Do not run the full suite of graphQL validations on supergraphs and their extracted subgraphs by default in production environment. (#2657)
Running those validations on every updates of the schema takes a non-negligible amount of time (especially on large
schema) and mainly only serves in catching bugs early in the supergraph handling code, and in some limited cases,
provide slightly better messages when a corrupted supergraph is received, neither of which is worth the cost in
production environment.
A new validateSupergraph option is also introduced in the gateway configuration to force this behaviour.
Support responses from subgraphs which use the application/graphql-response+json content-type header. (#2162)
Introduce the new @authenticated directive for composition (#2644)
Note that this directive will only be fully supported by the Apollo Router as a GraphOS Enterprise feature at runtime. Also note that composition of valid @authenticated directive applications will succeed, but the resulting supergraph will not be executable by the Gateway or an Apollo Router which doesn't have the GraphOS Enterprise entitlement.
Users may now compose @authenticated applications from their subgraphs into a supergraph. This addition will support a future version of Apollo Router that enables authenticated access to specific types and fields via directive applications.
In order to compose your @authenticated usages, you must update your subgraph's federation spec version to v2.5 and add the @authenticated import to your existing imports like so:
Introduce the new @requiresScopes directive for composition (#2649)
Note that this directive will only be fully supported by the Apollo Router as a GraphOS Enterprise feature at runtime. Also note that composition of valid @requiresScopes directive applications will succeed, but the resulting supergraph will not be executable by the Gateway or an Apollo Router which doesn't have the GraphOS Enterprise entitlement.
Users may now compose @requiresScopes applications from their subgraphs into a supergraph. This addition will support a future version of Apollo Router that enables scoped access to specific types and fields via directive applications.
PR #2639 attempts to resolve issues with query fragment reuse, but we've since turned up multiple issues (at least 1 of which is a regression - see #2680. For now, this reverts it until we resolve the regression for a future patch release.
Try reusing named fragments in subgraph fetches even if those fragment only apply partially to the subgraph. Before this change, only named fragments that were applying entirely to a subgraph were tried, leading to less reuse that expected. Concretely, this change can sometimes allow the generation of smaller subgraph fetches. (#2639)
Re-work the code use to try to reuse query named fragments to improve performance (thus sometimes improving query (#2604)
planning performance), to fix a possibly raised assertion error (with a message of form like Cannot add selection of field X to selection set of parent type Y), and to fix a rare issue where an interface or union field was not being
queried for all the types it should be.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.
Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Bumps @apollo/gateway from 2.0.4 to 2.5.0.
Release notes
Sourced from
@apollo/gateway
's releases.... (truncated)
Changelog
Sourced from
@apollo/gateway
's changelog.... (truncated)
Commits
43e965c
Version Packages (#2597)9a9589f
Merge branch 'main' into next0519eec
Version Packages (#2682)b6be9f9
Revert #2639, an attempt to fix query fragment reuse (#2681)4f3c3b9
Introduce@requiresScopes
directive in composition (#2649)fe1e3d7
Skip some supergraph validations in production by default (#2657)8f3c301
Merge branch 'main' into next9396c0d
Introduce@authenticated
directive in composition (#2644)db90ba1
Allows passing the list of supported features when building a supergraph (#2656)20923a3
Version Packages (#2634)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)