chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@apollo/server (source)	4.10.1 -> 4.11.0					devDependencies	minor
@apollo/server-integration-testsuite (source)	4.10.1 -> 4.11.0					devDependencies	minor
@changesets/cli (source)	2.27.1 -> 2.27.8					devDependencies	patch
@types/jest (source)	29.5.12 -> 29.5.13					devDependencies	patch
@types/node (source)	16.18.86 -> 16.18.111					devDependencies	patch
eslint (source)	8.57.0 -> 8.57.1					devDependencies	patch
node (source)	20.11.1 -> 20.17.0					volta	minor
node	5.2.0 -> 5.3.0					orb	minor
npm (source)	10.5.0 -> 10.8.3					volta	minor
prettier (source)	3.2.5 -> 3.3.3					devDependencies	minor
ts-jest (source)	29.1.2 -> 29.2.5					devDependencies	minor
typescript (source)	5.3.3 -> 5.6.2					devDependencies	minor

---

Release Notes

apollographql/apollo-server (@​apollo/server)

v4.11.0

Compare Source

Minor Changes

• #​7916 4686454 Thanks @​andrewmcgivery! - Add hideSchemaDetailsFromClientErrors option to ApolloServer to allow hiding 'did you mean' suggestions from validation errors.

  Even with introspection disabled, it is possible to "fuzzy test" a graph manually or with automated tools to try to determine the shape of your schema. This is accomplished by taking advantage of the default behavior where a misspelt field in an operation
  will be met with a validation error that includes a helpful "did you mean" as part of the error text.

  For example, with this option set to true, an error would read Cannot query field "help" on type "Query". whereas with this option set to false it would read Cannot query field "help" on type "Query". Did you mean "hello"?.

  We recommend enabling this option in production to avoid leaking information about your schema to malicious actors.

  To enable, set this option to true in your ApolloServer options:

  const server = new ApolloServer({
    typeDefs,
    resolvers,
    hideSchemaDetailsFromClientErrors: true,
  });

v4.10.5

Compare Source

Patch Changes

• #​7821 b2e15e7 Thanks @​renovate! - Non-major dependency updates

• #​7900 86d7111 Thanks @​trevor-scheer! - Inline a small dependency that was causing build issues for ESM projects

v4.10.4

Compare Source

Patch Changes

• #​7871 18a3827 Thanks @​tninesling! - Subscription heartbeats are initialized prior to awaiting subscribe(). This allows long-running setup to happen in the returned Promise without the subscription being terminated prior to resolution.

v4.10.3

Compare Source

Patch Changes

• #​7866 5f335a5 Thanks @​tninesling! - Catch errors thrown by subscription generators, and gracefully clean up the subscription instead of crashing.

v4.10.2

Compare Source

Patch Changes

• #​7849 c7e514c Thanks @​TylerBloom! - In the subscription callback server plugin, terminating a subscription now immediately closes the internal async generator. This avoids that generator existing after termination and until the next message is received.

apollographql/apollo-server (@​apollo/server-integration-testsuite)

v4.11.0

Compare Source

Patch Changes

• Updated dependencies [4686454]:
  • @​apollo/server@​4.11.0

v4.10.5

Compare Source

Patch Changes

• #​7821 b2e15e7 Thanks @​renovate! - Non-major dependency updates

• #​7900 86d7111 Thanks @​trevor-scheer! - Inline a small dependency that was causing build issues for ESM projects

• Updated dependencies [b2e15e7, 86d7111]:

  • @​apollo/server@​4.10.5

v4.10.4

Compare Source

Patch Changes

• Updated dependencies [18a3827]:
  • @​apollo/server@​4.10.4

v4.10.3

Compare Source

Patch Changes

• Updated dependencies [5f335a5]:
  • @​apollo/server@​4.10.3

v4.10.2

Compare Source

Patch Changes

• Updated dependencies [c7e514c]:
  • @​apollo/server@​4.10.2

changesets/changesets (@​changesets/cli)

v2.27.8

Compare Source

v2.27.7

Compare Source

Patch Changes

• #​1047 d108fa6 Thanks @​patzick! - Fixed a crash that could occur when depending on a tagged version of another workspace package.

• #​1400 dd6e5bb Thanks @​Andarist! - Fixed a crash that prevented the CLI from running in a scenario when a workspace depends on the root workspace

• Updated dependencies [d108fa6, dd6e5bb, dd6e5bb]:

  • @​changesets/apply-release-plan@​7.0.4
  • @​changesets/config@​3.0.2
  • @​changesets/get-dependents-graph@​2.1.1
  • @​changesets/assemble-release-plan@​6.0.3
  • @​changesets/get-release-plan@​4.0.3

v2.27.6

Compare Source

Patch Changes

• #​1392 f295b3e Thanks @​bluwy! - Replace meow dependency with mri to reduce the number of transitive dependencies

• #​1390 6a3452e Thanks @​bluwy! - Display changeset status --verbose in list form and remove tty-table dependency

v2.27.5

Compare Source

Patch Changes

• #​1370 5e9d33a Thanks @​Andarist! - Fixed a regression that caused changeset version to fail on packages having a dev dependency on a skipped package.

• Updated dependencies [5e9d33a]:

  • @​changesets/get-dependents-graph@​2.1.0
  • @​changesets/assemble-release-plan@​6.0.2
  • @​changesets/config@​3.0.1
  • @​changesets/get-release-plan@​4.0.2
  • @​changesets/apply-release-plan@​7.0.3

v2.27.4

Compare Source

Patch Changes

• #​1361 954a16a Thanks @​jakebailey! - Ensure that version/tag do not touch private packages with when versioning/tagging is turned off using versionPackages config

• #​1369 d729d8c Thanks @​Andarist! - changeset tag should now correctly skip tags that exist on the remote

• Updated dependencies [954a16a]:

  • @​changesets/assemble-release-plan@​6.0.1
  • @​changesets/apply-release-plan@​7.0.2
  • @​changesets/get-release-plan@​4.0.1

v2.27.3

Compare Source

Patch Changes

• #​1357 18c966a Thanks @​Andarist! - Fixed an issue with changeset status executed without since argument. It should now correctly use the configured base branch as the default value.

v2.27.2

Compare Source

Patch Changes

• #​1354 69be7dc Thanks @​Andarist! - Fixed an issue with changeset status incorrectly returning an error status in two cases:

  • for changed ignored packages
  • for changed private packages when privatePackage.version was set to false

• #​1351 c6da182 Thanks @​TheHolyWaffle! - Fix an issue with not applying a custom .prettierrc configuration with prettier@>= 3.1.1

• Updated dependencies [c6da182]:

  • @​changesets/apply-release-plan@​7.0.1
  • @​changesets/write@​0.3.1

eslint/eslint (eslint)

v8.57.1

Compare Source

nodejs/node (node)

v20.17.0

Compare Source

v20.16.0

Compare Source

v20.15.1

Compare Source

v20.15.0: 2024-06-20, Version 20.15.0 'Iron' (LTS), @​marco-ippolito

Compare Source

test_runner: support test plans

It is now possible to count the number of assertions and subtests that are expected to run within a test. If the number of assertions and subtests that run does not match the expected count, the test will fail.

test('top level test', (t) => {
  t.plan(2);
  t.assert.ok('some relevant assertion here');
  t.subtest('subtest', () => {});
});

Contributed by Colin Ihrig in #​52860

inspector: introduce the --inspect-wait flag

This release introduces the --inspect-wait flag, which allows debugger to wait for attachement. This flag is useful when you want to debug the code from the beginning. Unlike --inspect-brk, which breaks on the first line, this flag waits for debugger to be connected and then runs the code as soon as a session is established.

Contributed by Kohei Ueno in #​52734

zlib: expose zlib.crc32()

This release exposes the crc32() function from zlib to user-land.

It computes a 32-bit Cyclic Redundancy Check checksum of data. If
value is specified, it is used as the starting value of the checksum,
otherwise, 0 is used as the starting value.

The CRC algorithm is designed to compute checksums and to detect error
in data transmission. It's not suitable for cryptographic authentication.

const zlib = require('node:zlib');
const { Buffer } = require('node:buffer');

let crc = zlib.crc32('hello');  // 907060870
crc = zlib.crc32('world', crc);  // 4192936109

crc = zlib.crc32(Buffer.from('hello', 'utf16le'));  // 1427272415
crc = zlib.crc32(Buffer.from('world', 'utf16le'), crc);  // 4150509955

Contributed by Joyee Cheung in #​52692

cli: allow running wasm in limited vmem with --disable-wasm-trap-handler

By default, Node.js enables trap-handler-based WebAssembly bound
checks. As a result, V8 does not need to insert inline bound checks
int the code compiled from WebAssembly which may speedup WebAssembly
execution significantly, but this optimization requires allocating
a big virtual memory cage (currently 10GB). If the Node.js process
does not have access to a large enough virtual memory address space
due to system configurations or hardware limitations, users won't
be able to run any WebAssembly that involves allocation in this
virtual memory cage and will see an out-of-memory error.

$ ulimit -v 5000000
$ node -p "new WebAssembly.Memory({ initial: 10, maximum: 100 });"
[eval]:1
new WebAssembly.Memory({ initial: 10, maximum: 100 });
^

RangeError: WebAssembly.Memory(): could not allocate memory
    at [eval]:1:1
    at runScriptInThisContext (node:internal/vm:209:10)
    at node:internal/process/execution:118:14
    at [eval]-wrapper:6:24
    at runScript (node:internal/process/execution:101:62)
    at evalScript (node:internal/process/execution:136:3)
    at node:internal/main/eval_string:49:3

--disable-wasm-trap-handler disables this optimization so that
users can at least run WebAssembly (with a less optimial performance)
when the virtual memory address space available to their Node.js
process is lower than what the V8 WebAssembly memory cage needs.

Contributed by Joyee Cheung in #​52766

Other Notable Changes

• [12512c3d0e] - doc: add pimterry to collaborators (Tim Perry) #​52874
• [9d485b40bb] - (SEMVER-MINOR) tools: fix get_asan_state() in tools/test.py (Joyee Cheung) #​52766
• [e98c305f52] - (SEMVER-MINOR) tools: support max_virtual_memory test configuration (Joyee Cheung) #​52766
• [dce0300896] - (SEMVER-MINOR) tools: support != in test status files (Joyee Cheung) #​52766

Commits

• [227093bfec] - assert: add deep equal check for more Error type (Zhenwei Jin) #​51805
• [184cfe5a71] - benchmark: filter non-present deps from start-cli-version (Adam Majer) #​51746
• [8b3e83bb53] - buffer: even faster atob (Daniel Lemire) #​52443
• [8d628c3255] - buffer: use size_t instead of uint32_t to avoid segmentation fault (Xavier Stouder) #​48033
• [16ae2b2933] - buffer: remove lines setting indexes to integer value (Zhenwei Jin) #​52588
• [48c15d0dcd] - build: remove deprecated calls for argument groups (Mohammed Keyvanzadeh) #​52913
• [1be8232d17] - build: drop base64 dep in GN build (Cheng) #​52856
• [918962d6e7] - build: make simdjson a public dep in GN build (Cheng) #​52755
• [5215b6fd8e] - build, tools: copy release assets to staging R2 bucket once built (flakey5) #​51394
• [473fa73857] - (SEMVER-MINOR) cli: allow running wasm in limited vmem with --disable-wasm-trap-handler (Joyee Cheung) #​52766
• [954d2aded4] - cluster: replace forEach with for-of loop (Jérôme Benoit) #​50317
• [794e450ea7] - console: colorize console error and warn (Jithil P Ponnan) #​51629
• [0fb7c18f10] - crypto: fix duplicated switch-case return values (Mustafa Ateş UZUN) #​49030
• [cd1415c8b2] - Revert "crypto: make timingSafeEqual faster for Uint8Array" (Tobias Nießen) #​53390
• [b774544bb1] - deps: enable unbundling of simdjson, simdutf, ada (Daniel Lemire) #​52924
• [da4dbfc5fd] - doc: remove reference to AUTHORS file (Marco Ippolito) #​52960
• [2f3f2ff8af] - doc: update hljs with the latest styles (Aviv Keller) #​52911
• [3a1d17a9b1] - doc: mention quicker way to build docs (Alex Crawford) #​52937
• [be309bd19d] - doc: mention push.followTags config (Rafael Gonzaga) #​52906
• [e62c6e2684] - doc: document pipeline with end option (Alois Klink) #​48970
• [af27225cf6] - doc: add example for execFileSync method and ref to stdio (Evan Shortiss) #​39412
• [086626f9b1] - doc: add examples and notes to http server.close et al (mary marchini) #​49091
• [3aa3337a00] - doc: fix dns.lookup family 0 and all descriptions (Adam Jones) #​51653
• [585f2a2e7f] - doc: update fs.realpath documentation (sinkhaha) #​48170
• [4bf3d44e1d] - doc: update fs read documentation for clarity (Mert Can Altin) #​52453
• [ae5d47dde3] - doc: watermark string behavior (Benjamin Gruenbaum) #​52842
• [1e429d10d3] - doc: exclude commits with baking-for-lts (Marco Ippolito) #​52896
• [3df3e37cdb] - doc: add names next to release key bash commands (Aviv Keller) #​52878
• [12512c3d0e] - doc: add pimterry to collaborators (Tim Perry) #​52874
• [97e0fef019] - doc: add more definitions to GLOSSARY.md (Aviv Keller) #​52798
• [91fadac162] - doc: make docs more welcoming and descriptive for newcomers (Serkan Özel) #​38056
• [a3b20126fd] - doc: add OpenSSL errors to API docs (John Lamp) #​34213
• [9587ae9b5b] - doc: simplify copy-pasting of branch-diff commands (Antoine du Hamel) #​52757
• [6ea72a53c3] - doc: add test_runner to subsystem (Raz Luvaton) #​52774
• [972eafd983] - events: update MaxListenersExceededWarning message log (sinkhaha) #​51921
• [74753ed1fe] - events: add stop propagation flag to Event.stopImmediatePropagation (Mickael Meausoone) #​39463
• [75dd009649] - events: replace NodeCustomEvent with CustomEvent (Feng Yu) #​43876
• [7d38c2e012] - fs: keep fs.promises.readFile read until EOF is reached (Zhenwei Jin) #​52178
• [8cb13120d3] - (SEMVER-MINOR) inspector: introduce the --inspect-wait flag (Kohei Ueno) #​52734
• [d5ab1de1fd] - meta: move @anonrig to TSC regular member (Yagiz Nizipli) #​52932
• [f82d086e90] - path: fix toNamespacedPath on Windows (Hüseyin Açacak) #​52915
• [121ea13b50] - process: improve event-loop (Aras Abbasi) #​52108
• [eceac784aa] - repl: fix disruptive autocomplete without inspector (Nitzan Uziely) #​40661
• [89a910be82] - src: fix Worker termination in inspector.waitForDebugger (Daeyeon Jeong) #​52527
• [033f985e8a] - src: use S_ISDIR to check if the file is a directory (theanarkh) #​52164
• [95128399f8] - src: allow preventing debug signal handler start (Shelley Vohr) #​46681
• [b162aeae9e] - src: fix typo Unabled -> Unable (Simon Siefke) #​52820
• [2dcbf1894a] - src: avoid unused variable 'error' warning (Michaël Zasso) #​52886
• [978ee0a635] - src: only apply fix in main thread (Paolo Insogna) #​52702
• [8fc52b38c6] - src: fix test local edge case (Paolo Insogna) #​52702
• [d02907ecc4] - src: remove misplaced windows code under posix guard in node.cc (Ali Hassan) #​52545
• [af29120fa7] - stream: use ByteLengthQueuingStrategy when not in objectMode (Jason) #​48847
• [a5f3dd137c] - string_decoder: throw an error when writing a too long buffer (zhenweijin) #​52215
• [65fa95d57d] - test: add Debugger.setInstrumentationBreakpoint known issue (Konstantin Ulitin) #​31137
• [0513e07805] - test: use for-of instead of forEach (Gibby Free) #​49790
• [1d01325928] - test: verify request payload is uploaded consistently (Austin Wright) #​34066
• [7dda156872] - test: add fuzzer for native/js string conversion (Adam Korczynski) #​51120
• [5fb829b340] - test: add fuzzer for ClientHelloParser (AdamKorcz) #​51088
• [cc74bf789f] - test: fix broken env fuzzer by initializing process (AdamKorcz) #​51080
• [800b6f65cf] - test: replace forEach() in test-stream-pipe-unpipe-stream (Dario) #​50786
• [d08c9a6a31] - test: test pipeline end on transform streams (Alois Klink) #​48970
• [0be8123ede] - test: improve coverage of lib/readline.js (Rongjian Zhang) #​38646
• [410224415c] - test: updated for each to for of in test file (lyannel) #​50308
• [556e9a2127] - test: move test-http-server-request-timeouts-mixed to sequential (Madhuri) #​45722
• [0638274c07] - test: fix DNS cancel tests (Szymon Marczak) #​44432
• [311bdc62bd] - test: add http agent to executionAsyncResource (psj-tar-gz) #​34966
• [6001b164ab] - test: reduce memory usage of test-worker-stdio (Adam Majer) #​37769
• [986bfa26e9] - test: add common.expectRequiredModule() (Joyee Cheung) #​52868
• [2246d4fd1e] - test: crypto-rsa-dsa testing for dynamic openssl (Michael Dawson) #​52781
• [1dce5dea0b] - test: skip some console tests on dumb terminal (Adam Majer) #​37770
• [0addeb240c] - test: skip v8-updates/test-linux-perf-logger (Michaël Zasso) #​52821
• [56e19e38f3] - test: drop test-crypto-timing-safe-equal-benchmarks (Rafael Gonzaga) #​52751
• [0c5e58958c] - test, crypto: use correct object on assert (响马) #​51820
• [d54aa47ec1] - (SEMVER-MINOR) test_runner: support test plans (Colin Ihrig) #​52860
• [0289a023a5] - test_runner: fix watch mode race condition (Moshe Atlow) #​52954
• [cf817e192e] - test_runner: preserve hook promise when executed twice (Moshe Atlow) #​52791
• [de541235fe] - tools: fix v8-update workflow (Michaël Zasso) #​52957
• [f6290bc327] - tools: add --certify-safe to nci-ci (Matteo Collina) #​52940
• [0830b3115d] - tools: fix doc update action (Marco Ippolito) #​52890
• [9d485b40bb] - (SEMVER-MINOR) tools: fix get_asan_state() in tools/test.py (Joyee Cheung) #​52766
• [e98c305f52] - (SEMVER-MINOR) tools: support max_virtual_memory test configuration (Joyee Cheung) #​52766
• [dce0300896] - (SEMVER-MINOR) tools: support != in test status files (Joyee Cheung) #​52766
• [57006001ec] - tools: prepare custom rules for ESLint v9 (Michaël Zasso) #​52889
• [403a4a7557] - tools: update lint-md-dependencies to [email protected] (Node.js GitHub Bot) #​52836
• [01eff5860e] - tools: update gr2m/create-or-update-pull-request-action (Antoine du Hamel) #​52843
• [514f01ed59] - tools: use sccache GitHub action (Michaël Zasso) #​52839
• [8f8fb91927] - tools: specify a commit-message for V8 update workflow (Antoine du Hamel) #​52844
• [b83fbf8709] - tools: fix V8 update workflow (Antoine du Hamel) #​52822
• [be9d6f2176] - url,tools,benchmark: replace deprecated substr() (Jungku Lee) #​51546
• [7603a51d45] - util: fix %s format behavior with Symbol.toPrimitive (Chenyu Yang) #​50992
• [d7eba50cf3] - util: improve isInsideNodeModules (uzlopak) #​52147
• [4ae4f7e517] - watch: allow listening for grouped changes (Matthieu Sieben) #​52722
• [1ff8f318c0] - watch: enable passthrough ipc in watch mode (Zack) #​50890
• [739adf90b1] - watch: fix arguments parsing (Moshe Atlow) #​52760
• [5161d95c30] - (SEMVER-MINOR) zlib: expose zlib.crc32() (Joyee Cheung) #​52692

v20.14.0

Compare Source

v20.13.1: 2024-05-09, Version 20.13.1 'Iron' (LTS), @​marco-ippolito

Compare Source

2024-05-09, Version 20.13.1 'Iron' (LTS), @​marco-ippolito

Revert "tools: install npm PowerShell scripts on Windows"

Due to a regression in the npm installation on Windows, this commit reverts the change that installed npm PowerShell scripts on Windows.

Commits

• [b7d80802cc] - Revert "tools: install npm PowerShell scripts on Windows" (marco-ippolito) #​52897

v20.13.0

Compare Source

v20.12.2: 2024-04-10, Version 20.12.2 'Iron' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

• CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows

Commits

• [69ffc6d50d] - src: disallow direct .bat and .cmd file spawning (Ben Noordhuis) nodejs-private/node-private#563

v20.12.1

Compare Source

v20.12.0

Compare Source

npm/cli (npm)

v10.8.3

Compare Source

Bug Fixes

• 7e61151 #​7759 docs: init usage description corrected (#​7759) (@​milaninfy)
• 2404c7e #​7738 publish: consider package-spec when inside workspace dir (#​7738) (@​milaninfy)
• 91e46a3 #​7721 init: use locally installed version of given package (#​7721) (@​milaninfy)
• 4e81a6a #​7674 always set exit code if exiting uncleanly (#​7674) (@​wraithgar, @​hashtagchris)
• a947f25 #​7679 update lifecycle script list in run-script (#​7679) (@​sonsurim)

Documentation

• e674987 #​7743 update docs for npmrc and package-json (#​7743) (@​milaninfy)
• 24d5350 #​7742 fix and update scoped configuration example (#​7742) (@​demedos)

Dependencies

• 3fd7a48 #​7737 [email protected]
• d7e462b #​7737 [email protected]
• df58b0c [#​7737](https://redirect.github.com/npm/cli/pull/773

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 7b60a20

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[codesandbox-ci]

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.