fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@babel/core (source)	7.28.6 → 7.29.0
@babel/plugin-proposal-decorators (source)	7.28.6 → 7.29.0
@babel/preset-env (source)	7.28.6 → 7.29.0
@graphql-tools/wrap (source)	11.1.4 → 11.1.6
@types/node (source)	24.10.9 → 24.10.12
@types/react (source)	19.2.10 → 19.2.13
artillery	2.0.28 → 2.0.30
esbuild	0.27.2 → 0.27.3
next (source)	16.1.5 → 16.1.6
playwright (source)	1.58.0 → 1.58.2
rollup (source)	4.57.0 → 4.57.1
tar	7.5.6 → 7.5.7
wrangler (source)	4.61.0 → 4.63.0

---

Release Notes

babel/babel (@​babel/core)

v7.29.0

Compare Source

v7.29.0 (2026-01-31)

Thanks @​simbahax for your first PR!

🚀 New Feature

• babel-types
  • #​17750 [7.x backport] Add attributes import declaration builder (@​JLHwung)
• babel-standalone
  • #​17663 [7.x backport] feat(standalone): export async transform (@​JLHwung)
  • #​17725 [7.x backport] feat: read standalone targets from data-targets (@​JLHwung)

🐛 Bug Fix

• babel-parser
  • #​17765 fix(parser): correctly parse type assertions in extends clause (@​nicolo-ribaudo)
  • #​17723 [7.x backport] fix(parser): improve super type argument parsing (@​JLHwung)
• babel-traverse
  • #​17708 fix(traverse): provide a hub when traversing a File or Program and no parentPath is given (@​simbahax)
• babel-plugin-transform-block-scoping, babel-traverse
  • #​17737 [7.x backport] fix: Rename switch discriminant references when body creates shadowing variable (@​magic-akari)

🏃‍♀️ Performance

• babel-generator, babel-runtime-corejs3
  • #​17642 [Babel 7] Improve generator performance (@​liuxingbaoyu)

Committers: 6

• David (@​simbahax)
• Huáng Jùnliàng (@​JLHwung)
• Nicolò Ribaudo (@​nicolo-ribaudo)
• @​liuxingbaoyu
• @​magic-akari

graphql-hive/gateway (@​graphql-tools/wrap)

v11.1.6

Compare Source

Patch Changes

• Updated dependencies [2200fc3]:
  • @​graphql-tools/delegate@​12.0.6

v11.1.5

Compare Source

Patch Changes

• Updated dependencies [e92c5a9]:
  • @​graphql-tools/delegate@​12.0.5

artilleryio/artillery (artillery)

v2.0.30: Artillery v2.0.30

Compare Source

• Upgrade to Playwright v1.58.1 (#​3692)
• Fix: ensure that when running tests on Fargate, the pre-packaged versions of Playwright / Artillery CLI are always used, and not reinstalled as dependencies. This fixes Playwright browser binary mismatch errors under some conditions. (#​3693)

v2.0.29: Artillery v2.0.29

Compare Source

• Upgrade to Playwright v1.58.0 (#​3687)
• AWS Fargate: fix issue where tests that track many distinct metrics could report incomplete results (#​3684)

evanw/esbuild (esbuild)

v0.27.3

Compare Source

• Preserve URL fragments in data URLs (#​4370)

  Consider the following HTML, CSS, and SVG:

  • index.html:

    <!DOCTYPE html>
    <html>
      <head><link rel="stylesheet" href="icons.css"></head>
      <body><div class="triangle"></div></body>
    </html>

  • icons.css:

    .triangle {
      width: 10px;
      height: 10px;
      background: currentColor;
      clip-path: url(./triangle.svg#x);
    }

  • triangle.svg:

    <svg xmlns="http://www.w3.org/2000/svg">
      <defs>
        <clipPath id="x">
          <path d="M0 0H10V10Z"/>
        </clipPath>
      </defs>
    </svg>

  The CSS uses a URL fragment (the #x) to reference the clipPath element in the SVG file. Previously esbuild's CSS bundler didn't preserve the URL fragment when bundling the SVG using the dataurl loader, which broke the bundled CSS. With this release, esbuild will now preserve the URL fragment in the bundled CSS:

  /* icons.css */
  .triangle {
    width: 10px;
    height: 10px;
    background: currentColor;
    clip-path: url('data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg"><defs><clipPath id="x"><path d="M0 0H10V10Z"/></clipPath></defs></svg>#x');
  }

• Parse and print CSS @scope rules (#​4322)

  This release includes dedicated support for parsing @scope rules in CSS. These rules include optional "start" and "end" selector lists. One important consequence of this is that the local/global status of names in selector lists is now respected, which improves the correctness of esbuild's support for CSS modules. Minification of selectors inside @scope rules has also improved slightly.

  Here's an example:

  /* Original code */
  @​scope (:global(.foo)) to (:local(.bar)) {
    .bar {
      color: red;
    }
  }
  
  /* Old output (with --loader=local-css --minify) */
  @​scope (:global(.foo)) to (:local(.bar)){.o{color:red}}
  
  /* New output (with --loader=local-css --minify) */
  @​scope(.foo)to (.o){.o{color:red}}

• Fix a minification bug with lowering of for await (#​4378, #​4385)

  This release fixes a bug where the minifier would incorrectly strip the variable in the automatically-generated catch clause of lowered for await loops. The code that generated the loop previously failed to mark the internal variable references as used.

• Update the Go compiler from v1.25.5 to v1.25.7 (#​4383, #​4388)

  This PR was contributed by @​MikeWillCook.

vercel/next.js (next)

v16.1.6

Compare Source

[!NOTE]
This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#​88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#​88509)
• tweak LRU sentinel key (#​89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

microsoft/playwright (playwright)

v1.58.2

Compare Source

v1.58.1

Compare Source

Highlights

#​39036 fix(msedge): fix local network permissions
#​39037 chore: update cft download location
#​38995 chore(webkit): disable frame sessions on fronzen builds

Browser Versions

• Chromium 145.0.7632.6
• Mozilla Firefox 146.0.1
• WebKit 26.0

rollup/rollup (rollup)

v4.57.1

Compare Source

2026-01-30

Bug Fixes

• Fix heap corruption issue in Windows (#​6251)
• Ensure exports of a dynamic import are fully included when called from a try...catch (#​6254)

Pull Requests

• #​6251: fix: Isolate and cache process.report.getReport() calls in a child process for robust environment detection (@​alan-agius4, @​lukastaegert)
• #​6252: chore(deps): update dependency lru-cache to v11 (@​renovate[bot])
• #​6253: chore(deps): lock file maintenance minor/patch updates (@​renovate[bot], @​lukastaegert)
• #​6254: Fully include dynamic imports in a try-catch (@​lukastaegert)
• #​6255: chore(deps): lock file maintenance (@​renovate[bot])

isaacs/node-tar (tar)

v7.5.7

Compare Source

cloudflare/workers-sdk (wrangler)

v4.63.0

Compare Source

Minor Changes

• #​12386 447daa3 Thanks @​NuroDev! - Added new "open local explorer" hotkey for experimental/WIP local resource explorer

  When running wrangler dev with the experimental local explorer feature enabled, you can now press the e hotkey to open the local resource explorer UI in your browser.

Patch Changes

• #​11350 ee9b81f Thanks @​dario-piotrowicz! - fix: improve error message when the entrypoint is incorrect

  Error messages for incorrect entrypoint configuration have been improved to provide clearer and more actionable feedback. The updated messages help users understand what went wrong and how to fix their configuration.

• #​12402 63f1adb Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260131.0	1.20260203.0

• #​12418 ba13de9 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260203.0	1.20260205.0

• #​12216 fe3af35 Thanks @​ichernetsky-cf! - Deprecate 'wrangler cloudchamber apply' in favor of 'wrangler deploy'

• #​12368 bd4bb98 Thanks @​KianNH! - Preserve Containers configuration when using versions commands

  Previously, commands like wrangler versions upload would inadvertently disable Containers on associated Durable Object namespaces because the containers property was being omitted from the API request body.

• #​12396 dab4bc9 Thanks @​petebacondarwin! - fix: redact email addresses and account names in non-interactive mode

  To prevent sensitive information from being exposed in public CI logs, email addresses and account names are now redacted when running in non-interactive mode (e.g., CI environments). Account IDs remain visible to aid debugging.

• #​12378 18c0784 Thanks @​X6TXY! - Truncate Pages commit messages at UTF-8 boundaries to avoid invalid UTF-8

• Updated dependencies [63f1adb, ba13de9, 83adb2c]:

  • miniflare@​4.20260205.0

v4.62.0

Compare Source

Minor Changes

• #​12064 964a39d Thanks @​G4brym! - Add AI Search OAuth scopes to login

  Adds ai-search:write and ai-search:run OAuth scopes to the default login scopes, enabling wrangler to authenticate with AI Search APIs.

• #​11867 253a85d Thanks @​rahulsuresh-git! - Add wrangler r2 bucket local-uploads command to manage local uploads for R2 buckets

  When enabled, object data is written to the nearest region first, then asynchronously replicated to the bucket's primary region.

  Docs: https://developers.cloudflare.com/r2/buckets/local-uploads

  # Get local uploads status
  wrangler r2 bucket local-uploads get my-bucket
  
  # Enable local uploads (will prompt for confirmation)
  wrangler r2 bucket local-uploads enable my-bucket
  
  # Enable without confirmation prompt
  wrangler r2 bucket local-uploads enable my-bucket --force
  
  # Disable local uploads
  wrangler r2 bucket local-uploads disable my-bucket

• #​11803 1bd1488 Thanks @​dario-piotrowicz! - Add a new subrequests limit to the limits field of the Wrangler configuration file

  Before only the cpu_ms limit was supported in the limits field of the Wrangler configuration file, now a subrequests limit can be specified as well which enables the user to limit the number of fetch requests that a Worker's invocation can make.

  Example:

  {
  	"$schema": "./node_modules/wrangler/config-schema.json",
  	"limits": {
  		"cpu_ms": 1000,
  		"subrequests": 150 // newly added field
  	}
  }

• #​12185 f7aa8c7 Thanks @​penalosa! - Add timestamp field to the version metadata binding in local development. The version metadata binding now includes id, tag, and timestamp fields, making it easier to test version-aware logic locally.

Patch Changes

• #​12190 ce736b9 Thanks @​dario-piotrowicz! - Update autoconfig logic to handle Next.js projects by using the new @opennextjs/cloudflare migrate command

• #​12065 47944d1 Thanks @​langningchen! - Improve error message when d1 export --output points to a directory

• #​12292 4c4d5a5 Thanks @​dario-piotrowicz! - Add versionCommand to the autoconfig_summary field in the autoconfig output entry

  Add the version upload command to the output being printed by wrangler deploy to WRANGLER_OUTPUT_FILE_DIRECTORY/WRANGLER_OUTPUT_FILE_PATH. This complements the existing buildCommand and deployCommand fields and allows CI systems to know how to upload new versions of Workers.

  For example, for a standard npm project this would be:

  • Version command: npx wrangler versions upload

  While for a Next.js project it would be:

  • Version command: npx @​opennextjs/cloudflare upload

• #​12050 b05b919 Thanks @​NuroDev! - Fixed Wrangler's error handling for both invalid commands with and without the --help flag, ensuring consistent and clear error messages.

  Additionally, it also ensures that if you provide an invalid argument to a valid command, Wrangler will now correctly display that specific commands help menu.

• #​12289 0aaf080 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260128.0	1.20260129.0

• #​12295 b981db5 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260129.0	1.20260130.0

• #​12355 a113c0d Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260130.0	1.20260131.0

• #​11971 fdd7a9f Thanks @​dario-piotrowicz! - Add framework id, build command, and deploy command to the autoconfig_summary field in the deploy output entry

  Add the framework id alongside the commands to build and deploy the project to the output being printed by wrangler deploy to WRANGLER_OUTPUT_FILE_DIRECTORY or WRANGLER_OUTPUT_FILE_PATH.

  For example for an npm Astro project these would be:

  • Framework id: astro
  • Build command: npm run build
  • Deploy command: npx wrangler deploy

  While for a Next.js project they would instead be:

  • Framework id: next
  • Build command: npx @​opennextjs/cloudflare build
  • Deploy command: npx @​opennextjs/cloudflare deploy

• #​12211 a5fca2c Thanks @​elithrar! - Remove the 'pubsub' sub-command and related functionality

  The Pub/Sub product was never made publicly available and has been discontinued. This removes the wrangler pubsub command and all associated functionality.

• Updated dependencies [0c9625a, 0aaf080, b981db5, a113c0d, f7aa8c7]:

  • miniflare@​4.20260131.0
  • @​cloudflare/kv-asset-handler@​0.4.2

v4.61.1

Compare Source

Patch Changes

• #​12189 eb8a415 Thanks @​NuroDev! - Fixed Durable Object missing migrations warning message.

  If a Workers project includes some durable_objects in it but no migrations we show a warning to the user to add migrations to their config. However, this warning recommended new_classes for their migrations, but we instead now recommend all users use new_sqlite_classes instead.

• #​11804 3b06b18 Thanks @​emily-shen! - fix: allow d1 execute, d1 export, and d1 migrations to work locally without database_id in config.

• #​12183 17961bb Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260124.0	1.20260127.0

• #​12196 52fdfe7 Thanks @​dependabot! - chore: update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260127.0	1.20260128.0

• #​12199 6d8d9cd Thanks @​petebacondarwin! - Prevent wrangler logout from failing when the Wrangler configuration file is invalid

  Previously, if your wrangler.toml or wrangler.json file contained syntax errors or invalid values, the wrangler logout command would fail. Now, configuration parsing errors are caught and logged at debug level, allowing you to log out regardless of the state of your configuration file.

• #​12153 cb72c11 Thanks @​petebacondarwin! - Sanitize commands and arguments in telemetry to prevent accidentally capturing sensitive information.

  Changes:

  • Renamed telemetry fields from command/args to sanitizedCommand/sanitizedArgs to distinguish from historical fields that may have contained sensitive data in older versions
  • Command names now come from command definitions rather than user input, preventing accidental capture of sensitive data pasted as positional arguments
  • Sentry breadcrumbs now use the safe command name from definitions
  • Argument values are only included if explicitly allowed via COMMAND_ARG_ALLOW_LIST
  • Argument keys (names) are always included since they come from command definitions, not user input

• Updated dependencies [8a210af, 17961bb, 52fdfe7, 5f060c9]:

  • miniflare@​4.20260128.0
  • @​cloudflare/unenv-preset@​2.12.0

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

🚀 Snapshot Release (alpha)

The latest changes of this PR are available as alpha on npm (based on the declared changesets):

Package	Version	Info
graphql-modules	3.1.2-alpha-20260208015235-4016248ffdd01ec402b384349caa1a0bf0c4750f	npm ↗︎ unpkg ↗︎

[github-actions]

💻 Website Preview

The latest changes are available as preview in: https://pr-2648.graphql-modules.pages.dev