[Snyk] Upgrade @apollo/client from 3.7.17 to 3.13.5

[X-oss-byte]

Snyk has created this PR to upgrade @apollo/client from 3.7.17 to 3.13.5.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 112 versions ahead of your current version.

• The recommended version was released 24 days ago.

Release notes

Package name: @apollo/client

• 3.13.5 - 2025-03-20
  

  Patch Changes

  • #12461 12c8d06 Thanks @ jerelmiller! - Fix an issue where a cache-first query would return the result for previous variables when a cache update is issued after simultaneously changing variables and skipping the query.
• 3.13.4 - 2025-03-10
  

  Patch Changes

  • #12420 fee9368 Thanks @ jorenbroekema! - Use import star from rehackt to prevent issues with importing named exports from external CJS modules.
• 3.13.3 - 2025-03-07
  

  Patch Changes

  • #12362 f6d387c Thanks @ jerelmiller! - Fixes an issue where calling observableQuery.getCurrentResult() when the errorPolicy was set to all would return the networkStatus as NetworkStatus.ready when there were errors returned in the result. This has been corrected to report NetworkStatus.error.

    This bug also affected the useQuery and useLazyQuery hooks and may affect you if you check for networkStatus in your component.

• 3.13.2 - 2025-03-06
  

  Patch Changes

  • #12409 6aa2f3e Thanks @ phryneas! - To mitigate problems when Apollo Client ends up more than once in the bundle, some unique symbols were converted into Symbol.for calls.

  • #12392 644bb26 Thanks @ Joja81! - Fixes an issue where the DeepOmit type would turn optional properties into required properties. This should only affect you if you were using the omitDeep or stripTypename utilities exported by Apollo Client.

  • #12404 4332b88 Thanks @ jerelmiller! - Show NaN rather than converting to null in debug messages from MockLink for unmatched variables values.

• 3.13.1 - 2025-02-14
  

  Patch Changes

  • #12369 bdfc5b2 Thanks @ phryneas! - ObervableQuery.refetch: don't refetch with cache-and-network, swich to network-only instead

  • #12375 d3f8f13 Thanks @ jerelmiller! - Export the UseSuspenseFragmentOptions type.

• 3.13.0 - 2025-02-13
  

  Apollo Client v3.13.0 introduces a new hook, useSuspenseFragment, as a drop-in replacement for useFragment in apps that are using React Suspense. This is the “last” React hook we are introducing in 3.x - we think this rounds out the “big concepts” in our React Suspense and GraphQL fragment story. See the docs for information on this and our other Suspense-supporting hooks. There are some TypeScript quality-of-life improvements shipped in this release for observableQuery.updateQuery and subscribeToMore. Additionally, the return type of updateQuery now includes undefined to allow an early exit from updates. This was always supported at runtime, but was missed on the TypeScript side. On the runtime side, we’ve fixed query deduplication behavior for multipart responses and corrected the error handling in useMutation callbacks. onCompleted and onError in useQuery and useLazyQuery have been deprecated for multiple reasons. See below for full details 👀

  Minor Changes

  • #12066 c01da5d Thanks @ jerelmiller! - Adds a new useSuspenseFragment hook.

    useSuspenseFragment suspends until data is complete. It is a drop-in replacement for useFragment when you prefer to use Suspense to control the loading state of a fragment. See the documentation for more details.

  • #12174 ba5cc33 Thanks @ jerelmiller! - Ensure errors thrown in the onCompleted callback from useMutation don't call onError.

  • #12340 716d02e Thanks @ phryneas! - Deprecate the onCompleted and onError callbacks of useQuery and useLazyQuery.
    For more context, please see the related issue on GitHub.

  • #12276 670f112 Thanks @ Cellule! - Provide a more type-safe option for the previous data value passed to observableQuery.updateQuery. Using it could result in crashes at runtime as this callback could be called with partial data even though its type reported the value as a complete result.

    The updateQuery callback function is now called with a new type-safe previousData property and a new complete property in the 2nd argument that determines whether previousData is a complete or partial result.

    As a result of this change, it is recommended to use the previousData property passed to the 2nd argument of the callback rather than using the previous data value from the first argument since that value is not type-safe. The first argument is now deprecated and will be removed in a future version of Apollo Client.

    observableQuery.updateQuery(
    (unsafePreviousData, { previousData, complete }) => {
    previousData;
    // ^? TData | DeepPartial<TData> | undefined

    <span class="pl-k">if</span> <span class="pl-kos">(</span><span class="pl-s1">complete</span><span class="pl-kos">)</span> <span class="pl-kos">{</span>
      <span class="pl-s1">previousData</span><span class="pl-kos">;</span>
      <span class="pl-c">// ^? TData</span>
    <span class="pl-kos">}</span> <span class="pl-k">else</span> <span class="pl-kos">{</span>
      <span class="pl-s1">previousData</span><span class="pl-kos">;</span>
      <span class="pl-c">// ^? DeepPartial&lt;TData&gt; | undefined</span>
    <span class="pl-kos">}</span>
    

    }
    );

  • #12174 ba5cc33 Thanks @ jerelmiller! - Reject the mutation promise if errors are thrown in the onCompleted callback of useMutation.

  Patch Changes

  • #12276 670f112 Thanks @ Cellule! - Fix the return type of the updateQuery function to allow for undefined. updateQuery had the ability to bail out of the update by returning a falsey value, but the return type enforced a query value.

    observableQuery.updateQuery(
    (unsafePreviousData, { previousData, complete }) => {
    if (!complete) {
    // Bail out of the update by returning early
    return;
    }

    <span class="pl-c">// ...</span>
    

    }
    );

  • #12296 2422df2 Thanks @ Cellule! - Deprecate option ignoreResults in useMutation.
    Once this option is removed, existing code still using it might see increase in re-renders.
    If you don't want to synchronize your component state with the mutation, please use useApolloClient to get your ApolloClient instance and call client.mutate directly.

  • #12338 67c16c9 Thanks @ phryneas! - In case of a multipart response (e.g. with @ defer), query deduplication will
    now keep going until the final chunk has been received.

  • #12276 670f112 Thanks @ Cellule! - Fix the type of the variables property passed as the 2nd argument to the subscribeToMore callback. This was previously reported as the variables type for the subscription itself, but is now properly typed as the query variables.

• 3.13.0-rc.0 - 2025-02-07
  

  Minor Changes

  • #12066 c01da5d Thanks @ jerelmiller! - Adds a new useSuspenseFragment hook.

    useSuspenseFragment suspends until data is complete. It is a drop-in replacement for useFragment when you prefer to use Suspense to control the loading state of a fragment.

  • #12174 ba5cc33 Thanks @ jerelmiller! - Ensure errors thrown in the onCompleted callback from useMutation don't call onError.

  • #12340 716d02e Thanks @ phryneas! - Deprecate the onCompleted and onError callbacks of useQuery and useLazyQuery.
    For more context, please see the related issue on GitHub.

  • #12276 670f112 Thanks @ Cellule! - Provide a more type-safe option for the previous data value passed to observableQuery.updateQuery. Using it could result in crashes at runtime as this callback could be called with partial data even though its type reported the value as a complete result.

    The updateQuery callback function is now called with a new type-safe previousData property and a new complete property in the 2nd argument that determines whether previousData is a complete or partial result.

    As a result of this change, it is recommended to use the previousData property passed to the 2nd argument of the callback rather than using the previous data value from the first argument since that value is not type-safe. The first argument is now deprecated and will be removed in a future version of Apollo Client.

    observableQuery.updateQuery(
    (unsafePreviousData, { previousData, complete }) => {
    previousData;
    // ^? TData | DeepPartial<TData> | undefined

    <span class="pl-k">if</span> <span class="pl-kos">(</span><span class="pl-s1">complete</span><span class="pl-kos">)</span> <span class="pl-kos">{</span>
      <span class="pl-s1">previousData</span><span class="pl-kos">;</span>
      <span class="pl-c">// ^? TData</span>
    <span class="pl-kos">}</span> <span class="pl-k">else</span> <span class="pl-kos">{</span>
      <span class="pl-s1">previousData</span><span class="pl-kos">;</span>
      <span class="pl-c">// ^? DeepPartial&lt;TData&gt; | undefined</span>
    <span class="pl-kos">}</span>
    

    }
    );

  • #12174 ba5cc33 Thanks @ jerelmiller! - Reject the mutation promise if errors are thrown in the onCompleted callback of useMutation.

  Patch Changes

  • #12276 670f112 Thanks @ Cellule! - Fix the return type of the updateQuery function to allow for undefined. updateQuery had the ability to bail out of the update by returning a falsey value, but the return type enforced a query value.

    observableQuery.updateQuery(
    (unsafePreviousData, { previousData, complete }) => {
    if (!complete) {
    // Bail out of the update by returning early
    return;
    }

    <span class="pl-c">// ...</span>
    

    }
    );

  • #12296 2422df2 Thanks @ Cellule! - Deprecate option ignoreResults in useMutation.
    Once this option is removed, existing code still using it might see increase in re-renders.
    If you don't want to synchronize your component state with the mutation, please use useApolloClient to get your ApolloClient instance and call client.mutate directly.

  • #12338 67c16c9 Thanks @ phryneas! - In case of a multipart response (e.g. with @ defer), query deduplication will
    now keep going until the final chunk has been received.

  • #12276 670f112 Thanks @ Cellule! - Fix the type of the variables property passed as the 2nd argument to the subscribeToMore updateQuery callback. This was previously reported as the variables type for the subscription itself, but is now properly typed as the query variables.

• 3.12.11 - 2025-02-07
• 3.12.10 - 2025-02-06
• 3.12.9 - 2025-02-03
• 3.12.8 - 2025-01-27
• 3.12.7 - 2025-01-22
• 3.12.6 - 2025-01-14
• 3.12.5 - 2025-01-09
• 3.12.4 - 2024-12-19
• 3.12.3 - 2024-12-12
• 3.12.2 - 2024-12-05
• 3.12.1 - 2024-12-05
• 3.12.0 - 2024-12-04
• 3.12.0-rc.4 - 2024-11-27
• 3.12.0-rc.3 - 2024-11-20
• 3.12.0-rc.2 - 2024-11-19
• 3.12.0-rc.1 - 2024-11-15
• 3.12.0-rc.0 - 2024-11-13
• 3.12.0-alpha.0 - 2024-10-01
• 3.11.11-rc.0 - 2024-11-13
• 3.11.10 - 2024-11-11
• 3.11.9 - 2024-11-07
• 3.11.8 - 2024-09-05
• 3.11.7 - 2024-09-04
• 3.11.6 - 2024-09-03
• 3.11.5 - 2024-08-28
• 3.11.4 - 2024-08-07
• 3.11.3 - 2024-08-05
• 3.11.2 - 2024-07-31
• 3.11.1 - 2024-07-23
• 3.11.0 - 2024-07-22
• 3.11.0-rc.2 - 2024-07-15
• 3.11.0-rc.1 - 2024-07-10
• 3.11.0-rc.0 - 2024-07-09
• 3.10.8 - 2024-06-27
• 3.10.7 - 2024-06-26
• 3.10.6 - 2024-06-21
• 3.10.5 - 2024-06-12
• 3.10.4 - 2024-05-15
• 3.10.3 - 2024-05-07
• 3.10.2 - 2024-05-03
• 3.10.1 - 2024-04-24
• 3.10.0 - 2024-04-24
• 3.10.0-rc.1 - 2024-04-15
• 3.10.0-rc.0 - 2024-04-02
• 3.10.0-alpha.1 - 2024-03-18
• 3.9.11 - 2024-04-10
• 3.9.10 - 2024-04-01
• 3.9.9 - 2024-03-22
• 3.9.8 - 2024-03-20
• 3.9.7 - 2024-03-13
• 3.9.6 - 2024-03-06
• 3.9.5 - 2024-02-15
• 3.9.4 - 2024-02-07
• 3.9.3 - 2024-02-06
• 3.9.2 - 2024-02-01
• 3.9.1 - 2024-01-31
• 3.9.0 - 2024-01-30
• 3.9.0-rc.1 - 2024-01-18
• 3.9.0-rc.0 - 2024-01-17
• 3.9.0-beta.1 - 2023-12-21
• 3.9.0-beta.0 - 2023-12-18
• 3.9.0-alpha.5 - 2023-12-05
• 3.9.0-alpha.4 - 2023-11-08
• 3.9.0-alpha.3 - 2023-11-02
• 3.9.0-alpha.2 - 2023-10-11
• 3.9.0-alpha.1 - 2023-09-21
• 3.9.0-alpha.0 - 2023-09-19
• 3.8.10 - 2024-01-18
• 3.8.9 - 2024-01-09
• 3.8.8 - 2023-11-29
• 3.8.7 - 2023-11-02
• 3.8.6 - 2023-10-16
• 3.8.5 - 2023-10-05
• 3.8.4 - 2023-09-19
• 3.8.3 - 2023-09-05
• 3.8.2 - 2023-09-01
• 3.8.1 - 2023-08-10
• 3.8.0 - 2023-08-07
• 3.8.0-rc.2 - 2023-08-01
• 3.8.0-rc.1 - 2023-07-17
• 3.8.0-rc.0 - 2023-07-13
• 3.8.0-beta.7 - 2023-07-10
• 3.8.0-beta.6 - 2023-07-05
• 3.8.0-beta.5 - 2023-06-28
• 3.8.0-beta.4 - 2023-06-20
• 3.8.0-beta.3 - 2023-06-15
• 3.8.0-beta.2 - 2023-06-07
• 3.8.0-beta.1 - 2023-05-31
• 3.8.0-beta.0 - 2023-05-26
• 3.8.0-alpha.15 - 2023-05-17
• 3.8.0-alpha.14 - 2023-05-16
• 3.8.0-alpha.13 - 2023-05-03
• 3.8.0-alpha.12 - 2023-04-13
• 3.8.0-alpha.11 - 2023-03-28
• 3.8.0-alpha.10 - 2023-03-17
• 3.8.0-alpha.9 - 2023-03-15
• 3.8.0-alpha.8 - 2023-03-02
• 3.8.0-alpha.7 - 2023-02-15
• 3.8.0-alpha.6 - 2023-02-07
• 3.8.0-alpha.5 - 2023-01-19
• 3.8.0-alpha.4 - 2023-01-13
• 3.8.0-alpha.3 - 2023-01-03
• 3.8.0-alpha.2 - 2022-12-21
• 3.8.0-alpha.1 - 2022-12-21
• 3.8.0-alpha.0 - 2022-12-09
• 3.7.17 - 2023-07-05

from @apollo/client GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Summary by Sourcery

Enhancements:

• Upgrade Apollo Client to the latest version, bringing multiple improvements and bug fixes

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
next-js-next-plugin-storybook	❌ Failed (Inspect)			Apr 13, 2025 4:06pm
next-js-next-plugin-storybook-g5dx	❌ Failed (Inspect)			Apr 13, 2025 4:06pm
next-js-next-plugin-storybook-y5ka	❌ Failed (Inspect)			Apr 13, 2025 4:06pm
next-x-storybook	❌ Failed (Inspect)			Apr 13, 2025 4:06pm

[vercel]

Deployment failed with the following error:

Could not parse File as JSON: vercel.json

[bolt-new-by-stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 445ad1a

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request upgrades the @apollo/client package from version 3.7.17 to 3.13.5.

Added class diagram for useSuspenseFragment

classDiagram
    class UseSuspenseFragment {
        +data: TData
    }

    note for UseSuspenseFragment "New hook that suspends until data is complete."

Loading

File-Level Changes

Change	Details	Files
The pull request upgrades the @apollo/client package.	Upgrades from version 3.7.17 to 3.13.5.	examples/with-apollo/package.json

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!
• Generate a plan of action for an issue: Comment @sourcery-ai plan on
  an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot ('[Snyk]' found in title). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.