chore(deps): update dependency graphql to v17.0.0-alpha.10

[svc-secops]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
graphql	17.0.0-alpha.2 -> 17.0.0-alpha.10

---

Release Notes

graphql/graphql-js (graphql)

v17.0.0-alpha.10

Compare Source

v17.0.0-alpha.10 (2026-02-24)

Breaking Change 💥

NOTE: This release introduced new/refined implementations of incremental delivery and execution cancellation. The prior implementations were reverted and the new implementations were re-implemented from scratch, see PRs below. Importantly, the newest cancellation implementation exposes the AbortSignal to resolvers via info.getAbortSignal() rather than info.abortSignal, a BREAKING CHANGE from the previous alpha. The newest incremental delivery implementation has only new features compared to the prior alpha (primarily sensitivity to back-pressure).

• #​4447 chore: drop unsupported node versions (@​yaacovCR)
• #​4464 use enableDevMode() or development condition instead of NODE_ENV (@​yaacovCR)
• #​4537 Reference implementation of defer and stream spec (@​yaacovCR)
• #​4536 Allow cancellation via abortSignal (@​yaacovCR)
• #​4535 temporarily revert cancellation (@​yaacovCR)
• #​4534 temporarily revert incremental delivery (@​yaacovCR)
• #​4560 fix incremental types (@​yaacovCR)
• #​3385 fix type for first argument to isTypeOf (@​ryym)

New Feature 🚀

• #​4448 enable conditional exports (@​yaacovCR)
• #​4468 predicates: replace instanceof with symbol based brand check (@​yaacovCR)
• #​3044 Schema Coordinates (@​leebyron)
• #​4546 introduce legacy incremental executor (@​yaacovCR)
• #​4550 add bigint support (@​yaacovCR)
• #​4561 let GraphQLArgs inherit all parse/validate/execute options (@​yaacovCR)
• #​4562 add graphql "harness" abstraction along with async parse/validate support (@​yaacovCR)
• #​4565 frontport #​4482: Implement changes for executable descriptions (@​yaacovCR)

Bug Fix 🐞

• #​4441 Ensure that 'schema' keyword kept when schema has description (@​benjie)
• #​4462 avoid re-visiting deferred fragment spreads (@​yaacovCR)
• #​4358 incremental: add new deferred fragments to the wrapped graphql result (@​yaacovCR)
• #​4469 perf: do not use undefined for empty error array (@​yaacovCR)
• #​4424 buildClientSchema: build enum type value maps lazily (@​yaacovCR)
• #​4481 Fix incorrect FormattedCompletedResult fields and add a FormattedPendingResult (@​jerelmiller)
• #​4495 chore: use latest npm lockfile metadata (@​yaacovCR)
• #​4494 fix(mapAsyncIterable): always close source when mapped iterable is thrown (@​yaacovCR)
• #​4496 refactor(execution): extract withCleanup from mapAsyncIterable (@​yaacovCR)
• #​4497 fix(withCleanup): remove extra tick (@​yaacovCR)
• #​4510 fix(Queue): calling stop should not drop pushed values (@​yaacovCR)
• #​4520 incremental: improve perf of OverlappingFieldsCanBeMerged (@​yaacovCR)
• #​4526 reduce ticks stemming from withCleanup (@​yaacovCR)
• #​4531 refactor: move errorPropagation to ValidatedExecutionArgs (@​yaacovCR)
• #​4533 add abrupt return handling for sync iterables (@​yaacovCR)
• #​4544 fix inner stream with async iterables (@​yaacovCR)
• #​4547 remove unnecessary Executor property (@​yaacovCR)
• #​4548 fix: memoize collectSubfields and getStreamUsage across Executors (@​yaacovCR)
• #​4554 use single phase of resolver abortSignal cancellation (@​yaacovCR)
• #​4559 restore FormattedExperimentalIncrementalExecutionResults (@​yaacovCR)
• #​4563 polish: improve GraphQL schema element config typing (@​yaacovCR)
• #​4567 frontport: incorrect validation errors when variable descriptions are used (#​4517) (@​yaacovCR)
• #​4568 fix: treat dot as punctuator for schema coordinate parsing (@​yaacovCR)
• #​4569 export all schema coordinate types (@​yaacovCR)
• #​4572 add "as const" to schema change type "enum" (@​yaacovCR)
• #​4583 validation: align MaxIntrospectionDepthRule with v16 backport (@​yaacovCR)
• #​4596 chore(eslint): simplify ignore-pattern (@​yaacovCR)

Docs 📝

3 PRs were merged

• #​4487 Remove subscription section from README (@​NeoPhi)
• #​4577 Revert website on next to 16.x.x version (@​yaacovCR)
• #​4590 align README with new dev mode (@​yaacovCR)

Polish 💅

35 PRs were merged

• #​4454 integrationTests: pin bun/deno versions (@​yaacovCR)
• #​4459 upgrade dependencies (@​yaacovCR)
• #​4472 docs: update dual-build information within README (@​yaacovCR)
• #​4500 polish(withCleanup): condense one line (@​yaacovCR)
• #​4499 refactor(mapAsyncIterable): use withCleanup to simplify (@​yaacovCR)
• #​4498 refactor: extract Queue from IncrementalPublisher and IncrementalGraph (@​yaacovCR)
• #​4501 polish(Queue): further simplify algorithm (@​yaacovCR)
• #​4502 polish(IncrementalPublisher): introduce ensureId helper (@​yaacovCR)
• #​4503 polish(IncrementalPublisher): simplify early return handling (@​yaacovCR)
• #​4527 refactor(execution): add separate entrypoints file (@​yaacovCR)
• #​4528 refactor(execute): minor refactor (@​yaacovCR)
• #​4529 refactor: streamline variable name (@​yaacovCR)
• #​4532 withConcurrentAbruptClose should await handlers (@​yaacovCR)
• #​4538 rename execute.ts to Executor.ts file (@​yaacovCR)
• #​4539 rename entrypoints.ts to execute.ts (@​yaacovCR)
• #​4540 move subscription helpers from Executor to execute (@​yaacovCR)
• #​4541 convert ExecutionContext interface and functions to Executor (@​yaacovCR)
• #​4542 polish: clean up abort listener without checking hasNext (@​yaacovCR)
• #​4543 extract getStreamUsage (@​yaacovCR)
• #​4545 extract IncrementalExecutor from Executor (@​yaacovCR)
• #​4549 streamline scalar coercion (@​yaacovCR)
• #​4570 add tests for validateInputValue / validateInputLiteral (@​yaacovCR)
• #​4571 add additional mapSchemaConfig tests (@​yaacovCR)
• #​4573 valueFromAST: use nullish to simplify (@​yaacovCR)
• #​4580 test(validation): add empty-selection case from 16.x.x backport (@​yaacovCR)
• #​4581 test(validation): add OneOf variable tests from 16.x.x to next (@​yaacovCR)
• #​4584 remove legacy comment (@​yaacovCR)
• #​4585 align schema coordinates comments (@​yaacovCR)
• #​4587 validation: add description-handling comment (@​yaacovCR)
• #​4586 polish: align schema coordinate whitespace (@​yaacovCR)
• #​4588 polish: reorder tests to match 16.x.x (@​yaacovCR)
• #​4589 prune cspell file (@​yaacovCR)
• #​4592 upgrade deps (@​yaacovCR)
• #​4593 lint: add brackets to path (@​yaacovCR)
• #​4595 test(execution): add additional tests from original PR #​4458 (@​yaacovCR)

Internal 🏠

14 PRs were merged

• #​4446 add integration tests for dev/prod (@​yaacovCR)
• #​4455 pin bun and deno versions within integration script (@​yaacovCR)
• #​4457 internal: use swc with ts-node (@​yaacovCR)
• #​4456 avoid spawn with shell: true and arguments (@​yaacovCR)
• #​4465 increase memory allowance for benchmarks (@​yaacovCR)
• #​4467 internal: revert formatting change (@​yaacovCR)
• #​4471 chore: update module/moduleResolution settings (@​yaacovCR)
• #​4566 frontport: update contributing (#​4524) (@​yaacovCR)
• #​4574 prune prettierignore (@​yaacovCR)
• #​4575 remove old generated next folder from .gitignore (@​yaacovCR)
• #​4576 frontport: chore: always ignore scripts (#​4514) (@​yaacovCR)
• #​4578 website: fix build (@​yaacovCR)
• #​4579 Include website within main CI for lintiing (@​yaacovCR)
• #​4591 add latest version of node to test matrix (@​yaacovCR)

Committers: 6

• Benjie(@​benjie)
• Daniel Rinehart(@​NeoPhi)
• Jerel Miller(@​jerelmiller)
• Lee Byron(@​leebyron)
• Ryutaro Yamada(@​ryym)
• Yaacov Rydzinski (@​yaacovCR)

v17.0.0-alpha.9

Compare Source

v17.0.0-alpha.9 (2025-06-11)

Breaking Change 💥

• #​4342 Validate against @stream on different instances of the same field (@​robrichard)
• #​3974 Forbid @skip and @include directives in subscription root selection (@​benjie)
• #​3986 Reject deprecated fields when interface field is not deprecated (@​benjie)
• #​4354 Make includeDeprecated non-null (@​martinbonnin)
• #​4425 feat: pass abortSignal to resolvers via GraphQLResolveInfo (@​glasser)

New Feature 🚀

• #​4348 Add support for @​experimental_disableErrorPropagation (@​martinbonnin)

Bug Fix 🐞

• #​4389 fix(replaceVariables): preserve sources for fragment variable values (@​yaacovCR)

Polish 💅

• #​4407 Minor validation tweaks from review (@​benjie)

Internal 🏠

5 PRs were merged

• #​4355 Remove website from linting (@​JoviDeCroock)
• #​4413 internal: refresh port of v16 work to next (@​yaacovCR)
• #​4420 internal: frontport additional amazing docs work (@​yaacovCR)
• #​4421 fix(benchmark): fix incorrect merge of original commit from v16 (@​yaacovCR)

Committers: 6

• Benjie(@​benjie)
• David Glasser(@​glasser)
• Jovi De Croock(@​JoviDeCroock)
• Martin Bonnin(@​martinbonnin)
• Rob Richard(@​robrichard)
• Yaacov Rydzinski (@​yaacovCR)

v17.0.0-alpha.8

Compare Source

v17.0.0-alpha.8 (2025-01-14)

Breaking Change 💥

• #​3814 RFC: Default value validation & coercion (@​yaacovCR)
• #​4288 introduce GraphQLField, GraphQLInputField, GraphQLArgument, and GraphQLEnumValue (@​yaacovCR)
• #​4296 ease upgrade path for programmatic default values (@​yaacovCR)
• #​4322 Make @stream initialCount NonNull (@​robrichard)

New Feature 🚀

• #​4261 feat: pass abortSignal to resolvers (@​yaacovCR)
• #​4267 cancel execution despite hanging async resolvers (@​yaacovCR)
• #​4263 stop resolvers after execution ends (@​yaacovCR)
• #​4275 Add safe schema change for descriptions changing (@​JoviDeCroock)
• #​4277 Detect directive argument changes (@​JoviDeCroock)
• #​4274 add cancellation support to async iterable iteration (@​yaacovCR)
• #​3601 Add KnownOperationTypes rule (@​yaacovCR)

Bug Fix 🐞

• #​4299 Make deprecated.reason non-nullable (@​martinbonnin)
• #​4313 type fix for ExperimentalIncrementalExecutionResults (@​yaacovCR)

Polish 💅

13 PRs were merged

• #​4260 adjust prefix for toError (@​yaacovCR)
• #​4265 use object for GraphQLWrappedResult instead of tuple (@​yaacovCR)
• #​4254 Remove typescript enums in favor of plain JS/TS solution (@​JoviDeCroock)
• #​4273 polish: refactor execution plan functions to match spec (@​yaacovCR)
• #​4282 rename PromiseCanceller to AbortSignalListener (@​yaacovCR)
• #​4294 polish: fix lexer state comment (@​yaacovCR)
• #​4270 refactor: treeshakable kind enum (@​jasonkuhrt)
• #​4297 introduces mapSchemaConfig utility function (@​yaacovCR)
• #​4306 polish: fix switched comments in GraphQLScalarTypeConfig (@​hayes)
• #​4308 move subscription @defer check out of collectFields (@​yaacovCR)
• #​4309 use operation.selectionSet as argument to collectFields() instead of operation (@​yaacovCR)
• #​4307 update validateInputValue to use renamed method (@​yaacovCR)
• #​4320 polish: skip recollecting a named fragment's selections even when deferred (@​yaacovCR)

Internal 🏠

2 PRs were merged

• #​4304 internal: update CONTRIBUTING guide (@​yaacovCR)
• #​4301 frontport v16 work to main (@​yaacovCR)

Committers: 6

• Jason Kuhrt(@​jasonkuhrt)
• Jovi De Croock(@​JoviDeCroock)
• Martin Bonnin(@​martinbonnin)
• Michael Hayes(@​hayes)
• Rob Richard(@​robrichard)
• Yaacov Rydzinski (@​yaacovCR)

v17.0.0-alpha.7.canary.pr.4319.e7cfada212d5cdd7dc09890bef82ac9da32026eb

Compare Source

v17.0.0-alpha.7.canary.pr.4319.abe5e8e0bb4a916f37d6d1b7fdcf128155a24a46

Compare Source

v17.0.0-alpha.7.canary.pr.4319.55799077dbb6c5ab0c33471482a66b91f048a516

Compare Source

v17.0.0-alpha.7.canary.pr.4319.09f8d400782ed385ec6f8fb9d151e221414af613

Compare Source

v17.0.0-alpha.7.canary.pr.4297.42bcd01f7c733e255ff9eab84ec8d7500dfd208a

Compare Source

v17.0.0-alpha.7.canary.pr.4297.1ef860e11444e48f590000a92cfbe80a73ae7156

Compare Source

v17.0.0-alpha.7.canary.pr.4297.096937aa86603f461be857eae48d8b2061b39e26

Compare Source

v17.0.0-alpha.7.canary.pr.4297.06006bf6f8de51bb2fa9e99caedfed1c13236037

Compare Source

v17.0.0-alpha.7.canary.pr.4288.b96419eebb37a65c76964ccd0994ab9d3b4e8215

Compare Source

v17.0.0-alpha.7

Compare Source

v17.0.0-alpha.7 (2024-08-14)

Bug Fix 🐞

• #​4100 Require non-empty directive locations (@​jbellenger)
• #​4125 Rename inputObjectOneOf to oneOf in getIntrospectionQuery() (@​benjie)
• #​4144 return async iterables in the non incremental delivery case (@​yaacovCR)
• #​4140 fix(incremental): do not initiate non-pending execution groups (@​yaacovCR)
• #​4160 fix(incremental): fix paths for subsequent async stream items (@​yaacovCR)

Polish 💅

5 PRs were merged

• #​4108 polish(incremental): refactor getNewPending functionality (@​yaacovCR)
• #​4112 refactor(incremental): simplify incremental graph by allowing mutations (@​yaacovCR)
• #​4141 polish(incremental): small fixes (@​yaacovCR)
• #​4147 incremental: optimize build field plan (@​yaacovCR)
• #​4148 polish(incremental): rename terms to match spec (@​yaacovCR)

Internal 🏠

2 PRs were merged

• #​4130 chore: Tag GraphQL JS reviewers team for reviews on PRs (@​saihaj)
• #​4162 chore(actions): upgrade to latest versions (@​yaacovCR)

Committers: 4

• Benjie(@​benjie)
• James Bellenger(@​jbellenger)
• Saihajpreet Singh(@​saihaj)
• Yaacov Rydzinski (@​yaacovCR)

v17.0.0-alpha.6

Compare Source

v17.0.0-alpha.5.canary.pr.4153.d5c18bebb93273daf40fce67daa1babc430a2ce2

Compare Source

v17.0.0-alpha.5.canary.pr.4153.4ff43175428332c954563050819fcb612e19ca41

Compare Source

v17.0.0-alpha.5

Compare Source

v17.0.0-alpha.5 (2024-06-21)

New Feature 🚀

• #​4018 Enable passing values configuration to GraphQLEnumType as a thunk (@​benjie)
• #​4078 Add @oneOf support to introspection query (@​maciesielka)

Committers: 2

• Benjie(@​benjie)
• Mike Ciesielka(@​maciesielka)

v17.0.0-alpha.4

Compare Source

v17.0.0-alpha.4 (2024-06-21)

Breaking Change 💥

• #​4097 incremental: disable early execution by default (@​yaacovCR)

New Feature 🚀

• #​4002 allow nested defers at the same level (@​yaacovCR)
• #​4118 Introduce "recommended" validation rules (@​benjie)

Bug Fix 🐞

• #​3984 fix: suppress records for deferred fragments that are completely empty (@​yaacovCR)
• #​3987 fix(incremental): fix logic around selecting id/subPath (@​yaacovCR)
• #​3969 Add support for @​oneOf directives in printSchema (@​hayes)
• #​3993 fix(incremental): skip all empty subsequent results (@​yaacovCR)
• #​4044 Fix stream directive validation error message (@​Cito)

Docs 📝

• #​4105 Update release instructions in CONTRIBUTING.md (@​benjie)

Polish 💅

15 PRs were merged

• #​3970 tests: remove empty strings in string literals (@​IvanGoncharov)
• #​3994 simplify CollectFields for @defer and @stream (@​yaacovCR)
• #​4045 rename executeImpl to executeOperation (@​yaacovCR)
• #​4026 incremental: introduce GraphQLWrappedResult to avoid filtering (@​yaacovCR)
• #​4050 perf: allow skipping of field plan generation (@​yaacovCR)
• #​4051 perf: introduce completePromisedListItemValue (@​yaacovCR)
• #​4052 refactor: introduce completeIterableValue (@​yaacovCR)
• #​4076 incremental: avoid double loop with stream from sync iterables (@​yaacovCR)
• #​4046 perf: use undefined for empty (@​yaacovCR)
• #​3997 Add test for consolidating grouped field sets properly into deferred fragments (@​yaacovCR)
• #​4099 refactor: extract execution types to separate file (@​yaacovCR)
• #​4101 incremental(stream): revert test logic (@​yaacovCR)
• #​4094 incremental: introduce IncrementalGraph class to manage tree of subsequent results (@​yaacovCR)
• #​4098 incremental: handle Stream as stream rather than linked list (@​yaacovCR)
• #​4106 polish(IncrementalPublisher): remove unnecessary check and method call (@​yaacovCR)

Internal 🏠

5 PRs were merged

• #​3992 Use node v20 for CI (@​robrichard)
• #​4013 docs: reviewer and merge process (@​saihaj)
• #​4030 fix(benchmark): select npm.cmd on windows (@​yaacovCR)
• #​4029 benchmark: update v8 flag (@​yaacovCR)
• #​4121 port[v17]: Fix publish scripts (@​benjie)

Committers: 7

• Benjie(@​benjie)
• Christoph Zwerschke(@​Cito)
• Ivan Goncharov(@​IvanGoncharov)
• Michael Hayes(@​hayes)
• Rob Richard(@​robrichard)
• Saihajpreet Singh(@​saihaj)
• Yaacov Rydzinski (@​yaacovCR)

v17.0.0-alpha.3.canary.pr.4097.291dd92c9059c6bcc88ff1fa21058a8ac519cf83

Compare Source

v17.0.0-alpha.3.canary.pr.4035.3404abc2382e32f6a3ab26f08a9ed54554678fa9

Compare Source

v17.0.0-alpha.3.canary.pr.4032.8bcdcea90e0a24432a78270866c27e0db6a2ae4d

Compare Source

v17.0.0-alpha.3.canary.pr.4032.4fb41fe3e1f2b4b27437138d6d7d4763c1992e7a

Compare Source

v17.0.0-alpha.3.canary.pr.4026.d2f30cc0780dd436b1a05aa23dfa28c83da7d033

Compare Source

v17.0.0-alpha.3.canary.pr.4026.74aa85f56dea9ab9feb4445165eb0e2347ea674f

Compare Source

v17.0.0-alpha.3.canary.pr.4026.5e657d31b3abdc38acd6bb21c50ed3a41aa33905

Compare Source

v17.0.0-alpha.3.canary.pr.4026.5922420b3b235970ee230497190e28c8290c8f16

Compare Source

v17.0.0-alpha.3.canary.pr.4026.405885d861f562a160f9e92d0be418d819312016

Compare Source

v17.0.0-alpha.3.canary.pr.4026.1140ceffaf9629dd46a16d4fd28479240752f6eb

Compare Source

v17.0.0-alpha.3.canary.pr.4002.b3f6af2e83280d7830b2a01265e0977b7b68e2f4

Compare Source

v17.0.0-alpha.3.canary.pr.3969.83688beb16ecba5a0495158c3c2b3684730579bf

Compare Source

v17.0.0-alpha.3.canary.pr.3791.4a8f641106bee54f1e4a4de4bf59c49976541b00

Compare Source

v17.0.0-alpha.3

Compare Source

v17.0.0-alpha.3 (2023-09-06)

This release contains a new response format for operations containing the experimental @​defer & @​stream directives. This new response format addresses issues around data duplication, response amplification, and data consistency that affected the previous response format. See https://github.com/graphql/defer-stream-wg/discussions/69 for more information.

Breaking Change 💥

• #​3742 Remove defer/stream support from subscriptions (@​robrichard)
• #​3722 original execute should throw if defer/stream directives are present (@​yaacovCR)
• #​3855 Drop support for node14 (@​IvanGoncharov)
• #​3875 GraphQLInputObjectType: remove check that duplicate TS types (@​IvanGoncharov)
• #​3886 RFC: incremental delivery: without branching, with deduplication (@​yaacovCR)
• #​3897 incremental delivery: add pending notifications (@​yaacovCR)
• #​3960 incremental: utilize id and subPath rather than path and label (@​yaacovCR)

New Feature 🚀

• #​3754 enhancement: remove extra ticks (@​yaacovCR)
• #​3877 GraphQLInterface: add missing template parameters (@​IvanGoncharov)
• #​3860 Make print() break long List and Object Values over multiple line (@​dylanowen)
• #​3822 Expose printDirective function to enable schema sharding (@​tomgasson)
• #​3513 Implement OneOf Input Objects via @oneOf directive (@​erikkessler1)
• #​3929 incremental: subsequent result records should not store parent references (@​yaacovCR)
• #​3948 Add support for fourfold nested lists in introspection (@​gschulze)

Bug Fix 🐞

• #​3746 fix: allow async errors to bubble to AsyncIterable list items (@​yaacovCR)
• #​3747 add filtering for asyncIterable lists (@​yaacovCR)
• #​3748 Fix typo in the error message for max tokens (@​Cito)
• #​3753 fix(incrementalDelivery): filtering should never affect the error source (@​yaacovCR)
• #​3757 fix: re-initialize subsequentPayloads (@​yaacovCR)
• #​3706 Fix crash in node when mixing sync/async resolvers (@​chrskrchr)
• #​3763 resources/utils: fix git().revList (@​IvanGoncharov)
• #​3760 fix(incrementalDelivery): fix null bubbling with async iterables (@​yaacovCR)
• #​3776 extendSchema: preserve "description" and "extensions" (@​igrlk)
• #​3837 fix: invalid originalError propagation in custom scalars (@​stenreijers)
• #​3839 Fix ambiguity around when schema definition may be omitted (@​benjie)
• #​3832 internal: fix inlineInvariant for cjs builds that require filenames with explicit extensions (@​yaacovCR)
• #​3864 Narrow the return type of astFromValue (@​dylanowen)
• #​3869 printSchema: correctly print empty description (@​IvanGoncharov)
• #​3873 ASTReducer: correctly type scalar values (@​IvanGoncharov)
• #​3899 asyncIterable: locate async iterator errors to the collection (@​yaacovCR)
• #​3894 introduce new IncrementalPublisher class (@​yaacovCR)
• #​3961 fix(types): path is required within incremental results (@​yaacovCR)
• #​3937 Improve description for @oneOf directive (@​spawnia)
• #​3965 instanceOf: workaround bundler issue with process.env (@​IvanGoncharov)
• #​3958 OverlappingFieldsCanBeMergedRule: Fix performance degradation (@​AaronMoat)

Docs 📝

4 PRs were merged

• #​3778 Remove outdated instructions on experimental tag (@​robrichard)
• #​3947 Fix edit URL in documentation (@​benjie)
• #​3951 Fix invalid sample code (@​sakesun)
• #​3957 docs: add installation instructions for bun (@​colinhacks)

Polish 💅

31 PRs were merged

• #​3749 polish: add additional test (@​yaacovCR)
• #​3728 incrementalDelivery: refactoring and streamlining (@​yaacovCR)
• #​3752 refactor: introduce completeListItemValue (@​yaacovCR)
• #​3762 Fix formatting in schema for test "resolve Interface type using __typename on source object" (@​spawnia)
• #​3771 lint: enable ESLint's logical-assignment-operators rule (@​IvanGoncharov)
• #​3781 Fix comments in defer/stream validation rules (@​robrichard)
• #​3793 polish: do not repeat isPromise check (@​yaacovCR)
• #​3801 polish: narrow mapSourceToResponse return type (@​yaacovCR)
• #​3806 polish: remove misleading comment (@​yaacovCR)
• #​3816 polish: clarify filtering test semantics (@​yaacovCR)
• #​3821 Fix wording of comment in buildClientSchema (@​Cito)
• #​3856 Use replaceAll instead of RegExp with global flag (@​IvanGoncharov)
• #​3865 Add a

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - "after 8am and before 4pm on tuesday" in timezone Etc/UTC.

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

This PR has been generated by Renovate Bot.

[svc-secops]

⚠️ Artifact update problem

Renovate failed to update an artifact related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: yarn.lock

➤ YN0000: · Yarn 4.9.1
➤ YN0000: ┌ Resolution step
➤ YN0085: │ + graphql@npm:17.0.0-alpha.10
➤ YN0000: └ Completed in 1s 621ms
➤ YN0000: ┌ Post-resolution validation
➤ YN0060: │ @types/react is listed by your project with version 19.2.7 (peddff), which doesn't satisfy what react-focus-lock (via @chakra-ui/react) and other dependencies request (but they have non-overlapping ranges!).
➤ YN0060: │ @yarnpkg/core is listed by your project with version 4.2.0 (p4e948), which doesn't satisfy what @yarnpkg/cli and other dependencies request (^4.4.1).
➤ YN0060: │ graphql is listed by your project with version 17.0.0-alpha.10 (p1eb2e), which doesn't satisfy what @apollo/client and other dependencies request (^16.0.0).
➤ YN0060: │ graphql is listed by your project with version 17.0.0-alpha.10 (p1ecf7), which doesn't satisfy what @apollo/client and other dependencies request (^16.0.0).
➤ YN0060: │ graphql is listed by your project with version 17.0.0-alpha.10 (p2be3d), which doesn't satisfy what @apollo/client and other dependencies request (^16.0.0).
➤ YN0060: │ graphql is listed by your project with version 17.0.0-alpha.10 (p38093), which doesn't satisfy what @apollo/client and other dependencies request (^16.6.0).
➤ YN0060: │ graphql is listed by your project with version 17.0.0-alpha.10 (p4b3c5), which doesn't satisfy what @apollo/client and other dependencies request (^16.6.0).
➤ YN0060: │ graphql is listed by your project with version 17.0.0-alpha.10 (p74662), which doesn't satisfy what @apollo/client and other dependencies request (^16.0.0).
➤ YN0060: │ graphql is listed by your project with version 17.0.0-alpha.10 (p7c14e), which doesn't satisfy what @apollo/client and other dependencies request (^16.0.0).
➤ YN0060: │ graphql is listed by your project with version 17.0.0-alpha.10 (p9d845), which doesn't satisfy what @apollo/client and other dependencies request (^16.0.0).
➤ YN0060: │ graphql is listed by your project with version 17.0.0-alpha.10 (pa1182), which doesn't satisfy what @apollo/client and other dependencies request (^16.0.0).
➤ YN0060: │ graphql is listed by your project with version 17.0.0-alpha.10 (pc1d15), which doesn't satisfy what @apollo/client and other dependencies request (^16.0.0).
➤ YN0060: │ graphql is listed by your project with version 17.0.0-alpha.10 (pc49da), which doesn't satisfy what @apollo/client and other dependencies request (^16.0.0).
➤ YN0060: │ graphql is listed by your project with version 17.0.0-alpha.10 (pd4beb), which doesn't satisfy what @apollo/client and other dependencies request (^16.6.0).
➤ YN0060: │ graphql is listed by your project with version 17.0.0-alpha.10 (pd9955), which doesn't satisfy what @apollo/client and other dependencies request (^16.0.0).
➤ YN0060: │ graphql is listed by your project with version 17.0.0-alpha.10 (pf0659), which doesn't satisfy what @apollo/client and other dependencies request (^16.0.0).
➤ YN0060: │ next is listed by your project with version 16.0.8 (p27d9f), which doesn't satisfy what @as-integrations/next and other dependencies request (^15.2.3).
➤ YN0060: │ next is listed by your project with version 16.0.8 (pc1717), which doesn't satisfy what @as-integrations/next and other dependencies request (^15.2.3).
➤ YN0060: │ react is listed by your project with version 19.2.3 (pd410a), which doesn't satisfy what framer-motion and other dependencies request (but they have non-overlapping ranges!).
➤ YN0060: │ react is listed by your project with version 19.2.3 (pf06e9), which doesn't satisfy what ssr-only-secrets and other dependencies request (but they have non-overlapping ranges!).
➤ YN0060: │ react-dom is listed by your project with version 19.2.3 (p21a4c), which doesn't satisfy what framer-motion and other dependencies request (^18.2.0).
➤ YN0002: │ @apollo/client-integration-tanstack-start@workspace:packages/tanstack-start doesn't provide vite (p58222), requested by @tanstack/react-start.
➤ YN0002: │ @apollo/client-react-streaming@workspace:packages/client-react-streaming [fc55e] doesn't provide webpack (p25bda), requested by react-server-dom-webpack.
➤ YN0002: │ @apollo/client-react-streaming@workspace:packages/client-react-streaming doesn't provide webpack (p5ca41), requested by react-server-dom-webpack.
➤ YN0002: │ @integration-test/jest@workspace:integration-test/jest doesn't provide @testing-library/dom (p47416), requested by @testing-library/react and other dependencies.
➤ YN0002: │ @integration-test/vitest@workspace:integration-test/vitest doesn't provide @testing-library/dom (p1caec), requested by @testing-library/react.
➤ YN0002: │ @integration-test/vitest@workspace:integration-test/vitest doesn't provide vite (pc1d9a), requested by @vitejs/plugin-react.
➤ YN0002: │ @internal/test-utils@workspace:packages/test-utils doesn't provide @jest/globals (pc7d0f), requested by @testing-library/react-render-stream.
➤ YN0002: │ @internal/test-utils@workspace:packages/test-utils doesn't provide expect (p25412), requested by @testing-library/react-render-stream.
➤ YN0002: │ @internal/test-utils@workspace:packages/test-utils doesn't provide jsdom (p35d94), requested by global-jsdom.
➤ YN0002: │ monorepo@workspace:. doesn't provide webpack (p5bc50), requested by @size-limit/webpack-why.
➤ YN0002: │ packages-shared@workspace:packages doesn't provide typescript (p496ab), requested by @typescript-eslint/eslint-plugin and other dependencies.
➤ YN0086: │ Some peer dependencies are incorrectly met by your project; run yarn explain peer-requirements <hash> for details, where <hash> is the six-letter p-prefixed code.
➤ YN0086: │ Some peer dependencies are incorrectly met by dependencies; run yarn explain peer-requirements for details.
➤ YN0000: └ Completed
➤ YN0000: ┌ Fetch step

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
apollo__client-integration-react-router	Error		Mar 2, 2026 4:49pm
apollo__client-integration-tanstack-start	Error		Mar 2, 2026 4:49pm
apollo__experimental-nextjs-app-support	Building	Preview	Mar 2, 2026 4:49pm

[changeset-bot]

⚠️ No Changeset found

Latest commit: fa81c54

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[netlify]

❌ Deploy Preview for apollo-client-nextjs-docmodel failed.

Name	Link
🔨 Latest commit	63308e1
🔍 Latest deploy log	https://app.netlify.com/projects/apollo-client-nextjs-docmodel/deploys/68500daf2bf3200008a93e94

[netlify]

❌ Deploy Preview for apollo-client-nextjs-docmodel failed.

Name	Link
🔨 Latest commit	fa81c54
🔍 Latest deploy log	https://app.netlify.com/projects/apollo-client-nextjs-docmodel/deploys/69a5bf733f4f330008eab1b4

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 43b0a18 and fa81c54.

📒 Files selected for processing (1)

• package.json

📜 Recent review details

🔇 Additional comments (1)

package.json (1)

31-31: The graphql resolution is actually compatible with declared peer dependencies.

Both packages with peerDependencies on graphql (@apollo/client-react-streaming and @apollo/client-integration-tanstack-start) explicitly allow ^16 || >=17.0.0-alpha.2, which includes 17.0.0-alpha.10. The examples and integration tests use ^16.x.x constraints, but these are not the source of peer validation failures for the core library packages.

---

📝 Walkthrough

Walkthrough

Updates the GraphQL dependency version in package.json resolutions from 17.0.0-alpha.2 to 17.0.0-alpha.10, a minor version bump within the alpha release channel.

Changes

Cohort / File(s)	Summary
Dependency Version Update package.json	GraphQL resolution upgraded from 17.0.0-alpha.2 to 17.0.0-alpha.10 in the resolutions section.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately reflects the main change: updating the GraphQL dependency from alpha.2 to alpha.10, matching the package.json update.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch renovate/graphql-17.x

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}