Skip to content

chore(deps-dev): bump graphql-request from 6.1.0 to 7.4.0#515

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/graphql-request-7.4.0
Open

chore(deps-dev): bump graphql-request from 6.1.0 to 7.4.0#515
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/graphql-request-7.4.0

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Jan 14, 2026
edited
Loading

Bumps graphql-request from 6.1.0 to 7.4.0.

Release notes

Sourced from graphql-request's releases.

graphql-request@7.3.4

Bug Fixes

  • Fixed #1281: GraphQL errors and data are now accessible from 4xx/5xx HTTP responses
  • Fixed #1461: ClientError is properly returned for non-2xx responses with malformed bodies
  • Fixed #1462: ClientError is properly returned for non-2xx responses with unsupported content types

Changes

  • Non-2xx HTTP responses now parse the response body first to extract GraphQL errors/data when available
  • Non-2xx responses with valid GraphQL bodies return ClientError with errors and data accessible
  • Non-2xx responses with invalid bodies still return ClientError (not generic Error) for backwards compatibility
  • This release reverts PRs #1457 and #1459 which introduced regressions, then reapplies a minimal fix for #1281

Breaking Changes

None - this release maintains backwards compatibility while adding support for accessing GraphQL errors from 4xx/5xx responses.

graphql-request@7.3.3

Bug Fixes

  • Non-JSON Error Response Handling: Fixed regression in 7.3.2 where servers returning HTTP 4xx/5xx status codes with non-JSON response bodies (HTML, plain text) would throw an unhelpful error: "Invalid execution result: result is not object or array" (#1459, closes #1458)
    • Added safe JSON parsing fallback for responses without proper Content-Type headers
    • Returns descriptive error messages with response body preview for non-JSON responses
    • Handles common production scenarios: load balancer errors (502/503 HTML pages), CDN errors, WAF/firewall responses, misconfigured servers
    • Maintains backward compatibility for servers that omit Content-Type but return valid JSON
    • Added comprehensive test coverage for HTML, plain text, and missing Content-Type scenarios

What Changed

Version 7.3.2 introduced a bug where the ELSE branch in parseResultFromResponse would pass raw strings (HTML, plain text) to a parser expecting objects/arrays. This only surfaced when:

  1. Server returns 4xx/5xx status code
  2. Content-Type header is missing or non-JSON (e.g., text/html, text/plain)
  3. Response body is not valid JSON

This is now fixed with graceful error handling and clear error messages.

graphql-request@7.3.2

Bug Fixes

  • HTTP Error Handling: Fixed regression from v6 to v7 where HTTP 4xx/5xx responses would not include GraphQL errors from response body in ClientError (#1457, closes #1281)

    • Response body is now parsed before checking HTTP status
    • Users can access GraphQL errors via error.response.errors even with non-2xx status codes
    • Common use case: authentication errors (422), server errors (500)

  • graphql-codegen Compatibility: Added support for TypedDocumentString from @graphql-codegen when using documentMode: 'string' (#1456, closes #1453)

    • Handles boxed String objects created by TypedDocumentString class
    • Normalizes document input to prevent crashes when passing to GraphQL operations

graphql-request@7.3.1

... (truncated)

Commits

Dependabot compatibility score

You can trigger a rebase of this PR by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

@dependabot
chore(deps-dev): bump graphql-request from 6.1.0 to 7.4.0
0037989 
Bumps [graphql-request](https://github.com/graffle-js/graffle) from 6.1.0 to 7.4.0.
- [Release notes](https://github.com/graffle-js/graffle/releases)
- [Commits](graffle-js/graffle@6.1.0...7.4.0)

---
updated-dependencies:
- dependency-name: graphql-request
  dependency-version: 7.4.0
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot mentioned this pull request Jan 14, 2026
Closed
@mergeable
Copy link

mergeable bot commented Jan 14, 2026

Thanks for creating a pull request! A maintainer will review your changes shortly. Please don't be discouraged if it takes a while.

@CLAassistant
Copy link

CLAassistant commented Jan 14, 2026

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@github-actions
Copy link

github-actions bot commented Feb 13, 2026

This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 7 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

@github-actions github-actions bot added stale Stale issues and removed stale Stale issues labels Feb 13, 2026
@github-actions
Copy link

github-actions bot commented Mar 18, 2026

This pull request has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in 7 days if no further activity occurs. Please feel free to give a status update now, ping for review, or re-open when it's ready. Thank you for your contributions!

@github-actions github-actions bot added the stale Stale issues label Mar 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

stale Stale issues type: dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@CLAassistant