Skip to content

build(deps): bump the actions-deps group with 3 updates#7990

Merged
ardatan merged 2 commits intomasterfrom
dependabot/npm_and_yarn/actions-deps-6021b71bb3
Feb 26, 2026
Merged

build(deps): bump the actions-deps group with 3 updates#7990
ardatan merged 2 commits intomasterfrom
dependabot/npm_and_yarn/actions-deps-6021b71bb3

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Feb 26, 2026

Bumps the actions-deps group with 3 updates: @types/node, @theguild/federation-composition and wrangler.

Updates @types/node from 25.3.1 to 25.3.2

Commits

Updates @theguild/federation-composition from 0.21.3 to 0.22.0

Release notes

Sourced from @​theguild/federation-composition's releases.

v0.22.0

Minor Changes

  • #267 3e232fa Thanks @​kamilkisiela! - Fix supergraph @join__field generation for @override + @requires migrations and add a progressive override restriction.

    When a field with @requires is overridden, composition now ignores @requires usage coming only from the overridden source field when deciding whether to keep @join__field(..., external: true). This prevents stale external annotations in the supergraph.

    Also, progressive override (@override(..., label: ...)) is now rejected when the overridden source field uses @requires (error code: OVERRIDE_COLLISION_WITH_ANOTHER_DIRECTIVE). Non-progressive override behavior is unchanged.

Changelog

Sourced from @​theguild/federation-composition's changelog.

0.22.0

Minor Changes

  • #267 3e232fa Thanks @​kamilkisiela! - Fix supergraph @join__field generation for @override + @requires migrations and add a progressive override restriction.

    When a field with @requires is overridden, composition now ignores @requires usage coming only from the overridden source field when deciding whether to keep @join__field(..., external: true). This prevents stale external annotations in the supergraph.

    Also, progressive override (@override(..., label: ...)) is now rejected when the overridden source field uses @requires (error code: OVERRIDE_COLLISION_WITH_ANOTHER_DIRECTIVE). Non-progressive override behavior is unchanged.

Commits
  • e5e1611 Upcoming Release Changes (#269)
  • 3e232fa feat: override + requires (#267)
  • b44be5a chore(deps): lock file maintenance (#265)
  • aa8fb89 chore(deps): update pnpm to v10.30.2 (#264)
  • f3ef028 build(deps): bump minimatch from 9.0.5 to 9.0.6 in the npm_and_yarn group acr...
  • b94823d chore(deps): update actions/checkout digest to de0fac2 (#262)
  • 0ad0e1f chore(deps): update dependency @​types/node to v24.10.13 (#260)
  • a4952da chore(deps): update pnpm to v10.30.0 (#257)
  • 8551e8f chore(deps): lock file maintenance (#258)
  • 481e904 chore(deps): update dependency @​apollo/composition to v2.13.1 (#263)
  • Additional commits viewable in compare view

Updates wrangler from 4.68.1 to 4.69.0

Release notes

Sourced from wrangler's releases.

wrangler@4.69.0

Minor Changes

  • #12625 c0e9e08 Thanks @​WillTaylorDev! - Add cache configuration option for enabling worker cache (experimental)

    You can now enable cache before worker execution using the new cache configuration:

    {
	"cache": {
		"enabled": true,
	},
}

    This setting is environment-inheritable and opt-in. When enabled, cache behavior is applied before your worker runs.

    Note: This feature is experimental. The runtime API is not yet generally available.

Patch Changes

  • #12661 99037e3 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260302.0 1.20260303.0

  • #12680 295297a Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20260303.0 1.20260305.0

  • #12671 f765244 Thanks @​MattieTK! - fix: Only redact account names in CI environments, not all non-interactive contexts

    The multi-account selection error in getAccountId now only redacts account names when running in a CI environment (detected via ci-info). Non-interactive terminals such as coding agents and piped commands can now see account names, which they need to identify which account to configure. CI logs remain protected.

  • Updated dependencies [99037e3, 295297a]:

    • miniflare@4.20260305.0
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the actions-deps group with 3 updates
657a2bc 
Bumps the actions-deps group with 3 updates: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node), [@theguild/federation-composition](https://github.com/graphql-hive/federation-composition) and [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler).


Updates `@types/node` from 25.3.1 to 25.3.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@theguild/federation-composition` from 0.21.3 to 0.22.0
- [Release notes](https://github.com/graphql-hive/federation-composition/releases)
- [Changelog](https://github.com/graphql-hive/federation-composition/blob/main/CHANGELOG.md)
- [Commits](graphql-hive/federation-composition@v0.21.3...v0.22.0)

Updates `wrangler` from 4.68.1 to 4.69.0
- [Release notes](https://github.com/cloudflare/workers-sdk/releases)
- [Commits](https://github.com/cloudflare/workers-sdk/commits/wrangler@4.69.0/packages/wrangler)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 25.3.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: actions-deps
- dependency-name: "@theguild/federation-composition"
  dependency-version: 0.22.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: actions-deps
- dependency-name: wrangler
  dependency-version: 4.69.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: actions-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 26, 2026
@changeset-bot
Copy link
Copy Markdown

changeset-bot bot commented Feb 26, 2026
edited
Loading

🦋 Changeset detected

Latest commit: a65ab1f

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 3 packages
Name Type
@graphql-tools/import Patch
@graphql-tools/graphql-file-loader Patch
@graphql-tools/node-require Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 26, 2026

🚀 Snapshot Release (alpha)

The latest changes of this PR are available as alpha on npm (based on the declared changesets):

Package Version Info
@graphql-tools/import 7.1.11-alpha-20260226213318-a65ab1f11309f9893ebcf933c36784d952fa375a npm ↗︎ unpkg ↗︎
@graphql-tools/graphql-file-loader 8.1.11-alpha-20260226213318-a65ab1f11309f9893ebcf933c36784d952fa375a npm ↗︎ unpkg ↗︎
@graphql-tools/node-require 7.0.36-alpha-20260226213318-a65ab1f11309f9893ebcf933c36784d952fa375a npm ↗︎ unpkg ↗︎
@graphql-tools/resolvers-composition 7.0.28-alpha-20260226213318-a65ab1f11309f9893ebcf933c36784d952fa375a npm ↗︎ unpkg ↗︎

@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Feb 26, 2026

💻 Website Preview

The latest changes are available as preview in: https://pr-7990.graphql-tools.pages.dev

@ardatan ardatan merged commit 0e4d00e into master Feb 26, 2026
14 checks passed
@ardatan ardatan deleted the dependabot/npm_and_yarn/actions-deps-6021b71bb3 branch February 26, 2026 21:37
@github-actions github-actions bot mentioned this pull request Feb 26, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ardatan