Data

Tools

Indexes

Applications

Experiments

Dependabot

An open index of dependabot pull requests across open source projects.

chore(deps-dev): bump graphql-request from 6.1.0 to 7.3.3

Open
Number: #493
Type: Pull Request
State: Open
Author: dependabot[bot] dependabot[bot]
Association: Unknown
Comments: 2
Created: November 11, 2025 at 03:04 AM UTC
(6 days ago)
Updated: November 11, 2025 at 03:04 AM UTC
(6 days ago)
Labels:
type: dependencies
Description:

Bumps graphql-request from 6.1.0 to 7.3.3.

Release notes

Sourced from graphql-request's releases.

graphql-request@7.3.3

Bug Fixes

  • Non-JSON Error Response Handling: Fixed regression in 7.3.2 where servers returning HTTP 4xx/5xx status codes with non-JSON response bodies (HTML, plain text) would throw an unhelpful error: "Invalid execution result: result is not object or array" (#1459, closes #1458)
    • Added safe JSON parsing fallback for responses without proper Content-Type headers
    • Returns descriptive error messages with response body preview for non-JSON responses
    • Handles common production scenarios: load balancer errors (502/503 HTML pages), CDN errors, WAF/firewall responses, misconfigured servers
    • Maintains backward compatibility for servers that omit Content-Type but return valid JSON
    • Added comprehensive test coverage for HTML, plain text, and missing Content-Type scenarios

What Changed

Version 7.3.2 introduced a bug where the ELSE branch in parseResultFromResponse would pass raw strings (HTML, plain text) to a parser expecting objects/arrays. This only surfaced when:

  1. Server returns 4xx/5xx status code
  2. Content-Type header is missing or non-JSON (e.g., text/html, text/plain)
  3. Response body is not valid JSON

This is now fixed with graceful error handling and clear error messages.

graphql-request@7.3.2

Bug Fixes

  • HTTP Error Handling: Fixed regression from v6 to v7 where HTTP 4xx/5xx responses would not include GraphQL errors from response body in ClientError (#1457, closes #1281)

    • Response body is now parsed before checking HTTP status
    • Users can access GraphQL errors via error.response.errors even with non-2xx status codes
    • Common use case: authentication errors (422), server errors (500)

  • graphql-codegen Compatibility: Added support for TypedDocumentString from @graphql-codegen when using documentMode: 'string' (#1456, closes #1453)

    • Handles boxed String objects created by TypedDocumentString class
    • Normalizes document input to prevent crashes when passing to GraphQL operations

graphql-request@7.3.1

Bug Fixes

  • Fixed broken example links on npmjs.com (#1332)
    • Updated package.json repository metadata to point to correct location: graffle-js/graffle
    • Updated homepage URL to include /tree/graphql-request path
    • Updated bugs URL to point to correct issues page
    • All example links on npm now correctly resolve to files in the graphql-request branch

Links

Commits
  • a9f94c1 chore: bump ver
  • 97d9822 Fix: handle non-JSON error responses gracefully (#1459)
  • cc99d03 chore: bump version to 7.3.2
  • 7a1ee76 fix: parse GraphQL errors from response body on HTTP 4xx/5xx status codes (#1...
  • 0f60a64 fix: support TypedDocumentString from graphql-codegen (#1456)
  • 8ef0842 fix(graphql-request): update repository URLs to point to graffle-js/graffle (...
  • a51de21 chore: bump version to 7.3.0
  • b3c500f feat(graphql-request): default types any and support common js (#1396)
  • 4df6036 chore: use absolute urls for examples in graphql-request branch (#1369)
  • 55c0dfc chore: bump
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Package Dependencies
Package:
graphql-request
Ecosystem:
npm
Version Change:
6.1.0 → 7.3.3
Update Type:
Major
Actions
View on GitHub View Repository All Dependabot PRs
Technical Details
ID: 10969087
UUID: 3610502716
Node ID: PR_kwDOG5lbN86yqcb8
Host: GitHub
Repository: OpenFunction/functions-framework-nodejs