[Snyk] Upgrade @apollo/client from 3.3.20 to 3.7.16

[victorcmarinho]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade @apollo/client from 3.3.20 to 3.7.16.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 167 versions ahead of your current version.
• The recommended version was released a month ago, on 2023-06-20.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Information Exposure SNYK-JS-APOLLOCLIENT-1085706	479/1000 Why? Has a fix available, CVSS 5.3	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: @apollo/client

• 3.7.16 - 2023-06-20
  

  Patch Changes

  • #10806 cb1540504 Thanks @ phryneas! - Fix a bug in PersistedQueryLink that would cause it to permanently skip persisted queries after a 400 or 500 status code.

  • #10807 b32369592 Thanks @ phryneas! - PersistedQueryLink will now also check for error codes in extensions.

  • #10982 b9be7a814 Thanks @ sdeleur-sc! - Update relayStylePagination to avoid populating startCursor when only a single cursor is present under the edges field. Use that cursor only as the endCursor.

  • #10962 772cfa3cb Thanks @ jerelmiller! - Remove useGETForQueries option in BatchHttpLink.Options type since it is not supported.

  Potentially breaking change in PersistedQueryLink

  Previously, if the PersistedQueryLink encountered a single 400 or 500 error, it would stop sending any persisted queries in the future. This allowed you to use the link even if a server had no support for persisted queries.

  We have decided to change this behavior, so now the PersistedQueryLink will only stop trying to send query hashes if the server responds with a PERSISTED_QUERY_NOT_SUPPORTED error code as it was unclear whether a 400 or 500 status code was in fact because the server did not support persisted queries.

  If you relied on the previous behaviour, maybe because you were communicating with a server that might or might not support persisted queries, but would return with a different kind of error, you can use the disable option callback to override this behavior like this:

  createPersistedQueryLink({
    // ... other options ...
    disable({ operation }){
      const { response } = operation.getContext();
      return (
        response &&
        response.status &&
        (response.status === 400 || response.status === 500)
      );
    }
  })

  Alternatively, consider removing the link entirely when your server does not support persisted queries.

• 3.7.15 - 2023-05-26
  

  Patch Changes

  • #10891 ab42a5c08 Thanks @ laverdet! - Fixes a bug in how multipart responses are read when using @ defer. When reading a multipart body, HttpLink no longer attempts to parse the boundary (e.g. "---" or other boundary string) within the response data itself, only when reading the beginning of each mulitpart chunked message.

  • #10789 23a4e1578 Thanks @ phryneas! - Fix a bug where other fields could be aliased to __typename or id, in which case an incoming result would be merged into the wrong cache entry.

• 3.7.14 - 2023-05-03
  

  Patch Changes

  • #10764 1b0a61fe5 Thanks @ phryneas! - Deprecate useFragment returnPartialData option

  • #10810 a6252774f Thanks @ dleavitt! - Fix type signature of ServerError.

    In <3.7 HttpLink and BatchHttpLink would return a ServerError.message of e.g. "Unexpected token 'E', \"Error! Foo bar\" is not valid JSON" and a ServerError.result of undefined in the case where a server returned a >= 300 response code with a response body containing a string that could not be parsed as JSON.

    In >=3.7, message became e.g. Response not successful: Received status code 302 and result became the string from the response body, however the type in ServerError.result was not updated to include the string type, which is now properly reflected.

• 3.7.13 - 2023-04-27
  

  Patch Changes

  • #10805 a5503666c Thanks @ phryneas! - Fix a potential memory leak in SSR scenarios when many persistedQuery instances were created over time.

  • #10718 577c68bdd Thanks @ Hsifnus! - Delay Concast subscription teardown slightly in useSubscription to prevent unexpected Concast teardown when one useSubscription hook tears down its in-flight Concast subscription immediately followed by another useSubscription hook reusing and subscribing to that same Concast

• 3.7.12 - 2023-04-12
  

  Patch Changes

  • #10735 895bcdcff Thanks @ alessbell! - If a multipart chunk contains only hasNext: false, immediately complete the observable.
• 3.7.11 - 2023-03-31
  

  Patch Changes

  • #10586 4175af594 Thanks @ alessbell! - Improve WebSocket error handling for generic Event received on error. For more information see https://developer.mozilla.org/en-US/docs/Web/API/WebSocket/error_event.

  • #10411 152baac34 Thanks @ lovasoa! - Simplify error message generation and make 'undefined' an impossible message string.

  • #10592 cdb98ae08 Thanks @ alessbell! - Adds support for multipart subscriptions in HttpLink.

  • #10698 38508a251 Thanks @ jerelmiller! - Changes the behavior of useLazyQuery introduced in #10427 where unmounting a component before a query was resolved would reject the promise with an abort error. Instead, the promise will now resolve naturally with the result from the request.

    Other notable fixes:

    • Kicking off multiple requests in parallel with the execution function will now ensure each returned promise is resolved with the data from its request. Previously, each promise was resolved with data from the last execution.
    • Re-rendering useLazyQuery with a different query document will now ensure the execution function uses the updated query document. Previously, only the query document rendered the first time would be used for the request.

  • #10660 364bee98f Thanks @ alessbell! - Upgrades TypeScript to v5. This change is fully backward-compatible and transparent to users.

  • #10597 8fb9d190d Thanks @ phryneas! - Fix a bug where an incoming cache update could prevent future updates from the active link.

  • #10629 02605bb3c Thanks @ phryneas! - useQuery: delay unsubscribe to fix race conditions

• 3.7.10 - 2023-03-02
  

  Patch Changes

  • #9438 52a9c8ea1 Thanks @ dciesielkiewicz! - Ensure the client option passed to useMutation's execute function is used when provided. Previously this option was ignored.

  • #9124 975b923c0 Thanks @ andrebrantom! - Make ApolloClient.writeQuery and ApolloClient.writeFragment behave more like cache.writeQuery and cache.writeFragment by returning the reference returned by the cache.

• 3.7.9 - 2023-02-17
  

  Patch Changes

  • #10560 a561ecf43 Thanks @ benjamn! - Keep __typename fragment when it does not contain @ client directive and strip out inline fragments which use a @ client directive. Thanks @ Gazler and @ mtsmfm!

  • #10560 251a12806 Thanks @ benjamn! - Refactor removeDirectivesFromDocument to fix AST ordering sensitivities and avoid 1/3 AST traversals, potentially improving performance for large queries

• 3.7.8 - 2023-02-15
  

  Patch Changes

  • #7555 45562d6fa Thanks @ TheCeloReis! - Adds TVariables generic to GraphQLRequest and MockedResponse interfaces.

  • #10526 1d13de4f1 Thanks @ benjamn! - Tolerate undefined concast.sources if complete called earlier than concast.start

  • #10497 8a883d8a1 Thanks @ nevir! - Update SingleExecutionResult and IncrementalPayload's data types such that they no longer include undefined, which was not a valid runtime value, to fix errors when TypeScript's exactOptionalPropertyTypes is enabled.

