[Snyk] Upgrade graphql from 16.6.0 to 16.10.0

[X-oss-byte]

Snyk has created this PR to upgrade graphql from 16.6.0 to 16.10.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 9 versions ahead of your current version.

• The recommended version was released 22 days ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Denial of Service (DoS) SNYK-JS-GRAPHQL-5905181	586	Proof of Concept

Release notes

Package name: graphql

• 16.10.0 - 2024-12-15
  

  v16.10.0 (2024-12-15)

  New Feature 🚀

  • #4286 fix: properly type extensions in GraphQLFormattedError (@ tpoisseau)
  • #4292 Expose tokenCount on the DocumentNode (@ JoviDeCroock)

  Bug Fix 🐞

  • #4137 backport(v16): Require non-empty directive locations (#4100) (@ benjie)
  • #4168 fix(validation): catch OverlappingFieldsCanBeMergedRule violations with nested fragments (@ sachindshinde)
  • #4226 Backport introspection type fix (@ JoviDeCroock)
  • #4291 Address empty selection-set (@ JoviDeCroock)

  Docs 📝

  10 PRs were merged

  • #4240 Convert from docusaurus to nextra (@ JoviDeCroock)
  • #4248 Add content from graphql/graphql.github.io#1782 (@ JoviDeCroock)
  • #4249 Styling fixes (@ JoviDeCroock)
  • #4256 Various fixes to docs (@ JoviDeCroock)
  • #4279 Solve some low hanging fruit in the documentation (@ JoviDeCroock)
  • #4283 Add overview page and add stackblitz to tutorial (@ JoviDeCroock)
  • #4284 Provide people with tabs so they can use classes as well (@ JoviDeCroock)
  • #4289 Add note about defer/stream being v17 (@ JoviDeCroock)
  • #4290 Write about @ oneOf in the graphql-js documentation (@ JoviDeCroock)
  • #4295 Split up in v16 API documentation (@ JoviDeCroock)

  Internal 🏠

  4 PRs were merged

  • #4138 Upgrade codecov action and pass token (@ benjie)
  • #4139 Fix codecov workflow (@ benjie)
  • #4157 Add GraphQLConf 2024 banner (@ bignimbus)
  • #4193 Upgrade deprecated actions (@ JoviDeCroock)

  Committers: 5

  • Benjie(@ benjie)
  • Jeff Auriemma(@ bignimbus)
  • Jovi De Croock(@ JoviDeCroock)
  • Sachin D. Shinde(@ sachindshinde)
  • tpoisseau(@ tpoisseau)
• 16.9.0 - 2024-06-21
  

  v16.9.0 (2024-06-21)

  New Feature 🚀

  • #4119 backport[v16]: Introduce "recommended" validation rules (@ benjie)
  • #4122 backport[v16]: Enable passing values configuration to GraphQLEnumType as a thunk (@ benjie)
  • #4124 backport[v16]: Implement OneOf Input Objects via @ oneOf directive (@ benjie)

  Committers: 1

  • Benjie(@ benjie)
• 16.9.0-canary.pr.4192.1813397076f44a55e5798478e7321db9877de97a - 2024-09-14
• 16.9.0-canary.pr.4159.0fa29326c53fcd63c6473c7357c28aa13fa0019d - 2024-08-13
• 16.8.2 - 2024-06-12
  

  v16.8.2 (2024-06-12)

  Bug Fix 🐞

  • #4022 fix: remove globalThis check and align with what bundlers can accept (@ JoviDeCroock)

  Internal 🏠

  • #4104 Fix publish scripts (@ benjie)

  Committers: 2

  • Benjie(@ benjie)
  • Jovi De Croock(@ JoviDeCroock)
• 16.8.1 - 2023-09-19
  

  v16.8.1 (2023-09-19)

  Bug Fix 🐞

  • #3967 OverlappingFieldsCanBeMergedRule: Fix performance degradation (@ AaronMoat)

  Committers: 1

  • Aaron Moat(@ AaronMoat)
• 16.8.0 - 2023-08-14
  

  v16.8.0 (2023-08-14)

  New Feature 🚀

  • #3950 Support fourfold nested lists (@ gschulze)

  Committers: 1

  • Gunnar Schulze(@ gschulze)
• 16.7.1 - 2023-06-22
• 16.7.0 - 2023-06-21
• 16.6.0 - 2022-08-16

from graphql GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.
• Max score is 1000. Note that the real score may have changed since the PR was raised.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Summary by Sourcery

Upgrade graphql from 16.6.0 to 16.10.0 to address a denial of service vulnerability.

Bug Fixes:

• Fix a denial of service vulnerability in graphql.

Enhancements:

• Update documentation, including converting to Nextra and adding a GraphQLConf 2024 banner.
• Expose tokenCount on the DocumentNode.
• Add support for fourfold nested lists.
• Introduce "recommended" validation rules.
• Enable passing values configuration to GraphQLEnumType as a thunk.
• Implement OneOf Input Objects via the @OneOf directive.
• Properly type extensions in GraphQLFormattedError.
• Catch OverlappingFieldsCanBeMergedRule violations with nested fragments.
• Backport introspection type fix.
• Address empty selection-set.
• Remove globalThis check and align with what bundlers can accept.
• Fix publish scripts.
• Upgrade codecov action and pass token.
• Fix codecov workflow.
• Upgrade deprecated actions.

[vercel]

Deployment failed with the following error:

Could not parse File as JSON: vercel.json

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
next-js-next-plugin-storybook-g5dx	❌ Failed (Inspect)			Jan 6, 2025 5:58pm
next-x-storybook	❌ Failed (Inspect)			Jan 6, 2025 5:58pm

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 4409831

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request upgrades the graphql dependency from version 16.6.0 to 16.10.0 in the examples/api-routes-apollo-server/package.json file. This upgrade resolves a Denial of Service (DoS) vulnerability, identified as SNYK-JS-GRAPHQL-5905181.

State diagram showing security status transition

stateDiagram-v2
    direction LR
    state "GraphQL v16.6.0" as v1
    state "GraphQL v16.10.0" as v2
    [*] --> v1
    v1 --> v2: Upgrade
    note left of v1: Vulnerable to DoS
    note right of v2: DoS vulnerability fixed

Loading

File-Level Changes

Change	Details	Files
Upgrade graphql to 16.10.0	Updated the graphql dependency version from 16.6.0 to 16.10.0 in the package.json file.	examples/api-routes-apollo-server/package.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.