Bump github.com/hasura/go-graphql-client from 0.13.1 to 0.14.3

[dependabot]

Bumps github.com/hasura/go-graphql-client from 0.13.1 to 0.14.3.

Release notes

Sourced from github.com/hasura/go-graphql-client's releases.

v0.14.3

What's Changed

Optimize the WebSocketStats by limiting the max size of the closed connection IDs queue, default to 100. You can adjust the limit by setting SetMaxClosedConnectionMetricCacheSize.

Full Changelog: hasura/go-graphql-client@v0.14.2...v0.14.3

v0.14.2

What's Changed

• Improve subscription logging by replacing a metadata map with a source string, enabling richer logging details. Metadata now includes session_id and connection_id where applicable.
• Introduced a WebSocketStats structure to track active and closed WebSocket connections, along with their unique IDs. Added methods to update and retrieve these statistics.

Full Changelog: hasura/go-graphql-client@v0.14.1...v0.14.2

v0.14.1

What's Changed

• feat: implement graceful shutdown for subscription client by @​rbroggi in hasura/go-graphql-client#171

New Contributors

• @​rbroggi made their first contribution in hasura/go-graphql-client#171

Full Changelog: hasura/go-graphql-client@v0.14.0...v0.14.1

v0.14.0

Highlights

Subscription enhancements

• The main runner will be a singleton. Get rid of the recursive loop to avoid goroutine leaks
• Enhance the error handling. Add 2 new timeout settings, WithConnectionInitialisationTimeout and WithWebsocketConnectionIdleTimeout, to handle errors when the server is unresponsive. Check out the docs for more details.
• Behavior changes: The state of subscription requests is retained until the Close method is called. Resubscribing to the subscription will initiate duplicate requests.

Support Retry for Query and Mutation

Introduced retry options for the GraphQL client, allowing customization for retries, backoff intervals, and error handling during GraphQL operations.

client := graphql.NewClient("/graphql", http.DefaultClient,
	// number of retries
	graphql.WithRetry(3),
	// base backoff interval. Optional, default 1 second.
	// Prioritize the Retry-After header if it exists in the response.
	graphql.WithRetryBaseDelay(time.Second),
	// exponential rate. Optional, default 2.0
	graphql.WithRetryExponentialRate(2),
	// retry on http statuses. Optional, default: 429, 502, 503, 504
	graphql.WithRetryHTTPStatus([]int{http.StatusServiceUnavailable}),
</tr></table> 

... (truncated)

Commits

• ac25fae enhance websocket stats (#176)
• 33d5b8a fix: subscription logging typo (#174)
• d5f6275 feat: improve subscription logging and metrics (#173)
• e19460f fix lint errors (#172)
• e838b20 feat: implement graceful shutdown for subscription client (#171)
• 4bb0498 feat: add more retry options (#169)
• f20a101 feat: add retry option to graphql client (#168)
• 3589de2 Indicate user agent should be descriptive (#167)
• 5970b87 fix: subscription goroutine leaks (#162)
• 3b34c44 feat: introduce BindResponseHeaders option (#163)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-advanced-security]

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

[github-actions]

😢 zizmor failed with exit code 14.

Expand for full output

error[dangerous-triggers]: use of fundamentally insecure workflow trigger
 --> ./.github/workflows/dependabot-reviewer.yml:3:1
  |
3 | on: pull_request_target
  | ^^^^^^^^^^^^^^^^^^^^^^^ pull_request_target is almost always used insecurely
  |
  = note: audit confidence → Medium

error[cache-poisoning]: runtime artifacts potentially vulnerable to a cache poisoning attack
  --> ./.github/workflows/release.yml:3:1
   |
 3 | / on:
 4 | |   push:
 5 | |     tags:
 6 | |       - 'v*.*.*' # Run workflow on version tags, e.g. v1.0.0.
   | |_____________________________________________________________^ generally used when publishing artifacts generated at runtime
 7 |
...
22 |         - name: Setup Go environment
23 |           uses: actions/setup-go@v5
   |           ^^^^^^^^^^^^^^^^^^^^^^^^^ cache enabled by default here
   |
   = note: audit confidence → Low

error[cache-poisoning]: runtime artifacts potentially vulnerable to a cache poisoning attack
  --> ./.github/workflows/release.yml:3:1
   |
 3 | / on:
 4 | |   push:
 5 | |     tags:
 6 | |       - 'v*.*.*' # Run workflow on version tags, e.g. v1.0.0.
   | |_____________________________________________________________^ generally used when publishing artifacts generated at runtime
 7 |
...
31 |         - name: Cache yarn cache
32 |           uses: actions/cache@v4
   |           ^^^^^^^^^^^^^^^^^^^^^^ cache enabled by default here
   |
   = note: audit confidence → Low

error[cache-poisoning]: runtime artifacts potentially vulnerable to a cache poisoning attack
  --> ./.github/workflows/release.yml:3:1
   |
 3 | / on:
 4 | |   push:
 5 | |     tags:
 6 | |       - 'v*.*.*' # Run workflow on version tags, e.g. v1.0.0.
   | |_____________________________________________________________^ generally used when publishing artifacts generated at runtime
 7 |
...
41 |           id: cache-node-modules
42 |           uses: actions/cache@v4
   |           ^^^^^^^^^^^^^^^^^^^^^^ cache enabled by default here
   |
   = note: audit confidence → Low

21 findings (12 ignored, 5 suppressed): 0 unknown, 0 informational, 0 low, 0 medium, 4 high