chore(deps): bump the test-versions group across 1 directory with 2 updates

[dependabot]

Bumps the test-versions group with 2 updates in the /integration-tests/esbuild directory: @apollo/server and axios.

Updates @apollo/server from 5.0.0 to 5.1.0

Release notes

Sourced from @​apollo/server's releases.

@​apollo/server-integration-testsuite@​5.1.0

Patch Changes

• Updated dependencies [80a1a1a]:
  • @​apollo/server@​5.1.0

@​apollo/server@​5.1.0

Minor Changes

• #8148 80a1a1a Thanks @​jerelmiller! - Apollo Server now supports the incremental delivery protocol (@defer and @stream) that ships with [email protected]. To use the current protocol, clients must send the Accept header with a value of multipart/mixed; incrementalSpec=v0.2.

  Upgrading to 5.1 will depend on what version of graphql you have installed and whether you already support the incremental delivery protocol.

  I use graphql@16 without incremental delivery

  Continue using graphql v16 with no additional changes. Incremental delivery won't be available.

  I use graphql@16 but would like to add support for incremental delivery

  Install [email protected] and follow the "Incremental delivery" guide to add the @defer and @stream directives to your schema. Clients should send the Accept header with a value of multipart/mixed; incrementalSpec=v0.2 to get multipart responses.

  I use [email protected] and use incremental delivery

  You must upgrade to [email protected] to continue using incremental delivery. If you'd like to continue providing support for the legacy incremental protocol, install the @yaacovcr/transform package. Apollo Server will attempt to load this module when the client specifies an Accept header with a value of multipart/mixed; deferSpec=20220824. If this package is not installed, an error is returned by the server.

  Because Apollo Server now supports multiple versions of the incremental delivery types, the existing incremental delivery types have been renamed with an Alpha2 suffix. If you import these types in your code, you will need to add the Alpha2 suffix.

  import type {
  - GraphQLExperimentalFormattedInitialIncrementalExecutionResult,
  + GraphQLExperimentalFormattedInitialIncrementalExecutionResultAlpha2,
  
  GraphQLExperimentalFormattedSubsequentIncrementalExecutionResult,
  
  
  GraphQLExperimentalFormattedSubsequentIncrementalExecutionResultAlpha2,
  
  
  GraphQLExperimentalFormattedIncrementalResult,
  
  
  GraphQLExperimentalFormattedIncrementalResultAlpha2,
  
  
  GraphQLExperimentalFormattedIncrementalDeferResult,
  
  
  GraphQLExperimentalFormattedIncrementalDeferResultAlpha2,
  
  
  GraphQLExperimentalFormattedIncrementalStreamResult,
  
  
  GraphQLExperimentalFormattedIncrementalStreamResultAlpha2,
  } from '@​apollo/server';

Incremental delivery types for the [email protected] version are now available using the Alpha9 suffix:

import type {

... (truncated)

Changelog

Sourced from @​apollo/server's changelog.

5.1.0

Minor Changes

• #8148 80a1a1a Thanks @​jerelmiller! - Apollo Server now supports the incremental delivery protocol (@defer and @stream) that ships with [email protected]. To use the current protocol, clients must send the Accept header with a value of multipart/mixed; incrementalSpec=v0.2.

  Upgrading to 5.1 will depend on what version of graphql you have installed and whether you already support the incremental delivery protocol.

  I use graphql@16 without incremental delivery

  Continue using graphql v16 with no additional changes. Incremental delivery won't be available.

  I use graphql@16 but would like to add support for incremental delivery

  Install [email protected] and follow the "Incremental delivery" guide to add the @defer and @stream directives to your schema. Clients should send the Accept header with a value of multipart/mixed; incrementalSpec=v0.2 to get multipart responses.

  I use [email protected] and use incremental delivery

  You must upgrade to [email protected] to continue using incremental delivery. If you'd like to continue providing support for the legacy incremental protocol, install the @yaacovcr/transform package. Apollo Server will attempt to load this module when the client specifies an Accept header with a value of multipart/mixed; deferSpec=20220824. If this package is not installed, an error is returned by the server.

  Because Apollo Server now supports multiple versions of the incremental delivery types, the existing incremental delivery types have been renamed with an Alpha2 suffix. If you import these types in your code, you will need to add the Alpha2 suffix.

  import type {
  - GraphQLExperimentalFormattedInitialIncrementalExecutionResult,
  + GraphQLExperimentalFormattedInitialIncrementalExecutionResultAlpha2,
  
  GraphQLExperimentalFormattedSubsequentIncrementalExecutionResult,
  
  
  GraphQLExperimentalFormattedSubsequentIncrementalExecutionResultAlpha2,
  
  
  GraphQLExperimentalFormattedIncrementalResult,
  
  
  GraphQLExperimentalFormattedIncrementalResultAlpha2,
  
  
  GraphQLExperimentalFormattedIncrementalDeferResult,
  
  
  GraphQLExperimentalFormattedIncrementalDeferResultAlpha2,
  
  
  GraphQLExperimentalFormattedIncrementalStreamResult,
  
  
  GraphQLExperimentalFormattedIncrementalStreamResultAlpha2,
  } from '@​apollo/server';

Incremental delivery types for the [email protected] version are now available using the Alpha9 suffix:

import type {
  GraphQLExperimentalFormattedInitialIncrementalExecutionResultAlpha9,
  GraphQLExperimentalFormattedSubsequentIncrementalExecutionResultAlpha9,
  GraphQLExperimentalFormattedIncrementalResultAlpha9,
  GraphQLExperimentalFormattedIncrementalDeferResultAlpha9,
  GraphQLExperimentalFormattedIncrementalStreamResultAlpha9,

... (truncated)

Commits

• ae1be29 Version Packages (#8155)
• c9738e2 Version Packages (rc) (#8153)
• 80a1a1a Add support for newer incremental delivery format (#8148)
• See full diff in compare view

Updates axios from 1.13.0 to 1.13.1

Release notes

Sourced from axios's releases.

Release v1.13.1

Release notes:

Bug Fixes

• http: fixed a regression that caused the data stream to be interrupted for responses with non-OK HTTP statuses; (#7193) (bcd5581)

Contributors to this release

• Anchal Singh
• Dmitriy Mozgovoy

Changelog

Sourced from axios's changelog.

1.13.1 (2025-10-28)

Bug Fixes

• http: fixed a regression that caused the data stream to be interrupted for responses with non-OK HTTP statuses; (#7193) (bcd5581)

Contributors to this release

• Anchal Singh
• Dmitriy Mozgovoy

Commits

• 1ef8e72 chore(release): v1.13.1 (#7194)
• bcd5581 fix(http): fixed a regression that caused the data stream to be interrupted f...
• c9b3371 chore: enhance styling and responsiveness in client.html (#7173)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Overall package size

Self size: 13.15 MB
Deduped: 115.95 MB
No deduping: 118.16 MB

Dependency sizes

| name | version | self size | total size | |------|---------|-----------|------------| | @datadog/libdatadog | 0.7.0 | 35.02 MB | 35.02 MB | | @datadog/native-appsec | 10.3.0 | 20.73 MB | 20.74 MB | | @datadog/native-iast-taint-tracking | 4.0.0 | 11.72 MB | 11.73 MB | | @datadog/pprof | 5.11.1 | 9.96 MB | 10.34 MB | | @opentelemetry/core | 1.30.1 | 908.66 kB | 7.16 MB | | protobufjs | 7.5.4 | 2.95 MB | 5.82 MB | | @datadog/wasm-js-rewriter | 4.0.1 | 2.85 MB | 3.58 MB | | @opentelemetry/resources | 1.9.1 | 306.54 kB | 1.74 MB | | @datadog/native-metrics | 3.1.1 | 1.02 MB | 1.43 MB | | @opentelemetry/api-logs | 0.207.0 | 201.39 kB | 1.42 MB | | @opentelemetry/api | 1.9.0 | 1.22 MB | 1.22 MB | | jsonpath-plus | 10.3.0 | 617.18 kB | 1.08 MB | | import-in-the-middle | 1.15.0 | 127.66 kB | 856.24 kB | | lru-cache | 10.4.3 | 804.3 kB | 804.3 kB | | @datadog/openfeature-node-server | 0.1.0-preview.12 | 95.11 kB | 401.68 kB | | opentracing | 0.14.7 | 194.81 kB | 194.81 kB | | source-map | 0.7.6 | 185.63 kB | 185.63 kB | | pprof-format | 2.2.1 | 163.06 kB | 163.06 kB | | @datadog/sketches-js | 2.1.1 | 109.9 kB | 109.9 kB | | lodash.sortby | 4.7.0 | 75.76 kB | 75.76 kB | | ignore | 7.0.5 | 63.38 kB | 63.38 kB | | istanbul-lib-coverage | 3.2.2 | 34.37 kB | 34.37 kB | | rfdc | 1.4.1 | 27.15 kB | 27.15 kB | | dc-polyfill | 0.1.10 | 26.73 kB | 26.73 kB | | @isaacs/ttlcache | 1.4.1 | 25.2 kB | 25.2 kB | | tlhunter-sorted-set | 0.1.0 | 24.94 kB | 24.94 kB | | shell-quote | 1.8.3 | 23.74 kB | 23.74 kB | | limiter | 1.1.5 | 23.17 kB | 23.17 kB | | retry | 0.13.1 | 18.85 kB | 18.85 kB | | semifies | 1.0.0 | 15.84 kB | 15.84 kB | | jest-docblock | 29.7.0 | 8.99 kB | 12.76 kB | | crypto-randomuuid | 1.0.0 | 11.18 kB | 11.18 kB | | ttl-set | 1.0.0 | 4.61 kB | 9.69 kB | | mutexify | 1.4.0 | 5.71 kB | 8.74 kB | | path-to-regexp | 0.1.12 | 6.6 kB | 6.6 kB | | module-details-from-path | 1.0.4 | 3.96 kB | 3.96 kB |

_{🤖 This report was automatically generated by heaviest-objects-in-the-universe}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84.04%. Comparing base (537a4a7) to head (5d5af8f).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #6778      +/-   ##
==========================================
+ Coverage   84.03%   84.04%   +0.01%     
==========================================
  Files         505      506       +1     
  Lines       21223    21240      +17     
==========================================
+ Hits        17834    17851      +17     
  Misses       3389     3389              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[datadog-datadog-prod-us1]

⚠️ Tests

⚠️ Warnings

❄️ 1 New flaky test detected

IAST - overhead-controller - integration vulnerability sampling algorithm should differentiate different methods in the same route from vulnerability sampling algorithm (Datadog)

timeout, additionally:
AssertionError: expected undefined to equal 'web'
    at D:\a\dd-trace-js\dd-trace-js\packages\dd-trace\test\appsec\iast\overhead-controller.integration.spec.js:56:16
    at FakeAgent.messageHandler (D:\a\dd-trace-js\dd-trace-js\integration-tests\helpers\fake-agent.js:152:9)
    at FakeAgent.emit (node:events:508:28)
    at D:\a\dd-trace-js\dd-trace-js\integration-tests\helpers\fake-agent.js:289:11
    at Layer.handleRequest (D:\a\dd-trace-js\dd-trace-js\node_modules\router\lib\layer.js:152:17)
    at next (D:\a\dd-trace-js\dd-trace-js\node_modules\router\lib\route.js:157:13)
    at Route.dispatch (D:\a\dd-trace-js\dd-trace-js\node_modules\router\lib\route.js:117:3)
    at handle (D:\a\dd-trace-js\dd-trace-js\node_modules\router\index.js:435:11)
...

🧪 20 Tests failed

esbuild 0.16.12 injects Git metadata into bundled applications from esbuild 0.16.12 (Datadog)

Command failed: node ./build-and-test-git-tags.js
✘ [ERROR] Could not resolve "@yaacovcr/transform"

    node_modules/@apollo/server/dist/cjs/incrementalDeliveryPolyfill.js:44:82:
      44 │ ...esolve().then(() => __importStar(require('@yaacovcr/transform')));
         ╵                                             ~~~~~~~~~~~~~~~~~~~~~

  You can mark the path "@yaacovcr/transform" as external to exclude it from the bundle, which will remove this error. You can also surround this "require" call with a try/catch block to handle this failure at run-time instead of bundle-time.

Error: Build failed with 1 error:
...

esbuild 0.16.12 works from esbuild 0.16.12 (Datadog)

Command failed: npm run build
✘ [ERROR] Could not resolve "@yaacovcr/transform"

    node_modules/@apollo/server/dist/cjs/incrementalDeliveryPolyfill.js:44:82:
      44 │ ...esolve().then(() => __importStar(require('@yaacovcr/transform')));
         ╵                                             ~~~~~~~~~~~~~~~~~~~~~

  You can mark the path "@yaacovcr/transform" as external to exclude it from the bundle, which will remove this error. You can also surround this "require" call with a try/catch block to handle this failure at run-time instead of bundle-time.

Error: Build failed with 1 error:
...

    esbuild latest injects Git metadata into bundled applications from esbuild latest

View all

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 5d5af8f | Docs | Datadog PR Page | Was this helpful? Give us feedback!}

[pr-commenter]

Benchmarks

Benchmark execution time: 2025-10-30 00:38:51

Comparing candidate commit 5d5af8f in PR branch dependabot/npm_and_yarn/integration-tests/esbuild/test-versions-99b1aaa664 with baseline commit 537a4a7 in branch master.

Found 0 performance improvements and 0 performance regressions! Performance is the same for 1600 metrics, 70 unstable metrics.