From a9d288ae8184c1a99f8c26af700a193b2fbe6ab4 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 30 Aug 2023 14:19:53 -0700 Subject: [PATCH] Version Packages (#7712) This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @apollo/server-integration-testsuite@4.9.3 ### Patch Changes - Updated dependencies \[[`a1c725eaf`](https://github.com/apollographql/apollo-server/commit/a1c725eaf53c901e32a15057211bcb3eb6a6109b)]: - @apollo/server@4.9.3 ## @apollo/server@4.9.3 ### Patch Changes - [`a1c725eaf`](https://github.com/apollographql/apollo-server/commit/a1c725eaf53c901e32a15057211bcb3eb6a6109b) Thanks [@trevor-scheer](https://github.com/trevor-scheer)! - Ensure API keys are valid header values on startup Apollo Server previously performed no sanitization or validation of API keys on startup. In the case that an API key was provided which contained characters that are invalid as header values, Apollo Server could inadvertently log the API key in cleartext. This only affected users who: - Provide an API key with characters that are invalid as header values - Use either schema or usage reporting - Use the default fetcher provided by Apollo Server or configure their own `node-fetch` fetcher Apollo Server now trims whitespace from API keys and validates that they are valid header values. If an invalid API key is provided, Apollo Server will throw an error on startup. For more details, see the security advisory: Co-authored-by: github-actions[bot] --- .changeset/proud-buckets-kneel.md | 17 ----------------- package-lock.json | 8 ++++---- packages/integration-testsuite/CHANGELOG.md | 7 +++++++ packages/integration-testsuite/package.json | 4 ++-- packages/server/CHANGELOG.md | 19 +++++++++++++++++++ packages/server/package.json | 2 +- 6 files changed, 33 insertions(+), 24 deletions(-) delete mode 100644 .changeset/proud-buckets-kneel.md diff --git a/.changeset/proud-buckets-kneel.md b/.changeset/proud-buckets-kneel.md deleted file mode 100644 index bb92352ff5f..00000000000 --- a/.changeset/proud-buckets-kneel.md +++ /dev/null @@ -1,17 +0,0 @@ ---- -'@apollo/server': patch ---- - -Ensure API keys are valid header values on startup - -Apollo Server previously performed no sanitization or validation of API keys on startup. In the case that an API key was provided which contained characters that are invalid as header values, Apollo Server could inadvertently log the API key in cleartext. - -This only affected users who: -- Provide an API key with characters that are invalid as header values -- Use either schema or usage reporting -- Use the default fetcher provided by Apollo Server or configure their own `node-fetch` fetcher - -Apollo Server now trims whitespace from API keys and validates that they are valid header values. If an invalid API key is provided, Apollo Server will throw an error on startup. - -For more details, see the security advisory: -https://github.com/apollographql/apollo-server/security/advisories/GHSA-j5g3-5c8r-7qfx diff --git a/package-lock.json b/package-lock.json index 8c6d29f9463..975b6ef6be6 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14472,12 +14472,12 @@ }, "packages/integration-testsuite": { "name": "@apollo/server-integration-testsuite", - "version": "4.9.2", + "version": "4.9.3", "license": "MIT", "dependencies": { "@apollo/cache-control-types": "^1.0.3", "@apollo/client": "^3.6.9", - "@apollo/server": "4.9.2", + "@apollo/server": "4.9.3", "@apollo/usage-reporting-protobuf": "^4.1.1", "@apollo/utils.createhash": "^2.0.0", "@apollo/utils.keyvaluecache": "^2.1.0", @@ -14562,7 +14562,7 @@ }, "packages/server": { "name": "@apollo/server", - "version": "4.9.2", + "version": "4.9.3", "license": "MIT", "dependencies": { "@apollo/cache-control-types": "^1.0.3", @@ -14845,7 +14845,7 @@ "requires": { "@apollo/cache-control-types": "^1.0.3", "@apollo/client": "^3.6.9", - "@apollo/server": "4.9.2", + "@apollo/server": "4.9.3", "@apollo/usage-reporting-protobuf": "^4.1.1", "@apollo/utils.createhash": "^2.0.0", "@apollo/utils.keyvaluecache": "^2.1.0", diff --git a/packages/integration-testsuite/CHANGELOG.md b/packages/integration-testsuite/CHANGELOG.md index 18b74523e30..66f97f95f8b 100644 --- a/packages/integration-testsuite/CHANGELOG.md +++ b/packages/integration-testsuite/CHANGELOG.md @@ -1,5 +1,12 @@ # @apollo/server-integration-testsuite +## 4.9.3 + +### Patch Changes + +- Updated dependencies [[`a1c725eaf`](https://github.com/apollographql/apollo-server/commit/a1c725eaf53c901e32a15057211bcb3eb6a6109b)]: + - @apollo/server@4.9.3 + ## 4.9.2 ### Patch Changes diff --git a/packages/integration-testsuite/package.json b/packages/integration-testsuite/package.json index 6d17af3a943..f7987563329 100644 --- a/packages/integration-testsuite/package.json +++ b/packages/integration-testsuite/package.json @@ -1,6 +1,6 @@ { "name": "@apollo/server-integration-testsuite", - "version": "4.9.2", + "version": "4.9.3", "description": "Test suite for Apollo Server integrations", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -28,7 +28,7 @@ "dependencies": { "@apollo/cache-control-types": "^1.0.3", "@apollo/client": "^3.6.9", - "@apollo/server": "4.9.2", + "@apollo/server": "4.9.3", "@apollo/utils.keyvaluecache": "^2.1.0", "@apollo/utils.createhash": "^2.0.0", "@apollo/usage-reporting-protobuf": "^4.1.1", diff --git a/packages/server/CHANGELOG.md b/packages/server/CHANGELOG.md index 4fd2dd8d24b..fb1c1cd67c3 100644 --- a/packages/server/CHANGELOG.md +++ b/packages/server/CHANGELOG.md @@ -1,5 +1,24 @@ # @apollo/server +## 4.9.3 + +### Patch Changes + +- [`a1c725eaf`](https://github.com/apollographql/apollo-server/commit/a1c725eaf53c901e32a15057211bcb3eb6a6109b) Thanks [@trevor-scheer](https://github.com/trevor-scheer)! - Ensure API keys are valid header values on startup + + Apollo Server previously performed no sanitization or validation of API keys on startup. In the case that an API key was provided which contained characters that are invalid as header values, Apollo Server could inadvertently log the API key in cleartext. + + This only affected users who: + + - Provide an API key with characters that are invalid as header values + - Use either schema or usage reporting + - Use the default fetcher provided by Apollo Server or configure their own `node-fetch` fetcher + + Apollo Server now trims whitespace from API keys and validates that they are valid header values. If an invalid API key is provided, Apollo Server will throw an error on startup. + + For more details, see the security advisory: + https://github.com/apollographql/apollo-server/security/advisories/GHSA-j5g3-5c8r-7qfx + ## 4.9.2 ### Patch Changes diff --git a/packages/server/package.json b/packages/server/package.json index 0628efeb90d..ebeb16cda86 100644 --- a/packages/server/package.json +++ b/packages/server/package.json @@ -1,6 +1,6 @@ { "name": "@apollo/server", - "version": "4.9.2", + "version": "4.9.3", "description": "Core engine for Apollo GraphQL server", "type": "module", "main": "dist/cjs/index.js",