Skip to content

Build(deps): bump the npm_and_yarn group across 1 directory with 8 updates#2651

Closed
dependabot[bot] wants to merge 1 commit into
db_v4from
dependabot/npm_and_yarn/graphql-bench/npm_and_yarn-7eb850beca
Closed

Build(deps): bump the npm_and_yarn group across 1 directory with 8 updates#2651
dependabot[bot] wants to merge 1 commit into
db_v4from
dependabot/npm_and_yarn/graphql-bench/npm_and_yarn-7eb850beca

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 18, 2026

Copy link
Copy Markdown
Contributor

Bumps the npm_and_yarn group with 7 updates in the /graphql-bench directory:

Package From To
tsup 8.3.0 8.3.5
@grpc/grpc-js 1.14.3 1.14.4
@tootallnate/once 2.0.0 2.0.1
lodash 4.17.21 4.17.23
qs 6.14.1 6.15.0
rollup 4.55.1 4.62.0
shell-quote 1.8.3 1.8.4

Updates tsup from 8.3.0 to 8.3.5

Release notes

Sourced from tsup's releases.

v8.3.5

   🐞 Bug Fixes

    View changes on GitHub

v8.3.4

No significant changes

    View changes on GitHub

v8.3.3

No significant changes

    View changes on GitHub

v8.3.1

   🚀 Features

   🐞 Bug Fixes

    View changes on GitHub
Commits

Updates @grpc/grpc-js from 1.14.3 to 1.14.4

Release notes

Sourced from @​grpc/grpc-js's releases.

@​grpc/grpc-js 1.14.4

Commits
  • a380735 Merge pull request #3052 from murgatroid99/grpc-js_1.14.4
  • 5b8d37b Merge commit from fork
  • 6a97456 Merge commit from fork
  • e5e0b1d grpc-js: Bump version to 1.14.4
  • 5029a26 Make compression error a static string
  • 2fe55fd Fix crashes when receiving malformed compressed data
  • 234f917 Fix server crash when handling invalid requests
  • acef8d4 Merge pull request #3043 from murgatroid99/rbac_types_change_fix_1.14
  • 4f3c58f grpc-js-xds: Update RBAC code to handle Node type change, pin @​types/node
  • See full diff in compare view

Updates @tootallnate/once from 2.0.0 to 2.0.1

Release notes

Sourced from @​tootallnate/once's releases.

v2.0.1

Patch Changes

  • a1e5e2d: Fix promise hang when AbortSignal is aborted
Changelog

Sourced from @​tootallnate/once's changelog.

2.0.1

Patch Changes

  • a1e5e2d: Fix promise hang when AbortSignal is aborted
Commits
  • bcbb21d ci: fix OIDC publishing — Node 24, npm latest, provenance
  • dc24387 Version Packages (2.x) (#12)
  • b8a6f80 CI: test all Node versions on Linux only
  • dabcc0f ci: drop EOL Node.js 14.x/16.x, add 22.x
  • b464efc Update CI: modern Node versions, fix macOS ARM64 compat
  • a1e5e2d Fix promise hang when AbortSignal is aborted
  • See full diff in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​tootallnate/once since your current version.


Updates esbuild from 0.23.1 to 0.24.2

Release notes

Sourced from esbuild's releases.

v0.24.2

  • Fix regression with --define and import.meta (#4010, #4012, #4013)

    The previous change in version 0.24.1 to use a more expression-like parser for define values to allow quoted property names introduced a regression that removed the ability to use --define:import.meta=.... Even though import is normally a keyword that can't be used as an identifier, ES modules special-case the import.meta expression to behave like an identifier anyway. This change fixes the regression.

    This fix was contributed by @​sapphi-red.

v0.24.1

  • Allow es2024 as a target in tsconfig.json (#4004)

    TypeScript recently added es2024 as a compilation target, so esbuild now supports this in the target field of tsconfig.json files, such as in the following configuration file:

    {
      "compilerOptions": {
        "target": "ES2024"
      }
    }

    As a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in the documentation.

    This fix was contributed by @​billyjanitsch.

  • Allow automatic semicolon insertion after get/set

    This change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:

    class Foo {
      get
      *x() {}
      set
      *y() {}
    }

    The above code will be considered valid starting with this release. This change to esbuild follows a similar change to TypeScript which will allow this syntax starting with TypeScript 5.7.

  • Allow quoted property names in --define and --pure (#4008)

    The define and pure API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes --define and --pure consistent with --global-name, which already supported quoted property names. For example, the following is now possible:

    // The following code now transforms to "return true;\n"
    console.log(esbuild.transformSync(
      `return process.env['SOME-TEST-VAR']`,
      { define: { 'process.env["SOME-TEST-VAR"]': 'true' } },
    ))

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.24.2

  • Fix regression with --define and import.meta (#4010, #4012, #4013)

    The previous change in version 0.24.1 to use a more expression-like parser for define values to allow quoted property names introduced a regression that removed the ability to use --define:import.meta=.... Even though import is normally a keyword that can't be used as an identifier, ES modules special-case the import.meta expression to behave like an identifier anyway. This change fixes the regression.

    This fix was contributed by @​sapphi-red.

0.24.1

  • Allow es2024 as a target in tsconfig.json (#4004)

    TypeScript recently added es2024 as a compilation target, so esbuild now supports this in the target field of tsconfig.json files, such as in the following configuration file:

    {
      "compilerOptions": {
        "target": "ES2024"
      }
    }

    As a reminder, the only thing that esbuild uses this field for is determining whether or not to use legacy TypeScript behavior for class fields. You can read more in the documentation.

    This fix was contributed by @​billyjanitsch.

  • Allow automatic semicolon insertion after get/set

    This change fixes a grammar bug in the parser that incorrectly treated the following code as a syntax error:

    class Foo {
      get
      *x() {}
      set
      *y() {}
    }

    The above code will be considered valid starting with this release. This change to esbuild follows a similar change to TypeScript which will allow this syntax starting with TypeScript 5.7.

  • Allow quoted property names in --define and --pure (#4008)

    The define and pure API options now accept identifier expressions containing quoted property names. Previously all identifiers in the identifier expression had to be bare identifiers. This change now makes --define and --pure consistent with --global-name, which already supported quoted property names. For example, the following is now possible:

    // The following code now transforms to "return true;\n"
    console.log(esbuild.transformSync(
      `return process.env['SOME-TEST-VAR']`,
      { define: { 'process.env["SOME-TEST-VAR"]': 'true' } },

... (truncated)

Commits

Updates lodash from 4.17.21 to 4.17.23

Commits

Updates qs from 6.14.1 to 6.15.0

Changelog

Sourced from qs's changelog.

6.15.0

  • [New] parse: add strictMerge option to wrap object/primitive conflicts in an array (#425, #122)
  • [Fix] duplicates option should not apply to bracket notation keys (#514)

6.14.2

  • [Fix] parse: mark overflow objects for indexed notation exceeding arrayLimit (#546)
  • [Fix] arrayLimit means max count, not max index, in combine/merge/parseArrayValue
  • [Fix] parse: throw on arrayLimit exceeded with indexed notation when throwOnLimitExceeded is true (#529)
  • [Fix] parse: enforce arrayLimit on comma-parsed values
  • [Fix] parse: fix error message to reflect arrayLimit as max index; remove extraneous comments (#545)
  • [Robustness] avoid .push, use void
  • [readme] document that addQueryPrefix does not add ? to empty output (#418)
  • [readme] clarify parseArrays and arrayLimit documentation (#543)
  • [readme] replace runkit CI badge with shields.io check-runs badge
  • [meta] fix changelog typo (arrayLengtharrayLimit)
  • [actions] fix rebase workflow permissions
Commits
  • d9b4c66 v6.15.0
  • cb41a54 [New] parse: add strictMerge option to wrap object/primitive conflicts in...
  • 88e1563 [Fix] duplicates option should not apply to bracket notation keys
  • 9d441d2 Merge backport release tags v6.0.6–v6.13.3 into main
  • 85cc8ca v6.12.5
  • ffc12aa v6.11.4
  • 0506b11 [actions] update reusable workflows
  • 6a37faf [actions] update reusable workflows
  • 8e8df5a [Fix] fix regressions from robustness refactor
  • d60bab3 v6.10.7
  • Additional commits viewable in compare view

Updates rollup from 4.55.1 to 4.62.0

Release notes

Sourced from rollup's releases.

v4.62.0

4.62.0

2026-06-13

Features

  • Ensure that shared dependencies between manual chunks and entry points receive a serparate chunk (#6374)

Pull Requests

v4.61.1

4.61.1

2026-06-04

Bug Fixes

  • Avoid extraneous newlines when adding headers via plugins (#6403)
  • Fix a rare issue where starting Rollup would hang on Windows (#6404)

Pull Requests

v4.61.0

4.61.0

2026-06-01

Features

  • Sort entry modules to make chunk hashes deterministic (#6391)

Pull Requests

... (truncated)

Changelog

Sourced from rollup's changelog.

4.62.0

2026-06-13

Features

  • Ensure that shared dependencies between manual chunks and entry points receive a serparate chunk (#6374)

Pull Requests

4.61.1

2026-06-04

Bug Fixes

  • Avoid extraneous newlines when adding headers via plugins (#6403)
  • Fix a rare issue where starting Rollup would hang on Windows (#6404)

Pull Requests

4.61.0

2026-06-01

Features

  • Sort entry modules to make chunk hashes deterministic (#6391)

Pull Requests

... (truncated)

Commits
  • 5e0066d 4.62.0
  • 93e85fc chore(deps): update dependency eslint-plugin-unicorn to v65 (#6413)
  • 5c9ef2e fix(deps): update minor/patch updates (#6412)
  • 18654d8 chore(deps): lock file maintenance minor/patch updates (#6414)
  • d96ed95 Extract the static dependencies imported by manual chunks into separate chunk...
  • 126e141 chore(deps): pin dependency concurrently to v9 (#6406)
  • f2f58c4 chore(deps): lock file maintenance minor/patch updates (#6410)
  • 5a15062 chore(deps): update minor/patch updates to v6.2.0 (#6409)
  • d02f03a chore(deps): lock file maintenance minor/patch updates (#6407)
  • 844671c fix(deps): update minor/patch updates (#6405)
  • Additional commits viewable in compare view

Updates shell-quote from 1.8.3 to 1.8.4

Changelog

Sourced from shell-quote's changelog.

v1.8.4 - 2026-05-22

Commits

  • [Fix] quote: validate object-token shapes 4378a6e
  • [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, npmignore 22ebec0
  • [Tests] increase coverage 9f3caa3
  • [readme] replace runkit CI badge with shields.io check-runs badge 3344a04
  • [Dev Deps] update @ljharb/eslint-config 699c511
Commits
  • ff166e2 v1.8.4
  • 4378a6e [Fix] quote: validate object-token shapes
  • 22ebec0 [Dev Deps] update @ljharb/eslint-config, auto-changelog, eslint, `npmig...
  • 9f3caa3 [Tests] increase coverage
  • 3344a04 [readme] replace runkit CI badge with shields.io check-runs badge
  • 699c511 [Dev Deps] update @ljharb/eslint-config
  • See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

…dates

Bumps the npm_and_yarn group with 7 updates in the /graphql-bench directory:

| Package | From | To |
| --- | --- | --- |
| [tsup](https://github.com/egoist/tsup) | `8.3.0` | `8.3.5` |
| [@grpc/grpc-js](https://github.com/grpc/grpc-node) | `1.14.3` | `1.14.4` |
| [@tootallnate/once](https://github.com/TooTallNate/once) | `2.0.0` | `2.0.1` |
| [lodash](https://github.com/lodash/lodash) | `4.17.21` | `4.17.23` |
| [qs](https://github.com/ljharb/qs) | `6.14.1` | `6.15.0` |
| [rollup](https://github.com/rollup/rollup) | `4.55.1` | `4.62.0` |
| [shell-quote](https://github.com/ljharb/shell-quote) | `1.8.3` | `1.8.4` |



Updates `tsup` from 8.3.0 to 8.3.5
- [Release notes](https://github.com/egoist/tsup/releases)
- [Commits](egoist/tsup@v8.3.0...v8.3.5)

Updates `@grpc/grpc-js` from 1.14.3 to 1.14.4
- [Release notes](https://github.com/grpc/grpc-node/releases)
- [Commits](https://github.com/grpc/grpc-node/compare/@grpc/grpc-js@1.14.3...@grpc/grpc-js@1.14.4)

Updates `@tootallnate/once` from 2.0.0 to 2.0.1
- [Release notes](https://github.com/TooTallNate/once/releases)
- [Changelog](https://github.com/TooTallNate/once/blob/v2.0.1/CHANGELOG.md)
- [Commits](TooTallNate/once@2.0.0...v2.0.1)

Updates `esbuild` from 0.23.1 to 0.24.2
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG-2024.md)
- [Commits](evanw/esbuild@v0.23.1...v0.24.2)

Updates `lodash` from 4.17.21 to 4.17.23
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](lodash/lodash@4.17.21...4.17.23)

Updates `qs` from 6.14.1 to 6.15.0
- [Changelog](https://github.com/ljharb/qs/blob/main/CHANGELOG.md)
- [Commits](ljharb/qs@v6.14.1...v6.15.0)

Updates `rollup` from 4.55.1 to 4.62.0
- [Release notes](https://github.com/rollup/rollup/releases)
- [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md)
- [Commits](rollup/rollup@v4.55.1...v4.62.0)

Updates `shell-quote` from 1.8.3 to 1.8.4
- [Changelog](https://github.com/ljharb/shell-quote/blob/main/CHANGELOG.md)
- [Commits](ljharb/shell-quote@v1.8.3...v1.8.4)

---
updated-dependencies:
- dependency-name: tsup
  dependency-version: 8.3.5
  dependency-type: direct:development
  dependency-group: npm_and_yarn
- dependency-name: "@grpc/grpc-js"
  dependency-version: 1.14.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: "@tootallnate/once"
  dependency-version: 2.0.1
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: esbuild
  dependency-version: 0.24.2
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: lodash
  dependency-version: 4.17.23
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: qs
  dependency-version: 6.15.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: rollup
  dependency-version: 4.62.0
  dependency-type: indirect
  dependency-group: npm_and_yarn
- dependency-name: shell-quote
  dependency-version: 1.8.4
  dependency-type: indirect
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file Javascript Features/Issues relating to WASM or our Javascript client labels Jun 18, 2026
@CLAassistant

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
You have signed the CLA already but the status is still pending? Let us recheck it.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Performance Alert ⚠️

Possible performance regression was detected for benchmark 'Rust Benchmark'.
Benchmark result of this commit is worse than the previous benchmark result exceeding threshold 2.

Benchmark suite Current: 9815ec4 Previous: 9823ef7 Ratio
lotr_graph/num_edges 4 ns/iter (± 0) 0 ns/iter (± 0) +∞
lotr_graph/num_nodes 4 ns/iter (± 0) 1 ns/iter (± 0) 4
lotr_graph/has_node_nonexisting 5 ns/iter (± 0) 2 ns/iter (± 0) 2.50
lotr_graph/graph_latest 3 ns/iter (± 0) 0 ns/iter (± 0) +∞
lotr_graph_materialise/materialize 8015460 ns/iter (± 50044) 1564816 ns/iter (± 35303) 5.12
lotr_graph_window_100/num_nodes 13 ns/iter (± 0) 5 ns/iter (± 0) 2.60
lotr_graph_window_100_materialise/materialize 7912276 ns/iter (± 39936) 1669150 ns/iter (± 10700) 4.74
lotr_graph_window_10/has_node_existing 136 ns/iter (± 10) 62 ns/iter (± 11) 2.19
lotr_graph_window_10_materialise/materialize 3295884 ns/iter (± 8326) 971980 ns/iter (± 4278) 3.39
lotr_graph_subgraph_10pc/has_node_nonexisting 5 ns/iter (± 0) 2 ns/iter (± 0) 2.50
lotr_graph_subgraph_10pc_materialise/materialize 2035665 ns/iter (± 19962) 334634 ns/iter (± 1287) 6.08
lotr_graph_subgraph_10pc_windowed/has_node_existing 139 ns/iter (± 8) 62 ns/iter (± 14) 2.24
lotr_graph_subgraph_10pc_windowed_materialise/materialize 1238034 ns/iter (± 14253) 230399 ns/iter (± 2617) 5.37
lotr_graph_window_50_layered/num_edges_temporal 142226 ns/iter (± 2394) 70121 ns/iter (± 7586) 2.03
lotr_graph_window_50_layered/has_node_existing 398 ns/iter (± 21) 129 ns/iter (± 12) 3.09
lotr_graph_window_50_layered/has_node_nonexisting 5 ns/iter (± 0) 2 ns/iter (± 0) 2.50
lotr_graph_window_50_layered/graph_latest 83275 ns/iter (± 1740) 36649 ns/iter (± 916) 2.27
lotr_graph_window_50_layered_materialise/materialize 28964629 ns/iter (± 91159) 3488825 ns/iter (± 24948) 8.30
lotr_graph_persistent_window_50_layered/num_edges_temporal 582335 ns/iter (± 6265) 192686 ns/iter (± 1569) 3.02
lotr_graph_persistent_window_50_layered/has_node_existing 412 ns/iter (± 361) 174 ns/iter (± 83) 2.37
lotr_graph_persistent_window_50_layered/has_node_nonexisting 5 ns/iter (± 0) 2 ns/iter (± 0) 2.50
lotr_graph_persistent_window_50_layered/graph_latest 122157 ns/iter (± 7189) 57549 ns/iter (± 4809) 2.12
lotr_graph_persistent_window_50_layered_materialise/materialize 49490272 ns/iter (± 164278) 5298035 ns/iter (± 147912) 9.34

This comment was automatically generated by workflow using github-action-benchmark.

@dependabot @github

dependabot Bot commented on behalf of github Jun 20, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #2656.

@dependabot dependabot Bot closed this Jun 20, 2026
@dependabot dependabot Bot deleted the dependabot/npm_and_yarn/graphql-bench/npm_and_yarn-7eb850beca branch June 20, 2026 11:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file Javascript Features/Issues relating to WASM or our Javascript client

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant