Update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@apollo/server (source)	4.11.3 -> 4.12.2			dependencies	minor
@apollo/subgraph (source)	2.10.0 -> 2.12.0			dependencies	minor
@graphql-hive/cli (source)	0.49.1 -> 0.52.1			dependencies	minor
@graphql-hive/cli (source)	^0.49.0 -> ^0.52.0			devDependencies	minor
@graphql-hive/gateway (source)	1.13.5 -> 1.16.5			dependencies	minor
@graphql-mesh/hmac-upstream-signature (source)	1.2.26 -> 1.2.32			dependencies	patch
@graphql-mesh/plugin-jwt-auth (source)	1.5.2 -> 1.5.10			dependencies	patch
@theguild/federation-composition	^0.18.0 -> ^0.20.0			dependencies	minor
@types/ioredis-mock (source)	8.2.5 -> 8.2.6			dependencies	patch
@types/node (source)	22.14.0 -> 22.19.0			devDependencies	minor
@whatwg-node/fetch (source)	0.10.5 -> 0.10.12			dependencies	patch
@whatwg-node/server (source)	0.10.3 -> 0.10.15			dependencies	patch
ghcr.io/graphql-hive/gateway	1.13.5 -> 1.16.5				minor
grafana/grafana	10.4.17 -> 10.4.19				patch
graphql	16.10.0 -> 16.12.0			dependencies	minor
graphql	16.10.0 -> 16.12.0			devDependencies	minor
graphql	16.10.0 -> 16.12.0			resolutions	minor
graphql-yoga (source)	5.13.2 -> 5.16.2			dependencies	minor
jaegertracing/all-in-one	1.68.0 -> 1.74.0				minor
node	22.14.0-slim -> 22.21.1-slim			final	minor
tsx (source)	4.19.3 -> 4.20.6			devDependencies	minor
typescript (source)	5.8.3 -> 5.9.3			devDependencies	minor

---

Release Notes

apollographql/apollo-server (@​apollo/server)

v4.12.2

Compare Source

(No change; there is a change to the @apollo/server-integration-testsuite used to test integrations, and the two packages always have matching versions.)

v4.12.1

Compare Source

Patch Changes

• #​8064 41f98d4 Thanks @​glasser! - Update README.md to recommend Express v5 integration now that Express v5 is released.

v4.12.0

Compare Source

Minor Changes

• #​8054 89e3f84 Thanks @​clenfest! - Adds a new graphql-js validation rule to reject operations that recursively request selections above a specified maximum, which is disabled by default. Use configuration option maxRecursiveSelections=true to enable with a maximum of 10,000,000, or maxRecursiveSelections=<number> for a custom maximum. Enabling this validation can help avoid performance issues with configured validation rules or plugins.

Patch Changes

• #​8031 2550d9f Thanks @​slagiewka! - Add return after sending 400 response in doubly escaped JSON parser middleware

apollographql/federation (@​apollo/subgraph)

v2.12.0

Compare Source

Minor Changes

• Federation 2.12 and Connect 0.3 (#​3276)

Patch Changes

• When a GraphQLScalarType resolver is provided to buildSubgraphSchema(), omitted configuration options in the GraphQLScalarType no longer cause the corresponding properties in the GraphQL document/AST to be cleared. To explicitly clear these properties, use null for the configuration option instead. (#​3287)

• Updated dependencies [3e2b0a8569a9fe46726182887ed0b4bfc0b52468, bb4614d338ae03bac51a5fc2439590f172c4e54d, 99f2da21de88f9ad9a32ee7ed64b2d4a92887b40, 468f27842608f4e390cfc88bc7e6b4b0945f95ff, 3fd5157b309f1d3439b2d87c67b0601fb246d04c, b734ea04d118db09cf6077fdd968c8f04a96327a, 4bda3a498eba36e187dfd9ae673eca12d3f3502c, e7e67579908d5cd2fa6fe558228dffe4808cd98d, faea2d1174d80593264f2227cfde9a2ba1a59b96, 97b9d2edfcfeed99124f9e115f992cbef3804682, f6af504f1ba8283fd00af0d6e3c9c1a665d62736, a595235d3cf8f67611efd8395332b64d067b5f1f]:

  • @​apollo/federation-internals@​2.12.0

v2.11.4

Compare Source

Patch Changes

• Updated dependencies [d221ac04c3ee00a3c7a671d9d56e2cfa36943b49, 7730c03e128be6754b9e40c086d5cb5c4685ac66, 4bda3a498eba36e187dfd9ae673eca12d3f3502c, 6adbf7e86927de969aedab665b6a3a8dbf3a6095, 2a20dc38dfc40e0b618d5cc826f18a19ddb91aff]:
  • @​apollo/federation-internals@​2.11.4

v2.11.3

Compare Source

Patch Changes

• When a GraphQLScalarType resolver is provided to buildSubgraphSchema(), omitted configuration options in the GraphQLScalarType no longer cause the corresponding properties in the GraphQL document/AST to be cleared. To explicitly clear these properties, use null for the configuration option instead. (#​3285) (#​3285)

• Updated dependencies [8c7a2cd655ad3060e9f5c3b106cfbdb59251701c]:

  • @​apollo/federation-internals@​2.11.3

v2.11.2

Compare Source

Patch Changes

• Revert change to @​composeDirective definition to specify nullable argument value. (#​3283)

  We cannot fix the definition as that would break customers using older versions of subgraph-js. Our validations are already verifying that the values are specified.

• Updated dependencies [28c08bef6e691aefc6ed07c0e7057f9cd803b317]:

  • @​apollo/federation-internals@​2.11.2

v2.11.1

Compare Source

Patch Changes

• Updated dependencies [7799ad1717becf15fb0e82f89619f2ec8a24b4d4, b26794c5724ef23d1f0fd45a40aee3d301557489]:
  • @​apollo/federation-internals@​2.11.1

v2.11.0

Compare Source

Minor Changes

• Adds connect spec v0.2, available for use with Apollo Router 2.3.0 or greater. (#​3262)

Patch Changes

• Updated dependencies [1462c91879d41884c0a7e60551d8dd0d67c832d3, 9614b26e5a17cbf1f6aaf08f6fcb1c95eb12592d]:
  • @​apollo/federation-internals@​2.11.0

v2.10.3

Compare Source

Patch Changes

• Updated dependencies [2b88aec38d5bacb6ec815d885fdac47ef415124a, 18a9cfaf533602bb37fdf22962539ce0eae948c8, 9c0aaa0874c98ae8ce0cc38cad7f6f25d2c29635, f94e7b35c43ed64c67ff25c7aeb86ec0dd73370a]:
  • @​apollo/federation-internals@​2.10.3

v2.10.2

Compare Source

Patch Changes

• Updated dependencies []:
  • @​apollo/federation-internals@​2.10.2

v2.10.1

Compare Source

Patch Changes

• Updated dependencies [97d81b79c3da10175bdf92c2209039efe352de79]:
  • @​apollo/federation-internals@​2.10.1

graphql-hive/platform (@​graphql-hive/cli)

v0.52.1

Compare Source

Patch Changes

• #​7193
  543de17
  Thanks @​adambenhassen! - schema:check --forceSafe now
  properly approves breaking schema changes in Hive (requires write permission registry token)

v0.52.0

Compare Source

Minor Changes

• #​7155
  caebbe0
  Thanks @​jdolle! - add schemaVersionByCommit; update docs and cli; fix
  webhook commit reference

v0.51.0

Compare Source

Minor Changes

• #​7100
  2cbdced
  Thanks @​XiNiHa! - add hive app:retire command for retiring an app
  deployment

v0.50.5

Compare Source

Patch Changes

• #​7046
  8c49615
  Thanks @​jdolle! - Add progress log to app:create

v0.50.4

Compare Source

Patch Changes

• #​6919
  49187c9
  Thanks @​jdolle! - fix fallback when hive.json is used but does not
  provide the requested value

v0.50.3

Compare Source

Patch Changes

• Updated dependencies
  [8d56b98]:
  • @​graphql-hive/core@​0.13.0

v0.50.2

Compare Source

Patch Changes

• #​6845
  114e7bc
  Thanks @​n1ru4l! - Update @theguild/federation-composition to
  0.19.0

  Increases federation composition compatibility.

  • Fix errors raised by @requires with union field selection set
  • Fix incorrectly raised IMPLEMENTED_BY_INACCESSIBLE error for inaccessible object fields where
    the object type is inaccessible.
  • Add support for @provides fragment selection sets on union type fields.
  • Fix issue where the satisfiability check raised an exception for fields that share different
    object type and interface definitions across subgraphs.
  • Fix issue where scalar type marked with @inaccessible does not fail the composition if all
    usages are not marked with @inaccessible.
  • Support composing executable directives from subgraphs into the supergraph

v0.50.1

Compare Source

Patch Changes

• Updated dependencies
  [bbd5643]:
  • @​graphql-hive/core@​0.12.0

v0.50.0

Compare Source

Minor Changes

• #​6658
  e6a970f
  Thanks @​n1ru4l! - Internal adjustments for using non-deprecated API
  fields.

• #​6626
  2056307
  Thanks @​jdolle! - Show dangerous changes as a separate list in
  schema:check

• #​6662
  2b220a5
  Thanks @​n1ru4l! - Support federation composition validation for
  IMPLEMENTED_BY_INACCESSIBLE.

• #​6675
  ed66171
  Thanks @​kamilkisiela! - Updates the
  @theguild/federation-composition to v0.18.1 that includes the following changes:

  • Support progressive overrides (@override(label: "<value>"))
  • Allow to use @composeDirective on a built-in scalar (like @oneOf)
  • Performance improvements (lazy compute of errors), especially noticeable in large schemas (2s ->
    600ms)
  • Ensure nested key fields are marked as @shareable
  • Stop collecting paths when a leaf field was reached (performance improvement)
  • Avoid infinite loop when entity field returns itself

Patch Changes

• #​6768
  5ee3a2e
  Thanks @​jdolle! - Correct error exit codes

• Updated dependencies
  [5130fc1]:

  • @​graphql-hive/core@​0.11.0

graphql-hive/gateway (@​graphql-hive/gateway)

v1.16.5

Compare Source

Patch Changes

• #​1428 5660dab Thanks @​enisdenjo! - Resolve to latest @​envelop/core that includes instrumentation changes

• Updated dependencies [5660dab]:

  • @​graphql-mesh/plugin-jwt-auth@​1.5.10
  • @​graphql-hive/gateway-runtime@​1.11.1
  • @​graphql-hive/plugin-aws-sigv4@​1.0.19
  • @​graphql-hive/plugin-deduplicate-request@​1.0.5
  • @​graphql-mesh/hmac-upstream-signature@​1.2.32

v1.16.4

Compare Source

Patch Changes

• #​1408 5aefad2 Thanks @​enisdenjo! - dependencies updates:

  • Updated dependency @graphql-mesh/cache-cfw-kv@^0.105.8 ↗︎ (from ^0.105.7, in dependencies)
  • Updated dependency @graphql-mesh/cache-localforage@^0.105.9 ↗︎ (from ^0.105.8, in dependencies)
  • Updated dependency @graphql-mesh/cache-redis@^0.104.8 ↗︎ (from ^0.104.7, in dependencies)
  • Updated dependency @graphql-mesh/cache-upstash-redis@^0.1.8 ↗︎ (from ^0.1.7, in dependencies)
  • Updated dependency @graphql-mesh/types@^0.104.8 ↗︎ (from ^0.104.7, in dependencies)
  • Updated dependency @graphql-mesh/utils@^0.104.8 ↗︎ (from ^0.104.7, in dependencies)

• #​1424 fe9b42f Thanks @​enisdenjo! - dependencies updates:

  • Updated dependency @graphql-mesh/utils@^0.104.11 ↗︎ (from ^0.104.8, in dependencies)

• Updated dependencies [5aefad2, 37113d1, fe9b42f, 5aefad2, fe9b42f, 5aefad2, fe9b42f, 5aefad2, fe9b42f, 5aefad2, fe9b42f, 5aefad2, fe9b42f, 5aefad2, fe9b42f, 5aefad2, 37113d1, fe9b42f, 5aefad2, fe9b42f, e5eb881, e5eb881]:

  • @​graphql-hive/gateway-runtime@​1.11.0
  • @​graphql-hive/plugin-deduplicate-request@​1.0.5
  • @​graphql-mesh/hmac-upstream-signature@​1.2.32
  • @​graphql-mesh/plugin-jwt-auth@​1.5.9
  • @​graphql-mesh/plugin-opentelemetry@​1.3.67
  • @​graphql-mesh/plugin-prometheus@​1.3.55
  • @​graphql-mesh/transport-http@​0.7.3
  • @​graphql-mesh/transport-http-callback@​0.7.3
  • @​graphql-mesh/transport-ws@​1.1.3
  • @​graphql-hive/plugin-aws-sigv4@​1.0.19

v1.16.3

Compare Source

Patch Changes

• #​1383 a832e7b Thanks @​dependabot! - dependencies updates:

  • Updated dependency @graphql-mesh/cache-cfw-kv@^0.105.7 ↗︎ (from ^0.105.5, in dependencies)
  • Updated dependency @graphql-mesh/cache-localforage@^0.105.8 ↗︎ (from ^0.105.6, in dependencies)
  • Updated dependency @graphql-mesh/cache-redis@^0.104.7 ↗︎ (from ^0.104.5, in dependencies)
  • Updated dependency @graphql-mesh/cache-upstash-redis@^0.1.7 ↗︎ (from ^0.1.5, in dependencies)
  • Updated dependency @graphql-mesh/plugin-http-cache@^0.105.8 ↗︎ (from ^0.105.6, in dependencies)
  • Updated dependency @graphql-mesh/plugin-jit@^0.2.7 ↗︎ (from ^0.2.5, in dependencies)
  • Updated dependency @graphql-mesh/plugin-mock@^0.105.8 ↗︎ (from ^0.105.6, in dependencies)
  • Updated dependency @graphql-mesh/plugin-rate-limit@^0.104.7 ↗︎ (from ^0.104.5, in dependencies)
  • Updated dependency @graphql-mesh/plugin-snapshot@^0.104.7 ↗︎ (from ^0.104.5, in dependencies)
  • Updated dependency @graphql-mesh/types@^0.104.7 ↗︎ (from ^0.104.5, in dependencies)
  • Updated dependency @graphql-mesh/utils@^0.104.7 ↗︎ (from ^0.104.5, in dependencies)

• Updated dependencies [a832e7b, bed67a6, a832e7b, a832e7b, a832e7b, a832e7b, a832e7b, a832e7b, a832e7b, a832e7b, 34294ea]:

  • @​graphql-hive/gateway-runtime@​1.10.3
  • @​graphql-hive/plugin-aws-sigv4@​1.0.18
  • @​graphql-hive/plugin-deduplicate-request@​1.0.4
  • @​graphql-mesh/hmac-upstream-signature@​1.2.31
  • @​graphql-mesh/plugin-jwt-auth@​1.5.8
  • @​graphql-mesh/plugin-opentelemetry@​1.3.66
  • @​graphql-mesh/plugin-prometheus@​1.3.54
  • @​graphql-mesh/transport-http@​0.7.2
  • @​graphql-mesh/transport-http-callback@​0.7.2
  • @​graphql-mesh/transport-ws@​1.1.2

v1.16.2

Compare Source

Patch Changes

• #​1358 8e37851 Thanks @​dependabot! - dependencies updates:

  • Updated dependency @graphql-tools/code-file-loader@^8.1.22 ↗︎ (from ^8.1.21, in dependencies)
  • Updated dependency @graphql-tools/graphql-file-loader@^8.0.22 ↗︎ (from ^8.0.21, in dependencies)
  • Updated dependency @graphql-tools/load@^8.1.2 ↗︎ (from ^8.1.1, in dependencies)
  • Updated dependency @graphql-tools/utils@^10.9.1 ↗︎ (from ^10.9.0, in dependencies)
  • Updated dependency dotenv@^17.2.1 ↗︎ (from ^17.2.0, in dependencies)

• #​1368 a6aeed2 Thanks @​ardatan! - Support Promise as a result of outgoing;

  So you can use credentials providers from @aws-sdk/credential-providers package.
  See more.

  import { fromNodeProviderChain } from '@​aws-sdk/credential-providers';
  import { defineConfig } from '@​graphql-hive/gateway';
  
  const config = defineConfig({
    plugins: [
      useAWSSigv4({
        outgoing: fromNodeProviderChain({
          // This provider accepts any input of fromEnv(), fromSSO(), fromTokenFile(),
          // fromIni(), fromProcess(), fromInstanceMetadata(), fromContainerMetadata()
          // that exist in the default credential chain.
  
