Skip to content

chore(deps): update h2 dependency#9038

Merged
carodewig merged 14 commits intodevfrom
caroline/router-1659-h2-update
Mar 20, 2026
Merged

chore(deps): update h2 dependency#9038
carodewig merged 14 commits intodevfrom
caroline/router-1659-h2-update

Conversation

@carodewig
Copy link
Copy Markdown
Contributor

@carodewig carodewig commented Mar 20, 2026
edited by atlassian bot
Loading

This is a hidden dependency of hyper and tonic. There are a few changes in the latest release that we want to adopt (see the changeset).

Closes #9033.

Checklist

Complete the checklist (and note appropriate exceptions) before the PR is marked ready-for-review.

  • PR description explains the motivation for the change and relevant context for reviewing
  • PR description links appropriate GitHub/Jira tickets (creating when necessary)
  • Changeset is included for user-facing changes
  • Changes are compatible1
  • Documentation2 completed
  • Performance impact assessed and acceptable
  • Metrics and logs are added3 and documented
  • Tests added and passing4
    • Unit tests
    • Integration tests
    • Manual tests, as necessary

Exceptions

Note any exceptions here

Notes

Footnotes

  1. It may be appropriate to bring upcoming changes to the attention of other (impacted) groups. Please endeavour to do this before seeking PR approval. The mechanism for doing this will vary considerably, so use your judgement as to how and when to do this.

  2. Configuration is an important part of many changes. Where applicable please try to document configuration examples.

  3. A lot of (if not most) features benefit from built-in observability and debug-level logs. Please read this guidance on metrics best-practices.

  4. Tick whichever testing boxes are applicable. If you are adding Manual Tests, please document the manual testing (extensively) in the Exceptions.

theJC and others added 14 commits March 18, 2026 17:34
@theJC @claude
chore(deps): pin transitive h2 dependency at minimum v0.4.13
58e1990 
Adds h2 as an explicit workspace dependency with a minimum version of
0.4.13 to ensure the router picks up the latest patch release. Without
an explicit declaration, h2 is only a transitive dependency and Renovate
will not manage it, leaving the version pinned in Cargo.lock indefinitely
unless someone manually runs cargo update.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@theJC @claude
maint: add changeset for h2 version floor bump
3ff1fc5 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@theJC @claude
maint: update changeset with h2 0.4.13 fix details
ebd85b2 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@theJC @claude
chore(deps): update changeset to reflect pin wording and scope
beecf71 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@theJC @claude
chore(deps): update changeset with router-specific relevance analysis
e520ccd 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@theJC @claude
fix(deps): enforce h2 floor via apollo-router workspace dep
361437f 
Adds h2.workspace = true to apollo-router/Cargo.toml so the minimum
version floor declared in [workspace.dependencies] is actually enforced
by the cargo resolver, and Renovate can manage future bumps via the
workspace entry.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@theJC @claude
fix(deps): restore clean Cargo.lock with targeted h2 bump only
958aa47 
Replaces the previous Cargo.lock update (which contained 7 unintended
resolver re-selections of socket2 and windows-sys versions) with a
targeted cargo update -p h2 --precise 0.4.13. Only h2 and its entry
in the apollo-router dependency list change.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@theJC @claude
fix(deps): declare h2 floor directly in apollo-router, not workspace …
ac11ec8 
…deps

The [workspace.dependencies] table is for deps used in more than one
workspace member. h2 is a transitive-only dep being pinned, so it
belongs directly in apollo-router/Cargo.toml following the same pattern
as the existing socket2 declaration.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@theJC @claude
chore: update changeset to reflect direct apollo-router dep declaration
2228bd8 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@theJC @claude
chore: clarify Renovate visibility before/after in changeset and PR
5eb0ea9 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@theJC
Merge branch 'dev' into maint/bump-h2-min-version
763df21
@carodewig
dep: update h2 dependency
1fc21dd
@carodewig
Merge remote-tracking branch 'theJC/maint/bump-h2-min-version' into c…
c8d68db 
…aroline/router-1659-h2-update
@carodewig
doc: delete internal comment from changeset
5a9788a
@carodewig carodewig requested a review from a team as a code owner March 20, 2026 14:17
@apollo-librarian
Copy link
Copy Markdown
Contributor

apollo-librarian bot commented Mar 20, 2026
edited
Loading

✅ Docs preview has no changes

The preview was not built because there were no changes.

Build ID: 91738fd4bd5e35fa4569b7f0
Build Logs: View logs

✅ AI Style Review — No Changes Detected

No MDX files were changed in this pull request.

Review Log: View detailed log

This review is AI-generated. Please use common sense when accepting these suggestions, as they may not always be accurate or appropriate for your specific context.

@carodewig carodewig mentioned this pull request Mar 20, 2026
Closed
2 tasks
@carodewig carodewig enabled auto-merge (squash) March 20, 2026 14:26
@carodewig carodewig merged commit 5999837 into dev Mar 20, 2026
15 checks passed
@carodewig carodewig deleted the caroline/router-1659-h2-update branch March 20, 2026 14:49
theJC
theJC reviewed Mar 20, 2026
View reviewed changes
Comment thread .changesets/maint_jc_bump_h2_min_version.md
@@ -0,0 +1,11 @@
### Pin transitive `h2` dependency at minimum v0.4.13 to pick up critical flow-control, deadlock, and tracing fixes ([PR #9033](https://github.com/apollographql/router/pull/9033))

`h2` 0.4.13 (released January 5, 2026) contains three fixes directly relevant to the router, which uses h2 exclusively as a client when connecting to subgraphs:
Copy link
Copy Markdown
Contributor

@theJC theJC Mar 20, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I missed correcting this in my original PR... h2 is often used, but not exclusively used

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aaronArinder aaronArinder aaronArinder approved these changes

+1 more reviewer

@theJC theJC theJC left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@carodewig @theJC @aaronArinder