Skip to content

chore(deps): bump the patch-updates group across 1 directory with 4 updates#13532

Merged
czubocha merged 1 commit into
mainfrom
dependabot/npm_and_yarn/patch-updates-e92bbe51ef
Apr 30, 2026
Merged

chore(deps): bump the patch-updates group across 1 directory with 4 updates#13532
czubocha merged 1 commit into
mainfrom
dependabot/npm_and_yarn/patch-updates-e92bbe51ef

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 30, 2026

Bumps the patch-updates group with 4 updates in the / directory: @graphql-tools/merge, adm-zip, eventsource-parser and filesize.

Updates @graphql-tools/merge from 9.1.7 to 9.1.9

Changelog

Sourced from @​graphql-tools/merge's changelog.

9.1.9

Patch Changes

  • Updated dependencies [a4b7dce]:
    • @​graphql-tools/utils@​11.1.0

9.1.8

Patch Changes

  • Updated dependencies [ae36a0e]:
    • @​graphql-tools/utils@​11.0.1
Commits
  • 4aa9156 chore(release): update monorepo packages versions (#8145)
  • c097bc9 build(deps): bump the actions-deps group across 1 directory with 9 updates (#...
  • 14066f9 chore(release): update monorepo packages versions (#8118)
  • a831489 build(deps): bump the actions-deps group with 7 updates (#8105)
  • c9a8d1a Fix CI
  • fe413ee Revert unnecessary changes
  • a9b06bc Fix tests
  • a91a765 build(deps): bump the actions-deps group with 8 updates (#8056)
  • 3929728 build(deps): bump the actions-deps group across 1 directory with 2 updates (#...
  • d0e76cd build(deps): bump the actions-deps group across 1 directory with 3 updates (#...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​graphql-tools/merge since your current version.


Updates adm-zip from 0.5.16 to 0.5.17

Release notes

Sourced from adm-zip's releases.

v0.5.17

What's Changed

New Contributors

Full Changelog: cthackers/adm-zip@v0.5.16...v0.5.17

Commits
  • 094d08c Incremented package version
  • 23c5e1d Added readUInt64LE test
  • 2818b03 Downgraded rimraf version to maintain node compatibility
  • 7c77752 Fixed readUInt64LE
  • 220f817 Updated vulnerable dependencies
  • c8c20fd Merge pull request #559 from kwolfy/master
  • 840bfdf Merge pull request #557 from DennisHill/DennisHill-patch-1
  • fdf64a4 fix issue with absolute paths
  • 6f0af5b Create only if the directory does not exist
  • 1cd32f7 Merge pull request #543 from issacgerges/master
  • Additional commits viewable in compare view

Updates eventsource-parser from 3.0.6 to 3.0.8

Release notes

Sourced from eventsource-parser's releases.

v3.0.8

3.0.8 (2026-04-19)

Performance Improvements

  • avoid O(N²) when a single SSE event spans many chunks (#28) (4c41223)

This release is also available on:

v3.0.7

3.0.7 (2026-04-17)

Bug Fixes

  • downgrade browserslist node.js declaration to node 18 (50d3c2e)

Performance Improvements

  • ~3.75x faster parse via inline fast-paths and single-pass line processing (2383efe)

This release is also available on:

Changelog

Sourced from eventsource-parser's changelog.

3.0.8 (2026-04-19)

Performance Improvements

  • avoid O(N²) when a single SSE event spans many chunks (#28) (4c41223)

3.0.7 (2026-04-17)

Bug Fixes

  • downgrade browserslist node.js declaration to node 18 (50d3c2e)

Performance Improvements

  • ~3.75x faster parse via inline fast-paths and single-pass line processing (2383efe)
Commits
  • 577bf98 chore(release): 3.0.8 [skip ci]
  • 72cd758 refactor: readability (clarify BOM stripping)
  • 9422e42 chore: update lockfiles
  • 4c41223 perf: avoid O(N²) when a single SSE event spans many chunks (#28)
  • 3ea73f7 chore(release): 3.0.7 [skip ci]
  • 7d62667 ci: use oidc (trusted publishing)
  • f6ced59 refactor: improve readability of parser
  • 2383efe perf: ~3.75x faster parse via inline fast-paths and single-pass line processing
  • 1f5b93b chore: bun/deno lockfiles
  • c838ad0 chore: drop node 18 tests
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for eventsource-parser since your current version.


Updates filesize from 11.0.15 to 11.0.17

Changelog

Sourced from filesize's changelog.

11.0.17

11.0.16

19 April 2026

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the patch-updates group across 1 directory with 4 u…
e14c162 
…pdates

Bumps the patch-updates group with 4 updates in the / directory: [@graphql-tools/merge](https://github.com/ardatan/graphql-tools/tree/HEAD/packages/merge), [adm-zip](https://github.com/cthackers/adm-zip), [eventsource-parser](https://github.com/rexxars/eventsource-parser) and [filesize](https://github.com/avoidwork/filesize.js).


Updates `@graphql-tools/merge` from 9.1.7 to 9.1.9
- [Release notes](https://github.com/ardatan/graphql-tools/releases)
- [Changelog](https://github.com/ardatan/graphql-tools/blob/master/packages/merge/CHANGELOG.md)
- [Commits](https://github.com/ardatan/graphql-tools/commits/@graphql-tools/merge@9.1.9/packages/merge)

Updates `adm-zip` from 0.5.16 to 0.5.17
- [Release notes](https://github.com/cthackers/adm-zip/releases)
- [Changelog](https://github.com/cthackers/adm-zip/blob/master/history.md)
- [Commits](cthackers/adm-zip@v0.5.16...v0.5.17)

Updates `eventsource-parser` from 3.0.6 to 3.0.8
- [Release notes](https://github.com/rexxars/eventsource-parser/releases)
- [Changelog](https://github.com/rexxars/eventsource-parser/blob/main/CHANGELOG.md)
- [Commits](rexxars/eventsource-parser@v3.0.6...v3.0.8)

Updates `filesize` from 11.0.15 to 11.0.17
- [Changelog](https://github.com/avoidwork/filesize.js/blob/master/CHANGELOG.md)
- [Commits](https://github.com/avoidwork/filesize.js/commits)

---
updated-dependencies:
- dependency-name: "@graphql-tools/merge"
  dependency-version: 9.1.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: adm-zip
  dependency-version: 0.5.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: eventsource-parser
  dependency-version: 3.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
- dependency-name: filesize
  dependency-version: 11.0.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: patch-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Apr 30, 2026
@Mmarzex
Copy link
Copy Markdown
Contributor

Mmarzex commented Apr 30, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@czubocha czubocha merged commit 0c813f1 into main Apr 30, 2026
8 checks passed
@czubocha czubocha deleted the dependabot/npm_and_yarn/patch-updates-e92bbe51ef branch April 30, 2026 13:06
@github-actions github-actions Bot locked and limited conversation to collaborators Apr 30, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@czubocha czubocha czubocha approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Mmarzex @czubocha