Bump @apollo/gateway from 2.0.4 to 2.5.1 in /apollo-gateway

[dependabot]

Bumps @apollo/gateway from 2.0.4 to 2.5.1.

Release notes

Sourced from @​apollo/gateway's releases.

@​apollo/gateway@​2.5.1

Patch Changes

• Reapply #2639: (#2687)

  Try reusing named fragments in subgraph fetches even if those fragment only apply partially to the subgraph. Before this change, only named fragments that were applying entirely to a subgraph were tried, leading to less reuse that expected. Concretely, this change can sometimes allow the generation of smaller subgraph fetches.

  Additionally, resolve a bug which surfaced in the fragment optimization logic which could result in invalid/incorrect optimizations / fragment reuse.

• Updated dependencies [b9052fdd]:

  • @​apollo/query-planner@​2.5.1
  • @​apollo/federation-internals@​2.5.1
  • @​apollo/composition@​2.5.1

@​apollo/gateway@​2.5.0

Minor Changes

• Do not run the full suite of graphQL validations on supergraphs and their extracted subgraphs by default in production environment. (#2657)

  Running those validations on every updates of the schema takes a non-negligible amount of time (especially on large schema) and mainly only serves in catching bugs early in the supergraph handling code, and in some limited cases, provide slightly better messages when a corrupted supergraph is received, neither of which is worth the cost in production environment.

  A new validateSupergraph option is also introduced in the gateway configuration to force this behaviour.

• Support responses from subgraphs which use the application/graphql-response+json content-type header. (#2162)

  See graphql-over-http spec for more details: https://graphql.github.io/graphql-over-http/draft/#sec-application-graphql-response-json

• Introduce the new @authenticated directive for composition (#2644)

  Note that this directive will only be fully supported by the Apollo Router as a GraphOS Enterprise feature at runtime. Also note that composition of valid @authenticated directive applications will succeed, but the resulting supergraph will not be executable by the Gateway or an Apollo Router which doesn't have the GraphOS Enterprise entitlement.

  Users may now compose @authenticated applications from their subgraphs into a supergraph. This addition will support a future version of Apollo Router that enables authenticated access to specific types and fields via directive applications.

  The directive is defined as follows:

  directive @authenticated on
    | FIELD_DEFINITION
    | OBJECT
    | INTERFACE
    | SCALAR
    | ENUM

  In order to compose your @authenticated usages, you must update your subgraph's federation spec version to v2.5 and add the @authenticated import to your existing imports like so:

... (truncated)

Changelog

Sourced from @​apollo/gateway's changelog.

2.5.1

Patch Changes

• Reapply #2639: (#2687)

  Try reusing named fragments in subgraph fetches even if those fragment only apply partially to the subgraph. Before this change, only named fragments that were applying entirely to a subgraph were tried, leading to less reuse that expected. Concretely, this change can sometimes allow the generation of smaller subgraph fetches.

  Additionally, resolve a bug which surfaced in the fragment optimization logic which could result in invalid/incorrect optimizations / fragment reuse.

• Updated dependencies [b9052fdd]:

  • @​apollo/query-planner@​2.5.1
  • @​apollo/federation-internals@​2.5.1
  • @​apollo/composition@​2.5.1

2.5.0

Minor Changes

• Do not run the full suite of graphQL validations on supergraphs and their extracted subgraphs by default in production environment. (#2657)

  Running those validations on every updates of the schema takes a non-negligible amount of time (especially on large schema) and mainly only serves in catching bugs early in the supergraph handling code, and in some limited cases, provide slightly better messages when a corrupted supergraph is received, neither of which is worth the cost in production environment.

  A new validateSupergraph option is also introduced in the gateway configuration to force this behaviour.

• Support responses from subgraphs which use the application/graphql-response+json content-type header. (#2162)

  See graphql-over-http spec for more details: https://graphql.github.io/graphql-over-http/draft/#sec-application-graphql-response-json

• Introduce the new @authenticated directive for composition (#2644)

  Note that this directive will only be fully supported by the Apollo Router as a GraphOS Enterprise feature at runtime. Also note that composition of valid @authenticated directive applications will succeed, but the resulting supergraph will not be executable by the Gateway or an Apollo Router which doesn't have the GraphOS Enterprise entitlement.

  Users may now compose @authenticated applications from their subgraphs into a supergraph. This addition will support a future version of Apollo Router that enables authenticated access to specific types and fields via directive applications.

  The directive is defined as follows:

  directive @authenticated on
    | FIELD_DEFINITION
    | OBJECT
    | INTERFACE
    | SCALAR
    | ENUM

  In order to compose your @authenticated usages, you must update your subgraph's federation spec version to v2.5 and add the @authenticated import to your existing imports like so:

... (truncated)

Commits

• b2938ff Version Packages (#2690)
• b9052fd Reapply #2639 (with fix for #2680) (#2687)
• 43e965c Version Packages (#2597)
• 9a9589f Merge branch 'main' into next
• 0519eec Version Packages (#2682)
• b6be9f9 Revert #2639, an attempt to fix query fragment reuse (#2681)
• 4f3c3b9 Introduce @requiresScopes directive in composition (#2649)
• fe1e3d7 Skip some supergraph validations in production by default (#2657)
• 8f3c301 Merge branch 'main' into next
• 9396c0d Introduce @authenticated directive in composition (#2644)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #372.