• 3.7.7 - 2023-02-03
• 3.7.6 - 2023-01-31
• 3.7.5 - 2023-01-24
• 3.7.4 - 2023-01-13
• 3.7.3 - 2022-12-15
• 3.7.2 - 2022-12-06
• 3.7.1 - 2022-10-20
• 3.7.0 - 2022-09-30
• 3.7.0-rc.0 - 2022-09-21
• 3.7.0-beta.8 - 2022-09-21
• 3.7.0-beta.7 - 2022-09-08
• 3.7.0-beta.6 - 2022-06-27
• 3.7.0-beta.5 - 2022-06-10
• 3.7.0-beta.4 - 2022-06-10
• 3.7.0-beta.3 - 2022-06-07
• 3.7.0-beta.2 - 2022-06-07
• 3.7.0-beta.1 - 2022-05-26
• 3.7.0-beta.0 - 2022-05-25
• 3.7.0-alpha.6 - 2022-05-19
• 3.7.0-alpha.5 - 2022-05-16
• 3.7.0-alpha.4 - 2022-05-13
• 3.7.0-alpha.3 - 2022-05-09
• 3.7.0-alpha.2 - 2022-05-03
• 3.7.0-alpha.1 - 2022-05-03
• 3.7.0-alpha.0 - 2022-04-27
• 3.6.10 - 2022-09-29
• 3.6.9 - 2022-06-21
• 3.6.8 - 2022-06-10
• 3.6.7 - 2022-06-10
• 3.6.6 - 2022-05-26
• 3.6.5 - 2022-05-23
• 3.6.4 - 2022-05-16
• 3.6.3 - 2022-05-05
• 3.6.2 - 2022-05-03
• 3.6.1 - 2022-04-28
• 3.6.0 - 2022-04-26
• 3.6.0-rc.1 - 2022-04-19
• 3.6.0-rc.0 - 2022-04-18
• 3.6.0-beta.13 - 2022-04-14
• 3.6.0-beta.12 - 2022-04-11
• 3.6.0-beta.11 - 2022-04-05
• 3.6.0-beta.10 - 2022-03-29
• 3.6.0-beta.9 - 2022-03-10
• 3.6.0-beta.8 - 2022-03-10
• 3.6.0-beta.7 - 2022-03-10
• 3.6.0-beta.6 - 2022-02-15
• 3.6.0-beta.5 - 2022-02-04
• 3.6.0-beta.4 - 2022-02-03
• 3.6.0-beta.3 - 2021-11-23
• 3.6.0-beta.2 - 2021-11-22
• 3.6.0-beta.1 - 2021-11-16
• 3.6.0-beta.0 - 2021-11-16
• 3.5.10 - 2022-02-24
• 3.5.9 - 2022-02-15
• 3.5.8 - 2022-01-24
• 3.5.7 - 2022-01-10
• 3.5.6 - 2021-12-07
• 3.5.5 - 2021-11-23
• 3.5.4 - 2021-11-19
• 3.5.3 - 2021-11-17
• 3.5.2 - 2021-11-10
• 3.5.1 - 2021-11-09
• 3.5.0 - 2021-11-08
• 3.5.0-rc.3 - 2021-11-03
• 3.5.0-rc.2 - 2021-10-22
• 3.5.0-rc.1 - 2021-10-04
• 3.5.0-rc.0 - 2021-10-04
• 3.5.0-beta.18 - 2021-10-01
• 3.5.0-beta.17 - 2021-09-27
• 3.5.0-beta.16 - 2021-09-20
• 3.5.0-beta.15 - 2021-09-17
• 3.5.0-beta.14 - 2021-09-17
• 3.5.0-beta.13 - 2021-09-13
• 3.5.0-beta.12 - 2021-09-10
• 3.5.0-beta.11 - 2021-08-30
• 3.5.0-beta.10 - 2021-08-30
• 3.5.0-beta.9 - 2021-08-26
• 3.5.0-beta.8 - 2021-08-24
• 3.5.0-beta.7 - 2021-08-23
• 3.5.0-beta.6 - 2021-08-18
• 3.5.0-beta.5 - 2021-08-09
• 3.5.0-beta.4 - 2021-08-04
• 3.5.0-beta.3 - 2021-08-03
• 3.5.0-beta.2 - 2021-08-02
• 3.5.0-beta.1 - 2021-07-29
• 3.5.0-beta.0 - 2021-07-28
• 3.4.17 - 2021-11-08
• 3.4.16 - 2021-10-04
• 3.4.15 - 2021-09-27
• 3.4.14 - 2021-09-27
• 3.4.13 - 2021-09-20
• 3.4.12 - 2021-09-17
• 3.4.11 - 2021-09-10
• 3.4.10 - 2021-08-27
• 3.4.9 - 2021-08-24
• 3.4.8 - 2021-08-16
• 3.4.7 - 2021-08-09
• 3.4.6 - 2021-08-09
• 3.4.5 - 2021-08-04
• 3.4.4 - 2021-08-03
• 3.4.3 - 2021-08-02
• 3.4.2 - 2021-08-02
• 3.4.1 - 2021-07-29
• 3.4.0 - 2021-07-28
• 3.4.0-rc.23 - 2021-07-23
• 3.4.0-rc.22 - 2021-07-22
• 3.4.0-rc.21 - 2021-07-19
• 3.4.0-rc.20 - 2021-07-15
• 3.4.0-rc.19 - 2021-07-12
• 3.4.0-rc.18 - 2021-07-09
• 3.4.0-rc.17 - 2021-07-06
• 3.4.0-rc.16 - 2021-07-06
• 3.4.0-rc.15 - 2021-06-28
• 3.4.0-rc.14 - 2021-06-24
• 3.4.0-rc.13 - 2021-06-23
• 3.4.0-rc.12 - 2021-06-22
• 3.4.0-rc.11 - 2021-06-17
• 3.4.0-rc.10 - 2021-06-16
• 3.4.0-rc.9 - 2021-06-16
• 3.4.0-rc.8 - 2021-06-16
• 3.4.0-rc.7 - 2021-06-15
• 3.4.0-rc.6 - 2021-06-08
• 3.4.0-rc.5 - 2021-06-07
• 3.4.0-rc.4 - 2021-06-04
• 3.4.0-rc.3 - 2021-06-02
• 3.4.0-rc.2 - 2021-05-26
• 3.4.0-rc.1 - 2021-05-25
• 3.4.0-rc.0 - 2021-05-19
• 3.4.0-beta.28 - 2021-05-19
• 3.4.0-beta.27 - 2021-05-18
• 3.4.0-beta.26 - 2021-05-12
• 3.4.0-beta.25 - 2021-05-11
• 3.4.0-beta.24 - 2021-05-05
• 3.4.0-beta.23 - 2021-04-13
• 3.4.0-beta.22 - 2021-04-10
• 3.4.0-beta.21 - 2021-04-07
• 3.4.0-beta.20 - 2021-04-05
• 3.4.0-beta.19 - 2021-03-26
• 3.4.0-beta.18 - 2021-03-26
• 3.4.0-beta.17 - 2021-03-25
• 3.4.0-beta.16 - 2021-03-24
• 3.4.0-beta.15 - 2021-03-17
• 3.4.0-beta.14 - 2021-03-15
• 3.4.0-beta.13 - 2021-03-11
• 3.4.0-beta.12 - 2021-03-03
• 3.4.0-beta.11 - 2021-02-14
• 3.4.0-beta.10 - 2021-02-09
• 3.4.0-beta.9 - 2021-02-09
• 3.4.0-beta.8 - 2021-02-05
• 3.4.0-beta.7 - 2021-02-04
• 3.4.0-beta.6 - 2021-01-29
• 3.4.0-beta.5 - 2021-01-29
• 3.4.0-beta.4 - 2020-12-16
• 3.4.0-beta.3 - 2020-12-12
• 3.4.0-beta.2 - 2020-12-04
• 3.4.0-beta.1 - 2020-12-03
• 3.4.0-beta.0 - 2020-12-01
• 3.3.21 - 2021-07-06
• 3.3.20 - 2021-06-08

from @apollo/client GitHub release notes

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs