fix(api-node): update dependency graphql-upload to v17

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
graphql-upload	13.0.0 -> 17.0.0

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

jaydenseric/graphql-upload (graphql-upload)

v17.0.0

Compare Source

Major

• Updated Node.js support to ^18.18.0 || ^20.9.0 || >=22.0.0.

• Updated dev dependencies, some of which require newer Node.js versions than previously supported.

• Use the TypeScript v5.5+ JSDoc tag @import to import types in modules.

• Removed JSDoc tag @typedef that were unintentionally re-exporting types; to migrate import TypeScript types from the correct module:

  - import type { GraphQLUpload } from "graphql-upload/Upload.mjs";
  + import type GraphQLUpload from "graphql-upload/GraphQLUpload.mjs";

  - import type { processRequest } from "graphql-upload/Upload.mjs";
  + import type processRequest from "graphql-upload/processRequest.mjs";

  - import type { GraphQLUpload } from "graphql-upload/processRequest.mjs";
  + import type GraphQLUpload from "graphql-upload/GraphQLUpload.mjs";

• Refactored tests to use the standard AbortController, fetch, File, and FormData APIs available in modern Node.js and removed the dev dependencies node-abort-controller and node-fetch.

• Replaced the test utility function streamToString with the function text from node:stream/consumers that’s available in modern Node.js.

• Use the Node.js test runner API and remove the dev dependency test-director.

Minor

• Support Express v5 by updating the optional peer dependency @types/express to 4.0.29 - 5 and the dev dependency express to v5, via #​389.

Patch

• Tweaked the package description.
• Updated the package.json field repository to conform to new npm requirements.
• Updated the package scripts:
  • Reordered the scripts.
  • Replaced npm run with node --run.
• Updated GitHub Actions CI config:
  • No longer run the workflow on pull request.
  • Enable manual workflow dispatching.
  • Run checks in seperate jobs.
  • Removed custom step names.
  • Replaced npm run with node --run.
  • Updated the tested Node.js versions to v18, v20, v22.
  • Updated actions/checkout to v4.
  • Updated actions/setup-node to v4.
• Migrated to the ESLint v9 CLI and “flat” config.
• Integrated a new dev dependency eslint-plugin-jsdoc and revised types.
• Removed the Node.js CLI option --unhandled-rejections=throw in the package script tests as it’s now the default for all supported Node.js versions.
• Avoid hardcoding a default value in the type FileUploadCreateReadStreamOptions property highWaterMark description and use the function getDefaultHighWaterMark from node:stream in tests.
• Replaced the test helper class Deferred with polyfilled Promise.withResolvers.
• Removed an unnecessary await in tests.
• Omit unused catch bindings in the function processRequest.
• Corrected the JSDoc type FileUploadCreateReadStreamOptions in the module processRequest.mjs.
• Avoid using return in the middleware.
• Added a new dev dependency async-listen to replace the test utility function listen.
• Enabled the TypeScript compiler options noUnusedLocals and noUnusedParameters and used the prefix _ for purposefully unused function parameters in tests.
• Updated the GitHub Markdown syntax for alerts in the readme.
• Tweaked wording in the readme and JSDoc descriptions.

v16.0.2

Compare Source

Patch

• Updated dev dependencies.
• Use the node: URL scheme for Node.js builtin module imports.
• Improved JSDoc in the module GraphQLUpload.mjs.
• Revamped the readme:
  • Removed the badges.
  • More detailed installation instructions.
  • Added information about TypeScript config and optimal JavaScript module design.

v16.0.1

Compare Source

Patch

• Support non latin1 characters in file names by setting the busboy option defParamCharset to utf8, fixing #​328.
• Removed a redundant @ts-ignore comment.

v16.0.0

Compare Source

Major

• Updated the fs-capacitor dependency to v8, fixing #​318.

• The type FileUploadCreateReadStreamOptions from the processRequest.mjs module now uses types from fs-capacitor that are slightly more specific.

• The API is now ESM in .mjs files instead of CJS in .js files, accessible via import but not require. To migrate imports:

  - import GraphQLUpload from "graphql-upload/GraphQLUpload.js";
  + import GraphQLUpload from "graphql-upload/GraphQLUpload.mjs";

  - import graphqlUploadExpress from "graphql-upload/graphqlUploadExpress.js";
  + import graphqlUploadExpress from "graphql-upload/graphqlUploadExpress.mjs";

  - import graphqlUploadKoa from "graphql-upload/graphqlUploadKoa.js";
  + import graphqlUploadKoa from "graphql-upload/graphqlUploadKoa.mjs";

  - import processRequest from "graphql-upload/processRequest.js";
  + import processRequest from "graphql-upload/processRequest.mjs";

  - import Upload from "graphql-upload/Upload.js";
  + import Upload from "graphql-upload/Upload.mjs";

Patch

• Updated dev dependencies.
• Updated examples in JSDoc comments.
• Updated the changelog entry for v14.0.0 to show how to migrate imports.

v15.0.2

Compare Source

Patch

• Updated dev dependencies.
• Corrected the TypeScript type for the Koa context ctx parameter for the Koa middleware created by the function graphqlUploadKoa, from import("koa").Context to import("koa").ParameterizedContext.

v15.0.1

Compare Source

Patch

• Don’t import and link types from the middlware modules graphqlUploadExpress.js and graphqlUploadKoa.js within the module processRequest.js, fixing #​314.

v15.0.0

Compare Source

Major

• Updated the busboy dependency to v1, fixing #​311.
  • This important update addresses the vulnerability CVE-2022-24434 (GHSA-wm7h-9275-46v2).
  • Some error messages have changed.
  • Temporarily until mscdex/busboy#297 is fixed upstream, for the function processRequest and the middleware graphqlUploadExpress and graphqlUploadKoa the option maxFileSize is actually 1 byte less than the amount specified.

Patch

• Updated the typescript dev dependency.
• In the function processRequest use the on method instead of once to listen for error events on the busboy parser, as in edge cases the same parser could have multiple error events and all must be handled to prevent the Node.js process exiting with an error.
• Simplified error handling within the function processRequest.
• Added a test for the function processRequest with a maliciously malformed multipart request.

v14.0.0

Compare Source

Major

• Updated Node.js support to ^14.17.0 || ^16.0.0 || >= 18.0.0.

• Updated the graphql peer dependency to ^16.3.0.

• Updated the http-errors dependency to v2.

• Public modules are now individually listed in the package files and exports fields.

• Removed the package main index module; deep imports must be used. To migrate imports:

  - import { GraphQLUpload } from "graphql-upload";
  + import GraphQLUpload from "graphql-upload/GraphQLUpload.js";

  - import { graphqlUploadExpress } from "graphql-upload";
  + import graphqlUploadExpress from "graphql-upload/graphqlUploadExpress.js";

  - import { graphqlUploadKoa } from "graphql-upload";
  + import graphqlUploadKoa from "graphql-upload/graphqlUploadKoa.js";

  - import { processRequest } from "graphql-upload";
  + import processRequest from "graphql-upload/processRequest.js";

  - import { Upload } from "graphql-upload";
  + import Upload from "graphql-upload/Upload.js";

• Shortened public module deep import paths, removing the /public/. To migrate imports:

  - import GraphQLUpload from "graphql-upload/public/GraphQLUpload.js";
  + import GraphQLUpload from "graphql-upload/GraphQLUpload.js";

  - import graphqlUploadExpress from "graphql-upload/public/graphqlUploadExpress.js";
  + import graphqlUploadExpress from "graphql-upload/graphqlUploadExpress.js";

  - import graphqlUploadKoa from "graphql-upload/public/graphqlUploadKoa.js";
  + import graphqlUploadKoa from "graphql-upload/graphqlUploadKoa.js";

  - import processRequest from "graphql-upload/public/processRequest.js";
  + import processRequest from "graphql-upload/processRequest.js";

  - import Upload from "graphql-upload/public/Upload.js";
  + import Upload from "graphql-upload/Upload.js";

• Implemented TypeScript types via JSDoc comments, closing #​282.

• The GraphQLUpload scalar no longer uses deprecated GraphQLError constructor parameters.

Patch

• Updated dev dependencies.
• Simplified dev dependencies and config for ESLint.
• Check TypeScript types via a new package types script.
• Removed the jsdoc-md dev dependency and the related package scripts, replacing the readme “API” section with a manually written “Exports” section.
• Removed the hard-rejection dev dependency. Instead, tests are run with the Node.js CLI flag --unhandled-rejections=throw to make Node.js v14 behave like newer versions.
• Removed the formdata-node dev dependency. Instead, File and FormData are imported from node-fetch.
• Updated GitHub Actions CI config:
  • Run tests with Node.js v14, v16, v18.
  • Updated actions/checkout to v3.
  • Updated actions/setup-node to v3.
• Reorganized the test file structure.
• Use the .js file extension in require paths.
• Use the Node.js Readable property readableEncoding instead of _readableState.encoding in tests.
• Use substring instead of the deprecated string method substr in tests.
• Fixed a typo in a code comment.
• Updated documentation.
• Added a license.md MIT License file, closing #​86.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud