Upcoming Release Changes

[theguild-bot]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to master, this PR will be updated.

Releases

@graphql-tools/executor@1.4.6

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6

@graphql-tools/executor-apollo-link@1.0.19

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6

@graphql-tools/executor-envelop@3.0.27

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6

@graphql-tools/executor-legacy-ws@1.1.17

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6

@graphql-tools/executor-urql-exchange@1.0.19

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6

@graphql-tools/executor-yoga@3.0.27

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6
  • @graphql-tools/executor-envelop@3.0.27

@graphql-tools/graphql-tag-pluck@8.3.19

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6

graphql-tools@9.0.18

Patch Changes

• Updated dependencies []:
  • @graphql-tools/schema@10.0.23

@graphql-tools/import@7.0.18

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6

@graphql-tools/links@9.0.27

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6

@graphql-tools/load@8.0.19

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6
  • @graphql-tools/schema@10.0.23

@graphql-tools/apollo-engine-loader@8.0.20

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6

@graphql-tools/code-file-loader@8.1.20

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6
  • @graphql-tools/graphql-tag-pluck@8.3.19

@graphql-tools/git-loader@8.0.24

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6
  • @graphql-tools/graphql-tag-pluck@8.3.19

@graphql-tools/github-loader@8.0.20

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6
  • @graphql-tools/graphql-tag-pluck@8.3.19

@graphql-tools/graphql-file-loader@8.0.19

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6
  • @graphql-tools/import@7.0.18

@graphql-tools/json-file-loader@8.0.18

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6

@graphql-tools/module-loader@8.0.18

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6

@graphql-tools/url-loader@8.0.31

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6
  • @graphql-tools/executor-legacy-ws@1.1.17

@graphql-tools/merge@9.0.24

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6

@graphql-tools/mock@9.0.22

Patch Changes

• 6d69ede
  Thanks @ardatan! - Fix prototype polluting assignment

• Updated dependencies
  [d123e26]:

  • @graphql-tools/utils@10.8.6
  • @graphql-tools/schema@10.0.23

@graphql-tools/node-require@7.0.20

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6
  • @graphql-tools/load@8.0.19
  • @graphql-tools/graphql-file-loader@8.0.19

@graphql-tools/relay-operation-optimizer@7.0.19

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6

@graphql-tools/resolvers-composition@7.0.18

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6

@graphql-tools/schema@10.0.23

Patch Changes

• Updated dependencies
  [d123e26]:
  • @graphql-tools/utils@10.8.6
  • @graphql-tools/merge@9.0.24

@graphql-tools/utils@10.8.6

Patch Changes

• d123e26
  Thanks @ardatan! - Fix incomplete string escaping/encoding

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• Bug Fixes

  • Addressed a potential security issue that could affect object interactions, ensuring a more reliable and safer experience.

• Chores

  • Upgraded package versions and updated dependencies across several GraphQL tools to enhance stability, performance, and compatibility, resulting in a smoother overall experience for both developers and end users.

Walkthrough

This change removes a changeset file that documented a prototype pollution fix and updates the documentation and version information for the @graphql-tools/mock package. The changelog now includes a new entry for version 9.0.22, which details the patch for a prototype polluting assignment contributed by @ardatan. Additionally, the package version in package.json is updated from 9.0.21 to 9.0.22. No changes were made to exported or public entity declarations.

Changes

Files	Change Summary
.changeset/bumpy-hounds-lose.md, packages/mock/CHANGELOG.md	Removed the changeset file that documented a prototype pollution fix and added a new changelog entry for version 9.0.22, detailing the patch fix contributed by @ardatan.
packages/mock/package.json	Updated the package version from 9.0.21 to 9.0.22, aligning with the documented changes for the prototype pollution patch.

Possibly related PRs

• Upcoming Release Changes #6927: The changes in the main PR regarding the deletion of a patch note for @graphql-tools/mock and the updates in the retrieved PR for various packages, including @graphql-tools/utils, are related as they both involve addressing issues with the same utility package, although they focus on different aspects (documentation vs. dependency updates).
• Upcoming Release Changes #6925: The changes in the main PR regarding the removal of a patch note for a prototype pollution fix in @graphql-tools/mock are related to the updates in the retrieved PR that include a minor version update for @graphql-tools/utils, which also addresses issues related to prototype pollution. Both PRs involve modifications to the same underlying issue of prototype pollution, albeit in different packages.

Poem

I'm a rabbit with hops so fleet,
Skipping bugs from code to beat.
Prototype woes now out of sight,
With version bumps, all feels right.
Hoppity cheers for 9.0.22—what a delight!

---

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 74d9b08 and 428dd8f.

📒 Files selected for processing (53)

• .changeset/bumpy-hounds-lose.md (0 hunks)
• packages/executor/CHANGELOG.md (1 hunks)
• packages/executor/package.json (2 hunks)
• packages/executors/apollo-link/CHANGELOG.md (1 hunks)
• packages/executors/apollo-link/package.json (2 hunks)
• packages/executors/envelop/CHANGELOG.md (1 hunks)
• packages/executors/envelop/package.json (2 hunks)
• packages/executors/legacy-ws/CHANGELOG.md (1 hunks)
• packages/executors/legacy-ws/package.json (2 hunks)
• packages/executors/urql-exchange/CHANGELOG.md (1 hunks)
• packages/executors/urql-exchange/package.json (2 hunks)
• packages/executors/yoga/CHANGELOG.md (1 hunks)
• packages/executors/yoga/package.json (2 hunks)
• packages/graphql-tag-pluck/CHANGELOG.md (1 hunks)
• packages/graphql-tag-pluck/package.json (2 hunks)
• packages/graphql-tools/CHANGELOG.md (1 hunks)
• packages/graphql-tools/package.json (2 hunks)
• packages/import/CHANGELOG.md (1 hunks)
• packages/import/package.json (2 hunks)
• packages/links/CHANGELOG.md (1 hunks)
• packages/links/package.json (2 hunks)
• packages/load/CHANGELOG.md (1 hunks)
• packages/load/package.json (2 hunks)
• packages/loaders/apollo-engine/CHANGELOG.md (1 hunks)
• packages/loaders/apollo-engine/package.json (2 hunks)
• packages/loaders/code-file/CHANGELOG.md (1 hunks)
• packages/loaders/code-file/package.json (2 hunks)
• packages/loaders/git/CHANGELOG.md (1 hunks)
• packages/loaders/git/package.json (2 hunks)
• packages/loaders/github/CHANGELOG.md (1 hunks)
• packages/loaders/github/package.json (2 hunks)
• packages/loaders/graphql-file/CHANGELOG.md (1 hunks)
• packages/loaders/graphql-file/package.json (2 hunks)
• packages/loaders/json-file/CHANGELOG.md (1 hunks)
• packages/loaders/json-file/package.json (2 hunks)
• packages/loaders/module/CHANGELOG.md (1 hunks)
• packages/loaders/module/package.json (2 hunks)
• packages/loaders/url/CHANGELOG.md (1 hunks)
• packages/loaders/url/package.json (2 hunks)
• packages/merge/CHANGELOG.md (1 hunks)
• packages/merge/package.json (2 hunks)
• packages/mock/CHANGELOG.md (1 hunks)
• packages/mock/package.json (2 hunks)
• packages/node-require/CHANGELOG.md (1 hunks)
• packages/node-require/package.json (2 hunks)
• packages/relay-operation-optimizer/CHANGELOG.md (1 hunks)
• packages/relay-operation-optimizer/package.json (2 hunks)
• packages/resolvers-composition/CHANGELOG.md (1 hunks)
• packages/resolvers-composition/package.json (2 hunks)
• packages/schema/CHANGELOG.md (1 hunks)
• packages/schema/package.json (2 hunks)
• packages/utils/CHANGELOG.md (1 hunks)
• packages/utils/package.json (1 hunks)

💤 Files with no reviewable changes (1)

• .changeset/bumpy-hounds-lose.md

✅ Files skipped from review due to trivial changes (38)

• packages/import/package.json
• packages/merge/CHANGELOG.md
• packages/executor/CHANGELOG.md
• packages/utils/package.json
• packages/graphql-tag-pluck/package.json
• packages/loaders/module/CHANGELOG.md
• packages/executor/package.json
• packages/graphql-tools/CHANGELOG.md
• packages/node-require/CHANGELOG.md
• packages/relay-operation-optimizer/CHANGELOG.md
• packages/loaders/git/CHANGELOG.md
• packages/loaders/module/package.json
• packages/utils/CHANGELOG.md
• packages/relay-operation-optimizer/package.json
• packages/loaders/url/CHANGELOG.md
• packages/executors/urql-exchange/package.json
• packages/graphql-tools/package.json
• packages/loaders/apollo-engine/package.json
• packages/links/CHANGELOG.md
• packages/resolvers-composition/CHANGELOG.md
• packages/loaders/json-file/CHANGELOG.md
• packages/executors/legacy-ws/CHANGELOG.md
• packages/resolvers-composition/package.json
• packages/loaders/url/package.json
• packages/links/package.json
• packages/executors/yoga/package.json
• packages/schema/CHANGELOG.md
• packages/loaders/graphql-file/package.json
• packages/merge/package.json
• packages/load/CHANGELOG.md
• packages/node-require/package.json
• packages/loaders/github/package.json
• packages/loaders/code-file/CHANGELOG.md
• packages/loaders/code-file/package.json
• packages/loaders/github/CHANGELOG.md
• packages/loaders/json-file/package.json
• packages/loaders/git/package.json
• packages/schema/package.json

🚧 Files skipped from review as they are similar to previous changes (2)

• packages/mock/CHANGELOG.md
• packages/mock/package.json

⏰ Context from checks skipped due to timeout of 90000ms (10)

• GitHub Check: Unit Test on Node 18 (windows-latest) and GraphQL v16
• GitHub Check: deployment
• GitHub Check: Unit Test on Node 23 (ubuntu-latest) and GraphQL v16
• GitHub Check: Unit Test on Node 23 (ubuntu-latest) and GraphQL v15
• GitHub Check: Unit Test on Node 22 (ubuntu-latest) and GraphQL v16
• GitHub Check: Unit Test on Node 22 (ubuntu-latest) and GraphQL v15
• GitHub Check: Unit Test on Node 20 (ubuntu-latest) and GraphQL v16
• GitHub Check: Unit Test on Node 20 (ubuntu-latest) and GraphQL v15
• GitHub Check: Unit Test on Node 18 (ubuntu-latest) and GraphQL v16
• GitHub Check: Unit Test on Node 18 (ubuntu-latest) and GraphQL v15

🔇 Additional comments (17)

packages/loaders/apollo-engine/CHANGELOG.md (1)

3-10: Changelog Entry for Version 8.0.20 is Well-Structured

The new section for version 8.0.20 is formatted consistently with previous versions. The patch changes section clearly states the dependency update, and the commit hash link provides appropriate traceability. Please ensure that all changelog entries continue to follow this descending order and style as the repository grows.

packages/loaders/graphql-file/CHANGELOG.md (1)

3-11: Changelog Entry for Version 8.0.19: Format and Content Verification

The new changelog entry is clearly structured:

• The version header (## 8.0.19) and subheader (### Patch Changes) follow the existing formatting.
• The commit reference [d123e26](https://github.com/ardatan/graphql-tools/commit/d123e26b30b4febbbe1780bd32773b60e614dbf0) is properly linked.
• The listed dependency updates for @graphql-tools/utils@10.8.6 and @graphql-tools/import@7.0.18 are accurately recorded.

No issues were found. Ensure that these changes are consistent with your release documentation and match the changeset records.

packages/import/CHANGELOG.md (1)

3-10: Changelog Entry for Version 7.0.18 is Correctly Formatted

The new entry clearly outlines the patch changes for version 7.0.18. It cleanly defines the version header, followed by the "Patch Changes" section that documents the dependency update with a commit reference and the updated package version (@graphql-tools/utils@10.8.6). This format is consistent with the existing entries in the changelog.

packages/executors/urql-exchange/CHANGELOG.md (1)

3-10: Changelog Entry for Version 1.0.19 is Well-Formatted and Consistent

The new version entry ("## 1.0.19") with its corresponding "### Patch Changes" header and bullet point for updated dependencies is clear and follows our established changelog format. The dependency update to @graphql-tools/utils@10.8.6 is properly referenced with the commit hash. Please ensure that the package manifests (e.g., package.json) in this package are updated accordingly and that the ordering in the changelog reflects the latest changes on top.

packages/executors/envelop/CHANGELOG.md (1)

3-10: New Version Entry & Dependency Update for Envelop:
A new version entry (3.0.27) is introduced with patch changes updating the dependency on @graphql-tools/utils to version 10.8.6. This update is clear and consistent with similar changes across the repository.

packages/executors/apollo-link/CHANGELOG.md (1)

3-10: Changelog Update for Apollo-Link Executor:
The changelog now reflects version 1.0.19 along with the dependency update on @graphql-tools/utils to 10.8.6. The update is concise and follows the established format.

packages/graphql-tag-pluck/CHANGELOG.md (1)

3-10: GraphQL-Tag-Pluck Changelog Update:
The new version entry (8.3.19) correctly documents the dependency update—shifting @graphql-tools/utils from version 10.8.5 to 10.8.6. The format and details align well with the project-wide changes.

packages/executors/yoga/CHANGELOG.md (1)

3-11: Executor-Yoga Version & Dependency Alignment:
The new version entry (3.0.27) updates two dependencies simultaneously: it upgrades @graphql-tools/utils to 10.8.6 and @graphql-tools/executor-envelop to 3.0.27. This coordinated update helps maintain consistency with related packages.

packages/executors/apollo-link/package.json (2)

3-3: Package Version Bump:
The package version has been updated from 1.0.18 to 1.0.19 to reflect the latest changes. This update is consistent with the changelog and expected release flow.

---

55-55: Dependency Version Update:
The update of @graphql-tools/utils from ^10.8.5 to ^10.8.6 in the dependencies section is clear and in line with other packages in this release.

packages/executors/envelop/package.json (2)

3-3: Update package version.
The version has been updated to "3.0.27" as part of the coordinated release effort. This change is consistent with the release objectives for an upcoming patch release.

---

54-54: Synchronize dependency version for @graphql-tools/utils.
The dependency on "@graphql-tools/utils" has been updated from "^10.8.5" to "^10.8.6", ensuring uniform usage across packages.

packages/executors/legacy-ws/package.json (2)

3-3: Increment package version.
The version update to "1.1.17" reflects the required patch change and aligns with the repository-wide versioning strategy for executor packages.

---

54-54: Update dependency version on @graphql-tools/utils.
The dependency version change to "^10.8.6" ensures consistency with other packages and maintains compatibility with the latest utilities.

packages/load/package.json (3)

3-3: Update package version.
The version update to "8.0.19" is appropriate for this patch release and aligns with the updated dependency requirements.

---

54-54: Upgrade dependency on @graphql-tools/schema.
Updating "@graphql-tools/schema" to "^10.0.23" helps maintain consistency across the ecosystem and ensures compatibility with other package updates.

---

55-55: Upgrade dependency on @graphql-tools/utils.
The dependency update to "^10.8.6" standardizes the utility version across packages, reducing potential inconsistencies.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

💻 Website Preview

The latest changes are available as preview in: https://4e6c3fd4.graphql-tools.pages.dev