fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
@graphql-tools/apollo-engine-loader (source)	8.0.28 → 8.0.29
@graphql-tools/code-file-loader (source)	8.1.30 → 8.1.31
@graphql-tools/git-loader (source)	8.0.34 → 8.0.35
@graphql-tools/github-loader (source)	9.1.0 → 9.1.1
@graphql-tools/graphql-file-loader (source)	8.1.12 → 8.1.13
@graphql-tools/json-file-loader (source)	8.0.26 → 8.0.27
@graphql-tools/load (source)	8.1.8 → 8.1.9
@graphql-tools/merge (source)	9.1.7 → 9.1.8
@graphql-tools/relay-operation-optimizer (source)	7.1.2 → 7.1.3
@graphql-tools/schema (source)	10.0.31 → 10.0.32
@graphql-tools/url-loader (source)	9.1.0 → 9.1.1
@graphql-tools/utils (source)	11.0.0 → 11.0.1
cypress (source)	15.13.0 → 15.13.1
eslint-plugin-promise	7.1.0 → 7.2.1
fast-xml-parser	5.5.10 → 5.5.11
react (source)	19.2.4 → 19.2.5
react-dom (source)	19.2.4 → 19.2.5
svelte (source)	5.55.1 → 5.55.2
vite (source)	8.0.3 → 8.0.8
vitest (source)	4.1.2 → 4.1.4
wrangler (source)	4.80.0 → 4.81.1

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

ardatan/graphql-tools (@​graphql-tools/apollo-engine-loader)

v8.0.29

Compare Source

Patch Changes

• Updated dependencies
  [ae36a0e]:
  • @​graphql-tools/utils@​11.0.1

ardatan/graphql-tools (@​graphql-tools/code-file-loader)

v8.1.31

Compare Source

Patch Changes

• Updated dependencies
  [ae36a0e]:
  • @​graphql-tools/utils@​11.0.1
  • @​graphql-tools/graphql-tag-pluck@​8.3.30

ardatan/graphql-tools (@​graphql-tools/git-loader)

v8.0.35

Compare Source

Patch Changes

• Updated dependencies
  [ae36a0e]:
  • @​graphql-tools/utils@​11.0.1
  • @​graphql-tools/graphql-tag-pluck@​8.3.30

ardatan/graphql-tools (@​graphql-tools/github-loader)

v9.1.1

Compare Source

Patch Changes

• Updated dependencies
  [ae36a0e]:
  • @​graphql-tools/utils@​11.0.1
  • @​graphql-tools/graphql-tag-pluck@​8.3.30

ardatan/graphql-tools (@​graphql-tools/graphql-file-loader)

v8.1.13

Compare Source

Patch Changes

• Updated dependencies
  [ae36a0e]:
  • @​graphql-tools/utils@​11.0.1
  • @​graphql-tools/import@​7.1.13

ardatan/graphql-tools (@​graphql-tools/json-file-loader)

v8.0.27

Compare Source

Patch Changes

• Updated dependencies
  [ae36a0e]:
  • @​graphql-tools/utils@​11.0.1

ardatan/graphql-tools (@​graphql-tools/load)

v8.1.9

Compare Source

Patch Changes

• Updated dependencies
  [ae36a0e]:
  • @​graphql-tools/utils@​11.0.1
  • @​graphql-tools/schema@​10.0.32

ardatan/graphql-tools (@​graphql-tools/merge)

v9.1.8

Compare Source

Patch Changes

• Updated dependencies
  [ae36a0e]:
  • @​graphql-tools/utils@​11.0.1

ardatan/graphql-tools (@​graphql-tools/relay-operation-optimizer)

v7.1.3

Compare Source

Patch Changes

• Updated dependencies
  [ae36a0e]:
  • @​graphql-tools/utils@​11.0.1

ardatan/graphql-tools (@​graphql-tools/schema)

v10.0.32

Compare Source

Patch Changes

• Updated dependencies
  [ae36a0e]:
  • @​graphql-tools/utils@​11.0.1
  • @​graphql-tools/merge@​9.1.8

ardatan/graphql-tools (@​graphql-tools/url-loader)

v9.1.1

Compare Source

Patch Changes

• Updated dependencies
  [ae36a0e]:
  • @​graphql-tools/utils@​11.0.1
  • @​graphql-tools/executor-legacy-ws@​1.1.27

ardatan/graphql-tools (@​graphql-tools/utils)

v11.0.1

Compare Source

Patch Changes

• ae36a0e
  Thanks @​mattkrick! - Handle enum values correctly if they are
  arguments of directives defined in the extensions

cypress-io/cypress (cypress)

v15.13.1

Compare Source

Changelog: https://docs.cypress.io/app/references/changelog#15-13-1

eslint-community/eslint-plugin-promise (eslint-plugin-promise)

v7.2.1

Compare Source

🩹 Fixes

• no-callback-in-promise: false triggering of callback (#​574) (8324564)

🧹 Chores

• deps-dev: update husky to v9.1.7 (#​573) (24fd90a)
• deps: bump cross-spawn from 7.0.3 to 7.0.6 (#​568) (f33f82e)

v7.2.0

Compare Source

🌟 Features

• no-callback-in-promise: add timeoutsErr option (#​514) (907753f)
• valid-params: add exclude option (#​515) (7ff2cb9)
• always-return: add ignoreAssignmentVariable option (#​518) (701279c)
• catch-or-return: add allowThenStrict option (#​522) (53be970)
• new rule prefer-catch (#​525) (05c8a93)

🩹 Fixes

• permit appropriate computed member expressions and prototype access (#​535) (4de9d43)

🧹 Chores

• deps-dev: bump eslint-plugin-jest from 28.6.0 to 28.8.0 (#​536) (80741f8)
• deps-dev: bump eslint-plugin-n from 17.9.0 to 17.10.2 (#​529) (a646010)
• deps-dev: bump globals from 15.8.0 to 15.9.0 (#​527) (b8afe92)
• deps-dev: bump husky from 9.1.2 to 9.1.4 (#​524) (b8fdb9f)
• deps-dev: bump lint-staged from 15.2.7 to 15.2.8 (#​539) (9e2528f)
• deps-dev: update eslint-plugin-eslint-plugin to v6.3.0 (#​560) (7459bd6)
• deps-dev: update eslint-plugin-eslint-plugin to v6.3.1 (#​561) (434c6fa)
• deps-dev: update eslint-plugin-eslint-plugin to v6.3.2 (#​570) (a849f64)
• deps-dev: update eslint-plugin-jest to v28.9.0 (#​565) (cf213fb)
• deps-dev: update eslint-plugin-n to v17.12.0 (#​563) (d39e2f0)
• deps-dev: update eslint-plugin-n to v17.13.0 (#​566) (b62f234)
• deps-dev: update eslint-plugin-n to v17.13.1 (#​567) (266ddbb)
• deps-dev: update eslint-plugin-n to v17.13.2 (#​569) (390f51f)
• deps-dev: update npm-run-all2 to v6.2.4 (#​558) (2cf1732)
• deps-dev: update npm-run-all2 to v6.2.6 (#​559) (dc32933)
• deps: switch from dependabot to renovate using shared eslint community configuration (#​537) (30efed7)
• deps: update @​eslint-community/eslint-utils to v4.4.1 (#​562) (5c3628d)
• deps: update globals to v15.12.0 (#​564) (c8632d1)
• update @​typescript-eslint/parser to v7.18.0 (#​545) (5744e60)
• update dependency eslint-plugin-n to v17.11.0 (#​556) (bbd048b)
• update dependency eslint-plugin-n to v17.11.1 (#​557) (e545254)
• update dependency globals to v15.11.0 (#​555) (9151db8)
• update dependency typescript to v5.6.3 (#​554) (ab55120)
• update eslint to v8.57.1 (#​551) (38e2757)
• update eslint-plugin-jest to v28.8.3 (#​548) (89f2578)
• update eslint-plugin-n to v17.10.3 (#​552) (2d738fe)
• update globals to v15.10.0 (#​553) (b871314)
• update husky to v9.1.6 (#​547) (1e8d18f)
• update lint-staged to v15.2.10 (#​544) (7d46b3b)
• update npm-run-all2 to v6.2.3 (#​550) (14cd4c0)
• update typescript to ~5.6.0 (#​549) (ebcdd8b)

NaturalIntelligence/fast-xml-parser (fast-xml-parser)

v5.5.11

Compare Source

facebook/react (react)

v19.2.5: 19.2.5 (April 8th, 2026)

Compare Source

React Server Components

• Add more cycle protections (#​36236 by @​eps1lon and @​unstubbable)

sveltejs/svelte (svelte)

v5.55.2

Compare Source

Patch Changes

• fix: invalidate @const tags based on visible references in legacy mode (#​18041)

• fix: handle parens in template expressions more robustly (#​18075)

• fix: disallow -- in idPrefix (#​18038)

• fix: correct types for ontoggle on <details> elements (#​18063)

• fix: don't override $destroy/set/on instance methods in dev mode (#​18034)

• fix: unskip branches of earlier batches after commit (#​18048)

• fix: never set derived.v inside fork (#​18037)

• fix: skip rebase logic in non-async mode (#​18040)

• fix: don't reset status of uninitialized deriveds (#​18054)

vitejs/vite (vite)

v8.0.8

Compare Source

Features

• update rolldown to 1.0.0-rc.15 (#​22201) (6baf587)

Bug Fixes

• avoid dns.getDefaultResultOrder temporary (#​22202) (15f1c15)
• ssr: class property keys hoisting matching imports (#​22199) (e137601)

v8.0.7

Compare Source

Bug Fixes

• use sync dns.getDefaultResultOrder instead of dns.promises (#​22185) (5c05b04)

v8.0.6

Compare Source

Features

• update rolldown to 1.0.0-rc.13 (#​22097) (51d3e48)

Bug Fixes

• css: avoid mutating sass error multiple times (#​22115) (d5081c2)
• optimize-deps: hoist CJS interop assignment (#​22156) (17a8f9e)

Performance Improvements

• early return in getLocalhostAddressIfDiffersFromDNS when DNS order is verbatim (#​22151) (56ec256)

Miscellaneous Chores

• create-vite: remove unnecessary DOM.Iterable (#​22168) (bdc53ab)
• replace remaining prettier script (#​22179) (af71fb2)

v8.0.5

Compare Source

Bug Fixes

• apply server.fs check to env transport (#​22159) (f02d9fd)
• avoid path traversal with optimize deps sourcemap handler (#​22161) (79f002f)
• check server.fs after stripping query as well (#​22160) (a9a3df2)
• disallow referencing files outside the package from sourcemap (#​22158) (f05f501)

v8.0.4

Compare Source

Features

• allow esbuild 0.28 as peer deps (#​22155) (b0da973)
• hmr: truncate list of files on hmr update (#​21535) (d00e806)
• optimizer: log when dependency scanning or bundling takes over 1s (#​21797) (f61a1ab)

Bug Fixes

• hasBothRollupOptionsAndRolldownOptions should return false for proxy case (#​22043) (99897d2)
• add types for vite/modulepreload-polyfill (#​22126) (17330d2)
• deps: update all non-major dependencies (#​22073) (6daa10f)
• deps: update all non-major dependencies (#​22143) (22b0166)
• resolve: resolve tsconfig paths starting with # (#​22038) (3460fc5)
• ssr: use browser platform for webworker SSR builds (fix #​21969) (#​21963) (364c227)

Documentation

• add environment.fetchModule documentation (#​22035) (54229e7)

Miscellaneous Chores

• deps: update rolldown-related dependencies (#​21989) (0ded627)

Code Refactoring

• upgrade to typescript 6 (#​22110) (cc41398)

vitest-dev/vitest (vitest)

v4.1.4

Compare Source

   🚀 Features

• coverage:
  • Default to text reporter skipFull if agent detected  -  by @​hi-ogawa in #​10018 (53757)
• experimental:
  • Expose assertion as a public field  -  by @​sheremet-va in #​10095 (a120e)
  • Support aria snapshot  -  by @​hi-ogawa, Claude Opus 4.6 (1M context), @​AriPerkkio, Codex and @​sheremet-va in #​9668 (d4fbb)
• reporter:
  • Add filterMeta option to json reporter  -  by @​nami8824 and @​sheremet-va in #​10078 (b77de)

   🐞 Bug Fixes

• Use "black" foreground for labeled terminal message to ensure contrast  -  by @​hi-ogawa in #​10076 (203f0)
• Make expect(..., message) consistent as error message prefix  -  by @​hi-ogawa and Codex in #​10068 (a1b5f)
• Do not hoist imports whose names match class properties .  -  by @​SunsetFi in #​10093 and #​10094 (0fc4b)
• browser: Spread user server options into browser Vite server in project  -  by @​GoldStrikeArch in #​10049 (65c9d)

    View changes on GitHub

v4.1.3

Compare Source

   🚀 Experimental Features

• Add experimental.preParse flag  -  by @​sheremet-va in #​10070 (78273)
• Support browser.locators.exact option  -  by @​sheremet-va in #​10013 (48799)
• Add TestAttachment.bodyEncoding  -  by @​hi-ogawa in #​9969 (89ca0)
• Support custom snapshot matcher  -  by @​hi-ogawa, Claude Sonnet 4.6 and Codex in #​9973 (59b0e)

   🐞 Bug Fixes

• Advance fake timers with expect.poll interval  -  by @​hi-ogawa and Claude Sonnet 4.6 in #​10022 (3f5bf)
• Add @vitest/coverage-v8 and @vitest/coverage-istanbul as optional dependency  -  by @​alan-agius4 in #​10025 (146d4)
• Fix defineHelper for webkit async stack trace + update playwright 1.59.0  -  by @​hi-ogawa in #​10036 (5a5fa)
• Fix suite hook throwing errors for unused auto test-scoped fixture  -  by @​hi-ogawa and Claude Sonnet 4.6 in #​10035 (39865)
• expect:
  • Remove JestExtendError.context from verbose error reporting  -  by @​hi-ogawa in #​9983 (66751)
  • Don't leak "runner" types  -  by @​sheremet-va in #​10004 (ec204)
• snapshot:
  • Fix flagging obsolete snapshots for snapshot properties mismatch  -  by @​hi-ogawa and Claude Sonnet 4.6 in #​9986 (6b869)
  • Export custom snapshot matcher helper from vitest  -  by @​hi-ogawa and Codex in #​10042 (691d3)
• ui:
  • Don't leak vite types  -  by @​sheremet-va in #​10005 (fdff1)
• vm:
  • Fix external module resolve error with deps optimizer query  -  by @​hi-ogawa and Claude Sonnet 4.6 in #​10024 (9dbf4)

    View changes on GitHub

cloudflare/workers-sdk (wrangler)

v4.81.1

Compare Source

Patch Changes

• #​13337 c510494 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260405.1	1.20260408.1

• #​13362 8b71eca Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260408.1	1.20260409.1

• #​13329 7ca6f6e Thanks @​G4brym! - fix: Treat AI Search bindings as always-remote in local dev

  AI Search namespace (ai_search_namespaces) and instance (ai_search) bindings are always-remote (they have no local simulation), but pickRemoteBindings() did not include them in its always-remote type list. This caused the remote proxy session to exclude these bindings when remote: true was not explicitly set in the config, resulting in broken AI Search bindings during wrangler dev.

  Additionally, removeRemoteConfigFieldFromBindings() in the deploy config-diff logic was not stripping the remote field from AI Search bindings, which could cause false config diffs during deployment.

• Updated dependencies [42c7ef0, c510494, 8b71eca, a42e0e8]:

  • miniflare@​4.20260409.0

v4.81.0

Compare Source

Minor Changes

• #​12932 96ee5d4 Thanks @​thomasgauvin! - feat: add wrangler email routing and wrangler email sending commands

  Email Routing commands:

  • wrangler email routing list - list zones with email routing status
  • wrangler email routing settings <domain> - get email routing settings for a zone
  • wrangler email routing enable/disable <domain> - enable or disable email routing
  • wrangler email routing dns get/unlock <domain> - manage DNS records
  • wrangler email routing rules list/get/create/update/delete <domain> - manage routing rules (use catch-all as the rule ID for the catch-all rule)
  • wrangler email routing addresses list/get/create/delete - manage destination addresses

  Email Sending commands:

  • wrangler email sending list - list zones with email sending
  • wrangler email sending settings <domain> - get email sending settings for a zone
  • wrangler email sending enable <domain> - enable email sending for a zone or subdomain
  • wrangler email sending disable <domain> - disable email sending for a zone or subdomain
  • wrangler email sending dns get <domain> - get DNS records for a sending domain
  • wrangler email sending send - send an email using the builder API
  • wrangler email sending send-raw - send a raw MIME email message

  Also adds email_routing:write and email_sending:write OAuth scopes to wrangler login.

Patch Changes

• #​13241 7d318e1 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260401.1	1.20260402.1

• #​13305 fa6d84f Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260402.1	1.20260405.1

• #​13193 78cbe37 Thanks @​dario-piotrowicz! - During autoconfig filter out Hono when there are 2 detected frameworks

  During the auto-configuration process Hono is now treated as an auxiliary framework (like Vite) and automatically filtered out when two frameworks are detected (before Hono was being filtered out only when the other framework was Waku).

• #​13205 6fa5dfd Thanks @​petebacondarwin! - fix: use formatConfigSnippet for compatibility_date warning in wrangler dev

  The compatibility_date warning shown when no date is configured in wrangler dev was hardcoded in TOML format. This now uses formatConfigSnippet to render the snippet in the correct format (TOML or JSON) based on the user's config file type.

• Updated dependencies [a3e3b57, 7d318e1, fa6d84f, 7d318e1, 7a60d4b]:

  • miniflare@​4.20260405.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 3070475

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[github-actions]

💻 Website Preview

The latest changes are available as preview in: https://pr-10702.graphql-code-generator.pages.dev

[github-actions]

🚀 Snapshot Release (alpha)

The latest changes of this PR are available as alpha on npm (based on the declared changesets):

Package	Version	Info
@graphql-codegen/cli	6.2.2-alpha-20260409165337-307047565f39cf69c0223b10f6205e3f6848af82	npm ↗︎ unpkg ↗︎
@graphql-codegen/core	5.0.2-alpha-20260409165337-307047565f39cf69c0223b10f6205e3f6848af82	npm ↗︎ unpkg ↗︎
@graphql-codegen/add	6.0.1-alpha-20260409165337-307047565f39cf69c0223b10f6205e3f6848af82	npm ↗︎ unpkg ↗︎
@graphql-codegen/fragment-matcher	6.0.1-alpha-20260409165337-307047565f39cf69c0223b10f6205e3f6848af82	npm ↗︎ unpkg ↗︎
@graphql-codegen/introspection	5.0.2-alpha-20260409165337-307047565f39cf69c0223b10f6205e3f6848af82	npm ↗︎ unpkg ↗︎
@graphql-codegen/schema-ast	5.0.2-alpha-20260409165337-307047565f39cf69c0223b10f6205e3f6848af82	npm ↗︎ unpkg ↗︎
@graphql-codegen/visitor-plugin-common	6.2.5-alpha-20260409165337-307047565f39cf69c0223b10f6205e3f6848af82	npm ↗︎ unpkg ↗︎
@graphql-codegen/typescript-document-nodes	5.0.10-alpha-20260409165337-307047565f39cf69c0223b10f6205e3f6848af82	npm ↗︎ unpkg ↗︎
@graphql-codegen/gql-tag-operations	5.1.5-alpha-20260409165337-307047565f39cf69c0223b10f6205e3f6848af82	npm ↗︎ unpkg ↗︎
@graphql-codegen/typescript-operations	5.0.10-alpha-20260409165337-307047565f39cf69c0223b10f6205e3f6848af82	npm ↗︎ unpkg ↗︎
@graphql-codegen/typescript-resolvers	5.1.8-alpha-20260409165337-307047565f39cf69c0223b10f6205e3f6848af82	npm ↗︎ unpkg ↗︎
@graphql-codegen/typed-document-node	6.1.8-alpha-20260409165337-307047565f39cf69c0223b10f6205e3f6848af82	npm ↗︎ unpkg ↗︎
@graphql-codegen/typescript	5.0.10-alpha-20260409165337-307047565f39cf69c0223b10f6205e3f6848af82	npm ↗︎ unpkg ↗︎
@graphql-codegen/client-preset	5.2.5-alpha-20260409165337-307047565f39cf69c0223b10f6205e3f6848af82	npm ↗︎ unpkg ↗︎
@graphql-codegen/graphql-modules-preset	5.1.5-alpha-20260409165337-307047565f39cf69c0223b10f6205e3f6848af82	npm ↗︎ unpkg ↗︎
@graphql-codegen/testing	4.0.5-alpha-20260409165337-307047565f39cf69c0223b10f6205e3f6848af82	npm ↗︎ unpkg ↗︎
@graphql-codegen/plugin-helpers	6.2.2-alpha-20260409165337-307047565f39cf69c0223b10f6205e3f6848af82	npm ↗︎ unpkg ↗︎