Skip to content

build(deps): bump the actions-deps group across 1 directory with 5 updates#8292

Merged
ardatan merged 1 commit into
masterfrom
dependabot/npm_and_yarn/actions-deps-4b6f11a3a3
Jul 14, 2026
Merged

build(deps): bump the actions-deps group across 1 directory with 5 updates#8292
ardatan merged 1 commit into
masterfrom
dependabot/npm_and_yarn/actions-deps-4b6f11a3a3

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the actions-deps group with 4 updates in the / directory: @graphql-tools/delegate, tsx, @graphql-tools/stitch and postcss.

Updates @graphql-tools/delegate from 12.0.18 to 12.0.19

Changelog

Sourced from @​graphql-tools/delegate's changelog.

12.0.19

Patch Changes

  • #2351 0bbdbbc Thanks @​ardatan! - Fix @provides so the gateway only requests the provided fields the client actually selected, and stops delegating to the owner subgraph when @provides already covers the request.

    Previously, when a subgraph declared @provides(fields: "...") on a field, the gateway would still:

    1. Forward every field listed in @provides to that subgraph, even when the client never asked for them.
    2. After receiving the response, plan additional delegations to the owner subgraph for @provides-covered fields whenever the providing subgraph declared them as @external, even though the data was already returned.

    For example with:

    # subgraph B (provider)
    type Query {
      entity: Entity @provides(fields: "name description")
    }
    type Entity @​key(fields: "id") {
    id: ID!
    name: String! @​external
    description: String! @​external
    }

    a client query of { entity { id name } } would still cause the gateway to ask subgraph B for description and fetch name again from subgraph A (the owner of Entity).

    After this fix:

    • Only the @provides fields the client actually selected are forwarded to the providing subgraph (request side).
    • The delegation planner now recognises @provides declarations at every nested level (e.g. @provides(fields: "nested { nestedNested { name description } }")) and @provides declarations made via inline fragments on union/interface members (e.g. @provides(fields: "... on Book { title }")), so the gateway no longer round-trips to the owner subgraph for fields that the providing subgraph has already returned.
    • Fragment spreads in the client query are correctly handled when selecting nested @provides-covered fields. Previously, using a fragment spread (e.g. ...MyFrag) for nested @external fields could cause an unnecessary delegation to the owner because selection subtraction compared only the spread name with the explicit @provides fields. The planner now resolves fragment spreads before subtracting provided selections, while preserving the fragment type condition and directives when only part of a fragment remains.

    Aliases, direct field selections, fragments, fragment spreads, @include/@skip directives wrapping a @provides field, and nested @provides selections are preserved without unnecessary owner delegations.

Commits

Updates tsx from 4.23.0 to 4.23.1

Release notes

Sourced from tsx's releases.

v4.23.1

4.23.1 (2026-07-13)

Bug Fixes

  • support tsImport after global preload (8d4ffc2)
  • watch: avoid clearing piped output (95d0672)
  • watch: treat script and dependency paths literally (79fddde)

Performance Improvements

  • index transform cache lazily (e818ad6)
  • load esbuild lazily in CLI (d067938)
  • map Node TypeScript formats directly (cdcc623)
  • use sync module hooks on Node v22.22.3+ (f8992f1)

This release is also available on:

Commits
  • 79fddde fix(watch): treat script and dependency paths literally
  • e818ad6 perf: index transform cache lazily
  • cdcc623 perf: map Node TypeScript formats directly
  • d067938 perf: load esbuild lazily in CLI
  • 95d0672 fix(watch): avoid clearing piped output
  • 6fd4607 docs: add per-page metadata
  • f4176d8 docs: generate sitemap
  • 8d4ffc2 fix: support tsImport after global preload
  • f0e89b2 docs: document Node's public type-stripping API vs internal loader path
  • f8992f1 perf: use sync module hooks on Node v22.22.3+
  • See full diff in compare view

Updates @graphql-tools/stitch from 10.1.23 to 10.1.24

Changelog

Sourced from @​graphql-tools/stitch's changelog.

10.1.24

Patch Changes

  • #2351 0bbdbbc Thanks @​ardatan! - Fix @provides so the gateway only requests the provided fields the client actually selected, and stops delegating to the owner subgraph when @provides already covers the request.

    Previously, when a subgraph declared @provides(fields: "...") on a field, the gateway would still:

    1. Forward every field listed in @provides to that subgraph, even when the client never asked for them.
    2. After receiving the response, plan additional delegations to the owner subgraph for @provides-covered fields whenever the providing subgraph declared them as @external, even though the data was already returned.

    For example with:

    # subgraph B (provider)
    type Query {
      entity: Entity @provides(fields: "name description")
    }
    type Entity @​key(fields: "id") {
    id: ID!
    name: String! @​external
    description: String! @​external
    }

    a client query of { entity { id name } } would still cause the gateway to ask subgraph B for description and fetch name again from subgraph A (the owner of Entity).

    After this fix:

    • Only the @provides fields the client actually selected are forwarded to the providing subgraph (request side).
    • The delegation planner now recognises @provides declarations at every nested level (e.g. @provides(fields: "nested { nestedNested { name description } }")) and @provides declarations made via inline fragments on union/interface members (e.g. @provides(fields: "... on Book { title }")), so the gateway no longer round-trips to the owner subgraph for fields that the providing subgraph has already returned.
    • Fragment spreads in the client query are correctly handled when selecting nested @provides-covered fields. Previously, using a fragment spread (e.g. ...MyFrag) for nested @external fields could cause an unnecessary delegation to the owner because selection subtraction compared only the spread name with the explicit @provides fields. The planner now resolves fragment spreads before subtracting provided selections, while preserving the fragment type condition and directives when only part of a fragment remains.

    Aliases, direct field selections, fragments, fragment spreads, @include/@skip directives wrapping a @provides field, and nested @provides selections are preserved without unnecessary owner delegations.

  • Updated dependencies [0bbdbbc]:

    • @​graphql-tools/delegate@​12.0.19
    • @​graphql-tools/batch-delegate@​10.0.26
    • @​graphql-tools/wrap@​11.1.18
Commits

Updates @graphql-tools/wrap from 11.1.17 to 11.1.18

Changelog

Sourced from @​graphql-tools/wrap's changelog.

11.1.18

Patch Changes

  • Updated dependencies [0bbdbbc]:
    • @​graphql-tools/delegate@​12.0.19
Commits

Updates postcss from 8.5.18 to 8.5.19

Release notes

Sourced from postcss's releases.

8.5.19

  • Fixed cleaning before for new nodes inserted to Root (by @​MahinAnowar).
Changelog

Sourced from postcss's changelog.

8.5.19

  • Fixed cleaning before for new nodes inserted to Root (by @​MahinAnowar).
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…dates

Bumps the actions-deps group with 4 updates in the / directory: [@graphql-tools/delegate](https://github.com/graphql-hive/gateway/tree/HEAD/packages/delegate), [tsx](https://github.com/privatenumber/tsx), [@graphql-tools/stitch](https://github.com/graphql-hive/gateway/tree/HEAD/packages/stitch) and [postcss](https://github.com/postcss/postcss).


Updates `@graphql-tools/delegate` from 12.0.18 to 12.0.19
- [Release notes](https://github.com/graphql-hive/gateway/releases)
- [Changelog](https://github.com/graphql-hive/gateway/blob/main/packages/delegate/CHANGELOG.md)
- [Commits](https://github.com/graphql-hive/gateway/commits/@graphql-tools/delegate@12.0.19/packages/delegate)

Updates `tsx` from 4.23.0 to 4.23.1
- [Release notes](https://github.com/privatenumber/tsx/releases)
- [Changelog](https://github.com/privatenumber/tsx/blob/master/release.config.cjs)
- [Commits](privatenumber/tsx@v4.23.0...v4.23.1)

Updates `@graphql-tools/stitch` from 10.1.23 to 10.1.24
- [Release notes](https://github.com/graphql-hive/gateway/releases)
- [Changelog](https://github.com/graphql-hive/gateway/blob/main/packages/stitch/CHANGELOG.md)
- [Commits](https://github.com/graphql-hive/gateway/commits/@graphql-tools/stitch@10.1.24/packages/stitch)

Updates `@graphql-tools/wrap` from 11.1.17 to 11.1.18
- [Release notes](https://github.com/graphql-hive/gateway/releases)
- [Changelog](https://github.com/graphql-hive/gateway/blob/main/packages/wrap/CHANGELOG.md)
- [Commits](https://github.com/graphql-hive/gateway/commits/@graphql-tools/wrap@11.1.18/packages/wrap)

Updates `postcss` from 8.5.18 to 8.5.19
- [Release notes](https://github.com/postcss/postcss/releases)
- [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md)
- [Commits](postcss/postcss@8.5.18...8.5.19)

---
updated-dependencies:
- dependency-name: "@graphql-tools/delegate"
  dependency-version: 12.0.19
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: tsx
  dependency-version: 4.23.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: "@graphql-tools/stitch"
  dependency-version: 10.1.24
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: "@graphql-tools/wrap"
  dependency-version: 11.1.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: postcss
  dependency-version: 8.5.19
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: actions-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 13, 2026
@changeset-bot

changeset-bot Bot commented Jul 13, 2026

Copy link
Copy Markdown

⚠️ No Changeset found

Latest commit: e899acc

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions

Copy link
Copy Markdown
Contributor

🚀 Snapshot Release (alpha)

The latest changes of this PR are available as alpha on npm (based on the declared changesets):

Package Version Info
@graphql-tools/executor 1.5.6-alpha-20260713221234-e899acce8317500fc3d0abfd3b19cbd1f0a05b81 npm ↗︎ unpkg ↗︎
@ardatan/relay-compiler 13.0.2-alpha-20260713221234-e899acce8317500fc3d0abfd3b19cbd1f0a05b81 npm ↗︎ unpkg ↗︎
@graphql-tools/relay-operation-optimizer 7.1.7-alpha-20260713221234-e899acce8317500fc3d0abfd3b19cbd1f0a05b81 npm ↗︎ unpkg ↗︎

@github-actions

Copy link
Copy Markdown
Contributor

💻 Website Preview

The latest changes are available as preview in: https://pr-8292.graphql-tools-8ja.pages.dev

@ardatan ardatan merged commit 15a67f8 into master Jul 14, 2026
38 of 39 checks passed
@ardatan ardatan deleted the dependabot/npm_and_yarn/actions-deps-4b6f11a3a3 branch July 14, 2026 10:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant