Update dependency graphql to v16 [SECURITY]

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
graphql	15.8.0 → 16.8.1

---

graphql Uncontrolled Resource Consumption vulnerability

CVE-2023-26144 / GHSA-9pv7-vfvm-6vr7

More information

Details

Versions of the package graphql from 16.3.0 and before 16.8.1 are vulnerable to Denial of Service (DoS) due to insufficient checks in the OverlappingFieldsCanBeMergedRule.ts file when parsing large queries. This vulnerability allows an attacker to degrade system performance.

Note: It was not proven that this vulnerability can crash the process.

Severity

• CVSS Score: 5.3 / 10 (Medium)
• Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

References

• https://nvd.nist.gov/vuln/detail/CVE-2023-26144
• https://github.com/graphql/graphql-js/issues/3955
• https://github.com/graphql/graphql-js/pull/3972
• https://github.com/graphql/graphql-js/releases/tag/v16.8.1
• https://security.snyk.io/vuln/SNYK-JS-GRAPHQL-5905181
• https://github.com/graphql/graphql-js/commit/8f4c64eb6a7112a929ffeef00caa67529b3f2fcf
• https://github.com/advisories/GHSA-9pv7-vfvm-6vr7

This data is provided by the GitHub Advisory Database (CC-BY 4.0).

---

Release Notes

graphql/graphql-js (graphql)

v16.8.1

Compare Source

v16.8.1 (2023-09-19)

Bug Fix 🐞

• #​3967 OverlappingFieldsCanBeMergedRule: Fix performance degradation (@​AaronMoat)

Committers: 1

• Aaron Moat(@​AaronMoat)

v16.8.0

Compare Source

v16.8.0 (2023-08-14)

New Feature 🚀

• #​3950 Support fourfold nested lists (@​gschulze)

Committers: 1

• Gunnar Schulze(@​gschulze)

v16.7.1

Compare Source

v16.7.1 (2023-06-22)

📢 Big shout out to @​phryneas, who managed to reproduce this issue and come up with this fix.

Bug Fix 🐞

• #​3923 instanceOf: workaround bundler issue with process.env (@​IvanGoncharov)

Committers: 1

• Ivan Goncharov(@​IvanGoncharov)

v16.7.0

Compare Source

v16.7.0 (2023-06-21)

New Feature 🚀

• #​3887 check "globalThis.process" before accessing it (@​kettanaito)

Bug Fix 🐞

• #​3707 Fix crash in node when mixing sync/async resolvers (backport of #​3706) (@​chrskrchr)
• #​3838 Fix/invalid error propagation custom scalars (backport for 16.x.x) (@​stenreijers)

Committers: 3

• Artem Zakharchenko(@​kettanaito)
• Chris Karcher(@​chrskrchr)
• Sten Reijers(@​stenreijers)

v16.6.0

Compare Source

v16.6.0 (2022-08-16)

New Feature 🚀

• #​3645 createSourceEventStream: introduce named arguments and deprecate positional arguments (@​yaacovCR)
• #​3702 parser: limit maximum number of tokens (@​IvanGoncharov)

Bug Fix 🐞

• #​3686 Workaround for codesandbox having bug with TS enums (@​IvanGoncharov)
• #​3701 Parser: allow 'options' to explicitly accept undefined (@​IvanGoncharov)

Committers: 2

• Ivan Goncharov(@​IvanGoncharov)
• Yaacov Rydzinski (@​yaacovCR)

v16.5.0

Compare Source

v16.5.0 (2022-05-09)

New Feature 🚀

• #​3565 Expose GraphQLErrorOptions type (#​3554) (@​IvanGoncharov)

Committers: 1

• Ivan Goncharov(@​IvanGoncharov)

v16.4.0

Compare Source

v16.4.0 (2022-04-25)

New Feature 🚀

• #​3465 refactor: use object for GraphQLError constructor (@​n1ru4l)
• #​3487 feat: expose getArgumentValues (@​saihaj)

Bug Fix 🐞

• #​3514 GraphQLError: switch constructor overload order (@​glasser)

Docs 📝

2 PRs were merged

• #​3505 correct outdated documentation (@​Ginhing)
• #​3512 Update documentation on deprecated formatError(..) (@​dwelch2344)

Polish 💅

3 PRs were merged

• #​3522 tests(execution): add missing new lines (@​IvanGoncharov)
• #​3524 tests(printSchema): test omitting schema of common names (@​IvanGoncharov)
• #​3537 ESLint: disallow using node globals in src/tests (@​IvanGoncharov)

Internal 🏠

26 PRs were merged

• #​3468 ci: add stub action for canary releases on PRs (@​IvanGoncharov)
• #​3470 ci: implement canary releases on PRs (@​IvanGoncharov)
• #​3472 ci: remove NPM caching on canary release script (@​IvanGoncharov)
• #​3473 ci: Pass 'GITHUB_TOKEN' to GitHub CLI (@​IvanGoncharov)
• #​3475 ci: checkout repo in canary workflow (@​IvanGoncharov)
• #​3477 ci: fix & cleanup script for modifying NPM package into canary (@​IvanGoncharov)
• #​3479 ci: Add missing require to canary script (@​IvanGoncharov)
• #​3481 ci: fix missing PR number in canary release workflow (@​IvanGoncharov)
• #​3483 ci: fix missing PR number in canary release workflow (@​IvanGoncharov)
• #​3484 ci: Moving GH Action template syntax to env variables (@​IvanGoncharov)
• #​3486 ci: improve comment on canary releases (@​IvanGoncharov)
• #​3488 ci: Extract branch publishing into separate workflow (@​IvanGoncharov)
• #​3489 ci: use '.node-version' file to configure node version used for CI (@​IvanGoncharov)
• #​3491 ci: use separate workflows for 'push' and 'pull_request' (@​IvanGoncharov)
• #​3493 ci: remove unused 'workflow_id' input (@​IvanGoncharov)
• #​3496 ci: fix deprecation of canary package (@​IvanGoncharov)
• #​3497 ci: use environments to track deployments (@​IvanGoncharov)
• #​3502 ci: fix deployments of npm & deno branches (@​IvanGoncharov)
• #​3503 ci: Add '@​github-actions' bot (@​IvanGoncharov)
• #​3523 github-actions-bot: replace 'octokit/request-action' action (@​IvanGoncharov)
• #​3525 github-actions-bot: Fix collapsing of unrelated comments (@​IvanGoncharov)
• #​3530 integrationTests/node: fix crash on Mac with M1 by using docker (@​IvanGoncharov)
• #​3534 github-actions-bot: fix publishing of canary releases (@​IvanGoncharov)
• #​3536 github-actions-bot: fix usage of NPM_CANARY_PR_PUBLISH_TOKEN (@​IvanGoncharov)
• #​3538 github-actions-bot: fix reply on commands (@​IvanGoncharov)
• #​3543 pass valid value to codecov config (@​is2ei)

Dependency 📦

2 PRs were merged

• #​3485 Update deps (@​IvanGoncharov)
• #​3533 Update deps (@​IvanGoncharov)

Committers: 7

• David Glasser(@​glasser)
• David Welch(@​dwelch2344)
• Ginhing(@​Ginhing)
• Horie Issei(@​is2ei)
• Ivan Goncharov(@​IvanGoncharov)
• Laurin Quast(@​n1ru4l)
• Saihajpreet Singh(@​saihaj)

v16.3.0

Compare Source

v16.3.0 (2022-01-26)

New Feature 🚀

• #​3454 feat: allow providing an object to the GraphQLError constructor (@​n1ru4l)
• #​3464 Expose getArgumentValues as public API (@​IvanGoncharov)

Bug Fix 🐞

• #​3442 Prevent Infinite Loop in OverlappingFieldsCanBeMergedRule (@​nicolaslt)
• #​3455 OverlappingFieldsCanBeMerged: sort argument values before comparing (@​IvanGoncharov)

Docs 📝

2 PRs were merged

• #​3269 feat: setup docs site (@​saihaj)
• #​3437 CONTRIBUTING.md: remove reference to Facebook bug bounty program (@​IvanGoncharov)

Polish 💅

7 PRs were merged

• #​3441 UniqueArgumentDefinitionNamesRule: Improve tests (@​Cito)
• #​3446 Use 'eslint-plugin-simple-import-sort' to sort imports (@​IvanGoncharov)
• #​3447 Fix index.ts files to be compatible with Typedoc (@​IvanGoncharov)
• #​3452 validation-test.ts: various grammar fixes (@​spawnia)
• #​3457 OverlappingFieldsCanBeMergedRule: simplify argument comparison (@​IvanGoncharov)
• #​3459 blockString-tests: remove duplicate test, fix grammar (@​Cito)
• #​3461 visit: simplify handling of root node (@​IvanGoncharov)

Internal 🏠

5 PRs were merged

• #​3433 gh/actions: refactor out action to deploy branches (@​IvanGoncharov)
• #​3434 gh/actions: remove 'npm dedupe' check since it unexpectadly do update (@​IvanGoncharov)
• #​3435 gh/actions: run benchmark & diff-npm-package only on PRs (@​IvanGoncharov)
• #​3436 gh/actions: make all cloned repo read-only (@​IvanGoncharov)
• #​3443 ci/checkPackageLock: update only package-lock.json (@​IvanGoncharov)

Dependency 📦

4 PRs were merged

• #​3438 Update deps (@​IvanGoncharov)
• #​3444 Update deps (@​IvanGoncharov)
• #​3462 Update deps (@​IvanGoncharov)
• #​3463 Update deps + fix 'npm audit' (@​IvanGoncharov)

Committers: 6

• Benedikt Franke(@​spawnia)
• Christoph Zwerschke(@​Cito)
• Ivan Goncharov(@​IvanGoncharov)
• Laurin Quast(@​n1ru4l)
• Nicolas Lagoutte(@​nicolaslt)
• Saihajpreet Singh(@​saihaj)

v16.2.0

Compare Source

v16.2.0 (2021-12-17)

New Feature 🚀

• #​3426 type/definition: export resolve*Thunk functions (@​IvanGoncharov)

Docs 📝

• #​3422 Minor grammar fixes in collectFields documentation (@​Cito)

Polish 💅

• #​3423 assertName-test: test new instead of deprecated function (@​Cito)

Internal 🏠

2 PRs were merged

• #​3420 resources/utils: extract 'writeGeneratedFile' to utils (@​IvanGoncharov)
• #​3427 gh/actions: run benchmark and NPM diff on correct base commits (@​IvanGoncharov)

Committers: 2

• Christoph Zwerschke(@​Cito)
• Ivan Goncharov(@​IvanGoncharov)

v16.1.0

Compare Source

v16.1.0 (2021-12-07)

New Feature 🚀

• #​3355 Export GRAPHQL_MAX_INT and GRAPHQL_MIN_INT (@​tofran)
• #​3384 Preserve non-error values thrown from resolvers (@​IvanGoncharov)

Bug Fix 🐞

• #​3375 printSchema: handle descriptions that are non-printable as block strings (@​IvanGoncharov)

Docs 📝

• #​3393 Update doc examples to reflect the current API (@​paulserraino)

Polish 💅

9 PRs were merged

• #​3365 Add devAssert about removal of positional arguments (@​IvanGoncharov)
• #​3376 execute: fix spec section names in comments (@​twof)
• #​3377 lexer-tests: Use tildas as invalid characters (@​twof)
• #​3391 Enable '@​typescript-eslint/switch-exhaustiveness-check' rule (@​IvanGoncharov)
• #​3392 Remove $FlowFixMe comments (@​IvanGoncharov)
• #​3396 typeFromAST: use exhaustive switch and remove invariant (@​IvanGoncharov)
• #​3400 expectJSON: improve readability (@​IvanGoncharov)
• #​3401 tests: Improve formating of strings with 'dedent' tag (@​IvanGoncharov)
• #​3406 Simplify code by replacing Object.entries with Object.keys (@​IvanGoncharov)

