <p>Export a <code>ModifierDetails</code> type for the <code>details</code> parameter of a <code>Modifier</code> function.<br> <a href="https://snyk.io/redirect/github/KeithGillette">@ KeithGillette</a> in <a href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/7133" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/7133/hovercard">#7133</a></p> </li> <li> <p>Revert use of <code>cloneDeep</code> to clone options when fetching queries.<br> <a href="https://snyk.io/redirect/github/MrDoomBringer">@ MrDoomBringer</a> in <a href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10215" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10215/hovercard">#10215</a></p> </li> </ul> <h2>What's Changed (auto-generated by GitHub)</h2> <ul> <li>Add connect to dev tools check by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/chris110408/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/chris110408">@ chris110408</a> in <a aria-label="Pull request #10258" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1433824820" data-permission-text="Title is private" data-url="apollographql/apollo-client#10258" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10258/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10258">#10258</a></li> <li>Update the CHANGELOG by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/jerelmiller/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/jerelmiller">@ jerelmiller</a> in <a aria-label="Pull request #10260" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1433855997" data-permission-text="Title is private" data-url="apollographql/apollo-client#10260" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10260/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10260">#10260</a></li> <li>Revert cloneDeep-ing request headers by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/MrDoomBringer/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/MrDoomBringer">@ MrDoomBringer</a> in <a aria-label="Pull request #10215" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1416787337" data-permission-text="Title is private" data-url="apollographql/apollo-client#10215" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10215/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10215">#10215</a></li> <li>chore(tests): warn on ts-jest diagnostics error outside of CI test runs by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/alessbell/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/alessbell">@ alessbell</a> in <a aria-label="Pull request #10268" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1440751358" data-permission-text="Title is private" data-url="apollographql/apollo-client#10268" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10268/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10268">#10268</a></li> <li>updates roadmap nov 2022 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/jpvajda/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/jpvajda">@ jpvajda</a> in <a aria-label="Pull request #10269" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1440838554" data-permission-text="Title is private" data-url="apollographql/apollo-client#10269" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10269/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10269">#10269</a></li> <li>docs: displays the error correctly by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/ctesniere/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/ctesniere">@ ctesniere</a> in <a aria-label="Pull request #10275" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1444506371" data-permission-text="Title is private" data-url="apollographql/apollo-client#10275" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10275/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10275">#10275</a></li> <li>Update the CHANGELOG with changes from <a aria-label="Pull request #10275" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1444506371" data-permission-text="Title is private" data-url="apollographql/apollo-client#10275" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10275/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10275">#10275</a> by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/bignimbus/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/bignimbus">@ bignimbus</a> in <a aria-label="Pull request #10276" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1445656915" data-permission-text="Title is private" data-url="apollographql/apollo-client#10276" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10276/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10276">#10276</a></li> <li>Fix 'broken' links by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/StephenBarlow/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/StephenBarlow">@ StephenBarlow</a> in <a aria-label="Pull request #10288" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1450617736" data-permission-text="Title is private" data-url="apollographql/apollo-client#10288" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10288/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10288">#10288</a></li> <li>Additional documentation for managing local state by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/bignimbus/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/bignimbus">@ bignimbus</a> in <a aria-label="Pull request #10282" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1448345087" data-permission-text="Title is private" data-url="apollographql/apollo-client#10282" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10282/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10282">#10282</a></li> <li>chore(docs): remove graphql-anywhere from apollo-link-rest doc by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/alessbell/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/alessbell">@ alessbell</a> in <a aria-label="Pull request #10232" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1424523033" data-permission-text="Title is private" data-url="apollographql/apollo-client#10232" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10232/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10232">#10232</a></li> <li>doc(static-typing): rewrite with GraphQL Code Generator setup by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/charlypoly/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/charlypoly">@ charlypoly</a> in <a aria-label="Pull request #10173" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1404287170" data-permission-text="Title is private" data-url="apollographql/apollo-client#10173" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10173/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10173">#10173</a></li> <li>Further update the TypeGen article for style by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/rkoron007/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/rkoron007">@ rkoron007</a> in <a aria-label="Pull request #10294" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1454068707" data-permission-text="Title is private" data-url="apollographql/apollo-client#10294" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10294/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10294">#10294</a></li> <li>Pass TCache generic to MutationHookOptions by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/igrlk/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/igrlk">@ igrlk</a> in <a aria-label="Pull request #10223" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1419515761" data-permission-text="Title is private" data-url="apollographql/apollo-client#10223" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10223/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10223">#10223</a></li> <li>Add name property to ApolloError by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/aaronadamsCA/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/aaronadamsCA">@ aaronadamsCA</a> in <a aria-label="Pull request #9323" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1106740822" data-permission-text="Title is private" data-url="apollographql/apollo-client#9323" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/9323/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/9323">#9323</a></li> <li>Add array examples to reactive variable documentation by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/larrymyers/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/larrymyers">@ larrymyers</a> in <a aria-label="Pull request #10235" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1424932503" data-permission-text="Title is private" data-url="apollographql/apollo-client#10235" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10235/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10235">#10235</a></li> <li>Update CHANGELOG with changes from <a aria-label="Pull request #10235" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1424932503" data-permission-text="Title is private" data-url="apollographql/apollo-client#10235" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10235/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10235">#10235</a> by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/bignimbus/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/bignimbus">@ bignimbus</a> in <a aria-label="Pull request #10302" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1458514445" data-permission-text="Title is private" data-url="apollographql/apollo-client#10302" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10302/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10302">#10302</a></li> <li>docs: Update subscribeToMore example to use React hooks by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/trevorblades/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/trevorblades">@ trevorblades</a> in <a aria-label="Pull request #10309" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1460280026" data-permission-text="Title is private" data-url="apollographql/apollo-client#10309" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10309/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10309">#10309</a></li> <li>export separate <code>ModifierUtility</code> type by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/KeithGillette/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/KeithGillette">@ KeithGillette</a> in <a aria-label="Pull request #7133" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="716972371" data-permission-text="Title is private" data-url="apollographql/apollo-client#7133" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/7133/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/7133">#7133</a></li> <li>Changelog and docs for preserveHeaderCase by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/MrDoomBringer/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/MrDoomBringer">@ MrDoomBringer</a> in <a aria-label="Pull request #10111" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1378274068" data-permission-text="Title is private" data-url="apollographql/apollo-client#10111" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10111/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10111">#10111</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/chris110408/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/chris110408">@ chris110408</a> made their first contribution in <a aria-label="Pull request #10258" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1433824820" data-permission-text="Title is private" data-url="apollographql/apollo-client#10258" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10258/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10258">#10258</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/ctesniere/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/ctesniere">@ ctesniere</a> made their first contribution in <a aria-label="Pull request #10275" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1444506371" data-permission-text="Title is private" data-url="apollographql/apollo-client#10275" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10275/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10275">#10275</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/charlypoly/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/charlypoly">@ charlypoly</a> made their first contribution in <a aria-label="Pull request #10173" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1404287170" data-permission-text="Title is private" data-url="apollographql/apollo-client#10173" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10173/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10173">#10173</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/igrlk/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/igrlk">@ igrlk</a> made their first contribution in <a aria-label="Pull request #10223" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1419515761" data-permission-text="Title is private" data-url="apollographql/apollo-client#10223" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10223/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10223">#10223</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/aaronadamsCA/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/aaronadamsCA">@ aaronadamsCA</a> made their first contribution in <a aria-label="Pull request #9323" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1106740822" data-permission-text="Title is private" data-url="apollographql/apollo-client#9323" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/9323/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/9323">#9323</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/larrymyers/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/larrymyers">@ larrymyers</a> made their first contribution in <a aria-label="Pull request #10235" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1424932503" data-permission-text="Title is private" data-url="apollographql/apollo-client#10235" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10235/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10235">#10235</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/KeithGillette/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/KeithGillette">@ KeithGillette</a> made their first contribution in <a aria-label="Pull request #7133" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="716972371" data-permission-text="Title is private" data-url="apollographql/apollo-client#7133" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/7133/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/7133">#7133</a></li> </ul> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://snyk.io/redirect/github/apollographql/apollo-client/compare/v3.7.1...v3.7.2"><tt>v3.7.1...v3.7.2</tt></a></p> </li> <li> <b>3.7.1</b> - <a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.7.1">2022-10-20</a></br><a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.7.1"> Read more </a> </li> <li> <b>3.7.0</b> - <a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.7.0">2022-09-30</a></br><a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.7.0"> Read more </a> </li> <li> <b>3.7.0-rc.0</b> - 2022-09-21 </li> <li> <b>3.7.0-beta.8</b> - 2022-09-21 </li> <li> <b>3.7.0-beta.7</b> - 2022-09-08 </li> <li> <b>3.7.0-beta.6</b> - 2022-06-27 </li> <li> <b>3.7.0-beta.5</b> - 2022-06-10 </li> <li> <b>3.7.0-beta.4</b> - 2022-06-10 </li> <li> <b>3.7.0-beta.3</b> - 2022-06-07 </li> <li> <b>3.7.0-beta.2</b> - 2022-06-07 </li> <li> <b>3.7.0-beta.1</b> - 2022-05-26 </li> <li> <b>3.7.0-beta.0</b> - 2022-05-25 </li> <li> <b>3.7.0-alpha.6</b> - 2022-05-19 </li> <li> <b>3.7.0-alpha.5</b> - 2022-05-16 </li> <li> <b>3.7.0-alpha.4</b> - 2022-05-13 </li> <li> <b>3.7.0-alpha.3</b> - 2022-05-09 </li> <li> <b>3.7.0-alpha.2</b> - 2022-05-03 </li> <li> <b>3.7.0-alpha.1</b> - 2022-05-03 </li> <li> <b>3.7.0-alpha.0</b> - 2022-04-27 </li> <li> <b>3.6.10</b> - <a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.6.10">2022-09-29</a></br><a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.6.10"> Read more </a> </li> <li> <b>3.6.9</b> - <a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.6.9">2022-06-21</a></br><a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.6.9"> Read more </a> </li> <li> <b>3.6.8</b> - 2022-06-10 </li> <li> <b>3.6.7</b> - 2022-06-10 </li> <li> <b>3.6.6</b> - 2022-05-26 </li> <li> <b>3.6.5</b> - 2022-05-23 </li> <li> <b>3.6.4</b> - 2022-05-16 </li> <li> <b>3.6.3</b> - 2022-05-05 </li> <li> <b>3.6.2</b> - 2022-05-03 </li> <li> <b>3.6.1</b> - 2022-04-28 </li> <li> <b>3.6.0</b> - 2022-04-26 </li> <li> <b>3.6.0-rc.1</b> - 2022-04-19 </li> <li> <b>3.6.0-rc.0</b> - 2022-04-18 </li> <li> <b>3.6.0-beta.13</b> - 2022-04-14 </li> <li> <b>3.6.0-beta.12</b> - 2022-04-11 </li> <li> <b>3.6.0-beta.11</b> - 2022-04-05 </li> <li> <b>3.6.0-beta.10</b> - 2022-03-29 </li> <li> <b>3.6.0-beta.9</b> - 2022-03-10 </li> <li> <b>3.6.0-beta.8</b> - 2022-03-10 </li> <li> <b>3.6.0-beta.7</b> - 2022-03-10 </li> <li> <b>3.6.0-beta.6</b> - 2022-02-15 </li> <li> <b>3.6.0-beta.5</b> - 2022-02-04 </li> <li> <b>3.6.0-beta.4</b> - 2022-02-03 </li> <li> <b>3.6.0-beta.3</b> - 2021-11-23 </li> <li> <b>3.6.0-beta.2</b> - 2021-11-22 </li> <li> <b>3.6.0-beta.1</b> - 2021-11-16 </li> <li> <b>3.6.0-beta.0</b> - 2021-11-16 </li> <li> <b>3.5.10</b> - 2022-02-24 </li> </ul> from <a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases">@apollo/client GitHub release notes</a> </details> </details> <details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>@apollo/client</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/2f79f03f1239b0496ddda938bf74a1b0ef97966e">2f79f03</a> Version Packages (#10341)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/b823f6c679f28fae1f5c1fb3f9e7545a2cb5c987">b823f6c</a> Fix Changesets release workflow from default branch (#10370)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/46b58e9762abbffaee5c9abda8e309bea6d7a785">46b58e9</a> Fixes support for defer in mutations (#10368)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/52d5af26129bcec6bd51b45511b8349695219c47">52d5af2</a> docs/updating-subscription-library-anchor-link (#10320)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/1398e42854590c685a63862534990e26d5013d16">1398e42</a> chore(deps): update actions/setup-node action to v3 (#10352)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/6739721ea04a66d94be6ca2ae956e95997925201">6739721</a> chore(deps): update mad9000/actions-find-and-replace-string action to v3 (#10354)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/b3e4574942afffd03cc8a383b9834bbb723720bf">b3e4574</a> Update static-typing.md (#10358)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/f4f00b6d01b33f08dad9992609e30ddf4011e701">f4f00b6</a> chore(deps): update dependency mocha to v10.2.0</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/0daf29fc02dba3e4ba53f36a8b412abcdbe79329">0daf29f</a> chore(deps): update dependency @ types/node to v18.11.13</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/ac7696ee7478cab6566c93430400a1ea19b2c7ad">ac7696e</a> chore(deps): update dependency recast to v0.22.0</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/543d687fe7b38726576821d7e671945549f6e49b">543d687</a> chore(deps): update dependency @ types/node to v18.11.12</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/14857a5b076a1a385a807620d4a3934fff51c0ea">14857a5</a> chore(deps): update dependency @ types/jest to v29.2.4</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/7819c51ff6a0837e94cc0be6739a70fadf36eada">7819c51</a> chore(deps): update dependency @ graphql-tools/schema to v9.0.12</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/c02a17b30f96fe33649c1fad716cd9482d353868">c02a17b</a> chore(changesets): run changeset-version in prerelease workflow</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/6cf377f29b906e1eabfd2993107a0041db78ca4b">6cf377f</a> Changesets updates (#10342)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/7d923939dd7e6db7d69f04f598c666104b076e78">7d92393</a> Better handle cached data with deferred queries (#10334)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/f982a8d3b0571cf841c7068bd374c8ee44d21492">f982a8d</a> Introduce Changesets (#10337)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/7bff5ac3d9d4f441ff1cc70b6fd6ae60b1b7cfb2">7bff5ac</a> Roadmap updates (#10336)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/21c7d26220ce82a9856cd203bf1aa5ff1327b192">21c7d26</a> Exclude "cursor" argument to prevent separate cache instance (#10144)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/9f8fae1055880c8ec173e631e6009e5308376f34">9f8fae1</a> chore(deps): update dependency jest-junit to v15 (#10301)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/a55770437f110ae85cd1d8d1fb47a8e6de022c09">a557704</a> chore(deps): update dependency @ types/node to v18 (#9840)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/ce866132e2be18a989f8e0a78648e5a6d5abc25e">ce86613</a> Bump @ apollo/client npm version to 3.7.2.</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/365fcea4ad1a9c3682f91fc315c80e828edf3c41">365fcea</a> chore: update CHANGELOG in preparation for 3.7.2 (#10335)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/39d83c9dae30f32a0b2634a50763a87d369ff7df">39d83c9</a> chore(deps): update dependency @ types/react to v18.0.26</li> </ul> <a href="https://snyk.io/redirect/github/apollographql/apollo-client/compare/6ca525a6e2e520ea67cfbfd8df0ac48988b4abe4...2f79f03f1239b0496ddda938bf74a1b0ef97966e">Compare</a> </details> </details> <hr/> **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIxNWZmNzVhNC03MTRhLTQ4ZTQtOGZlYS1kNTE2ZmVkMzBhNjkiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjE1ZmY3NWE0LTcxNGEtNDhlNC04ZmVhLWQ1MTZmZWQzMGE2OSJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/sandbox-2ba/project/9043c51f-3f0d-45c6-8455-b658274f2872?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/sandbox-2ba/project/9043c51f-3f0d-45c6-8455-b658274f2872/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/sandbox-2ba/project/9043c51f-3f0d-45c6-8455-b658274f2872/settings/integration?pkg=@apollo/client&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades) <!--- (snyk:metadata:{"prId":"15ff75a4-714a-48e4-8fea-d516fed30a69","prPublicId":"15ff75a4-714a-48e4-8fea-d516fed30a69","dependencies":[{"name":"@apollo/client","from":"3.5.10","to":"3.7.3"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/sandbox-2ba/project/9043c51f-3f0d-45c6-8455-b658274f2872?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"9043c51f-3f0d-45c6-8455-b658274f2872","env":"prod","prType":"upgrade","vulns":["SNYK-JS-LOADERUTILS-3043105","SNYK-JS-LOADERUTILS-3043105","SNYK-JS-EJS-2803307","SNYK-JS-DECODEURICOMPONENT-3149970","SNYK-JS-ASYNC-2441827","SNYK-JS-TERSER-2806366","SNYK-JS-NWSAPI-2841516","SNYK-JS-LOADERUTILS-3105943","SNYK-JS-LOADERUTILS-3042992","SNYK-JS-LOADERUTILS-3105943","SNYK-JS-LOADERUTILS-3042992","SNYK-JS-JSON5-3182856","SNYK-JS-JSON5-3182856"],"issuesToFix":[{"issueId":"SNYK-JS-LOADERUTILS-3043105","severity":"high","title":"Prototype Pollution","exploitMaturity":"no-known-exploit","priorityScore":375,"priorityScoreFactors":[{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-LOADERUTILS-3043105","severity":"high","title":"Prototype Pollution","exploitMaturity":"no-known-exploit","priorityScore":375,"priorityScoreFactors":[{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-EJS-2803307","severity":"high","title":"Remote Code Execution (RCE)","exploitMaturity":"proof-of-concept","priorityScore":512,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405}]},{"issueId":"SNYK-JS-DECODEURICOMPONENT-3149970","severity":"high","title":"Denial of Service (DoS)","exploitMaturity":"proof-of-concept","priorityScore":482,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-ASYNC-2441827","severity":"high","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":482,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-TERSER-2806366","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":265,"priorityScoreFactors":[{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-NWSAPI-2841516","severity":"medium","title":"Denial of Service (DoS)","exploitMaturity":"no-known-exploit","priorityScore":310,"priorityScoreFactors":[{"type":"cvssScore","label":"6.2","score":310}]},{"issueId":"SNYK-JS-LOADERUTILS-3105943","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":265,"priorityScoreFactors":[{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-LOADERUTILS-3042992","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":265,"priorityScoreFactors":[{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-LOADERUTILS-3105943","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":265,"priorityScoreFactors":[{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-LOADERUTILS-3042992","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":265,"priorityScoreFactors":[{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-JSON5-3182856","severity":"medium","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":427,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6.4","score":320}]},{"issueId":"SNYK-JS-JSON5-3182856","severity":"medium","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":427,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6.4","score":320}]}],"upgrade":["SNYK-JS-LOADERUTILS-3043105","SNYK-JS-LOADERUTILS-3043105","SNYK-JS-EJS-2803307","SNYK-JS-DECODEURICOMPONENT-3149970","SNYK-JS-ASYNC-2441827","SNYK-JS-TERSER-2806366","SNYK-JS-NWSAPI-2841516","SNYK-JS-LOADERUTILS-3105943","SNYK-JS-LOADERUTILS-3042992","SNYK-JS-LOADERUTILS-3105943","SNYK-JS-LOADERUTILS-3042992","SNYK-JS-JSON5-3182856","SNYK-JS-JSON5-3182856"],"upgradeInfo":{"versionsDiff":48,"publishedDate":"2022-12-15T18:42:41.897Z"},"templateVariants":["priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[375,375,512,482,482,265,310,265,265,265,265,427,427]}) ---> Co-authored-by: snyk-bot <snyk-bot@snyk.io>
mongodben
pushed a commit
to mongodben/docs-realm
that referenced
this pull request
Feb 14, 2023
<h3>Snyk has created this PR to upgrade @apollo/client from 3.5.10 to 3.7.3.</h3> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/> - The recommended version is **48 versions** ahead of your current version. - The recommended version was released **2 months ago**, on 2022-12-15. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Prototype Pollution<br/> [SNYK-JS-LOADERUTILS-3043105](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Prototype Pollution<br/> [SNYK-JS-LOADERUTILS-3043105](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Remote Code Execution (RCE)<br/> [SNYK-JS-EJS-2803307](https://snyk.io/vuln/SNYK-JS-EJS-2803307) | **375/1000** <br/> **Why?** CVSS 7.5 | Proof of Concept <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Denial of Service (DoS)<br/> [SNYK-JS-DECODEURICOMPONENT-3149970](https://snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970) | **375/1000** <br/> **Why?** CVSS 7.5 | Proof of Concept <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Prototype Pollution<br/> [SNYK-JS-ASYNC-2441827](https://snyk.io/vuln/SNYK-JS-ASYNC-2441827) | **375/1000** <br/> **Why?** CVSS 7.5 | Proof of Concept <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-TERSER-2806366](https://snyk.io/vuln/SNYK-JS-TERSER-2806366) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Denial of Service (DoS)<br/> [SNYK-JS-NWSAPI-2841516](https://snyk.io/vuln/SNYK-JS-NWSAPI-2841516) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-LOADERUTILS-3105943](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-LOADERUTILS-3042992](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-LOADERUTILS-3105943](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-LOADERUTILS-3042992](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Prototype Pollution<br/> [SNYK-JS-JSON5-3182856](https://snyk.io/vuln/SNYK-JS-JSON5-3182856) | **375/1000** <br/> **Why?** CVSS 7.5 | Proof of Concept <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Prototype Pollution<br/> [SNYK-JS-JSON5-3182856](https://snyk.io/vuln/SNYK-JS-JSON5-3182856) | **375/1000** <br/> **Why?** CVSS 7.5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised. <details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>@apollo/client</b></summary> <ul> <li> <b>3.7.3</b> - <a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.7.3">2022-12-15</a></br><h3>Patch Changes</h3> <ul> <li> <p><a href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10334" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10334/hovercard">#10334</a> <a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/7d923939dd7e6db7d69f04f598c666104b076e78"><code>7d923939d</code></a> Thanks <a href="https://snyk.io/redirect/github/jerelmiller">@ jerelmiller</a>! - Better handle deferred queries that have cached or partial cached data for them</p> </li> <li> <p><a href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10368" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10368/hovercard">#10368</a> <a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/46b58e9762abbffaee5c9abda8e309bea6d7a785"><code>46b58e976</code></a> Thanks <a href="https://snyk.io/redirect/github/alessbell">@ alessbell</a>! - Fix: unblocks support for defer in mutations</p> <p>If the <code>@ defer</code> directive is present in the document passed to <code>mutate</code>, the Promise will resolve with the final merged data after the last multipart chunk has arrived in the response.</p> </li> </ul> </li> <li> <b>3.7.2</b> - <a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.7.2">2022-12-06</a></br><h2>Improvements (from <a href="https://snyk.io/redirect/github/apollographql/apollo-client/blob/main/CHANGELOG.md"><code>CHANGELOG.md</code></a>)</h2> <ul> <li> <p>Only show dev tools suggestion in the console when <code>connectToDevTools</code> is <code>true</code>.<br> <a href="https://snyk.io/redirect/github/chris110408">@ chris110408</a> in <a href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10258" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10258/hovercard">#10258</a></p> </li> <li> <p>Pass <code>TCache</code> generic to <code>MutationHookOptions</code> for better type support in <code>useMutation</code>.<br> <a href="https://snyk.io/redirect/github/igrlk">@ igrlk</a> in <a href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10223" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10223/hovercard">#10223</a></p> </li> <li> <p>Add <code>name</code> property to <code>ApolloError</code> to ensure better type safety and help error reporting tools better identify the error.<br> <a href="https://snyk.io/redirect/github/aaronadamsCA">@ aaronadamsCA</a> in <a href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/9323" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/9323/hovercard">#9323</a></p> </li> <li> <p>Export a <code>ModifierDetails</code> type for the <code>details</code> parameter of a <code>Modifier</code> function.<br> <a href="https://snyk.io/redirect/github/KeithGillette">@ KeithGillette</a> in <a href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/7133" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/7133/hovercard">#7133</a></p> </li> <li> <p>Revert use of <code>cloneDeep</code> to clone options when fetching queries.<br> <a href="https://snyk.io/redirect/github/MrDoomBringer">@ MrDoomBringer</a> in <a href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10215" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10215/hovercard">#10215</a></p> </li> </ul> <h2>What's Changed (auto-generated by GitHub)</h2> <ul> <li>Add connect to dev tools check by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/chris110408/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/chris110408">@ chris110408</a> in <a aria-label="Pull request #10258" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1433824820" data-permission-text="Title is private" data-url="apollographql/apollo-client#10258" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10258/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10258">#10258</a></li> <li>Update the CHANGELOG by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/jerelmiller/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/jerelmiller">@ jerelmiller</a> in <a aria-label="Pull request #10260" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1433855997" data-permission-text="Title is private" data-url="apollographql/apollo-client#10260" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10260/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10260">#10260</a></li> <li>Revert cloneDeep-ing request headers by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/MrDoomBringer/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/MrDoomBringer">@ MrDoomBringer</a> in <a aria-label="Pull request #10215" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1416787337" data-permission-text="Title is private" data-url="apollographql/apollo-client#10215" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10215/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10215">#10215</a></li> <li>chore(tests): warn on ts-jest diagnostics error outside of CI test runs by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/alessbell/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/alessbell">@ alessbell</a> in <a aria-label="Pull request #10268" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1440751358" data-permission-text="Title is private" data-url="apollographql/apollo-client#10268" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10268/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10268">#10268</a></li> <li>updates roadmap nov 2022 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/jpvajda/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/jpvajda">@ jpvajda</a> in <a aria-label="Pull request #10269" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1440838554" data-permission-text="Title is private" data-url="apollographql/apollo-client#10269" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10269/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10269">#10269</a></li> <li>docs: displays the error correctly by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/ctesniere/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/ctesniere">@ ctesniere</a> in <a aria-label="Pull request #10275" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1444506371" data-permission-text="Title is private" data-url="apollographql/apollo-client#10275" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10275/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10275">#10275</a></li> <li>Update the CHANGELOG with changes from <a aria-label="Pull request #10275" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1444506371" data-permission-text="Title is private" data-url="apollographql/apollo-client#10275" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10275/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10275">#10275</a> by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/bignimbus/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/bignimbus">@ bignimbus</a> in <a aria-label="Pull request #10276" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1445656915" data-permission-text="Title is private" data-url="apollographql/apollo-client#10276" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10276/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10276">#10276</a></li> <li>Fix 'broken' links by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/StephenBarlow/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/StephenBarlow">@ StephenBarlow</a> in <a aria-label="Pull request #10288" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1450617736" data-permission-text="Title is private" data-url="apollographql/apollo-client#10288" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10288/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10288">#10288</a></li> <li>Additional documentation for managing local state by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/bignimbus/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/bignimbus">@ bignimbus</a> in <a aria-label="Pull request #10282" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1448345087" data-permission-text="Title is private" data-url="apollographql/apollo-client#10282" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10282/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10282">#10282</a></li> <li>chore(docs): remove graphql-anywhere from apollo-link-rest doc by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/alessbell/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/alessbell">@ alessbell</a> in <a aria-label="Pull request #10232" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1424523033" data-permission-text="Title is private" data-url="apollographql/apollo-client#10232" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10232/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10232">#10232</a></li> <li>doc(static-typing): rewrite with GraphQL Code Generator setup by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/charlypoly/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/charlypoly">@ charlypoly</a> in <a aria-label="Pull request #10173" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1404287170" data-permission-text="Title is private" data-url="apollographql/apollo-client#10173" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10173/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10173">#10173</a></li> <li>Further update the TypeGen article for style by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/rkoron007/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/rkoron007">@ rkoron007</a> in <a aria-label="Pull request #10294" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1454068707" data-permission-text="Title is private" data-url="apollographql/apollo-client#10294" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10294/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10294">#10294</a></li> <li>Pass TCache generic to MutationHookOptions by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/igrlk/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/igrlk">@ igrlk</a> in <a aria-label="Pull request #10223" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1419515761" data-permission-text="Title is private" data-url="apollographql/apollo-client#10223" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10223/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10223">#10223</a></li> <li>Add name property to ApolloError by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/aaronadamsCA/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/aaronadamsCA">@ aaronadamsCA</a> in <a aria-label="Pull request #9323" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1106740822" data-permission-text="Title is private" data-url="apollographql/apollo-client#9323" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/9323/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/9323">#9323</a></li> <li>Add array examples to reactive variable documentation by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/larrymyers/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/larrymyers">@ larrymyers</a> in <a aria-label="Pull request #10235" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1424932503" data-permission-text="Title is private" data-url="apollographql/apollo-client#10235" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10235/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10235">#10235</a></li> <li>Update CHANGELOG with changes from <a aria-label="Pull request #10235" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1424932503" data-permission-text="Title is private" data-url="apollographql/apollo-client#10235" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10235/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10235">#10235</a> by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/bignimbus/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/bignimbus">@ bignimbus</a> in <a aria-label="Pull request #10302" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1458514445" data-permission-text="Title is private" data-url="apollographql/apollo-client#10302" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10302/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10302">#10302</a></li> <li>docs: Update subscribeToMore example to use React hooks by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/trevorblades/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/trevorblades">@ trevorblades</a> in <a aria-label="Pull request #10309" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1460280026" data-permission-text="Title is private" data-url="apollographql/apollo-client#10309" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10309/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10309">#10309</a></li> <li>export separate <code>ModifierUtility</code> type by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/KeithGillette/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/KeithGillette">@ KeithGillette</a> in <a aria-label="Pull request #7133" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="716972371" data-permission-text="Title is private" data-url="apollographql/apollo-client#7133" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/7133/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/7133">#7133</a></li> <li>Changelog and docs for preserveHeaderCase by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/MrDoomBringer/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/MrDoomBringer">@ MrDoomBringer</a> in <a aria-label="Pull request #10111" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1378274068" data-permission-text="Title is private" data-url="apollographql/apollo-client#10111" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10111/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10111">#10111</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/chris110408/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/chris110408">@ chris110408</a> made their first contribution in <a aria-label="Pull request #10258" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1433824820" data-permission-text="Title is private" data-url="apollographql/apollo-client#10258" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10258/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10258">#10258</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/ctesniere/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/ctesniere">@ ctesniere</a> made their first contribution in <a aria-label="Pull request #10275" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1444506371" data-permission-text="Title is private" data-url="apollographql/apollo-client#10275" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10275/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10275">#10275</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/charlypoly/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/charlypoly">@ charlypoly</a> made their first contribution in <a aria-label="Pull request #10173" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1404287170" data-permission-text="Title is private" data-url="apollographql/apollo-client#10173" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10173/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10173">#10173</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/igrlk/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/igrlk">@ igrlk</a> made their first contribution in <a aria-label="Pull request #10223" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1419515761" data-permission-text="Title is private" data-url="apollographql/apollo-client#10223" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10223/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10223">#10223</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/aaronadamsCA/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/aaronadamsCA">@ aaronadamsCA</a> made their first contribution in <a aria-label="Pull request #9323" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1106740822" data-permission-text="Title is private" data-url="apollographql/apollo-client#9323" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/9323/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/9323">#9323</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/larrymyers/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/larrymyers">@ larrymyers</a> made their first contribution in <a aria-label="Pull request #10235" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1424932503" data-permission-text="Title is private" data-url="apollographql/apollo-client#10235" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10235/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10235">#10235</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/KeithGillette/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/KeithGillette">@ KeithGillette</a> made their first contribution in <a aria-label="Pull request #7133" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="716972371" data-permission-text="Title is private" data-url="apollographql/apollo-client#7133" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/7133/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/7133">#7133</a></li> </ul> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://snyk.io/redirect/github/apollographql/apollo-client/compare/v3.7.1...v3.7.2"><tt>v3.7.1...v3.7.2</tt></a></p> </li> <li> <b>3.7.1</b> - <a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.7.1">2022-10-20</a></br><a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.7.1"> Read more </a> </li> <li> <b>3.7.0</b> - <a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.7.0">2022-09-30</a></br><a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.7.0"> Read more </a> </li> <li> <b>3.7.0-rc.0</b> - 2022-09-21 </li> <li> <b>3.7.0-beta.8</b> - 2022-09-21 </li> <li> <b>3.7.0-beta.7</b> - 2022-09-08 </li> <li> <b>3.7.0-beta.6</b> - 2022-06-27 </li> <li> <b>3.7.0-beta.5</b> - 2022-06-10 </li> <li> <b>3.7.0-beta.4</b> - 2022-06-10 </li> <li> <b>3.7.0-beta.3</b> - 2022-06-07 </li> <li> <b>3.7.0-beta.2</b> - 2022-06-07 </li> <li> <b>3.7.0-beta.1</b> - 2022-05-26 </li> <li> <b>3.7.0-beta.0</b> - 2022-05-25 </li> <li> <b>3.7.0-alpha.6</b> - 2022-05-19 </li> <li> <b>3.7.0-alpha.5</b> - 2022-05-16 </li> <li> <b>3.7.0-alpha.4</b> - 2022-05-13 </li> <li> <b>3.7.0-alpha.3</b> - 2022-05-09 </li> <li> <b>3.7.0-alpha.2</b> - 2022-05-03 </li> <li> <b>3.7.0-alpha.1</b> - 2022-05-03 </li> <li> <b>3.7.0-alpha.0</b> - 2022-04-27 </li> <li> <b>3.6.10</b> - <a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.6.10">2022-09-29</a></br><a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.6.10"> Read more </a> </li> <li> <b>3.6.9</b> - <a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.6.9">2022-06-21</a></br><a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.6.9"> Read more </a> </li> <li> <b>3.6.8</b> - 2022-06-10 </li> <li> <b>3.6.7</b> - 2022-06-10 </li> <li> <b>3.6.6</b> - 2022-05-26 </li> <li> <b>3.6.5</b> - 2022-05-23 </li> <li> <b>3.6.4</b> - 2022-05-16 </li> <li> <b>3.6.3</b> - 2022-05-05 </li> <li> <b>3.6.2</b> - 2022-05-03 </li> <li> <b>3.6.1</b> - 2022-04-28 </li> <li> <b>3.6.0</b> - 2022-04-26 </li> <li> <b>3.6.0-rc.1</b> - 2022-04-19 </li> <li> <b>3.6.0-rc.0</b> - 2022-04-18 </li> <li> <b>3.6.0-beta.13</b> - 2022-04-14 </li> <li> <b>3.6.0-beta.12</b> - 2022-04-11 </li> <li> <b>3.6.0-beta.11</b> - 2022-04-05 </li> <li> <b>3.6.0-beta.10</b> - 2022-03-29 </li> <li> <b>3.6.0-beta.9</b> - 2022-03-10 </li> <li> <b>3.6.0-beta.8</b> - 2022-03-10 </li> <li> <b>3.6.0-beta.7</b> - 2022-03-10 </li> <li> <b>3.6.0-beta.6</b> - 2022-02-15 </li> <li> <b>3.6.0-beta.5</b> - 2022-02-04 </li> <li> <b>3.6.0-beta.4</b> - 2022-02-03 </li> <li> <b>3.6.0-beta.3</b> - 2021-11-23 </li> <li> <b>3.6.0-beta.2</b> - 2021-11-22 </li> <li> <b>3.6.0-beta.1</b> - 2021-11-16 </li> <li> <b>3.6.0-beta.0</b> - 2021-11-16 </li> <li> <b>3.5.10</b> - 2022-02-24 </li> </ul> from <a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases">@apollo/client GitHub release notes</a> </details> </details> <details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>@apollo/client</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/2f79f03f1239b0496ddda938bf74a1b0ef97966e">2f79f03</a> Version Packages (#10341)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/b823f6c679f28fae1f5c1fb3f9e7545a2cb5c987">b823f6c</a> Fix Changesets release workflow from default branch (#10370)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/46b58e9762abbffaee5c9abda8e309bea6d7a785">46b58e9</a> Fixes support for defer in mutations (#10368)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/52d5af26129bcec6bd51b45511b8349695219c47">52d5af2</a> docs/updating-subscription-library-anchor-link (#10320)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/1398e42854590c685a63862534990e26d5013d16">1398e42</a> chore(deps): update actions/setup-node action to v3 (#10352)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/6739721ea04a66d94be6ca2ae956e95997925201">6739721</a> chore(deps): update mad9000/actions-find-and-replace-string action to v3 (#10354)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/b3e4574942afffd03cc8a383b9834bbb723720bf">b3e4574</a> Update static-typing.md (#10358)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/f4f00b6d01b33f08dad9992609e30ddf4011e701">f4f00b6</a> chore(deps): update dependency mocha to v10.2.0</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/0daf29fc02dba3e4ba53f36a8b412abcdbe79329">0daf29f</a> chore(deps): update dependency @ types/node to v18.11.13</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/ac7696ee7478cab6566c93430400a1ea19b2c7ad">ac7696e</a> chore(deps): update dependency recast to v0.22.0</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/543d687fe7b38726576821d7e671945549f6e49b">543d687</a> chore(deps): update dependency @ types/node to v18.11.12</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/14857a5b076a1a385a807620d4a3934fff51c0ea">14857a5</a> chore(deps): update dependency @ types/jest to v29.2.4</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/7819c51ff6a0837e94cc0be6739a70fadf36eada">7819c51</a> chore(deps): update dependency @ graphql-tools/schema to v9.0.12</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/c02a17b30f96fe33649c1fad716cd9482d353868">c02a17b</a> chore(changesets): run changeset-version in prerelease workflow</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/6cf377f29b906e1eabfd2993107a0041db78ca4b">6cf377f</a> Changesets updates (#10342)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/7d923939dd7e6db7d69f04f598c666104b076e78">7d92393</a> Better handle cached data with deferred queries (#10334)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/f982a8d3b0571cf841c7068bd374c8ee44d21492">f982a8d</a> Introduce Changesets (#10337)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/7bff5ac3d9d4f441ff1cc70b6fd6ae60b1b7cfb2">7bff5ac</a> Roadmap updates (#10336)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/21c7d26220ce82a9856cd203bf1aa5ff1327b192">21c7d26</a> Exclude "cursor" argument to prevent separate cache instance (#10144)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/9f8fae1055880c8ec173e631e6009e5308376f34">9f8fae1</a> chore(deps): update dependency jest-junit to v15 (#10301)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/a55770437f110ae85cd1d8d1fb47a8e6de022c09">a557704</a> chore(deps): update dependency @ types/node to v18 (#9840)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/ce866132e2be18a989f8e0a78648e5a6d5abc25e">ce86613</a> Bump @ apollo/client npm version to 3.7.2.</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/365fcea4ad1a9c3682f91fc315c80e828edf3c41">365fcea</a> chore: update CHANGELOG in preparation for 3.7.2 (#10335)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/39d83c9dae30f32a0b2634a50763a87d369ff7df">39d83c9</a> chore(deps): update dependency @ types/react to v18.0.26</li> </ul> <a href="https://snyk.io/redirect/github/apollographql/apollo-client/compare/6ca525a6e2e520ea67cfbfd8df0ac48988b4abe4...2f79f03f1239b0496ddda938bf74a1b0ef97966e">Compare</a> </details> </details> <hr/> **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIxNWZmNzVhNC03MTRhLTQ4ZTQtOGZlYS1kNTE2ZmVkMzBhNjkiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjE1ZmY3NWE0LTcxNGEtNDhlNC04ZmVhLWQ1MTZmZWQzMGE2OSJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/sandbox-2ba/project/9043c51f-3f0d-45c6-8455-b658274f2872?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/sandbox-2ba/project/9043c51f-3f0d-45c6-8455-b658274f2872/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/sandbox-2ba/project/9043c51f-3f0d-45c6-8455-b658274f2872/settings/integration?pkg=@apollo/client&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades) <!--- (snyk:metadata:{"prId":"15ff75a4-714a-48e4-8fea-d516fed30a69","prPublicId":"15ff75a4-714a-48e4-8fea-d516fed30a69","dependencies":[{"name":"@apollo/client","from":"3.5.10","to":"3.7.3"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/sandbox-2ba/project/9043c51f-3f0d-45c6-8455-b658274f2872?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"9043c51f-3f0d-45c6-8455-b658274f2872","env":"prod","prType":"upgrade","vulns":["SNYK-JS-LOADERUTILS-3043105","SNYK-JS-LOADERUTILS-3043105","SNYK-JS-EJS-2803307","SNYK-JS-DECODEURICOMPONENT-3149970","SNYK-JS-ASYNC-2441827","SNYK-JS-TERSER-2806366","SNYK-JS-NWSAPI-2841516","SNYK-JS-LOADERUTILS-3105943","SNYK-JS-LOADERUTILS-3042992","SNYK-JS-LOADERUTILS-3105943","SNYK-JS-LOADERUTILS-3042992","SNYK-JS-JSON5-3182856","SNYK-JS-JSON5-3182856"],"issuesToFix":[{"issueId":"SNYK-JS-LOADERUTILS-3043105","severity":"high","title":"Prototype Pollution","exploitMaturity":"no-known-exploit","priorityScore":375,"priorityScoreFactors":[{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-LOADERUTILS-3043105","severity":"high","title":"Prototype Pollution","exploitMaturity":"no-known-exploit","priorityScore":375,"priorityScoreFactors":[{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-EJS-2803307","severity":"high","title":"Remote Code Execution (RCE)","exploitMaturity":"proof-of-concept","priorityScore":512,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405}]},{"issueId":"SNYK-JS-DECODEURICOMPONENT-3149970","severity":"high","title":"Denial of Service (DoS)","exploitMaturity":"proof-of-concept","priorityScore":482,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-ASYNC-2441827","severity":"high","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":482,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-TERSER-2806366","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":265,"priorityScoreFactors":[{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-NWSAPI-2841516","severity":"medium","title":"Denial of Service (DoS)","exploitMaturity":"no-known-exploit","priorityScore":310,"priorityScoreFactors":[{"type":"cvssScore","label":"6.2","score":310}]},{"issueId":"SNYK-JS-LOADERUTILS-3105943","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":265,"priorityScoreFactors":[{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-LOADERUTILS-3042992","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":265,"priorityScoreFactors":[{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-LOADERUTILS-3105943","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":265,"priorityScoreFactors":[{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-LOADERUTILS-3042992","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":265,"priorityScoreFactors":[{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-JSON5-3182856","severity":"medium","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":427,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6.4","score":320}]},{"issueId":"SNYK-JS-JSON5-3182856","severity":"medium","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":427,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6.4","score":320}]}],"upgrade":["SNYK-JS-LOADERUTILS-3043105","SNYK-JS-LOADERUTILS-3043105","SNYK-JS-EJS-2803307","SNYK-JS-DECODEURICOMPONENT-3149970","SNYK-JS-ASYNC-2441827","SNYK-JS-TERSER-2806366","SNYK-JS-NWSAPI-2841516","SNYK-JS-LOADERUTILS-3105943","SNYK-JS-LOADERUTILS-3042992","SNYK-JS-LOADERUTILS-3105943","SNYK-JS-LOADERUTILS-3042992","SNYK-JS-JSON5-3182856","SNYK-JS-JSON5-3182856"],"upgradeInfo":{"versionsDiff":48,"publishedDate":"2022-12-15T18:42:41.897Z"},"templateVariants":["priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[375,375,512,482,482,265,310,265,265,265,265,427,427]}) ---> Co-authored-by: snyk-bot <snyk-bot@snyk.io>
mongodben
pushed a commit
to mongodben/docs-realm
that referenced
this pull request
Feb 14, 2023
<h3>Snyk has created this PR to upgrade @apollo/client from 3.5.10 to 3.7.3.</h3> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/> - The recommended version is **48 versions** ahead of your current version. - The recommended version was released **2 months ago**, on 2022-12-15. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Prototype Pollution<br/> [SNYK-JS-LOADERUTILS-3043105](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Prototype Pollution<br/> [SNYK-JS-LOADERUTILS-3043105](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3043105) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Remote Code Execution (RCE)<br/> [SNYK-JS-EJS-2803307](https://snyk.io/vuln/SNYK-JS-EJS-2803307) | **375/1000** <br/> **Why?** CVSS 7.5 | Proof of Concept <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Denial of Service (DoS)<br/> [SNYK-JS-DECODEURICOMPONENT-3149970](https://snyk.io/vuln/SNYK-JS-DECODEURICOMPONENT-3149970) | **375/1000** <br/> **Why?** CVSS 7.5 | Proof of Concept <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Prototype Pollution<br/> [SNYK-JS-ASYNC-2441827](https://snyk.io/vuln/SNYK-JS-ASYNC-2441827) | **375/1000** <br/> **Why?** CVSS 7.5 | Proof of Concept <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-TERSER-2806366](https://snyk.io/vuln/SNYK-JS-TERSER-2806366) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Denial of Service (DoS)<br/> [SNYK-JS-NWSAPI-2841516](https://snyk.io/vuln/SNYK-JS-NWSAPI-2841516) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-LOADERUTILS-3105943](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-LOADERUTILS-3042992](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-LOADERUTILS-3105943](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3105943) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Regular Expression Denial of Service (ReDoS)<br/> [SNYK-JS-LOADERUTILS-3042992](https://snyk.io/vuln/SNYK-JS-LOADERUTILS-3042992) | **375/1000** <br/> **Why?** CVSS 7.5 | No Known Exploit <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Prototype Pollution<br/> [SNYK-JS-JSON5-3182856](https://snyk.io/vuln/SNYK-JS-JSON5-3182856) | **375/1000** <br/> **Why?** CVSS 7.5 | Proof of Concept <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/m.png" width="20" height="20" title="medium severity"/> | Prototype Pollution<br/> [SNYK-JS-JSON5-3182856](https://snyk.io/vuln/SNYK-JS-JSON5-3182856) | **375/1000** <br/> **Why?** CVSS 7.5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised. <details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>@apollo/client</b></summary> <ul> <li> <b>3.7.3</b> - <a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.7.3">2022-12-15</a></br><h3>Patch Changes</h3> <ul> <li> <p><a href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10334" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10334/hovercard">#10334</a> <a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/7d923939dd7e6db7d69f04f598c666104b076e78"><code>7d923939d</code></a> Thanks <a href="https://snyk.io/redirect/github/jerelmiller">@ jerelmiller</a>! - Better handle deferred queries that have cached or partial cached data for them</p> </li> <li> <p><a href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10368" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10368/hovercard">#10368</a> <a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/46b58e9762abbffaee5c9abda8e309bea6d7a785"><code>46b58e976</code></a> Thanks <a href="https://snyk.io/redirect/github/alessbell">@ alessbell</a>! - Fix: unblocks support for defer in mutations</p> <p>If the <code>@ defer</code> directive is present in the document passed to <code>mutate</code>, the Promise will resolve with the final merged data after the last multipart chunk has arrived in the response.</p> </li> </ul> </li> <li> <b>3.7.2</b> - <a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.7.2">2022-12-06</a></br><h2>Improvements (from <a href="https://snyk.io/redirect/github/apollographql/apollo-client/blob/main/CHANGELOG.md"><code>CHANGELOG.md</code></a>)</h2> <ul> <li> <p>Only show dev tools suggestion in the console when <code>connectToDevTools</code> is <code>true</code>.<br> <a href="https://snyk.io/redirect/github/chris110408">@ chris110408</a> in <a href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10258" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10258/hovercard">#10258</a></p> </li> <li> <p>Pass <code>TCache</code> generic to <code>MutationHookOptions</code> for better type support in <code>useMutation</code>.<br> <a href="https://snyk.io/redirect/github/igrlk">@ igrlk</a> in <a href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10223" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10223/hovercard">#10223</a></p> </li> <li> <p>Add <code>name</code> property to <code>ApolloError</code> to ensure better type safety and help error reporting tools better identify the error.<br> <a href="https://snyk.io/redirect/github/aaronadamsCA">@ aaronadamsCA</a> in <a href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/9323" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/9323/hovercard">#9323</a></p> </li> <li> <p>Export a <code>ModifierDetails</code> type for the <code>details</code> parameter of a <code>Modifier</code> function.<br> <a href="https://snyk.io/redirect/github/KeithGillette">@ KeithGillette</a> in <a href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/7133" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/7133/hovercard">#7133</a></p> </li> <li> <p>Revert use of <code>cloneDeep</code> to clone options when fetching queries.<br> <a href="https://snyk.io/redirect/github/MrDoomBringer">@ MrDoomBringer</a> in <a href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10215" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10215/hovercard">#10215</a></p> </li> </ul> <h2>What's Changed (auto-generated by GitHub)</h2> <ul> <li>Add connect to dev tools check by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/chris110408/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/chris110408">@ chris110408</a> in <a aria-label="Pull request #10258" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1433824820" data-permission-text="Title is private" data-url="apollographql/apollo-client#10258" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10258/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10258">#10258</a></li> <li>Update the CHANGELOG by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/jerelmiller/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/jerelmiller">@ jerelmiller</a> in <a aria-label="Pull request #10260" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1433855997" data-permission-text="Title is private" data-url="apollographql/apollo-client#10260" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10260/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10260">#10260</a></li> <li>Revert cloneDeep-ing request headers by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/MrDoomBringer/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/MrDoomBringer">@ MrDoomBringer</a> in <a aria-label="Pull request #10215" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1416787337" data-permission-text="Title is private" data-url="apollographql/apollo-client#10215" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10215/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10215">#10215</a></li> <li>chore(tests): warn on ts-jest diagnostics error outside of CI test runs by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/alessbell/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/alessbell">@ alessbell</a> in <a aria-label="Pull request #10268" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1440751358" data-permission-text="Title is private" data-url="apollographql/apollo-client#10268" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10268/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10268">#10268</a></li> <li>updates roadmap nov 2022 by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/jpvajda/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/jpvajda">@ jpvajda</a> in <a aria-label="Pull request #10269" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1440838554" data-permission-text="Title is private" data-url="apollographql/apollo-client#10269" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10269/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10269">#10269</a></li> <li>docs: displays the error correctly by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/ctesniere/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/ctesniere">@ ctesniere</a> in <a aria-label="Pull request #10275" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1444506371" data-permission-text="Title is private" data-url="apollographql/apollo-client#10275" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10275/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10275">#10275</a></li> <li>Update the CHANGELOG with changes from <a aria-label="Pull request #10275" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1444506371" data-permission-text="Title is private" data-url="apollographql/apollo-client#10275" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10275/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10275">#10275</a> by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/bignimbus/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/bignimbus">@ bignimbus</a> in <a aria-label="Pull request #10276" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1445656915" data-permission-text="Title is private" data-url="apollographql/apollo-client#10276" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10276/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10276">#10276</a></li> <li>Fix 'broken' links by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/StephenBarlow/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/StephenBarlow">@ StephenBarlow</a> in <a aria-label="Pull request #10288" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1450617736" data-permission-text="Title is private" data-url="apollographql/apollo-client#10288" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10288/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10288">#10288</a></li> <li>Additional documentation for managing local state by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/bignimbus/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/bignimbus">@ bignimbus</a> in <a aria-label="Pull request #10282" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1448345087" data-permission-text="Title is private" data-url="apollographql/apollo-client#10282" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10282/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10282">#10282</a></li> <li>chore(docs): remove graphql-anywhere from apollo-link-rest doc by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/alessbell/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/alessbell">@ alessbell</a> in <a aria-label="Pull request #10232" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1424523033" data-permission-text="Title is private" data-url="apollographql/apollo-client#10232" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10232/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10232">#10232</a></li> <li>doc(static-typing): rewrite with GraphQL Code Generator setup by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/charlypoly/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/charlypoly">@ charlypoly</a> in <a aria-label="Pull request #10173" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1404287170" data-permission-text="Title is private" data-url="apollographql/apollo-client#10173" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10173/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10173">#10173</a></li> <li>Further update the TypeGen article for style by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/rkoron007/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/rkoron007">@ rkoron007</a> in <a aria-label="Pull request #10294" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1454068707" data-permission-text="Title is private" data-url="apollographql/apollo-client#10294" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10294/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10294">#10294</a></li> <li>Pass TCache generic to MutationHookOptions by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/igrlk/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/igrlk">@ igrlk</a> in <a aria-label="Pull request #10223" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1419515761" data-permission-text="Title is private" data-url="apollographql/apollo-client#10223" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10223/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10223">#10223</a></li> <li>Add name property to ApolloError by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/aaronadamsCA/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/aaronadamsCA">@ aaronadamsCA</a> in <a aria-label="Pull request #9323" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1106740822" data-permission-text="Title is private" data-url="apollographql/apollo-client#9323" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/9323/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/9323">#9323</a></li> <li>Add array examples to reactive variable documentation by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/larrymyers/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/larrymyers">@ larrymyers</a> in <a aria-label="Pull request #10235" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1424932503" data-permission-text="Title is private" data-url="apollographql/apollo-client#10235" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10235/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10235">#10235</a></li> <li>Update CHANGELOG with changes from <a aria-label="Pull request #10235" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1424932503" data-permission-text="Title is private" data-url="apollographql/apollo-client#10235" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10235/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10235">#10235</a> by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/bignimbus/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/bignimbus">@ bignimbus</a> in <a aria-label="Pull request #10302" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1458514445" data-permission-text="Title is private" data-url="apollographql/apollo-client#10302" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10302/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10302">#10302</a></li> <li>docs: Update subscribeToMore example to use React hooks by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/trevorblades/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/trevorblades">@ trevorblades</a> in <a aria-label="Pull request #10309" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1460280026" data-permission-text="Title is private" data-url="apollographql/apollo-client#10309" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10309/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10309">#10309</a></li> <li>export separate <code>ModifierUtility</code> type by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/KeithGillette/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/KeithGillette">@ KeithGillette</a> in <a aria-label="Pull request #7133" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="716972371" data-permission-text="Title is private" data-url="apollographql/apollo-client#7133" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/7133/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/7133">#7133</a></li> <li>Changelog and docs for preserveHeaderCase by <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/MrDoomBringer/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/MrDoomBringer">@ MrDoomBringer</a> in <a aria-label="Pull request #10111" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1378274068" data-permission-text="Title is private" data-url="apollographql/apollo-client#10111" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10111/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10111">#10111</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/chris110408/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/chris110408">@ chris110408</a> made their first contribution in <a aria-label="Pull request #10258" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1433824820" data-permission-text="Title is private" data-url="apollographql/apollo-client#10258" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10258/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10258">#10258</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/ctesniere/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/ctesniere">@ ctesniere</a> made their first contribution in <a aria-label="Pull request #10275" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1444506371" data-permission-text="Title is private" data-url="apollographql/apollo-client#10275" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10275/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10275">#10275</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/charlypoly/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/charlypoly">@ charlypoly</a> made their first contribution in <a aria-label="Pull request #10173" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1404287170" data-permission-text="Title is private" data-url="apollographql/apollo-client#10173" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10173/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10173">#10173</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/igrlk/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/igrlk">@ igrlk</a> made their first contribution in <a aria-label="Pull request #10223" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1419515761" data-permission-text="Title is private" data-url="apollographql/apollo-client#10223" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10223/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10223">#10223</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/aaronadamsCA/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/aaronadamsCA">@ aaronadamsCA</a> made their first contribution in <a aria-label="Pull request #9323" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1106740822" data-permission-text="Title is private" data-url="apollographql/apollo-client#9323" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/9323/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/9323">#9323</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/larrymyers/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/larrymyers">@ larrymyers</a> made their first contribution in <a aria-label="Pull request #10235" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1424932503" data-permission-text="Title is private" data-url="apollographql/apollo-client#10235" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/10235/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/10235">#10235</a></li> <li><a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/users/KeithGillette/hovercard" data-octo-click="hovercard-link-click" data-octo-dimensions="link_type:self" href="https://snyk.io/redirect/github/KeithGillette">@ KeithGillette</a> made their first contribution in <a aria-label="Pull request #7133" class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="716972371" data-permission-text="Title is private" data-url="apollographql/apollo-client#7133" data-hovercard-type="pull_request" data-hovercard-url="/apollographql/apollo-client/pull/7133/hovercard" href="https://snyk.io/redirect/github/apollographql/apollo-client/pull/7133">#7133</a></li> </ul> <p><strong>Full Changelog</strong>: <a class="commit-link" href="https://snyk.io/redirect/github/apollographql/apollo-client/compare/v3.7.1...v3.7.2"><tt>v3.7.1...v3.7.2</tt></a></p> </li> <li> <b>3.7.1</b> - <a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.7.1">2022-10-20</a></br><a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.7.1"> Read more </a> </li> <li> <b>3.7.0</b> - <a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.7.0">2022-09-30</a></br><a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.7.0"> Read more </a> </li> <li> <b>3.7.0-rc.0</b> - 2022-09-21 </li> <li> <b>3.7.0-beta.8</b> - 2022-09-21 </li> <li> <b>3.7.0-beta.7</b> - 2022-09-08 </li> <li> <b>3.7.0-beta.6</b> - 2022-06-27 </li> <li> <b>3.7.0-beta.5</b> - 2022-06-10 </li> <li> <b>3.7.0-beta.4</b> - 2022-06-10 </li> <li> <b>3.7.0-beta.3</b> - 2022-06-07 </li> <li> <b>3.7.0-beta.2</b> - 2022-06-07 </li> <li> <b>3.7.0-beta.1</b> - 2022-05-26 </li> <li> <b>3.7.0-beta.0</b> - 2022-05-25 </li> <li> <b>3.7.0-alpha.6</b> - 2022-05-19 </li> <li> <b>3.7.0-alpha.5</b> - 2022-05-16 </li> <li> <b>3.7.0-alpha.4</b> - 2022-05-13 </li> <li> <b>3.7.0-alpha.3</b> - 2022-05-09 </li> <li> <b>3.7.0-alpha.2</b> - 2022-05-03 </li> <li> <b>3.7.0-alpha.1</b> - 2022-05-03 </li> <li> <b>3.7.0-alpha.0</b> - 2022-04-27 </li> <li> <b>3.6.10</b> - <a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.6.10">2022-09-29</a></br><a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.6.10"> Read more </a> </li> <li> <b>3.6.9</b> - <a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.6.9">2022-06-21</a></br><a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases/tag/v3.6.9"> Read more </a> </li> <li> <b>3.6.8</b> - 2022-06-10 </li> <li> <b>3.6.7</b> - 2022-06-10 </li> <li> <b>3.6.6</b> - 2022-05-26 </li> <li> <b>3.6.5</b> - 2022-05-23 </li> <li> <b>3.6.4</b> - 2022-05-16 </li> <li> <b>3.6.3</b> - 2022-05-05 </li> <li> <b>3.6.2</b> - 2022-05-03 </li> <li> <b>3.6.1</b> - 2022-04-28 </li> <li> <b>3.6.0</b> - 2022-04-26 </li> <li> <b>3.6.0-rc.1</b> - 2022-04-19 </li> <li> <b>3.6.0-rc.0</b> - 2022-04-18 </li> <li> <b>3.6.0-beta.13</b> - 2022-04-14 </li> <li> <b>3.6.0-beta.12</b> - 2022-04-11 </li> <li> <b>3.6.0-beta.11</b> - 2022-04-05 </li> <li> <b>3.6.0-beta.10</b> - 2022-03-29 </li> <li> <b>3.6.0-beta.9</b> - 2022-03-10 </li> <li> <b>3.6.0-beta.8</b> - 2022-03-10 </li> <li> <b>3.6.0-beta.7</b> - 2022-03-10 </li> <li> <b>3.6.0-beta.6</b> - 2022-02-15 </li> <li> <b>3.6.0-beta.5</b> - 2022-02-04 </li> <li> <b>3.6.0-beta.4</b> - 2022-02-03 </li> <li> <b>3.6.0-beta.3</b> - 2021-11-23 </li> <li> <b>3.6.0-beta.2</b> - 2021-11-22 </li> <li> <b>3.6.0-beta.1</b> - 2021-11-16 </li> <li> <b>3.6.0-beta.0</b> - 2021-11-16 </li> <li> <b>3.5.10</b> - 2022-02-24 </li> </ul> from <a href="https://snyk.io/redirect/github/apollographql/apollo-client/releases">@apollo/client GitHub release notes</a> </details> </details> <details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>@apollo/client</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/2f79f03f1239b0496ddda938bf74a1b0ef97966e">2f79f03</a> Version Packages (#10341)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/b823f6c679f28fae1f5c1fb3f9e7545a2cb5c987">b823f6c</a> Fix Changesets release workflow from default branch (#10370)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/46b58e9762abbffaee5c9abda8e309bea6d7a785">46b58e9</a> Fixes support for defer in mutations (#10368)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/52d5af26129bcec6bd51b45511b8349695219c47">52d5af2</a> docs/updating-subscription-library-anchor-link (#10320)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/1398e42854590c685a63862534990e26d5013d16">1398e42</a> chore(deps): update actions/setup-node action to v3 (#10352)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/6739721ea04a66d94be6ca2ae956e95997925201">6739721</a> chore(deps): update mad9000/actions-find-and-replace-string action to v3 (#10354)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/b3e4574942afffd03cc8a383b9834bbb723720bf">b3e4574</a> Update static-typing.md (#10358)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/f4f00b6d01b33f08dad9992609e30ddf4011e701">f4f00b6</a> chore(deps): update dependency mocha to v10.2.0</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/0daf29fc02dba3e4ba53f36a8b412abcdbe79329">0daf29f</a> chore(deps): update dependency @ types/node to v18.11.13</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/ac7696ee7478cab6566c93430400a1ea19b2c7ad">ac7696e</a> chore(deps): update dependency recast to v0.22.0</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/543d687fe7b38726576821d7e671945549f6e49b">543d687</a> chore(deps): update dependency @ types/node to v18.11.12</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/14857a5b076a1a385a807620d4a3934fff51c0ea">14857a5</a> chore(deps): update dependency @ types/jest to v29.2.4</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/7819c51ff6a0837e94cc0be6739a70fadf36eada">7819c51</a> chore(deps): update dependency @ graphql-tools/schema to v9.0.12</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/c02a17b30f96fe33649c1fad716cd9482d353868">c02a17b</a> chore(changesets): run changeset-version in prerelease workflow</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/6cf377f29b906e1eabfd2993107a0041db78ca4b">6cf377f</a> Changesets updates (#10342)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/7d923939dd7e6db7d69f04f598c666104b076e78">7d92393</a> Better handle cached data with deferred queries (#10334)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/f982a8d3b0571cf841c7068bd374c8ee44d21492">f982a8d</a> Introduce Changesets (#10337)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/7bff5ac3d9d4f441ff1cc70b6fd6ae60b1b7cfb2">7bff5ac</a> Roadmap updates (#10336)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/21c7d26220ce82a9856cd203bf1aa5ff1327b192">21c7d26</a> Exclude "cursor" argument to prevent separate cache instance (#10144)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/9f8fae1055880c8ec173e631e6009e5308376f34">9f8fae1</a> chore(deps): update dependency jest-junit to v15 (#10301)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/a55770437f110ae85cd1d8d1fb47a8e6de022c09">a557704</a> chore(deps): update dependency @ types/node to v18 (#9840)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/ce866132e2be18a989f8e0a78648e5a6d5abc25e">ce86613</a> Bump @ apollo/client npm version to 3.7.2.</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/365fcea4ad1a9c3682f91fc315c80e828edf3c41">365fcea</a> chore: update CHANGELOG in preparation for 3.7.2 (#10335)</li> <li><a href="https://snyk.io/redirect/github/apollographql/apollo-client/commit/39d83c9dae30f32a0b2634a50763a87d369ff7df">39d83c9</a> chore(deps): update dependency @ types/react to v18.0.26</li> </ul> <a href="https://snyk.io/redirect/github/apollographql/apollo-client/compare/6ca525a6e2e520ea67cfbfd8df0ac48988b4abe4...2f79f03f1239b0496ddda938bf74a1b0ef97966e">Compare</a> </details> </details> <hr/> **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIxNWZmNzVhNC03MTRhLTQ4ZTQtOGZlYS1kNTE2ZmVkMzBhNjkiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjE1ZmY3NWE0LTcxNGEtNDhlNC04ZmVhLWQ1MTZmZWQzMGE2OSJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/sandbox-2ba/project/9043c51f-3f0d-45c6-8455-b658274f2872?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/sandbox-2ba/project/9043c51f-3f0d-45c6-8455-b658274f2872/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/sandbox-2ba/project/9043c51f-3f0d-45c6-8455-b658274f2872/settings/integration?pkg=@apollo/client&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades) <!--- (snyk:metadata:{"prId":"15ff75a4-714a-48e4-8fea-d516fed30a69","prPublicId":"15ff75a4-714a-48e4-8fea-d516fed30a69","dependencies":[{"name":"@apollo/client","from":"3.5.10","to":"3.7.3"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/sandbox-2ba/project/9043c51f-3f0d-45c6-8455-b658274f2872?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"9043c51f-3f0d-45c6-8455-b658274f2872","env":"prod","prType":"upgrade","vulns":["SNYK-JS-LOADERUTILS-3043105","SNYK-JS-LOADERUTILS-3043105","SNYK-JS-EJS-2803307","SNYK-JS-DECODEURICOMPONENT-3149970","SNYK-JS-ASYNC-2441827","SNYK-JS-TERSER-2806366","SNYK-JS-NWSAPI-2841516","SNYK-JS-LOADERUTILS-3105943","SNYK-JS-LOADERUTILS-3042992","SNYK-JS-LOADERUTILS-3105943","SNYK-JS-LOADERUTILS-3042992","SNYK-JS-JSON5-3182856","SNYK-JS-JSON5-3182856"],"issuesToFix":[{"issueId":"SNYK-JS-LOADERUTILS-3043105","severity":"high","title":"Prototype Pollution","exploitMaturity":"no-known-exploit","priorityScore":375,"priorityScoreFactors":[{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-LOADERUTILS-3043105","severity":"high","title":"Prototype Pollution","exploitMaturity":"no-known-exploit","priorityScore":375,"priorityScoreFactors":[{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-EJS-2803307","severity":"high","title":"Remote Code Execution (RCE)","exploitMaturity":"proof-of-concept","priorityScore":512,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"8.1","score":405}]},{"issueId":"SNYK-JS-DECODEURICOMPONENT-3149970","severity":"high","title":"Denial of Service (DoS)","exploitMaturity":"proof-of-concept","priorityScore":482,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-ASYNC-2441827","severity":"high","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":482,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"7.5","score":375}]},{"issueId":"SNYK-JS-TERSER-2806366","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":265,"priorityScoreFactors":[{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-NWSAPI-2841516","severity":"medium","title":"Denial of Service (DoS)","exploitMaturity":"no-known-exploit","priorityScore":310,"priorityScoreFactors":[{"type":"cvssScore","label":"6.2","score":310}]},{"issueId":"SNYK-JS-LOADERUTILS-3105943","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":265,"priorityScoreFactors":[{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-LOADERUTILS-3042992","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":265,"priorityScoreFactors":[{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-LOADERUTILS-3105943","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":265,"priorityScoreFactors":[{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-LOADERUTILS-3042992","severity":"medium","title":"Regular Expression Denial of Service (ReDoS)","exploitMaturity":"no-known-exploit","priorityScore":265,"priorityScoreFactors":[{"type":"cvssScore","label":"5.3","score":265}]},{"issueId":"SNYK-JS-JSON5-3182856","severity":"medium","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":427,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6.4","score":320}]},{"issueId":"SNYK-JS-JSON5-3182856","severity":"medium","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":427,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"cvssScore","label":"6.4","score":320}]}],"upgrade":["SNYK-JS-LOADERUTILS-3043105","SNYK-JS-LOADERUTILS-3043105","SNYK-JS-EJS-2803307","SNYK-JS-DECODEURICOMPONENT-3149970","SNYK-JS-ASYNC-2441827","SNYK-JS-TERSER-2806366","SNYK-JS-NWSAPI-2841516","SNYK-JS-LOADERUTILS-3105943","SNYK-JS-LOADERUTILS-3042992","SNYK-JS-LOADERUTILS-3105943","SNYK-JS-LOADERUTILS-3042992","SNYK-JS-JSON5-3182856","SNYK-JS-JSON5-3182856"],"upgradeInfo":{"versionsDiff":48,"publishedDate":"2022-12-15T18:42:41.897Z"},"templateVariants":["priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[375,375,512,482,482,265,310,265,265,265,265,427,427]}) ---> Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Fixes #10202
Fixes #10166
(Potentially) Fixes #10132
Release
3.7-alpha.4
implementedcloneDeep
(commit) to clone options (includingoptions.context.headers
!) when fetching queries, however it didn't support JS Symbols - meaning the serverRequest (an IncomingMessage) field ofoptions.context
wasn't getting cloned properly. This caused some trouble with dynamic headers, as seen in the above issues.This PR reverts that commit as it's looking like the current state (frequent issues with dynamic headers) is worse than what we had before. Will be finding another way to preserve options in the meantime.
Checklist:
Make sure all of the significant new logic is covered by tests