.github/codeql/codeql-config.yml

@@ -0,0 +1,10 @@
+paths-ignore:
+  - '**/*.test.ts'
+  - '**/*.spec.ts'
+  - '**/__tests__/**'
+  - '**/tests/**'
+  - '**/test/**'
+  - '**/test-files/**'
+  - '**/dist/**'
+  - '**/node_modules/**'
+  - '**/scripts/**'

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,103 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: 'CodeQL Advanced'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+on:
+  push:
+    branches: ['master']
+  pull_request:
+    branches: ['master']
+  schedule:
+    - cron: '17 4 * * 0'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners (GitHub.com only)
+    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - language: javascript-typescript
+            build-mode: none
+        # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
+        # Use `c-cpp` to analyze code written in C, C++ or both
+        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      # Add any setup steps before running the `github/codeql-action/init` action.
+      # This includes steps like installing compilers or runtimes (`actions/setup-node`
+      # or others). This is typically only required for manual builds.
+      # - name: Setup runtime (example)
+      #   uses: actions/setup-example@v1
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          config-file: ./.github/codeql/codeql-config.yml
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+
+          # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+          # queries: security-extended,security-and-quality
+
+      # If the analyze step fails for one of the languages you are analyzing with
+      # "We were unable to automatically build your code", modify the matrix above
+      # to set the build mode to "manual" for that language. Then modify this step
+      # to build your code.
+      # ℹ️ Command-line programs to run using the OS shell.
+      # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+      - if: matrix.build-mode == 'manual'
+        shell: bash
+        run: |
+          echo 'If you are using a "manual" build mode for one or more of the' \
+            'languages you are analyzing, replace this with the commands to build' \
+            'your code, for example:'
+          echo '  make bootstrap'
+          echo '  make release'
+          exit 1
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: '/language:${{matrix.language}}'

.github/workflows/pr.yml

@@ -6,6 +6,7 @@ on:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
   dependencies:

.github/workflows/release.yml

@@ -6,6 +6,7 @@ on:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
   stable:

.github/workflows/website.yml

@@ -8,6 +8,7 @@ on:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
 jobs:
   deployment:

package.json

@@ -34,7 +34,7 @@
     "clean-dist": "rimraf \"packages/**/dist\" && rimraf \".bob\"",
     "lint": "cross-env \"ESLINT_USE_FLAT_CONFIG=false\" eslint --ext .ts .",
     "postbuild": "tsx scripts/postbuild.ts",
-    "postinstall": "patch-package",
+    "postinstall": "patch-package && husky install",
     "prerelease": "yarn build",
     "prettier": "prettier --cache --ignore-path .gitignore --ignore-path .prettierignore --write --list-different .",
     "prettier:check": "prettier --cache --ignore-path .gitignore --ignore-path .prettierignore --check .",
@@ -45,36 +45,40 @@
     "ts:check": "tsc --noEmit"
   },
   "devDependencies": {
-    "@babel/core": "7.26.9",
+    "@apollo/client": "3.13.4",
+    "@babel/core": "7.26.10",
     "@babel/plugin-proposal-class-properties": "7.18.6",
     "@babel/plugin-proposal-explicit-resource-management": "7.25.9",
     "@babel/preset-env": "7.26.9",
     "@babel/preset-typescript": "7.26.0",
     "@changesets/changelog-github": "0.5.1",
     "@changesets/cli": "2.28.1",
+    "@envelop/core": "5.2.3",
     "@theguild/prettier-config": "3.0.0",
     "@types/jest": "29.5.14",
-    "@types/node": "22.13.9",
-    "@typescript-eslint/eslint-plugin": "8.26.0",
-    "@typescript-eslint/parser": "8.26.0",
+    "@types/node": "22.13.10",
+    "@typescript-eslint/eslint-plugin": "8.26.1",
+    "@typescript-eslint/parser": "8.26.1",
+    "@urql/core": "5.1.1",
     "babel-jest": "29.7.0",
     "bob-the-bundler": "7.0.1",
-    "bun": "^1.1.43",
+    "bun": "1.2.5",
     "chalk": "5.4.1",
     "concurrently": "9.1.2",
     "cross-env": "7.0.3",
-    "eslint": "9.21.0",
-    "eslint-config-prettier": "10.0.2",
+    "eslint": "9.22.0",
+    "eslint-config-prettier": "10.1.1",
     "eslint-config-standard": "17.1.0",
     "eslint-plugin-import": "2.31.0",
-    "eslint-plugin-n": "17.16.1",
+    "eslint-plugin-n": "17.16.2",
     "eslint-plugin-promise": "7.2.1",
     "eslint-plugin-standard": "5.0.0",
     "globby": "11.1.0",
     "graphql": "16.10.0",
+    "graphql-yoga": "5.13.1",
     "husky": "9.1.7",
     "jest": "29.7.0",
-    "lint-staged": "15.4.3",
+    "lint-staged": "15.5.0",
     "patch-package": "8.0.0",
     "prettier": "3.5.3",
     "prettier-plugin-tailwindcss": "0.6.11",
@@ -83,10 +87,11 @@
     "typedoc": "0.25.13",
     "typedoc-plugin-markdown": "3.17.1",
     "typedoc-plugin-rename-defaults": "0.7.2",
-    "typescript": "5.8.2"
+    "typescript": "5.8.2",
+    "wonka": "6.3.5"
   },
   "resolutions": {
-    "esbuild": "0.25.0",
+    "esbuild": "0.25.1",
     "graphql": "16.10.0"
   },
   "lint-staged": {

packages/executor/CHANGELOG.md

@@ -1,5 +1,26 @@
 # @graphql-tools/executor
 
+## 1.4.5
+
+### Patch Changes
+
+- [#6977](https://github.com/ardatan/graphql-tools/pull/6977)
+  [`90a717e`](https://github.com/ardatan/graphql-tools/commit/90a717e35a7e4e51da4fe747cb73544f24698fb7)
+  Thanks [@ardatan](https://github.com/ardatan)! - In executor, do not use leaking
+  `registerAbortSignalListener`, and handle listeners inside the execution context
+- Updated dependencies
+  [[`90a717e`](https://github.com/ardatan/graphql-tools/commit/90a717e35a7e4e51da4fe747cb73544f24698fb7),
+  [`26518de`](https://github.com/ardatan/graphql-tools/commit/26518debfcb668e8feb5fb146271a13da92b778a)]:
+  - @graphql-tools/utils@10.8.5
+
+## 1.4.4
+
+### Patch Changes
+
+- [#7001](https://github.com/ardatan/graphql-tools/pull/7001)
+  [`746358f`](https://github.com/ardatan/graphql-tools/commit/746358f68e81c9a3cf1ccf4b1a599ae6eae404ca)
+  Thanks [@renovate](https://github.com/apps/renovate)! - Improve promise helpers usage
+
 ## 1.4.3
 
 ### Patch Changes

packages/executor/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@graphql-tools/executor",
-  "version": "1.4.3",
+  "version": "1.4.5",
   "type": "module",
   "repository": {
     "type": "git",
@@ -55,7 +55,7 @@
     "graphql": "^14.0.0 || ^15.0.0 || ^16.0.0 || ^17.0.0"
   },
   "dependencies": {
-    "@graphql-tools/utils": "^10.8.4",
+    "@graphql-tools/utils": "^10.8.5",
     "@graphql-typed-document-node/core": "^3.2.0",
     "@repeaterjs/repeater": "^3.0.4",
     "@whatwg-node/disposablestack": "^0.0.6",

packages/executor/src/execution/__tests__/abort-signal.test.ts

@@ -34,7 +34,7 @@ describe('Abort Signal', () => {
             subscribe() {
               return new Repeater(async (push, stop) => {
                 let i = 0;
-                stop.then(() => {
+                stop.finally(() => {
                   stopped = true;
                 });
 
@@ -150,7 +150,7 @@ describe('Abort Signal', () => {
             didInvokeFirstFn = true;
             return true;
           },
-          async second() {
+          second() {
             didInvokeSecondFn = true;
             controller.abort();
             return true;
@@ -162,18 +162,21 @@ describe('Abort Signal', () => {
         },
       },
     });
-    const result$ = normalizedExecutor({
-      schema,
-      document: parse(/* GraphQL */ `
-        mutation {
-          first
-          second
-          third
-        }
-      `),
-      signal: controller.signal,
-    });
-    expect(result$).rejects.toBeInstanceOf(DOMException);
+    await expect(
+      Promise.resolve().then(() =>
+        normalizedExecutor({
+          schema,
+          document: parse(/* GraphQL */ `
+            mutation {
+              first
+              second
+              third
+            }
+          `),
+          signal: controller.signal,
+        }),
+      ),
+    ).rejects.toBeInstanceOf(DOMException);
     expect(didInvokeFirstFn).toBe(true);
     expect(didInvokeSecondFn).toBe(true);
     expect(didInvokeThirdFn).toBe(false);

packages/executor/src/execution/__tests__/stream-test.ts

@@ -477,6 +477,11 @@ describe('Execute: stream directive', () => {
               },
             ],
           },
+        ],
+        hasNext: true,
+      },
+      {
+        incremental: [
           {
             items: [{ name: 'Leia', id: '3' }],
             path: ['friendList', 2],
@@ -576,8 +581,9 @@ describe('Execute: stream directive', () => {
             path: ['friendList', 2],
           },
         ],
-        hasNext: false,
+        hasNext: true,
       },
+      { hasNext: false },
     ]);
   });
 
@@ -645,10 +651,10 @@ describe('Execute: stream directive', () => {
               path: ['friendList', 2],
             },
           ],
-          hasNext: false,
+          hasNext: true,
         },
       },
-      { done: true, value: undefined },
+      { done: false, value: { hasNext: false } },
       { done: true, value: undefined },
     ]);
   });