          // Optional client overrides. This is passed to an inner credentials client
          // that may be STS, SSO, or other instantiated to resolve the credentials.
          // Region and profile are inherited from the upper client if present
          // unless overridden, so it should not be necessary to set those.
          //
          // Warning: setting a region here may override the region set in
          // the config file for the selected profile if profile-based
          // credentials are used.
          clientConfig: {},
        }),
      }),
    ],
  });

• Updated dependencies [8e37851, 38e5173, bfe2ac7, 8e37851, 8e37851, 8e37851, 8e37851, 8e37851, 8e37851, 8e37851, 6cedc05, a6aeed2]:

  • @​graphql-hive/gateway-runtime@​1.10.2
  • @​graphql-hive/plugin-aws-sigv4@​1.0.17
  • @​graphql-hive/plugin-deduplicate-request@​1.0.3
  • @​graphql-mesh/hmac-upstream-signature@​1.2.30
  • @​graphql-mesh/plugin-opentelemetry@​1.3.65
  • @​graphql-mesh/plugin-prometheus@​1.3.53
  • @​graphql-mesh/transport-http@​0.7.1
  • @​graphql-mesh/transport-http-callback@​0.7.1
  • @​graphql-mesh/transport-ws@​1.1.1

v1.16.1

Compare Source

Patch Changes

• Updated dependencies [352e89d]:
  • @​graphql-hive/gateway-runtime@​1.10.1
  • @​graphql-hive/plugin-aws-sigv4@​1.0.16
  • @​graphql-hive/plugin-deduplicate-request@​1.0.2
  • @​graphql-mesh/hmac-upstream-signature@​1.2.29
  • @​graphql-mesh/plugin-opentelemetry@​1.3.64
  • @​graphql-mesh/plugin-prometheus@​1.3.52

v1.16.0

Compare Source

Minor Changes

• #​1310 2fa0c8f Thanks @​EmrysMyrddin! - Added new withState plugin utility for easy data sharing between hooks.

v1.15.4

Compare Source

Patch Changes

• Updated dependencies []:
  • @​graphql-hive/gateway-runtime@​1.9.4
  • @​graphql-hive/plugin-aws-sigv4@​1.0.15
  • @​graphql-hive/plugin-deduplicate-request@​1.0.1
  • @​graphql-mesh/hmac-upstream-signature@​1.2.28
  • @​graphql-mesh/plugin-opentelemetry@​1.3.62
  • @​graphql-mesh/plugin-prometheus@​1.3.50

v1.15.3

Compare Source

Patch Changes

• Updated dependencies []:
  • @​graphql-hive/gateway-runtime@​1.9.3
  • @​graphql-hive/plugin-aws-sigv4@​1.0.14
  • @​graphql-hive/plugin-deduplicate-request@​1.0.1
  • @​graphql-mesh/hmac-upstream-signature@​1.2.28
  • @​graphql-mesh/plugin-opentelemetry@​1.3.61
  • @​graphql-mesh/plugin-prometheus@​1.3.49

v1.15.2

Compare Source

Patch Changes

• #​1245 29f537f Thanks @​enisdenjo! - dependencies updates:

  • Updated dependency @graphql-mesh/utils@^0.104.5 ↗︎ (from ^0.104.2, in dependencies)

• #​1258 3d24beb Thanks @​dependabot! - dependencies updates:

  • Updated dependency @graphql-mesh/cache-cfw-kv@^0.105.5 ↗︎ (from ^0.105.0, in dependencies)
  • Updated dependency @graphql-mesh/cache-localforage@^0.105.6 ↗︎ (from ^0.105.3, in dependencies)
  • Updated dependency @graphql-mesh/cache-redis@^0.104.5 ↗︎ (from ^0.104.0, in dependencies)
  • Updated dependency @graphql-mesh/cache-upstash-redis@^0.1.5 ↗︎ (from ^0.1.0, in dependencies)
  • Updated dependency @graphql-mesh/plugin-http-cache@^0.105.6 ↗︎ (from ^0.105.2, in dependencies)
  • Updated dependency @graphql-mesh/plugin-jit@^0.2.5 ↗︎ (from ^0.2.0, in dependencies)
  • Updated dependency @graphql-mesh/plugin-mock@^0.105.6 ↗︎ (from ^0.105.0, in dependencies)
  • Updated dependency @graphql-mesh/plugin-rate-limit@^0.104.5 ↗︎ (from ^0.104.0, in dependencies)
  • Updated dependency @graphql-mesh/plugin-snapshot@^0.104.5 ↗︎ (from ^0.104.0, in dependencies)
  • Updated dependency @graphql-mesh/types@^0.104.5 ↗︎ (from ^0.104.0, in dependencies)

• #​1245 29f537f Thanks @​enisdenjo! - Propagate headers even from cache

• Updated dependencies [931d576, 29f537f, 3d24beb, 931d576, 3dc8ab2, ed323fa, [29f537f](https://redirect.github.com/graphql-hive/gatewa

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.