Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Apollo GraphQL packages #216

Merged
merged 1 commit into from
Mar 16, 2024
Merged

Update Apollo GraphQL packages #216

merged 1 commit into from
Mar 16, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented May 5, 2023
edited
Loading

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
@apollo/gateway (source) 2.4.2 -> 2.7.1 age adoption passing confidence
@apollo/server (source) 4.7.1 -> 4.10.1 age adoption passing confidence
@apollo/subgraph (source) 2.4.2 -> 2.7.1 age adoption passing confidence
apollo-server-micro (source) 3.12.0 -> 3.13.0 age adoption passing confidence

Release Notes

apollographql/federation (@​apollo/gateway)

v2.7.1

Compare Source

Patch Changes

v2.7.0

Compare Source

Minor Changes

  • Implement progressive @override functionality (#​2911)

    The progressive @override feature brings a new argument to the @override directive: label: String. When a label is added to an @override application, the override becomes conditional, depending on parameters provided to the query planner (a set of which labels should be overridden). Note that this feature will be supported in router for enterprise users only.

    Out-of-the-box, the router will support a percentage-based use case for progressive @override. For example:

    type Query {
  hello: String @​override(from: "original", label: "percent(5)")
}

    The above example will override the root hello field from the "original" subgraph 5% of the time.

    More complex use cases will be supported by the router via the use of coprocessors/rhai to resolve arbitrary labels to true/false values (i.e. via a feature flag service).

Patch Changes

v2.6.3

Compare Source

Patch Changes

v2.6.2

Compare Source

Patch Changes

v2.6.1

Compare Source

Patch Changes

v2.6.0

Compare Source

Minor Changes

  • Add more information to OpenTelemetry spans. (#​2700)

    Rename operationName to graphql.operation.name and add a
    graphql.operation.type attribute, in conformance with the OpenTelemetry
    Semantic Conventions for GraphQL. The operationName attribute is now
    deprecated, but it is still emitted alongside graphql.operation.name.

    Add a graphql.document span attribute to the gateway.request span,
    containing the entire GraphQL source sent in the request. This feature
    is disable by default.

    When one or more GraphQL or internal errors occur, report them in the
    OpenTelemetry span in which they took place, as an exception event. This
    feature is disabled by default.

    To enable the graphql.document span attribute and the exception event
    reporting, add the following entries to your ApolloGateway instance
    configuration:

    const gateway = new ApolloGateway({
  // ...
  telemetry: {
    // Set to `true` to include the `graphql.document` attribute
    includeDocument: true,
    // Set to `true` to report all exception events, or set to a number
    // to report at most that number of exception events per span
    reportExceptions: true,
    // or: reportExceptions: 1
  },
});

  • Update license field in package.json to use Elastic-2.0 SPDX identifier (#​2741)

  • Introduce the new @policy scope for composition (#​2818)

    Note that this directive will only be fully supported by the Apollo Router as a GraphOS Enterprise feature at runtime. Also note that composition of valid @policy directive applications will succeed, but the resulting supergraph will not be executable by the Gateway or an Apollo Router which doesn't have the GraphOS Enterprise entitlement.

    Users may now compose @policy applications from their subgraphs into a supergraph.

    The directive is defined as follows:

    scalar federation__Policy

directive @​policy(policies: [[federation__Policy!]!]!) on
  | FIELD_DEFINITION
  | OBJECT
  | INTERFACE
  | SCALAR
  | ENUM

    The Policy scalar is effectively a String, similar to the FieldSet type.

    In order to compose your @policy usages, you must update your subgraph's federation spec version to v2.6 and add the @policy import to your existing imports like so:

    @​link(url: "https://specs.apollo.dev/federation/v2.6", import: [..., "@​policy"])

  • Add graphql.operation.name attribute on gateway.plan span (#​2807)

Patch Changes

v2.5.7

Compare Source

Patch Changes

v2.5.6

Compare Source

Patch Changes

v2.5.5

Compare Source

Patch Changes

  • Fix specific case for requesting __typename on interface entity type (#​2775)

    In certain cases, when resolving a __typename on an interface entity (due to it actual being requested in the operation), that fetch group could previously be trimmed / treated as useless. At a glance, it appears to be a redundant step, i.e.:

    { ... on Product { __typename id }} => { ... on Product { __typename} }

    It's actually necessary to preserve this in the case that we're coming from an interface object to an (entity) interface so that we can resolve the concrete __typename correctly.

  • Don't preserve useless fetches which downgrade __typename from a concrete type back to its interface type. (#​2778)

    In certain cases, the query planner was preserving some fetches which were "useless" that would rewrite __typename from its already-resolved concrete type back to its interface type. This could result in (at least) requested fields being "filtered" from the final result due to the interface's __typename in the data where the concrete type's __typename was expected.

    Specifically, the solution was compute the path between newly created groups and their parents when we know that it's trivial ([]). Further along in the planning process, this allows to actually remove the known-useless group.

  • Propagate type information when renaming entity fields (#​2776)

    Aliased entity fields might have been incorrectly overwritten if multiple fields/aliases shared the same name. Query planner automatically renames conflicting fields to ensure we can always generate a valid GraphQL query. The underlying issue was that this key rewriting logic was assuming the same type of an object. In case of entity queries asking for those aliased fields, we ended up always attempting to apply field renaming logic regardless, whether or not a given entity was of the correct type. This fix ensures that the query planner logic correctly accounts for the object type when applying field renaming logic.

  • Updated dependencies [66d7e4ce, a37bbbf6]:

v2.5.4

Compare Source

Patch Changes

  • Adds header to change the format of exposed query plans, and allows formatting it as json. (#​2724)

    When the gateway is configured to allow it, adding the Apollo-Query-Plan-Experimental header to a request already allowed a "prettified" text version of the query plan used for the query is returned in the response extension. This changes adds support for a new (optional) accompanying header, Apollo-Query-Plan-Experimental-Format, which can be set to the value "internal" to have the query plan returned as a json object (that correspond to the internal representation of that query plan) instead of the text version otherwise sent. Note that if that new header is not provided, then the query plan continues to be send in the previous prettified text version.

  • Fix some potentially incorrect query plans with @requires when some dependencies are involved. (#​2726)

    In some rare case of @requires, an over-eager optimisation was incorrectly considering that
    a dependency between 2 subgraph fetches was unnecessary, leading to doing 2 subgraphs queries
    in parallel when those should be done sequentially (because the 2nd query rely on results
    from the 1st one). This effectively resulted in the required fields not being provided (the
    consequence of which depends a bit on the resolver detail, but if the resolver expected
    the required fields to be populated (as they should), then this could typically result
    in a message of the form GraphQLError: Cannot read properties of null).

  • Updated dependencies [203b0a44]:

v2.5.3

Compare Source

Patch Changes

v2.5.2

Compare Source

Patch Changes

  • Remove extraneous call to span.setStatus() on a span which has already ended. (#​2697)

    In cases where a subgraph responded with an error, we would sometimes try to set
    the status of a span which had already ended. This resulted in a warning log to
    the console (but no effect otherwise). This warning should no longer happen.

  • Fix fallbackPollIntervalInMs behavior. (#​2709)

    The fallbackPollIntervalInMs serves 2 purposes:

    • it allows users to provide an Uplink poll interval if Uplink doesn't provide one
    • it allows users to use a longer poll interval that what's prescribed by Uplink

    The second bullet is how the configuration option is documented, but not how it was previously implemented. This change corrects the behavior to respect this configuration if it's provided AND is longer than the Uplink interval.

  • Updated dependencies [35179f08]:

v2.5.1

Compare Source

Patch Changes

  • Reapply #​2639: (#​2687)

    Try reusing named fragments in subgraph fetches even if those fragment only apply partially to the subgraph. Before this change, only named fragments that were applying entirely to a subgraph were tried, leading to less reuse that expected. Concretely, this change can sometimes allow the generation of smaller subgraph fetches.

    Additionally, resolve a bug which surfaced in the fragment optimization logic which could result in invalid/incorrect optimizations / fragment reuse.

  • Updated dependencies [b9052fdd]:

v2.5.0

Compare Source

Minor Changes

  • Do not run the full suite of graphQL validations on supergraphs and their extracted subgraphs by default in production environment. (#​2657)

    Running those validations on every updates of the schema takes a non-negligible amount of time (especially on large
    schema) and mainly only serves in catching bugs early in the supergraph handling code, and in some limited cases,
    provide slightly better messages when a corrupted supergraph is received, neither of which is worth the cost in
    production environment.

    A new validateSupergraph option is also introduced in the gateway configuration to force this behaviour.

  • Support responses from subgraphs which use the application/graphql-response+json content-type header. (#​2162)

    See graphql-over-http spec for more details:
    https://graphql.github.io/graphql-over-http/draft/#sec-application-graphql-response-json

  • Introduce the new @authenticated directive for composition (#​2644)

    Note that this directive will only be fully supported by the Apollo Router as a GraphOS Enterprise feature at runtime. Also note that composition of valid @authenticated directive applications will succeed, but the resulting supergraph will not be executable by the Gateway or an Apollo Router which doesn't have the GraphOS Enterprise entitlement.

    Users may now compose @authenticated applications from their subgraphs into a supergraph. This addition will support a future version of Apollo Router that enables authenticated access to specific types and fields via directive applications.

    The directive is defined as follows:

    directive @​authenticated on FIELD_DEFINITION | OBJECT | INTERFACE | SCALAR | ENUM

    In order to compose your @authenticated usages, you must update your subgraph's federation spec version to v2.5 and add the @authenticated import to your existing imports like so:

    @​link(url: "https://specs.apollo.dev/federation/v2.5", import: [..., "@​authenticated"])

  • Introduce the new @requiresScopes directive for composition (#​2649)

    Note that this directive will only be fully supported by the Apollo Router as a GraphOS Enterprise feature at runtime. Also note that composition of valid @requiresScopes directive applications will succeed, but the resulting supergraph will not be executable by the Gateway or an Apollo Router which doesn't have the GraphOS Enterprise entitlement.

    Users may now compose @requiresScopes applications from their subgraphs into a supergraph. This addition will support a future version of Apollo Router that enables scoped access to specific types and fields via directive applications.

    The directive is defined as follows:

    scalar federation__Scope

directive @​requiresScopes(
  scopes: [federation__Scope!]!
) on FIELD_DEFINITION | OBJECT | INTERFACE | SCALAR | ENUM

    The Scope scalar is effectively a String, similar to the FieldSet type.

    In order to compose your @requiresScopes usages, you must update your subgraph's federation spec version to v2.5 and add the @requiresScopes import to your existing imports like so:

    @​link(url: "https://specs.apollo.dev/federation/v2.5", import: [..., "@​requiresScopes"])
Patch Changes

v2.4.13

Compare Source

Patch Changes

v2.4.12

Compare Source

Patch Changes

  • Remove extraneous call to span.setStatus() on a span which has already ended. (#​2717)

    In cases where a subgraph responded with an error, we would sometimes try to set
    the status of a span which had already ended. This resulted in a warning log to
    the console (but no effect otherwise). This warning should no longer happen.

  • Fix fallbackPollIntervalInMs behavior. (#​2717)

    The fallbackPollIntervalInMs serves 2 purposes:

    • it allows users to provide an Uplink poll interval if Uplink doesn't provide one
    • it allows users to use a longer poll interval that what's prescribed by Uplink

    The second bullet is how the configuration option is documented, but not how it was previously implemented. This change corrects the behavior to respect this configuration if it's provided AND is longer than the Uplink interval.

  • Updated dependencies [693c2433]:

v2.4.11

Compare Source

Patch Changes

  • Reapply #​2639: (#​2684)

    Try reusing named fragments in subgraph fetches even if those fragment only apply partially to the subgraph. Before this change, only named fragments that were applying entirely to a subgraph were tried, leading to less reuse that expected. Concretely, this change can sometimes allow the generation of smaller subgraph fetches.

    Additionally, resolve a bug which surfaced in the fragment optimization logic which could result in invalid/incorrect optimizations / fragment reuse.

  • Updated dependencies [a740e071]:

v2.4.10

Compare Source

Patch Changes

v2.4.9

Compare Source

Patch Changes

v2.4.8

Compare Source

Patch Changes

v2.4.7

Compare Source

Patch Changes

v2.4.6

Compare Source

Patch Changes

v2.4.5

Compare Source

Patch Changes

v2.4.4

Compare Source

Patch Changes

v2.4.3

Compare Source

Patch Changes
apollographql/apollo-server (@​apollo/server)

v4.10.1

Compare Source

Patch Changes
  • #​7843 72f568e Thanks @​bscherlein! - Improves timing of the willResolveField end hook on fields which return Promises resolving to Arrays. This makes the use of the setCacheHint method more reliable.

v4.10.0

Compare Source

Minor Changes

  • #​7786 869ec98 Thanks @​ganemone! - Restore missing v1 skipValidation option as dangerouslyDisableValidation. Note that enabling this option exposes your server to potential security and unexpected runtime issues. Apollo will not support issues that arise as a result of using this option.

  • #​7803 e9a0d6e Thanks @​favna! - allow stringifyResult to return a Promise<string>

    Users who implemented the stringifyResult hook can now expect error responses to be formatted with the hook as well. Please take care when updating to this version to ensure this is the desired behavior, or implement the desired behavior accordingly in your stringifyResult hook. This was considered a non-breaking change as we consider that it was an oversight in the original PR that introduced stringifyResult hook.

Patch Changes

v4.9.5

Compare Source

Patch Changes

v4.9.4

Compare Source

Patch Changes

  • #​7747 ddce036e1 Thanks @​trevor-scheer! - The minimum version of graphql officially supported by Apollo Server 4 as a peer dependency, v16.6.0, contains a serious bug that can crash your Node server. This bug is fixed in the immediate next version, [email protected], and we strongly encourage you to upgrade your installation of graphql to at least v16.7.0 to avoid this bug. (For backwards compatibility reasons, we cannot change Apollo Server 4's minimum peer dependency, but will change it when we release Apollo Server 5.)

    Apollo Server 4 contained a particular line of code that makes triggering this crashing bug much more likely. This line was already removed in Apollo Server v3.8.2 (see #​6398) but the fix was accidentally not included in Apollo Server 4. We are now including this change in Apollo Server 4, which will reduce the likelihood of hitting this crashing bug for users of graphql v16.6.0. That said, taking this @apollo/server upgrade does not prevent this bug from being triggered in other ways, and the real fix to this crashing bug is to upgrade graphql.

v4.9.3

Compare Source

Patch Changes

  • a1c725eaf Thanks @​trevor-scheer! - Ensure API keys are valid header values on startup

    Apollo Server previously performed no sanitization or validation of API keys on startup. In the case that an API key was provided which contained characters that are invalid as header values, Apollo Server could inadvertently log the API key in cleartext.

    This only affected users who:

    • Provide an API key with characters that are invalid as header values
    • Use either schema or usage reporting
    • Use the default fetcher provided by Apollo Server or configure their own node-fetch fetcher

    Apollo Server now trims whitespace from API keys and validates that they are valid header values. If an invalid API key is provided, Apollo Server will throw an error on startup.

    For more details, see the security advisory:
    GHSA-j5g3-5c8r-7qfx

v4.9.2

Compare Source

Patch Changes

  • #​7699 62e7d940d Thanks @​trevor-scheer! - Fix error path attachment for list items

    Previously, when errors occurred while resolving a list item, the trace builder would fail to place the error at the correct path and just default to the root node with a warning message:

    Could not find node with path x.y.1, defaulting to put errors on root node.

    This change places these errors at their correct paths and removes the log.

v4.9.1

Compare Source

Patch Changes

v4.9.0

Compare Source

Minor Changes

  • #​7617 4ff81ca50 Thanks @​trevor-scheer! - Introduce new ApolloServerPluginSubscriptionCallback plugin. This plugin implements the subscription callback protocol which is used by Apollo Router. This feature implements subscriptions over HTTP via a callback URL which Apollo Router registers with Apollo Server. This feature is currently in preview and is subject to change.

    You can enable callback subscriptions like so:

    import { ApolloServerPluginSubscriptionCallback } from '@&#8203;apollo/server/plugin/subscriptionCallback';
import { ApolloServer } from '@&#8203;apollo/server';

const server = new ApolloServer({
  // ...
  plugins: [ApolloServerPluginSubscriptionCallback()],
});

    Note that there is currently no tracing or metrics mechanism in place for callback subscriptions. Additionally, this plugin "intercepts" callback subscription requests and bypasses some of Apollo Server's internals. The result of this is that certain plugin hooks (notably executionDidStart and willResolveField) will not be called when handling callback subscription requests or when sending subscription events.

    For more information on the subscription callback protocol, visit the docs:
    https://www.apollographql.com/docs/router/executing-operations/subscription-callback-protocol/

Patch Changes

v4.8.1

Compare Source

Patch Changes

v4.8.0

Compare Source

Minor Changes

  • #​7634 f8a8ea08f Thanks @​dfperry5! - Updating the ApolloServer constructor to take in a stringifyResult function that will allow a consumer to pass in a function that formats the result of an http query.

    Usage:

    const server = new ApolloServer({
  typeDefs,
  resolvers,
  stringifyResult: (value: FormattedExecutionResult) => {
    return JSON.stringify(value, null, 2);
  },
});

v4.7.5

Compare Source

Patch Changes

v4.7.4

Compare Source

Patch Changes

  • 0adaf80d1 Thanks @​trevor-scheer! - Address Content Security Policy issues

    The previous implementation of CSP nonces within the landing pages did not take full advantage of the security benefit of using them. Nonces should only be used once per request, whereas Apollo Server was generating one nonce and reusing it for the lifetime of the instance. The reuse of nonces degrades the security benefit of using them but does not pose a security risk on its own. The CSP provides a defense-in-depth measure against a potential XSS, so in the absence of a known XSS vulnerability there is likely no risk to the user.

    The mentioned fix also coincidentally addresses an issue with using crypto functions on startup within Cloudflare Workers. Crypto functions are now called during requests only, which resolves the error that Cloudflare Workers were facing. A recent change introduced a precomputedNonce configuration option to mitigate this issue, but it was an incorrect approach given the nature of CSP nonces. This configuration option is now deprecated and should not be used for any reason since it suffers from the previously mentioned issue of reusing nonces.

    Additionally, this change adds other applicable CSPs for the scripts, styles, images, manifest, and iframes that the landing pages load.

    A final consequence of this change is an extension of the renderLandingPage plugin hook. This hook can now return an object with an html property which returns a Promise<string> in addition to a string (which was the only option before).

v4.7.3

Compare Source

Patch Changes

  • #​7601 75b668d9e Thanks @​trevor-scheer! - Provide a new configuration option for landing page plugins precomputedNonce which allows users to provide a nonce and avoid calling into uuid functions on startup. This is useful for Cloudflare Workers where random number generation is not available on startup (only during requests). Unless you are using Cloudflare Workers, you can ignore this change.

    The example below assumes you've provided a PRECOMPUTED_NONCE variable in your wrangler.toml

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 2 times, most recently from fee1fb8 to d5ab8be Compare May 17, 2023 01:24
@renovate renovate bot changed the title Update Apollo GraphQL packages to v2.4.3 Update Apollo GraphQL packages to v2.4.5 May 17, 2023
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 2 times, most recently from 74e3400 to 0b63fea Compare May 19, 2023 04:59
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from 0b63fea to ea2edc9 Compare May 25, 2023 21:04
@renovate renovate bot changed the title Update Apollo GraphQL packages to v2.4.5 Update Apollo GraphQL packages to v2.4.6 May 25, 2023
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from ea2edc9 to d56e841 Compare May 26, 2023 03:41
@renovate renovate bot changed the title Update Apollo GraphQL packages to v2.4.6 Update Apollo GraphQL packages to v2.4.7 May 30, 2023
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from d56e841 to a3fa14b Compare May 30, 2023 23:09
@renovate renovate bot changed the title Update Apollo GraphQL packages to v2.4.7 Update Apollo GraphQL packages Jun 5, 2023
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 3 times, most recently from 694cf08 to db6d62c Compare June 10, 2023 03:18
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 4 times, most recently from 4156c57 to 47ef33d Compare June 17, 2023 03:25
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 4 times, most recently from 50b0234 to d70c72f Compare June 27, 2023 00:20
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 4 times, most recently from 51b73f0 to 310e261 Compare July 1, 2023 04:27
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 4 times, most recently from 654869c to d35a4a0 Compare July 14, 2023 03:46
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 5 times, most recently from d7da99d to 8d775ca Compare August 30, 2023 21:38
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from 8d775ca to 7660dea Compare August 31, 2023 19:03
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 3 times, most recently from 308da77 to 667960e Compare September 18, 2023 22:38
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 2 times, most recently from cdc4848 to fb73927 Compare October 4, 2023 19:02
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from fb73927 to c4f50a8 Compare October 13, 2023 22:44
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from c4f50a8 to 338afdf Compare October 26, 2023 22:47
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 2 times, most recently from 9d01e8e to 316f516 Compare November 17, 2023 01:05
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 3 times, most recently from 13f5efa to 5bb8645 Compare November 27, 2023 23:22
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from 5bb8645 to 2c73e25 Compare December 12, 2023 01:48
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from 2c73e25 to cf16f91 Compare January 2, 2024 20:08
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from cf16f91 to b5f7d68 Compare January 11, 2024 16:36
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch 3 times, most recently from 12afa72 to 55cb7e9 Compare January 24, 2024 18:51
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from 55cb7e9 to 2a5cdf3 Compare February 12, 2024 04:28
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from 2a5cdf3 to b81df94 Compare March 5, 2024 21:03
@renovate renovate bot force-pushed the renovate/apollo-graphql-packages branch from b81df94 to ebd35bd Compare March 16, 2024 02:45
@genkey6 genkey6 merged commit 3b48499 into main Mar 16, 2024
1 check passed
@genkey6 genkey6 deleted the renovate/apollo-graphql-packages branch March 16, 2024 02:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@genkey6