Internal 🏠

9 PRs were merged

• #​3386 Add support for Node17 (@​IvanGoncharov)
• #​3388 Drop "eslint-plugin-istanbul" and implement as internal ESLint rule (@​IvanGoncharov)
• #​3398 Switch coverage from nyc to c8 (@​IvanGoncharov)
• #​3403 ci: add check that 'package-lock.json' doesn't have conflicts (@​IvanGoncharov)
• #​3404 github/workflows: simplify npm cache setup (@​IvanGoncharov)
• #​3405 Use for '--ignore-scripts' for all npm ci & npm install (@​IvanGoncharov)
• #​3407 ci: add check for unnecessary duplicates in package-lock.json (@​IvanGoncharov)
• #​3416 fix c8 ignore decorator typos (@​yaacovCR)
• #​3417 package.json: Specify NPM release tag explicitly (@​IvanGoncharov)

Dependency 📦

4 PRs were merged

• #​3387 Update package-lock.json (@​IvanGoncharov)
• #​3389 package.json: Drop unused '@​babel/eslint-parser' (@​IvanGoncharov)
• #​3390 Update deps (@​IvanGoncharov)
• #​3399 Update deps (@​IvanGoncharov)

Committers: 5

• Alex Reilly(@​twof)
• Francisco Marques(@​tofran)
• Ivan Goncharov(@​IvanGoncharov)
• Paul Serraino(@​paulserraino)
• Yaacov Rydzinski (@​yaacovCR)

v16.0.1

Compare Source

v16.0.1 (2021-11-01)

Bug Fix 🐞

• #​3354 Lexer: fix line & column for multiline BLOCK_STRING tokens (@​IvanGoncharov)

Polish 💅

• #​3348 GraphQLError-test: text how extensions is inherited from originalError (@​IvanGoncharov)

Internal 🏠

• #​3347 checkgit.sh: Added a check for local modifications (@​IvanGoncharov)

Committers: 1

• Ivan Goncharov(@​IvanGoncharov)

v16.0.0

Compare Source

v16.0.0 (2021-10-28)

Breaking Change 💥

• #​2896 Remove deprecated rule aliases (@​IvanGoncharov)
• #​2897 Remove 'findDeprecatedUsages' that was previously deprecated (@​IvanGoncharov)
• #​2898 Remove 'GraphQLSchema::isPossibleType' that was previously deprecated (@​IvanGoncharov)
• #​2900 Drop support for long deprecated comments as descriptions (@​IvanGoncharov)
• #​2902 Remove deprecated {GraphQLEnumValue, GraphQLField}::isDeprecated (@​IvanGoncharov)
• #​2903 Removed parser support for legacy syntax (@​IvanGoncharov)
• #​2904 Remove support for positional args in graphql/execute/subscribe func (@​IvanGoncharov)
• #​2905 resolveType: remove support for returning GraphQLObjectType (@​IvanGoncharov)
• #​2906 Convert GraphQLList and GraphQLNonNull into proper classes (@​IvanGoncharov)
• #​2907 Remove 'find' polyfill (@​IvanGoncharov)
• #​2911 Remove 'isFinite' & 'isInteger' polyfills (@​IvanGoncharov)
• #​2912 Drop 'Array.from' polyfill (@​IvanGoncharov)
• #​2913 Remove polyfills for Symbol (@​IvanGoncharov)
• #​2914 Remove Node's custom inspect function (@​IvanGoncharov)
• #​2915 Drop support for TS before 3.7 (@​IvanGoncharov)
• #​2916 refactor: replace default exports with named exports (@​IvanGoncharov)
• #​2917 Drop support for non-iteratable ArrayLike objects (@​IvanGoncharov)
• #​2918 Drop support for older browsers (@​IvanGoncharov)
• #​2919 Remove polyfills for 'Object.values' & 'Object.entries' (@​IvanGoncharov)
• #​2920 Deprecate fragments with variables and reflect that in naming (@​IvanGoncharov)
• #​2921 Deprecate 'getFieldDefFn' arg of 'TypeInfo' and move it last (@​IvanGoncharov)
• #​2923 Drop support for Node10 (@​IvanGoncharov)
• #​2930 visitor: remove visitorKeys argument (@​IvanGoncharov)
• #​2931 visit: remove template arguments for possible nodes (@​IvanGoncharov)
• #​2951 Forbid null & undefined as return value of 'interfaces' thunk (@​IvanGoncharov)
• #​2952 Restrict Thunks to support only ObjMap and Array (@​IvanGoncharov)
• #​2955 feat: convert Thunk to ThunkArray and ThunkObjMap (@​saihaj)
• #​2957 visitor: remove 4th form of visitor (@​IvanGoncharov)
• #​2997 print/printSchema: remove trailing new line (@​IvanGoncharov)
• #​3003 TS: use unknown (TS) for mixed (flow) (@​saihaj)
• #​3006 ts: Switch extension values to unknown to match Flow types (@​IvanGoncharov)
• #​3027 subscribe: drop mapping of AsyncIterable errors (@​IvanGoncharov)
• #​3031 Drop experimental online parser (@​IvanGoncharov)
• #​3032 Use specifiedBy instead of specifiedByUrl (@​Code-Hex)
• #​3055 Drop Node v15 (@​IvanGoncharov)
• #​3110 Switch entire codebase to TypeScript (@​IvanGoncharov)
• #​3114 Drop support for TS 3.7 (@​IvanGoncharov)
• #​3131 TS: Drop template argument from GraphQLFormattedError (@​IvanGoncharov)
• #​3132 Synchronise *.d.ts with sources converted to TS (@​IvanGoncharov)
• #​3182 Switch schema types to use ReadonlyArrays (@​IvanGoncharov)
• #​3228 Add type params to GraphQLScalar (@​IvanGoncharov)
• #​3231 execute: Forbid to return null from serialize function (@​IvanGoncharov)
• #​3239 execute: Forbid to return null from serialize function (@​IvanGoncharov)
• #​3250 Bring visitorKeys back (@​ardatan)
• #​3261 Error.toStringTag change return string from 'Object' to 'GraphQLError' (@​IvanGoncharov)
• #​3270 visitor: speed up visitInParallel by dropping support for unknown nodes (@​IvanGoncharov)
• #​3271 isNode: check exact value of node's kind (@​IvanGoncharov)
• #​3283 validation: restrict maximum number of errors to 100 by default (@​IvanGoncharov)
• #​3288 Move validation of names into GraphQL* constructors (@​IvanGoncharov)
• #​3311 GraphQLError: use enumerable properties (@​IvanGoncharov)
• #​3317 Convert const "enum-like" maps to TS enums (@​IvanGoncharov)
• #​3319 Add message that we only support TS >= 4.1.0 (@​IvanGoncharov)
• #​3326 GraphQLError: enumerate only spec prescribed properties (@​IvanGoncharov)
• #​3328 GraphQLField: relax default value of TArgs to any (@​IvanGoncharov)

Deprecation ⚠

• #​3252 Deprecate 'printError' function (@​IvanGoncharov)
• #​3292 Deprecate 'graphql/subscriptions' and move code to 'execution' (@​yaacovCR)
• #​3318 Deprecate 'ASTKindToNode' (@​IvanGoncharov)

