chore(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@apollo/client (source)	3.13.5 -> 3.13.8					devDependencies	patch
@apollo/gateway (source)	2.10.0 -> 2.10.2					devDependencies	patch
@apollo/subgraph (source)	2.10.0 -> 2.10.2					devDependencies	patch
@changesets/cli (source)	2.28.1 -> 2.29.3					devDependencies	minor
@types/supertest (source)	6.0.2 -> 6.0.3					devDependencies	patch
graphql	16.10.0 -> 16.11.0					dependencies	minor
graphql	16.10.0 -> 16.11.0					devDependencies	minor
node (source)	22.14.0 -> 22.15.0					volta	minor

---

Release Notes

apollographql/apollo-client (@​apollo/client)

v3.13.8

Compare Source

Patch Changes

• #​12567 c19d415 Thanks @​thearchitector! - Fix in-flight multipart urql subscription cancellation

v3.13.7

Compare Source

Patch Changes

• #​12540 0098932 Thanks @​phryneas! - Refactor: Move notification scheduling logic from QueryInfo to ObservableQuery

• #​12540 0098932 Thanks @​phryneas! - Refactored cache emit logic for ObservableQuery. This should be an invisible change.

v3.13.6

Compare Source

Patch Changes

• #​12285 cdc55ff Thanks @​phryneas! - keep ObservableQuery created by useQuery non-active before it is first subscribed

apollographql/federation (@​apollo/gateway)

v2.10.2

Compare Source

Patch Changes

• Updated dependencies [0e457586002f5fd06eacfd00954ef1e285fd52d6]:
  • @​apollo/composition@​2.10.2
  • @​apollo/federation-internals@​2.10.2
  • @​apollo/query-planner@​2.10.2

v2.10.1

Compare Source

Patch Changes

• Corrects a set of denial-of-service (DOS) vulnerabilities that made it possible for an attacker to render gateway inoperable with certain simple query patterns due to uncontrolled resource consumption. All prior-released versions and configurations are vulnerable. (#​3236)

  See the associated GitHub Advisories GHSA-q2f9-x4p4-7xmh and GHSA-p2q6-pwh5-m6jr for more information.

• Updated dependencies [97d81b79c3da10175bdf92c2209039efe352de79]:

  • @​apollo/query-planner@​2.10.1
  • @​apollo/federation-internals@​2.10.1
  • @​apollo/composition@​2.10.1

changesets/changesets (@​changesets/cli)

v2.29.3

Compare Source

Patch Changes

• #​1589 de8bebc Thanks @​remorses, @​vzt7! - Fixed a crash in prerelease mode when a package misses the version field in its package.json

• #​1619 c1e8a78 Thanks @​manucorporat! - Support ../ in publishConfig.directory when publishing packages

• Updated dependencies [de8bebc]:

  • @​changesets/assemble-release-plan@​6.0.7
  • @​changesets/get-release-plan@​4.0.11

v2.29.2

Compare Source

Patch Changes

• #​1636 f73f84a Thanks @​Netail! - Correctly resolve new changesets with since option when the .changeset directory is not directly in the git root

• Updated dependencies [f73f84a]:

  • @​changesets/read@​0.6.5
  • @​changesets/git@​3.0.4
  • @​changesets/get-release-plan@​4.0.10
  • @​changesets/apply-release-plan@​7.0.12

v2.29.1

Compare Source

Patch Changes

• #​1620 b15e629 Thanks @​Netail! - Correctly fetch new changesets with since if the git option diff.relative has been set to true

• Updated dependencies [b15e629]:

  • @​changesets/git@​3.0.3
  • @​changesets/apply-release-plan@​7.0.11
  • @​changesets/read@​0.6.4
  • @​changesets/get-release-plan@​4.0.9

v2.29.0

Compare Source

Minor Changes

• #​1470 29f34a3 Thanks @​JounQin! - Support scoped registries configured using package.json#publishConfig

graphql/graphql-js (graphql)

v16.11.0: 16.11.0

Compare Source

v16.11.0 (2025-04-26)

New Feature 🚀

• #​4363 Ensure we validate for using nullable variables in oneOf input fields (@​JoviDeCroock)
• #​4366 feat(execution): add max coercion errors option to execution context (@​cristunaranjo)

Bug Fix 🐞

• #​4367 fix(coerce-input-value): input object coercion rejects arrays (@​cristunaranjo)

Docs 📝

11 PRs were merged

• #​4310 First draft for upgrade guide to v17 (@​JoviDeCroock)
• #​4331 fix sidebar for documentation and /api-v16 (@​dimaMachina)
• #​4335 Add cspell exception (@​JoviDeCroock)
• #​4340 Improve flow of documentation around GraphiQL (@​benjie)
• #​4343 typofix: removes extra parenthesis from getting started code snippet (@​rabahalishah)
• #​4351 fixed wrong variable name (@​fto-dev)
• #​4352 docs(getting-started): promises current links (@​guspan-tanadi)
• #​4368 Update docs for execution options (@​JoviDeCroock)
• #​4369 Correct some syntax (@​JoviDeCroock)
• #​4372 Refactor every code-first example to leverage resolve (@​JoviDeCroock)
• #​4373 docs: Update getting-started.mdx (@​Shubhdeep12)

Polish 💅

• #​4312 Increase print/visit performance (@​JoviDeCroock)

Internal 🏠

4 PRs were merged

• #​4327 Add redirect for /api (@​JoviDeCroock)
• #​4377 Chore: bump setup-node (@​JoviDeCroock)
• #​4378 Change to gqlConf 2025 (@​JoviDeCroock)
• #​4379 Add missing parenthesis (@​benjie)

Committers: 8

• Benjie(@​benjie)
• Cris Naranjo (@​cristunaranjo)
• Dimitri POSTOLOV(@​dimaMachina)
• Fatih Ozdemir(@​fto-dev)
• Guspan Tanadi(@​guspan-tanadi)
• Jovi De Croock(@​JoviDeCroock)
• Rabah Ali Shah(@​rabahalishah)
• Shubhdeep Chhabra(@​Shubhdeep12)

nodejs/node (node)

v22.15.0

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[svc-apollo-docs]

✅ Docs preview has no changes

The preview was not built because there were no changes.

Build ID: e0425c2fb89f49dc6f4a5a56

[codesandbox-ci]

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.