build(deps): bump the actions-deps group across 1 directory with 9 updates

[dependabot]

Bumps the actions-deps group with 8 updates in the / directory:

Package	From	To
@graphql-tools/delegate	12.0.13	12.0.14
prettier	3.8.2	3.8.3
svelte	5.55.3	5.55.4
@graphql-tools/stitch	10.1.17	10.1.18
puppeteer	24.40.0	24.41.0
webpack	5.106.1	5.106.2
postcss	8.5.9	8.5.10
wrangler	4.82.2	4.83.0

Updates @graphql-tools/delegate from 12.0.13 to 12.0.14

Changelog

Sourced from @​graphql-tools/delegate's changelog.

12.0.14

Patch Changes

• #2243 dff525f Thanks @​qsona! - Fix redundant type merging calls when subschemas have no explicit name.

  The fallback name-based matching in resolveExternalValue (introduced in #1557) incorrectly matched unrelated subschemas when neither had an explicit name set, because undefined === undefined evaluated to true. This caused type merging to trigger even when fetching a type directly from its source subschema, resulting in a redundant second call.

Commits

• 90fe08b Upcoming Release Changes (#2252)
• dff525f fix(delegate): prevent redundant type merging (#2243)
• See full diff in compare view

Updates prettier from 3.8.2 to 3.8.3

Release notes

Sourced from prettier's releases.

3.8.3

• SCSS: Prevent trailing comma in if() function (prettier/prettier#18471 by @​kovsu)

🔗 Changelog

Changelog

Sourced from prettier's changelog.

3.8.3

diff

SCSS: Prevent trailing comma in if() function (#18471 by @​kovsu)

// Input
$value: if(sass(false): 1; else: -1);
// Prettier 3.8.2
$value: if(
sass(false): 1; else: -1,
);
// Prettier 3.8.3
$value: if(sass(false): 1; else: -1);

Commits

• d7108a7 Release 3.8.3
• 177f908 Prevent trailing comma in SCSS if() function (#18471)
• 1cd4066 Release @​prettier/plugin-oxc@​0.1.4
• a8700e2 Update oxc-parser to v0.125.0
• 752157c Fix tests
• 053fd41 Bump Prettier dependency to 3.8.2
• 904c636 Clean changelog_unreleased
• dc1f7fc Update dependents count
• See full diff in compare view

Updates svelte from 5.55.3 to 5.55.4

Release notes

Sourced from svelte's releases.

svelte@5.55.4

Patch Changes

• fix: never mark a child effect root as inert (#18111)

• fix: reset context after waiting on blockers of @const expressions (#18100)

• fix: keep flushing new eager effects (#18102)

Changelog

Sourced from svelte's changelog.

5.55.4

Patch Changes

• fix: never mark a child effect root as inert (#18111)

• fix: reset context after waiting on blockers of @const expressions (#18100)

• fix: keep flushing new eager effects (#18102)

Commits

• 7fddfbd Version Packages (#18105)
• 671fc2e fix: never mark a child effect root as inert (#18111)
• 0ed8c28 fix: reset context after waiting on blockers of @const expressions (#18100)
• 273f1a8 fix: keep flushing new eager effects (#18102)
• See full diff in compare view

Updates @graphql-tools/stitch from 10.1.17 to 10.1.18

Changelog

Sourced from @​graphql-tools/stitch's changelog.

10.1.18

Patch Changes

• Updated dependencies [dff525f]:
  • @​graphql-tools/delegate@​12.0.14
  • @​graphql-tools/batch-delegate@​10.0.20
  • @​graphql-tools/wrap@​11.1.14

Commits

• 90fe08b Upcoming Release Changes (#2252)
• dff525f fix(delegate): prevent redundant type merging (#2243)
• 95ea66e Build(deps): Bump the all-minor-patch group with 14 updates (#2219)
• See full diff in compare view

Updates @graphql-tools/wrap from 11.1.13 to 11.1.14

Changelog

Sourced from @​graphql-tools/wrap's changelog.

11.1.14

Patch Changes

• Updated dependencies [dff525f]:
  • @​graphql-tools/delegate@​12.0.14

Commits

• 90fe08b Upcoming Release Changes (#2252)
• See full diff in compare view

Updates puppeteer from 24.40.0 to 24.41.0

Release notes

Sourced from puppeteer's releases.

puppeteer-core: v24.41.0

24.41.0 (2026-04-15)

🎉 Features

• add support for Issues (#14845) (6e8dbe7)
• adds extension realms api (#14824) (c14f4ae)
• API to list installed browser extensions and trigger extension actions (#14821) (d6395ef)
• implement console event on web workers (#14784) (fa6158a)
• roll to Chrome 147.0.7727.24 (#14797) (ee81786)
• roll to Firefox 149.0 (#14799) (9fd5ceb)
• webmcp: add hook for tool invocation (#14835) (cf8169d)
• webmcp: add hook for tool response (#14841) (6fb05bc)
• webmcp: add initial API to inspect tool registrations (#14814) (655c996)
• webmcp: add WebMCPTool execute support (#14851) (8f95117)
• webmcp: expose WebMCPToolCall in WebMCPToolCallResult (#14848) (242ac0b)
• webmcp: Switch from WebMCPInvocationStatus Success to Completed (#14859) (375e636)

🛠️ Fixes

• add missing onRelease to Mutex and add tests (#14818) (bf1e972)
• make Target.asPage return the same Page instance (#14862) (e484a91)
• remove RenderDocument from disabled Chrome features (#14745) (a48eba2)
• roll to Chrome 147.0.7727.50 (#14819) (2be3002)
• roll to Chrome 147.0.7727.56 (#14842) (fdb3c64)
• roll to Firefox 149.0.2 (#14838) (55359a3)
• without azimuthAngle the altitudeAngle should no be specified (#14781) (6f9d975)

📄 Documentation

• update extension and realm docs (#14867) (080379b)
• webmcp: Add JS example to WebMCP class (#14852) (c514dba)
• webmcp: Add missing documentation (#14849) (76b08d2)
• webmcp: tune tags and descriptions (#14844) (5782958)

puppeteer: v24.41.0

24.41.0 (2026-04-15)

🎉 Features

• roll to Chrome 147.0.7727.24 (#14797) (ee81786)

Dependencies

• The following workspace dependencies were updated

... (truncated)

Changelog

Sourced from puppeteer's changelog.

24.41.0 (2026-04-15)

🎉 Features

• add support for Issues (#14845) (6e8dbe7)
• adds extension realms api (#14824) (c14f4ae)
• API to list installed browser extensions and trigger extension actions (#14821) (d6395ef)
• implement console event on web workers (#14784) (fa6158a)
• roll to Chrome 147.0.7727.24 (#14797) (ee81786)
• roll to Firefox 149.0 (#14799) (9fd5ceb)
• webmcp: add hook for tool invocation (#14835) (cf8169d)
• webmcp: add hook for tool response (#14841) (6fb05bc)
• webmcp: add initial API to inspect tool registrations (#14814) (655c996)
• webmcp: add WebMCPTool execute support (#14851) (8f95117)
• webmcp: expose WebMCPToolCall in WebMCPToolCallResult (#14848) (242ac0b)
• webmcp: Switch from WebMCPInvocationStatus Success to Completed (#14859) (375e636)

Dependencies

• The following workspace dependencies were updated
  • dependencies
    • puppeteer-core bumped from 24.40.0 to 24.41.0

🛠️ Fixes

• add missing onRelease to Mutex and add tests (#14818) (bf1e972)
• make Target.asPage return the same Page instance (#14862) (e484a91)
• remove RenderDocument from disabled Chrome features (#14745) (a48eba2)
• roll to Chrome 147.0.7727.50 (#14819) (2be3002)
• roll to Chrome 147.0.7727.56 (#14842) (fdb3c64)
• roll to Firefox 149.0.2 (#14838) (55359a3)
• without azimuthAngle the altitudeAngle should no be specified (#14781) (6f9d975)

📄 Documentation

• update extension and realm docs (#14867) (080379b)
• webmcp: Add JS example to WebMCP class (#14852) (c514dba)
• webmcp: Add missing documentation (#14849) (76b08d2)
• webmcp: tune tags and descriptions (#14844) (5782958)

Commits

• 2d05dfc fix: bump node to 24 to avoid publishing bugs with npm (#14868)
• 20402bc chore: release main (#14866)
• 080379b docs: update extension and realm docs (#14867)
• 1f9dc74 chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 in /website (#14865)
• 4655500 chore(deps-dev): bump the dev-dependencies group with 8 updates (#14855)
• d502941 test: fix extension test flakiness (#14864)
• e484a91 fix: make Target.asPage return the same Page instance (#14862)
• c14f4ae feat: adds extension realms api (#14824)
• 5097b97 test: fix flaky extension test (#14853)
• 8f95117 feat(webmcp): add WebMCPTool execute support (#14851)
• Additional commits viewable in compare view

Updates webpack from 5.106.1 to 5.106.2

Release notes

Sourced from webpack's releases.

v5.106.2

Patch Changes

• CSS @​import now inherits the parent module's exportType, so a file configured as "text" correctly creates a style tag when @​imported by a "style" parent. (by @​xiaoxiaojx in #20838)

• Make asset modules available in JS context when referenced from both CSS and a lazily compiled JS chunk. (by @​xiaoxiaojx in #20801)

• Include missing generator options in hash to ensure persistent cache invalidation when configuration changes (CssGenerator exportsOnly, JsonGenerator JSONParse, WebAssemblyGenerator mangleImports). (by @​xiaoxiaojx in #20821)

• Fix || default value handling in ProgressPlugin and ManifestPlugin that incorrectly overrode user-provided falsy values (e.g. modules: false, entries: false, entrypoints: false). (by @​xiaoxiaojx in #20823)

• Migrate from mime-types to mime-db. (by @​alexander-akait in #20812)

• Handle @charset at-rules in CSS modules. (by @​alexander-akait in #20831)

• Marked all experimental options in types. (by @​alexander-akait in #20814)

Changelog

Sourced from webpack's changelog.

5.106.2

Patch Changes

• CSS @​import now inherits the parent module's exportType, so a file configured as "text" correctly creates a style tag when @​imported by a "style" parent. (by @​xiaoxiaojx in #20838)

• Make asset modules available in JS context when referenced from both CSS and a lazily compiled JS chunk. (by @​xiaoxiaojx in #20801)

• Include missing generator options in hash to ensure persistent cache invalidation when configuration changes (CssGenerator exportsOnly, JsonGenerator JSONParse, WebAssemblyGenerator mangleImports). (by @​xiaoxiaojx in #20821)

• Fix || default value handling in ProgressPlugin and ManifestPlugin that incorrectly overrode user-provided falsy values (e.g. modules: false, entries: false, entrypoints: false). (by @​xiaoxiaojx in #20823)

• Migrate from mime-types to mime-db. (by @​alexander-akait in #20812)

• Handle @charset at-rules in CSS modules. (by @​alexander-akait in #20831)

• Marked all experimental options in types. (by @​alexander-akait in #20814)

Commits

• 0d7e3e0 chore(release): new release (#20815)
• d5df118 chore(deps): bump actions/cache in the dependencies group (#20839)
• 5f0874b fix: make asset modules available in JS when referenced from CSS and lazy JS ...
• b63ab37 chore(deps): bump test/test262-cases in the dependencies group (#20792)
• 313dfc5 ci: improve time for windows (#20840)
• a553f61 test: update test262 (#20841)
• 1ef747c fix: CSS @​import should inherit parent's exportType over parser config (#20838)
• 485d4ce chore(deps): update open-cli (#20834)
• 46042b9 chore(deps): no outdated strip-ansi (#20835)
• 8c7700b fix: handle @charset at-rules in CSS modules
• Additional commits viewable in compare view

Updates postcss from 8.5.9 to 8.5.10

Release notes

Sourced from postcss's releases.

8.5.10

• Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

Changelog

Sourced from postcss's changelog.

8.5.10

• Fixed XSS via unescaped </style> in non-bundler cases (by @​TharVid).

Commits

• 33b9790 Release 8.5.10 version
• 536c79e Escape </style> in CSS output (#2074)
• afa96b2 Update dependencies (#2073)
• effe88b Typo (#2072)
• 3ee79a2 Thread model (#2071)
• 2e0683d Create incident response docs (#2070)
• See full diff in compare view

Updates wrangler from 4.82.2 to 4.83.0

Release notes

Sourced from wrangler's releases.

wrangler@4.83.0

Minor Changes

• #13391 60565dd Thanks @​mikenomitch! - Mark wrangler containers commands as stable

  This changes the status of the Containers CLI from open beta to stable. Wrangler no longer shows [open beta] labels or beta warning text for wrangler containers commands, so the help output matches the feature's current availability.

• #13311 6cbcdeb Thanks @​ryanking13! - JS files imported by the Python Workers runtime SDK are now handled as ESM modules.

  This is not a user-facing change, but Python Workers users should update their wrangler version to make sure to get Python workers SDK working properly.

Patch Changes

• #13450 6f63eaa Thanks @​petebacondarwin! - Fix POST/PUT requests with non-2xx responses throwing "fetch failed"

  Previously, sending a POST or PUT request that received a non-2xx response (e.g. 401, 400, 403) would throw a TypeError: fetch failed error. This was caused by an undici bug where isTraversableNavigable() incorrectly returned true, causing the 401 credential-retry block to execute in Node.js and fail on stream-backed request bodies. This has been fixed upstream in undici v7.24.8, so we've bumped our dependency and removed the previous pnpm patch workaround.

• #13447 aef9825 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260410.1	1.20260413.1

• #13475 eaaa728 Thanks @​dependabot! - Update dependencies of "miniflare", "wrangler"

  The following dependency versions have been updated:

  Dependency	From	To
  workerd	1.20260413.1	1.20260415.1

• #13386 5e5bbc1 Thanks @​mksglu! - Make startup network requests non-blocking on slow connections

  Wrangler makes network requests during startup (npm update check, request.cf data fetch) that previously blocked the CLI indefinitely on slow or degraded connections (airplane wifi, trains), causing 10+ second delays.

  • Update check: The banner now races the update check against a 100ms grace period. On a cache hit (most runs) the result resolves in <1ms via the I/O poll phase; on a cache miss the banner prints immediately without blocking. A 3s safety-net timeout caps the update-check library's auth-retry path.
  • request.cf fetch: The fetch to workers.cloudflare.com/cf.json now uses AbortSignal.timeout(3000), falling back to cached/default data on timeout.

• #13469 07a918c Thanks @​1000hz! - wrangler preview no longer warns on inheritable binding types being missing from previews config.

• #13463 90aee27 Thanks @​roerohan! - Remove unnecessary flagship:read OAuth scope

  The flagship:read scope is not needed since flagship:write already implies read access. This reduces the OAuth permissions requested during login to only what is required.

• Updated dependencies [854d66c, 6f63eaa, aef9825, eaaa728, 58292f6, 5e5bbc1, d5ff5a4, 89c7829]:

  • miniflare@4.20260415.0

Commits

• 4af4d54 Version Packages (#13461)
• 6cbcdeb Vendor JS files in python workers SDK as esm modules (#13311)
• eaaa728 Bump the workerd-and-workers-types group with 2 updates (#13475)
• 07a918c fix(wrangler): wrangler preview no longer warns about missing inheritable b...
• 60565dd Remove containers "beta" (#13391)
• aef9825 Bump the workerd-and-workers-types group with 2 updates (#13447)
• 051db1f Make all properties in previews optional (#13468)
• 5efac31 [wrangler] Add e2e test to validate default OAuth scopes (#13465)
• 7d81a83 Revert "[wrangler] fix: prevent remote binding sessions expiring during long ...
• 90aee27 [wrangler] remove unnecessary flagship:read OAuth scope (#13463)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[changeset-bot]

⚠️ No Changeset found

Latest commit: 4cae779

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR