build(deps): bump the graphql group across 1 directory with 2 updates

[dependabot]

Bumps the graphql group with 2 updates in the / directory: @apollo/client and graphql.

Updates @apollo/client from 4.2.2 to 4.2.3

Release notes

Sourced from @​apollo/client's releases.

@​apollo/client@​4.2.3

Patch Changes

• #13254 66e9dfc Thanks @​jerelmiller! - Add support for graphql v17 as a valid peer dependency.

Changelog

Sourced from @​apollo/client's changelog.

4.2.3

Patch Changes

• #13254 66e9dfc Thanks @​jerelmiller! - Add support for graphql v17 as a valid peer dependency.

Commits

• 48d2d16 Version Packages (#13266)
• 66e9dfc Support GraphQL v17 (#13254)
• ec68620 chore(deps): update actions/stale action to v10.3.0 (#13263)
• 98729ba chore(deps): update all dependencies - patch updates (#13262)
• e45bbfb docs: unify d.ts example filename to apollo.d.ts (#13261)
• 5e8b651 Tweak renovate config (#13260)
• See full diff in compare view

Updates graphql from 16.14.1 to 16.14.2

Release notes

Sourced from graphql's releases.

v16.14.2 (2026-06-09)

Docs 📝

• #4782 docs: update API (@​yaacovCR)
• #4783 docs: website review (@​yaacovCR)
• #4788 docs: add Node.js tracing channels guide (@​logaretm)
• #4789 docs: overhaul index and update/add additional migration guides (@​yaacovCR)
• #4792 docs: remove extra asterisks from single line jsdoc comments (@​yaacovCR)
• #4794 docs: refresh website with broader execution/tracing update (@​yaacovCR)
• #4801 docs: correct extension field comments - v16 (@​yaacovCR)

Polish 💅

• #4787 docs: update documentation for v17 release candidate (@​yaacovCR)

Committers: 2

• Abdelrahman Awad(@​logaretm)
• Yaacov Rydzinski (@​yaacovCR)

Commits

• dca5b4d chore(release): v16.14.2
• 01f8503 docs: correct extension field comments - v16 (#4801)
• b8087c3 docs: add Node.js tracing channels guide (#4788)
• ec23905 docs: refresh website with broader execution/tracing update (#4794)
• f8680fa docs: remove extra asterisks from single line jsdoc comments (#4792)
• 6256444 docs: overhaul index and update/add additional migration guides (#4789)
• e7e90ef docs: update documentation for v17 release candidate (#4787)
• cae62e3 docs: restore missing docs
• 35f1ff9 docs: increase spacing in embedded TOC
• 56c868e docs: fix deprecated markings
• Additional commits viewable in compare view

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/@apollo/client	4.2.3	🟢 6.7	Details Check Score Reason Code-Review 🟢 4 Found 9/21 approved changesets -- score normalized to 4 Maintained 🟢 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions 🟢 6 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies 🟢 8 dependency not pinned by hash detected -- score normalized to 8 License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 4 SAST tool is not run on all commits -- score normalized to 4
npm/graphql	16.14.2	🟢 7.2	Details Check Score Reason Code-Review ⚠️ 0 Found 0/12 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Maintained 🟢 10 30 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies 🟢 4 dependency not pinned by hash detected -- score normalized to 4 License 🟢 10 license file detected Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST 🟢 10 SAST tool is run on all commits

Scanned Files

• package.json

[sjinks]

@dependabot rebase

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud