Skip to content

release: on branch version-2.11#3344

Merged
dariuszkuc merged 2 commits intoversion-2.11from
changeset-release/version-2.11
Nov 13, 2025
Merged

release: on branch version-2.11#3344
dariuszkuc merged 2 commits intoversion-2.11from
changeset-release/version-2.11

Conversation

@github-actions
Copy link
Contributor

@github-actions github-actions bot commented Nov 13, 2025

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to version-2.11, this PR will be updated.

Releases

@apollo/composition@2.11.5

Patch Changes

  • Fixed access control verification of transitive requirements (through @requires and/or @fromContext) to ensure it works with chains of transitive dependencies. (#3333)

  • Allow interface object fields to specify access control (#3333)

    Update composition logic to allow specifying access control directives (@authenticated, @requiresScopes and @policy) on @interfaceObject fields. While we disallow access control on interface types and fields, we decided to support it on @interfaceObject as it is a useful pattern to define a single resolver (that may need access controls) for common interface fields. Alternative would require our users to explicitly define resolvers for all implementations which defeats the purpose of @interfaceObject.

    This PR refactors in how we propagate access control by providing additional merge sources when merging directives on interfaces, interface fields and object fields.

  • Updated dependencies [e1c58611c3c996b4fff98a54e49f00549ff2115d, 3e2d1fd315db54a089fedf131cfaa27792bdd049]:

    • @apollo/federation-internals@2.11.5
    • @apollo/query-graphs@2.11.5

@apollo/gateway@2.11.5

Patch Changes

@apollo/federation-internals@2.11.5

Patch Changes

  • Allow interface object fields to specify access control (#3333)

    Update composition logic to allow specifying access control directives (@authenticated, @requiresScopes and @policy) on @interfaceObject fields. While we disallow access control on interface types and fields, we decided to support it on @interfaceObject as it is a useful pattern to define a single resolver (that may need access controls) for common interface fields. Alternative would require our users to explicitly define resolvers for all implementations which defeats the purpose of @interfaceObject.

    This PR refactors in how we propagate access control by providing additional merge sources when merging directives on interfaces, interface fields and object fields.

  • Fixed demand control validations to unwrap non-nullable composite types and fields when performing validations. (#3336)

@apollo/query-graphs@2.11.5

Patch Changes

@apollo/query-planner@2.11.5

Patch Changes

@apollo/subgraph@2.11.5

Patch Changes

apollo-federation-integration-testsuite@2.11.5

@github-actions github-actions bot requested a review from a team as a code owner November 13, 2025 15:18
@codesandbox-ci
Copy link

codesandbox-ci bot commented Nov 13, 2025
edited
Loading

This pull request is automatically built and testable in CodeSandbox.

To see build info of the built libraries, click here or the icon next to each commit SHA.

@dariuszkuc dariuszkuc merged commit 8415b92 into version-2.11 Nov 13, 2025
9 of 13 checks passed
@dariuszkuc dariuszkuc deleted the changeset-release/version-2.11 branch November 13, 2025 15:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@dariuszkuc