Skip to content

build(deps): bump @apollo/client from 4.2.5 to 4.2.6 in the graphql group across 1 directory#2942

Open
dependabot[bot] wants to merge 1 commit into
trunkfrom
dependabot/npm_and_yarn/graphql-491ed7b1f9
Open

build(deps): bump @apollo/client from 4.2.5 to 4.2.6 in the graphql group across 1 directory#2942
dependabot[bot] wants to merge 1 commit into
trunkfrom
dependabot/npm_and_yarn/graphql-491ed7b1f9

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 7, 2026

Copy link
Copy Markdown
Contributor

Bumps the graphql group with 1 update in the / directory: @apollo/client.

Updates @apollo/client from 4.2.5 to 4.2.6

Release notes

Sourced from @​apollo/client's releases.

@​apollo/client@​4.2.6

Patch Changes

  • #13315 a406cc9 Thanks @​fallintoplace! - Prevent relay multipart subscriptions from issuing a fetch request after serializing the request body fails.

  • #13307 abd0781 Thanks @​wolfie! - Speed up cache writes by avoiding a full AST visit of every written field to detect @stream. The check now runs only when the result carries stream info, and only inspects the field node's own directives. As a result, fields that merely contain @stream on a nested field are no longer treated as streamed themselves and now overwrite existing lists like regular fields instead of merging chunk-wise.

Changelog

Sourced from @​apollo/client's changelog.

4.2.6

Patch Changes

  • #13315 a406cc9 Thanks @​fallintoplace! - Prevent relay multipart subscriptions from issuing a fetch request after serializing the request body fails.

  • #13307 abd0781 Thanks @​wolfie! - Speed up cache writes by avoiding a full AST visit of every written field to detect @stream. The check now runs only when the result carries stream info, and only inspects the field node's own directives. As a result, fields that merely contain @stream on a nested field are no longer treated as streamed themselves and now overwrite existing lists like regular fields instead of merging chunk-wise.

Commits

@github-actions

github-actions Bot commented Jul 7, 2026

Copy link
Copy Markdown
Contributor

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

PackageVersionScoreDetails
npm/@apollo/client 4.2.6 🟢 6.8
Details
CheckScoreReason
Code-Review🟢 3Found 7/22 approved changesets -- score normalized to 3
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 6detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
License🟢 10license file detected
Branch-Protection🟢 3branch protection is not maximal on development and all release branches
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 8SAST tool is not run on all commits -- score normalized to 8

Scanned Files

  • package.json

Bumps the graphql group with 1 update in the / directory: [@apollo/client](https://github.com/apollographql/apollo-client).


Updates `@apollo/client` from 4.2.5 to 4.2.6
- [Release notes](https://github.com/apollographql/apollo-client/releases)
- [Changelog](https://github.com/apollographql/apollo-client/blob/main/CHANGELOG.md)
- [Commits](https://github.com/apollographql/apollo-client/compare/@apollo/client@4.2.5...@apollo/client@4.2.6)

---
updated-dependencies:
- dependency-name: "@apollo/client"
  dependency-version: 4.2.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: graphql
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title build(deps): bump @apollo/client from 4.2.5 to 4.2.6 in the graphql group build(deps): bump @apollo/client from 4.2.5 to 4.2.6 in the graphql group across 1 directory Jul 8, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/graphql-491ed7b1f9 branch from 4741bfb to 350ed54 Compare July 8, 2026 12:22
@sonarqubecloud

sonarqubecloud Bot commented Jul 8, 2026

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants