[Snyk] Upgrade @apollo/client from 3.5.10 to 3.13.3

[basilisSam]

Snyk has created this PR to upgrade @apollo/client from 3.5.10 to 3.13.3.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 172 versions ahead of your current version.

• The recommended version was released 24 days ago.

Release notes

Package name: @apollo/client

• 3.13.3 - 2025-03-07
  

  Patch Changes

  • #12362 f6d387c Thanks @ jerelmiller! - Fixes an issue where calling observableQuery.getCurrentResult() when the errorPolicy was set to all would return the networkStatus as NetworkStatus.ready when there were errors returned in the result. This has been corrected to report NetworkStatus.error.

    This bug also affected the useQuery and useLazyQuery hooks and may affect you if you check for networkStatus in your component.

• 3.13.2 - 2025-03-06
  

  Patch Changes

  • #12409 6aa2f3e Thanks @ phryneas! - To mitigate problems when Apollo Client ends up more than once in the bundle, some unique symbols were converted into Symbol.for calls.

  • #12392 644bb26 Thanks @ Joja81! - Fixes an issue where the DeepOmit type would turn optional properties into required properties. This should only affect you if you were using the omitDeep or stripTypename utilities exported by Apollo Client.

  • #12404 4332b88 Thanks @ jerelmiller! - Show NaN rather than converting to null in debug messages from MockLink for unmatched variables values.

• 3.13.1 - 2025-02-14
  

  Patch Changes

  • #12369 bdfc5b2 Thanks @ phryneas! - ObervableQuery.refetch: don't refetch with cache-and-network, swich to network-only instead

  • #12375 d3f8f13 Thanks @ jerelmiller! - Export the UseSuspenseFragmentOptions type.

• 3.13.0 - 2025-02-13
  

  Apollo Client v3.13.0 introduces a new hook, useSuspenseFragment, as a drop-in replacement for useFragment in apps that are using React Suspense. This is the “last” React hook we are introducing in 3.x - we think this rounds out the “big concepts” in our React Suspense and GraphQL fragment story. See the docs for information on this and our other Suspense-supporting hooks. There are some TypeScript quality-of-life improvements shipped in this release for observableQuery.updateQuery and subscribeToMore. Additionally, the return type of updateQuery now includes undefined to allow an early exit from updates. This was always supported at runtime, but was missed on the TypeScript side. On the runtime side, we’ve fixed query deduplication behavior for multipart responses and corrected the error handling in useMutation callbacks. onCompleted and onError in useQuery and useLazyQuery have been deprecated for multiple reasons. See below for full details 👀

  Minor Changes

  • #12066 c01da5d Thanks @ jerelmiller! - Adds a new useSuspenseFragment hook.

    useSuspenseFragment suspends until data is complete. It is a drop-in replacement for useFragment when you prefer to use Suspense to control the loading state of a fragment. See the documentation for more details.

  • #12174 ba5cc33 Thanks @ jerelmiller! - Ensure errors thrown in the onCompleted callback from useMutation don't call onError.

  • #12340 716d02e Thanks @ phryneas! - Deprecate the onCompleted and onError callbacks of useQuery and useLazyQuery.
    For more context, please see the related issue on GitHub.

  • #12276 670f112 Thanks @ Cellule! - Provide a more type-safe option for the previous data value passed to observableQuery.updateQuery. Using it could result in crashes at runtime as this callback could be called with partial data even though its type reported the value as a complete result.

    The updateQuery callback function is now called with a new type-safe previousData property and a new complete property in the 2nd argument that determines whether previousData is a complete or partial result.

