fix(deps): update dependencies-non-major

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@apollo/client (source)	3.10.3 -> 3.10.4					dependencies	patch
@types/bun (source)	1.1.2 -> 1.1.3					devDependencies	patch
@types/node (source)	20.12.11 -> 20.12.12					devDependencies	patch
@types/react (source)	18.3.2 -> 18.3.3					devDependencies	patch
@typescript-eslint/eslint-plugin (source)	7.8.0 -> 7.10.0					devDependencies	minor
@typescript-eslint/parser (source)	7.8.0 -> 7.10.0					devDependencies	minor
@vitejs/plugin-react (source)	4.2.1 -> 4.3.0					devDependencies	minor
alpine	3.19 -> 3.20					final	minor
anyhow	1.0.83 -> 1.0.86					dependencies	patch
anyhow	1.0.83 -> 1.0.86					workspace.dependencies	patch
bun (source)	1.1.8 -> 1.1.10					devDependencies	patch
cynic (source)	3.7.0 -> 3.7.2					workspace.dependencies	patch
cynic-codegen (source)	3.7.0 -> 3.7.2					build-dependencies	patch
cynic-introspection (source)	3.7.0 -> 3.7.2					workspace.dependencies	patch
darling	0.20.8 -> 0.20.9					dependencies	patch
ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib	0.100.0 -> 0.101.0						minor
hyper-util (source)	0.1.3 -> 0.1.4					workspace.dependencies	patch
insta (source)	1.38.0 -> 1.39.0					dev-dependencies	minor
insta (source)	1.38.0 -> 1.39.0					dependencies	minor
insta (source)	1.38.0 -> 1.39.0					workspace.dependencies	minor
itertools	0.12.1 -> 0.13.0					dependencies	minor
itertools	0.12.1 -> 0.13.0					workspace.dependencies	minor
mimalloc	0.1.41 -> 0.1.42					dependencies	patch
opentelemetry	0.22 -> 0.23					dependencies	minor
opentelemetry-otlp (source)	0.15 -> 0.16					dependencies	minor
opentelemetry-stdout (source)	0.3 -> 0.4					dependencies	minor
opentelemetry_sdk	0.22.1 -> 0.23.0					dependencies	minor
proc-macro2	1.0.82 -> 1.0.84					dependencies	patch
rustls	0.23.5 -> 0.23.8					workspace.dependencies	patch
rustls-webpki	0.102.3 -> 0.102.4					workspace.dependencies	patch
serde (source)	1.0.201 -> 1.0.203					dependencies	patch
serde (source)	1.0.201 -> 1.0.203					dev-dependencies	patch
serde (source)	1.0.201 -> 1.0.203					workspace.dependencies	patch
serde_derive (source)	1.0.201 -> 1.0.203					dependencies	patch
swc_ecma_ast	0.113.3 -> 0.113.4					dependencies	patch
syn	2.0.63 -> 2.0.66					dependencies	patch
thiserror	1.0.60 -> 1.0.61					dependencies	patch
thiserror	1.0.60 -> 1.0.61					workspace.dependencies	patch
tokio-postgres-rustls	0.11.0 -> 0.12.0					workspace.dependencies	minor
tokio-rustls	0.25.0 -> 0.26.0					workspace.dependencies	minor
toml	0.8.12 -> 0.8.13					dependencies	patch
toml	0.8.12 -> 0.8.13					dev-dependencies	patch
ts-jest (source)	=29.1.2 -> =29.1.3					devDependencies	patch
type-fest	4.18.2 -> 4.18.3					dependencies	patch
worker	0.2.0 -> 0.3.0					workspace.dependencies	minor
zip	1.2.3 -> 1.3.1					dependencies	minor

---

Release Notes

apollographql/apollo-client (@​apollo/client)

v3.10.4

Compare Source

Patch Changes

• #​11838 8475346 Thanks @​alex-kinokon! - Don’t prompt for DevTools installation for browser extension page

• #​11839 6481fe1 Thanks @​jerelmiller! - Fix a regression in 3.9.5 where a merge function that returned an incomplete result would not allow the client to refetch in order to fulfill the query.

• #​11844 86984f2 Thanks @​jerelmiller! - Honor the @nonreactive directive when using cache.watchFragment or the useFragment hook to avoid rerendering when using these directives.

• #​11824 47ad806 Thanks @​phryneas! - Create branded QueryRef type without exposed properties.

  This change deprecates QueryReference in favor of a QueryRef type that doesn't expose any properties.
  This change also updates preloadQuery to return a new PreloadedQueryRef type, which exposes the toPromise function as it does today. This means that query refs produced by useBackgroundQuery and useLoadableQuery now return QueryRef types that do not have access to a toPromise function, which was never meant to be used in combination with these hooks.

  While we tend to avoid any types of breaking changes in patch releases as this, this change was necessary to support an upcoming version of the React Server Component integration, which needed to omit the toPromise function that would otherwise have broken at runtime.
  Note that this is a TypeScript-only change. At runtime, toPromise is still present on all queryRefs currently created by this package - but we strongly want to discourage you from accessing it in all cases except for the PreloadedQueryRef use case.

  Migration is as simple as replacing all references to QueryReference with QueryRef, so it should be possible to do this with a search & replace in most code bases:

  -import { QueryReference } from '@​apollo/client'
  +import { QueryRef } from '@​apollo/client'
  
  - function Component({ queryRef }: { queryRef: QueryReference<TData> }) {
  + function Component({ queryRef }: { queryRef: QueryRef<TData> }) {
    // ...
  }

• #​11845 4c5c820 Thanks @​jerelmiller! - Remove @nonreactive directives from queries passed to MockLink to ensure they are properly matched.

• #​11837 dff15b1 Thanks @​jerelmiller! - Fix an issue where a polled query created in React strict mode may not stop polling after the component unmounts while using the cache-and-network fetch policy.

typescript-eslint/typescript-eslint (@​typescript-eslint/eslint-plugin)

v7.10.0

Compare Source

🚀 Features

• eslint-plugin: [sort-type-constituents] support case sensitive sorting

🩹 Fixes

• eslint-plugin: [prefer-regexp-exec] fix heuristic to check whether regex may contain global flag

❤️ Thank You

• auvred
• Emanuel Hoogeveen
• jsfm01
• Kirk Waiblinger

You can read about our versioning strategy and releases on our website.

v7.9.0

Compare Source

🩹 Fixes

• eslint-plugin: [explicit-function-return-types] fix false positive on default parameters

❤️ Thank You

• Kirk Waiblinger
• Sheetal Nandi
• Vinccool96

You can read about our versioning strategy and releases on our website.

typescript-eslint/typescript-eslint (@​typescript-eslint/parser)

v7.10.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

v7.9.0

Compare Source

This was a version bump only for parser to align it with other projects, there were no code changes.

You can read about our versioning strategy and releases on our website.

vitejs/vite-plugin-react (@​vitejs/plugin-react)

v4.3.0

Compare Source

Fix support for React compiler

Don't set retainLines: true when the React compiler is used. This creates whitespace issues and the compiler is modifying the JSX too much to get correct line numbers after that. If you want to use the React compiler and get back correct line numbers for tools like vite-plugin-react-click-to-component to work, you should update your config to something like:

export default defineConfig(({ command }) => {
  const babelPlugins = [['babel-plugin-react-compiler', {}]]
  if (command === 'serve') {
    babelPlugins.push(['@​babel/plugin-transform-react-jsx-development', {}])
  }

  return {
    plugins: [react({ babel: { plugins: babelPlugins } })],
  }
})

Support HMR for class components

This is a long overdue and should fix some issues people had with HMR when migrating from CRA.

dtolnay/anyhow (anyhow)

v1.0.86

Compare Source

• Fix parse error in ensure! with non-literal after minus sign (#​373)

v1.0.85

Compare Source

• Improve ensure! macro's rules to unblock some rustc pretty-printer improvements (#​368, #​371)

v1.0.84

Compare Source

• Disallow calling ensure! through a Not impl for a type that is not bool (#​367)

oven-sh/bun (bun)

v1.1.10: Bun v1.1.10

Compare Source

To install Bun v1.1.10:

curl -fsSL https://bun.sh/install | bash

### or you can use npm
### npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.1.10:

bun upgrade

Read Bun v1.1.10's release notes on Bun's blog

Thanks to 9 contributors!

• @​cirospaciari
• @​dylan-conway
• @​eigilsagafos
• @​gvilums
• @​Jarred-Sumner
• @​jess-render
• @​Marukome0743
• @​nektro
• @​paperdave
• @​SunsetTechuila

v1.1.9: Bun v1.1.9

Compare Source

To install Bun v1.1.9:

curl -fsSL https://bun.sh/install | bash

### or you can use npm
### npm install -g bun

Windows:

powershell -c "irm bun.sh/install.ps1|iex"

To upgrade to Bun v1.1.9:

bun upgrade

Read Bun v1.1.9's release notes on Bun's blog

Thanks to 16 contributors!

• @​ahaoboy
• @​ananis25
• @​DaleSeo
• @​dylan-conway
• @​gaurishhs
• @​gvilums
• @​jakeboone02
• @​Jarred-Sumner
• @​lafkpages
• @​nektro
• @​paperdave
• @​ridiculousfish
• @​SunsetTechuila
• @​vitch
• @​zackradisic

obmarg/cynic (cynic)

v3.7.2

Compare Source

Changes

• Pulled in the latest cynic-parser, this should have no user facing impact.

v3.7.1

Compare Source

Bug Fixes

• Schema file should no longer cause clippy warnings if clippy::nursery is on.
  (#​951)

TedDriggs/darling (darling)

v0.20.9

• Allow word-form for newtype enum variants whose only field produces a value when from_none is called on their type #​249
• Add FromMeta impls for the std::num::NonZero* types #​288
• Fix panic in number FromMeta impls when the parsed value is too large for the receiver type #​289

open-telemetry/opentelemetry-collector-releases (ghcr.io/open-telemetry/opentelemetry-collector-releases/opentelemetry-collector-contrib)

v0.101.0

Compare Source

Check the v0.101.0 contrib changelog and the v0.101.0 core changelog for changelogs on specific components.

Changelog

• a09318c [chore] Prepare v0.101.0 (#​559)
• 962611e Bump actions/checkout from 4.1.5 to 4.1.6 (#​556)
• 36d5d69 added splunkenterprise receiver to the manifest (#​553)
• 5176736 Bump github.com/goreleaser/nfpm/v2 from 2.36.1 to 2.37.1 (#​549)
• 640329d Bump actions/checkout from 4.1.4 to 4.1.5 (#​548)
• a87da25 Bump goreleaser/goreleaser-action from 5.0.0 to 5.1.0 (#​547)
• c782c5d [chore] prepare v0.100.0 (#​545)
• f19cdbc Bump actions/setup-go from 5.0.0 to 5.0.1 (#​544)
• 2b50459 Add otlpencodingextension to contrib (#​542)
• b46b435 Bump actions/upload-artifact from 4.3.2 to 4.3.3 (#​541)
• fe5f3d6 Bump actions/checkout from 4.1.3 to 4.1.4 (#​540)
• 16d2f27 Bump anchore/sbom-action from 0.15.10 to 0.15.11 (#​538)
• 7fa522a Bump actions/download-artifact from 4.1.5 to 4.1.7 (#​539)
• b7383b6 Add zipkinencodingextension to contrib (#​537)

hyperium/hyper-util (hyper-util)

v0.1.4

Compare Source

• Add initial_max_send_streams() to legacy client builder
• Add max_pending_accept_reset_streams() to legacy client builder
• Add max_headers(usize) to auto server builder
• Add http1_onl() and http2_only() to auto server builder
• Add connection capturing API to legacy client
• Add impl Connection for TokioIo
• Fix graceful shutdown hanging on reading the HTTP version

mitsuhiko/insta (insta)

v1.39.0

Compare Source

• Fixed a bug in require_full_match. #​485

• Fixed a bug that caused snapshot and module names to sometimes be inaccurate. #​483

• Insta will no longer error when removing snapshots that were already removed. #​484

• Added support for trailing commas in inline snapshots. #​472

• Don't pass --color in all cases to libtest any more to work around limitations
  with custom test harnesses. #​491

rust-itertools/itertools (itertools)

v0.13.0

Compare Source

Breaking

• Removed implementation of DoubleEndedIterator for ConsTuples (#​853)
• Made MultiProduct fused and fixed on an empty iterator (#​835, #​834)
• Changed iproduct! to return tuples for maxi one iterator too (#​870)
• Changed PutBack::put_back to return the old value (#​880)
• Removed deprecated repeat_call, Itertools::{foreach, step, map_results, fold_results} (#​878)
• Removed TakeWhileInclusive::new (#​912)

Added

• Added Itertools::{smallest_by, smallest_by_key, largest, largest_by, largest_by_key} (#​654, #​885)
• Added Itertools::tail (#​899)
• Implemented DoubleEndedIterator for ProcessResults (#​910)
• Implemented Debug for FormatWith (#​931)
• Added Itertools::get (#​891)

Changed

• Deprecated Itertools::group_by (renamed chunk_by) (#​866, #​879)
• Deprecated unfold (use std::iter::from_fn instead) (#​871)
• Optimized GroupingMapBy (#​873, #​876)
• Relaxed Fn bounds to FnMut in diff_with, Itertools::into_group_map_by (#​886)
• Relaxed Debug/Clone bounds for MapInto (#​889)
• Documented the use_alloc feature (#​887)
• Optimized Itertools::set_from (#​888)
• Removed badges in README.md (#​890)
• Added "no-std" categories in Cargo.toml (#​894)
• Fixed Itertools::k_smallest on short unfused iterators (#​900)
• Deprecated Itertools::tree_fold1 (renamed tree_reduce) (#​895)
• Deprecated GroupingMap::fold_first (renamed reduce) (#​902)
• Fixed Itertools::k_smallest(0) to consume the iterator, optimized Itertools::k_smallest(1) (#​909)
• Specialized Combinations::nth (#​914)
• Specialized MergeBy::fold (#​920)
• Specialized CombinationsWithReplacement::nth (#​923)
• Specialized FlattenOk::{fold, rfold} (#​927)
• Specialized Powerset::nth (#​924)
• Documentation fixes (#​882, #​936)
• Fixed assert_equal for iterators longer than i32::MAX (#​932)
• Updated the must_use message of non-lazy KMergeBy and TupleCombinations (#​939)

Notable Internal Changes

• Tested iterator laziness (#​792)
• Created CONTRIBUTING.md (#​767)

<

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path engine/crates/engine/registry-v2-generator/Cargo.toml --package itertools@0.12.1 --precise 0.13.0
    Updating crates.io index
error: failed to select a version for the requirement `itertools = "^0.12"`
candidate versions found which didn't match: 0.13.0
location searched: crates.io index
required by package `serde_with_macros v3.8.1 (https://github.com/grafbase/serde_with?rev=06ad277a0e0175c2364d3c065e303a6c8a775c8a#06ad277a)`
    ... which satisfies git dependency `serde_with_macros` (locked to 3.8.1) of package `serde_with v3.8.1 (https://github.com/grafbase/serde_with?rev=06ad277a0e0175c2364d3c065e303a6c8a775c8a#06ad277a)`
    ... which satisfies dependency `serde_with = "^3.8.1"` (locked to 3.8.1) of package `grafbase-gateway v0.3.1 (/tmp/renovate/repos/github/grafbase/grafbase/gateway/crates/gateway-binary)`
perhaps a crate was updated and forgotten to be re-vendored?

File name: Cargo.lock

Command failed: cargo update --config net.git-fetch-with-cli=true --manifest-path cli/crates/server/Cargo.toml --package zip@1.2.3 --precise 1.3.1
    Updating crates.io index
error: failed to get `zip` as a dependency of package `grafbase-local-server v0.72.0 (/tmp/renovate/repos/github/grafbase/grafbase/cli/crates/server)`

Caused by:
  the `--precise <yanked-version>` flag is unstable, and only available on the nightly channel of Cargo, but this is the `stable` channel
  See https://doc.rust-lang.org/book/appendix-07-nightly-rust.html for more information about Rust release channels.
  See https://github.com/rust-lang/cargo/issues/4225 for more information about the `--precise <yanked-version>` flag.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.