diff --git a/.changeset/empty-shirts-behave.md b/.changeset/empty-shirts-behave.md new file mode 100644 index 000000000..10e66770b --- /dev/null +++ b/.changeset/empty-shirts-behave.md @@ -0,0 +1,11 @@ +--- +"apollo-federation-integration-testsuite": minor +"@apollo/query-planner": minor +"@apollo/query-graphs": minor +"@apollo/composition": minor +"@apollo/federation-internals": minor +"@apollo/subgraph": minor +"@apollo/gateway": minor +--- + +Federation 2.12 and Connect 0.3 diff --git a/.changeset/five-suits-drum.md b/.changeset/five-suits-drum.md deleted file mode 100644 index d93199b75..000000000 --- a/.changeset/five-suits-drum.md +++ /dev/null @@ -1,10 +0,0 @@ ---- -"@apollo/query-planner": patch -"@apollo/query-graphs": patch -"@apollo/federation-internals": patch -"@apollo/gateway": patch ---- - -Corrects a set of denial-of-service (DOS) vulnerabilities that made it possible for an attacker to render gateway inoperable with certain simple query patterns due to uncontrolled resource consumption. All prior-released versions and configurations are vulnerable. - -See the associated GitHub Advisories [GHSA-q2f9-x4p4-7xmh](https://github.com/apollographql/federation/security/advisories/GHSA-q2f9-x4p4-7xmh) and [GHSA-p2q6-pwh5-m6jr](https://github.com/apollographql/federation/security/advisories/GHSA-p2q6-pwh5-m6jr) for more information. diff --git a/.changeset/four-panthers-itch.md b/.changeset/four-panthers-itch.md new file mode 100644 index 000000000..7a88d78c7 --- /dev/null +++ b/.changeset/four-panthers-itch.md @@ -0,0 +1,6 @@ +--- +"@apollo/composition": patch +"@apollo/federation-internals": patch +--- + +Adding new CompositionOption `maxValidationSubgraphPaths`. This value represents the maximum number of SubgraphPathInfo objects that may exist in a ValidationTraversal when checking for satisfiability. Setting this value can help composition error before running out of memory. Default is 1,000,000. diff --git a/.changeset/pre.json b/.changeset/pre.json index ff5bfef03..064771669 100644 --- a/.changeset/pre.json +++ b/.changeset/pre.json @@ -1,14 +1,14 @@ { - "mode": "exit", + "mode": "pre", "tag": "preview", "initialVersions": { - "@apollo/composition": "2.10.0", - "apollo-federation-integration-testsuite": "2.10.0", - "@apollo/gateway": "2.10.0", - "@apollo/federation-internals": "2.10.0", - "@apollo/query-graphs": "2.10.0", - "@apollo/query-planner": "2.10.0", - "@apollo/subgraph": "2.10.0" + "@apollo/composition": "2.11.0", + "apollo-federation-integration-testsuite": "2.11.0", + "@apollo/gateway": "2.11.0", + "@apollo/federation-internals": "2.11.0", + "@apollo/query-graphs": "2.11.0", + "@apollo/query-planner": "2.11.0", + "@apollo/subgraph": "2.11.0" }, "changesets": [ "afraid-queens-drive", diff --git a/composition-js/CHANGELOG.md b/composition-js/CHANGELOG.md index fcd5aa16f..bfda543f4 100644 --- a/composition-js/CHANGELOG.md +++ b/composition-js/CHANGELOG.md @@ -1,5 +1,19 @@ # CHANGELOG for `@apollo/composition` +## 2.11.0 + +### Minor Changes + +- Adds connect spec v0.2, available for use with Apollo Router 2.3.0 or greater. ([#3262](https://github.com/apollographql/federation/pull/3262)) + +### Patch Changes + +- Allow merging external types when using arrays as default arguments. ([#3262](https://github.com/apollographql/federation/pull/3262)) + +- Updated dependencies [[`1462c91879d41884c0a7e60551d8dd0d67c832d3`](https://github.com/apollographql/federation/commit/1462c91879d41884c0a7e60551d8dd0d67c832d3), [`9614b26e5a17cbf1f6aaf08f6fcb1c95eb12592d`](https://github.com/apollographql/federation/commit/9614b26e5a17cbf1f6aaf08f6fcb1c95eb12592d)]: + - @apollo/query-graphs@2.11.0 + - @apollo/federation-internals@2.11.0 + ## 2.11.0-preview.2 ### Patch Changes diff --git a/composition-js/package.json b/composition-js/package.json index aa1f084ef..1a13bca19 100644 --- a/composition-js/package.json +++ b/composition-js/package.json @@ -1,6 +1,6 @@ { "name": "@apollo/composition", - "version": "2.11.0-preview.2", + "version": "2.11.0", "description": "Apollo Federation composition utilities", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -27,10 +27,10 @@ "access": "public" }, "dependencies": { - "@apollo/federation-internals": "2.11.0-preview.2", - "@apollo/query-graphs": "2.11.0-preview.2" + "@apollo/federation-internals": "2.11.0", + "@apollo/query-graphs": "2.11.0" }, "peerDependencies": { "graphql": "^16.5.0" } -} +} \ No newline at end of file diff --git a/composition-js/src/__tests__/connectors.test.ts b/composition-js/src/__tests__/connectors.test.ts index 06a984e88..8274641e2 100644 --- a/composition-js/src/__tests__/connectors.test.ts +++ b/composition-js/src/__tests__/connectors.test.ts @@ -39,7 +39,7 @@ describe("connect spec and join__directive", () => { "schema @link(url: \\"https://specs.apollo.dev/link/v1.0\\") @link(url: \\"https://specs.apollo.dev/join/v0.5\\", for: EXECUTION) - @link(url: \\"https://specs.apollo.dev/connect/v0.2\\", for: EXECUTION) + @link(url: \\"https://specs.apollo.dev/connect/v0.3\\", for: EXECUTION) @join__directive(graphs: [WITH_CONNECTORS], name: \\"link\\", args: {url: \\"https://specs.apollo.dev/connect/v0.1\\", import: [\\"@connect\\", \\"@source\\"]}) @join__directive(graphs: [WITH_CONNECTORS], name: \\"source\\", args: {name: \\"v1\\", http: {baseURL: \\"http://v1\\"}}) { @@ -157,7 +157,7 @@ describe("connect spec and join__directive", () => { "schema @link(url: \\"https://specs.apollo.dev/link/v1.0\\") @link(url: \\"https://specs.apollo.dev/join/v0.5\\", for: EXECUTION) - @link(url: \\"https://specs.apollo.dev/connect/v0.2\\", for: EXECUTION) + @link(url: \\"https://specs.apollo.dev/connect/v0.3\\", for: EXECUTION) @join__directive(graphs: [WITH_CONNECTORS], name: \\"link\\", args: {url: \\"https://specs.apollo.dev/connect/v0.1\\", import: [\\"@source\\"]}) @join__directive(graphs: [WITH_CONNECTORS], name: \\"source\\", args: {name: \\"v1\\", http: {baseURL: \\"http://v1\\"}}) { @@ -276,7 +276,7 @@ describe("connect spec and join__directive", () => { "schema @link(url: \\"https://specs.apollo.dev/link/v1.0\\") @link(url: \\"https://specs.apollo.dev/join/v0.5\\", for: EXECUTION) - @link(url: \\"https://specs.apollo.dev/connect/v0.2\\", for: EXECUTION) + @link(url: \\"https://specs.apollo.dev/connect/v0.3\\", for: EXECUTION) @join__directive(graphs: [WITH_CONNECTORS], name: \\"link\\", args: {url: \\"https://specs.apollo.dev/connect/v0.1\\", as: \\"http\\", import: [\\"@source\\"]}) @join__directive(graphs: [WITH_CONNECTORS], name: \\"source\\", args: {name: \\"v1\\", http: {baseURL: \\"http://v1\\"}}) { @@ -438,7 +438,7 @@ describe("connect spec and join__directive", () => { "schema @link(url: \\"https://specs.apollo.dev/link/v1.0\\") @link(url: \\"https://specs.apollo.dev/join/v0.5\\", for: EXECUTION) - @link(url: \\"https://specs.apollo.dev/connect/v0.2\\", for: EXECUTION) + @link(url: \\"https://specs.apollo.dev/connect/v0.3\\", for: EXECUTION) @join__directive(graphs: [WITH_CONNECTORS_V0_1_], name: \\"link\\", args: {url: \\"https://specs.apollo.dev/connect/v0.1\\", import: [\\"@connect\\", \\"@source\\"]}) @join__directive(graphs: [WITH_CONNECTORS_V0_2_], name: \\"link\\", args: {url: \\"https://specs.apollo.dev/connect/v0.2\\", import: [\\"@connect\\", \\"@source\\"]}) @join__directive(graphs: [WITH_CONNECTORS_V0_1_], name: \\"source\\", args: {name: \\"v1\\", http: {baseURL: \\"http://v1\\"}}) @@ -539,6 +539,187 @@ describe("connect spec and join__directive", () => { } }); + it("composes v0.3", () => { + const subgraphs = [ + { + name: "with-connectors-v0_3", + typeDefs: parse(` + extend schema + @link( + url: "https://specs.apollo.dev/federation/v2.12" + import: ["@key"] + ) + @link( + url: "https://specs.apollo.dev/connect/v0.3" + import: ["@connect", "@source"] + ) + @source( + name: "v1" + http: { + baseURL: "http://v1" + path: "" + queryParams: "" + } + errors: { message: "" extensions: "" } + ) + + type Query { + resources: [Resource!]! + @connect(source: "v1", http: { GET: "/resources" }, selection: "") + } + + type Resource @key(fields: "id") + @connect( + source: "v1" + http: { + GET: "/resources" + path: "" + queryParams: "" + } + batch: { maxSize: 5 } + errors: { message: "" extensions: "" } + selection: "" + ) { + id: ID! + name: String! + } + `), + }, + { + name: "with-connectors-v0_1", + typeDefs: parse(` + extend schema + @link( + url: "https://specs.apollo.dev/federation/v2.10" + import: ["@key"] + ) + @link( + url: "https://specs.apollo.dev/connect/v0.1" + import: ["@connect", "@source"] + ) + @source(name: "v1", http: { baseURL: "http://v1" }) + + type Query { + widgets: [Widget!]! + @connect(source: "v1", http: { GET: "/widgets" }, selection: "") + } + + type Widget @key(fields: "id") { + id: ID! + name: String! + } + `), + }, + ]; + + const result = composeServices(subgraphs); + expect(result.errors ?? []).toEqual([]); + const printed = printSchema(result.schema!); + expect(printed).toMatchInlineSnapshot(` + "schema + @link(url: \\"https://specs.apollo.dev/link/v1.0\\") + @link(url: \\"https://specs.apollo.dev/join/v0.5\\", for: EXECUTION) + @link(url: \\"https://specs.apollo.dev/connect/v0.3\\", for: EXECUTION) + @join__directive(graphs: [WITH_CONNECTORS_V0_1_], name: \\"link\\", args: {url: \\"https://specs.apollo.dev/connect/v0.1\\", import: [\\"@connect\\", \\"@source\\"]}) + @join__directive(graphs: [WITH_CONNECTORS_V0_3_], name: \\"link\\", args: {url: \\"https://specs.apollo.dev/connect/v0.3\\", import: [\\"@connect\\", \\"@source\\"]}) + @join__directive(graphs: [WITH_CONNECTORS_V0_1_], name: \\"source\\", args: {name: \\"v1\\", http: {baseURL: \\"http://v1\\"}}) + @join__directive(graphs: [WITH_CONNECTORS_V0_3_], name: \\"source\\", args: {name: \\"v1\\", http: {baseURL: \\"http://v1\\", path: \\"\\", queryParams: \\"\\"}, errors: {message: \\"\\", extensions: \\"\\"}}) + { + query: Query + } + + directive @link(url: String, as: String, for: link__Purpose, import: [link__Import]) repeatable on SCHEMA + + directive @join__graph(name: String!, url: String!) on ENUM_VALUE + + directive @join__type(graph: join__Graph!, key: join__FieldSet, extension: Boolean! = false, resolvable: Boolean! = true, isInterfaceObject: Boolean! = false) repeatable on OBJECT | INTERFACE | UNION | ENUM | INPUT_OBJECT | SCALAR + + directive @join__field(graph: join__Graph, requires: join__FieldSet, provides: join__FieldSet, type: String, external: Boolean, override: String, usedOverridden: Boolean, overrideLabel: String, contextArguments: [join__ContextArgument!]) repeatable on FIELD_DEFINITION | INPUT_FIELD_DEFINITION + + directive @join__implements(graph: join__Graph!, interface: String!) repeatable on OBJECT | INTERFACE + + directive @join__unionMember(graph: join__Graph!, member: String!) repeatable on UNION + + directive @join__enumValue(graph: join__Graph!) repeatable on ENUM_VALUE + + directive @join__directive(graphs: [join__Graph!], name: String!, args: join__DirectiveArguments) repeatable on SCHEMA | OBJECT | INTERFACE | FIELD_DEFINITION + + enum link__Purpose { + \\"\\"\\" + \`SECURITY\` features provide metadata necessary to securely resolve fields. + \\"\\"\\" + SECURITY + + \\"\\"\\" + \`EXECUTION\` features provide metadata necessary for operation execution. + \\"\\"\\" + EXECUTION + } + + scalar link__Import + + enum join__Graph { + WITH_CONNECTORS_V0_1_ @join__graph(name: \\"with-connectors-v0_1\\", url: \\"\\") + WITH_CONNECTORS_V0_3_ @join__graph(name: \\"with-connectors-v0_3\\", url: \\"\\") + } + + scalar join__FieldSet + + scalar join__DirectiveArguments + + scalar join__FieldValue + + input join__ContextArgument { + name: String! + type: String! + context: String! + selection: join__FieldValue! + } + + type Query + @join__type(graph: WITH_CONNECTORS_V0_1_) + @join__type(graph: WITH_CONNECTORS_V0_3_) + { + widgets: [Widget!]! @join__field(graph: WITH_CONNECTORS_V0_1_) @join__directive(graphs: [WITH_CONNECTORS_V0_1_], name: \\"connect\\", args: {source: \\"v1\\", http: {GET: \\"/widgets\\"}, selection: \\"\\"}) + resources: [Resource!]! @join__field(graph: WITH_CONNECTORS_V0_3_) @join__directive(graphs: [WITH_CONNECTORS_V0_3_], name: \\"connect\\", args: {source: \\"v1\\", http: {GET: \\"/resources\\"}, selection: \\"\\"}) + } + + type Widget + @join__type(graph: WITH_CONNECTORS_V0_1_, key: \\"id\\") + { + id: ID! + name: String! + } + + type Resource + @join__type(graph: WITH_CONNECTORS_V0_3_, key: \\"id\\") + @join__directive(graphs: [WITH_CONNECTORS_V0_3_], name: \\"connect\\", args: {source: \\"v1\\", http: {GET: \\"/resources\\", path: \\"\\", queryParams: \\"\\"}, batch: {maxSize: 5}, errors: {message: \\"\\", extensions: \\"\\"}, selection: \\"\\"}) + { + id: ID! + name: String! + }" + `); + + if (result.schema) { + expect(printSchema(result.schema.toAPISchema())).toMatchInlineSnapshot(` + "type Query { + widgets: [Widget!]! + resources: [Resource!]! + } + + type Widget { + id: ID! + name: String! + } + + type Resource { + id: ID! + name: String! + }" + `); + } + }); + it("composes with renames", () => { const subgraphs = [ { @@ -579,7 +760,7 @@ describe("connect spec and join__directive", () => { "schema @link(url: \\"https://specs.apollo.dev/link/v1.0\\") @link(url: \\"https://specs.apollo.dev/join/v0.5\\", for: EXECUTION) - @link(url: \\"https://specs.apollo.dev/connect/v0.2\\", for: EXECUTION) + @link(url: \\"https://specs.apollo.dev/connect/v0.3\\", for: EXECUTION) @join__directive(graphs: [WITH_CONNECTORS], name: \\"link\\", args: {url: \\"https://specs.apollo.dev/connect/v0.1\\", as: \\"http\\", import: [{name: \\"@connect\\", as: \\"@http\\"}, {name: \\"@source\\", as: \\"@api\\"}]}) @join__directive(graphs: [WITH_CONNECTORS], name: \\"api\\", args: {name: \\"v1\\", http: {baseURL: \\"http://v1\\"}}) { diff --git a/composition-js/src/__tests__/validation_errors.test.ts b/composition-js/src/__tests__/validation_errors.test.ts index 43e78dcc2..1a69b413e 100644 --- a/composition-js/src/__tests__/validation_errors.test.ts +++ b/composition-js/src/__tests__/validation_errors.test.ts @@ -412,3 +412,80 @@ describe('when shared field has non-intersecting runtime types in different subg ]); }); }); + +describe('other validation errors', () => { + + it('errors when maxValidationSubgraphPaths is exceeded', () => { + const subgraphA = { + name: 'A', + typeDefs: gql` + type Query { + a: A + } + + type A @key(fields: "id") { + id: ID! + b: B + c: C + d: D + } + + type B @key(fields: "id") { + id: ID! + a: A @shareable + b: Int @shareable + c: C @shareable + d: D @shareable + } + + type C @key(fields: "id") { + id: ID! + a: A @shareable + b: B @shareable + c: Int @shareable + d: D @shareable + } + + type D @key(fields: "id") { + id: ID! + a: A @shareable + b: B @shareable + c: C @shareable + d: Int @shareable + } + ` + }; + const subgraphB = { + name: 'B', + typeDefs: gql` + type B @key(fields: "id") { + id: ID! + b: Int @shareable + c: C @shareable + d: D @shareable + } + + type C @key(fields: "id") { + id: ID! + b: B @shareable + c: Int @shareable + d: D @shareable + } + + type D @key(fields: "id") { + id: ID! + b: B @shareable + c: C @shareable + d: Int @shareable + } + ` + }; + const result = composeAsFed2Subgraphs([subgraphA, subgraphB], { maxValidationSubgraphPaths: 10 }); + expect(result.errors).toBeDefined(); + expect(errorMessages(result)).toMatchStringArray([ + ` + Maximum number of validation subgraph paths exceeded: 12 + ` + ]); + }); +}); diff --git a/composition-js/src/compose.ts b/composition-js/src/compose.ts index 3ec5711fc..4216474ad 100644 --- a/composition-js/src/compose.ts +++ b/composition-js/src/compose.ts @@ -39,6 +39,8 @@ export interface CompositionOptions { allowedFieldTypeMergingSubtypingRules?: SubtypingRule[]; /// Flag to toggle if satisfiability should be performed during composition runSatisfiability?: boolean; + /// Maximum allowable number of outstanding subgraph paths to validate + maxValidationSubgraphPaths?: number; } function validateCompositionOptions(options: CompositionOptions) { @@ -55,7 +57,7 @@ function validateCompositionOptions(options: CompositionOptions) { * @param options CompositionOptions */ export function compose(subgraphs: Subgraphs, options: CompositionOptions = {}): CompositionResult { - const { runSatisfiability = true, sdlPrintOptions } = options; + const { runSatisfiability = true, sdlPrintOptions, maxValidationSubgraphPaths } = options; validateCompositionOptions(options); @@ -67,8 +69,8 @@ export function compose(subgraphs: Subgraphs, options: CompositionOptions = {}): let satisfiabilityResult; if (runSatisfiability) { satisfiabilityResult = validateSatisfiability({ - supergraphSchema: mergeResult.supergraph - }); + supergraphSchema: mergeResult.supergraph, + }, { maxValidationSubgraphPaths }); if (satisfiabilityResult.errors) { return { errors: satisfiabilityResult.errors }; } @@ -123,7 +125,7 @@ type SatisfiabilityArgs = { * @param args: SatisfiabilityArgs * @returns { errors? : GraphQLError[], hints? : CompositionHint[] } */ -export function validateSatisfiability({ supergraphSchema, supergraphSdl} : SatisfiabilityArgs) : { +export function validateSatisfiability({ supergraphSchema, supergraphSdl} : SatisfiabilityArgs, options: CompositionOptions = {}) : { errors? : GraphQLError[], hints? : CompositionHint[], } { @@ -133,7 +135,7 @@ export function validateSatisfiability({ supergraphSchema, supergraphSdl} : Sati const supergraph = supergraphSchema ? new Supergraph(supergraphSchema, null) : Supergraph.build(supergraphSdl, { supportedFeatures: null }); const supergraphQueryGraph = buildSupergraphAPIQueryGraph(supergraph); const federatedQueryGraph = buildFederatedQueryGraph(supergraph, false); - return validateGraphComposition(supergraph.schema, supergraph.subgraphNameToGraphEnumValue(), supergraphQueryGraph, federatedQueryGraph); + return validateGraphComposition(supergraph.schema, supergraph.subgraphNameToGraphEnumValue(), supergraphQueryGraph, federatedQueryGraph, options); } type ValidateSubgraphsAndMergeResult = MergeResult | { errors: GraphQLError[] }; diff --git a/composition-js/src/validate.ts b/composition-js/src/validate.ts index 1cb477e5a..a813647ef 100644 --- a/composition-js/src/validate.ts +++ b/composition-js/src/validate.ts @@ -62,6 +62,7 @@ import { } from "@apollo/query-graphs"; import { CompositionHint, HINTS } from "./hints"; import { ASTNode, GraphQLError, print } from "graphql"; +import { CompositionOptions } from './compose'; const debug = newDebugLogger('validation'); @@ -310,6 +311,7 @@ export function validateGraphComposition( subgraphNameToGraphEnumValue: Map, supergraphAPI: QueryGraph, federatedQueryGraph: QueryGraph, + compositionOptions: CompositionOptions = {}, ): { errors? : GraphQLError[], hints? : CompositionHint[], @@ -319,6 +321,7 @@ export function validateGraphComposition( subgraphNameToGraphEnumValue, supergraphAPI, federatedQueryGraph, + compositionOptions, ).validate(); return errors.length > 0 ? { errors, hints } : { hints }; } @@ -695,19 +698,26 @@ class ValidationTraversal { private readonly validationHints: CompositionHint[] = []; private readonly context: ValidationContext; - + private totalValidationSubgraphPaths = 0; + private maxValidationSubgraphPaths: number; + + private static DEFAULT_MAX_VALIDATION_SUBGRAPH_PATHS = 1000000; + constructor( supergraphSchema: Schema, subgraphNameToGraphEnumValue: Map, supergraphAPI: QueryGraph, federatedQueryGraph: QueryGraph, + compositionOptions: CompositionOptions, ) { + this.maxValidationSubgraphPaths = compositionOptions.maxValidationSubgraphPaths ?? ValidationTraversal.DEFAULT_MAX_VALIDATION_SUBGRAPH_PATHS; + this.conditionResolver = simpleValidationConditionResolver({ supergraph: supergraphSchema, queryGraph: federatedQueryGraph, withCaching: true, }); - supergraphAPI.rootKinds().forEach((kind) => this.stack.push(ValidationState.initial({ + supergraphAPI.rootKinds().forEach((kind) => this.pushStack(ValidationState.initial({ supergraphAPI, kind, federatedQueryGraph, @@ -720,18 +730,38 @@ class ValidationTraversal { subgraphNameToGraphEnumValue, ); } + + pushStack(state: ValidationState): { error?: GraphQLError } { + this.totalValidationSubgraphPaths += state.subgraphPathInfos.length; + this.stack.push(state); + if (this.totalValidationSubgraphPaths > this.maxValidationSubgraphPaths) { + return { error: ERRORS.MAX_VALIDATION_SUBGRAPH_PATHS_EXCEEDED.err(`Maximum number of validation subgraph paths exceeded: ${this.totalValidationSubgraphPaths}`) }; + } + return {}; + } + + popStack() { + const state = this.stack.pop(); + if (state) { + this.totalValidationSubgraphPaths -= state.subgraphPathInfos.length; + } + return state; + } validate(): { errors: GraphQLError[], hints: CompositionHint[], } { while (this.stack.length > 0) { - this.handleState(this.stack.pop()!); + const { error } = this.handleState(this.popStack()!); + if (error) { + return { errors: [error], hints: this.validationHints }; + } } return { errors: this.validationErrors, hints: this.validationHints }; } - private handleState(state: ValidationState) { + private handleState(state: ValidationState): { error?: GraphQLError } { debug.group(() => `Validation: ${this.stack.length + 1} open states. Validating ${state}`); const vertex = state.supergraphPath.tail; @@ -748,7 +778,7 @@ class ValidationTraversal { // type, and have strictly more options regarding subgraphs. So whatever comes next, we can handle in the exact // same way we did previously, and there is thus no way to bother. debug.groupEnd(`Has already validated this vertex.`); - return; + return {}; } } // We're gonna have to validate, but we can save the new set of sources here to hopefully save work later. @@ -799,12 +829,16 @@ class ValidationTraversal { // state to the stack this method, `handleState`, will do nothing later. But it's // worth checking it now and save some memory/cycles. if (newState && !newState.supergraphPath.isTerminal()) { - this.stack.push(newState); + const { error } = this.pushStack(newState); + if (error) { + return { error }; + } debug.groupEnd(() => `Reached new state ${newState}`); } else { debug.groupEnd(`Reached terminal vertex/cycle`); } } debug.groupEnd(); + return {}; } } diff --git a/docs/source/schema-design/federated-schemas/entities/contribute-fields.mdx b/docs/source/schema-design/federated-schemas/entities/contribute-fields.mdx index 6ad80bbdd..4597c7b85 100644 --- a/docs/source/schema-design/federated-schemas/entities/contribute-fields.mdx +++ b/docs/source/schema-design/federated-schemas/entities/contribute-fields.mdx @@ -104,11 +104,9 @@ type Product @key(fields: "id") { In this modification of the previous example, `size` and `weight` are now subfields of a `ProductDimensions` object. The Products and Shipping subgraphs must both define the `ProductDimensions` type for this to be valid. - - ### Using `@requires` with fields that take arguments - + Starting in Federation v2.1.2, the `@requires` directive can include fields that take arguments, like so: diff --git a/docs/source/schema-design/federated-schemas/entities/interfaces.mdx b/docs/source/schema-design/federated-schemas/entities/interfaces.mdx index 9700685bd..d9d4fcbee 100644 --- a/docs/source/schema-design/federated-schemas/entities/interfaces.mdx +++ b/docs/source/schema-design/federated-schemas/entities/interfaces.mdx @@ -2,7 +2,7 @@ title: Entity Interfaces subtitle: Add entity fields polymorphically description: Discover how to efficiently add polymorphic fields to GraphQL interfaces using Apollo Federation's Entity Interfaces and the @interfaceObject directive. -minVersion: 2.3 +minVersion: Federation v2.3 --- Apollo Federation provides powerful extensions to GraphQL interfaces, specifically for use with your supergraph's [entities](/graphos/get-started/guides/federate-schemas#entity-overview): diff --git a/docs/source/schema-design/federated-schemas/entities/migrate-fields.mdx b/docs/source/schema-design/federated-schemas/entities/migrate-fields.mdx index 781521084..7b2343ab3 100644 --- a/docs/source/schema-design/federated-schemas/entities/migrate-fields.mdx +++ b/docs/source/schema-design/federated-schemas/entities/migrate-fields.mdx @@ -156,11 +156,9 @@ type Bill @key(fields: "id") { After you deploy the Billing subgraph and publish this final schema change, you've migrated `Bill.amount` to the Billing subgraph with zero downtime. - - ## Incremental migration with progressive `@override` - + diff --git a/docs/source/schema-design/federated-schemas/entities/use-contexts.mdx b/docs/source/schema-design/federated-schemas/entities/use-contexts.mdx index 9cd8407dc..6c5a464c2 100644 --- a/docs/source/schema-design/federated-schemas/entities/use-contexts.mdx +++ b/docs/source/schema-design/federated-schemas/entities/use-contexts.mdx @@ -2,7 +2,7 @@ title: Use contexts to share data subtitle: Share data along type hierarchies without overloading @keys description: Use the @context and @fromContext directives to enable a subgraph to share fields. These directives define contexts that enable data sharing along type hierarchies. -minVersion: 2.8 +minVersion: Federation v2.8 --- diff --git a/docs/source/schema-design/federated-schemas/reference/directives.mdx b/docs/source/schema-design/federated-schemas/reference/directives.mdx index ea4cd21ba..0e7c537ae 100644 --- a/docs/source/schema-design/federated-schemas/reference/directives.mdx +++ b/docs/source/schema-design/federated-schemas/reference/directives.mdx @@ -76,11 +76,9 @@ As shown, custom namespace prefixes also end in two underscores. ## Managing schemas - - ### The `@link` directive - + ```graphql directive @link( @@ -99,11 +97,9 @@ For more information on `@link`, see the [official spec](https://specs.apollo.de ## Managing types - - ### `@key` - + ```graphql directive @key(fields: FieldSet!, resolvable: Boolean = true) repeatable on OBJECT | INTERFACE @@ -202,11 +198,9 @@ The default value is `true`. - - ### `@interfaceObject` - + ```graphql directive @interfaceObject on OBJECT @@ -218,11 +212,9 @@ During composition, the fields of every `@interfaceObject` are added both to the [Learn more about entity interfaces.](/graphos/schema-design/federated-schemas/entities/interfaces/) - - ### `@extends` - + ```graphql directive @extends on OBJECT | INTERFACE @@ -248,11 +240,9 @@ In Federation 1, every subgraph must extend the `Query` and `Mutation` types (if ## Managing shared fields - - ### `@shareable` - + ```graphql directive @shareable repeatable on FIELD_DEFINITION | OBJECT @@ -296,11 +286,9 @@ See also [Value types in Apollo Federation](/graphos/schema-design/federated-sch The `@shareable` directive is about indicating when an object field can be resolved by multiple subgraphs. As interface fields are not directly resolved (their implementation is), `@shareable` is not meaningful on an interface field and is not allowed (at least since federation 2.2; earlier versions of federation 2 mistakenly ignored `@shareable` on interface fields). - - ### `@inaccessible` - + ```graphql directive @inaccessible on FIELD_DEFINITION | INTERFACE | OBJECT | UNION | ARGUMENT_DEFINITION | SCALAR | ENUM | ENUM_VALUE | INPUT_OBJECT | INPUT_FIELD_DEFINITION @@ -349,11 +337,9 @@ If a type is marked `@inaccessible`, all fields that return that type must also For more information, see [Using `@inaccessible`](/graphos/schema-design/federated-schemas/sharing-types/#using-inaccessible). - - ### `@override` - + ```graphql directive @override(from: String!) on FIELD_DEFINITION @@ -389,11 +375,9 @@ Only one subgraph can `@override` any given field. If multiple subgraphs attempt For more information, see [Migrating entity and root fields](/graphos/schema-design/federated-schemas/entities/migrate-fields). - - #### Progressive `@override` - + @@ -459,11 +443,9 @@ This argument is available in Apollo Federation 2.7 and later. It is an [Enterpr ## Controlling access - - ### `@authenticated` - + @@ -479,11 +461,9 @@ directive @authenticated on Indicates to composition that the target element is accessible only to the authenticated supergraph users. For more granular access control, see the [`@requiresScopes`](#requiresScopes) directive below. Refer to the [router article](/graphos/routing/security/authorization#authenticated) for additional details. - - ### `@requiresScopes` - + @@ -528,11 +508,9 @@ Indicates to composition that the target element is accessible only to the authe - - ### `@policy` - + @@ -579,11 +557,9 @@ Indicates to composition that the target element is restricted based on authoriz ## Referencing external fields - - ### `@external` - + ```graphql directive @external on FIELD_DEFINITION | OBJECT @@ -617,11 +593,9 @@ type Position @external { } ``` - - ### `@provides` - + ```graphql directive @provides(fields: FieldSet!) on FIELD_DEFINITION @@ -698,11 +672,9 @@ Examples: - - ### `@requires` - + ```graphql directive @requires(fields: FieldSet!) on FIELD_DEFINITION @@ -767,11 +739,9 @@ Examples: ## Applying metadata - - ### `@tag` - + ```graphql directive @tag(name: String!) repeatable on FIELD_DEFINITION | INTERFACE | OBJECT | UNION | ARGUMENT_DEFINITION | SCALAR | ENUM | ENUM_VALUE | INPUT_OBJECT | INPUT_FIELD_DEFINITION | SCHEMA @@ -845,11 +815,9 @@ type Employee implements User @tag(name: "team-admin") { ## Managing custom directives - - ### `@composeDirective` - + ```graphql directive @composeDirective(name: String!) repeatable on SCHEMA @@ -923,11 +891,9 @@ If different subgraphs use different versions of a directive's corresponding spe ## Saving and referencing data with contexts - - ### `@context` - + @@ -958,11 +924,9 @@ type U @key(fields: "id") { } ``` - - ### `@fromContext` - + @@ -990,11 +954,9 @@ For examples using `@context` and `@fromContext`, see [Using contexts to share d ## Customizing demand controls - - ### `@cost` - + @@ -1039,11 +1001,9 @@ Regardless of whether `@cost` is specified on a field, the field cost for that f - - ### `@listSize` - + @@ -1199,11 +1159,9 @@ The default value is `true`. - - ## Connectors - + diff --git a/docs/source/schema-design/federated-schemas/reference/moving-to-federation-2.mdx b/docs/source/schema-design/federated-schemas/reference/moving-to-federation-2.mdx index be1e2ad5f..2fd0a5db9 100644 --- a/docs/source/schema-design/federated-schemas/reference/moving-to-federation-2.mdx +++ b/docs/source/schema-design/federated-schemas/reference/moving-to-federation-2.mdx @@ -154,7 +154,7 @@ Your Federation 1 subgraphs are now composed using Federation 2 composition. The -If your supergraph is not successfully composing with Federation 2, see [Breaking changes](/graphos/reference/migration/backward-compatibility#breaking-changes) for the most common causes. +If your supergraph is not successfully composing with Federation 2, see [Breaking changes](/graphos/schema-design/federated-schemas/reference/backward-compatibility) for the most common causes. diff --git a/federation-integration-testsuite-js/CHANGELOG.md b/federation-integration-testsuite-js/CHANGELOG.md index c934fca4d..930127292 100644 --- a/federation-integration-testsuite-js/CHANGELOG.md +++ b/federation-integration-testsuite-js/CHANGELOG.md @@ -1,5 +1,11 @@ # CHANGELOG for `federation-integration-testsuite-js` +## 2.11.0 + +### Minor Changes + +- Adds connect spec v0.2, available for use with Apollo Router 2.3.0 or greater. ([#3262](https://github.com/apollographql/federation/pull/3262)) + ## 2.11.0-preview.2 ### Patch Changes diff --git a/federation-integration-testsuite-js/package.json b/federation-integration-testsuite-js/package.json index 67926d433..283077f32 100644 --- a/federation-integration-testsuite-js/package.json +++ b/federation-integration-testsuite-js/package.json @@ -1,7 +1,7 @@ { "name": "apollo-federation-integration-testsuite", "private": true, - "version": "2.11.0-preview.2", + "version": "2.11.0", "description": "Apollo Federation Integrations / Test Fixtures", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -21,4 +21,4 @@ "graphql-tag": "^2.12.6", "pretty-format": "^29.0.0" } -} +} \ No newline at end of file diff --git a/gateway-js/CHANGELOG.md b/gateway-js/CHANGELOG.md index e0281f230..96052f6f7 100644 --- a/gateway-js/CHANGELOG.md +++ b/gateway-js/CHANGELOG.md @@ -1,5 +1,22 @@ # CHANGELOG for `@apollo/gateway` +## 2.11.0 + +### Minor Changes + +- Adds connect spec v0.2, available for use with Apollo Router 2.3.0 or greater. ([#3262](https://github.com/apollographql/federation/pull/3262)) + +### Patch Changes + +- Corrects a set of denial-of-service (DOS) vulnerabilities that made it possible for an attacker to render gateway inoperable with certain simple query patterns due to uncontrolled resource consumption. All prior-released versions and configurations are vulnerable. ([#3238](https://github.com/apollographql/federation/pull/3238)) + + See the associated GitHub Advisories [GHSA-q2f9-x4p4-7xmh](https://github.com/apollographql/federation/security/advisories/GHSA-q2f9-x4p4-7xmh) and [GHSA-p2q6-pwh5-m6jr](https://github.com/apollographql/federation/security/advisories/GHSA-p2q6-pwh5-m6jr) for more information. + +- Updated dependencies [[`1462c91879d41884c0a7e60551d8dd0d67c832d3`](https://github.com/apollographql/federation/commit/1462c91879d41884c0a7e60551d8dd0d67c832d3), [`9614b26e5a17cbf1f6aaf08f6fcb1c95eb12592d`](https://github.com/apollographql/federation/commit/9614b26e5a17cbf1f6aaf08f6fcb1c95eb12592d), [`9614b26e5a17cbf1f6aaf08f6fcb1c95eb12592d`](https://github.com/apollographql/federation/commit/9614b26e5a17cbf1f6aaf08f6fcb1c95eb12592d)]: + - @apollo/query-planner@2.11.0 + - @apollo/federation-internals@2.11.0 + - @apollo/composition@2.11.0 + ## 2.11.0-preview.2 ### Patch Changes diff --git a/gateway-js/package.json b/gateway-js/package.json index fc7f8e9ee..ffad57471 100644 --- a/gateway-js/package.json +++ b/gateway-js/package.json @@ -1,6 +1,6 @@ { "name": "@apollo/gateway", - "version": "2.11.0-preview.2", + "version": "2.11.0", "description": "Apollo Gateway", "author": "Apollo ", "main": "dist/index.js", @@ -25,9 +25,9 @@ "access": "public" }, "dependencies": { - "@apollo/composition": "2.11.0-preview.2", - "@apollo/federation-internals": "2.11.0-preview.2", - "@apollo/query-planner": "2.11.0-preview.2", + "@apollo/composition": "2.11.0", + "@apollo/federation-internals": "2.11.0", + "@apollo/query-planner": "2.11.0", "@apollo/server-gateway-interface": "^1.1.0", "@apollo/usage-reporting-protobuf": "^4.1.0", "@apollo/utils.createhash": "^2.0.0", @@ -47,4 +47,4 @@ "peerDependencies": { "graphql": "^16.5.0" } -} +} \ No newline at end of file diff --git a/internals-js/CHANGELOG.md b/internals-js/CHANGELOG.md index 1ce8f77bf..7db1437f3 100644 --- a/internals-js/CHANGELOG.md +++ b/internals-js/CHANGELOG.md @@ -1,5 +1,17 @@ # CHANGELOG for `@apollo/federation-internals` +## 2.11.0 + +### Minor Changes + +- Adds connect spec v0.2, available for use with Apollo Router 2.3.0 or greater. ([#3262](https://github.com/apollographql/federation/pull/3262)) + +### Patch Changes + +- Corrects a set of denial-of-service (DOS) vulnerabilities that made it possible for an attacker to render gateway inoperable with certain simple query patterns due to uncontrolled resource consumption. All prior-released versions and configurations are vulnerable. ([#3238](https://github.com/apollographql/federation/pull/3238)) + + See the associated GitHub Advisories [GHSA-q2f9-x4p4-7xmh](https://github.com/apollographql/federation/security/advisories/GHSA-q2f9-x4p4-7xmh) and [GHSA-p2q6-pwh5-m6jr](https://github.com/apollographql/federation/security/advisories/GHSA-p2q6-pwh5-m6jr) for more information. + ## 2.11.0-preview.2 ### Patch Changes diff --git a/internals-js/package.json b/internals-js/package.json index 2a928c143..e3727b582 100644 --- a/internals-js/package.json +++ b/internals-js/package.json @@ -1,6 +1,6 @@ { "name": "@apollo/federation-internals", - "version": "2.11.0-preview.2", + "version": "2.11.0", "description": "Apollo Federation internal utilities", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -34,4 +34,4 @@ "peerDependencies": { "graphql": "^16.5.0" } -} +} \ No newline at end of file diff --git a/internals-js/src/error.ts b/internals-js/src/error.ts index f658b2acc..3f96dccbc 100644 --- a/internals-js/src/error.ts +++ b/internals-js/src/error.ts @@ -627,6 +627,12 @@ const LIST_SIZE_INVALID_SIZED_FIELD = makeCodeDefinition( { addedIn: '2.9.2' }, ); +const MAX_VALIDATION_SUBGRAPH_PATHS_EXCEEDED = makeCodeDefinition( + 'MAX_VALIDATION_SUBGRAPH_PATHS_EXCEEDED', + 'The maximum number of validation subgraph paths has been exceeded.', + { addedIn: '2.8.0' }, +); + export const ERROR_CATEGORIES = { DIRECTIVE_FIELDS_MISSING_EXTERNAL, DIRECTIVE_UNSUPPORTED_ON_INTERFACE, @@ -727,6 +733,7 @@ export const ERRORS = { LIST_SIZE_INVALID_ASSUMED_SIZE, LIST_SIZE_INVALID_SIZED_FIELD, LIST_SIZE_INVALID_SLICING_ARGUMENT, + MAX_VALIDATION_SUBGRAPH_PATHS_EXCEEDED, }; const codeDefByCode = Object.values(ERRORS).reduce((obj: {[code: string]: ErrorCodeDefinition}, codeDef: ErrorCodeDefinition) => { obj[codeDef.code] = codeDef; return obj; }, {}); diff --git a/internals-js/src/federation.ts b/internals-js/src/federation.ts index 835168e5c..5bf83bef5 100644 --- a/internals-js/src/federation.ts +++ b/internals-js/src/federation.ts @@ -1954,9 +1954,9 @@ export function setSchemaAsFed2Subgraph(schema: Schema, useLatest: boolean = fal // This is the full @link declaration as added by `asFed2SubgraphDocument`. It's here primarily for uses by tests that print and match // subgraph schema to avoid having to update 20+ tests every time we use a new directive or the order of import changes ... -export const FEDERATION2_LINK_WITH_FULL_IMPORTS = '@link(url: "https://specs.apollo.dev/federation/v2.11", import: ["@key", "@requires", "@provides", "@external", "@tag", "@extends", "@shareable", "@inaccessible", "@override", "@composeDirective", "@interfaceObject", "@authenticated", "@requiresScopes", "@policy", "@context", "@fromContext", "@cost", "@listSize"])'; +export const FEDERATION2_LINK_WITH_FULL_IMPORTS = '@link(url: "https://specs.apollo.dev/federation/v2.12", import: ["@key", "@requires", "@provides", "@external", "@tag", "@extends", "@shareable", "@inaccessible", "@override", "@composeDirective", "@interfaceObject", "@authenticated", "@requiresScopes", "@policy", "@context", "@fromContext", "@cost", "@listSize"])'; // This is the full @link declaration that is added when upgrading fed v1 subgraphs to v2 version. It should only be used by tests. -export const FEDERATION2_LINK_WITH_AUTO_EXPANDED_IMPORTS = '@link(url: "https://specs.apollo.dev/federation/v2.11", import: ["@key", "@requires", "@provides", "@external", "@tag", "@extends", "@shareable", "@inaccessible", "@override", "@composeDirective", "@interfaceObject"])'; +export const FEDERATION2_LINK_WITH_AUTO_EXPANDED_IMPORTS = '@link(url: "https://specs.apollo.dev/federation/v2.12", import: ["@key", "@requires", "@provides", "@external", "@tag", "@extends", "@shareable", "@inaccessible", "@override", "@composeDirective", "@interfaceObject"])'; // This is the federation @link for tests that go through the SchemaUpgrader. export const FEDERATION2_LINK_WITH_AUTO_EXPANDED_IMPORTS_UPGRADED = '@link(url: "https://specs.apollo.dev/federation/v2.4", import: ["@key", "@requires", "@provides", "@external", "@tag", "@extends", "@shareable", "@inaccessible", "@override", "@composeDirective", "@interfaceObject"])'; diff --git a/internals-js/src/specs/connectSpec.ts b/internals-js/src/specs/connectSpec.ts index 43111d1ab..65fdda030 100644 --- a/internals-js/src/specs/connectSpec.ts +++ b/internals-js/src/specs/connectSpec.ts @@ -222,6 +222,12 @@ export const CONNECT_VERSIONS = new FeatureDefinitions( new FeatureVersion(0, 2), new FeatureVersion(2, 10), ), + ) + .add( + new ConnectSpecDefinition( + new FeatureVersion(0, 3), + new FeatureVersion(2, 11), + ), ); registerKnownFeature(CONNECT_VERSIONS); diff --git a/internals-js/src/specs/federationSpec.ts b/internals-js/src/specs/federationSpec.ts index 18f112fc2..80ecc2159 100644 --- a/internals-js/src/specs/federationSpec.ts +++ b/internals-js/src/specs/federationSpec.ts @@ -196,6 +196,7 @@ export const FEDERATION_VERSIONS = new FeatureDefinitions=14.15.0" @@ -85,7 +85,7 @@ }, "federation-integration-testsuite-js": { "name": "apollo-federation-integration-testsuite", - "version": "2.11.0-preview.2", + "version": "2.11.0", "license": "Elastic-2.0", "dependencies": { "graphql-tag": "^2.12.6", @@ -94,12 +94,12 @@ }, "gateway-js": { "name": "@apollo/gateway", - "version": "2.11.0-preview.2", + "version": "2.11.0", "license": "Elastic-2.0", "dependencies": { - "@apollo/composition": "2.11.0-preview.2", - "@apollo/federation-internals": "2.11.0-preview.2", - "@apollo/query-planner": "2.11.0-preview.2", + "@apollo/composition": "2.11.0", + "@apollo/federation-internals": "2.11.0", + "@apollo/query-planner": "2.11.0", "@apollo/server-gateway-interface": "^1.1.0", "@apollo/usage-reporting-protobuf": "^4.1.0", "@apollo/utils.createhash": "^2.0.0", @@ -125,7 +125,7 @@ }, "internals-js": { "name": "@apollo/federation-internals", - "version": "2.11.0-preview.2", + "version": "2.11.0", "license": "Elastic-2.0", "dependencies": { "@types/uuid": "^9.0.0", @@ -17841,10 +17841,10 @@ }, "query-graphs-js": { "name": "@apollo/query-graphs", - "version": "2.11.0-preview.2", + "version": "2.11.0", "license": "Elastic-2.0", "dependencies": { - "@apollo/federation-internals": "2.11.0-preview.2", + "@apollo/federation-internals": "2.11.0", "deep-equal": "^2.0.5", "ts-graphviz": "^1.5.4", "uuid": "^9.0.0" @@ -17858,11 +17858,11 @@ }, "query-planner-js": { "name": "@apollo/query-planner", - "version": "2.11.0-preview.2", + "version": "2.11.0", "license": "Elastic-2.0", "dependencies": { - "@apollo/federation-internals": "2.11.0-preview.2", - "@apollo/query-graphs": "2.11.0-preview.2", + "@apollo/federation-internals": "2.11.0", + "@apollo/query-graphs": "2.11.0", "@apollo/utils.keyvaluecache": "^2.1.0", "chalk": "^4.1.0", "deep-equal": "^2.0.5", @@ -17891,11 +17891,11 @@ }, "subgraph-js": { "name": "@apollo/subgraph", - "version": "2.11.0-preview.2", + "version": "2.11.0", "license": "MIT", "dependencies": { "@apollo/cache-control-types": "^1.0.2", - "@apollo/federation-internals": "2.11.0-preview.2" + "@apollo/federation-internals": "2.11.0" }, "engines": { "node": ">=14.15.0" @@ -17905,4 +17905,4 @@ } } } -} +} \ No newline at end of file diff --git a/query-graphs-js/CHANGELOG.md b/query-graphs-js/CHANGELOG.md index ca74c3ded..d8b340edc 100644 --- a/query-graphs-js/CHANGELOG.md +++ b/query-graphs-js/CHANGELOG.md @@ -1,5 +1,20 @@ # CHANGELOG for `@apollo/query-graphs` +## 2.11.0 + +### Minor Changes + +- Adds connect spec v0.2, available for use with Apollo Router 2.3.0 or greater. ([#3262](https://github.com/apollographql/federation/pull/3262)) + +### Patch Changes + +- Corrects a set of denial-of-service (DOS) vulnerabilities that made it possible for an attacker to render gateway inoperable with certain simple query patterns due to uncontrolled resource consumption. All prior-released versions and configurations are vulnerable. ([#3238](https://github.com/apollographql/federation/pull/3238)) + + See the associated GitHub Advisories [GHSA-q2f9-x4p4-7xmh](https://github.com/apollographql/federation/security/advisories/GHSA-q2f9-x4p4-7xmh) and [GHSA-p2q6-pwh5-m6jr](https://github.com/apollographql/federation/security/advisories/GHSA-p2q6-pwh5-m6jr) for more information. + +- Updated dependencies [[`1462c91879d41884c0a7e60551d8dd0d67c832d3`](https://github.com/apollographql/federation/commit/1462c91879d41884c0a7e60551d8dd0d67c832d3), [`9614b26e5a17cbf1f6aaf08f6fcb1c95eb12592d`](https://github.com/apollographql/federation/commit/9614b26e5a17cbf1f6aaf08f6fcb1c95eb12592d)]: + - @apollo/federation-internals@2.11.0 + ## 2.11.0-preview.2 ### Patch Changes diff --git a/query-graphs-js/package.json b/query-graphs-js/package.json index 10663048d..03c3b1a7c 100644 --- a/query-graphs-js/package.json +++ b/query-graphs-js/package.json @@ -1,6 +1,6 @@ { "name": "@apollo/query-graphs", - "version": "2.11.0-preview.2", + "version": "2.11.0", "description": "Apollo Federation library to work with 'query graphs'", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -23,7 +23,7 @@ "node": ">=14.15.0" }, "dependencies": { - "@apollo/federation-internals": "2.11.0-preview.2", + "@apollo/federation-internals": "2.11.0", "deep-equal": "^2.0.5", "ts-graphviz": "^1.5.4", "uuid": "^9.0.0" @@ -34,4 +34,4 @@ "peerDependencies": { "graphql": "^16.5.0" } -} +} \ No newline at end of file diff --git a/query-planner-js/CHANGELOG.md b/query-planner-js/CHANGELOG.md index c6ffe8855..c6306fdea 100644 --- a/query-planner-js/CHANGELOG.md +++ b/query-planner-js/CHANGELOG.md @@ -1,5 +1,21 @@ # CHANGELOG for `@apollo/query-planner` +## 2.11.0 + +### Minor Changes + +- Adds connect spec v0.2, available for use with Apollo Router 2.3.0 or greater. ([#3262](https://github.com/apollographql/federation/pull/3262)) + +### Patch Changes + +- Corrects a set of denial-of-service (DOS) vulnerabilities that made it possible for an attacker to render gateway inoperable with certain simple query patterns due to uncontrolled resource consumption. All prior-released versions and configurations are vulnerable. ([#3238](https://github.com/apollographql/federation/pull/3238)) + + See the associated GitHub Advisories [GHSA-q2f9-x4p4-7xmh](https://github.com/apollographql/federation/security/advisories/GHSA-q2f9-x4p4-7xmh) and [GHSA-p2q6-pwh5-m6jr](https://github.com/apollographql/federation/security/advisories/GHSA-p2q6-pwh5-m6jr) for more information. + +- Updated dependencies [[`1462c91879d41884c0a7e60551d8dd0d67c832d3`](https://github.com/apollographql/federation/commit/1462c91879d41884c0a7e60551d8dd0d67c832d3), [`9614b26e5a17cbf1f6aaf08f6fcb1c95eb12592d`](https://github.com/apollographql/federation/commit/9614b26e5a17cbf1f6aaf08f6fcb1c95eb12592d)]: + - @apollo/query-graphs@2.11.0 + - @apollo/federation-internals@2.11.0 + ## 2.11.0-preview.2 ### Patch Changes diff --git a/query-planner-js/package.json b/query-planner-js/package.json index a47f11f22..81f8bc7e9 100644 --- a/query-planner-js/package.json +++ b/query-planner-js/package.json @@ -1,6 +1,6 @@ { "name": "@apollo/query-planner", - "version": "2.11.0-preview.2", + "version": "2.11.0", "description": "Apollo Query Planner", "author": "Apollo ", "main": "dist/index.js", @@ -25,8 +25,8 @@ "access": "public" }, "dependencies": { - "@apollo/federation-internals": "2.11.0-preview.2", - "@apollo/query-graphs": "2.11.0-preview.2", + "@apollo/federation-internals": "2.11.0", + "@apollo/query-graphs": "2.11.0", "@apollo/utils.keyvaluecache": "^2.1.0", "chalk": "^4.1.0", "deep-equal": "^2.0.5", @@ -35,4 +35,4 @@ "peerDependencies": { "graphql": "^16.5.0" } -} +} \ No newline at end of file diff --git a/subgraph-js/CHANGELOG.md b/subgraph-js/CHANGELOG.md index 35e3c1512..011c75121 100644 --- a/subgraph-js/CHANGELOG.md +++ b/subgraph-js/CHANGELOG.md @@ -1,5 +1,16 @@ # CHANGELOG for `@apollo/subgraph` +## 2.11.0 + +### Minor Changes + +- Adds connect spec v0.2, available for use with Apollo Router 2.3.0 or greater. ([#3262](https://github.com/apollographql/federation/pull/3262)) + +### Patch Changes + +- Updated dependencies [[`1462c91879d41884c0a7e60551d8dd0d67c832d3`](https://github.com/apollographql/federation/commit/1462c91879d41884c0a7e60551d8dd0d67c832d3), [`9614b26e5a17cbf1f6aaf08f6fcb1c95eb12592d`](https://github.com/apollographql/federation/commit/9614b26e5a17cbf1f6aaf08f6fcb1c95eb12592d)]: + - @apollo/federation-internals@2.11.0 + ## 2.11.0-preview.2 ### Patch Changes diff --git a/subgraph-js/package.json b/subgraph-js/package.json index 7ab678111..b848660e0 100644 --- a/subgraph-js/package.json +++ b/subgraph-js/package.json @@ -1,6 +1,6 @@ { "name": "@apollo/subgraph", - "version": "2.11.0-preview.2", + "version": "2.11.0", "description": "Apollo Subgraph Utilities", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -25,9 +25,9 @@ }, "dependencies": { "@apollo/cache-control-types": "^1.0.2", - "@apollo/federation-internals": "2.11.0-preview.2" + "@apollo/federation-internals": "2.11.0" }, "peerDependencies": { "graphql": "^16.5.0" } -} +} \ No newline at end of file