Skip to content

Build(deps): bump the npm_and_yarn group across 1 directory with 5 updates#2662

Open
dependabot[bot] wants to merge 1 commit into
db_v4from
dependabot/npm_and_yarn/graphql-bench/npm_and_yarn-83e89c9738
Open

Build(deps): bump the npm_and_yarn group across 1 directory with 5 updates#2662
dependabot[bot] wants to merge 1 commit into
db_v4from
dependabot/npm_and_yarn/graphql-bench/npm_and_yarn-83e89c9738

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 23, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 4 updates in the /graphql-bench directory: @tootallnate/once, lodash, qs and rollup.

Updates @tootallnate/once from 2.0.0 to 2.0.1

Release notes

Sourced from @​tootallnate/once's releases.

v2.0.1

Patch Changes

  • a1e5e2d: Fix promise hang when AbortSignal is aborted
Changelog

Sourced from @​tootallnate/once's changelog.

2.0.1

Patch Changes

  • a1e5e2d: Fix promise hang when AbortSignal is aborted
Commits
  • bcbb21d ci: fix OIDC publishing — Node 24, npm latest, provenance
  • dc24387 Version Packages (2.x) (#12)
  • b8a6f80 CI: test all Node versions on Linux only
  • dabcc0f ci: drop EOL Node.js 14.x/16.x, add 22.x
  • b464efc Update CI: modern Node versions, fix macOS ARM64 compat
  • a1e5e2d Fix promise hang when AbortSignal is aborted
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​tootallnate/once since your current version.


Updates esbuild from 0.23.1 to 0.27.3

Release notes

Sourced from esbuild's releases.

v0.27.3

  • Preserve URL fragments in data URLs (#4370)

    Consider the following HTML, CSS, and SVG:

    • index.html:

      <!DOCTYPE html>
      <html>
        <head><link rel="stylesheet" href="icons.css"></head>
        <body><div class="triangle"></div></body>
      </html>
    • icons.css:

      .triangle {
        width: 10px;
        height: 10px;
        background: currentColor;
        clip-path: url(./triangle.svg#x);
      }
    • triangle.svg:

      <svg xmlns="http://www.w3.org/2000/svg">
        <defs>
          <clipPath id="x">
            <path d="M0 0H10V10Z"/>
          </clipPath>
        </defs>
      </svg>

    The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

    /* icons.css */
    .triangle {
      width: 10px;
      height: 10px;
      background: currentColor;
      clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
    }

... (truncated)

Changelog

Sourced from esbuild's changelog.

Changelog: 2024

This changelog documents all esbuild versions published in the year 2024 (versions 0.19.12 through 0.24.2).

0.24.2

  • Fix regression with --define and import.meta (#4010, #4012, #4013)

    The previous change in version 0.24.1 to use a more expression-like parser for define values to allow quoted property names introduced a regression that removed the ability to use --define:import.meta=.... Even though import is normally a keyword that can't be used as an identifier, ES modules special-case the import.meta expression to behave like an identifier anyway. This change fixes the regression.

    This fix was contributed by @​sapphi-red.

0.24.1

  • Allow es2024 as a target in tsconfig.json (#4004)

    TypeScript recently added es2024 as a compilation target, so esbuild now supports this in the target field of tsconfig.json files, such as in the following configuration file:

    {
      "compilerOptions": {
        "target": "ES2024"
      }
    }

    As a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in the documentation.

    This fix was contributed by @​billyjanitsch.

  • Allow automatic semicolon insertion after get/set

    This change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:

    class Foo {
      get
      *x() {}
      set
      *y() {}
    }

    The above code will be considered valid starting with this release. This change to esbuild follows a similar change to TypeScript which will allow this syntax starting with TypeScript 5.7.

  • Allow quoted property names in --define and --pure (#4008)

    The define and pure API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes --define and --pure consistent with --global-name, which already supported quoted property names. For example, the following is now possible:

... (truncated)

Commits
  • 9129e00 publish 0.27.3 to npm
  • e20e411 small fix to release notes
  • 0dc0f2d fix #4322: parse and print CSS @scope rules
  • 55fe391 update firefox css gradient support
  • 2c35297 update gradient lowering transform
  • 9209e44 Update Go to 1.25.7 (#4388)
  • e8d861b close #4374: compat table for the using feature
  • 19b8887 no longer need williamkapke/node-compat-table
  • 7e44218 the kangax/compat-table repo moved to a new url
  • 23b9338 run make update-compat-table
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for esbuild since your current version.


Updates lodash from 4.17.21 to 4.17.23

Commits

Updates qs from 6.14.1 to 6.15.0

Changelog

Sourced from qs's changelog.

6.15.0

  • [New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)
  • [Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

  • [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)
  • [Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue
  • [Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)
  • [Fix] parse: enforce arrayLimit on comma-parsed values
  • [Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)
  • [Robustness] avoid .push, use void
  • [readme] document that addQueryPrefix does not add ? to empty output (#418)
  • [readme] clarify parseArrays and arrayLimit documentation (#543)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [meta] fix changelog typo (arrayLengtharrayLimit)
  • [actions] fix rebase workflow permissions
Commits
  • d9b4c66 v6.15.0
  • cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
  • 88e1563 [Fix] duplicates option should not apply to bracket notation keys
  • 9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
  • 85cc8ca v6.12.5
  • ffc12aa v6.11.4
  • 0506b11 [actions] update reusable workflows
  • 6a37faf [actions] update reusable workflows
  • 8e8df5a [Fix] fix regressions from robustness refactor
  • d60bab3 v6.10.7
  • Additional commits viewable in compare view

Updates rollup from 4.55.1 to 4.59.0

Release notes

Sourced from rollup's releases.

v4.59.0

4.59.0

2026-02-22

Features

  • Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

v4.58.0

4.58.0

2026-02-20

Features

  • Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

v4.57.1

4.57.1

2026-01-30

Bug Fixes

  • Fix heap corruption issue in Windows (#6251)
  • Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

4.59.0

2026-02-22

Features

  • Throw when the generated bundle contains paths that would leave the output directory (#6276)

Pull Requests

4.58.0

2026-02-20

Features

  • Also support __NO_SIDE_EFFECTS__ annotation before variable declarations declaring function expressions (#6272)

Pull Requests

4.57.1

2026-01-30

Bug Fixes

  • Fix heap corruption issue in Windows (#6251)
  • Ensure exports of a dynamic import are fully included when called from a try...catch (#6254)

Pull Requests

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

…dates

Bumps the npm_and_yarn group with 4 updates in the /graphql-bench directory: [@tootallnate/once](https://github.com/TooTallNate/once), [lodash](https://github.com/lodash/lodash), [qs](https://github.com/ljharb/qs) and [rollup](https://github.com/rollup/rollup).


Updates `@tootallnate/once` from 2.0.0 to 2.0.1
- [Release notes](https://github.com/TooTallNate/once/releases)
- [Changelog](https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md)
- [Commits](TooTallNate/once@2.0.0...v2.0.1)

Updates `esbuild` from 0.23.1 to 0.27.3
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md)
- [Commits](evanw/esbuild@v0.23.1...v0.27.3)

Updates `lodash` from 4.17.21 to 4.17.23
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.17.23)

Updates `qs` from 6.14.1 to 6.15.0
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.14.1...v6.15.0)

Updates `rollup` from 4.55.1 to 4.59.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.55.1...v4.59.0)

---
updated-dependencies:
- dependency-name: "@tootallnate/once"
  dependency-version: 2.0.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: esbuild
  dependency-version: 0.27.3
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: rollup
  dependency-version: 4.59.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file Javascript Features/Issues relating to WASM or our Javascript client labels Jun 23, 2026
@CLAassistant

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark 'Rust Benchmark'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 2.

Benchmark suite Current: bf68274 Previous: 9823ef7 Ratio
lotr_graph/num_edges 4 ns/iter (± 0) 0 ns/iter (± 0) +∞
lotr_graph/num_nodes 4 ns/iter (± 0) 1 ns/iter (± 0) 4
lotr_graph/graph_latest 3 ns/iter (± 0) 0 ns/iter (± 0) +∞
lotr_graph_materialise/materialize 8355723 ns/iter (± 59759) 1564816 ns/iter (± 35303) 5.34
lotr_graph_window_100/num_nodes 13 ns/iter (± 0) 5 ns/iter (± 0) 2.60
lotr_graph_window_100_materialise/materialize 8109661 ns/iter (± 124131) 1669150 ns/iter (± 10700) 4.86
lotr_graph_window_10/has_node_existing 136 ns/iter (± 9) 62 ns/iter (± 11) 2.19
lotr_graph_window_10_materialise/materialize 3303369 ns/iter (± 18687) 971980 ns/iter (± 4278) 3.40
lotr_graph_subgraph_10pc_materialise/materialize 2044658 ns/iter (± 13415) 334634 ns/iter (± 1287) 6.11
lotr_graph_subgraph_10pc_windowed/has_node_existing 140 ns/iter (± 9) 62 ns/iter (± 14) 2.26
lotr_graph_subgraph_10pc_windowed_materialise/materialize 1249453 ns/iter (± 8830) 230399 ns/iter (± 2617) 5.42
lotr_graph_window_50_layered/num_edges_temporal 142291 ns/iter (± 12050) 70121 ns/iter (± 7586) 2.03
lotr_graph_window_50_layered/has_node_existing 375 ns/iter (± 19) 129 ns/iter (± 12) 2.91
lotr_graph_window_50_layered/graph_latest 92073 ns/iter (± 1141) 36649 ns/iter (± 916) 2.51
lotr_graph_window_50_layered_materialise/materialize 29076487 ns/iter (± 167072) 3488825 ns/iter (± 24948) 8.33
lotr_graph_persistent_window_50_layered/num_edges_temporal 584937 ns/iter (± 21867) 192686 ns/iter (± 1569) 3.04
lotr_graph_persistent_window_50_layered/has_node_existing 415 ns/iter (± 374) 174 ns/iter (± 83) 2.39
lotr_graph_persistent_window_50_layered/graph_latest 122362 ns/iter (± 2063) 57549 ns/iter (± 4809) 2.13
lotr_graph_persistent_window_50_layered_materialise/materialize 49785604 ns/iter (± 752894) 5298035 ns/iter (± 147912) 9.40

This comment was automatically generated by workflow using github-action-benchmark.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file Javascript Features/Issues relating to WASM or our Javascript client

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant