Bump the all-minor-patch group across 1 directory with 5 updates #1613

dependabot · 2025-10-15T13:34:24Z

Bumps the all-minor-patch group with 5 updates in the / directory:

Package	From	To
pkgroll	`2.18.1`	`2.19.0`
@rollup/plugin-commonjs	`28.0.6`	`28.0.7`
@aws-sdk/client-sts	`3.908.0`	`3.910.0`
esbuild	`0.25.5`	`0.25.11`
wrangler	`4.42.2`	`4.43.0`

Updates pkgroll from 2.18.1 to 2.19.0

Release notes

Sourced from pkgroll's releases.

v2.19.0

2.19.0 (2025-10-15)

Features

support pnpm's package.yaml (#132) (72f39d8)

Commits

72f39d8 feat: support pnpm's package.yaml (#132)
See full diff in compare view

Updates @rollup/plugin-commonjs from 28.0.6 to 28.0.7

Changelog

Sourced from @rollup/plugin-commonjs's changelog.

v28.0.7

2025-10-14

Bugfixes

fix: avoid hoisting dynamically required node: builtins under strictRequires (#1909)

Commits

1935e9e chore(release): commonjs v28.0.7
e80d4b2 fix(commonjs): avoid hoisting dynamically required node: builtins under stric...
0862902 chore(repo): update commonjs comment to clarify top-level this rewrite (#1888)
See full diff in compare view

Updates @aws-sdk/client-sts from 3.908.0 to 3.910.0

Release notes

Sourced from @aws-sdk/client-sts's releases.

v3.910.0

3.910.0(2025-10-14)

Chores

codegen: sync for node-http timeout fixes, deprecated documentation (#7422) (c8809d46)

Documentation Changes

update docs about socketTimeout (#7421) (edb5dae8)

New Features

client-ec2: This release adds support for creating instant, point-in-time copies of EBS volumes within the same Availability Zone (35be968f)

client-connect: SDK release for TaskTemplateInfo in Contact for DescribeContact response. (a34b5ea7)

client-transcribe: Move UntagResource API body member to query parameter (eefe2472)

client-backup: The AWS Backup job attribute extension enhancement helps customers better understand the plan that initiated each job, and the properties of the resource each job creates. (69c1ccd9)

client-datazone: Support creating scoped and trustedIdentityPropagation enabled connections. (acbdd2f7)

client-transfer: SFTP connectors now support routing connections via customers' VPC. This enables connections to remote servers that are only accessible in a customer's VPC environment, and to servers that are accessible over the internet but need connections coming from an IP address in a customer VPC's CIDR range. (2951a5b6)

client-appstream: This release introduces support for Microsoft license included applications streaming. (d7579fed)

For list of updated packages, view updated-packages.md in assets-3.910.0.zip

v3.909.0

3.909.0(2025-10-13)

New Features

client-bedrock-agentcore: Updated InvokeAgentRuntime API to accept account id optionally and added CompleteResourceTokenAuth API. (d21a5464)

client-ec2: Release Amazon EC2 c8i, c8i-flex, m8a, and r8gb (d1cdea81)

client-observabilityadmin: CloudWatch Observability Admin adds the ability to enable Resource tags for telemetry in a customer account. The release introduces new APIs to enable, disable and describe the status of Resource tags for telemetry feature. This new capability simplifies monitoring AWS resources using tags. (f74cc089)

client-bedrock-agentcore-control: Updated http status code in control plane apis of agentcore runtime, tools and identity. Additional included provider types for AgentCore Identity (ef2d3c36)

For list of updated packages, view updated-packages.md in assets-3.909.0.zip

Changelog

Sourced from @aws-sdk/client-sts's changelog.

3.910.0 (2025-10-14)

Note: Version bump only for package @aws-sdk/client-sts

Commits

e8539ae Publish v3.910.0
c8809d4 chore(codegen): sync for node-http timeout fixes, deprecated documentation (#...
See full diff in compare view

Updates esbuild from 0.25.5 to 0.25.11

Release notes

Sourced from esbuild's releases.

v0.25.11
Add support for with { type: 'bytes' } imports (#4292)

The import bytes proposal has reached stage 2.7 in the TC39 process, which means that although it isn't quite recommended for implementation, it's generally approved and ready for validation. Furthermore it has already been implemented by Deno and Webpack. So with this release, esbuild will also add support for this. It behaves exactly the same as esbuild's existing binary loader. Here's an example:
import data from './image.png' with { type: 'bytes' }
const view = new DataView(data.buffer, 0, 24)
const width = view.getInt32(16)
const height = view.getInt32(20)
console.log('size:', width + '\xD7' + height)
Lower CSS media query range syntax (#3748, #4293)

With this release, esbuild will now transform CSS media query range syntax into equivalent syntax using min-/max- prefixes for older browsers. For example, the following CSS:
@media (640px <= width <= 960px) {
  main {
    display: flex;
  }
}
will be transformed like this with a target such as --target=chrome100 (or more specifically with --supported:media-range=false if desired):
@media (min-width: 640px) and (max-width: 960px) {
  main {
    display: flex;
  }
}
v0.25.10
Fix a panic in a minification edge case (#4287)

This release fixes a panic due to a null pointer that could happen when esbuild inlines a doubly-nested identity function and the final result is empty. It was fixed by emitting the value undefined in this case, which avoids the panic. This case must be rare since it hasn't come up until now. Here is an example of code that previously triggered the panic (which only happened when minifying):
function identity(x) { return x }
identity({ y: identity(123) })
Fix @supports nested inside pseudo-element (#4265)

When transforming nested CSS to non-nested CSS, esbuild is supposed to filter out pseudo-elements such as ::placeholder for correctness. The CSS nesting specification says the following:

The nesting selector cannot represent pseudo-elements (identical to the behavior of the ':is()' pseudo-class). We’d like to relax this restriction, but need to do so simultaneously for both ':is()' and '&', since they’re intentionally built on the same underlying mechanisms.

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.25.11
Add support for with { type: 'bytes' } imports (#4292)

The import bytes proposal has reached stage 2.7 in the TC39 process, which means that although it isn't quite recommended for implementation, it's generally approved and ready for validation. Furthermore it has already been implemented by Deno and Webpack. So with this release, esbuild will also add support for this. It behaves exactly the same as esbuild's existing binary loader. Here's an example:
import data from './image.png' with { type: 'bytes' }
const view = new DataView(data.buffer, 0, 24)
const width = view.getInt32(16)
const height = view.getInt32(20)
console.log('size:', width + '\xD7' + height)
Lower CSS media query range syntax (#3748, #4293)

With this release, esbuild will now transform CSS media query range syntax into equivalent syntax using min-/max- prefixes for older browsers. For example, the following CSS:
@media (640px <= width <= 960px) {
  main {
    display: flex;
  }
}
will be transformed like this with a target such as --target=chrome100 (or more specifically with --supported:media-range=false if desired):
@media (min-width: 640px) and (max-width: 960px) {
  main {
    display: flex;
  }
}
0.25.10
Fix a panic in a minification edge case (#4287)

This release fixes a panic due to a null pointer that could happen when esbuild inlines a doubly-nested identity function and the final result is empty. It was fixed by emitting the value undefined in this case, which avoids the panic. This case must be rare since it hasn't come up until now. Here is an example of code that previously triggered the panic (which only happened when minifying):
function identity(x) { return x }
identity({ y: identity(123) })
Fix @supports nested inside pseudo-element (#4265)

When transforming nested CSS to non-nested CSS, esbuild is supposed to filter out pseudo-elements such as ::placeholder for correctness. The CSS nesting specification says the following:

... (truncated)

Commits

6b7c4f2 publish 0.25.11 to npm
7295c1a css: also parse media queries in @import rules
e3991dd css: some adjustments to @import parsing
8bb82ca fix #3748, fix #4293: lower css media range syntax
d8c3f87 css: parse and print media queries
6e75bc7 run make update-compat-table
8f506d5 fix #4292: support with { type: bytes }
d6b668f publish 0.25.10 to npm
5088c19 refactor: use strings.Builder (#4290)
755da31 run make update-compat-table
Additional commits viewable in compare view

Updates wrangler from 4.42.2 to 4.43.0

Release notes

Sourced from wrangler's releases.

[email protected]

Minor Changes

#10911 940b44d Thanks @devin-ai-integration! - feat: wrangler init --from-dash now generates wrangler.jsonc config files instead of wrangler.toml files

Patch Changes

#10938 e52d0ec Thanks @penalosa! - Acquire Cloudflare Access tokens for additional requests made during a wrangler dev --remote session

#10923 2429533 Thanks @emily-shen! - fix: update docker manifest inspect to use full image registry uri when checking if the image exists remotely

#10521 88b5b7f Thanks @penalosa! - Improves the Wrangler auto-provisioning feature (gated behind the experimental flag --x-provision) by:

Writing back changes to the user's config file (not necessary, but can make it resilient to binding name changes)

Fixing --dry-run, which previously threw an error when your config file had auto provisioned resources

Improve R2 bindings display to include the bucket_name from the config file on upload

Fixing bindings view for specific versions to not display TOML

Changelog

Sourced from wrangler's changelog.

4.43.0

Minor Changes

#10911 940b44d Thanks @devin-ai-integration! - feat: wrangler init --from-dash now generates wrangler.jsonc config files instead of wrangler.toml files

Patch Changes

#10938 e52d0ec Thanks @penalosa! - Acquire Cloudflare Access tokens for additional requests made during a wrangler dev --remote session

#10923 2429533 Thanks @emily-shen! - fix: update docker manifest inspect to use full image registry uri when checking if the image exists remotely

#10521 88b5b7f Thanks @penalosa! - Improves the Wrangler auto-provisioning feature (gated behind the experimental flag --x-provision) by:

Writing back changes to the user's config file (not necessary, but can make it resilient to binding name changes)

Fixing --dry-run, which previously threw an error when your config file had auto provisioned resources

Improve R2 bindings display to include the bucket_name from the config file on upload

Fixing bindings view for specific versions to not display TOML

Commits

61fb838 Version Packages (#10960)
2429533 Fix manifest inspect failing due to wrong image ref (#10923)
88b5b7f Improve resource provisioning (#10521)
e52d0ec Fix remote dev with Access (#10938)
9011a8d test(wrangler): Speed up unenv e2e tests (#10956)
940b44d [wrangler] feat: generate wrangler.jsonc in init --from-dash instead of wrang...
a5f7904 test: skip the Wrangler e2e containers with do test (#10957)
See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for wrangler since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all-minor-patch group with 5 updates in the / directory: | Package | From | To | | --- | --- | --- | | [pkgroll](https://github.com/privatenumber/pkgroll) | `2.18.1` | `2.19.0` | | [@rollup/plugin-commonjs](https://github.com/rollup/plugins/tree/HEAD/packages/commonjs) | `28.0.6` | `28.0.7` | | [@aws-sdk/client-sts](https://github.com/aws/aws-sdk-js-v3/tree/HEAD/clients/client-sts) | `3.908.0` | `3.910.0` | | [esbuild](https://github.com/evanw/esbuild) | `0.25.5` | `0.25.11` | | [wrangler](https://github.com/cloudflare/workers-sdk/tree/HEAD/packages/wrangler) | `4.42.2` | `4.43.0` | Updates `pkgroll` from 2.18.1 to 2.19.0 - [Release notes](https://github.com/privatenumber/pkgroll/releases) - [Commits](privatenumber/pkgroll@v2.18.1...v2.19.0) Updates `@rollup/plugin-commonjs` from 28.0.6 to 28.0.7 - [Changelog](https://github.com/rollup/plugins/blob/master/packages/commonjs/CHANGELOG.md) - [Commits](https://github.com/rollup/plugins/commits/commonjs-v28.0.7/packages/commonjs) Updates `@aws-sdk/client-sts` from 3.908.0 to 3.910.0 - [Release notes](https://github.com/aws/aws-sdk-js-v3/releases) - [Changelog](https://github.com/aws/aws-sdk-js-v3/blob/main/clients/client-sts/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-js-v3/commits/v3.910.0/clients/client-sts) Updates `esbuild` from 0.25.5 to 0.25.11 - [Release notes](https://github.com/evanw/esbuild/releases) - [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md) - [Commits](evanw/esbuild@v0.25.5...v0.25.11) Updates `wrangler` from 4.42.2 to 4.43.0 - [Release notes](https://github.com/cloudflare/workers-sdk/releases) - [Changelog](https://github.com/cloudflare/workers-sdk/blob/main/packages/wrangler/CHANGELOG.md) - [Commits](https://github.com/cloudflare/workers-sdk/commits/[email protected]/packages/wrangler) --- updated-dependencies: - dependency-name: pkgroll dependency-version: 2.19.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-minor-patch - dependency-name: "@rollup/plugin-commonjs" dependency-version: 28.0.7 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-minor-patch - dependency-name: "@aws-sdk/client-sts" dependency-version: 3.910.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: all-minor-patch - dependency-name: esbuild dependency-version: 0.25.11 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: all-minor-patch - dependency-name: wrangler dependency-version: 4.43.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: all-minor-patch ... Signed-off-by: dependabot[bot] <[email protected]>

theguild-bot · 2025-10-15T13:38:05Z

🚀 Snapshot Release (`alpha`)

The latest changes of this PR are available as alpha on npm (based on the declared changesets):

Package	Version	Info
`@graphql-tools/batch-delegate`	`10.0.2-alpha-f985f81a9e26b55f3823ebe89e316c88cce9db64`	npm ↗︎ unpkg ↗︎
`@graphql-tools/delegate`	`11.0.2-alpha-f985f81a9e26b55f3823ebe89e316c88cce9db64`	npm ↗︎ unpkg ↗︎
`@graphql-tools/federation`	`4.0.6-alpha-f985f81a9e26b55f3823ebe89e316c88cce9db64`	npm ↗︎ unpkg ↗︎
`@graphql-mesh/fusion-runtime`	`1.2.6-alpha-f985f81a9e26b55f3823ebe89e316c88cce9db64`	npm ↗︎ unpkg ↗︎
`@graphql-hive/gateway`	`2.1.11-alpha-f985f81a9e26b55f3823ebe89e316c88cce9db64`	npm ↗︎ unpkg ↗︎
`@graphql-hive/nestjs`	`2.0.16-alpha-f985f81a9e26b55f3823ebe89e316c88cce9db64`	npm ↗︎ unpkg ↗︎
`@graphql-hive/plugin-aws-sigv4`	`2.0.11-alpha-f985f81a9e26b55f3823ebe89e316c88cce9db64`	npm ↗︎ unpkg ↗︎
`@graphql-hive/plugin-opentelemetry`	`1.0.13-alpha-f985f81a9e26b55f3823ebe89e316c88cce9db64`	npm ↗︎ unpkg ↗︎
`@graphql-mesh/plugin-prometheus`	`2.0.14-alpha-f985f81a9e26b55f3823ebe89e316c88cce9db64`	npm ↗︎ unpkg ↗︎
`@graphql-hive/gateway-runtime`	`2.1.10-alpha-f985f81a9e26b55f3823ebe89e316c88cce9db64`	npm ↗︎ unpkg ↗︎
`@graphql-tools/stitch`	`10.0.3-alpha-f985f81a9e26b55f3823ebe89e316c88cce9db64`	npm ↗︎ unpkg ↗︎
`@graphql-tools/stitching-directives`	`4.0.2-alpha-f985f81a9e26b55f3823ebe89e316c88cce9db64`	npm ↗︎ unpkg ↗︎
`@graphql-tools/wrap`	`11.0.2-alpha-f985f81a9e26b55f3823ebe89e316c88cce9db64`	npm ↗︎ unpkg ↗︎

dependabot · 2025-10-16T13:36:39Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies javascript Pull requests that update javascript code labels Oct 15, 2025

chore(dependencies): updated changesets for modified dependencies

f985f81

dependabot bot closed this Oct 16, 2025

dependabot bot deleted the dependabot/npm_and_yarn/all-minor-patch-1eb2fd8d82 branch October 16, 2025 13:36

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the all-minor-patch group across 1 directory with 5 updates #1613

Bump the all-minor-patch group across 1 directory with 5 updates #1613

Uh oh!

dependabot bot commented on behalf of github Oct 15, 2025 •

edited

Loading

Uh oh!

theguild-bot commented Oct 15, 2025

Uh oh!

dependabot bot commented on behalf of github Oct 16, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump the all-minor-patch group across 1 directory with 5 updates #1613

Bump the all-minor-patch group across 1 directory with 5 updates #1613

Uh oh!

Conversation

dependabot bot commented on behalf of github Oct 15, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

v2.19.0

2.19.0 (2025-10-15)

Features

v28.0.7

Bugfixes

v3.910.0

3.910.0(2025-10-14)

Chores

Documentation Changes

New Features

v3.909.0

3.909.0(2025-10-13)

New Features

3.910.0 (2025-10-14)

v0.25.11

v0.25.10

0.25.11

0.25.10

[email protected]

Minor Changes

Patch Changes

4.43.0

Minor Changes

Patch Changes

Uh oh!

theguild-bot commented Oct 15, 2025

🚀 Snapshot Release (alpha)

Uh oh!

dependabot bot commented on behalf of github Oct 16, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot bot commented on behalf of github Oct 15, 2025 •

edited

Loading

🚀 Snapshot Release (`alpha`)