build(deps): bump the graphql group across 1 directory with 2 updates

[dependabot]

Bumps the graphql group with 2 updates in the / directory: @apollo/client and graphql.

Updates @apollo/client from 4.1.4 to 4.1.6

Release notes

Sourced from @​apollo/client's releases.

@​apollo/client@​4.1.6

Patch Changes

• #13128 6c0b8e4 Thanks @​pavelivanov! - Fix useQuery hydration mismatch when ssr: false and skip: true are used together

  When both options were combined, the server would return loading: false (because useSSRQuery checks skip first), but the client's getServerSnapshot was returning ssrDisabledResult with loading: true, causing a hydration mismatch.

@​apollo/client@​4.1.5

Patch Changes

• #13155 3ba1583 Thanks @​jerelmiller! - Fix an issue where useQuery would poll with pollInterval when skip was initialized to true.

• #13135 fd42142 Thanks @​jerelmiller! - Fix issue where client.query would apply options from defaultOptions.watchQuery.

Changelog

Sourced from @​apollo/client's changelog.

4.1.6

Patch Changes

• #13128 6c0b8e4 Thanks @​pavelivanov! - Fix useQuery hydration mismatch when ssr: false and skip: true are used together

  When both options were combined, the server would return loading: false (because useSSRQuery checks skip first), but the client's getServerSnapshot was returning ssrDisabledResult with loading: true, causing a hydration mismatch.

4.1.5

Patch Changes

• #13155 3ba1583 Thanks @​jerelmiller! - Fix an issue where useQuery would poll with pollInterval when skip was initialized to true.

• #13135 fd42142 Thanks @​jerelmiller! - Fix issue where client.query would apply options from defaultOptions.watchQuery.

Commits

• 1f6decb Version Packages (#13160)
• 7bb2071 fix(useQuery): prevent hydration mismatch when ssr: false and skip: true are ...
• ca88f33 update jest config again 🤦
• 355900a ignore test for React 17
• 40e5706 revert file to state on main
• 5cae14d Merge branch 'main' into fix/prevent-hydration-mismatch
• 3b6278d change test
• fc3d8cc roll back, change logic in useQuery, end to end test
• 31f3f9a format
• 67578d8 Apply suggestion from @​phryneas
• Additional commits viewable in compare view

Updates graphql from 16.12.0 to 16.13.0

Release notes

Sourced from graphql's releases.

16.13.0

v16.13.0 (2026-02-24)

New Feature 🚀

• #4458 Sibling errors should not be added after propagation (@​yaacovCR)

Bug Fix 🐞

• #4336 add deprecated note to assertValidExecutionArguments (@​yaacovCR)
• #4517 fix(validation): incorrect validation errors when variable descriptions are used (@​phryneas)

Internal 🏠

• #4506 Version packages (@​JoviDeCroock)
• #4514 chore: always ignore scripts (@​benjie)
• #4524 update contributing (@​yaacovCR)

Committers: 4

• Benjie(@​benjie)
• Jovi De Croock(@​JoviDeCroock)
• Lenz Weber-Tronic(@​phryneas)
• Yaacov Rydzinski (@​yaacovCR)

Commits

• 7569989 16.13.0
• 49450d8 Revert "deprecate (internal) buildResolveInfo in favor of (internal) ResolveI...
• 4149722 deprecate (internal) buildResolveInfo in favor of (internal) ResolveInfo clas...
• 4c057eb add deprecated note to assertValidExecutionArguments (#4336)
• 3f8f27a fix(validation): incorrect validation errors when variable descriptions are u...
• b34a4cd update contributing (#4524)
• abddd09 Sibling errors should not be added after propagation (#4458)
• d26810b Alter contributing
• 5f4602d 16.12.0
• d239841 chore: always ignore scripts (#4514)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
npm/@apollo/client	4.1.6	🟢 5.8	Details Check Score Reason Code-Review 🟢 5 Found 4/7 approved changesets -- score normalized to 5 Maintained 🟢 10 30 commit(s) and 26 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo License 🟢 10 license file detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Signed-Releases ⚠️ -1 no releases found Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
npm/graphql	16.13.0	🟢 8.1	Details Check Score Reason Code-Review 🟢 7 Found 22/29 approved changesets -- score normalized to 7 Maintained 🟢 10 10 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Packaging ⚠️ -1 packaging workflow not detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected SAST 🟢 10 SAST tool is run on all commits

Scanned Files

• package.json

[sjinks]

@dependabot rebase

[sjinks]

@dependabot rebase

[dependabot]

Looks like this PR is already up-to-date with trunk! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[sjinks]

@dependabot rebase

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud