[Snyk] Upgrade @apollo/client from 3.3.19 to 3.13.5

[shonore]

Snyk has created this PR to upgrade @apollo/client from 3.3.19 to 3.13.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 281 versions ahead of your current version.

• The recommended version was released 24 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Information Exposure SNYK-JS-APOLLOCLIENT-1085706	479	No Known Exploit

Release notes

Package name: @apollo/client

• 3.13.5 - 2025-03-20
  

  Patch Changes

  • #12461 12c8d06 Thanks @ jerelmiller! - Fix an issue where a cache-first query would return the result for previous variables when a cache update is issued after simultaneously changing variables and skipping the query.
• 3.13.4 - 2025-03-10
  

  Patch Changes

  • #12420 fee9368 Thanks @ jorenbroekema! - Use import star from rehackt to prevent issues with importing named exports from external CJS modules.
• 3.13.3 - 2025-03-07
  

  Patch Changes

  • #12362 f6d387c Thanks @ jerelmiller! - Fixes an issue where calling observableQuery.getCurrentResult() when the errorPolicy was set to all would return the networkStatus as NetworkStatus.ready when there were errors returned in the result. This has been corrected to report NetworkStatus.error.

    This bug also affected the useQuery and useLazyQuery hooks and may affect you if you check for networkStatus in your component.

• 3.13.2 - 2025-03-06
  

  Patch Changes

  • #12409 6aa2f3e Thanks @ phryneas! - To mitigate problems when Apollo Client ends up more than once in the bundle, some unique symbols were converted into Symbol.for calls.

  • #12392 644bb26 Thanks @ Joja81! - Fixes an issue where the DeepOmit type would turn optional properties into required properties. This should only affect you if you were using the omitDeep or stripTypename utilities exported by Apollo Client.

  • #12404 4332b88 Thanks @ jerelmiller! - Show NaN rather than converting to null in debug messages from MockLink for unmatched variables values.

• 3.13.1 - 2025-02-14
  

  Patch Changes

  • #12369 bdfc5b2 Thanks @ phryneas! - ObervableQuery.refetch: don't refetch with cache-and-network, swich to network-only instead

  • #12375 d3f8f13 Thanks @ jerelmiller! - Export the UseSuspenseFragmentOptions type.

• 3.13.0 - 2025-02-13
  

  Apollo Client v3.13.0 introduces a new hook, useSuspenseFragment, as a drop-in replacement for useFragment in apps that are using React Suspense. This is the “last” React hook we are introducing in 3.x - we think this rounds out the “big concepts” in our React Suspense and GraphQL fragment story. See the docs for information on this and our other Suspense-supporting hooks. There are some TypeScript quality-of-life improvements shipped in this release for observableQuery.updateQuery and subscribeToMore. Additionally, the return type of updateQuery now includes undefined to allow an early exit from updates. This was always supported at runtime, but was missed on the TypeScript side. On the runtime side, we’ve fixed query deduplication behavior for multipart responses and corrected the error handling in useMutation callbacks. onCompleted and onError in useQuery and useLazyQuery have been deprecated for multiple reasons. See below for full details 👀

  Minor Changes

  • #12066 c01da5d Thanks @ jerelmiller! - Adds a new useSuspenseFragment hook.

    useSuspenseFragment suspends until data is complete. It is a drop-in replacement for useFragment when you prefer to use Suspense to control the loading state of a fragment. See the documentation for more details.

  • #12174 ba5cc33 Thanks @ jerelmiller! - Ensure errors thrown in the onCompleted callback from useMutation don't call onError.

  • #12340 716d02e Thanks @ phryneas! - Deprecate the onCompleted and onError callbacks of useQuery and useLazyQuery.
    For more context, please see the related issue on GitHub.

  • #12276 670f112 Thanks @ Cellule! - Provide a more type-safe option for the previous data value passed to observableQuery.updateQuery. Using it could result in crashes at runtime as this callback could be called with partial data even though its type reported the value as a complete result.

    The updateQuery callback function is now called with a new type-safe previousData property and a new complete property in the 2nd argument that determines whether previousData is a complete or partial result.

    As a result of this change, it is recommended to use the previousData property passed to the 2nd argument of the callback rather than using the previous data value from the first argument since that value is not type-safe. The first argument is now deprecated and will be removed in a future version of Apollo Client.

    observableQuery.updateQuery(
    (unsafePreviousData, { previousData, complete }) => {
    previousData;
    // ^? TData | DeepPartial<TData> | undefined

    <span class="pl-k">if</span> <span class="pl-kos">(</span><span class="pl-s1">complete</span><span class="pl-kos">)</span> <span class="pl-kos">{</span>
      <span class="pl-s1">previousData</span><span class="pl-kos">;</span>
      <span class="pl-c">// ^? TData</span>
    <span class="pl-kos">}</span> <span class="pl-k">else</span> <span class="pl-kos">{</span>
      <span class="pl-s1">previousData</span><span class="pl-kos">;</span>
      <span class="pl-c">// ^? DeepPartial&lt;TData&gt; | undefined</span>
    <span class="pl-kos">}</span>
    

    }
    );

  • #12174 ba5cc33 Thanks @ jerelmiller! - Reject the mutation promise if errors are thrown in the onCompleted callback of useMutation.

  Patch Changes

  • #12276 670f112 Thanks @ Cellule! - Fix the return type of the updateQuery function to allow for undefined. updateQuery had the ability to bail out of the update by returning a falsey value, but the return type enforced a query value.

    observableQuery.updateQuery(
    (unsafePreviousData, { previousData, complete }) => {
    if (!complete) {
    // Bail out of the update by returning early
    return;
    }

    <span class="pl-c">// ...</span>
    

    }
    );

  • #12296 2422df2 Thanks @ Cellule! - Deprecate option ignoreResults in useMutation.
    Once this option is removed, existing code still using it might see increase in re-renders.
    If you don't want to synchronize your component state with the mutation, please use useApolloClient to get your ApolloClient instance and call client.mutate directly.

  • #12338 67c16c9 Thanks @ phryneas! - In case of a multipart response (e.g. with @ defer), query deduplication will
    now keep going until the final chunk has been received.

  • #12276 670f112 Thanks @ Cellule! - Fix the type of the variables property passed as the 2nd argument to the subscribeToMore callback. This was previously reported as the variables type for the subscription itself, but is now properly typed as the query variables.

• 3.13.0-rc.0 - 2025-02-07
  

  Minor Changes

  • #12066 c01da5d Thanks @ jerelmiller! - Adds a new useSuspenseFragment hook.

    useSuspenseFragment suspends until data is complete. It is a drop-in replacement for useFragment when you prefer to use Suspense to control the loading state of a fragment.

  • #12174 ba5cc33 Thanks @ jerelmiller! - Ensure errors thrown in the onCompleted callback from useMutation don't call onError.

  • #12340 716d02e Thanks @ phryneas! - Deprecate the onCompleted and onError callbacks of useQuery and useLazyQuery.
    For more context, please see the related issue on GitHub.

  • #12276 670f112 Thanks @ Cellule! - Provide a more type-safe option for the previous data value passed to observableQuery.updateQuery. Using it could result in crashes at runtime as this callback could be called with partial data even though its type reported the value as a complete result.

    The updateQuery callback function is now called with a new type-safe previousData property and a new complete property in the 2nd argument that determines whether previousData is a complete or partial result.

    As a result of this change, it is recommended to use the previousData property passed to the 2nd argument of the callback rather than using the previous data value from the first argument since that value is not type-safe. The first argument is now deprecated and will be removed in a future version of Apollo Client.

    observableQuery.updateQuery(
    (unsafePreviousData, { previousData, complete }) => {
    previousData;
    // ^? TData | DeepPartial<TData> | undefined

    <span class="pl-k">if</span> <span class="pl-kos">(</span><span class="pl-s1">complete</span><span class="pl-kos">)</span> <span class="pl-kos">{</span>
      <span class="pl-s1">previousData</span><span class="pl-kos">;</span>
      <span class="pl-c">// ^? TData</span>
    <span class="pl-kos">}</span> <span class="pl-k">else</span> <span class="pl-kos">{</span>
      <span class="pl-s1">previousData</span><span class="pl-kos">;</span>
      <span class="pl-c">// ^? DeepPartial&lt;TData&gt; | undefined</span>
    <span class="pl-kos">}</span>
    

    }
    );

  • #12174 ba5cc33 Thanks @ jerelmiller! - Reject the mutation promise if errors are thrown in the onCompleted callback of useMutation.

  Patch Changes

  • #12276 670f112 Thanks @ Cellule! - Fix the return type of the updateQuery function to allow for undefined. updateQuery had the ability to bail out of the update by returning a falsey value, but the return type enforced a query value.

    observableQuery.updateQuery(
    (unsafePreviousData, { previousData, complete }) => {
    if (!complete) {
    // Bail out of the update by returning early
    return;
    }

    <span class="pl-c">// ...</span>
    

    }
    );

  • #12296 2422df2 Thanks @ Cellule! - Deprecate option ignoreResults in useMutation.
    Once this option is removed, existing code still using it might see increase in re-renders.
    If you don't want to synchronize your component state with the mutation, please use useApolloClient to get your ApolloClient instance and call client.mutate directly.

  • #12338 67c16c9 Thanks @ phryneas! - In case of a multipart response (e.g. with @ defer), query deduplication will
    now keep going until the final chunk has been received.

  • #12276 670f112 Thanks @ Cellule! - Fix the type of the variables property passed as the 2nd argument to the subscribeToMore updateQuery callback. This was previously reported as the variables type for the subscription itself, but is now properly typed as the query variables.

• 3.12.11 - 2025-02-07
• 3.12.10 - 2025-02-06
• 3.12.9 - 2025-02-03
• 3.12.8 - 2025-01-27
• 3.12.7 - 2025-01-22
• 3.12.6 - 2025-01-14
• 3.12.5 - 2025-01-09
• 3.12.4 - 2024-12-19
• 3.12.3 - 2024-12-12
• 3.12.2 - 2024-12-05
• 3.12.1 - 2024-12-05
• 3.12.0 - 2024-12-04
• 3.12.0-rc.4 - 2024-11-27
• 3.12.0-rc.3 - 2024-11-20
• 3.12.0-rc.2 - 2024-11-19
• 3.12.0-rc.1 - 2024-11-15
• 3.12.0-rc.0 - 2024-11-13
• 3.12.0-alpha.0 - 2024-10-01
• 3.11.11-rc.0 - 2024-11-13
• 3.11.10 - 2024-11-11
• 3.11.9 - 2024-11-07
• 3.11.8 - 2024-09-05
• 3.11.7 - 2024-09-04
• 3.11.6 - 2024-09-03
• 3.11.5 - 2024-08-28
• 3.11.4 - 2024-08-07
• 3.11.3 - 2024-08-05
• 3.11.2 - 2024-07-31
• 3.11.1 - 2024-07-23
• 3.11.0 - 2024-07-22
• 3.11.0-rc.2 - 2024-07-15
• 3.11.0-rc.1 - 2024-07-10
• 3.11.0-rc.0 - 2024-07-09
• 3.10.8 - 2024-06-27
• 3.10.7 - 2024-06-26
• 3.10.6 - 2024-06-21
• 3.10.5 - 2024-06-12
• 3.10.4 - 2024-05-15
• 3.10.3 - 2024-05-07
• 3.10.2 - 2024-05-03
• 3.10.1 - 2024-04-24
• 3.10.0 - 2024-04-24
• 3.10.0-rc.1 - 2024-04-15
• 3.10.0-rc.0 - 2024-04-02
• 3.10.0-alpha.1 - 2024-03-18
• 3.9.11 - 2024-04-10
• 3.9.10 - 2024-04-01
• 3.9.9 - 2024-03-22
• 3.9.8 - 2024-03-20
• 3.9.7 - 2024-03-13
• 3.9.6 - 2024-03-06
• 3.9.5 - 2024-02-15
• 3.9.4 - 2024-02-07
• 3.9.3 - 2024-02-06
• 3.9.2 - 2024-02-01
• 3.9.1 - 2024-01-31
• 3.9.0 - 2024-01-30
• 3.9.0-rc.1 - 2024-01-18
• 3.9.0-rc.0 - 2024-01-17
• 3.9.0-beta.1 - 2023-12-21
• 3.9.0-beta.0 - 2023-12-18
• 3.9.0-alpha.5 - 2023-12-05
• 3.9.0-alpha.4 - 2023-11-08
• 3.9.0-alpha.3 - 2023-11-02
• 3.9.0-alpha.2 - 2023-10-11
• 3.9.0-alpha.1 - 2023-09-21
• 3.9.0-alpha.0 - 2023-09-19
• 3.8.10 - 2024-01-18
• 3.8.9 - 2024-01-09
• 3.8.8 - 2023-11-29
• 3.8.7 - 2023-11-02
• 3.8.6 - 2023-10-16
• 3.8.5 - 2023-10-05
• 3.8.4 - 2023-09-19
• 3.8.3 - 2023-09-05
• 3.8.2 - 2023-09-01
• 3.8.1 - 2023-08-10
• 3.8.0 - 2023-08-07
• 3.8.0-rc.2 - 2023-08-01
• 3.8.0-rc.1 - 2023-07-17
• 3.8.0-rc.0 - 2023-07-13
• 3.8.0-beta.7 - 2023-07-10
• 3.8.0-beta.6 - 2023-07-05
• 3.8.0-beta.5 - 2023-06-28
• 3.8.0-beta.4 - 2023-06-20
• 3.8.0-beta.3 - 2023-06-15
• 3.8.0-beta.2 - 2023-06-07
• 3.8.0-beta.1 - 2023-05-31
• 3.8.0-beta.0 - 2023-05-26
• 3.8.0-alpha.15 - 2023-05-17
• 3.8.0-alpha.14 - 2023-05-16
• 3.8.0-alpha.13 - 2023-05-03
• 3.8.0-alpha.12 - 2023-04-13
• 3.8.0-alpha.11 - 2023-03-28
• 3.8.0-alpha.10 - 2023-03-17
• 3.8.0-alpha.9 - 2023-03-15
• 3.8.0-alpha.8 - 2023-03-02
• 3.8.0-alpha.7 - 2023-02-15
• 3.8.0-alpha.6 - 2023-02-07
• 3.8.0-alpha.5 - 2023-01-19
• 3.8.0-alpha.4 - 2023-01-13
• 3.8.0-alpha.3 - 2023-01-03
• 3.8.0-alpha.2 - 2022-12-21
• 3.8.0-alpha.1 - 2022-12-21
• 3.8.0-alpha.0 - 2022-12-09
• 3.7.17 - 2023-07-05
• 3.7.16 - 2023-06-20
• 3.7.15 - 2023-05-26
• 3.7.14 - 2023-05-03
• 3.7.13 - 2023-04-27
• 3.7.12 - 2023-04-12
• 3.7.11 - 2023-03-31
• 3.7.10 - 2023-03-02
• 3.7.9 - 2023-02-17
• 3.7.8 - 2023-02-15
• 3.7.7 - 2023-02-03
• 3.7.6 - 2023-01-31
• 3.7.5 - 2023-01-24
• 3.7.4 - 2023-01-13
• 3.7.3 - 2022-12-15
• 3.7.2 - 2022-12-06
• 3.7.1 - 2022-10-20
• 3.7.0 - 2022-09-30
• 3.7.0-rc.0 - 2022-09-21
• 3.7.0-beta.8 - 2022-09-21
• 3.7.0-beta.7 - 2022-09-08
• 3.7.0-beta.6 - 2022-06-27
• 3.7.0-beta.5 - 2022-06-10
• 3.7.0-beta.4 - 2022-06-10
• 3.7.0-beta.3 - 2022-06-07
• 3.7.0-beta.2 - 2022-06-07
• 3.7.0-beta.1 - 2022-05-26
• 3.7.0-beta.0 - 2022-05-25
• 3.7.0-alpha.6 - 2022-05-19
• 3.7.0-alpha.5 - 2022-05-16
• 3.7.0-alpha.4 - 2022-05-13
• 3.7.0-alpha.3 - 2022-05-09
• 3.7.0-alpha.2 - 2022-05-03
• 3.7.0-alpha.1 - 2022-05-03
• 3.7.0-alpha.0 - 2022-04-27
• 3.6.10 - 2022-09-29
• 3.6.9 - 2022-06-21
• 3.6.8 - 2022-06-10
• 3.6.7 - 2022-06-10
• 3.6.6 - 2022-05-26
• 3.6.5 - 2022-05-23
• 3.6.4 - 2022-05-16
• 3.6.3 - 2022-05-05
• 3.6.2 - 2022-05-03
• 3.6.1 - 2022-04-28
• 3.6.0 - 2022-04-26
• 3.6.0-rc.1 - 2022-04-19
• 3.6.0-rc.0 - 2022-04-18
• 3.6.0-beta.13 - 2022-04-14
• 3.6.0-beta.12 - 2022-04-11
• 3.6.0-beta.11 - 2022-04-05
• 3.6.0-beta.10 - 2022-03-29
• 3.6.0-beta.9 - 2022-03-10
• 3.6.0-beta.8 - 2022-03-10
• 3.6.0-beta.7 - 2022-03-10
• 3.6.0-beta.6 - 2022-02-15
• 3.6.0-beta.5 - 2022-02-04
• 3.6.0-beta.4 - 2022-02-03
• 3.6.0-beta.3 - 2021-11-23
• 3.6.0-beta.2 - 2021-11-22
• 3.6.0-beta.1 - 2021-11-16
• 3.6.0-beta.0 - 2021-11-16
• 3.5.10 - 2022-02-24
• 3.5.9 - 2022-02-15
• 3.5.8 - 2022-01-24
• 3.5.7 - 2022-01-10
• 3.5.6 - 2021-12-07
• 3.5.5 - 2021-11-23
• 3.5.4 - 2021-11-19
• 3.5.3 - 2021-11-17
• 3.5.2 - 2021-11-10
• 3.5.1 - 2021-11-09
• 3.5.0 - 2021-11-08
• 3.5.0-rc.3 - 2021-11-03
• 3.5.0-rc.2 - 2021-10-22
• 3.5.0-rc.1 - 2021-10-04
• 3.5.0-rc.0 - 2021-10-04
• 3.5.0-beta.18 - 2021-10-01
• 3.5.0-beta.17 - 2021-09-27
• 3.5.0-beta.16 - 2021-09-20
• 3.5.0-beta.15 - 2021-09-17
• 3.5.0-beta.14 - 2021-09-17
• 3.5.0-beta.13 - 2021-09-13
• 3.5.0-beta.12 - 2021-09-10
• 3.5.0-beta.11 - 2021-08-30
• 3.5.0-beta.10 - 2021-08-30
• 3.5.0-beta.9 - 2021-08-26
• 3.5.0-beta.8 - 2021-08-24
• 3.5.0-beta.7 - 2021-08-23
• 3.5.0-beta.6 - 2021-08-18
• 3.5.0-beta.5 - 2021-08-09
• 3.5.0-beta.4 - 2021-08-04
• 3.5.0-beta.3 - 2021-08-03
• 3.5.0-beta.2 - 2021-08-02
• 3.5.0-beta.1 - 2021-07-29
• 3.5.0-beta.0 - 2021-07-28
• 3.4.17 - 2021-11-08
• 3.4.16 - 2021-10-04
• 3.4.15 - 2021-09-27
• 3.4.14 - 2021-09-27
• 3.4.13 - 2021-09-20
• 3.4.12 - 2021-09-17
• 3.4.11 - 2021-09-10
• 3.4.10 - 2021-08-27
• 3.4.9 - 2021-08-24
• 3.4.8 - 2021-08-16
• 3.4.7 - 2021-08-09
• 3.4.6 - 2021-08-09
• 3.4.5 - 2021-08-04
• 3.4.4 - 2021-08-03
• 3.4.3 - 2021-08-02
• 3.4.2 - 2021-08-02
• 3.4.1 - 2021-07-29
• 3.4.0 - 2021-07-28
• 3.4.0-rc.23 - 2021-07-23
• 3.4.0-rc.22 - 2021-07-22
• 3.4.0-rc.21 - 2021-07-19
• 3.4.0-rc.20 - 2021-07-15
• 3.4.0-rc.19 - 2021-07-12
• 3.4.0-rc.18 - 2021-07-09
• 3.4.0-rc.17 - 2021-07-06
• 3.4.0-rc.16 - 2021-07-06
• 3.4.0-rc.15 - 2021-06-28
• 3.4.0-rc.14 - 2021-06-24
• 3.4.0-rc.13 - 2021-06-23
• 3.4.0-rc.12 - 2021-06-22
• 3.4.0-rc.11 - 2021-06-17
• 3.4.0-rc.10 - 2021-06-16
• 3.4.0-rc.9 - 2021-06-16
• 3.4.0-rc.8 - 2021-06-16
• 3.4.0-rc.7 - 2021-06-15
• 3.4.0-rc.6 - 2021-06-08
• 3.4.0-rc.5 - 2021-06-07
• 3.4.0-rc.4 - 2021-06-04
• 3.4.0-rc.3 - 2021-06-02
• 3.4.0-rc.2 - 2021-05-26
• 3.4.0-rc.1 - 2021-05-25
• 3.4.0-rc.0 - 2021-05-19
• 3.4.0-beta.28 - 2021-05-19
• 3.4.0-beta.27 - 2021-05-18
• 3.4.0-beta.26 - 2021-05-12
• 3.4.0-beta.25 - 2021-05-11
• 3.4.0-beta.24 - 2021-05-05
• 3.4.0-beta.23 - 2021-04-13
• 3.4.0-beta.22 - 2021-04-10
• 3.4.0-beta.21 - 2021-04-07
• 3.4.0-beta.20 - 2021-04-05
• 3.4.0-beta.19 - 2021-03-26
• 3.4.0-beta.18 - 2021-03-26
• 3.4.0-beta.17 - 2021-03-25
• 3.4.0-beta.16 - 2021-03-24
• 3.4.0-beta.15 - 2021-03-17
• 3.4.0-beta.14 - 2021-03-15
• 3.4.0-beta.13 - 2021-03-11
• 3.4.0-beta.12 - 2021-03-03
• 3.4.0-beta.11 - 2021-02-14
• 3.4.0-beta.10 - 2021-02-09
• 3.4.0-beta.9 - 2021-02-09
• 3.4.0-beta.8 - 2021-02-05
• 3.4.0-beta.7 - 2021-02-04
• 3.4.0-beta.6 - 2021-01-29
• 3.4.0-beta.5 - 2021-01-29
• 3.4.0-beta.4 - 2020-12-16
• 3.4.0-beta.3 - 2020-12-12
• 3.4.0-beta.2 - 2020-12-04
• 3.4.0-beta.1 - 2020-12-03
• 3.4.0-beta.0 - 2020-12-01
• 3.3.21 - 2021-07-06
• 3.3.20 - 2021-06-08
• 3.3.19 - 2021-05-18

from @apollo/client GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• Snyk has automatically assigned this pull request, set who gets assigned.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 👩‍💻 Set who automatically gets assigned
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs