chore(deps): bump graphql from 16.14.2 to 17.0.0

[dependabot]

Bumps graphql from 16.14.2 to 17.0.0.

Release notes

Sourced from graphql's releases.

v17.0.0 (2026-06-15)

New Feature 🚀

• #4819 feat: graduate directives on directives (@​yaacovCR)

Bug Fix 🐞

• #4799 fix: raise request error on invalid fragment variables (@​yaacovCR)
• #4800 fix: apply directives when SDL contains type definitions and extensions with directives (@​yaacovCR)
• #4564 OneOf Inhabitability (@​jbellenger)
• #4814 fix(KnownDirectivesRule): locations for input field arguments in extensions (@​yaacovCR)
• #4726 feat(validation): reject directive definition cycles (@​yaacovCR)
• #4815 Revert "feat(validation): reject directive definition cycles (#4726)" (@​yaacovCR)

Docs 📝

• #4790 docs: minor diagnostics doc comment improvements (@​yaacovCR)
• #4791 fix: docs: polish diagnostics comments further (@​yaacovCR)
• #4793 docs: further improve general execution and tracing docs (@​yaacovCR)
• #4802 docs: correct extension field comments - v17 (@​yaacovCR)
• #4805 docs: publish fixed extensions comments (@​yaacovCR)
• #4807 docs: add prettier for jsdoc examples (@​yaacovCR)
• #4435 Subscriptions docs suggestions (@​Urigo)
• #4811 docs: fix a few indentations inside string literals (@​yaacovCR)
• #4813 internal: docs update (@​yaacovCR)
• #4820 docs: document @experimental_disableErrorPropagation (@​yaacovCR)
• #4817 docs: post 17.rc-0 update (@​yaacovCR)

Polish 💅

• #4809 internal: use prettier for non-generated website files (@​yaacovCR)
• #4812 polish: fix stream test cases (@​yaacovCR)

Internal 🏠

• #4795 chore: move website publishing from 16.x.x to 17.x.x (@​yaacovCR)
• #4796 internal: fix broken npm/deno deployments (@​yaacovCR)
• #4797 ci: update GitHub Actions versions (@​yaacovCR)
• #4806 internal: update frontmatter (@​yaacovCR)
• #4808 intenral: fix ci badge (@​yaacovCR)
• #4810 internal: add prettier:examples to lint-staged (@​yaacovCR)

... (truncated)

Commits

• c7e494a chore(release): v17.0.0
• d977f66 docs: post 17.rc-0 update (#4817)
• 39f865f docs: document @experimental_disableErrorPropagation (#4820)
• 61db552 feat: graduate directives on directives (#4819)
• e8e5d64 Revert "feat(validation): reject directive definition cycles (#4726)" (#4815)
• f8ffad3 feat(validation): reject directive definition cycles (#4726)
• 6618357 polish(KnownDirectivesRule): cover field argument directives in extensions
• 242c99e fix(KnownDirectivesRule): directive locations for input obj extensions
• 83dc508 internal: upgrade website prettier
• a98dc3e internal: support local api doc generation
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Test Coverage Report

Overall Coverage: 96.84%

Metric	Percentage
Statements	96.2%
Branches	87.97%
Functions	94.83%
Lines	96.84%

View detailed coverage report

[greptile-apps]

Greptile Summary

• Updates packages/gitlab-mcp to depend on graphql@^17.0.0.
• Updates yarn.lock so the workspace resolves graphql@17.0.0.
• Leaves the rest of the GraphQL-related dependency set unchanged.

Confidence Score: 4/5

The dependency bump is not merge-safe until the GraphQL peer dependency mismatch is resolved.

The changed dependency set was narrow and the install-time incompatibility was confirmed with real package-manager output.

packages/gitlab-mcp/package.json needs graphql and graphql-tag brought back into a compatible peer range.

_{Reviews (1): Last reviewed commit: "chore(deps): bump graphql from 16.14.2 t..." | Re-trigger Greptile}

[greptile-apps]

Unsupported peer combination

Bumping graphql to ^17.0.0 leaves this package on graphql-tag@2.12.6, whose peer range only accepts GraphQL through ^16.0.0. A fresh install now reports YN0060 / YN0086 for the workspace-provided graphql@17.0.0, so CI or downstream install steps that enforce peer requirements can fail before the package is usable. Keep GraphQL on 16, or update/remove graphql-tag at the same time with a version/path that supports GraphQL 17.