-
Notifications
You must be signed in to change notification settings - Fork 85
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update dependency apollographql/router to v1.52.1 #2077
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
renovate
bot
force-pushed
the
renovate/apollographql-router-1.x
branch
5 times, most recently
from
August 28, 2024 13:20
e2d9409
to
3c2056f
Compare
renovate
bot
force-pushed
the
renovate/apollographql-router-1.x
branch
from
August 28, 2024 13:31
3c2056f
to
017774b
Compare
jonathanrainer
approved these changes
Aug 28, 2024
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Merged
jonathanrainer
added a commit
that referenced
this pull request
Sep 4, 2024
# [0.26.1] - 2024-09-04 ## 🚀 Features - **Respect the use of `--output` flag in the supergraph binary - @aaronArinder PR #2045** In testing to attempt to reduce the runtime of `supergraph compose` we noticed that a very large proportion of the time spent (in the case of large supergraphs) was spent printing the result to `stdout`. With this change we add an `--output` flag to the `supergraph` binary which means this time can be reduced significantly, leading to much faster compositions. - **Add `--license` flag to `rover dev` - @loshz PR #2078** Adds the ability to pass along an offline enterprise licence to the router when running `rover dev` - **Remove Rayon and reduce usage of Crossbeam - @jonathanrainer PR #2081** Now that `rover` has transitioned to using an asynchronous runtime we don't need to use Rayon any more. This also resolves a bug whereby `rover dev` could lock up if passed a `supergraph.yaml` file with lots of subgraphs in. - **Introduce new print macros - @loshz PR #2090** Adds three new macros to the codebase so that we can still visually distinguish between INFO, WARNING and ERROR log lines without the use of emoji - **Use new print macros in place of emoji - @loshz PR #2096** Updates the locations that previously used emoji to utilise the new macros defined in the previous PR ## 🐛 Fixes - **Stop Windows Installer failing if whitespace is accidentally passed to the `rover install` command - @jonathanrainer PR #1975** In some situations it was possible for whitespace to be passed to the `rover install` command which then caused the installer to fail. A guard has now been added to strip whitespace out before it is passed to the install command. ## 🛠 Maintenance - **Move CI to using newly create Ubuntu images - @jonathanrainer PR #2080** CircleCI is removing support for older Ubuntu machine images, this brings us up to date but does **not** change any of our `glibc` support etc. - **Add check for aarch-64-unknown-linux-musl to installers - @loshz PR #2079** - **Update node.js packages - @jonathanrainer PR #2070** Includes `eslint` to v9.9.1 and `node` to 20.17.0 - **Update `node` CircleCI orb to v5.3.0 - @jonathanrainer PR #2071** - **Update `apollographql/federation-rs` to v2.9.0 - @jonathanrainer PR #1983** - **Update `apollographql/router` to v1.52.1 - @jonathanrainer PR #2077** - **Update `node` Docker Image to v20.17.0 - @jonathanrainer PR #2072** - **Update `apollographql/router` to v1.53.0 - @jonathanrainer PR #2084** - **Update `npm` to v10.8.3 - @jonathanrainer PR #2091** - **Update `slackapi/slack-github-action` to v1.27.0 - @jonathanrainer PR #2092** - **Update `node` CircleCI orb to v6.1.0 - @jonathanrainer PR #2093** - **Fix some bugs in the smoke tests - @jonathanrainer PR #2094** ## 📚 Documentation - **Add `cloud config` docs - @loshz PR #2066**
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v1.52.0
->v1.52.1
Release Notes
apollographql/router (apollographql/router)
v1.52.1
Compare Source
🔒 Security
CVE-2024-43783: Payload limits may exceed configured maximum
Correct a denial-of-service vulnerability which, under certain non-default configurations below, made it possible to exceed the configured request payload maximums set with the
limits.http_max_request_bytes
option.This affects the following non-default Router configurations:
coprocessor.router.request.body
configuration option is set totrue
; orplugins
configuration where those plugins access the request body in theRouterService
layer.Rhai plugins are not impacted. See the associated Github Advisory, GHSA-x6xq-whh3-gg32, for more information.
CVE-2024-43414: Update query planner to resolve uncontrolled recursion
Update the version of
@apollo/query-planner
used by Router to v2.8.5 which corrects an uncontrolled recursion weakness (classified as CWE-674) during query planning for complex queries on particularly complex graphs.This weakness impacts all versions of Router prior to this release. See the associated Github Advisory, GHSA-fmj9-77q8-g6c4, for more information.
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.