build(deps): bump @apollo/client from 3.3.6 to 3.13.9

[dependabot]

Bumps @apollo/client from 3.3.6 to 3.13.9.

Release notes

Sourced from @​apollo/client's releases.

@​apollo/client-codemod-migrate-3-to-4@​1.0.0-rc.1

Patch Changes

• #12775 454ec78 Thanks @​jerelmiller! - Don't export gql from @apollo/client/react entrypoint. Import from @apollo/client instead.

@​apollo/client-codemod-migrate-3-to-4@​1.0.0-rc.0

Major Changes

• #12727 b845906 Thanks @​jerelmiller! - Add a codemod that renames old import locations from 3.x entrypoint to their 4.x entrypoint.

  Run the codemod using the following command:

  npx @apollo/client-codemod-migrate-3-to-4 --parser tsx ./src/**/*.{ts,tsx}

  The codemod supports .js, .jsx, .ts, and .tsx files.

Changelog

Sourced from @​apollo/client's changelog.

3.13.9

Patch Changes

• #12804 32c9aa9 Thanks @​phryneas! - Fix a possible race condition on queries that were reobserved before they were subscribed to the first time.

3.13.8

Patch Changes

• #12567 c19d415 Thanks @​thearchitector! - Fix in-flight multipart urql subscription cancellation

3.13.7

Patch Changes

• #12540 0098932 Thanks @​phryneas! - Refactor: Move notification scheduling logic from QueryInfo to ObservableQuery

• #12540 0098932 Thanks @​phryneas! - Refactored cache emit logic for ObservableQuery. This should be an invisible change.

3.13.6

Patch Changes

• #12285 cdc55ff Thanks @​phryneas! - keep ObservableQuery created by useQuery non-active before it is first subscribed

3.13.5

Patch Changes

• #12461 12c8d06 Thanks @​jerelmiller! - Fix an issue where a cache-first query would return the result for previous variables when a cache update is issued after simultaneously changing variables and skipping the query.

3.13.4

Patch Changes

• #12420 fee9368 Thanks @​jorenbroekema! - Use import star from rehackt to prevent issues with importing named exports from external CJS modules.

3.13.3

Patch Changes

• #12362 f6d387c Thanks @​jerelmiller! - Fixes an issue where calling observableQuery.getCurrentResult() when the errorPolicy was set to all would return the networkStatus as NetworkStatus.ready when there were errors returned in the result. This has been corrected to report NetworkStatus.error.

  This bug also affected the useQuery and useLazyQuery hooks and may affect you if you check for networkStatus in your component.

3.13.2

Patch Changes

... (truncated)

Commits

• 5c202cf Version Packages (#12807)
• 32c9aa9 Fix a possible race condition on queries that were reobserved before they wer...
• 523cd57 Update ROADMAP.md
• 344d1f9 Update ROADMAP.md
• f85683c add a job to build & upload the docmodel (#12779)
• d4fb0d2 Update ROADMAP.md
• 31d1d1c Fix broken README urls
• bb557ff avoid tagging prereleases as next if next is already at a higher semver
• a262961 Update ROADMAP.md
• cacb4e1 Update ROADMAP.md
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/@apollo/client	3.13.9	🟢 5.1	Details Check Score Reason Maintained 🟢 10 18 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 9/25 approved changesets -- score normalized to 3 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ -1 no releases found Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 83 existing vulnerabilities detected

Scanned Files

• package.json

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[dependabot]

Superseded by #2510.