New Feature 🚀

• #​2932 print: remove indentation inside of block strings (@​IvanGoncharov)
• #​2996 extensionASTNodes: always populate with empty array (@​IvanGoncharov)
• #​3059 Refine parse and AST to represent ConstValue (@​leebyron)
• #​3063 Refine getNamedType() for Input and Output types (@​leebyron)
• #​3117 RFC: Support full Unicode in lexer (@​leebyron)
• #​3170 Add 'Symbol.toStringTag' into every publicly exported class (@​IvanGoncharov)
• #​3208 Add 'UniqueArgumentDefinitionNamesRule' validation rule (@​IvanGoncharov)
• #​3242 parser: add specialized error for extension with descriptions (@​IvanGoncharov)
• #​3255 Add TResult to GraphQLFieldResolver signature (@​tgriesser)
• #​3259 Deprecate 'formatError' and added 'GraphQLError.toJSON' instead (@​IvanGoncharov)
• #​3272 collectFields/collectSubfields cleanup prototype (@​IvanGoncharov)
• #​3279 Make 'extensions' non-optional in schema types (@​IvanGoncharov)
• #​3305 Added 'GraphQLSchema.getRootType' and deprecate getOperationRootType (@​IvanGoncharov)
• #​3306 Deprecate SubscriptionArgs and broaden ExecutionArgs (@​yaacovCR)
• #​3312 language: change OperationTypeNode to enum (@​lekoaf)
• #​3313 GraphQLError: keep extensions always present (@​IvanGoncharov)
• #​3315 Change type of error extensions from anonymous Record to named interfaces (@​IvanGoncharov)

Bug Fix 🐞

• #​2852 introspectionFromSchema: enable 'specifiedByUrl' by default (@​IvanGoncharov)
• #​2855 introspection: Add missing support for deprecated input values (@​IvanGoncharov)
• #​2859 separateOperations: distinguish query and fragment names (@​IvanGoncharov)
• #​2861 RFC: Assert subscription field is not introspection. (@​benjie)
• #​2876 Replace 'localeCompare' with function independent from locale (@​IvanGoncharov)
• #​2959 ASTVisitor: use type intersection instead of type union (@​IvanGoncharov)
• #​2987 Synchronise TS typings for graphql.js/execute.js/subscribe.js (@​IvanGoncharov)
• #​2991 fix: update introspection types (@​saihaj)
• #​3001 fix: discrepancies between Flow and TS types (@​saihaj)
• #​3009 TS: use proper type for async generator (@​saihaj)
• #​3129 definition.d.ts: correct types (@​IvanGoncharov)
• #​3172 Avoid relying on constructor.name for instanceOf error check. (@​IvanGoncharov)
• #​3178 Export TypeKind as value (@​janicduplessis)
• #​3223 Disallow "true", "false", and "null" as enum values (@​Yogu)
• #​3248 Parser: allow classes that extend Parser to access the instance attributes (@​n1ru4l)
• #​3257 fix: Preserve deprecationReason on GraphQLInputFields (@​trevor-scheer)
• #​3273 type/introspection: add missing __Directive.args(includeDeprecated:) (@​IvanGoncharov)
• #​3278 lexer: fix expression to decode surrogate pairs (@​Cito)
• #​3308 execute: Correctly report missing root type error (@​IvanGoncharov)
• #​3316 Export OperationTypeNode as value (@​yaacovCR)
• #​3325 GraphQLError: fix empty locations if error got nodes without locations (@​IvanGoncharov)
• #​3339 Fix TS error caused by importing internal files directly (@​IvanGoncharov)
• #​3344 version: force proper typing on version literals (@​IvanGoncharov)

Docs 📝

5 PRs were merged

• #​2849 README: add instructions on using experimental features (@​robrichard)
• #​3121 *.d.ts: Switch comments to comment to TSDoc (@​IvanGoncharov)
• #​3146 build: add eslint-plugin-tsdoc (@​saihaj)
• #​3240 docs(buildASTSchema): add Subscription to list of root types (@​IvanGoncharov)
• #​3285 Improve documentation of validation rules (@​IvanGoncharov)

Polish 💅

119 PRs were merged

• #​2847 Add tests for supporting Iterable collections across the lib (@​IvanGoncharov)
• #​2851 tests: update 'getIntrospectionQuery' tests to use custom matchers (@​IvanGoncharov)
• #​2858 separateOperations-test: refactor tests to look like snapshots (@​IvanGoncharov)
• #​2868 Extract types for normalized configs into named types (@​IvanGoncharov)
• #​2878 fix: type annotation cannot appear on a constructor declaration (@​saihaj)
• #​2879 fix: no need to mark param optional if default value is given (@​saihaj)
• #​2889 Simplify isAsyncIterable (@​IvanGoncharov)
• #​2928 refactor: use regexp-exec (@​saihaj)
• #​2933 printer: remove 'addDescription' wrapper (@​IvanGoncharov)
• #​2934 printer: use wrap util function in more places (@​IvanGoncharov)
• #​2935 VariablesAreInputTypesRule: remove incorrect return type (@​IvanGoncharov)
• #​2936 schema-test: use chai's keys instead of undocumented key (@​IvanGoncharov)
• #​2937 validateSchema: inline 'getAllNodes' function (@​IvanGoncharov)
• #​2938 inspect: improve typings for toJSON call (@​IvanGoncharov)
• #​2947 valueFromAST-test: correct typings (@​IvanGoncharov)
• #​2948 scalars-test: improve typings of function calls (@​IvanGoncharov)
• #​2953 type-validate: inline getAllNodes function (@​IvanGoncharov)
• #​2956 buildClientSchema-test: correctly wrap test case (@​IvanGoncharov)
• #​2963 printer: simplify printing of query short form (@​IvanGoncharov)
• #​2964 Simplified memoize3 and improve type checking (@​IvanGoncharov)
• #​2965 parser: improve type checking of 'parseTypeReference' function (@​IvanGoncharov)
• #​2966 blockString-fuzz: improve lexValue typing (@​IvanGoncharov)
• #​2967 flow: improve typings of exported definitions (@​IvanGoncharov)
• #​2977 dedent-test: change test data to pass spell check (@​IvanGoncharov)
• #​2981 printSourceLocation: simplifying by using padStart (@​IvanGoncharov)
• #​2984 refactor(language/ast.d.ts): use Kind enum type (@​jjangga0214)
• #​2988 Replace 'Array.reduce' with 'for of' (@​IvanGoncharov)
• #​2989 Switch indexOf to includes whenever possible (@​IvanGoncharov)
• #​2990 Switch instanceOf to be named export (@​IvanGoncharov)
• #​2992 flow: Improve typings for exported definitions (@​IvanGoncharov)
• #​2995 introspection-test: fix test to correctly check for exceptions (@​IvanGoncharov)
• #​2998 Simplify testing AST nodes in buildSchema/extendedSchema tests (@​IvanGoncharov)
• #​2999 tests: replace 'invariant' with 'expect' assertion whenever possible (@​IvanGoncharov)
• #​3002 feat: add types for internal Parser class (@​saihaj)
• #​3004 GraphQLGrammarType: no need to code in d.ts can just export type (@​saihaj)
• #​3005 ts: switch to use ObjMap utility type (@​saihaj)
• #​3008 ESLint: enable 'func-names' (@​IvanGoncharov)
• #​3010 testUtils: refactor out dedentString from dedent (@​saihaj)
• #​3011 mapAsyncIterator: add default value for 'rejectCallback' (@​IvanGoncharov)
• #​3012 mapAsyncIterator: allow 'rejectCallback' to only be synchronous (@​IvanGoncharov)
• #​3013 mapAsyncIterator: simplify mapResult (@​IvanGoncharov)
• #​3014 mapAsyncIterator: simplify abruptClose (@​IvanGoncharov)
• #​3015 printer-test: switch to dedentString (@​IvanGoncharov)
• #​3016 printer-test: do more check on kitchen sink tests (@​IvanGoncharov)
• #​3022 memoize3: remove unnecessary mixed type (@​IvanGoncharov)
• #​3023

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.