chore(deps): bump graphql-request from 5.2.0 to 7.4.0

[dependabot]

Bumps graphql-request from 5.2.0 to 7.4.0.

Release notes

Sourced from graphql-request's releases.

graphql-request@7.3.4

Bug Fixes

• Fixed #1281: GraphQL errors and data are now accessible from 4xx/5xx HTTP responses
• Fixed #1461: ClientError is properly returned for non-2xx responses with malformed bodies
• Fixed #1462: ClientError is properly returned for non-2xx responses with unsupported content types

Changes

• Non-2xx HTTP responses now parse the response body first to extract GraphQL errors/data when available
• Non-2xx responses with valid GraphQL bodies return ClientError with errors and data accessible
• Non-2xx responses with invalid bodies still return ClientError (not generic Error) for backwards compatibility
• This release reverts PRs #1457 and #1459 which introduced regressions, then reapplies a minimal fix for #1281

Breaking Changes

None - this release maintains backwards compatibility while adding support for accessing GraphQL errors from 4xx/5xx responses.

graphql-request@7.3.3

Bug Fixes

• Non-JSON Error Response Handling: Fixed regression in 7.3.2 where servers returning HTTP 4xx/5xx status codes with non-JSON response bodies (HTML, plain text) would throw an unhelpful error: "Invalid execution result: result is not object or array" (#1459, closes #1458)
  • Added safe JSON parsing fallback for responses without proper Content-Type headers
  • Returns descriptive error messages with response body preview for non-JSON responses
  • Handles common production scenarios: load balancer errors (502/503 HTML pages), CDN errors, WAF/firewall responses, misconfigured servers
  • Maintains backward compatibility for servers that omit Content-Type but return valid JSON
  • Added comprehensive test coverage for HTML, plain text, and missing Content-Type scenarios

What Changed

Version 7.3.2 introduced a bug where the ELSE branch in parseResultFromResponse would pass raw strings (HTML, plain text) to a parser expecting objects/arrays. This only surfaced when:

1. Server returns 4xx/5xx status code
2. Content-Type header is missing or non-JSON (e.g., text/html, text/plain)
3. Response body is not valid JSON

This is now fixed with graceful error handling and clear error messages.

graphql-request@7.3.2

Bug Fixes

• HTTP Error Handling: Fixed regression from v6 to v7 where HTTP 4xx/5xx responses would not include GraphQL errors from response body in ClientError (#1457, closes #1281)

  • Response body is now parsed before checking HTTP status
  • Users can access GraphQL errors via error.response.errors even with non-2xx status codes
  • Common use case: authentication errors (422), server errors (500)

• graphql-codegen Compatibility: Added support for TypedDocumentString from @graphql-codegen when using documentMode: 'string' (#1456, closes #1453)

  • Handles boxed String objects created by TypedDocumentString class
  • Normalizes document input to prevent crashes when passing to GraphQL operations

graphql-request@7.3.1

... (truncated)

Commits

• 9b8714c 7.4.0
• 42eeab1 Include original response in client errors (#1476)
• 599c487 chore: bump version to 7.3.5
• dbac13d fix: add TypedDocumentString to accepted document types (#1468)
• 2b4cd54 chore: bump version to 7.3.4
• 657b126 Fix: parse GraphQL errors from 4xx/5xx responses (#1281) (#1465)
• 280e294 Revert PRs #1457 and #1459 - will reimplement properly (#1463)
• a9f94c1 chore: bump ver
• 97d9822 Fix: handle non-JSON error responses gracefully (#1459)
• cc99d03 chore: bump version to 7.3.2
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[changeset-bot]

⚠️ No Changeset found

Latest commit: 07ef7d1

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR