Skip to content

chore(deps): update all non-major dependencies #223

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
renovate wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(deps): update all non-major dependencies #223

renovate wants to merge 1 commit into from

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Feb 1, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
@apollo/server (source) 5.3.05.4.0 age confidence
@apollo/server-integration-testsuite (source) 5.3.05.4.0 age confidence
@types/node (source) 20.19.3020.19.31 age confidence
@typescript-eslint/eslint-plugin (source) 8.53.18.54.0 age confidence
@typescript-eslint/parser (source) 8.53.18.54.0 age confidence
cspell (source) 9.6.09.6.4 age confidence

Release Notes

apollographql/apollo-server (@​apollo/server)

v5.4.0

Compare Source

Minor Changes

  • d25a5bd Thanks @​phryneas! - ⚠️ SECURITY @apollo/server/standalone:

    The default configuration of startStandaloneServer was vulnerable to denial of service (DoS) attacks through specially crafted request bodies with exotic character set encodings.

    In accordance with RFC 7159, we now only accept request bodies encoded in UTF-8, UTF-16 (LE or BE), or UTF-32 (LE or BE).
    Any other character set will be rejected with a 415 Unsupported Media Type error.
    Note that the more recent JSON RFC, RFC 8259, is more strict and will only allow UTF-8.
    Since this is a minor release, we have chosen to remain compatible with the more permissive RFC 7159 for now.
    In a future major release, we may tighten this restriction further to only allow UTF-8.

    If you were not using startStandaloneServer, you were not affected by this vulnerability.

    Generally, please note that we provide startStandaloneServer as a convenience tool for quickly getting started with Apollo Server.
    For production deployments, we recommend using Apollo Server with a more fully-featured web server framework such as Express, Koa, or Fastify, where you have more control over security-related configuration options.

apollographql/apollo-server (@​apollo/server-integration-testsuite)

v5.4.0

Compare Source

Patch Changes
typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v8.54.0

Compare Source

🚀 Features
  • eslint-plugin-internal: add prefer-tsutils-methods rule (#​11974, #​11625)
  • typescript-estree: add shortcut methods to ParserServicesWithTypeInformation (#​11965, #​11955)
🩹 Fixes
  • eslint-plugin: [no-unnecessary-type-assertion] check both base constraint and actual type for non-null assertions (#​11967, #​11559)
  • deps: update dependency prettier to v3.8.0 (#​11991)
  • scope-manager: fix catch clause scopes def.name (#​11982)
  • eslint-plugin: [no-unused-private-class-members] private destructured class member is defined but used (#​11785)
❤️ Thank You

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v8.54.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

streetsidesoftware/cspell (cspell)

v9.6.4

Compare Source

Fixes
fix: add --no-dictionary option to lint command (#​8514)
fix: add --no-dictionary option to lint command (#​8514)

v9.6.3

Compare Source

Fixes
fix: Add `engines` setting (#​8491)
fix: Add engines setting (#​8491)

v9.6.2

Compare Source

Fixes
fix: Conditionally compress and build bTrie (#​8437)
fix: Conditionally compress and build bTrie (#​8437)

v9.6.1

Compare Source

Fixes
fix: Move performance monitoring into its own package (#​8431)
fix: Move performance monitoring into its own package (#​8431)

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@changeset-bot
Copy link

changeset-bot bot commented Feb 1, 2026

⚠️ No Changeset found

Latest commit: 7418e4a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 7418e4a to 4ab6b39 Compare February 4, 2026 14:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@renovate-approve renovate-approve[bot] renovate-approve[bot] approved these changes

Assignees

No one assigned

Labels

🎄 dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants