Bump the all-minor-patch group across 1 directory with 6 updates

[dependabot]

Bumps the all-minor-patch group with 6 updates in the / directory:

Package	From	To
@types/node	24.7.2	24.8.0
pkgroll	2.18.1	2.19.0
@rollup/plugin-commonjs	28.0.6	28.0.8
@aws-sdk/client-sts	3.908.0	3.911.0
esbuild	0.25.5	0.25.11
wrangler	4.42.2	4.43.0

Updates @types/node from 24.7.2 to 24.8.0

Commits

• See full diff in compare view

Updates pkgroll from 2.18.1 to 2.19.0

Release notes

Sourced from pkgroll's releases.

v2.19.0

2.19.0 (2025-10-15)

Features

• support pnpm's package.yaml (#132) (72f39d8)

Commits

• 72f39d8 feat: support pnpm's package.yaml (#132)
• See full diff in compare view

Updates @rollup/plugin-commonjs from 28.0.6 to 28.0.8

Changelog

Sourced from @​rollup/plugin-commonjs's changelog.

v28.0.8

2025-10-16

Bugfixes

• fix: guard moduleSideEffects for wrapped externals (#1914)

v28.0.7

2025-10-14

Bugfixes

• fix: avoid hoisting dynamically required node: builtins under strictRequires (#1909)

Commits

• 232dcf8 chore(release): commonjs v28.0.8
• 5a6175b fix(commonjs): guard moduleSideEffects for wrapped externals (#1914)
• 1935e9e chore(release): commonjs v28.0.7
• e80d4b2 fix(commonjs): avoid hoisting dynamically required node: builtins under stric...
• 0862902 chore(repo): update commonjs comment to clarify top-level this rewrite (#1888)
• See full diff in compare view

Updates @aws-sdk/client-sts from 3.908.0 to 3.911.0

Release notes

Sourced from @​aws-sdk/client-sts's releases.

v3.911.0

3.911.0(2025-10-15)

Chores

• core/protocols: use static schema (#7425) (eb2bf70d)

New Features

• clients: update client endpoints as of 2025-10-15 (8544d3a1)
• client-docdb: Add support for NetworkType field in CreateDbCluster, ModifyDbCluster, RestoreDbClusterFromSnapshot and RestoreDbClusterToPointInTime for DocumentDB. (63f5c257)
• client-bedrock: Amazon Bedrock Automated Reasoning Policy now offers enhanced AWS KMS integration. The CreateAutomatedReasoningPolicy API includes a new kmsKeyId field, allowing customers to specify their preferred KMS key for encryption, improving control and compliance with AWS encryption mandates. (cf20670c)
• client-lightsail: Add support for manage Lightsail Bucket CORS configuration (719ff902)
• client-ec2: Introducing EC2 Capacity Manager for monitoring and analyzing capacity usage across On-Demand Instances, Spot Instances, and Capacity Reservations. (4d78ec9b)
• client-elastic-load-balancing-v2: This release expands Listener Rule Conditions to support RegexValues and adds support for a new Transforms field in Listener Rules. (4e96bda6)
• client-timestream-influxdb: This release adds support for creating and managing InfluxDB 3 Core and Enterprise DbClusters. (cd8530e8)
• client-guardduty: Added default pagination value for ListMalwareProtectionPlans API and updated UpdateFindingsFeedback API (0251678c)

Bug Fixes

• xml-builder: move DOMParser init from module level to function call (#7426) (68252cba)

Tests

• client-s3: update test timeout (#7429) (4487485d)

---

For list of updated packages, view updated-packages.md in assets-3.911.0.zip

v3.910.0

3.910.0(2025-10-14)

Chores

• codegen: sync for node-http timeout fixes, deprecated documentation (#7422) (c8809d46)

Documentation Changes

• update docs about socketTimeout (#7421) (edb5dae8)

New Features

• client-ec2: This release adds support for creating instant, point-in-time copies of EBS volumes within the same Availability Zone (35be968f)
• client-connect: SDK release for TaskTemplateInfo in Contact for DescribeContact response. (a34b5ea7)
• client-transcribe: Move UntagResource API body member to query parameter (eefe2472)
• client-backup: The AWS Backup job attribute extension enhancement helps customers better understand the plan that initiated each job, and the properties of the resource each job creates. (69c1ccd9)
• client-datazone: Support creating scoped and trustedIdentityPropagation enabled connections. (acbdd2f7)
• client-transfer: SFTP connectors now support routing connections via customers' VPC. This enables connections to remote servers that are only accessible in a customer's VPC environment, and to servers that are accessible over the internet but need connections coming from an IP address in a customer VPC's CIDR range. (2951a5b6)

... (truncated)

Changelog

Sourced from @​aws-sdk/client-sts's changelog.

3.911.0 (2025-10-15)

Note: Version bump only for package @​aws-sdk/client-sts

3.910.0 (2025-10-14)

Note: Version bump only for package @​aws-sdk/client-sts

Commits

• 7cf6665 Publish v3.911.0
• e8539ae Publish v3.910.0
• c8809d4 chore(codegen): sync for node-http timeout fixes, deprecated documentation (#...
• See full diff in compare view

Updates esbuild from 0.25.5 to 0.25.11

Release notes

Sourced from esbuild's releases.

v0.25.11

• Add support for with { type: 'bytes' } imports (#4292)

  The import bytes proposal has reached stage 2.7 in the TC39 process, which means that although it isn't quite recommended for implementation, it's generally approved and ready for validation. Furthermore it has already been implemented by Deno and Webpack. So with this release, esbuild will also add support for this. It behaves exactly the same as esbuild's existing binary loader. Here's an example:

  import data from './image.png' with { type: 'bytes' }
  const view = new DataView(data.buffer, 0, 24)
  const width = view.getInt32(16)
  const height = view.getInt32(20)
  console.log('size:', width + '\xD7' + height)

• Lower CSS media query range syntax (#3748, #4293)

  With this release, esbuild will now transform CSS media query range syntax into equivalent syntax using min-/max- prefixes for older browsers. For example, the following CSS:

  @media (640px <= width <= 960px) {
    main {
      display: flex;
    }
  }

  will be transformed like this with a target such as --target=chrome100 (or more specifically with --supported:media-range=false if desired):

  @media (min-width: 640px) and (max-width: 960px) {
    main {
      display: flex;
    }
  }

v0.25.10

• Fix a panic in a minification edge case (#4287)

  This release fixes a panic due to a null pointer that could happen when esbuild inlines a doubly-nested identity function and the final result is empty. It was fixed by emitting the value undefined in this case, which avoids the panic. This case must be rare since it hasn't come up until now. Here is an example of code that previously triggered the panic (which only happened when minifying):

  function identity(x) { return x }
  identity({ y: identity(123) })

• Fix @supports nested inside pseudo-element (#4265)

  When transforming nested CSS to non-nested CSS, esbuild is supposed to filter out pseudo-elements such as ::placeholder for correctness. The CSS nesting specification says the following:

  The nesting selector cannot represent pseudo-elements (identical to the behavior of the ':is()' pseudo-class). We’d like to relax this restriction, but need to do so simultaneously for both ':is()' and '&', since they’re intentionally built on the same underlying mechanisms.

... (truncated)

Changelog

Sourced from esbuild's changelog.

0.25.11

• Add support for with { type: 'bytes' } imports (#4292)

  The import bytes proposal has reached stage 2.7 in the TC39 process, which means that although it isn't quite recommended for implementation, it's generally approved and ready for validation. Furthermore it has already been implemented by Deno and Webpack. So with this release, esbuild will also add support for this. It behaves exactly the same as esbuild's existing binary loader. Here's an example:

  import data from './image.png' with { type: 'bytes' }
  const view = new DataView(data.buffer, 0, 24)
  const width = view.getInt32(16)
  const height = view.getInt32(20)
  console.log('size:', width + '\xD7' + height)

• Lower CSS media query range syntax (#3748, #4293)

  With this release, esbuild will now transform CSS media query range syntax into equivalent syntax using min-/max- prefixes for older browsers. For example, the following CSS:

  @media (640px <= width <= 960px) {
    main {
      display: flex;
    }
  }

  will be transformed like this with a target such as --target=chrome100 (or more specifically with --supported:media-range=false if desired):

  @media (min-width: 640px) and (max-width: 960px) {
    main {
      display: flex;
    }
  }

0.25.10

• Fix a panic in a minification edge case (#4287)

  This release fixes a panic due to a null pointer that could happen when esbuild inlines a doubly-nested identity function and the final result is empty. It was fixed by emitting the value undefined in this case, which avoids the panic. This case must be rare since it hasn't come up until now. Here is an example of code that previously triggered the panic (which only happened when minifying):

  function identity(x) { return x }
  identity({ y: identity(123) })

• Fix @supports nested inside pseudo-element (#4265)

  When transforming nested CSS to non-nested CSS, esbuild is supposed to filter out pseudo-elements such as ::placeholder for correctness. The CSS nesting specification says the following:

... (truncated)

Commits

• 6b7c4f2 publish 0.25.11 to npm
• 7295c1a css: also parse media queries in @import rules
• e3991dd css: some adjustments to @import parsing
• 8bb82ca fix #3748, fix #4293: lower css media range syntax
• d8c3f87 css: parse and print media queries
• 6e75bc7 run make update-compat-table
• 8f506d5 fix #4292: support with { type: bytes }
• d6b668f publish 0.25.10 to npm
• 5088c19 refactor: use strings.Builder (#4290)
• 755da31 run make update-compat-table
• Additional commits viewable in compare view

Updates wrangler from 4.42.2 to 4.43.0

Release notes

Sourced from wrangler's releases.

[email protected]

Minor Changes

• #10911 940b44d Thanks @​devin-ai-integration! - feat: wrangler init --from-dash now generates wrangler.jsonc config files instead of wrangler.toml files

Patch Changes

• #10938 e52d0ec Thanks @​penalosa! - Acquire Cloudflare Access tokens for additional requests made during a wrangler dev --remote session

• #10923 2429533 Thanks @​emily-shen! - fix: update docker manifest inspect to use full image registry uri when checking if the image exists remotely

• #10521 88b5b7f Thanks @​penalosa! - Improves the Wrangler auto-provisioning feature (gated behind the experimental flag --x-provision) by:

  • Writing back changes to the user's config file (not necessary, but can make it resilient to binding name changes)
  • Fixing --dry-run, which previously threw an error when your config file had auto provisioned resources
  • Improve R2 bindings display to include the bucket_name from the config file on upload
  • Fixing bindings view for specific versions to not display TOML

Changelog

Sourced from wrangler's changelog.

4.43.0

Minor Changes

• #10911 940b44d Thanks @​devin-ai-integration! - feat: wrangler init --from-dash now generates wrangler.jsonc config files instead of wrangler.toml files

Patch Changes

• #10938 e52d0ec Thanks @​penalosa! - Acquire Cloudflare Access tokens for additional requests made during a wrangler dev --remote session

• #10923 2429533 Thanks @​emily-shen! - fix: update docker manifest inspect to use full image registry uri when checking if the image exists remotely

• #10521 88b5b7f Thanks @​penalosa! - Improves the Wrangler auto-provisioning feature (gated behind the experimental flag --x-provision) by:

  • Writing back changes to the user's config file (not necessary, but can make it resilient to binding name changes)
  • Fixing --dry-run, which previously threw an error when your config file had auto provisioned resources
  • Improve R2 bindings display to include the bucket_name from the config file on upload
  • Fixing bindings view for specific versions to not display TOML

Commits

• 61fb838 Version Packages (#10960)
• 2429533 Fix manifest inspect failing due to wrong image ref (#10923)
• 88b5b7f Improve resource provisioning (#10521)
• e52d0ec Fix remote dev with Access (#10938)
• 9011a8d test(wrangler): Speed up unenv e2e tests (#10956)
• 940b44d [wrangler] feat: generate wrangler.jsonc in init --from-dash instead of wrang...
• a5f7904 test: skip the Wrangler e2e containers with do test (#10957)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for wrangler since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[theguild-bot]

🚀 Snapshot Release (alpha)

The latest changes of this PR are available as alpha on npm (based on the declared changesets):

Package	Version	Info
@graphql-tools/batch-delegate	10.0.2-alpha-45d04b068ce34652f451b1842fc57f0c138b0916	npm ↗︎ unpkg ↗︎
@graphql-tools/delegate	11.0.2-alpha-45d04b068ce34652f451b1842fc57f0c138b0916	npm ↗︎ unpkg ↗︎
@graphql-tools/federation	4.0.6-alpha-45d04b068ce34652f451b1842fc57f0c138b0916	npm ↗︎ unpkg ↗︎
@graphql-mesh/fusion-runtime	1.2.6-alpha-45d04b068ce34652f451b1842fc57f0c138b0916	npm ↗︎ unpkg ↗︎
@graphql-hive/gateway	2.1.11-alpha-45d04b068ce34652f451b1842fc57f0c138b0916	npm ↗︎ unpkg ↗︎
@graphql-hive/nestjs	2.0.16-alpha-45d04b068ce34652f451b1842fc57f0c138b0916	npm ↗︎ unpkg ↗︎
@graphql-hive/plugin-aws-sigv4	2.0.11-alpha-45d04b068ce34652f451b1842fc57f0c138b0916	npm ↗︎ unpkg ↗︎
@graphql-hive/plugin-opentelemetry	1.0.13-alpha-45d04b068ce34652f451b1842fc57f0c138b0916	npm ↗︎ unpkg ↗︎
@graphql-mesh/plugin-prometheus	2.0.14-alpha-45d04b068ce34652f451b1842fc57f0c138b0916	npm ↗︎ unpkg ↗︎
@graphql-hive/gateway-runtime	2.1.10-alpha-45d04b068ce34652f451b1842fc57f0c138b0916	npm ↗︎ unpkg ↗︎
@graphql-tools/stitch	10.0.3-alpha-45d04b068ce34652f451b1842fc57f0c138b0916	npm ↗︎ unpkg ↗︎
@graphql-tools/stitching-directives	4.0.2-alpha-45d04b068ce34652f451b1842fc57f0c138b0916	npm ↗︎ unpkg ↗︎
@graphql-tools/wrap	11.0.2-alpha-45d04b068ce34652f451b1842fc57f0c138b0916	npm ↗︎ unpkg ↗︎

[theguild-bot]

🚀 Snapshot Release (Binary for Linux-ARM64)

The latest changes of this PR are available for download (based on the declared changesets).

[theguild-bot]

🚀 Snapshot Release (Binary for Linux-X64)

The latest changes of this PR are available for download (based on the declared changesets).

[theguild-bot]

🚀 Snapshot Release (Binary for macOS-ARM64)

The latest changes of this PR are available for download (based on the declared changesets).

[theguild-bot]

🚀 Snapshot Release (Binary for macOS-X64)

The latest changes of this PR are available for download (based on the declared changesets).

[theguild-bot]

🚀 Snapshot Release (Bun Docker Image)

The latest changes of this PR are available as image on GitHub Container Registry (based on the declared changesets):

ghcr.io/graphql-hive/gateway:2.1.11-alpha-45d04b068ce34652f451b1842fc57f0c138b0916-bun

[theguild-bot]

🚀 Snapshot Release (Node Docker Image)

The latest changes of this PR are available as image on GitHub Container Registry (based on the declared changesets):

ghcr.io/graphql-hive/gateway:2.1.11-alpha-45d04b068ce34652f451b1842fc57f0c138b0916

[theguild-bot]

🚀 Snapshot Release (Binary for Windows-X64)

The latest changes of this PR are available for download (based on the declared changesets).