Bump dependencies to fix peer dependency issues

[ardatan]

Related ardatan/whatwg-node#2077

[coderabbitai]

Warning

Rate limit exceeded

@ardatan has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 11 minutes and 3 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between c83714e and 6320ab2.

📒 Files selected for processing (1)

• e2e/polling/services/Graph.ts (2 hunks)

📝 Walkthrough

Summary by CodeRabbit

• Chores
  • Upgraded a comprehensive set of dependencies to their latest versions for improved compatibility, performance, and reliability.
  • Transitioned core GraphQL server components to a modern framework, enhancing efficiency and maintainability.
  • Removed deprecated middleware to streamline the solution and reduce overhead.

Walkthrough

This pull request is focused on updating dependency versions across multiple packages and examples. The changes include patch updates for various GraphQL-related packages such as those from GraphQL Hive, GraphQL Mesh, GraphQL Tools, and GraphQL Yoga. In addition, updates have been made in several end-to-end and internal test packages to ensure consistency. One notable change is the migration in the polling service from using express-graphql to graphql-yoga, with corresponding adjustments to schema creation.

Changes

Files	Change Summary
.changeset/@graphql-hive_gateway-696-dependencies.md .changeset/@graphql-hive_gateway-runtime-696-dependencies.md .changeset/@graphql-hive_logger-winston-696-dependencies.md .changeset/@graphql-mesh_* .changeset/@graphql-tools_*	Updated dependency versions for GraphQL Hive, GraphQL Mesh, and GraphQL Tools packages (e.g. upgrades to @envelop/core, graphql-yoga, @graphql-mesh/*, graphql-ws, and @whatwg-node/*).
e2e/*/package.json e2e/polling/services/Graph.ts	For end-to-end test projects, updated dependency versions (notably bumping graphql-yoga, @whatwg-node/fetch, etc.) and migrated the polling service from express-graphql to graphql-yoga (switching from graphqlHTTP/buildSchema to createYoga/createSchema).
examples/*/package.json	Updated dependency versions for example projects, including bumps for graphql-yoga, @whatwg-node/fetch, @graphql-mesh/cross-helpers, and @envelop/core.
internal/*/package.json	Updated internal testing dependencies, primarily the version of @whatwg-node/fetch.
package.json (root)	Removed the graphql-middleware dependency from the devDependencies.
packages/*/package.json	Across various packages (delegate, executors, federation, fusion-runtime, gateway, logger-winston, plugins, runtime, transports), dependency versions have been updated. These updates include version bumps for critical packages (@envelop/core, graphql-yoga, @graphql-mesh/*, @whatwg-node/*, among others) and addition of new dev dependencies (e.g. @types/lodash).

Sequence Diagram(s)

Below is a high-level sequence diagram illustrating the updated request flow in the polling service as a result of the migration from express-graphql to graphql-yoga:

sequenceDiagram
  participant Client
  participant ExpressServer
  participant YogaServer
  Client->>ExpressServer: Send GraphQL request
  ExpressServer->>YogaServer: Forward via createYoga handler
  YogaServer-->>ExpressServer: Processed response from GraphQL schema
  ExpressServer-->>Client: Return GraphQL response

Loading

Possibly related PRs

• Update Examples #657: Updates dependencies for the @graphql-hive/gateway package, directly relating to the dependency version changes made here.
• Upcoming Release Changes console#6492: Addresses similar dependency upgrades in both the gateway and gateway-runtime packages.
• Update Examples #604: Contains comparable updates in example packages, aligning with the modifications in this PR.

Suggested reviewers

• enisdenjo
• dotansimha

Poem

I'm a rabbit who loves to code and play,
Hopping through updates every day.
Dependencies rise, new versions bloom,
My little paws dance in the dev room.
In the world of GraphQL, I cheer with delight,
A hoppy update that makes everything right!
🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[theguild-bot]

🚀 Snapshot Release (alpha)

The latest changes of this PR are available as alpha on npm (based on the declared changesets):

Package	Version	Info
@graphql-tools/executor-common	0.0.3-alpha-6320ab2b4f44b7f1eeab71d7bc1abf3031611f73	npm ↗︎ unpkg ↗︎
@graphql-tools/executor-graphql-ws	2.0.3-alpha-6320ab2b4f44b7f1eeab71d7bc1abf3031611f73	npm ↗︎ unpkg ↗︎
@graphql-tools/executor-http	1.2.8-alpha-6320ab2b4f44b7f1eeab71d7bc1abf3031611f73	npm ↗︎ unpkg ↗︎
@graphql-tools/federation	3.1.4-alpha-6320ab2b4f44b7f1eeab71d7bc1abf3031611f73	npm ↗︎ unpkg ↗︎
@graphql-mesh/fusion-runtime	0.11.2-alpha-6320ab2b4f44b7f1eeab71d7bc1abf3031611f73	npm ↗︎ unpkg ↗︎
@graphql-hive/gateway	1.10.4-alpha-6320ab2b4f44b7f1eeab71d7bc1abf3031611f73	npm ↗︎ unpkg ↗︎
@graphql-hive/logger-winston	1.0.1-alpha-6320ab2b4f44b7f1eeab71d7bc1abf3031611f73	npm ↗︎ unpkg ↗︎
@graphql-mesh/hmac-upstream-signature	1.2.21-alpha-6320ab2b4f44b7f1eeab71d7bc1abf3031611f73	npm ↗︎ unpkg ↗︎
@graphql-mesh/plugin-opentelemetry	1.3.44-alpha-6320ab2b4f44b7f1eeab71d7bc1abf3031611f73	npm ↗︎ unpkg ↗︎
@graphql-mesh/plugin-prometheus	1.3.32-alpha-6320ab2b4f44b7f1eeab71d7bc1abf3031611f73	npm ↗︎ unpkg ↗︎
@graphql-hive/gateway-runtime	1.4.17-alpha-6320ab2b4f44b7f1eeab71d7bc1abf3031611f73	npm ↗︎ unpkg ↗︎
@graphql-mesh/transport-common	0.7.30-alpha-6320ab2b4f44b7f1eeab71d7bc1abf3031611f73	npm ↗︎ unpkg ↗︎
@graphql-mesh/transport-http	0.6.34-alpha-6320ab2b4f44b7f1eeab71d7bc1abf3031611f73	npm ↗︎ unpkg ↗︎
@graphql-mesh/transport-http-callback	0.5.21-alpha-6320ab2b4f44b7f1eeab71d7bc1abf3031611f73	npm ↗︎ unpkg ↗︎
@graphql-mesh/transport-ws	1.0.4-alpha-6320ab2b4f44b7f1eeab71d7bc1abf3031611f73	npm ↗︎ unpkg ↗︎

[theguild-bot]

🚀 Snapshot Release (Binary for Linux-X64)

The latest changes of this PR are available for download (based on the declared changesets).

[theguild-bot]

🚀 Snapshot Release (Binary for macOS-ARM64)

The latest changes of this PR are available for download (based on the declared changesets).

[theguild-bot]

🚀 Snapshot Release (Bun Docker Image)

The latest changes of this PR are available as image on GitHub Container Registry (based on the declared changesets):

ghcr.io/graphql-hive/gateway:1.10.4-alpha-6320ab2b4f44b7f1eeab71d7bc1abf3031611f73-bun

[theguild-bot]

🚀 Snapshot Release (Node Docker Image)

The latest changes of this PR are available as image on GitHub Container Registry (based on the declared changesets):

ghcr.io/graphql-hive/gateway:1.10.4-alpha-6320ab2b4f44b7f1eeab71d7bc1abf3031611f73

[theguild-bot]

🚀 Snapshot Release (Binary for Linux-ARM64)

The latest changes of this PR are available for download (based on the declared changesets).

[theguild-bot]

🚀 Snapshot Release (Binary for macOS-X64)

The latest changes of this PR are available for download (based on the declared changesets).

[theguild-bot]

🚀 Snapshot Release (Binary for Windows-X64)

The latest changes of this PR are available for download (based on the declared changesets).

[coderabbitai]

Actionable comments posted: 2

🔭 Outside diff range comments (11)

internal/testing/package.json (1)

1-22: 🧹 Nitpick (assertive)

Missing Linear Issue Reference
The PR description does not include any reference to a "GW-*" Linear issue. Please add a relevant Linear issue identifier to the PR for traceability purposes.

packages/transports/common/package.json (1)

1-60: 🧹 Nitpick (assertive)

Ensure Changeset Documentation & Issue Reference.
Since this package is part of the packages/transports directory, please ensure a corresponding changeset file has been created (using yarn changeset) that documents these dependency bumps. Also, verify that the PR description references a relevant Linear issue (e.g., a "GW-XXXX" identifier) as per the guidelines.

packages/transports/http/package.json (1)

1-61: 🧹 Nitpick (assertive)

Verify Changeset & Issue Link.
For changes within a package directory, ensure that a changeset file is provided and that the PR description includes a reference to a relevant Linear issue (e.g., "GW-XXXX").

packages/transports/ws/package.json (1)

1-63: 🧹 Nitpick (assertive)

Ensure Changeset Inclusion & Linear Issue Reference.
As part of the maintained packages, please verify that a corresponding changeset file is present and that the PR description includes a reference to a Linear issue (e.g., "GW-XXXX") to track these dependency updates.

packages/plugins/hmac-upstream-signature/package.json (1)

1-62: 🧹 Nitpick (assertive)

Confirm Changeset & Issue Link.
Please ensure that a changeset file documenting these updates is included and that the PR description references a relevant Linear issue (e.g., "GW-XXXX") in accordance with the guidelines.

packages/transports/http-callback/package.json (1)

1-62: 🧹 Nitpick (assertive)

Ensure Changeset Documentation & Issue Reference.
As with the other packages, make sure that a changeset file is provided to document these dependency changes and that the PR description includes a reference to a relevant Linear issue (e.g., "GW-XXXX").

packages/plugins/prometheus/package.json (1)

1-64: 🧹 Nitpick (assertive)

Reminder: Changeset and Linear Issue Reference
Please ensure that a corresponding changeset file has been created (using yarn changeset) that documents these dependency updates. Also, verify that the PR description includes a reference to a Linear issue (e.g., with a "GW-" identifier) as required by our internal guidelines.

packages/executors/http/package.json (1)

1-62: 🧹 Nitpick (assertive)

Reminder: Changeset and Linear Issue Check
Please confirm that a changeset file documenting these dependency bumps is included, and check that the PR description contains a reference to a Linear issue (e.g., an identifier like "GW-").

packages/federation/package.json (1)

1-66: 🧹 Nitpick (assertive)

Reminder: Verify Changeset and Linear Issue Reference
Ensure that a corresponding changeset file is included to document these changes, and confirm that the PR description references a Linear issue (e.g., "GW-*") as per our guidelines.

packages/fusion-runtime/package.json (1)

1-71: 🧹 Nitpick (assertive)

Reminder: Ensure Changeset and Linear Issue Linkage
Please verify that a proper changeset file (using yarn changeset) is included for these updates and that the PR description contains a reference to a Linear issue (e.g., "GW-...") to meet our documentation requirements.

packages/plugins/opentelemetry/package.json (1)

1-71: 🧹 Nitpick (assertive)

Reminder: Documentation and Issue Tracking
Confirm that a changeset file has been created to document these updates, and ensure the PR description includes a reference to a Linear issue (e.g., "GW-...") as required by our guidelines.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2e3ce14 and c83714e.

⛔ Files ignored due to path filters (17)

• examples/extra-fields/example.tar.gz is excluded by !**/*.gz
• examples/extra-fields/package-lock.json is excluded by !**/package-lock.json
• examples/federation-subscriptions-passthrough/example.tar.gz is excluded by !**/*.gz
• examples/federation-subscriptions-passthrough/package-lock.json is excluded by !**/package-lock.json
• examples/hmac-auth-https/example.tar.gz is excluded by !**/*.gz
• examples/hmac-auth-https/package-lock.json is excluded by !**/package-lock.json
• examples/interface-additional-resolvers/example.tar.gz is excluded by !**/*.gz
• examples/interface-additional-resolvers/package-lock.json is excluded by !**/package-lock.json
• examples/json-schema-subscriptions/example.tar.gz is excluded by !**/*.gz
• examples/json-schema-subscriptions/package-lock.json is excluded by !**/package-lock.json
• examples/operation-field-permissions/example.tar.gz is excluded by !**/*.gz
• examples/operation-field-permissions/package-lock.json is excluded by !**/package-lock.json
• examples/subscriptions-with-transforms/example.tar.gz is excluded by !**/*.gz
• examples/subscriptions-with-transforms/package-lock.json is excluded by !**/package-lock.json
• examples/type-merging-batching/example.tar.gz is excluded by !**/*.gz
• examples/type-merging-batching/package-lock.json is excluded by !**/package-lock.json
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (53)

• .changeset/@graphql-hive_gateway-696-dependencies.md (1 hunks)
• .changeset/@graphql-hive_gateway-runtime-696-dependencies.md (1 hunks)
• .changeset/@graphql-hive_logger-winston-696-dependencies.md (1 hunks)
• .changeset/@graphql-mesh_fusion-runtime-696-dependencies.md (1 hunks)
• .changeset/@graphql-mesh_hmac-upstream-signature-696-dependencies.md (1 hunks)
• .changeset/@graphql-mesh_plugin-opentelemetry-696-dependencies.md (1 hunks)
• .changeset/@graphql-mesh_plugin-prometheus-696-dependencies.md (1 hunks)
• .changeset/@graphql-mesh_transport-common-696-dependencies.md (1 hunks)
• .changeset/@graphql-mesh_transport-http-696-dependencies.md (1 hunks)
• .changeset/@graphql-mesh_transport-http-callback-696-dependencies.md (1 hunks)
• .changeset/@graphql-mesh_transport-ws-696-dependencies.md (1 hunks)
• .changeset/@graphql-tools_executor-common-696-dependencies.md (1 hunks)
• .changeset/@graphql-tools_executor-http-696-dependencies.md (1 hunks)
• .changeset/@graphql-tools_federation-696-dependencies.md (1 hunks)
• e2e/auto-type-merging/package.json (1 hunks)
• e2e/extra-fields/package.json (1 hunks)
• e2e/federation-subscriptions-passthrough/package.json (1 hunks)
• e2e/hmac-auth-https/package.json (1 hunks)
• e2e/interface-additional-resolvers/package.json (1 hunks)
• e2e/json-schema-subscriptions/package.json (1 hunks)
• e2e/opentelemetry/package.json (1 hunks)
• e2e/operation-field-permissions/package.json (1 hunks)
• e2e/polling/package.json (1 hunks)
• e2e/polling/services/Graph.ts (2 hunks)
• e2e/retry-timeout/package.json (1 hunks)
• e2e/subscriptions-with-transforms/package.json (1 hunks)
• e2e/type-merging-batching/package.json (1 hunks)
• examples/extra-fields/package.json (1 hunks)
• examples/federation-subscriptions-passthrough/package.json (1 hunks)
• examples/hmac-auth-https/package.json (1 hunks)
• examples/interface-additional-resolvers/package.json (1 hunks)
• examples/json-schema-subscriptions/package.json (1 hunks)
• examples/operation-field-permissions/package.json (1 hunks)
• examples/subscriptions-with-transforms/package.json (1 hunks)
• examples/type-merging-batching/package.json (1 hunks)
• internal/e2e/package.json (1 hunks)
• internal/testing/package.json (1 hunks)
• package.json (0 hunks)
• packages/delegate/package.json (1 hunks)
• packages/executors/common/package.json (1 hunks)
• packages/executors/http/package.json (2 hunks)
• packages/federation/package.json (1 hunks)
• packages/fusion-runtime/package.json (2 hunks)
• packages/gateway/package.json (2 hunks)
• packages/logger-winston/package.json (1 hunks)
• packages/plugins/hmac-upstream-signature/package.json (2 hunks)
• packages/plugins/opentelemetry/package.json (2 hunks)
• packages/plugins/prometheus/package.json (2 hunks)
• packages/runtime/package.json (2 hunks)
• packages/transports/common/package.json (1 hunks)
• packages/transports/http-callback/package.json (1 hunks)
• packages/transports/http/package.json (1 hunks)
• packages/transports/ws/package.json (1 hunks)

💤 Files with no reviewable changes (1)

• package.json

🧰 Additional context used

📓 Path-based instructions (7)

`e2e/**`: This directory includes end-to-end tests for the g...

e2e/**: This directory includes end-to-end tests for the gateway.
The examples directory is generated based on the code in this directory.

• e2e/federation-subscriptions-passthrough/package.json
• e2e/operation-field-permissions/package.json
• e2e/subscriptions-with-transforms/package.json
• e2e/extra-fields/package.json
• e2e/json-schema-subscriptions/package.json
• e2e/type-merging-batching/package.json
• e2e/auto-type-merging/package.json
• e2e/retry-timeout/package.json
• e2e/opentelemetry/package.json
• e2e/interface-additional-resolvers/package.json
• e2e/hmac-auth-https/package.json
• e2e/polling/package.json
• e2e/polling/services/Graph.ts

`**`: For all PRs, we would like to verify that a Linear iss...

**: For all PRs, we would like to verify that a Linear issue is linked. Check if there's a mention for "GW-*" in the PR description, and the us know when it's missing.

In most cases, when a PR adds a new functionality, we would like to make sure it has documentation in the corresponding console project.
Use the global knowledge feature to search for PRs in graphql-hive/console repository that adds documentation. Suggest to create a follow up issue to add the missing documentation.

• e2e/federation-subscriptions-passthrough/package.json
• e2e/operation-field-permissions/package.json
• examples/operation-field-permissions/package.json
• e2e/subscriptions-with-transforms/package.json
• e2e/extra-fields/package.json
• e2e/json-schema-subscriptions/package.json
• examples/federation-subscriptions-passthrough/package.json
• e2e/type-merging-batching/package.json
• e2e/auto-type-merging/package.json
• examples/json-schema-subscriptions/package.json
• e2e/retry-timeout/package.json
• examples/extra-fields/package.json
• packages/logger-winston/package.json
• internal/e2e/package.json
• examples/hmac-auth-https/package.json
• e2e/opentelemetry/package.json
• examples/type-merging-batching/package.json
• e2e/interface-additional-resolvers/package.json
• packages/delegate/package.json
• examples/subscriptions-with-transforms/package.json
• internal/testing/package.json
• e2e/hmac-auth-https/package.json
• examples/interface-additional-resolvers/package.json
• e2e/polling/package.json
• packages/federation/package.json
• packages/executors/common/package.json
• packages/executors/http/package.json
• packages/plugins/hmac-upstream-signature/package.json
• packages/transports/ws/package.json
• packages/transports/http/package.json
• e2e/polling/services/Graph.ts
• packages/plugins/prometheus/package.json
• packages/transports/common/package.json
• packages/fusion-runtime/package.json
• packages/plugins/opentelemetry/package.json
• packages/transports/http-callback/package.json
• packages/gateway/package.json
• packages/runtime/package.json

`examples/**`: In this directory we keep all the examples. E...

examples/**: In this directory we keep all the examples. Examples are generated using a scheduled CI pipeline.
When changes are made to Gateway config, we expect to see some changes in the examples directory.

• examples/operation-field-permissions/package.json
• examples/federation-subscriptions-passthrough/package.json
• examples/json-schema-subscriptions/package.json
• examples/extra-fields/package.json
• examples/hmac-auth-https/package.json
• examples/type-merging-batching/package.json
• examples/subscriptions-with-transforms/package.json
• examples/interface-additional-resolvers/package.json

`packages/**`: In this directory we keep all packages releva...

packages/**: In this directory we keep all packages relevant to the gateway.

In most cases, when changes are made to the source code / dependencies in these directories, we also require to have a corresponding changeset file, created using yarn changeset with a full description on the changes with an example.
Also, when new features are added the packages, the changeset file should mention minor semver change. When a bug is fixed, patch needs to be used. The major bump is used for a PR that has breaking changes.

• packages/logger-winston/package.json
• packages/delegate/package.json
• packages/federation/package.json
• packages/executors/common/package.json
• packages/executors/http/package.json
• packages/plugins/hmac-upstream-signature/package.json
• packages/transports/ws/package.json
• packages/transports/http/package.json
• packages/plugins/prometheus/package.json
• packages/transports/common/package.json
• packages/fusion-runtime/package.json
• packages/plugins/opentelemetry/package.json
• packages/transports/http-callback/package.json
• packages/gateway/package.json
• packages/runtime/package.json

`packages/plugins/**`: The directories inside this dir are g...

packages/plugins/**: The directories inside this dir are gateway plugins. Plugins adds functionality to the GraphQL gateway, at the runtime level. Plugins included are authorization, authentication, caching, persisted documents and more.

• packages/plugins/hmac-upstream-signature/package.json
• packages/plugins/prometheus/package.json
• packages/plugins/opentelemetry/package.json

`packages/transports/**`: The transports configures how to d...

packages/transports/**: The transports configures how to deal with requests that are made from the GraphQL gateway to the GraphQL subgraphs. Transports manipulates the calls, headers, protocols and others.

• packages/transports/ws/package.json
• packages/transports/http/package.json
• packages/transports/common/package.json
• packages/transports/http-callback/package.json

`packages/gateway/**`: The main runtime for the Hive gateway...

packages/gateway/**: The main runtime for the Hive gateway.
This package is CLI that runs the gateway and configures the internals of the gateway function.

• packages/gateway/package.json

⏰ Context from checks skipped due to timeout of 90000ms (20)

• GitHub Check: Binary built on ubuntu-24.04-arm
• GitHub Check: Binary built on windows-latest
• GitHub Check: Binary built on macos-14
• GitHub Check: Binary built on macos-13
• GitHub Check: Bun Docker image
• GitHub Check: Node Docker image
• GitHub Check: Binary built on ubuntu-latest
• GitHub Check: E2E / Bun Docker on Ubuntu
• GitHub Check: E2E / Bun on Ubuntu
• GitHub Check: E2E / Node Binary on Windows
• GitHub Check: E2E / Node Binary on Ubuntu
• GitHub Check: E2E / Node Docker on Ubuntu
• GitHub Check: E2E / Node 23 on Ubuntu
• GitHub Check: Leaks / Node v23
• GitHub Check: E2E / Node 22 on Ubuntu
• GitHub Check: Leaks / Node v22
• GitHub Check: E2E / Node 20 on Ubuntu
• GitHub Check: Leaks / Node v20
• GitHub Check: E2E / Node 18 on Ubuntu
• GitHub Check: Leaks / Node v18

🔇 Additional comments (77)

internal/testing/package.json (1)

16-16: Dependency Version Update
The version of @whatwg-node/fetch has been bumped from ^0.10.1 to ^0.10.4, in line with similar changes across the project. Please verify that this update is backward compatible with consumer code and resolves the peer dependency concerns as expected.

.changeset/@graphql-tools_executor-common-696-dependencies.md (2)

1-3: Header Format and Metadata

The changeset header is correctly formatted with the YAML front matter delimiters (---). The metadata clearly indicates that a patch update is being applied for the package @graphql-tools/executor-common.

---

5-7: Dependency Version Bump Clarity

The dependency update for @envelop/core is clearly stated. The updated version (^5.1.0) is provided alongside the previous version (^5.0.2), and the inclusion of the NPM link offers a useful reference for reviewers. Please ensure that this bump resolves the peer dependency issues without causing any breaking changes within the consuming packages.

.changeset/@graphql-tools_executor-http-696-dependencies.md (1)

1-3: Header and Release Type Declaration

The changeset header correctly indicates a patch release for the @graphql-tools/executor-http package. The use of the front matter delimiters (---) and the concise declaration is appropriate.

examples/operation-field-permissions/package.json (2)

1-1: Missing Linear Issue Reference

It appears that the PR description does not reference a Linear issue (e.g., "GW-*"). Please ensure that a relevant Linear ticket is linked in the PR description to maintain traceability with our issue tracking.

---

5-5: Dependency Version Update Confirmed

The update of @envelop/core from ^5.0.2 to ^5.1.0 aligns with the broader dependency bump objectives aimed at resolving peer dependency issues. No further changes are needed.

e2e/polling/services/Graph.ts (1)

5-5: LGTM! Clean migration to graphql-yoga.

The import statement correctly imports the required functions from graphql-yoga.

e2e/extra-fields/package.json (1)

7-7:

✅ Verification successful

Verify graphql-yoga version compatibility.

The version update to ^5.12.0 aligns with the PR objectives to fix peer dependency issues.

---

🌐 Web query:

What are the peer dependencies for graphql-yoga version 5.12.0?

💡 Result:

The peer dependencies for graphql-yoga version 5.12.0 are:

• graphql:
  The core graphql library is required as a peer dependency[3][7]. While no explicit version range is mentioned in the provided sources, graphql-yoga generally aligns with modern GraphQL specifications and supports versions compatible with its execution requirements (typically ^16.0.0 or later based on ecosystem standards)[3][9].

Key Points:

1. No explicit version constraints are listed in recent release notes[1][5], but graphql must be installed separately[3].
2. Plugins may introduce additional peer dependencies (e.g., @nestjs/graphql for NestJS integrations)[1], but these are plugin-specific rather than core requirements.

For production use:

pnpm add graphql-yoga graphql

Citations:

• 1: https://github.com/prisma/graphql-yoga/releases
• 2: mswjs/msw#2185
• 3: https://www.npmjs.com/package/graphql-yoga
• 4: https://deps.dev/npm/gatsby/3.14.6/dependencies/graph?filter=package%3A%22is-promise%22+version%3A%224.0.0%22
• 5: https://the-guild.dev/graphql/yoga-server/changelogs/graphql-yoga
• 6: https://classic.yarnpkg.com/en/package/gatsby-cli
• 7: https://the-guild.dev/graphql/yoga-server
• 8: https://deps.dev/npm/gatsby/4.21.0-next.1/dependencies
• 9: graphql/graphql-js#1531
• 10: https://sourceforge.net/projects/graphql-yoga.mirror/files/release-1737369543378/

---

Graphql-Yoga Version Verified

• The update to "graphql-yoga": "^5.12.0" in e2e/extra-fields/package.json aligns with the PR’s goals.
• A web query confirms that the sole peer dependency is graphql (which should be a modern version, typically ^16.0.0 or later).
• Please ensure that an appropriate version of graphql is installed to satisfy this dependency.

e2e/polling/package.json (1)

6-8:

✅ Verification successful

Verify express version compatibility.

The migration from express-graphql to graphql-yoga looks good. However, the express version ^4.21.2 seems unusual as the latest 4.x version is 4.18.x.

---

🌐 Web query:

What is the latest version of express 4.x?

💡 Result:

The latest version of Express 4.x is 4.21.2, released on December 5, 2024[1][3][6]. This patch update addressed security vulnerabilities and included dependency updates:

Key details about Express v4.21.2:

• Fixed CVE-2024-47764 through dependency updates[1]
• Backported security fixes from Express v5 branch[1][3]
• Maintained compatibility with Node.js versions prior to v18[1]
• Kept legacy APIs removed in Express v5[1][3]

The Express team continues maintaining the 4.x branch for applications not yet ready to migrate to Express v5[1][3]. While development focus has shifted to v5.x and future versions[5], critical security patches are still being backported to v4.x[1][3].

For new projects, Express v5.x (current version: 5.0.1) is recommended for modern Node.js environments[1][5], but existing v4.x applications can safely remain on this LTS-like branch with proper security monitoring[3].

Citations:

• 1: https://github.com/expressjs/express/releases
• 2: https://github.com/expressjs/express/wiki/Migrating-from-3.x-to-4.x
• 3: https://expressjs.com/en/changelog/
• 4: https://forums.meteor.com/t/introducing-express-v5-a-new-era-for-node-js-framework/62423
• 5: https://expressjs.com/2025/01/09/rewind-2024-triumphs-and-2025-vision.html
• 6: https://www.npmjs.com/package/express
• 7: https://dev.to/woovi/a-modern-nodejs-typescript-setup-for-2025-nlk
• 8: https://expressjs.com/en/api.html
• 9: https://express4x4truckrental.com

---

Express version compatibility verified

The migration from express-graphql to graphql-yoga looks good, and the express version is correct. The latest Express 4.x release is indeed 4.21.2 (released December 5, 2024), so there's no need to change the version specification in e2e/polling/package.json.

e2e/type-merging-batching/package.json (1)

7-7: LGTM! Version update aligns with other packages.

The version update to ^5.12.0 is consistent with other package.json changes.

.changeset/@graphql-tools_federation-696-dependencies.md (1)

1-8: Dependency Changeset for Federation Package Looks Good
The changeset correctly documents the patch update for @graphql-tools/federation and the corresponding update for @whatwg-node/fetch from ^0.10.1 to ^0.10.4. The formatting and links to the npm page enhance traceability.

e2e/interface-additional-resolvers/package.json (1)

1-11: Updated graphql-yoga Version for Interface Additional Resolvers
The dependency "graphql-yoga" has been updated to ^5.12.0 as intended. This upgrade is consistent with the peer dependency alignment across the project.

.changeset/@graphql-hive_logger-winston-696-dependencies.md (1)

1-8: Correct Changeset Update for Logger-Winston
The changeset accurately reflects the patch update for @graphql-hive/logger-winston along with the dependency bump of @graphql-mesh/types from ^0.103.6 to ^0.103.18. The provided link and formatting contribute to clear documentation.

e2e/retry-timeout/package.json (1)

1-12: Consistent graphql-yoga Version Update in Retry Timeout Package
The dependency "graphql-yoga" is successfully updated to ^5.12.0. This update aligns with other packages, ensuring consistency in dependency versions across the codebase.

e2e/operation-field-permissions/package.json (1)

1-11: Upgrade for @envelop/core Dependency is Spot On
The update from ^5.0.2 to ^5.1.0 for @envelop/core is clearly indicated. This change is consistent with similar updates elsewhere in the project and should help with improved compatibility.

e2e/subscriptions-with-transforms/package.json (1)

8-8: Dependency Version Update for graphql-yoga:
The "graphql-yoga" dependency has been bumped from a previous version (presumably "^5.10.11") to "^5.12.0". This change appears consistent with the broader dependency upgrades in the repository. Please verify that any consumers of this package are compatible with the new version.

e2e/auto-type-merging/package.json (1)

8-8: Consistent DevDependency Upgrade for graphql-yoga:
The update in the devDependencies section for "graphql-yoga" to "^5.12.0" is in line with other packages in the project. Ensure that the test environments and build scripts are verified against this change.

e2e/opentelemetry/package.json (1)

9-9: Update of graphql-yoga in Production Dependencies:
The dependency "graphql-yoga" now uses "^5.12.0", aligning with similar updates across the repository. This change should help resolve any peer dependency issues related to this package.

.changeset/@graphql-mesh_transport-common-696-dependencies.md (1)

7-8: Documented Dependency Upgrades in Changeset:
The changeset clearly details the upgrades for @envelop/core (to "^5.1.0") and @graphql-mesh/types (to "^0.103.18"). This level of documentation is helpful for traceability and future maintenance. Please ensure that users check the changelogs of these dependencies for any breaking changes that might affect the system.

e2e/json-schema-subscriptions/package.json (1)

6-6: Update for @graphql-mesh/cross-helpers Dependency:
The version of "@graphql-mesh/cross-helpers" has been updated from "^0.4.9" to "^0.4.10". This change is consistent with similar updates in related packages. It is recommended to run integration tests for subscription features to ensure compatibility with the new version.

internal/e2e/package.json (1)

10-10: Updated Dependency Version for @whatwg-node/fetch
The dependency version has been updated from ^0.10.1 to ^0.10.4. Ensure that this version is fully compatible with the rest of the project to resolve the peer dependency issues effectively.

examples/interface-additional-resolvers/package.json (1)

7-7: Updated Dependency Version for graphql-yoga
The graphql-yoga dependency has been upgraded to ^5.12.0. Please verify that this bump does not introduce any breaking changes and maintains compatibility with your current setup.

.changeset/@graphql-mesh_transport-ws-696-dependencies.md (1)

1-10: Documentation of Dependency Bumps for @graphql-mesh/transport-ws
The changeset clearly documents the version bumps for @graphql-mesh/cross-helpers, @graphql-mesh/types, and @graphql-mesh/utils along with helpful links to their respective npm pages. This clarity aids in ensuring consistency across the project’s dependency graph.

.changeset/@graphql-mesh_transport-http-696-dependencies.md (1)

1-10: Dependency Update Documentation for @graphql-mesh/transport-http
The changeset accurately reflects the updated versions for @graphql-mesh/cross-helpers, @graphql-mesh/types, and @graphql-mesh/utils. This update aligns with similar dependency changes elsewhere in the repository and is clearly documented.

.changeset/@graphql-mesh_plugin-prometheus-696-dependencies.md (1)

1-10: Clear Documentation of Dependency Bump for @graphql-mesh/plugin-prometheus
The changeset effectively indicates the updates to @graphql-mesh/cross-helpers, @graphql-mesh/types, and @graphql-mesh/utils. The structured documentation and provided links help in verifying that the correct versions are being used.

e2e/federation-subscriptions-passthrough/package.json (1)

4-8: Bump @whatwg-node/fetch Dependency Version
The version for @whatwg-node/fetch has been updated from a previous version (likely ^0.10.1) to ^0.10.4. This change is in line with the broader dependency updates made across the repository. Please ensure that this bump does not introduce any incompatibilities with packages that depend on this module.

.changeset/@graphql-mesh_plugin-opentelemetry-696-dependencies.md (2)

1-3: Proper Patch Declaration for plugin-opentelemetry
The changeset correctly marks the release of @graphql-mesh/plugin-opentelemetry as a patch update, which is appropriate given that only dependency versions are updated.

---

7-9: Consistent Dependency Version Updates
The dependency versions for @graphql-mesh/cross-helpers, @graphql-mesh/types, and @graphql-mesh/utils have been updated (from ^0.4.9 and ^0.103.6 to ^0.4.10 and ^0.103.18, respectively). These updates are consistent with similar changes in other parts of the project. Please verify that these new versions maintain overall compatibility.

.changeset/@graphql-mesh_hmac-upstream-signature-696-dependencies.md (2)

1-3: Proper Patch Declaration for hmac-upstream-signature
Declaring the @graphql-mesh/hmac-upstream-signature update as a patch is appropriate. This ensures that only backward-compatible changes (dependency updates) are being released.

---

7-9: Aligned Dependency Versions for hmac-upstream-signature
The updates for @graphql-mesh/cross-helpers, @graphql-mesh/types, and @graphql-mesh/utils mirror the changes in other packages. This alignment helps maintain a consistent dependency tree across the repository.

examples/extra-fields/package.json (1)

6-7: Upgrade graphql-yoga Dependency
The version for graphql-yoga has been updated from ^5.10.11 to ^5.12.0, aligning it with similar updates across other packages. Ensure that this newer version is fully compatible with the example’s configuration and behavior.

examples/type-merging-batching/package.json (1)

6-7: Bump graphql-yoga to Latest Release
Upgrading graphql-yoga to ^5.12.0 maintains consistency with the other updated examples. Please test the example to confirm that there are no breaking changes with the new version.

examples/subscriptions-with-transforms/package.json (1)

8-8: Dependency Version Update for graphql-yoga:
The update to "graphql-yoga": "^5.12.0" is consistent with the coordinated dependency bumps across this repository. Please double-check the GraphQL Yoga release notes for any breaking changes or adjustments in API behavior that might affect the example.

examples/json-schema-subscriptions/package.json (1)

6-6: Dependency Version Update for @graphql-mesh/cross-helpers:
The version bump from ^0.4.9 to ^0.4.10 is clearly intended for consistency with corresponding packages. Verify that this minor bump does not introduce any compatibility issues with related dependencies in the project.

.changeset/@graphql-mesh_transport-http-callback-696-dependencies.md (1)

7-10: Changeset Dependency Updates Overview:
The changeset clearly documents updates for:

• @graphql-mesh/cross-helpers → ^0.4.10
• @graphql-mesh/types → ^0.103.18
• @graphql-mesh/utils → ^0.103.18
• @whatwg-node/fetch → ^0.10.4

Please ensure these updated dependencies are validated against peer dependency requirements in all affected packages.

e2e/hmac-auth-https/package.json (1)

16-16: Dependency Version Update for graphql-yoga:
The bump to "graphql-yoga": "^5.12.0" in this end-to-end test package aligns with the updates across the repository. It’s important to run the full e2e test suite to confirm that this dependency upgrade maintains the expected behavior under various scenarios.

.changeset/@graphql-mesh_fusion-runtime-696-dependencies.md (1)

7-11: Fusion Runtime Dependency Updates:
This changeset updates several core dependencies:

• @envelop/core: from ^5.0.3 to ^5.1.0
• @graphql-mesh/cross-helpers: to ^0.4.10
• @graphql-mesh/types and @graphql-mesh/utils: to ^0.103.18
• graphql-yoga: from ^5.10.11 to ^5.12.0

These updates are well-documented. Please verify that these versions remain compatible with all modules depending on them.

examples/federation-subscriptions-passthrough/package.json (1)

6-6: Dependency Version Bump Approved.
The update for @whatwg-node/fetch from ^0.10.1 to ^0.10.4 is consistent with similar dependency changes elsewhere in the repository. Please ensure that any changelog or release notes for this dependency upgrade are updated accordingly.

examples/hmac-auth-https/package.json (1)

20-20: Upgrade of graphql-yoga Dependency Approved.
The bump from ^5.10.11 to ^5.12.0 is in line with recent updates across the project and should improve consistency. Verify that no breaking changes from graphql-yoga affect the service’s runtime behavior.

packages/executors/common/package.json (1)

42-43: Dependency Version Update for @envelop/core.
Upgrading @envelop/core from ^5.0.2 to ^5.1.0 aligns well with related dependency updates. Please run integration tests to ensure compatibility across modules using this package.

packages/delegate/package.json (1)

51-51: New Dev Dependency Added for Type Definitions.
Adding "@types/lodash": "4.17.15" improves type safety and consistency with similar updates in other packages.

packages/logger-winston/package.json (1)

52-52: Dependency Version Update for @graphql-mesh/types.
The update from ^0.103.6 to ^0.103.18 is consistent with the broader effort in the project. Please ensure that any API changes introduced in the new version are fully compatible with the logger’s functionality.

packages/transports/common/package.json (2)

45-46: Dependency Version Bumps.
The versions for @envelop/core and @graphql-mesh/types have been updated to ^5.1.0 and ^0.103.18 respectively. Please verify that these new versions remain compatible within the mesh ecosystem.

---

53-54: Dev Dependency Updates.
The updates for @graphql-mesh/cross-helpers and @graphql-mesh/utils (now at ^0.4.10 and ^0.103.18) are in line with the broader package updates. Confirm that tests pass without regression.

packages/transports/http/package.json (1)

45-49: HTTP Transport Dependency Updates.
The bumped versions for @graphql-mesh/cross-helpers (^0.4.10), @graphql-mesh/types (^0.103.18), and @graphql-mesh/utils (^0.103.18) are consistent with the updates seen in other packages. Please double-check that these changes integrate smoothly with the HTTP transport module.

packages/transports/ws/package.json (1)

45-49: WebSocket Transport Dependency Updates.
The update of @graphql-mesh/cross-helpers, @graphql-mesh/types, and @graphql-mesh/utils to their new versions aligns well with the overall dependency upgrade strategy. Please confirm that these changes do not introduce integration issues with the WebSocket transport.

packages/plugins/hmac-upstream-signature/package.json (2)

45-47: Plugin Dependency Bumps.
The updates for @graphql-mesh/cross-helpers, @graphql-mesh/types, and @graphql-mesh/utils bring this plugin into alignment with the rest of the codebase. Please ensure that these changes are fully compatible with the plugin’s behavior.

---

57-57: Dev Dependency Update for graphql-yoga.
Raising the graphql-yoga version to ^5.12.0 is appropriate for staying current; verify that this upgrade does not introduce breaking changes in the test environment.

packages/transports/http-callback/package.json (2)

45-49: HTTP Callback Dependency Updates.
The version bumps for @graphql-mesh/cross-helpers, @graphql-mesh/types, and @graphql-mesh/utils are now consistent with the overall project updates. Confirm that these changes do not adversely affect the HTTP callback functionality.

---

53-53: @whatwg-node/fetch Version Bump.
The update to @whatwg-node/fetch (now ^0.10.4) looks correct. Please verify that this version is compatible with the rest of the package dependencies.

packages/plugins/prometheus/package.json (2)

47-49: Bump Mesh Utilities Versions
The updated versions for @graphql-mesh/cross-helpers (^0.4.10), @graphql-mesh/types (^0.103.18), and @graphql-mesh/utils (^0.103.18) align with similar updates across the project to ensure consistency.

---

58-58: Update GraphQL Yoga Version
The devDependency update for graphql-yoga to ^5.12.0 is consistent with dependency upgrades elsewhere.

packages/executors/http/package.json (2)

46-46: Update Fetch Dependency
Bumping @whatwg-node/fetch to ^0.10.4 brings this package in line with the updated versions across other packages in the ecosystem.

---

57-57: Upgrade GraphQL Yoga in DevDependencies
Updating graphql-yoga to ^5.12.0 ensures compatibility with the rest of the dependency updates.

packages/federation/package.json (2)

51-51: Align Fetch Dependency Version
Updating @whatwg-node/fetch to ^0.10.4 ensures consistency with the version upgrades made in related packages.

---

59-59: Add Lodash Types DevDependency
The addition of @types/lodash at version 4.17.15 improves type safety. Please verify that this dependency is required in your codebase.

packages/fusion-runtime/package.json (5)

46-46: Update Envelop Core Dependency
Bumping @envelop/core to ^5.1.0 is appropriate for capturing minor improvements and patches.

---

47-47: Update Mesh Cross Helpers
Upgrading @graphql-mesh/cross-helpers to ^0.4.10 aligns with the updates applied in other packages.

---

49-49: Upgrade Mesh Types
The change to @graphql-mesh/types (^0.103.18) ensures that type definitions are up-to-date with the latest improvements.

---

50-50: Upgrade Mesh Utils
Updating @graphql-mesh/utils to ^0.103.18 helps maintain compatibility throughout the project.

---

62-62: GraphQL Yoga Bump
The update of graphql-yoga to ^5.12.0 guarantees that you are leveraging the latest features and fixes.

packages/plugins/opentelemetry/package.json (3)

47-47: Update Mesh Cross Helpers
The updated version for @graphql-mesh/cross-helpers to ^0.4.10 ensures uniformity with similar dependency bumps across the codebase.

---

49-50: Upgrade Mesh Types and Utils
Upgrading both @graphql-mesh/types and @graphql-mesh/utils to ^0.103.18 improves dependency consistency and compatibility.

---

66-66: Update GraphQL Yoga in DevDependencies
Updating graphql-yoga to ^5.12.0 in the devDependencies reflects the needed peer dependency fixes.

.changeset/@graphql-hive_gateway-runtime-696-dependencies.md (2)

1-4: Good changeset header and patch declaration.
The file clearly indicates that a patch update is being made for @graphql-hive/gateway-runtime. Please ensure that any related issue tracking (for example, a Linear issue with a GW-* ID) is referenced in the PR description if required by your process.

---

5-20: Comprehensive Dependency Updates Documentation.
The dependency updates—listing both the new version and the previous version for each package—are very clear. This level of detail supports transparency and assists maintainers in tracking changes across the GraphQL ecosystem.

packages/runtime/package.json (4)

47-59: GraphQL Mesh and Envelop Dependency Updates.
The updates for the following dependencies:

• @envelop/core from ^5.0.0 to ^5.1.0
• @graphql-mesh/cross-helpers from ^0.4.9 to ^0.4.10
• @graphql-mesh/plugin-hive from ^0.103.0 to ^0.103.19
• @graphql-mesh/plugin-response-cache from ^0.103.13 to ^0.103.21
• @graphql-mesh/types from ^0.103.6 to ^0.103.18
• @graphql-mesh/utils from ^0.103.6 to ^0.103.18

are clearly specified. Please verify that these version bumps are fully compatible with the rest of the system, especially with any other packages that share these as peer dependencies.

---

68-71: GraphQL Yoga Plugin Updates.
The versions for @graphql-yoga/plugin-apollo-usage-report, @graphql-yoga/plugin-csrf-prevention, @graphql-yoga/plugin-defer-stream, and @graphql-yoga/plugin-persisted-operations have been bumped as expected. Confirm that these updates remain backwards compatible with your current GraphQL Yoga setup and that any related integration tests pass successfully.

---

74-76: Server and Core GraphQL Library Updates.
The updated versions for @whatwg-node/server, graphql-ws, and graphql-yoga are consistent with similar changes in related packages. These changes should help resolve the peer dependency issues. It’s a good idea to verify that these updates propagate the desired behavior in all runtime contexts.

---

84-84: Updated Development Dependency.
The bump for @whatwg-node/fetch (in the devDependencies section) to ^0.10.4 is noted. Please ensure that this development tool’s version update aligns with your local workflows and testing environments without issues.

.changeset/@graphql-hive_gateway-696-dependencies.md (2)

1-4: Changeset Header for @graphql-hive/gateway.
The header correctly declares a patch update for @graphql-hive/gateway. As with the runtime changeset, double-check that the PR description includes any required issue references (e.g. GW-*) according to your team’s workflow.

---

5-30: Detailed Dependency Update Summary.
This changeset nicely documents a wide range of dependency bumps (for example, @commander-js/extra-typings, @envelop/core, and various @graphql-mesh plugins). The granularity provided here supports clarity and traceability in the update process.

packages/gateway/package.json (5)

57-65: CLI and Mesh Caching Dependencies Updates.
The updates for the following dependencies:

• @commander-js/extra-typings updated to ^13.1.0
• @envelop/core updated to ^5.1.0
• @graphql-mesh/cache-cfw-kv updated to ^0.104.18
• @graphql-mesh/cache-localforage updated to ^0.103.19
• @graphql-mesh/cache-redis updated to ^0.103.19
• @graphql-mesh/cache-upstash-redis updated to ^0.0.5
• @graphql-mesh/cross-helpers updated to ^0.4.10

are in line with the dependency bump strategy. Please verify that these updates do not conflict with any peer versions in use across the codebase.

---

67-71: Mesh Plugin Updates.
The updated versions for the Mesh plugins:

• @graphql-mesh/plugin-deduplicate-request to ^0.103.18
• @graphql-mesh/plugin-http-cache to ^0.104.6
• @graphql-mesh/plugin-jit to ^0.1.18
• @graphql-mesh/plugin-jwt-auth to ^1.4.8
• @graphql-mesh/plugin-mock to ^0.103.19

are clearly stated. It is recommended to run integration tests to confirm that all of these plugins interact correctly after the version bumps.

---

74-75: Additional Mesh Plugin Updates.
The updates for @graphql-mesh/plugin-rate-limit (now ^0.103.19) and @graphql-mesh/plugin-snapshot (now ^0.103.18) maintain consistency with the overall Mesh ecosystem updates. Ensure these changes are tested in scenarios where rate limiting or snapshot functionalities are in play.

---

79-83: GraphQL Mesh Types and Tools Loader Updates.
The dependency updates here affect:

• @graphql-mesh/types to ^0.103.18
• @graphql-mesh/utils to ^0.103.18
• @graphql-tools/code-file-loader to ^8.1.15
• @graphql-tools/graphql-file-loader to ^8.0.14
• @graphql-tools/load to ^8.0.14

This group of version bumps is important to ensure a cohesive ecosystem. Please verify that these updates are carried through in both the build and runtime contexts.

---

85-88: Runtime and CLI Library Updates.
The updates for the following packages—

• commander to ^13.1.0
• dotenv to ^16.4.7
• graphql-ws to ^6.0.4
• graphql-yoga to ^5.12.0

—are consistent with other parts of the system and are aimed at resolving peer dependency issues. Please confirm that these changes do not adversely affect the runtime behavior, especially when launching the gateway CLI.

[coderabbitai]

🧹 Nitpick (assertive)

Clear Dependency Update Information

The dependency update for @whatwg-node/fetch is clearly detailed by showing the new version ^0.10.4 along with a link to the npm package page. This is aligned with the intended dependency bump to resolve peer dependency issues.

It might be beneficial to include a brief context note on how this dependency update resolves any specific peer dependency conflicts, helping future reviewers and maintainers.

[coderabbitai]

🧹 Nitpick (assertive)

Consider adding health check endpoint.

The GraphQL server setup looks good, but since this is an e2e test service, consider adding a health check endpoint to verify the service is running correctly.

 app.use(
   '/graphql',
   createYoga({
     schema: createSchema({
       typeDefs: schemaContent,
       resolvers: {
         hello: () => {
           return new Promise((resolve) => {
             setTimeout(() => {
               resolve('Hello world!');
             }, 20_000);
           });
         },
       },
     }),
   }),
 );
+
+// Add health check endpoint
+app.get('/health', (_, res) => {
+  res.status(200).send('OK');
+});

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	app.use(
	'/graphql',
	graphqlHTTP({
	schema: buildSchema(schemaContent),
	rootValue: root,
	graphiql: true,
	createYoga({
	schema: createSchema({
	typeDefs: schemaContent,
	resolvers: {
	hello: () => {
	return new Promise((resolve) => {
	setTimeout(() => {
	resolve('Hello world!');
	}, 20_000);
	});
	},
	},
	}),
	}),
	);
	app.use(
	'/graphql',
	createYoga({
	schema: createSchema({
	typeDefs: schemaContent,
	resolvers: {
	hello: () => {
	return new Promise((resolve) => {
	setTimeout(() => {
	resolve('Hello world!');
	}, 20_000);
	});
	},
	},
	}),
	}),
	);
	// Add health check endpoint
	app.get('/health', (_, res) => {
	res.status(200).send('OK');
	});