Skip to content

build(deps): bump the actions-deps group with 7 updates#8286

Closed
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/actions-deps-dffae5a6c0
Closed

build(deps): bump the actions-deps group with 7 updates#8286
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/npm_and_yarn/actions-deps-dffae5a6c0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the actions-deps group with 7 updates:

Package From To
@graphql-tools/delegate 12.0.18 12.0.19
@typescript-eslint/eslint-plugin 8.63.0 8.64.0
@typescript-eslint/parser 8.63.0 8.64.0
tsx 4.23.0 4.23.1
@graphql-tools/stitch 10.1.23 10.1.24
@graphql-tools/wrap 11.1.17 11.1.18
postcss 8.5.18 8.5.19

Updates @graphql-tools/delegate from 12.0.18 to 12.0.19

Changelog

Sourced from @​graphql-tools/delegate's changelog.

12.0.19

Patch Changes

  • #2351 0bbdbbc Thanks @​ardatan! - Fix @provides so the gateway only requests the provided fields the client actually selected, and stops delegating to the owner subgraph when @provides already covers the request.

    Previously, when a subgraph declared @provides(fields: "...") on a field, the gateway would still:

    1. Forward every field listed in @provides to that subgraph, even when the client never asked for them.
    2. After receiving the response, plan additional delegations to the owner subgraph for @provides-covered fields whenever the providing subgraph declared them as @external, even though the data was already returned.

    For example with:

    # subgraph B (provider)
    type Query {
      entity: Entity @provides(fields: "name description")
    }
    type Entity @​key(fields: "id") {
    id: ID!
    name: String! @​external
    description: String! @​external
    }

    a client query of { entity { id name } } would still cause the gateway to ask subgraph B for description and fetch name again from subgraph A (the owner of Entity).

    After this fix:

    • Only the @provides fields the client actually selected are forwarded to the providing subgraph (request side).
    • The delegation planner now recognises @provides declarations at every nested level (e.g. @provides(fields: "nested { nestedNested { name description } }")) and @provides declarations made via inline fragments on union/interface members (e.g. @provides(fields: "... on Book { title }")), so the gateway no longer round-trips to the owner subgraph for fields that the providing subgraph has already returned.
    • Fragment spreads in the client query are correctly handled when selecting nested @provides-covered fields. Previously, using a fragment spread (e.g. ...MyFrag) for nested @external fields could cause an unnecessary delegation to the owner because selection subtraction compared only the spread name with the explicit @provides fields. The planner now resolves fragment spreads before subtracting provided selections, while preserving the fragment type condition and directives when only part of a fragment remains.

    Aliases, direct field selections, fragments, fragment spreads, @include/@skip directives wrapping a @provides field, and nested @provides selections are preserved without unnecessary owner delegations.

Commits

Updates @typescript-eslint/eslint-plugin from 8.63.0 to 8.64.0

Release notes

Sourced from @​typescript-eslint/eslint-plugin's releases.

v8.64.0

8.64.0 (2026-07-13)

🚀 Features

  • support parsing import defer (#12513)
  • eslint-plugin: [no-loop-func] support using / await using declarations and deprecate the rule (#12500)
  • typescript-estree: throw for invalid definite assignment in class properties (#12543)

🩹 Fixes

  • eslint-plugin: [require-array-sort-compare] handle constrained arrays (#12512)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/eslint-plugin's changelog.

8.64.0 (2026-07-13)

🚀 Features

  • eslint-plugin: [no-loop-func] support using / await using declarations and deprecate the rule (#12500)
  • typescript-estree: throw for invalid definite assignment in class properties (#12543)

🩹 Fixes

  • eslint-plugin: [require-array-sort-compare] handle constrained arrays (#12512)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits
  • 414d9ab chore(release): publish 8.64.0
  • bcfe16f feat(eslint-plugin): [no-loop-func] support using / await using declarati...
  • 5b5bfde fix(eslint-plugin): [require-array-sort-compare] handle constrained arrays (#...
  • 321856c chore: cleanup cspell config (#12526)
  • b418cf5 feat(typescript-estree): throw for invalid definite assignment in class prope...
  • 737de2b docs: align unified-signatures correct example parameter (#12506)
  • a63c17a docs: fix shadowed parameter name in unified-signatures example (#12502)
  • See full diff in compare view

Updates @typescript-eslint/parser from 8.63.0 to 8.64.0

Release notes

Sourced from @​typescript-eslint/parser's releases.

v8.64.0

8.64.0 (2026-07-13)

🚀 Features

  • support parsing import defer (#12513)
  • eslint-plugin: [no-loop-func] support using / await using declarations and deprecate the rule (#12500)
  • typescript-estree: throw for invalid definite assignment in class properties (#12543)

🩹 Fixes

  • eslint-plugin: [require-array-sort-compare] handle constrained arrays (#12512)

❤️ Thank You

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Changelog

Sourced from @​typescript-eslint/parser's changelog.

8.64.0 (2026-07-13)

This was a version bump only for parser to align it with other projects, there were no code changes.

See GitHub Releases for more information.

You can read about our versioning strategy and releases on our website.

Commits

Updates tsx from 4.23.0 to 4.23.1

Release notes

Sourced from tsx's releases.

v4.23.1

4.23.1 (2026-07-13)

Bug Fixes

  • support tsImport after global preload (8d4ffc2)
  • watch: avoid clearing piped output (95d0672)
  • watch: treat script and dependency paths literally (79fddde)

Performance Improvements

  • index transform cache lazily (e818ad6)
  • load esbuild lazily in CLI (d067938)
  • map Node TypeScript formats directly (cdcc623)
  • use sync module hooks on Node v22.22.3+ (f8992f1)

This release is also available on:

Commits
  • 79fddde fix(watch): treat script and dependency paths literally
  • e818ad6 perf: index transform cache lazily
  • cdcc623 perf: map Node TypeScript formats directly
  • d067938 perf: load esbuild lazily in CLI
  • 95d0672 fix(watch): avoid clearing piped output
  • 6fd4607 docs: add per-page metadata
  • f4176d8 docs: generate sitemap
  • 8d4ffc2 fix: support tsImport after global preload
  • f0e89b2 docs: document Node's public type-stripping API vs internal loader path
  • f8992f1 perf: use sync module hooks on Node v22.22.3+
  • See full diff in compare view

Updates @graphql-tools/stitch from 10.1.23 to 10.1.24

Changelog

Sourced from @​graphql-tools/stitch's changelog.

10.1.24

Patch Changes

  • #2351 0bbdbbc Thanks @​ardatan! - Fix @provides so the gateway only requests the provided fields the client actually selected, and stops delegating to the owner subgraph when @provides already covers the request.

    Previously, when a subgraph declared @provides(fields: "...") on a field, the gateway would still:

    1. Forward every field listed in @provides to that subgraph, even when the client never asked for them.
    2. After receiving the response, plan additional delegations to the owner subgraph for @provides-covered fields whenever the providing subgraph declared them as @external, even though the data was already returned.

    For example with:

    # subgraph B (provider)
    type Query {
      entity: Entity @provides(fields: "name description")
    }
    type Entity @​key(fields: "id") {
    id: ID!
    name: String! @​external
    description: String! @​external
    }

    a client query of { entity { id name } } would still cause the gateway to ask subgraph B for description and fetch name again from subgraph A (the owner of Entity).

    After this fix:

    • Only the @provides fields the client actually selected are forwarded to the providing subgraph (request side).
    • The delegation planner now recognises @provides declarations at every nested level (e.g. @provides(fields: "nested { nestedNested { name description } }")) and @provides declarations made via inline fragments on union/interface members (e.g. @provides(fields: "... on Book { title }")), so the gateway no longer round-trips to the owner subgraph for fields that the providing subgraph has already returned.
    • Fragment spreads in the client query are correctly handled when selecting nested @provides-covered fields. Previously, using a fragment spread (e.g. ...MyFrag) for nested @external fields could cause an unnecessary delegation to the owner because selection subtraction compared only the spread name with the explicit @provides fields. The planner now resolves fragment spreads before subtracting provided selections, while preserving the fragment type condition and directives when only part of a fragment remains.

    Aliases, direct field selections, fragments, fragment spreads, @include/@skip directives wrapping a @provides field, and nested @provides selections are preserved without unnecessary owner delegations.

  • Updated dependencies [0bbdbbc]:

    • @​graphql-tools/delegate@​12.0.19
    • @​graphql-tools/batch-delegate@​10.0.26
    • @​graphql-tools/wrap@​11.1.18
Commits

Updates @graphql-tools/wrap from 11.1.17 to 11.1.18

Changelog

Sourced from @​graphql-tools/wrap's changelog.

11.1.18

Patch Changes

  • Updated dependencies [0bbdbbc]:
    • @​graphql-tools/delegate@​12.0.19
Commits

Updates postcss from 8.5.18 to 8.5.19

Release notes

Sourced from postcss's releases.

8.5.19

  • Fixed cleaning before for new nodes inserted to Root (by @​MahinAnowar).
Changelog

Sourced from postcss's changelog.

8.5.19

  • Fixed cleaning before for new nodes inserted to Root (by @​MahinAnowar).
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the actions-deps group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [@graphql-tools/delegate](https://github.com/graphql-hive/gateway/tree/HEAD/packages/delegate) | `12.0.18` | `12.0.19` |
| [@typescript-eslint/eslint-plugin](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/eslint-plugin) | `8.63.0` | `8.64.0` |
| [@typescript-eslint/parser](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/parser) | `8.63.0` | `8.64.0` |
| [tsx](https://github.com/privatenumber/tsx) | `4.23.0` | `4.23.1` |
| [@graphql-tools/stitch](https://github.com/graphql-hive/gateway/tree/HEAD/packages/stitch) | `10.1.23` | `10.1.24` |
| [@graphql-tools/wrap](https://github.com/graphql-hive/gateway/tree/HEAD/packages/wrap) | `11.1.17` | `11.1.18` |
| [postcss](https://github.com/postcss/postcss) | `8.5.18` | `8.5.19` |


Updates `@graphql-tools/delegate` from 12.0.18 to 12.0.19
- [Release notes](https://github.com/graphql-hive/gateway/releases)
- [Changelog](https://github.com/graphql-hive/gateway/blob/main/packages/delegate/CHANGELOG.md)
- [Commits](https://github.com/graphql-hive/gateway/commits/@graphql-tools/delegate@12.0.19/packages/delegate)

Updates `@typescript-eslint/eslint-plugin` from 8.63.0 to 8.64.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/eslint-plugin/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.64.0/packages/eslint-plugin)

Updates `@typescript-eslint/parser` from 8.63.0 to 8.64.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/parser/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.64.0/packages/parser)

Updates `tsx` from 4.23.0 to 4.23.1
- [Release notes](https://github.com/privatenumber/tsx/releases)
- [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs)
- [Commits](privatenumber/tsx@v4.23.0...v4.23.1)

Updates `@graphql-tools/stitch` from 10.1.23 to 10.1.24
- [Release notes](https://github.com/graphql-hive/gateway/releases)
- [Changelog](https://github.com/graphql-hive/gateway/blob/main/packages/stitch/CHANGELOG.md)
- [Commits](https://github.com/graphql-hive/gateway/commits/@graphql-tools/stitch@10.1.24/packages/stitch)

Updates `@graphql-tools/wrap` from 11.1.17 to 11.1.18
- [Release notes](https://github.com/graphql-hive/gateway/releases)
- [Changelog](https://github.com/graphql-hive/gateway/blob/main/packages/wrap/CHANGELOG.md)
- [Commits](https://github.com/graphql-hive/gateway/commits/@graphql-tools/wrap@11.1.18/packages/wrap)

Updates `postcss` from 8.5.18 to 8.5.19
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.18...8.5.19)

---
updated-dependencies:
- dependency-name: "@graphql-tools/delegate"
  dependency-version: 12.0.19
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: "@typescript-eslint/eslint-plugin"
  dependency-version: 8.64.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: actions-deps
- dependency-name: "@typescript-eslint/parser"
  dependency-version: 8.64.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: actions-deps
- dependency-name: tsx
  dependency-version: 4.23.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: "@graphql-tools/stitch"
  dependency-version: 10.1.24
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: "@graphql-tools/wrap"
  dependency-version: 11.1.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: postcss
  dependency-version: 8.5.19
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: actions-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 13, 2026
@changeset-bot

changeset-bot Bot commented Jul 13, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: 404c339

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions

Copy link
Copy Markdown
Contributor

🚀 Snapshot Release (alpha)

The latest changes of this PR are available as alpha on npm (based on the declared changesets):

Package Version Info
@graphql-tools/executor 1.5.6-alpha-20260713213132-404c339ff66388db70e1aeef521139f920ec4a06 npm ↗︎ unpkg ↗︎
@ardatan/relay-compiler 13.0.2-alpha-20260713213132-404c339ff66388db70e1aeef521139f920ec4a06 npm ↗︎ unpkg ↗︎
@graphql-tools/relay-operation-optimizer 7.1.7-alpha-20260713213132-404c339ff66388db70e1aeef521139f920ec4a06 npm ↗︎ unpkg ↗︎

@github-actions

Copy link
Copy Markdown
Contributor

💻 Website Preview

The latest changes are available as preview in: https://pr-8286.graphql-tools-8ja.pages.dev

@dependabot @github

dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 13, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/actions-deps-dffae5a6c0 branch July 13, 2026 22:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants