chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@apollo/client (source)	3.7.7 -> 3.7.8					devDependencies	patch
@apollo/gateway	2.3.1 -> 2.3.2					devDependencies	patch
@apollo/subgraph	2.3.1 -> 2.3.2					devDependencies	patch
@typescript-eslint/eslint-plugin	5.51.0 -> 5.52.0					devDependencies	minor
@typescript-eslint/parser	5.51.0 -> 5.52.0					devDependencies	minor
cspell (source)	6.22.0 -> 6.26.3					devDependencies	minor
eslint (source)	8.33.0 -> 8.34.0					devDependencies	minor
jest (source)	29.4.2 -> 29.4.3					devDependencies	patch
jest-config	29.4.2 -> 29.4.3					devDependencies	patch
jest-mock	29.4.2 -> 29.4.3					devDependencies	patch
node	18.14.0 -> 18.14.1					volta	patch
npm (source)	9.4.2 -> 9.5.0					volta	minor
rollup (source)	3.14.0 -> 3.15.0					devDependencies	minor

---

Release Notes

apollographql/apollo-client

v3.7.8

Compare Source

Patch Changes

• #​7555 45562d6fa Thanks @​TheCeloReis! - Adds TVariables generic to GraphQLRequest and MockedResponse interfaces.

• #​10526 1d13de4f1 Thanks @​benjamn! - Tolerate undefined concast.sources if complete called earlier than concast.start

• #​10497 8a883d8a1 Thanks @​nevir! - Update SingleExecutionResult and IncrementalPayload's data types such that they no longer include undefined, which was not a valid runtime value, to fix errors when TypeScript's exactOptionalPropertyTypes is enabled.

apollographql/federation (@​apollo/gateway)

v2.3.2

Compare Source

Patch Changes

• Move gateway post-processing errors from errors into extensions.valueCompletion of the response (#​2380)

  [https://github.com/apollographql/federation/pull/2335](https://togithub.com/apollographql/federation/pull/2335)5]\(PR #​2335) introduced a breaking change that broke existing usages with respect to nullability and gateway error handling. In response to [https://github.com/apollographql/federation/issues/2374](https://togithub.com/apollographql/federation/issues/2374)4]\(Issue #​2374), we are reverting the breaking portion of this change by continuing to swallow post processing errors as the gateway did prior to v2.3.0. Instead, those errors will now be included on the extensions.valueCompletion object in the response object.

  Gateway v2.3.0 and v2.3.1 are both affected by this change in behavior.

• Updated dependencies []:

  • @​apollo/composition@​2.3.2
  • @​apollo/federation-internals@​2.3.2
  • @​apollo/query-planner@​2.3.2

apollographql/federation (@​apollo/subgraph)

v2.3.2

Compare Source

Patch Changes

• Updated dependencies []:
  • @​apollo/federation-internals@​2.3.2

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v5.52.0

Compare Source

Bug Fixes

• eslint-plugin: [no-import-type-side-effects] correctly ignore zero-specifier imports (#​6444) (d5a6688)
• eslint-plugin: [no-unnecessary-condition] account for optional chaining on potentially void values (#​6432) (e1d9c67), closes #​5255
• eslint-plugin: [no-unnecessary-condition] fix false positive when checking indexed access types (#​6452) (d569924)
• eslint-plugin: fix key-spacing when type starts on next line (#​6412) (3eb2eed)

Features

• eslint-plugin: [block-spacing] extending base rule for TS related blocks (#​6195) (b2db3f5)
• eslint-plugin: [explicit-function-return-type] add allowFunctionsWithoutTypeParameters option (#​6105) (113640e)
• eslint-plugin: [explicit-function-return-type] add allowIIFEs option (#​6237) (a1b3f7b)

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v5.52.0

Compare Source

Note: Version bump only for package @​typescript-eslint/parser

streetsidesoftware/cspell

v6.26.3

Compare Source

Bug Fixes

• Be able to read cache format from config (#​4190) (6029893)

v6.26.2

Compare Source

Bug Fixes

• node:worker_threads breaks on node 14 (#​4185) (8654ac7)

v6.26.1

Compare Source

Bug Fixes

• improve Dynamic Import README.md (#​4178) (4ad1133)

v6.26.0

Compare Source

Features

• All flagWords and suggestWords suggestions are preferred. (#​4176) (abfb09c)

v6.25.0

Compare Source

Bug Fixes

• Add .webm to know file types (#​4171) (eeb9497)

v6.24.0

Compare Source

Note: Version bump only for package cspell-monorepo

6.23.1 (2023-02-12)

Note: Version bump only for package cspell-monorepo

v6.23.1

Compare Source

Note: Version bump only for package cspell-monorepo

v6.23.0

Compare Source

Note: Version bump only for package cspell-monorepo

eslint/eslint

v8.34.0

Compare Source

Features

• 9b2fcf7 feat: array-callback-return supports Array.prototype.toSorted (#​16845) (SUZUKI Sosuke)

Bug Fixes

• 923f61d fix: false positive with assignment in no-extra-parens (#​16872) (Francesco Trotta)

Documentation

• f0a9883 docs: split rules documentation (#​16797) (Ben Perlmutter)
• 67aa37b docs: fix typo in command-line-interface.md (#​16871) (Kevin Rouchut)
• 337f7ed docs: fix width of language input (#​16849) (Tanuj Kanti)
• 71349a1 docs: Configure a Parser page (#​16803) (Ben Perlmutter)
• de7e925 docs: remove extra line numbers in example (#​16848) (jonz94)
• ad38d77 docs: Update README (GitHub Actions Bot)

Chores

• 9dbe06d chore: add type property to array-element-newline schema (#​16877) (MHO)
• a061527 chore: Remove unused functions (#​16868) (Nicholas C. Zakas)

facebook/jest

v29.4.3

Compare Source

Features

• [expect] Update toThrow() to be able to use error causes (#​13606)
• [jest-core] allow to use workerIdleMemoryLimit with only 1 worker or runInBand option (#​13846)
• [jest-message-util] Add support for error causes (#​13868 & #​13912)
• [jest-runtime] Revert import assertions for JSON modules as it's been relegated to Stage 2 (#​13911)

Fixes

• [@jest/expect-utils] subsetEquality should consider also an object's inherited string keys (#​13824)
• [jest-mock] Clear mock state when jest.restoreAllMocks() is called (#​13867)
• [jest-mock] Prevent mockImplementationOnce and mockReturnValueOnce bleeding into withImplementation (#​13888)
• [jest-mock] Do not restore mocks when jest.resetAllMocks() is called (#​13866)

nodejs/node

v18.14.1: 2023-02-16, Version 18.14.1 'Hydrogen' (LTS), @​RafaelGSS prepared by @​juanarbol

Compare Source

This is a security release.

Notable Changes

The following CVEs are fixed in this release:

• CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule (High)
• CVE-2023-23919: Node.js OpenSSL error handling issues in nodejs crypto library (Medium)
• CVE-2023-23936: Fetch API in Node.js did not protect against CRLF injection in host headers (Medium)
• CVE-2023-24807: Regular Expression Denial of Service in Headers in Node.js fetch API (Low)
• CVE-2023-23920: Node.js insecure loading of ICU data through ICU_DATA environment variable (Low)

More detailed information on each of the vulnerabilities can be found in February 2023 Security Releases blog post.

This security release includes OpenSSL security updates as outlined in the recent
OpenSSL security advisory.

Commits

• [8393ebc72d] - build: build ICU with ICU_NO_USER_DATA_OVERRIDE (RafaelGSS) nodejs-private/node-private#​379
• [004e34d046] - crypto: clear OpenSSL error on invalid ca cert (RafaelGSS) #​46572
• [5e0142a852] - deps: cherry-pick Windows ARM64 fix for openssl (Richard Lau) #​46572
• [f71fe278a6] - deps: update archs files for quictls/openssl-3.0.8+quic (RafaelGSS) #​46572
• [2c6817e42b] - deps: upgrade openssl sources to quictls/openssl-3.0.8+quic (RafaelGSS) #​46572
• [f0afa0bfe5] - deps: update undici to 5.19.1 (Node.js GitHub Bot) #​46634
• [c26a34c13e] - deps: update undici to 5.18.0 (Node.js GitHub Bot) #​46634
• [db93ee4a15] - deps: update undici to 5.17.1 (Node.js GitHub Bot) #​46634
• [b4e49fb02c] - deps: update undici to 5.16.0 (Node.js GitHub Bot) #​46634
• [90994e6a2c] - deps: update undici to 5.15.1 (Node.js GitHub Bot) #​46634
• [00302fc7ac] - deps: update undici to 5.15.0 (Node.js GitHub Bot) #​46634
• [0e3b796cc5] - lib: makeRequireFunction patch when experimental policy (RafaelGSS) nodejs-private/node-private#​371
• [7cccd5565f] - policy: makeRequireFunction on mainModule.require (RafaelGSS) nodejs-private/node-private#​371

npm/cli

v9.5.0

Compare Source

Features

• 79bfd03 #​6153 audit signatures verifies attestations (@​feelepxyz)
• 5fc6473 add provenance attestation (@​bdehamer)

Bug Fixes

• 53f75a4 #​6158 gracefully fallback from auth-type=web (#​6158) (@​MylesBorins)
• ed59aae #​6162 refactor error reporting in audit command (@​bdehamer)

Dependencies

• fad0473 minipass@4.0.3
• 678c6bf minimatch@6.2.0
• 9b4b366 ci-info@3.8.0
• d20ee2a pacote@15.1.0
• Workspace: libnpmpublish@7.1.0
• Workspace: libnpmteam@5.0.3

rollup/rollup

v3.15.0

Compare Source

2023-02-10

Features

• Do not consider instantiating a constructor a side effect if it adds properties to "this" and is instantiated elsewhere (#​4842)

Bug Fixes

• Improve side effect detection in constructors (#​4842)

Pull Requests

• #​4842: fix: add this option to context.ignore (@​TrickyPi)
• #​4843: fixed the logo link (@​oMatheuss)
• #​4844: Update index.md (@​cunzaizhuyi)
• #​4845: docs: fix style (@​TrickyPi)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[netlify]

✅ Deploy Preview for apollo-server-docs ready!

Name	Link
🔨 Latest commit	4b0b335
🔍 Latest deploy log	https://app.netlify.com/sites/apollo-server-docs/deploys/63ef3057704a8f00089fd7b7
😎 Deploy Preview	https://deploy-preview-7380--apollo-server-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site settings.

[codesandbox-ci]

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

Latest deployment of this branch, based on commit 4b0b335:

Sandbox	Source
Apollo Server Typescript	Configuration
Apollo Server	Configuration