Skip to content

Latest commit

History

History
357 lines (199 loc) 路 24.4 KB

CHANGELOG.md

File metadata and controls

357 lines (199 loc) 路 24.4 KB
Raw

@apollo/server-integration-testsuite

4.10.4

Patch Changes

  • Updated dependencies [18a3827]:
    • @apollo/server@4.10.4

4.10.3

Patch Changes

  • Updated dependencies [5f335a5]:
    • @apollo/server@4.10.3

4.10.2

Patch Changes

  • Updated dependencies [c7e514c]:
    • @apollo/server@4.10.2

4.10.1

Patch Changes

  • Updated dependencies [72f568e]:
    • @apollo/server@4.10.1

4.10.0

Minor Changes

  • #7786 869ec98 Thanks @ganemone! - Restore missing v1 skipValidation option as dangerouslyDisableValidation. Note that enabling this option exposes your server to potential security and unexpected runtime issues. Apollo will not support issues that arise as a result of using this option.

Patch Changes

4.9.5

Patch Changes

4.9.4

Patch Changes

  • Updated dependencies [ddce036e1]:
    • @apollo/server@4.9.4

4.9.3

Patch Changes

  • Updated dependencies [a1c725eaf]:
    • @apollo/server@4.9.3

4.9.2

Patch Changes

  • Updated dependencies [62e7d940d]:
    • @apollo/server@4.9.2

4.9.1

Patch Changes

  • Updated dependencies [ebfde0007]:
    • @apollo/server@4.9.1

4.9.0

Patch Changes

4.8.1

Patch Changes

4.8.0

Patch Changes

4.7.5

Patch Changes

  • Updated dependencies [4fadf3ddc]:
    • @apollo/cache-control-types@1.0.3
    • @apollo/server@4.7.5
    • @apollo/usage-reporting-protobuf@4.1.1

4.7.4

Patch Changes

  • #7604 aeb511c7d Thanks @renovate! - Update graphql-http dependency

  • 0adaf80d1 Thanks @trevor-scheer! - Address Content Security Policy issues

    The previous implementation of CSP nonces within the landing pages did not take full advantage of the security benefit of using them. Nonces should only be used once per request, whereas Apollo Server was generating one nonce and reusing it for the lifetime of the instance. The reuse of nonces degrades the security benefit of using them but does not pose a security risk on its own. The CSP provides a defense-in-depth measure against a potential XSS, so in the absence of a known XSS vulnerability there is likely no risk to the user.

    The mentioned fix also coincidentally addresses an issue with using crypto functions on startup within Cloudflare Workers. Crypto functions are now called during requests only, which resolves the error that Cloudflare Workers were facing. A recent change introduced a precomputedNonce configuration option to mitigate this issue, but it was an incorrect approach given the nature of CSP nonces. This configuration option is now deprecated and should not be used for any reason since it suffers from the previously mentioned issue of reusing nonces.

    Additionally, this change adds other applicable CSPs for the scripts, styles, images, manifest, and iframes that the landing pages load.

    A final consequence of this change is an extension of the renderLandingPage plugin hook. This hook can now return an object with an html property which returns a Promise<string> in addition to a string (which was the only option before).

  • Updated dependencies [0adaf80d1]:

    • @apollo/server@4.7.4

4.7.3

Patch Changes

  • Updated dependencies [75b668d9e]:
    • @apollo/server@4.7.3

4.7.2

Patch Changes

  • Updated dependencies [c3f04d050]:
    • @apollo/server@4.7.2

4.7.1

Patch Changes

  • Updated dependencies [5d3c45be9]:
    • @apollo/server@4.7.1

4.7.0

Patch Changes

4.6.0

Patch Changes

4.5.0

Patch Changes

4.4.1

Patch Changes

  • #7381 29038a4d3 Thanks @renovate! - Update graphql-http dependency

  • Updated dependencies [021460e95]:

    • @apollo/usage-reporting-protobuf@4.1.0
    • @apollo/server@4.4.1

4.4.0

Patch Changes

  • Updated dependencies [f2d433b4f]:
    • @apollo/server@4.4.0

4.3.3

Patch Changes

4.3.2

Patch Changes

4.3.1

Patch Changes

4.3.0

Patch Changes

4.2.2

Patch Changes

  • #7203 2042ee761 Thanks @glasser! - Fix v4.2.0 (#7171) regression where "operationName": null, "variables": null, and "extensions": null in POST bodies were improperly rejected.

  • Updated dependencies [2042ee761]:

    • @apollo/server@4.2.2

4.2.1

Patch Changes

  • #7187 3fd7b5f26 Thanks @trevor-scheer! - Update @apollo/utils.keyvaluecache dependency to the latest patch which correctly specifies its version of lru-cache.

  • Updated dependencies [3fd7b5f26]:

    • @apollo/server@4.2.1

4.2.0

Minor Changes

  • #7171 37b3b7fb5 Thanks @glasser! - If a POST body contains a non-string operationName or a non-object variables or extensions, fail with status code 400 instead of ignoring the field.

    In addition to being a reasonable idea, this provides more compliance with the "GraphQL over HTTP" spec.

    This is a backwards incompatible change, but we are still early in the Apollo Server 4 adoption cycle and this is in line with the change already made in Apollo Server 4 to reject requests providing variables or extensions as strings. If this causes major problems for users who have already upgraded to Apollo Server 4 in production, we can consider reverting or partially reverting this change.

Patch Changes

  • #7170 4ce738193 Thanks @trevor-scheer! - Update @apollo/utils packages to v2 (dropping node 12 support)

  • #7179 c8129c23f Thanks @renovate! - Fix a few tests to support (but not require) TypeScript 4.9.

  • #7171 37b3b7fb5 Thanks @glasser! - The integration test suite now incorporates the graphql-http package's audit suite for the "GraphQL over HTTP" specification.

  • #7183 46af8255c Thanks @glasser! - Apollo Server tries to detect if execution errors are variable coercion errors in order to give them a code extension of BAD_USER_INPUT rather than INTERNAL_SERVER_ERROR. Previously this would unconditionally set the code; now, it only sets the code if no code is already set, so that (for example) custom scalar parseValue methods can throw errors with specific codes. (Note that a separate graphql-js bug can lead to these extensions being lost; see graphql/graphql-js#3785 for details.)

  • Updated dependencies [4ce738193, 37b3b7fb5, b1548c1d6, 7ff96f533, 46af8255c]:

    • @apollo/server@4.2.0

4.1.1

Patch Changes

  • Updated dependencies [c835637be]:
    • @apollo/server@4.1.1

4.1.0

Minor Changes

  • 2a2d1e3b4 Thanks @glasser! - The cache-control HTTP response header set by the cache control plugin now properly reflects the cache policy of all operations in a batched HTTP request. (If you write the cache-control response header via a different mechanism to a format that the plugin would not produce, the plugin no longer writes the header.) For more information, see advisory GHSA-8r69-3cvp-wxc3.

  • 2a2d1e3b4 Thanks @glasser! - Plugins processing multiple operations in a batched HTTP request now have a shared requestContext.request.http object. Changes to HTTP response headers and HTTP status code made by plugins operating on one operation can be immediately seen by plugins operating on other operations in the same HTTP request.

  • 2a2d1e3b4 Thanks @glasser! - New field GraphQLRequestContext.requestIsBatched available to plugins.

  • #7114 c1651bfac Thanks @trevor-scheer! - Directly depend on Apollo Server rather than as a peer

Patch Changes

4.0.5

Patch Changes

4.0.4

Patch Changes

  • #7080 540f3d97c Thanks @martinnabhan! - Recognize malformed JSON error messages from Next.js.

  • Updated dependencies []:

    • @apollo/server@4.0.4

4.0.3

Patch Changes

  • #7073 e7f524eac Thanks @glasser! - Never interpret GET requests as batched. In previous versions of Apollo Server 4, a GET request whose body was a JSON array with N elements would be interpreted as a batch of the operation specified in the query string repeated N times. Now we just ignore the body for GET requests (like in Apollo Server 3), and never treat them as batched.

  • #7071 0ed389ce8 Thanks @glasser! - Fix v4 regression: gateway implementations should be able to set HTTP response headers and the status code.

  • Updated dependencies [e7f524eac, 0ed389ce8]:

    • @apollo/server@4.0.3

4.0.2

Patch Changes

  • #7035 b3f400063 Thanks @barryhagan! - Errors resulting from an attempt to use introspection when it is not enabled now have an additional validationErrorCode: 'INTROSPECTION_DISABLED' extension; this value is part of a new enum ApolloServerValidationErrorCode exported from @apollo/server/errors.

  • #7066 f11d55a83 Thanks @trevor-scheer! - Add a test to validate error message and code for invalid operation names via GET

  • #7055 d0d8f4be7 Thanks @trevor-scheer! - Fix build configuration issue and align on CJS correctly

  • Updated dependencies [b3f400063]:

    • @apollo/server@4.0.2

4.0.1

Patch Changes

  • #7049 3daee02c6 Thanks @glasser! - Raise minimum engines requirement from Node.js v14.0.0 to v14.16.0. This is the minimum version of Node 14 supported by the engines requirement of graphql@16.6.0.

  • Updated dependencies [3daee02c6, 3daee02c6]:

    • @apollo/server@4.0.1

4.0.0

Initial release of @apollo/server-integration-testsuite.