    As a result of this change, it is recommended to use the previousData property passed to the 2nd argument of the callback rather than using the previous data value from the first argument since that value is not type-safe. The first argument is now deprecated and will be removed in a future version of Apollo Client.

    observableQuery.updateQuery(
    (unsafePreviousData, { previousData, complete }) => {
    previousData;
    // ^? TData | DeepPartial<TData> | undefined

    <span class="pl-k">if</span> <span class="pl-kos">(</span><span class="pl-s1">complete</span><span class="pl-kos">)</span> <span class="pl-kos">{</span>
      <span class="pl-s1">previousData</span><span class="pl-kos">;</span>
      <span class="pl-c">// ^? TData</span>
    <span class="pl-kos">}</span> <span class="pl-k">else</span> <span class="pl-kos">{</span>
      <span class="pl-s1">previousData</span><span class="pl-kos">;</span>
      <span class="pl-c">// ^? DeepPartial&lt;TData&gt; | undefined</span>
    <span class="pl-kos">}</span>
    

    }
    );

  • #12174 ba5cc33 Thanks @ jerelmiller! - Reject the mutation promise if errors are thrown in the onCompleted callback of useMutation.

  Patch Changes

  • #12276 670f112 Thanks @ Cellule! - Fix the return type of the updateQuery function to allow for undefined. updateQuery had the ability to bail out of the update by returning a falsey value, but the return type enforced a query value.

    observableQuery.updateQuery(
    (unsafePreviousData, { previousData, complete }) => {
    if (!complete) {
    // Bail out of the update by returning early
    return;
    }

    <span class="pl-c">// ...</span>
    

    }
    );

  • #12296 2422df2 Thanks @ Cellule! - Deprecate option ignoreResults in useMutation.
    Once this option is removed, existing code still using it might see increase in re-renders.
    If you don't want to synchronize your component state with the mutation, please use useApolloClient to get your ApolloClient instance and call client.mutate directly.

  • #12338 67c16c9 Thanks @ phryneas! - In case of a multipart response (e.g. with @ defer), query deduplication will
    now keep going until the final chunk has been received.

  • #12276 670f112 Thanks @ Cellule! - Fix the type of the variables property passed as the 2nd argument to the subscribeToMore callback. This was previously reported as the variables type for the subscription itself, but is now properly typed as the query variables.

• 3.13.0-rc.0 - 2025-02-07
  

  Minor Changes

  • #12066 c01da5d Thanks @ jerelmiller! - Adds a new useSuspenseFragment hook.

    useSuspenseFragment suspends until data is complete. It is a drop-in replacement for useFragment when you prefer to use Suspense to control the loading state of a fragment.

  • #12174 ba5cc33 Thanks @ jerelmiller! - Ensure errors thrown in the onCompleted callback from useMutation don't call onError.

  • #12340 716d02e Thanks @ phryneas! - Deprecate the onCompleted and onError callbacks of useQuery and useLazyQuery.
    For more context, please see the related issue on GitHub.

  • #12276 670f112 Thanks @ Cellule! - Provide a more type-safe option for the previous data value passed to observableQuery.updateQuery. Using it could result in crashes at runtime as this callback could be called with partial data even though its type reported the value as a complete result.

    The updateQuery callback function is now called with a new type-safe previousData property and a new complete property in the 2nd argument that determines whether previousData is a complete or partial result.

    As a result of this change, it is recommended to use the previousData property passed to the 2nd argument of the callback rather than using the previous data value from the first argument since that value is not type-safe. The first argument is now deprecated and will be removed in a future version of Apollo Client.

    observableQuery.updateQuery(
    (unsafePreviousData, { previousData, complete }) => {
    previousData;
    // ^? TData | DeepPartial<TData> | undefined

    <span class="pl-k">if</span> <span class="pl-kos">(</span><span class="pl-s1">complete</span><span class="pl-kos">)</span> <span class="pl-kos">{</span>
      <span class="pl-s1">previousData</span><span class="pl-kos">;</span>
      <span class="pl-c">// ^? TData</span>
    <span class="pl-kos">}</span> <span class="pl-k">else</span> <span class="pl-kos">{</span>
      <span class="pl-s1">previousData</span><span class="pl-kos">;</span>
      <span class="pl-c">// ^? DeepPartial&lt;TData&gt; | undefined</span>
    <span class="pl-kos">}</span>
    

    }
    );

  • #12174 ba5cc33 Thanks @ jerelmiller! - Reject the mutation promise if errors are thrown in the onCompleted callback of useMutation.

  Patch Changes

  • #12276 670f112 Thanks @ Cellule! - Fix the return type of the updateQuery function to allow for undefined. updateQuery had the ability to bail out of the update by returning a falsey value, but the return type enforced a query value.

    observableQuery.updateQuery(
    (unsafePreviousData, { previousData, complete }) => {
    if (!complete) {
    // Bail out of the update by returning early
    return;
    }

    <span class="pl-c">// ...</span>
    

    }
    );

  • #12296 2422df2 Thanks @ Cellule! - Deprecate option ignoreResults in useMutation.
    Once this option is removed, existing code still using it might see increase in re-renders.
    If you don't want to synchronize your component state with the mutation, please use useApolloClient to get your ApolloClient instance and call client.mutate directly.

  • #12338 67c16c9 Thanks @ phryneas! - In case of a multipart response (e.g. with @ defer), query deduplication will
    now keep going until the final chunk has been received.

  • #12276 670f112 Thanks @ Cellule! - Fix the type of the variables property passed as the 2nd argument to the subscribeToMore updateQuery callback. This was previously reported as the variables type for the subscription itself, but is now properly typed as the query variables.

• 3.12.11 - 2025-02-07
  

  Patch Changes

  • #12351 3da908b Thanks @ jerelmiller! - Fixes an issue where the wrong networkStatus and loading value was emitted from observableQuery when calling fetchMore with a no-cache fetch policy. The networkStatus now properly reports as ready and loading as false after the result is returned.

  • #12354 a24ef94 Thanks @ phryneas! - Fix missing main.d.cts file

• 3.12.10 - 2025-02-06
  

  Patch Changes

  • #12341 f2bb0b9 Thanks @ phryneas! - useReadQuery/useQueryRefHandlers: Fix a "hook order" warning that might be emitted in React 19 dev mode.

  • #12342 219b26b Thanks @ phryneas! - Add graphql-ws ^6.0.3 as a valid peerDependency

• 3.12.9 - 2025-02-03
  

  Patch Changes

  • #12321 daa4f33 Thanks @ jerelmiller! - Fix type of extensions in protocolErrors for ApolloError and the onError link. According to the multipart HTTP subscription protocol, fatal tranport errors follow the GraphQL error format which require extensions to be a map as its value instead of an array.

  • #12318 b17968b Thanks @ jerelmiller! - Allow RetryLink to retry an operation when fatal transport-level errors are emitted from multipart subscriptions.

    const retryLink = new RetryLink({
    attempts: (count, operation, error) => {
    if (error instanceof ApolloError) {
    // errors available on the protocolErrors field in ApolloError
    console.log(error.protocolErrors);
    }

    <span class="pl-k">return</span> <span class="pl-c1">true</span><span class="pl-kos">;</span>
    

    },
    });

• 3.12.8 - 2025-01-27
  

  Patch Changes

  • #12292 3abd944 Thanks @ phryneas! - Remove unused dependency response-iterator

  • #12287 bf313a3 Thanks @ phryneas! - Fixes an issue where client.watchFragment/useFragment with @ includes crashes when a separate cache update writes to the conditionally included fields.

• 3.12.7 - 2025-01-22
  

  Patch Changes

  • #12281 d638ec3 Thanks @ jerelmiller! - Make fatal tranport-level errors from multipart subscriptions available to the error link with the protocolErrors property.

    const errorLink = onError(({ protocolErrors }) => {
      if (protocolErrors) {
        console.log(protocolErrors);
      }
    });

  • #12281 d638ec3 Thanks @ jerelmiller! - Fix the array type for the errors field on the ApolloPayloadResult type. This type was always in the shape of the GraphQL error format, per the multipart subscriptions protocol and never a plain string or a JavaScript error object.

• 3.12.6 - 2025-01-14
• 3.12.5 - 2025-01-09
• 3.12.4 - 2024-12-19
• 3.12.3 - 2024-12-12
• 3.12.2 - 2024-12-05
• 3.12.1 - 2024-12-05
• 3.12.0 - 2024-12-04
• 3.12.0-rc.4 - 2024-11-27
• 3.12.0-rc.3 - 2024-11-20
• 3.12.0-rc.2 - 2024-11-19
• 3.12.0-rc.1 - 2024-11-15
• 3.12.0-rc.0 - 2024-11-13
• 3.12.0-alpha.0 - 2024-10-01
• 3.11.11-rc.0 - 2024-11-13
• 3.11.10 - 2024-11-11
• 3.11.9 - 2024-11-07
• 3.11.8 - 2024-09-05
• 3.11.7 - 2024-09-04
• 3.11.6 - 2024-09-03
• 3.11.5 - 2024-08-28
• 3.11.4 - 2024-08-07
• 3.11.3 - 2024-08-05
• 3.11.2 - 2024-07-31
• 3.11.1 - 2024-07-23
• 3.11.0 - 2024-07-22
• 3.11.0-rc.2 - 2024-07-15
• 3.11.0-rc.1 - 2024-07-10
• 3.11.0-rc.0 - 2024-07-09
• 3.10.8 - 2024-06-27
• 3.10.7 - 2024-06-26
• 3.10.6 - 2024-06-21
• 3.10.5 - 2024-06-12
• 3.10.4 - 2024-05-15
• 3.10.3 - 2024-05-07
• 3.10.2 - 2024-05-03
• 3.10.1 - 2024-04-24
• 3.10.0 - 2024-04-24
• 3.10.0-rc.1 - 2024-04-15
• 3.10.0-rc.0 - 2024-04-02
• 3.10.0-alpha.1 - 2024-03-18
• 3.9.11 - 2024-04-10
• 3.9.10 - 2024-04-01
• 3.9.9 - 2024-03-22
• 3.9.8 - 2024-03-20
• 3.9.7 - 2024-03-13
• 3.9.6 - 2024-03-06
• 3.9.5 - 2024-02-15
• 3.9.4 - 2024-02-07
• 3.9.3 - 2024-02-06
• 3.9.2 - 2024-02-01
• 3.9.1 - 2024-01-31
• 3.9.0 - 2024-01-30
• 3.9.0-rc.1 - 2024-01-18
• 3.9.0-rc.0 - 2024-01-17
• 3.9.0-beta.1 - 2023-12-21
• 3.9.0-beta.0 - 2023-12-18
• 3.9.0-alpha.5 - 2023-12-05
• 3.9.0-alpha.4 - 2023-11-08
• 3.9.0-alpha.3 - 2023-11-02
• 3.9.0-alpha.2 - 2023-10-11
• 3.9.0-alpha.1 - 2023-09-21
• 3.9.0-alpha.0 - 2023-09-19
• 3.8.10 - 2024-01-18
• 3.8.9 - 2024-01-09
• 3.8.8 - 2023-11-29
• 3.8.7 - 2023-11-02
• 3.8.6 - 2023-10-16
• 3.8.5 - 2023-10-05
• 3.8.4 - 2023-09-19
• 3.8.3 - 2023-09-05
• 3.8.2 - 2023-09-01
• 3.8.1 - 2023-08-10
• 3.8.0 - 2023-08-07
• 3.8.0-rc.2 - 2023-08-01
• 3.8.0-rc.1 - 2023-07-17
• 3.8.0-rc.0 - 2023-07-13
• 3.8.0-beta.7 - 2023-07-10
• 3.8.0-beta.6 - 2023-07-05
• 3.8.0-beta.5 - 2023-06-28
• 3.8.0-beta.4 - 2023-06-20
• 3.8.0-beta.3 - 2023-06-15
• 3.8.0-beta.2 - 2023-06-07
• 3.8.0-beta.1 - 2023-05-31
• 3.8.0-beta.0 - 2023-05-26
• 3.8.0-alpha.15 - 2023-05-17
• 3.8.0-alpha.14 - 2023-05-16
• 3.8.0-alpha.13 - 2023-05-03
• 3.8.0-alpha.12 - 2023-04-13
• 3.8.0-alpha.11 - 2023-03-28
• 3.8.0-alpha.10 - 2023-03-17
• 3.8.0-alpha.9 - 2023-03-15
• 3.8.0-alpha.8 - 2023-03-02
• 3.8.0-alpha.7 - 2023-02-15
• 3.8.0-alpha.6 - 2023-02-07
• 3.8.0-alpha.5 - 2023-01-19
• 3.8.0-alpha.4 - 2023-01-13
• 3.8.0-alpha.3 - 2023-01-03
• 3.8.0-alpha.2 - 2022-12-21
• 3.8.0-alpha.1 - 2022-12-21
• 3.8.0-alpha.0 - 2022-12-09
• 3.7.17 - 2023-07-05
• 3.7.16 - 2023-06-20
• 3.7.15 - 2023-05-26
• 3.7.14 - 2023-05-03
• 3.7.13 - 2023-04-27
• 3.7.12 - 2023-04-12
• 3.7.11 - 2023-03-31
• 3.7.10 - 2023-03-02
• 3.7.9 - 2023-02-17
• 3.7.8 - 2023-02-15
• 3.7.7 - 2023-02-03
• 3.7.6 - 2023-01-31
• 3.7.5 - 2023-01-24
• 3.7.4 - 2023-01-13
• 3.7.3 - 2022-12-15
• 3.7.2 - 2022-12-06
• 3.7.1 - 2022-10-20
• 3.7.0 - 2022-09-30
• 3.7.0-rc.0 - 2022-09-21
• 3.7.0-beta.8 - 2022-09-21
• 3.7.0-beta.7 - 2022-09-08
• 3.7.0-beta.6 - 2022-06-27
• 3.7.0-beta.5 - 2022-06-10
• 3.7.0-beta.4 - 2022-06-10
• 3.7.0-beta.3 - 2022-06-07
• 3.7.0-beta.2 - 2022-06-07
• 3.7.0-beta.1 - 2022-05-26
• 3.7.0-beta.0 - 2022-05-25
• 3.7.0-alpha.6 - 2022-05-19
• 3.7.0-alpha.5 - 2022-05-16
• 3.7.0-alpha.4 - 2022-05-13
• 3.7.0-alpha.3 - 2022-05-09
• 3.7.0-alpha.2 - 2022-05-03
• 3.7.0-alpha.1 - 2022-05-03
• 3.7.0-alpha.0 - 2022-04-27
• 3.6.10 - 2022-09-29
• 3.6.9 - 2022-06-21
• 3.6.8 - 2022-06-10
• 3.6.7 - 2022-06-10
• 3.6.6 - 2022-05-26
• 3.6.5 - 2022-05-23
• 3.6.4 - 2022-05-16
• 3.6.3 - 2022-05-05
• 3.6.2 - 2022-05-03
• 3.6.1 - 2022-04-28
• 3.6.0 - 2022-04-26
• 3.6.0-rc.1 - 2022-04-19
• 3.6.0-rc.0 - 2022-04-18
• 3.6.0-beta.13 - 2022-04-14
• 3.6.0-beta.12 - 2022-04-11
• 3.6.0-beta.11 - 2022-04-05
• 3.6.0-beta.10 - 2022-03-29
• 3.6.0-beta.9 - 2022-03-10
• 3.6.0-beta.8 - 2022-03-10
• 3.6.0-beta.7 - 2022-03-10
• 3.6.0-beta.6 - 2022-02-15
• 3.6.0-beta.5 - 2022-02-04
• 3.6.0-beta.4 - 2022-02-03
• 3.6.0-beta.3 - 2021-11-23
• 3.6.0-beta.2 - 2021-11-22
• 3.6.0-beta.1 - 2021-11-16
• 3.6.0-beta.0 - 2021-11-16
• 3.5.10 - 2022-02-24

from @apollo/client GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[netlify]

✅ Deploy Preview for github-issues-prj ready!

Name	Link
🔨 Latest commit	2b0c654
🔍 Latest deploy log	https://app.netlify.com/sites/github-issues-prj/deploys/67ea38bd8132510008d210b3
😎 Deploy Preview	https://deploy-preview-396--github-issues-prj.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.