Skip to content

chore(deps): bump undici, @mercuriusjs/federation, @mercuriusjs/gateway and mercurius#533

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-b6e852b02e
Open

chore(deps): bump undici, @mercuriusjs/federation, @mercuriusjs/gateway and mercurius#533
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/npm_and_yarn/multi-b6e852b02e

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 14, 2026

Bumps undici, @mercuriusjs/federation, @mercuriusjs/gateway and mercurius. These dependencies needed to be updated together.
Updates undici from 7.16.0 to 7.24.2

Release notes

Sourced from undici's releases.

v7.24.2

What's Changed

Full Changelog: nodejs/undici@v7.24.1...v7.24.2

v7.24.1

What's Changed

Full Changelog: nodejs/undici@v7.24.0...v7.24.1

v7.24.0

Undici v7.24.0 Security Release Notes

This release addresses multiple security vulnerabilities in Undici.

Upgrade guidance

All users on v7 should upgrade to v7.24.0 or later.

Fixed advisories

Affected and patched ranges

... (truncated)

Commits

Updates @mercuriusjs/federation from 3.0.0 to 5.1.0

Release notes

Sourced from @​mercuriusjs/federation's releases.

v5.1.0

What's Changed

New Contributors

Full Changelog: mercurius-js/mercurius-federation@v4.0.0...v5.1.0

v5.0.0

What's Changed

Full Changelog: mercurius-js/mercurius-federation@v3.0.0...v5.0.0

Commits
  • 59f69f1 chore: bumped v5.1.0
  • 00a6d83 feat: add federationSchemaTransformer export and documentation (#244)
  • 088f4bb Build(deps-dev): Bump c8 from 10.1.3 to 11.0.0 (#242)
  • 6fb1116 Build(deps-dev): Bump @​matteo.collina/snap from 0.3.0 to 1.0.0 (#241)
  • da24318 chore: update dependencies lint, license and removed tests-checker workflow (...
  • 6d2fb68 chore: remove dependencie tap and others updated (#177)
  • 2b7220b Build(deps): Bump actions/setup-node from 6.1.0 to 6.2.0 (#239)
  • 9ce484a Build(deps-dev): Bump @​graphql-tools/utils from 10.11.0 to 11.0.0 (#234)
  • a406bb5 Build(deps): Bump actions/setup-node from 6.0.0 to 6.1.0 (#229)
  • f28239c Build(deps): Bump actions/checkout from 5 to 6 (#216)
  • Additional commits viewable in compare view
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates @mercuriusjs/gateway from 3.0.1 to 5.2.0

Release notes

Sourced from @​mercuriusjs/gateway's releases.

v5.2.0

What's Changed

Full Changelog: mercurius-js/mercurius-gateway@v5.1.0...v5.2.0

v5.1.0

What's Changed

New Contributors

Full Changelog: mercurius-js/mercurius-gateway@v5.0.0...v5.1.0

v5.0.0

What's Changed

Full Changelog: mercurius-js/mercurius-gateway@v4.0.0...v5.0.0

v4.0.0

Full Changelog: mercurius-js/mercurius-gateway@v3.0.1...v4.0.0

Commits
  • f1dceac chore: bumped v5.2.0
  • d5c68d0 feat(request): add origin to agent.request() to support all undici Dispatcher...
  • fa01a3b chore(deps-dev): bump c8 from 10.1.3 to 11.0.0 (#125)
  • 7c06fae chore(deps): bump actions/checkout from 4 to 6 (#124)
  • 09ffae0 chore(deps): bump actions/setup-node from 3.8.1 to 6.2.0 (#123)
  • 6cb722a chore(deps): bump actions/checkout from 3 to 4 (#102)
  • b58f5fa chore(deps): bump actions/setup-node from 3.6.0 to 3.8.1 (#92)
  • 4b7a1cc chore: bumped v5.1.0
  • 47c43d1 test: migrate union-cross-service to node:test
  • ceed4d5 chore: refactor test to node test and upgrade deps (#120)
  • Additional commits viewable in compare view
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates mercurius from 14.1.0 to 16.8.0

Release notes

Sourced from mercurius's releases.

v16.8.0

⚠️ Security Release

What's Changed

Full Changelog: mercurius-js/mercurius@v16.7.0...v16.8.0

v16.7.0

What's Changed

New Contributors

Full Changelog: mercurius-js/mercurius@v16.6.0...v16.7.0

v16.6.0

What's Changed

Full Changelog: mercurius-js/mercurius@v16.5.0...v16.6.0

v16.5.0

What's Changed

Full Changelog: mercurius-js/mercurius@v16.3.0...v16.5.0

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
chore(deps): bump undici, @mercuriusjs/federation, @mercuriusjs/gatew…
8ddc2cf 
…ay and mercurius

Bumps [undici](https://github.com/nodejs/undici), [@mercuriusjs/federation](https://github.com/mercurius-js/mercurius-federation), [@mercuriusjs/gateway](https://github.com/mercurius-js/federation-support) and [mercurius](https://github.com/mercurius-js/mercurius). These dependencies needed to be updated together.

Updates `undici` from 7.16.0 to 7.24.2
- [Release notes](https://github.com/nodejs/undici/releases)
- [Commits](nodejs/undici@v7.16.0...v7.24.2)

Updates `@mercuriusjs/federation` from 3.0.0 to 5.1.0
- [Release notes](https://github.com/mercurius-js/mercurius-federation/releases)
- [Commits](mercurius-js/mercurius-federation@v3.0.0...v5.1.0)

Updates `@mercuriusjs/gateway` from 3.0.1 to 5.2.0
- [Release notes](https://github.com/mercurius-js/federation-support/releases)
- [Commits](mercurius-js/mercurius-gateway@v3.0.1...v5.2.0)

Updates `mercurius` from 14.1.0 to 16.8.0
- [Release notes](https://github.com/mercurius-js/mercurius/releases)
- [Commits](mercurius-js/mercurius@v14.1.0...v16.8.0)

---
updated-dependencies:
- dependency-name: undici
  dependency-version: 7.24.2
  dependency-type: direct:production
- dependency-name: "@mercuriusjs/federation"
  dependency-version: 5.1.0
  dependency-type: direct:development
- dependency-name: "@mercuriusjs/gateway"
  dependency-version: 5.2.0
  dependency-type: direct:development
- dependency-name: mercurius
  dependency-version: 16.8.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code labels Mar 14, 2026
@dependabot dependabot bot mentioned this pull request Mar 14, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update Javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants