Update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
@apollo/server (source)	4.11.3 -> 4.12.2			dependencies	minor
@apollo/subgraph (source)	2.10.0 -> 2.12.1			dependencies	minor
@graphql-hive/cli (source)	0.49.1 -> 0.56.0			dependencies	minor
@graphql-hive/cli (source)	^0.49.0 -> ^0.56.0			devDependencies	minor
@graphql-hive/gateway (source)	1.13.5 -> 1.16.5			dependencies	minor
@graphql-mesh/hmac-upstream-signature (source)	1.2.26 -> 1.2.32			dependencies	patch
@graphql-mesh/plugin-jwt-auth (source)	1.5.2 -> 1.5.10			dependencies	patch
@theguild/federation-composition	^0.18.0 -> ^0.21.0			dependencies	minor
@types/ioredis-mock (source)	8.2.5 -> 8.2.6			dependencies	patch
@types/node (source)	22.14.0 -> 22.19.1			devDependencies	minor
@whatwg-node/fetch (source)	0.10.5 -> 0.10.13			dependencies	patch
@whatwg-node/server (source)	0.10.3 -> 0.10.17			dependencies	patch
ghcr.io/graphql-hive/gateway	1.13.5 -> 1.16.5				minor
grafana/grafana	10.4.17 -> 10.4.19				patch
graphql	16.10.0 -> 16.12.0			dependencies	minor
graphql	16.10.0 -> 16.12.0			devDependencies	minor
graphql	16.10.0 -> 16.12.0			resolutions	minor
graphql-yoga (source)	5.13.2 -> 5.17.1			dependencies	minor
jaegertracing/all-in-one	1.68.0 -> 1.75.0				minor
node	22.14.0-slim -> 22.21.1-slim			final	minor
tsx (source)	4.19.3 -> 4.21.0			devDependencies	minor
typescript (source)	5.8.3 -> 5.9.3			devDependencies	minor

---

Release Notes

apollographql/apollo-server (@​apollo/server)

v4.12.2

Compare Source

(No change; there is a change to the @apollo/server-integration-testsuite used to test integrations, and the two packages always have matching versions.)

v4.12.1

Compare Source

Patch Changes

• #​8064 41f98d4 Thanks @​glasser! - Update README.md to recommend Express v5 integration now that Express v5 is released.

v4.12.0

Compare Source

Minor Changes

• #​8054 89e3f84 Thanks @​clenfest! - Adds a new graphql-js validation rule to reject operations that recursively request selections above a specified maximum, which is disabled by default. Use configuration option maxRecursiveSelections=true to enable with a maximum of 10,000,000, or maxRecursiveSelections=<number> for a custom maximum. Enabling this validation can help avoid performance issues with configured validation rules or plugins.

Patch Changes

• #​8031 2550d9f Thanks @​slagiewka! - Add return after sending 400 response in doubly escaped JSON parser middleware

apollographql/federation (@​apollo/subgraph)

v2.12.1

Compare Source

Patch Changes

• Updated dependencies [09e596e6a0c753071ca822e84f525d73ada395cf, ac1ed2946c48e0fef4b413b192d8c5fbdb2370ae]:
  • @​apollo/federation-internals@​2.12.1

v2.12.0

Compare Source

Minor Changes

• Federation 2.12 and Connect 0.3 (#​3276)

Patch Changes

• When a GraphQLScalarType resolver is provided to buildSubgraphSchema(), omitted configuration options in the GraphQLScalarType no longer cause the corresponding properties in the GraphQL document/AST to be cleared. To explicitly clear these properties, use null for the configuration option instead. (#​3287)

• Updated dependencies [3e2b0a8569a9fe46726182887ed0b4bfc0b52468, bb4614d338ae03bac51a5fc2439590f172c4e54d, 99f2da21de88f9ad9a32ee7ed64b2d4a92887b40, 468f27842608f4e390cfc88bc7e6b4b0945f95ff, 3fd5157b309f1d3439b2d87c67b0601fb246d04c, b734ea04d118db09cf6077fdd968c8f04a96327a, 4bda3a498eba36e187dfd9ae673eca12d3f3502c, e7e67579908d5cd2fa6fe558228dffe4808cd98d, faea2d1174d80593264f2227cfde9a2ba1a59b96, 97b9d2edfcfeed99124f9e115f992cbef3804682, f6af504f1ba8283fd00af0d6e3c9c1a665d62736, a595235d3cf8f67611efd8395332b64d067b5f1f]:

  • @​apollo/federation-internals@​2.12.0

v2.11.5

Compare Source

Patch Changes

• Updated dependencies [e1c58611c3c996b4fff98a54e49f00549ff2115d, 3e2d1fd315db54a089fedf131cfaa27792bdd049]:
  • @​apollo/federation-internals@​2.11.5

v2.11.4

Compare Source

Patch Changes

• Updated dependencies [d221ac04c3ee00a3c7a671d9d56e2cfa36943b49, 7730c03e128be6754b9e40c086d5cb5c4685ac66, 4bda3a498eba36e187dfd9ae673eca12d3f3502c, 6adbf7e86927de969aedab665b6a3a8dbf3a6095, 2a20dc38dfc40e0b618d5cc826f18a19ddb91aff]:
  • @​apollo/federation-internals@​2.11.4

v2.11.3

Compare Source

Patch Changes

• When a GraphQLScalarType resolver is provided to buildSubgraphSchema(), omitted configuration options in the GraphQLScalarType no longer cause the corresponding properties in the GraphQL document/AST to be cleared. To explicitly clear these properties, use null for the configuration option instead. (#​3285) (#​3285)

• Updated dependencies [8c7a2cd655ad3060e9f5c3b106cfbdb59251701c]:

  • @​apollo/federation-internals@​2.11.3

v2.11.2

Compare Source

Patch Changes

• Revert change to @​composeDirective definition to specify nullable argument value. (#​3283)

  We cannot fix the definition as that would break customers using older versions of subgraph-js. Our validations are already verifying that the values are specified.

• Updated dependencies [28c08bef6e691aefc6ed07c0e7057f9cd803b317]:

  • @​apollo/federation-internals@​2.11.2

v2.11.1

Compare Source

Patch Changes

• Updated dependencies [7799ad1717becf15fb0e82f89619f2ec8a24b4d4, b26794c5724ef23d1f0fd45a40aee3d301557489]:
  • @​apollo/federation-internals@​2.11.1

v2.11.0

Compare Source

Minor Changes

• Adds connect spec v0.2, available for use with Apollo Router 2.3.0 or greater. (#​3262)

Patch Changes

• Updated dependencies [1462c91879d41884c0a7e60551d8dd0d67c832d3, 9614b26e5a17cbf1f6aaf08f6fcb1c95eb12592d]:
  • @​apollo/federation-internals@​2.11.0

v2.10.4

Compare Source

Patch Changes

• Updated dependencies [20c75d1d60a48fc289d88c8d29652f1afc7553e4]:
  • @​apollo/federation-internals@​2.10.4

v2.10.3

Compare Source

Patch Changes

• Updated dependencies [2b88aec38d5bacb6ec815d885fdac47ef415124a, 18a9cfaf533602bb37fdf22962539ce0eae948c8, 9c0aaa0874c98ae8ce0cc38cad7f6f25d2c29635, f94e7b35c43ed64c67ff25c7aeb86ec0dd73370a]:
  • @​apollo/federation-internals@​2.10.3

v2.10.2

Compare Source

Patch Changes

• Updated dependencies []:
  • @​apollo/federation-internals@​2.10.2

v2.10.1

Compare Source

Patch Changes

• Updated dependencies [97d81b79c3da10175bdf92c2209039efe352de79]:
  • @​apollo/federation-internals@​2.10.1

graphql-hive/platform (@​graphql-hive/cli)

v0.56.0

Minor Changes

• #​7346
  f266368
  Thanks @​n1ru4l! - Upgrade graphql-inspector/core to v7 and update the
  models to be able to handle the new change objects. GraphQL Inspector now supports directive
  changes and improves the accuracy of the severity level for several change types. This will
  improve schema checks to make them more accurate and more complete. See graphql-inspector's
  changelog for details.

Patch Changes

• #​7346
  f266368
  Thanks @​n1ru4l! - Fixes an issue where schema changes containing
  escaped single-quoted strings were not handled correctly.

• Updated dependencies
  [f266368,
  f266368,
  f266368]:

  • @​graphql-hive/core@​0.18.0

v0.55.1

Patch Changes

• Updated dependencies
  [a6f707b,
  a6f707b]:
  • @​graphql-hive/core@​0.17.0

v0.55.0

Minor Changes

• #​7267
  114cd80
  Thanks @​jdolle! - Upgrade graphql-inspector/core to v7 and update the
  models to be able to handle the new change objects. GraphQL Inspector now supports directive
  changes and improves the accuracy of the severity level for several change types. This will
  improve schema checks to make them more accurate and more complete. See graphql-inspector's
  changelog for details.

Patch Changes

• #​7321
  316859e
  Thanks @​adambenhassen! - handle escaped single-quoted strings
  in schema changes

• Updated dependencies
  [5229612]:

  • @​graphql-hive/core@​0.16.0

v0.54.0

Compare Source

Minor Changes

• #​7306
  29de664
  Thanks @​kamilkisiela! - Updated federation-composition to
  v0.21.0

  • Enhanced auth directive validation: The federation-composition now enforces correct
    placement of auth directives (@authenticated, @requiresScopes, @policy) by rejecting
    attempts to place them on interfaces, interface fields, or interface objects with the new
    AUTH_REQUIREMENTS_APPLIED_ON_INTERFACE validation rule.
  • Transitive auth requirements checking: Added a new validation rule that ensures fields using
    @requires specify at least the auth requirements of the fields they select. If a field doesn't
    carry forward required auth directives, composition fails with a
    MISSING_TRANSITIVE_AUTH_REQUIREMENTS error.
  • Auth requirements inheritance: Interface types and fields now properly inherit
    @authenticated, @requiresScopes, and @policy directives from the object types that
    implement them.
  • @cost directive restrictions: The @cost directive can no longer be placed on interface
    types, their fields, or field arguments. Invalid placements now result in composition errors
    instead of being silently accepted.
  • Improved @listSize validation: The directive now validates that sizedFields point to
    actual list fields rather than integer counters. Additionally, slicingArguments validation has
    been added to ensure only arguments that exist in all subgraphs are retained.
  • Fixed EXTERNAL_MISSING_ON_BASE rule: Resolved false positives when handling
    @interfaceObject corner-cases, particularly for @external fields on object types provided by
    interface objects.

v0.53.5

Compare Source

Patch Changes

• Updated dependencies
  [64c8368]:
  • @​graphql-hive/core@​0.15.1

v0.53.4

Compare Source

Patch Changes

• Updated dependencies
  [2cc443c]:
  • @​graphql-hive/core@​0.15.0

v0.53.3

Compare Source

Patch Changes

• #​7264
  582bc0e
  Thanks @​n1ru4l! - Ensure http debug logs are printed properly.

• Updated dependencies
  [582bc0e]:

  • @​graphql-hive/core@​0.14.0

v0.53.2

Compare Source

Patch Changes

• Updated dependencies
  [43920cd,
  43920cd]:
  • @​graphql-hive/core@​0.13.2

v0.53.1

Compare Source

Patch Changes

• Updated dependencies
  [d8f6e25]:
  • @​graphql-hive/core@​0.13.1

v0.53.0

Compare Source

Minor Changes

• #​7206
  01963a0
  Thanks @​n1ru4l! - Improve output of the hive whoami command. It now
  also handles the new access token format.

v0.52.1

Compare Source

Patch Changes

• #​7193
  543de17
  Thanks @​adambenhassen! - schema:check --forceSafe now
  properly approves breaking schema changes in Hive (requires write permission registry token)

v0.52.0

Compare Source

Minor Changes

• #​7155
  caebbe0
  Thanks @​jdolle! - add schemaVersionByCommit; update docs and cli; fix
  webhook commit reference

v0.51.0

Compare Source

Minor Changes

• #​7100
  2cbdced
  Thanks @​XiNiHa! - add hive app:retire command for retiring an app
  deployment

v0.50.5

Compare Source

Patch Changes

• #​7046
  8c49615
  Thanks @​jdolle! - Add progress log to app:create

v0.50.4

Compare Source

Patch Changes

• #​6919
  49187c9
  Thanks @​jdolle! - fix fallback when hive.json is used but does not
  provide the requested value

v0.50.3

Compare Source

Patch Changes

• Updated dependencies
  [8d56b98]:
  • @​graphql-hive/core@​0.13.0

v0.50.2

Compare Source

Patch Changes

• #​6845
  114e7bc
  Thanks @​n1ru4l! - Update @theguild/federation-composition to
  0.19.0

  Increases federation composition compatibility.

  • Fix errors raised by @requires with union field selection set
  • Fix incorrectly raised IMPLEMENTED_BY_INACCESSIBLE error for inaccessible object fields where
    the object type is inaccessible.
  • Add support for @provides fragment selection sets on union type fields.
  • Fix issue where the satisfiability check raised an exception for fields that share different
    object type and interface definitions across subgraphs.
  • Fix issue where scalar type marked with @inaccessible does not fail the composition if all
    usages are not marked with @inaccessible.
  • Support composing executable directives from subgraphs into the supergraph

v0.50.1

Compare Source

Patch Changes

• Updated dependencies
  [bbd5643]:
  • @​graphql-hive/core@​0.12.0

v0.50.0

Compare Source

Minor Changes

• #​6658
  e6a970f
  Thanks @​n1ru4l! - Internal adjustments for using non-deprecated API
  fields.

• #​6626
  2056307
  Thanks @​jdolle! - Show dangerous changes as a separate list in
  schema:check

• #​6662
  2b220a5
  Thanks @​n1ru4l! - Support federation composition validation for
  IMPLEMENTED_BY_INACCESSIBLE.

• #​6675
  ed66171
  Thanks @​kamilkisiela! - Updates the
  @theguild/federation-composition to v0.18.1 that includes the following changes:

  • Support progressive overrides (@override(label: "<value>"))
  • Allow to use @composeDirective on a built-in scalar (like @oneOf)
  • Performance improvements (lazy compute of errors), especially noticeable in large schemas (2s ->
    600ms)
  • Ensure nested key fields are marked as @shareable
  • Stop collecting paths when a leaf field was reached (performance improvement)
  • Avoid infinite loop when entity field returns itself

Patch Changes

• #​6768
  5ee3a2e
  Thanks @​jdolle! - Correct error exit codes

• Updated dependencies
  [5130fc1]:

  • @​graphql-hive/core@​0.11.0

graphql-hive/gateway (@​graphql-hive/gateway)

v1.16.5

Compare Source

Patch Changes

• #​1428 5660dab Thanks @​enisdenjo! - Resolve to latest @​envelop/core that includes instrumentation changes

• Updated dependencies [5660dab]:

  • @​graphql-mesh/plugin-jwt-auth@​1.5.10
  • @​graphql-hive/gateway-runtime@​1.11.1
  • @​graphql-hive/plugin-aws-sigv4@​1.0.19
  • @​graphql-hive/plugin-deduplicate-request@​1.0.5
  • @​graphql-mesh/hmac-upstream-signature@​1.2.32

v1.16.4

Compare Source

Patch Changes

• #​1408 5aefad2 Thanks @​enisdenjo! - dependencies updates:

  • Updated dependency @graphql-mesh/cache-cfw-kv@^0.105.8 ↗︎ (from ^0.105.7, in dependencies)
  • Updated dependency @graphql-mesh/cache-localforage@^0.105.9 ↗︎ (from ^0.105.8, in dependencies)
  • Updated dependency @graphql-mesh/cache-redis@^0.104.8 ↗︎ (from ^0.104.7, in dependencies)
  • Updated dependency @graphql-mesh/cache-upstash-redis@^0.1.8 ↗︎ (from ^0.1.7, in dependencies)
  • Updated dependency @graphql-mesh/types@^0.104.8 ↗︎ (from ^0.104.7, in dependencies)
  • Updated dependency @graphql-mesh/utils@^0.104.8 ↗︎ (from ^0.104.7, in dependencies)

• #​1424 fe9b42f Thanks @​enisdenjo! - dependencies updates:

  • Updated dependency @graphql-mesh/utils@^0.104.11 ↗︎ (from ^0.104.8, in dependencies)

• Updated dependencies [5aefad2, 37113d1, fe9b42f, 5aefad2, fe9b42f, 5aefad2, fe9b42f, 5aefad2, fe9b42f, 5aefad2, fe9b42f, 5aefad2, fe9b42f, 5aefad2, fe9b42f, 5aefad2, 37113d1, fe9b42f, 5aefad2, fe9b42f, e5eb881, e5eb881]:

  • @​graphql-hive/gateway-runtime@​1.11.0
  • @​graphql-hive/plugin-deduplicate-request@​1.0.5
  • @​graphql-mesh/hmac-upstream-signature@​1.2.32
  • @​graphql-mesh/plugin-jwt-auth@​1.5.9
  • @​graphql-mesh/plugin-opentelemetry@​1.3.67
  • @​graphql-mesh/plugin-prometheus@​1.3.55
  • @​graphql-mesh/transport-http@​0.7.3
  • @​graphql-mesh/transport-http-callback@​0.7.3
  • @​graphql-mesh/transport-ws@​1.1.3
  • @​graphql-hive/plugin-aws-sigv4@​1.0.19

v1.16.3

Compare Source

Patch Changes

• #​1383 a832e7b Thanks @​dependabot! - dependencies updates:

  • Updated dependency @graphql-mesh/cache-cfw-kv@^0.105.7 ↗︎ (from ^0.105.5, in dependencies)
  • Updated dependency @graphql-mesh/cache-localforage@^0.105.8 ↗︎ (from ^0.105.6, in dependencies)
  • Updated dependency @graphql-mesh/cache-redis@^0.104.7 ↗︎ (from ^0.104.5, in dependencies)
  • Updated dependency @graphql-mesh/cache-upstash-redis@^0.1.7 ↗︎ (from ^0.1.5, in dependencies)
  • Updated dependency @graphql-mesh/plugin-http-cache@^0.105.8 ↗︎ (from ^0.105.6, in dependencies)
  • Updated dependency @graphql-mesh/plugin-jit@^0.2.7 ↗︎ (from ^0.2.5, in dependencies)
  • Updated dependency @graphql-mesh/plugin-mock@^0.105.8 ↗︎ (from ^0.105.6, in dependencies)
  • Updated dependency @graphql-mesh/plugin-rate-limit@^0.104.7 ↗︎ (from ^0.104.5, in dependencies)
  • Updated dependency @graphql-mesh/plugin-snapshot@^0.104.7 ↗︎ (from ^0.104.5, in dependencies)
  • Updated dependency @graphql-mesh/types@^0.104.7 ↗︎ (from ^0.104.5, in dependencies)
  • Updated dependency @graphql-mesh/utils@^0.104.7 ↗︎ (from ^0.104.5, in dependencies)

• Updated dependencies [a832e7b, bed67a6, a832e7b, a832e7b, a832e7b, a832e7b, a832e7b, a832e7b, a832e7b, a832e7b, 34294ea]:

  • @​graphql-hive/gateway-runtime@​1.10.3
  • @​graphql-hive/plugin-aws-sigv4@​1.0.18
  • @​graphql-hive/plugin-deduplicate-request@​1.0.4
  • @​graphql-mesh/hmac-upstream-signature@​1.2.31
  • @​graphql-mesh/plugin-jwt-auth@​1.5.8
  • @​graphql-mesh/plugin-opentelemetry@​1.3.66
  • @​graphql-mesh/plugin-prometheus@​1.3.54
  • @​graphql-mesh/transport-http@​0.7.2
  • @​graphql-mesh/transport-http-callback@​0.7.2
  • @​graphql-mesh/transport-ws@​1.1.2

v1.16.2

Compare Source

Patch Changes

• #​1358 8e37851 Thanks @​dependabot! - dependencies updates:

  • Updated dependency @graphql-tools/code-file-loader@^8.1.22 ↗︎ (from ^8.1.21, in dependencies)
  • Updated dependency @graphql-tools/graphql-file-loader@^8.0.22 ↗︎ (from ^8.0.21, in dependencies)
  • Updated dependency @graphql-tools/load@^8.1.2 ↗︎ (from ^8.1.1, in dependencies)
  • Updated dependency @graphql-tools/utils@^10.9.1 ↗︎ (from ^10.9.0, in dependencies)
  • Updated dependency dotenv@^17.2.1 ↗︎ (from ^17.2.0, in dependencies)

• #​1368 a6aeed2 Thanks @​ardatan! - Support Promise as a result of outgoing;

  So you can use credentials providers from @aws-sdk/credential-providers package.
  See more.

  import { fromNodeProviderChain } from '@​aws-sdk/credential-providers';
  import { defineConfig } from '@&#820

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.