Bump the npm-dependencies group with 4 updates

[dependabot]

Bumps the npm-dependencies group with 4 updates: @graphql-tools/merge, @graphql-tools/schema, graphql-yoga and wrangler.

Updates @graphql-tools/merge from 9.0.24 to 9.1.1

Changelog

Sourced from @​graphql-tools/merge's changelog.

9.1.1

Patch Changes

• #7298 984d542 Thanks @​jdolle! - dependencies updates:

  • Removed dependency @theguild/federation-composition@^0.19.0 ↗︎ (from dependencies)

• #7298 984d542 Thanks @​jdolle! - Fix "Named export 'OperationTypeNode' not found"

• Updated dependencies [32d0457]:

  • @​graphql-tools/utils@​10.9.1

9.1.0

Minor Changes

• #7249 e5f98c2 Thanks @​jdolle! - Support repeatable @​link-ed federation directives; fix merging non-identical, repeatable directives

Patch Changes

• #7249 e5f98c2 Thanks @​jdolle! - dependencies updates:

  • Added dependency @theguild/federation-composition@^0.16.0 ↗︎ (to dependencies)

• #7276 3c21496 Thanks @​renovate! - dependencies updates:

  • Updated dependency @theguild/federation-composition@^0.19.0 ↗︎ (from ^0.16.0, in dependencies)

• Updated dependencies [22af985, 53db005]:

  • @​graphql-tools/utils@​10.9.0

Commits

• 13c4799 chore(release): update monorepo packages versions (#7300)
• 984d542 Replace dependency @​theguild/federation-composition in graphqlt-tools/merge (...
• c1680f3 chore(release): update monorepo packages versions (#7241)
• 3c21496 fix(deps): update dependency @​theguild/federation-composition to ^0.19.0 (#7276)
• e5f98c2 fix: support linked, repeatable, federation directives (#7249)
• 81f153f Fix tests
• See full diff in compare view

Updates @graphql-tools/schema from 10.0.23 to 10.0.25

Changelog

Sourced from @​graphql-tools/schema's changelog.

10.0.25

Patch Changes

• Updated dependencies [984d542, 984d542, 32d0457]:
  • @​graphql-tools/merge@​9.1.1
  • @​graphql-tools/utils@​10.9.1

10.0.24

Patch Changes

• Updated dependencies [e5f98c2, 3c21496, e5f98c2, 22af985, 53db005]:
  • @​graphql-tools/merge@​9.1.0
  • @​graphql-tools/utils@​10.9.0

Commits

• 13c4799 chore(release): update monorepo packages versions (#7300)
• c1680f3 chore(release): update monorepo packages versions (#7241)
• 6b515dd chore(deps): update dependency graphql-scalars to v1.24.2 (#7046)
• See full diff in compare view

Updates graphql-yoga from 5.13.5 to 5.15.1

Changelog

Sourced from graphql-yoga's changelog.

5.15.1

Patch Changes

• #4116 ecd605b Thanks @​enisdenjo! - Does not GraphQL error extensions when it's wrapping an internal server error

5.15.0

Minor Changes

• #4114 ccb5c53 Thanks @​enisdenjo! - Configurable GraphiQL logo and favicon

Patch Changes

• #4114 ccb5c53 Thanks @​enisdenjo! - Export GraphiQLPluginConfig and GraphiQLOptionsOrFactory

5.14.0

Minor Changes

• #4088 98c82a5 Thanks @​EmrysMyrddin! - Added new withState plugin utility for easy data sharing between hooks.

  New plugin utility to ease data sharing between hooks

  Sometimes, plugins can grow in complexity and need to share data between its hooks.

  A way to solve this can be to mutate the graphql context, but this context is not always available in all hooks in Yoga or Hive Gateway plugins. Moreover, mutating the context gives access to your internal data to all other plugins and graphql resolvers, without mentioning performance impact on field access on this object.

  The recommended approach to this problem was to use a WeakMap with a stable key (often the context or request object). While it works, it's not very convenient for plugin developers, and is prone to error with the choice of key.

  The new withState utility solves this DX issue by providing an easy and straightforward API for data sharing between hooks.

... (truncated)

Commits

• 0e38e89 chore(release): update monorepo packages versions (#4117)
• ecd605b Should not GraphQL error extensions when it's wrapping an internal server err...
• 580ad9d chore(release): update monorepo packages versions (#4115)
• ccb5c53 Configurable GraphiQL logo and favicon (#4114)
• adfee14 fix(deps): update all non-major dependencies (#4108)
• 096d53e fix(deps): update all non-major dependencies (#4100)
• 4aad787 chore(release): update monorepo packages versions (#4064)
• 4dfdc38 fix(deps): update all non-major dependencies (#4095)
• 6e04a7f fix(deps): update envelop (major) (#4087)
• 98c82a5 feat(graphql-yoga): Add new withState plugin util (#4088)
• Additional commits viewable in compare view

Updates wrangler from 4.22.0 to 4.27.0

Release notes

Sourced from wrangler's releases.

[email protected]

Minor Changes

• #9914 a24c9d8 Thanks @​petebacondarwin! - Add support for loading local dev vars from .env files

  If there are no .dev.vars or .dev.vars.<environment> files, when running Wrangler or the Vite plugin in local development mode, they will now try to load additional local dev vars from .env, .env.local, .env.<environment> and .env.<environment>.local files.

  These loaded vars are only for local development and have no effect in production to the vars in a deployed Worker. Wrangler and Vite will continue to load .env files in order to configure themselves as a tool.

  Further details:

  • In vite build the local vars will be computed and stored in a .dev.vars file next to the compiled Worker code, so that vite preview can use them.
  • The wrangler types command will similarly read the .env files (if no .dev.vars files) in order to generate the Env interface.
  • If the CLOUDFLARE_LOAD_DEV_VARS_FROM_DOT_ENV environment variable is "false" then local dev variables will not be loaded from .env files.
  • If the CLOUDFLARE_INCLUDE_PROCESS_ENV environment variable is "true" then all the environment variables found on process.env will be included as local dev vars.
  • Wrangler (but not Vite plugin) also now supports the --env-file=<path/to/dotenv/file> global CLI option. This affects both loading .env to configure Wrangler the tool as well as loading local dev vars.

Patch Changes

• #10051 0f7820e Thanks @​nikitassharma! - Add support for custom instance limits for containers. For example, instead of having to use the preconfigured dev/standard/basic instance types, you can now set:

  instance_type: {
    vcpu: 1,
    memory_mib: 1024,
    disk_mb: 4000
  }
  

  This feature is currently only available to customers on an enterprise plan.

• #10149 e9bb8d3 Thanks @​vicb! - fix require("debug") in nodejs_compat mode

• Updated dependencies [9b61f44]:

  • [email protected]

[email protected]

Patch Changes

• #10061 f8a80a8 Thanks @​emily-shen! - feat(containers): try to automatically get the socket path that the container engine is listening on.

  Currently, if your container engine isn't set up to listen on unix:///var/run/docker.sock (or isn't symlinked to that), then you have to manually set this via the dev.containerEngine field in your Wrangler config, or via the env vars WRANGLER_DOCKER_HOST. This change means that we will try and get the socket of the current context automatically. This should reduce the occurrence of opaque internal errors thrown by the runtime when the daemon is not listening on unix:///var/run/docker.sock.

  In addition to WRANGLER_DOCKER_HOST, DOCKER_HOST can now also be used to set the container engine socket address.

• #10048 dbdbb8c Thanks @​vicb! - pass the compatibility date and flags to the unenv preset

• #10096 687655f Thanks @​vicb! - bump unenv to 2.0.0-rc.19

... (truncated)

Changelog

Sourced from wrangler's changelog.

4.27.0

Minor Changes

• #9914 a24c9d8 Thanks @​petebacondarwin! - Add support for loading local dev vars from .env files

  If there are no .dev.vars or .dev.vars.<environment> files, when running Wrangler or the Vite plugin in local development mode, they will now try to load additional local dev vars from .env, .env.local, .env.<environment> and .env.<environment>.local files.

  These loaded vars are only for local development and have no effect in production to the vars in a deployed Worker. Wrangler and Vite will continue to load .env files in order to configure themselves as a tool.

  Further details:

  • In vite build the local vars will be computed and stored in a .dev.vars file next to the compiled Worker code, so that vite preview can use them.
  • The wrangler types command will similarly read the .env files (if no .dev.vars files) in order to generate the Env interface.
  • If the CLOUDFLARE_LOAD_DEV_VARS_FROM_DOT_ENV environment variable is "false" then local dev variables will not be loaded from .env files.
  • If the CLOUDFLARE_INCLUDE_PROCESS_ENV environment variable is "true" then all the environment variables found on process.env will be included as local dev vars.
  • Wrangler (but not Vite plugin) also now supports the --env-file=<path/to/dotenv/file> global CLI option. This affects both loading .env to configure Wrangler the tool as well as loading local dev vars.

Patch Changes

• #10051 0f7820e Thanks @​nikitassharma! - Add support for custom instance limits for containers. For example, instead of having to use the preconfigured dev/standard/basic instance types, you can now set:

  instance_type: {
    vcpu: 1,
    memory_mib: 1024,
    disk_mb: 4000
  }
  

  This feature is currently only available to customers on an enterprise plan.

• #10149 e9bb8d3 Thanks @​vicb! - fix require("debug") in nodejs_compat mode

• Updated dependencies [9b61f44]:

  • [email protected]

4.26.1

Patch Changes

• #10061 f8a80a8 Thanks @​emily-shen! - feat(containers): try to automatically get the socket path that the container engine is listening on.

  Currently, if your container engine isn't set up to listen on unix:///var/run/docker.sock (or isn't symlinked to that), then you have to manually set this via the dev.containerEngine field in your Wrangler config, or via the env vars WRANGLER_DOCKER_HOST. This change means that we will try and get the socket of the current context automatically. This should reduce the occurrence of opaque internal errors thrown by the runtime when the daemon is not listening on unix:///var/run/docker.sock.

  In addition to WRANGLER_DOCKER_HOST, DOCKER_HOST can now also be used to set the container engine socket address.

... (truncated)

Commits

• 463bfd2 Version Packages (#10116)
• e9bb8d3 fix require("debug") in nodejs_compat mode (#10149)
• 6e6d4a8 Make .dev.vars and .env consistent and remove deprecated templates (#10118)
• 0f7820e Add support for custom instance types (#10051)
• a24c9d8 Add support for reading .env files as runtime vars in local development (#9...
• 9b61f44 Bump the workerd-and-workers-types group with 2 updates (#10129)
• 68f2fca clarify image_vars in containers config is not available at runtime. (#10115)
• 4a4049c feat(vite-plugin): Add Containers-related info logs (#10071)
• c070c77 Version Packages (#10059)
• 75640c1 recommend DOCKER_HOST instead (#10097)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

👋 Thanks for opening a pull request!

If you are new, please check out the trimmed down summary of our deployment process below:

1. 👀 Observe the CI jobs and tests to ensure they are passing

2. ✔️ Obtain an approval/review on this pull request

3. 🚀 Deploy your pull request to the development environment with .deploy to development

4. 🚀 Deploy your pull request to the production environment with .deploy

   If anything goes wrong, rollback with .deploy main

5. 🎉 Merge!

Need help? Type .help as a comment or visit the usage guide for more details

Please note, if you have a more complex change, it is advised to claim a deployment lock with .lock <environment> --reason <reason> to prevent other deployments from happening while you are working on your change.

Once your PR has been merged, you can remove the lock with .unlock <environment>.

[Razzmatazzz]

.deploy

[github-actions]

Deployment Triggered 🚀

Razzmatazzz, started a branch deployment to production (branch: dependabot/npm_and_yarn/npm-dependencies-cffe0a1781)

You can watch the progress here 🔗

Details

{
  "type": "branch",
  "environment": {
    "name": "production",
    "url": "https://api.tarkov.dev/graphql"
  },
  "deployment": {
    "timestamp": "2025-08-01T02:05:31.242Z",
    "logs": "https://github.com/the-hideout/tarkov-api/actions/runs/16664407814"
  },
  "git": {
    "branch": "dependabot/npm_and_yarn/npm-dependencies-cffe0a1781",
    "commit": "8013e1f90d60d151d49850ef2c0baaa8faae9526",
    "verified": true,
    "committer": "web-flow",
    "html_url": "https://github.com/the-hideout/tarkov-api/commit/8013e1f90d60d151d49850ef2c0baaa8faae9526"
  },
  "context": {
    "actor": "Razzmatazzz",
    "noop": false,
    "fork": false,
    "comment": {
      "created_at": "2025-08-01T02:05:18Z",
      "updated_at": "2025-08-01T02:05:18Z",
      "body": ".deploy",
      "html_url": "https://github.com/the-hideout/tarkov-api/pull/395#issuecomment-3141915207"
    }
  },
  "parameters": {
    "raw": null,
    "parsed": null
  }
}

[github-actions]

API Deployment - Production 🌔

The API has been deployed to the production environment 🚀

• Endpoint: api.tarkov.dev/graphql
• Playground: api.tarkov.dev

Pusher: @Razzmatazzz, Action: issue_comment, Workflow: branch-deploy;

[github-actions]

Deployment Results ✅

Razzmatazzz successfully deployed branch dependabot/npm_and_yarn/npm-dependencies-cffe0a1781 to production

Details

{
  "status": "success",
  "environment": {
    "name": "production",
    "url": "https://api.tarkov.dev/graphql"
  },
  "deployment": {
    "id": 2813407174,
    "timestamp": "2025-08-01T02:06:01.583Z",
    "logs": "https://github.com/the-hideout/tarkov-api/actions/runs/16664407814",
    "duration": 30
  },
  "git": {
    "branch": "dependabot/npm_and_yarn/npm-dependencies-cffe0a1781",
    "commit": "8013e1f90d60d151d49850ef2c0baaa8faae9526",
    "verified": true
  },
  "context": {
    "actor": "Razzmatazzz",
    "noop": false,
    "fork": false
  },
  "reviews": {
    "count": 1,
    "decision": "APPROVED"
  },
  "parameters": {
    "raw": null,
    "parsed": null
  }
}

Environment URL: api.tarkov.dev/graphql