Update dependency @apollo/gateway to v2.8.5 [SECURITY]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@apollo/gateway (source)	`2.0.1` -> `2.8.5`

GitHub Vulnerability Alerts

CVE-2024-43414

Impact

Instances of @apollo/query-planner >=2.0.0 and <2.8.5 are impacted by a denial-of-service vulnerability. @apollo/gateway versions >=2.0.0 and < 2.8.5 and Apollo Router <1.52.1 are also impacted through their use of @apollo/query-planner.

If @apollo/query-planner is asked to plan a sufficiently complex query, it may loop infinitely and never complete. This results in unbounded memory consumption and either a crash or out-of-memory (OOM) termination.

This issue can be triggered if you have at least one non-@key field that can be resolved by multiple subgraphs. To identify these shared fields, the schema for each subgraph must be reviewed. The mechanism to identify shared fields varies based on the version of Federation your subgraphs are using.

You can check if your subgraphs are using Federation 1 or Federation 2 by reviewing their schemas. Federation 2 subgraph schemas will contain a @link directive referencing the version of Federation being used while Federation 1 subgraphs will not. For example, in a Federation 2 subgraph, you will find a line like @link(url: "https://specs.apollo.dev/federation/v2.0"). If a similar @link directive is not present in your subgraph schema, it is using Federation 1. Note that a supergraph can contain a mix of Federation 1 and Federation 2 subgraphs.

To review Federation 1 subgraphs for impact:

In Federation 1 subgraphs, fields are implicitly shareable across subgraphs. To review for impact, you will need to review for cases where multiple subgraphs can resolve the same field. For example:


# Subgraph 1
type Query {
  field: Int
}

# Subgraph 2
type Query {
  field: Int
}

To review Federation 2 subgraphs for impact:

In Federation 2 subgraphs, fields must be explicitly defined as shareable across subgraphs. This is done via the @shareable directive. For example:


# Subgraph 1
@&#8203;link(url: "https://specs.apollo.dev/federation/v2.0")
type Query {
  field: Int @&#8203;shareable
}

# Subgraph 2
@&#8203;link(url: "https://specs.apollo.dev/federation/v2.0")
type Query {
  field: Int @&#8203;shareable
}

Impact Detail

This issue results from the Apollo query planner attempting to use a Number exceeding Javascript’s Number.MAX_VALUE in some cases. In Javascript, Number.MAX_VALUE is (2^1024 - 2^971).

When the query planner receives an inbound graphql request, it breaks the query into pieces and for each piece, generates a list of potential execution steps to solve the piece. These candidates represent the steps that the query planner will take to satisfy the pieces of the larger query. As part of normal operations, the query planner requires and calculates the number of possible query plans for the total query. That is, it needs the product of the number of query plan candidates for each piece of the query. Under normal circumstances, after generating all query plan candidates and calculating the number of all permutations, the query planner moves on to stack rank candidates and prune less-than-optimal options.

In particularly complex queries, especially those where fields can be solved through multiple subgraphs, this can cause the number of all query plan permutations to balloon. In worst-case scenarios, this can end up being a number larger than Number.MAX_VALUE. In Javascript, if Number.MAX_VALUE is exceeded, Javascript represents the value as “infinity”. If the count of candidates is evaluated as infinity, the component of the query planner responsible for pruning less-than-optimal query plans does not actually prune candidates, causing the query planner to evaluate many orders of magnitude more query plan candidates than necessary.

A given graph’s exposure to this issue varies based on its complexity. Consider the following Federation 2 subgraphs:


# Subgraph 1
type Query {
  field: Int @&#8203;shareable
}

# Subgraph 2
type Query {
  field: Int @&#8203;shareable
}

The query planner can solve requests for Query.field in one of two ways - either by querying subgraph 1 or subgraph 2.

The following query with 1024 aliased fields would trigger this issue because 2^1024 > Number.MAX_VALUE:

query {
  field_1: field
  field_2: field
  # ...
  field_1023: field
  field_1024: field
}

However, in a graph that provided 5 options to solve a given field, the bug could be encountered in a query that aliased the field approximately 440 times.

Patches

@apollo/query-planner 2.8.5 @apollo/gateway 2.8.5 Apollo Router 1.52.1

Workarounds

This issue can be avoided by ensuring there are no fields resolvable from multiple subgraphs. If all subgraphs are using Federation 2, you can confirm that you are not impacted by ensuring that none of your subgraph schemas use the @shareable directive. If you are using Federation 1 subgraphs, you will need to validate that there are no fields resolvable by multiple subgraphs.

Note that a supergraph can contain a mix of Federation 1 and Federation 2 subgraphs.

If you do have fields resolvable by multiple subgraphs, changing this behavior in response to this issue may be risky to the operation of your supergraph. We recommend that you update to a patched version of either Apollo Router or Apollo Gateway.

Apollo customers with an enterprise entitlement using the Apollo Router can also mitigate much of the risk from this issue by implementing Apollo’s Persisted Queries (PQ) feature. With PQ enabled, the Apollo Router will only execute safelisted queries. While customers would need to ensure that queries that induce this issue are not added to the safelist, PQs would mitigate the risk of clients submitting ad hoc queries that exploit this issue.

References

Additional information on Query Plans

Release Notes

apollographql/federation (@apollo/gateway)

### [`v2.8.5`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#285) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.8.4...@apollo/gateway@2.8.5) ### [`v2.8.4`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#284) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.8.3...@apollo/gateway@2.8.4) ##### Patch Changes - Updated dependencies \[[`4d9e0f6390c5114132d205ab73b6aa1b9ffa8cd8`](https://redirect.github.com/apollographql/federation/commit/4d9e0f6390c5114132d205ab73b6aa1b9ffa8cd8), [`5f4bb160d024678d6facd471c43c8ec61c86e701`](https://redirect.github.com/apollographql/federation/commit/5f4bb160d024678d6facd471c43c8ec61c86e701), [`672aca7cbeb0a6a38586357a4e154f2dd91caa0c`](https://redirect.github.com/apollographql/federation/commit/672aca7cbeb0a6a38586357a4e154f2dd91caa0c)]: - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).8.4 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).8.4 - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).8.4 ### [`v2.8.3`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#283) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.8.2...@apollo/gateway@2.8.3) ##### Patch Changes - Updated dependencies \[[`38debcf2f9af1a719bd1c8acbd9335efa8427ddb`](https://redirect.github.com/apollographql/federation/commit/38debcf2f9af1a719bd1c8acbd9335efa8427ddb), [`50d648ccffb05591878de75dc5522914ed48698f`](https://redirect.github.com/apollographql/federation/commit/50d648ccffb05591878de75dc5522914ed48698f), [`860aace9904e787f9bf05aad94be5b5920f10543`](https://redirect.github.com/apollographql/federation/commit/860aace9904e787f9bf05aad94be5b5920f10543), [`67b70c6e68b1cdbf8f03dacafd636e27ed9b7814`](https://redirect.github.com/apollographql/federation/commit/67b70c6e68b1cdbf8f03dacafd636e27ed9b7814), [`f753d55e9a49d11389ee4f8d7976533447e95ede`](https://redirect.github.com/apollographql/federation/commit/f753d55e9a49d11389ee4f8d7976533447e95ede), [`f5f6a799d6b3675eecb0eaec7a816d746cd136b2`](https://redirect.github.com/apollographql/federation/commit/f5f6a799d6b3675eecb0eaec7a816d746cd136b2), [`42bd27af6a23bcfdd36951dbfa3fb9f7ba833f3a`](https://redirect.github.com/apollographql/federation/commit/42bd27af6a23bcfdd36951dbfa3fb9f7ba833f3a), [`f376447a820e3c0ae41d16d1fd3b681d2f1e8c14`](https://redirect.github.com/apollographql/federation/commit/f376447a820e3c0ae41d16d1fd3b681d2f1e8c14), [`3af790517d662f3bec9064c0bf243014c579e9cd`](https://redirect.github.com/apollographql/federation/commit/3af790517d662f3bec9064c0bf243014c579e9cd)]: - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).8.3 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).8.3 - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).8.3 ### [`v2.8.2`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#282) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.8.1...@apollo/gateway@2.8.2) ##### Patch Changes - Updated dependencies \[[`b2e5ab66f84688ec304cfcf2c6f749c86aded549`](https://redirect.github.com/apollographql/federation/commit/b2e5ab66f84688ec304cfcf2c6f749c86aded549)]: - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).8.2 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).8.2 - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).8.2 ### [`v2.8.1`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#281) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.8.0...@apollo/gateway@2.8.1) ##### Patch Changes - Updated dependencies \[[`61f2b6b12ee83e7ecb6509f7131f9412a37e194b`](https://redirect.github.com/apollographql/federation/commit/61f2b6b12ee83e7ecb6509f7131f9412a37e194b)]: - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).8.1 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).8.1 - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).8.1 ### [`v2.8.0`](https://redirect.github.com/apollographql/federation/releases/tag/%40apollo/gateway%402.8.0) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.7.8...@apollo/gateway@2.8.0) ##### Minor Changes - Implement new directives to allow getting and setting context. This allows resolvers to reference and access data referenced by entities that exist in the GraphPath that was used to access the field. The following example demonstrates the ability to access the `prop` field within the Child resolver. ([#2988](https://redirect.github.com/apollographql/federation/pull/2988)) ```graphql type Query { p: Parent! } type Parent @key(fields: "id") @context(name: "context") { id: ID! child: Child! prop: String! } type Child @key(fields: "id") { id: ID! b: String! field(a: String @fromContext(field: "$context { prop }")): Int! } ``` ##### Patch Changes - Various set context bugfixes ([#3017](https://redirect.github.com/apollographql/federation/pull/3017)) - Updated dependencies \[[`c4744da360235d8bb8270ea048f0e0fa5d03be1e`](https://redirect.github.com/apollographql/federation/commit/c4744da360235d8bb8270ea048f0e0fa5d03be1e), [`8a936d741a0c05835ff2533714cf330d18209179`](https://redirect.github.com/apollographql/federation/commit/8a936d741a0c05835ff2533714cf330d18209179), [`daf36bd242ba4db0cfcf0e18c1eed235ff0dfaf2`](https://redirect.github.com/apollographql/federation/commit/daf36bd242ba4db0cfcf0e18c1eed235ff0dfaf2)]: - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).8.0 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).8.0 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).8.0 ### [`v2.7.8`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#278) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.7.7...@apollo/gateway@2.7.8) ##### Patch Changes - Triggering a clean 2.7.8 release now that harmonizer build has been fixed. ([#3010](https://redirect.github.com/apollographql/federation/pull/3010)) - Updated dependencies \[[`2ad72802044310a528e8944f4538efe519424504`](https://redirect.github.com/apollographql/federation/commit/2ad72802044310a528e8944f4538efe519424504)]: - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).7.8 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).7.8 - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).7.8 ### [`v2.7.7`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#277) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.7.6...@apollo/gateway@2.7.7) ##### Patch Changes - No logical changes since 2.7.5 or 2.7.6, but we fixed a bug in the release process, so we need to publish a new patch version (2.7.7). ([#2999](https://redirect.github.com/apollographql/federation/pull/2999)) - Updated dependencies \[[`bee0b0828b4fb6a1d3172ac330560e2ab6c046bb`](https://redirect.github.com/apollographql/federation/commit/bee0b0828b4fb6a1d3172ac330560e2ab6c046bb)]: - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).7.7 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).7.7 - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).7.7 ### [`v2.7.6`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#276) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.7.5...@apollo/gateway@2.7.6) ##### Patch Changes - Updated dependencies \[[`856a82b1deca625b75145edd6328bed23abee33a`](https://redirect.github.com/apollographql/federation/commit/856a82b1deca625b75145edd6328bed23abee33a)]: - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).7.6 - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).7.6 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).7.6 ### [`v2.7.5`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#275) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.7.4...@apollo/gateway@2.7.5) ##### Patch Changes - Updated dependencies \[[`af4376f348d21ad4d8eca0e3d2a170600f391e4d`](https://redirect.github.com/apollographql/federation/commit/af4376f348d21ad4d8eca0e3d2a170600f391e4d)]: - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).7.5 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).7.5 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).7.5 ### [`v2.7.4`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#274) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.7.3...@apollo/gateway@2.7.4) ##### Patch Changes - Updated dependencies \[[`d80b7f0ca1456567a0866a32d2b2abf940598f77`](https://redirect.github.com/apollographql/federation/commit/d80b7f0ca1456567a0866a32d2b2abf940598f77), [`c89d8287e88d12cfd34c1baf1f42db672731b8a7`](https://redirect.github.com/apollographql/federation/commit/c89d8287e88d12cfd34c1baf1f42db672731b8a7)]: - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).7.4 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).7.4 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).7.4 ### [`v2.7.3`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#273) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.7.2...@apollo/gateway@2.7.3) ##### Patch Changes - Updated dependencies \[[`ec04c50b4fb832bfd281ecf9c0c2dd7656431b96`](https://redirect.github.com/apollographql/federation/commit/ec04c50b4fb832bfd281ecf9c0c2dd7656431b96), [`3e2c845c74407a136b9e0066e44c1ad1467d3013`](https://redirect.github.com/apollographql/federation/commit/3e2c845c74407a136b9e0066e44c1ad1467d3013), [`a494631918156f0431ceace74281c076cf1d5d51`](https://redirect.github.com/apollographql/federation/commit/a494631918156f0431ceace74281c076cf1d5d51)]: - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).7.3 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).7.3 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).7.3 ### [`v2.7.2`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#272) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.7.1...@apollo/gateway@2.7.2) ##### Patch Changes - Remove out-of-band reporting in the gateway and provide a warning for users who have the endpoint configured. ([#2946](https://redirect.github.com/apollographql/federation/pull/2946)) - Updated dependencies \[[`33b937b18d3c7ca6af14b904696b536399e597d1`](https://redirect.github.com/apollographql/federation/commit/33b937b18d3c7ca6af14b904696b536399e597d1), [`09cd3e55e810ee513127b7440f5b11af7540c9b0`](https://redirect.github.com/apollographql/federation/commit/09cd3e55e810ee513127b7440f5b11af7540c9b0), [`d7189a86c27891af408d3d0184db6133d3342967`](https://redirect.github.com/apollographql/federation/commit/d7189a86c27891af408d3d0184db6133d3342967), [`33506bef6d755c58400081824167711c1747ee40`](https://redirect.github.com/apollographql/federation/commit/33506bef6d755c58400081824167711c1747ee40), [`1f72f2a361a83ebaaf15ae052f5ca9a93fc18bfc`](https://redirect.github.com/apollographql/federation/commit/1f72f2a361a83ebaaf15ae052f5ca9a93fc18bfc)]: - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).7.2 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).7.2 - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).7.2 ### [`v2.7.1`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#271) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.7.0...@apollo/gateway@2.7.1) ##### Patch Changes - Updated dependencies \[[`493f5acd16ad92adf99c963659cd40dc5eac1219`](https://redirect.github.com/apollographql/federation/commit/493f5acd16ad92adf99c963659cd40dc5eac1219)]: - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).7.1 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).7.1 - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).7.1 ### [`v2.7.0`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#270) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.6.3...@apollo/gateway@2.7.0) ##### Minor Changes - Implement progressive `@override` functionality ([#2911](https://redirect.github.com/apollographql/federation/pull/2911)) The progressive `@override` feature brings a new argument to the `@override` directive: `label: String`. When a label is added to an `@override` application, the override becomes conditional, depending on parameters provided to the query planner (a set of which labels should be overridden). Note that this feature will be supported in router for enterprise users only. Out-of-the-box, the router will support a percentage-based use case for progressive `@override`. For example: ```graphql type Query { hello: String @override(from: "original", label: "percent(5)") } ``` The above example will override the root `hello` field from the "original" subgraph 5% of the time. More complex use cases will be supported by the router via the use of coprocessors/rhai to resolve arbitrary labels to true/false values (i.e. via a feature flag service). ##### Patch Changes - Updated dependencies \[[`6ae42942b13dccd246ccc994faa2cb36cd62cb3c`](https://redirect.github.com/apollographql/federation/commit/6ae42942b13dccd246ccc994faa2cb36cd62cb3c), [`66833fb8d04c9376f6ed476fed6b1ca237f477b7`](https://redirect.github.com/apollographql/federation/commit/66833fb8d04c9376f6ed476fed6b1ca237f477b7), [`931f87c6766c7439936df706727cbdc0cd6bcfd8`](https://redirect.github.com/apollographql/federation/commit/931f87c6766c7439936df706727cbdc0cd6bcfd8)]: - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).7.0 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).7.0 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).7.0 ### [`v2.6.3`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#263) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.6.2...@apollo/gateway@2.6.3) ##### Patch Changes - Updated dependencies \[[`038cf0dbbfb0e2978b69f0a14bfd2c38b0cd1326`](https://redirect.github.com/apollographql/federation/commit/038cf0dbbfb0e2978b69f0a14bfd2c38b0cd1326), [`69495b4810f3268c45a31f9d12e4f9cde2c447b5`](https://redirect.github.com/apollographql/federation/commit/69495b4810f3268c45a31f9d12e4f9cde2c447b5)]: - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).6.3 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).6.3 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).6.3 ### [`v2.6.2`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#262) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.6.1...@apollo/gateway@2.6.2) ##### Patch Changes - Updated dependencies \[[`7b5b836d15247c997712a47847f603aa5887312e`](https://redirect.github.com/apollographql/federation/commit/7b5b836d15247c997712a47847f603aa5887312e), [`74ca7dd617927a20d79b824851f7651ef3c40a4e`](https://redirect.github.com/apollographql/federation/commit/74ca7dd617927a20d79b824851f7651ef3c40a4e), [`ffe67dfbdb77d15dde2ab6dee66dba05c7b5c037`](https://redirect.github.com/apollographql/federation/commit/ffe67dfbdb77d15dde2ab6dee66dba05c7b5c037)]: - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).6.2 - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).6.2 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).6.2 ### [`v2.6.1`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#261) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.6.0...@apollo/gateway@2.6.1) ##### Patch Changes - Updated dependencies \[[`0d5ab01a`](https://redirect.github.com/apollographql/federation/commit/0d5ab01a4e91bac10f47732fee3fe4d8017f051f)]: - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).6.1 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).6.1 - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).6.1 ### [`v2.6.0`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#260) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.5.7...@apollo/gateway@2.6.0) ##### Minor Changes - Add more information to OpenTelemetry spans. ([#2700](https://redirect.github.com/apollographql/federation/pull/2700)) Rename `operationName` to `graphql.operation.name` and add a `graphql.operation.type` attribute, in conformance with the OpenTelemetry Semantic Conventions for GraphQL. The `operationName` attribute is now deprecated, but it is still emitted alongside `graphql.operation.name`. Add a `graphql.document` span attribute to the `gateway.request` span, containing the entire GraphQL source sent in the request. This feature is disable by default. When one or more GraphQL or internal errors occur, report them in the OpenTelemetry span in which they took place, as an exception event. This feature is disabled by default. To enable the `graphql.document` span attribute and the exception event reporting, add the following entries to your `ApolloGateway` instance configuration: ```ts const gateway = new ApolloGateway({ // ... telemetry: { // Set to `true` to include the `graphql.document` attribute includeDocument: true, // Set to `true` to report all exception events, or set to a number // to report at most that number of exception events per span reportExceptions: true, // or: reportExceptions: 1 }, }); ``` - Update `license` field in `package.json` to use `Elastic-2.0` SPDX identifier ([#2741](https://redirect.github.com/apollographql/federation/pull/2741)) - Introduce the new `@policy` scope for composition ([#2818](https://redirect.github.com/apollographql/federation/pull/2818)) > Note that this directive will only be *fully* supported by the Apollo Router as a GraphOS Enterprise feature at runtime. Also note that *composition* of valid `@policy` directive applications will succeed, but the resulting supergraph will not be *executable* by the Gateway or an Apollo Router which doesn't have the GraphOS Enterprise entitlement. Users may now compose `@policy` applications from their subgraphs into a supergraph. The directive is defined as follows: ```graphql scalar federation__Policy directive @policy( policies: [[federation__Policy!]!]! ) on FIELD_DEFINITION | OBJECT | INTERFACE | SCALAR | ENUM ``` The `Policy` scalar is effectively a `String`, similar to the `FieldSet` type. In order to compose your `@policy` usages, you must update your subgraph's federation spec version to v2.6 and add the `@policy` import to your existing imports like so: ```graphql @link(url: "https://specs.apollo.dev/federation/v2.6", import: [..., "@policy"]) ``` - Add graphql.operation.name attribute on gateway.plan span ([#2807](https://redirect.github.com/apollographql/federation/pull/2807)) ##### Patch Changes - Updated dependencies \[[`b18841be`](https://redirect.github.com/apollographql/federation/commit/b18841be897e6d4f47454568776f199e2adb60ae), [`e325b499`](https://redirect.github.com/apollographql/federation/commit/e325b499d592dabe61c93112c292c92ca10afbc5)]: - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).6.0 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).6.0 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).6.0 ### [`v2.5.7`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#257) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.5.6...@apollo/gateway@2.5.7) ##### Patch Changes - Updated dependencies \[[`a0bdd7cb`](https://redirect.github.com/apollographql/federation/commit/a0bdd7cb056ccdc6d9f6ec6bd6a16380d18f65b9)]: - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).5.7 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).5.7 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).5.7 ### [`v2.5.6`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#256) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.5.5...@apollo/gateway@2.5.6) ##### Patch Changes - Updated dependencies \[[`c719214a`](https://redirect.github.com/apollographql/federation/commit/c719214a945564e4afc4bf1610e3dcdfb3838fe1)]: - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).5.6 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).5.6 - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).5.6 ### [`v2.5.5`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#255) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.5.4...@apollo/gateway@2.5.5) ##### Patch Changes - Fix specific case for requesting \__typename on interface entity type ([#2775](https://redirect.github.com/apollographql/federation/pull/2775)) In certain cases, when resolving a \__typename on an interface entity (due to it actual being requested in the operation), that fetch group could previously be trimmed / treated as useless. At a glance, it appears to be a redundant step, i.e.: { ... on Product { __typename id }} => { ... on Product { __typename} } It's actually necessary to preserve this in the case that we're coming from an interface object to an (entity) interface so that we can resolve the concrete \__typename correctly. - Don't preserve useless fetches which downgrade \__typename from a concrete type back to its interface type. ([#2778](https://redirect.github.com/apollographql/federation/pull/2778)) In certain cases, the query planner was preserving some fetches which were "useless" that would rewrite \__typename from its already-resolved concrete type back to its interface type. This could result in (at least) requested fields being "filtered" from the final result due to the interface's \__typename in the data where the concrete type's \__typename was expected. Specifically, the solution was compute the path between newly created groups and their parents when we know that it's trivial (`[]`). Further along in the planning process, this allows to actually remove the known-useless group. - Propagate type information when renaming entity fields ([#2776](https://redirect.github.com/apollographql/federation/pull/2776)) Aliased entity fields might have been incorrectly overwritten if multiple fields/aliases shared the same name. Query planner automatically renames conflicting fields to ensure we can always generate a valid GraphQL query. The underlying issue was that this key rewriting logic was assuming the same type of an object. In case of entity queries asking for those aliased fields, we ended up always attempting to apply field renaming logic regardless, whether or not a given entity was of the correct type. This fix ensures that the query planner logic correctly accounts for the object type when applying field renaming logic. - Updated dependencies \[[`66d7e4ce`](https://redirect.github.com/apollographql/federation/commit/66d7e4ced9a6ccd170d5e228741332395a2dd553), [`a37bbbf6`](https://redirect.github.com/apollographql/federation/commit/a37bbbf6501032f16382ccb64d1dfa0dcddac789)]: - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).5.5 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).5.5 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).5.5 ### [`v2.5.4`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#254) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.5.3...@apollo/gateway@2.5.4) ##### Patch Changes - Adds header to change the format of exposed query plans, and allows formatting it as json. ([#2724](https://redirect.github.com/apollographql/federation/pull/2724)) When the gateway is configured to allow it, adding the `Apollo-Query-Plan-Experimental` header to a request already allowed a "prettified" text version of the query plan used for the query is returned in the response extension. This changes adds support for a new (optional) accompanying header, `Apollo-Query-Plan-Experimental-Format`, which can be set to the value "internal" to have the query plan returned as a json object (that correspond to the internal representation of that query plan) instead of the text version otherwise sent. Note that if that new header is not provided, then the query plan continues to be send in the previous prettified text version. - Fix some potentially incorrect query plans with `@requires` when some dependencies are involved. ([#2726](https://redirect.github.com/apollographql/federation/pull/2726)) In some rare case of `@requires`, an over-eager optimisation was incorrectly considering that a dependency between 2 subgraph fetches was unnecessary, leading to doing 2 subgraphs queries in parallel when those should be done sequentially (because the 2nd query rely on results from the 1st one). This effectively resulted in the required fields not being provided (the consequence of which depends a bit on the resolver detail, but if the resolver expected the required fields to be populated (as they should), then this could typically result in a message of the form `GraphQLError: Cannot read properties of null`). - Updated dependencies \[[`203b0a44`](https://redirect.github.com/apollographql/federation/commit/203b0a444782f6d6ca2f2dbb68c6e4eb59de6d45)]: - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).5.4 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).5.4 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).5.4 ### [`v2.5.3`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#253) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.5.2...@apollo/gateway@2.5.3) ##### Patch Changes - Fix execution error in some cases where aliases are used and some values are `null`. ([#2716](https://redirect.github.com/apollographql/federation/pull/2716)) The error would manifest itself as an `INTERNAL_SERVER_ERROR` with a message of the form `Cannot read properties of null`. - Updated dependencies \[[`4b9a512b`](https://redirect.github.com/apollographql/federation/commit/4b9a512b62e02544d7854fa198942aac33b93feb), [`c6e0e76d`](https://redirect.github.com/apollographql/federation/commit/c6e0e76dbc62662c2aa6ff7f657e374047b11255), [`1add932c`](https://redirect.github.com/apollographql/federation/commit/1add932c5cd1297853fb5af9a3a6aaa71243f63a), [`6f1fddb2`](https://redirect.github.com/apollographql/federation/commit/6f1fddb25d49262b2ebf6db953371a559dd62e9c)]: - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).5.3 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).5.3 - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).5.3 ### [`v2.5.2`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#252) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.5.1...@apollo/gateway@2.5.2) ##### Patch Changes - Remove extraneous call to `span.setStatus()` on a span which has already ended. ([#2697](https://redirect.github.com/apollographql/federation/pull/2697)) In cases where a subgraph responded with an error, we would sometimes try to set the status of a span which had already ended. This resulted in a warning log to the console (but no effect otherwise). This warning should no longer happen. - Fix `fallbackPollIntervalInMs` behavior. ([#2709](https://redirect.github.com/apollographql/federation/pull/2709)) The `fallbackPollIntervalInMs` serves 2 purposes: - it allows users to provide an Uplink poll interval if Uplink doesn't provide one - it allows users to use a longer poll interval that what's prescribed by Uplink The second bullet is how the configuration option is documented, but not how it was previously implemented. This change corrects the behavior to respect this configuration if it's provided AND is longer than the Uplink interval. - Updated dependencies \[[`35179f08`](https://redirect.github.com/apollographql/federation/commit/35179f086ce973e9ae7bb455f7ea7d73cdc10f69)]: - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).5.2 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).5.2 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).5.2 ### [`v2.5.1`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#251) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.5.0...@apollo/gateway@2.5.1) ##### Patch Changes - Reapply [#2639](https://redirect.github.com/apollographql/federation/issues/2639): ([#2687](https://redirect.github.com/apollographql/federation/pull/2687)) Try reusing named fragments in subgraph fetches even if those fragment only apply partially to the subgraph. Before this change, only named fragments that were applying entirely to a subgraph were tried, leading to less reuse that expected. Concretely, this change can sometimes allow the generation of smaller subgraph fetches. Additionally, resolve a bug which surfaced in the fragment optimization logic which could result in invalid/incorrect optimizations / fragment reuse. - Updated dependencies \[[`b9052fdd`](https://redirect.github.com/apollographql/federation/commit/b9052fddfcd2cae1ea750aaea27f0a0b24f4e691)]: - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).5.1 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).5.1 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).5.1 ### [`v2.5.0`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#250) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.4.13...@apollo/gateway@2.5.0) ##### Minor Changes - Do not run the full suite of graphQL validations on supergraphs and their extracted subgraphs by default in production environment. ([#2657](https://redirect.github.com/apollographql/federation/pull/2657)) Running those validations on every updates of the schema takes a non-negligible amount of time (especially on large schema) and mainly only serves in catching bugs early in the supergraph handling code, and in some limited cases, provide slightly better messages when a corrupted supergraph is received, neither of which is worth the cost in production environment. A new `validateSupergraph` option is also introduced in the gateway configuration to force this behaviour. - Support responses from subgraphs which use the `application/graphql-response+json` content-type header. ([#2162](https://redirect.github.com/apollographql/federation/pull/2162)) See graphql-over-http spec for more details: https://graphql.github.io/graphql-over-http/draft/#sec-application-graphql-response-json - Introduce the new `@authenticated` directive for composition ([#2644](https://redirect.github.com/apollographql/federation/pull/2644)) > Note that this directive will only be *fully* supported by the Apollo Router as a GraphOS Enterprise feature at runtime. Also note that *composition* of valid `@authenticated` directive applications will succeed, but the resulting supergraph will not be *executable* by the Gateway or an Apollo Router which doesn't have the GraphOS Enterprise entitlement. Users may now compose `@authenticated` applications from their subgraphs into a supergraph. This addition will support a future version of Apollo Router that enables authenticated access to specific types and fields via directive applications. The directive is defined as follows: ```graphql directive @authenticated on FIELD_DEFINITION | OBJECT | INTERFACE | SCALAR | ENUM ``` In order to compose your `@authenticated` usages, you must update your subgraph's federation spec version to v2.5 and add the `@authenticated` import to your existing imports like so: ```graphql @link(url: "https://specs.apollo.dev/federation/v2.5", import: [..., "@authenticated"]) ``` - Introduce the new `@requiresScopes` directive for composition ([#2649](https://redirect.github.com/apollographql/federation/pull/2649)) > Note that this directive will only be *fully* supported by the Apollo Router as a GraphOS Enterprise feature at runtime. Also note that *composition* of valid `@requiresScopes` directive applications will succeed, but the resulting supergraph will not be *executable* by the Gateway or an Apollo Router which doesn't have the GraphOS Enterprise entitlement. Users may now compose `@requiresScopes` applications from their subgraphs into a supergraph. This addition will support a future version of Apollo Router that enables scoped access to specific types and fields via directive applications. The directive is defined as follows: ```graphql scalar federation__Scope directive @requiresScopes( scopes: [federation__Scope!]! ) on FIELD_DEFINITION | OBJECT | INTERFACE | SCALAR | ENUM ``` The `Scope` scalar is effectively a `String`, similar to the `FieldSet` type. In order to compose your `@requiresScopes` usages, you must update your subgraph's federation spec version to v2.5 and add the `@requiresScopes` import to your existing imports like so: ```graphql @link(url: "https://specs.apollo.dev/federation/v2.5", import: [..., "@requiresScopes"]) ``` ##### Patch Changes - Updated dependencies \[[`fe1e3d7b`](https://redirect.github.com/apollographql/federation/commit/fe1e3d7b13ed76ac81e8fd6d911f4497995c59aa), [`aac2893a`](https://redirect.github.com/apollographql/federation/commit/aac2893ad70ed026607b5a2e4cb698207be87262), [`6b18af50`](https://redirect.github.com/apollographql/federation/commit/6b18af50910872049938386b82ad40703d934f68), [`9396c0d6`](https://redirect.github.com/apollographql/federation/commit/9396c0d686092c06fa89f8512378610bfe4154cc), [`2b5796a9`](https://redirect.github.com/apollographql/federation/commit/2b5796a962b3478961f9486c28f5cfd161fafbb0), [`4f3c3b9e`](https://redirect.github.com/apollographql/federation/commit/4f3c3b9eedb5dacb6dee29aa21bb74cdd1244732)]: - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).5.0 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).5.0 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).5.0 ### [`v2.4.13`](https://redirect.github.com/apollographql/federation/releases/tag/%40apollo/gateway%402.4.13) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.4.12...@apollo/gateway@2.4.13) ##### Patch Changes - Updated dependencies \[[`f2264cf6`](https://redirect.github.com/apollographql/federation/commit/f2264cf6c416e46ee24b54e4fbd21ee6768a2dbf)]: - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).4.13 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).4.13 - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).4.13 ### [`v2.4.12`](https://redirect.github.com/apollographql/federation/releases/tag/%40apollo/gateway%402.4.12) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.4.11...@apollo/gateway@2.4.12) ##### Patch Changes - Remove extraneous call to `span.setStatus()` on a span which has already ended. ([#2717](https://redirect.github.com/apollographql/federation/pull/2717)) In cases where a subgraph responded with an error, we would sometimes try to set the status of a span which had already ended. This resulted in a warning log to the console (but no effect otherwise). This warning should no longer happen. - Fix `fallbackPollIntervalInMs` behavior. ([#2717](https://redirect.github.com/apollographql/federation/pull/2717)) The `fallbackPollIntervalInMs` serves 2 purposes: - it allows users to provide an Uplink poll interval if Uplink doesn't provide one - it allows users to use a longer poll interval that what's prescribed by Uplink The second bullet is how the configuration option is documented, but not how it was previously implemented. This change corrects the behavior to respect this configuration if it's provided AND is longer than the Uplink interval. - Updated dependencies \[[`693c2433`](https://redirect.github.com/apollographql/federation/commit/693c24332fac27d0e9fa7f6d69ca1b2e15021fd8)]: - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).4.12 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).4.12 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).4.12 ### [`v2.4.11`](https://redirect.github.com/apollographql/federation/releases/tag/%40apollo/gateway%402.4.11) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.4.10...@apollo/gateway@2.4.11) ##### Patch Changes - Reapply [#2639](https://redirect.github.com/apollographql/federation/issues/2639): ([#2684](https://redirect.github.com/apollographql/federation/pull/2684)) Try reusing named fragments in subgraph fetches even if those fragment only apply partially to the subgraph. Before this change, only named fragments that were applying entirely to a subgraph were tried, leading to less reuse that expected. Concretely, this change can sometimes allow the generation of smaller subgraph fetches. Additionally, resolve a bug which surfaced in the fragment optimization logic which could result in invalid/incorrect optimizations / fragment reuse. - Updated dependencies \[[`a740e071`](https://redirect.github.com/apollographql/federation/commit/a740e07193735a2e9a5a0e4b8105722e1587cc09)]: - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).4.11 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).4.11 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).4.11 ### [`v2.4.10`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#2410) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.4.9...@apollo/gateway@2.4.10) ##### Patch Changes - Revert [#2639](https://redirect.github.com/apollographql/federation/issues/2639) from v2.4.9 ([#2681](https://redirect.github.com/apollographql/federation/pull/2681)) PR [#2639](https://redirect.github.com/apollographql/federation/issues/2639) attempts to resolve issues with query fragment reuse, but we've since turned up multiple issues (at least 1 of which is a regression - see [#2680](https://redirect.github.com/apollographql/federation/issues/2680). For now, this reverts it until we resolve the regression for a future patch release. - Updated dependencies \[[`b6be9f96`](https://redirect.github.com/apollographql/federation/commit/b6be9f9650a69f6214d806d66b198729560da3dc)]: - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).4.10 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).4.10 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).4.10 ### [`v2.4.9`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#249) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.4.8...@apollo/gateway@2.4.9) ##### Patch Changes - Try reusing named fragments in subgraph fetches even if those fragment only apply partially to the subgraph. Before this change, only named fragments that were applying entirely to a subgraph were tried, leading to less reuse that expected. Concretely, this change can sometimes allow the generation of smaller subgraph fetches. ([#2639](https://redirect.github.com/apollographql/federation/pull/2639)) - Updated dependencies \[[`7ac83456`](https://redirect.github.com/apollographql/federation/commit/7ac834568d57a9b9e63002353543d32f6e97b4a5), [`d60349b3`](https://redirect.github.com/apollographql/federation/commit/d60349b3fa7e5ba1f64c1727d88dc6faec21a38a), [`1bb7c512`](https://redirect.github.com/apollographql/federation/commit/1bb7c5129c7b07627ea33684b538fda8a83b8da8), [`02eab3ac`](https://redirect.github.com/apollographql/federation/commit/02eab3ac4a0514bef8f9253a9e43418ba1c17843), [`fd4545c2`](https://redirect.github.com/apollographql/federation/commit/fd4545c27ef343ad14436f9541f539ef80bacafa)]: - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).4.9 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).4.9 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).4.9 ### [`v2.4.8`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#248) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.4.7...@apollo/gateway@2.4.8) ##### Patch Changes - Updated dependencies \[[`62e0d254`](https://redirect.github.com/apollographql/federation/commit/62e0d254f92a6a259032cda5e1ce810ae6478022), [`1293034c`](https://redirect.github.com/apollographql/federation/commit/1293034c82c962930d3c581c47676bf1f6e6d3bf), [`7f1ef73e`](https://redirect.github.com/apollographql/federation/commit/7f1ef73ee00b82c9b4b1bbfd23f3be10e3a1e176), [`2a97f372`](https://redirect.github.com/apollographql/federation/commit/2a97f3727b02760ccdf796a4f2e399778ff0593f)]: - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).4.8 - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).4.8 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).4.8 ### [`v2.4.7`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#247) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.4.6...@apollo/gateway@2.4.7) ##### Patch Changes - Re-work the code use to try to reuse query named fragments to improve performance (thus sometimes improving query ([#2604](https://redirect.github.com/apollographql/federation/pull/2604)) planning performance), to fix a possibly raised assertion error (with a message of form like `Cannot add selection of field X to selection set of parent type Y`), and to fix a rare issue where an interface or union field was not being queried for all the types it should be. - Updated dependencies \[[`2d44f346`](https://redirect.github.com/apollographql/federation/commit/2d44f346c553f489d83f1c672e1ad8715665cde2)]: - [@apollo/query-planner](https://redirect.github.com/apollo/query-planner)[@2](https://redirect.github.com/2).4.7 - [@apollo/composition](https://redirect.github.com/apollo/composition)[@2](https://redirect.github.com/2).4.7 - [@apollo/federation-internals](https://redirect.github.com/apollo/federation-internals)[@2](https://redirect.github.com/2).4.7 ### [`v2.4.6`](https://redirect.github.com/apollographql/federation/blob/HEAD/gateway-js/CHANGELOG.md#246) [Compare Source](https://redirect.github.com/apollographql/federation/compare/@apollo/gateway@2.4.5...@apollo/gateway@2.4.6) ##### Patch Changes - Updated dependencies \[[`5cd17e69`](https://redirect.github.com/apollographql/federation/commit/5cd17e6965664768c9d9f5b734634764bbebf2e7), [`8ca107ac`](https://redirect.github.com/apollographql/federation/commit/8ca107ac2f19dde5cb64844355a0f7a5296b9008), [`e136ad87`](https://redirect.github.com/apollographql/federation/commit/e136ad87db6005ddd81

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

[ ] If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

Name	Link
Latest commit	cca9741b2302738c4e879f77513ead44c96d1738
Latest deploy log	https://app.netlify.com/sites/fanciful-rolypoly-bec1a8/deploys/66ce21b1791d750008bffae1

nextjs-xx / nextjs-fullstack-app-template