Mark getDep as protected to avoid abuse

[benjie]

Description

getDep is an internal API for use within the class only; should other step classes need access to a step's dependencies they should do so via public APIs that the step exposes.

🚨 If you were previously using getDep on a different class, you'll now need to use the public interfaces instead. There's a significant chance that what you were doing may not have been safe, and may have led to GraphQL spec non-compliance.

Fixes #1939

Performance impact

Negligible.

Security impact

None known.

Checklist

• My code matches the project's code style and yarn lint:fix passes.
• I've added tests for the new feature, and yarn test passes.
• I have detailed the new feature in the relevant documentation.
• I have added this feature to 'Pending' in the RELEASE_NOTES.md file (if one exists).
• If this is a breaking change I've explained why.

[changeset-bot]

🦋 Changeset detected

Latest commit: 9f85c61

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 15 packages

Name	Type
@dataplan/pg	Patch
grafast	Patch
graphile-build-pg	Patch
graphile-utils	Patch
pgl	Patch
postgraphile	Patch
@localrepo/grafast-bench	Patch
@dataplan/json	Patch
@grafserv/persisted	Patch
grafserv	Patch
ruru-components	Patch
@localrepo/grafast-website	Patch
graphile-build	Patch
graphile-export	Patch
graphile	Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR