chore(deps-dev): bump gatsby from 4.6.2 to 4.7.2, run [GitHubCommitActivity GitHubDeployments GitHubTotalDiscussion GitHubForks GitHubIssues GitHubHacktoberfest]

[dependabot]

Bumps gatsby from 4.6.2 to 4.7.2.

Release notes

Sourced from gatsby's releases.

v4.7

Welcome to gatsby@4.7.0 release (February 2022 #1)

Key highlights of this release:

• trailingSlash Option - Now built into the Framework itself
• Faster Schema Creation & createPages - Speed improvements of at least 30%

Also check out notable bugfixes.

Bleeding Edge: Want to try new features as soon as possible? Install gatsby@next and let us know if you have any issues.

Previous release notes

Full changelog

Commits

• db83523 chore(release): Publish
• 7ef1fb6 fix(gatsby): Content Sync DSG bug (#34799) (#34818)
• d149291 chore(gatsby-plugin-mdx): Use MDX v1 for install instructions (#34774) (#34817)
• f672a67 chore(release): Publish
• 07dccad fix(gatsby-link): trailing slash undefined check for prod env (#34765) (#34766)
• 1f30882 chore(release): Publish
• 9e8dd90 chore(docs): Update transformOptions defaults (#34713)
• 72b3586 chore(starter): Add minimal Typescript starter (#34688)
• 62b07a0 chore(docs): Added required type attribute to resolver (#34716)
• 0c04ce0 chore(docs): Update "Debugging HTML builds" to include getServerData (#34631)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[calebcartwright]

Looks like we'll have to bump to graphql v16+ in order to land this

[calebcartwright]

I'd forgotten about the graphql mess from #7230 & #7428

AIUI, this is blocked on the graphql upgrade to v16.x due to a transitive dependency of gatsby (graphql-compose/graphql-compose#374). At the same time, we can't update to v16.x of graphql because gatsby also has a transitive dependency issue with express-graphql which honestly seems like a dead project at this point (e.g. graphql/express-graphql#790 and graphql/express-graphql#790).

This mess has been dragging on a bit too long for my comfort level, though outside of trying to get the express-graphql project revived, or getting the gatsby folks to adjust their dependency tree to remove that one, I don't see what else we could do beyond swapping out our usage of gatsby altogether

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

[chris48s]

It is also doing my head in that we can't upgrade graphql but gatsby 4.7.2 itself requires "graphql": "^15.7.2"
https://github.com/gatsbyjs/gatsby/blob/gatsby%404.7.2/packages/gatsby/package.json#L94
so I don't think this package should require an update to graphql 16

[calebcartwright]

so I don't think this package should require an update to graphql 16

Not sure I agree.

This version of gatsby also a direct dependency on graphql-compose v9.0.6, which in turn introduces the requirement for graphql v16 as per specified dependency in https://github.com/graphql-compose/graphql-compose/blob/v9.0.6/package.json#L37 and the associated issue I linked above which confirms that, at least as far as i understand it.

[calebcartwright]

And I guess to clarify, it's a dev dependency, but that's still causing the TS build to blow up because of incompatible types. Perhaps we could find a way to ignore it or force a downgrade, but I still think the root cause is some conflicting grapghql version expectations with gatsby's tree

> tsc --noEmit --project .

node_modules/graphql-compose/lib/type/buffer.d.ts:3:25 - error TS2315: Type 'GraphQLScalarType' is not generic.

3 declare const _default: GraphQLScalarType<Buffer, string>;
                          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

node_modules/graphql-compose/lib/type/date.d.ts:2:25 - error TS2315: Type 'GraphQLScalarType' is not generic.

2 declare const _default: GraphQLScalarType<Date, string>;
                          ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Found 2 errors.

Exited with code exit status 2

[chris48s]

Right, so express-graphql wants graphql 15.4.0
https://github.com/graphql/express-graphql/blob/v0.12.0/package.json#L86
and graphql-compose wants graphql 16.1.0
https://github.com/graphql-compose/graphql-compose/blob/v9.0.6/package.json#L37
In general, this is not a problem: NPM will happily install 2 different versions of the same library in the same tree using 'broken diamond' resolution strategy. I don't think that in itself makes this release fundamentally broken for 100% of gatsby users.

I think the reason this is an issue for us specifically is because we also have something else (I forget what) which has graphql as a peerDependency which I think changes the resolution strategy for us and requires every package to share a single version of graphql. I think that is why dependabot has tried to bump both gatsby and graphql in this PR, rather than just gatsby.

[calebcartwright]

Perhaps we're closer to the same page after all then?

Don't disagree with you in the general sense of gatsby users, but I'm simply saying I don't see a way for us to make this gatsby upgrade in a way that doesn't introduce the type issues. My hypothesis on possible resolution is still centered around graphql versioning, whether that's via us managing to get our entire tree to a v16+ world or trying to convince npm that graphql-compose explicitly needs graphql v16+.

I'm happy to be proven wrong though if you or anyone else sees a path forward, so definitely feel free to reopen this. I originally went down the former path of trying to advance everything to v16 as I'd already forgotten about our graphql fun and that's why I'd pushed some extra commits (dependabot only bumped gatsby here). That still seems thoroughly blocked though, and I don't have the patience to try to investigate/battle more surgical options 😅

[chris48s]

And I guess to clarify, it's a dev dependency

Actually, yes - you're right.. in the previous post, both of the links I posted are to dev dependencies 🤦

The relevant constraint for both packages is actually the peerDependencies:

• https://github.com/graphql/express-graphql/blob/v0.12.0/package.json#L102
• https://github.com/graphql-compose/graphql-compose/blob/v9.0.7/package.json#L24

So you're right that express-graphql is the lib that is preventing us from upgrading to graphql 16, but this version of gatsby should be compatible with graphql ^15.3.0 as that is compatible with the constraints of both libs.

If I just install gatsby on a clean project, it chooses graphql 15.8.0

 npm list graphql
foobar@0.0.0 /home/chris/dev/foobar
└─┬ gatsby@4.7.2
  ├─┬ eslint-plugin-graphql@4.0.0
  │ ├─┬ graphql-config@3.4.1
  │ │ ├─┬ @graphql-tools/graphql-file-loader@6.2.7
  │ │ │ ├─┬ @graphql-tools/import@6.6.5
  │ │ │ │ ├─┬ @graphql-tools/utils@8.6.1
  │ │ │ │ │ └── graphql@15.8.0 deduped
  │ │ │ │ └── graphql@15.8.0 deduped
  │ │ │ └── graphql@15.8.0 deduped
  │ │ ├─┬ @graphql-tools/json-file-loader@6.2.6
  │ │ │ └── graphql@15.8.0 deduped
  │ │ ├─┬ @graphql-tools/load@6.2.8
  │ │ │ └── graphql@15.8.0 deduped
  │ │ ├─┬ @graphql-tools/merge@6.2.14
  │ │ │ ├─┬ @graphql-tools/schema@7.1.5
  │ │ │ │ └── graphql@15.8.0 deduped
  │ │ │ └── graphql@15.8.0 deduped
  │ │ ├─┬ @graphql-tools/url-loader@6.10.1
  │ │ │ ├─┬ @graphql-tools/delegate@7.1.5
  │ │ │ │ ├─┬ @graphql-tools/batch-execute@7.1.2
  │ │ │ │ │ └── graphql@15.8.0 deduped
  │ │ │ │ └── graphql@15.8.0 deduped
  │ │ │ ├─┬ @graphql-tools/wrap@7.0.8
  │ │ │ │ └── graphql@15.8.0 deduped
  │ │ │ ├─┬ graphql-ws@4.9.0
  │ │ │ │ └── graphql@15.8.0 deduped
  │ │ │ ├── graphql@15.8.0 deduped
  │ │ │ └─┬ subscriptions-transport-ws@0.9.19
  │ │ │   └── graphql@15.8.0 deduped
  │ │ ├─┬ @graphql-tools/utils@7.10.0
  │ │ │ └── graphql@15.8.0 deduped
  │ │ └── graphql@15.8.0 deduped
  │ └── graphql@15.8.0 deduped
  ├─┬ express-graphql@0.12.0
  │ └── graphql@15.8.0 deduped
  ├─┬ graphql-compose@9.0.7
  │ ├─┬ graphql-type-json@0.3.2
  │ │ └── graphql@15.8.0 deduped
  │ └── graphql@15.8.0 deduped
  └── graphql@15.8.0

so in theory (according to the constraints) the correct version of graphql to pair with this version of gatsby is 15.x

..but then using 15.x we hit graphql-compose/graphql-compose#374

so I guess maybe this version of gatsby actually is broken (or at least incompatible with tsc which may be.. not the same thing) and/or the peerDependencies statement at https://github.com/graphql-compose/graphql-compose/blob/v9.0.7/package.json#L24 isn't right.

I think I have now caught up

[calebcartwright]

I believe the technical term for all this is... fustercluck 🤣