Bump @apollo/composition and @apollo/gateway in /example/federation/integration/gateway

[dependabot]

Bumps @apollo/composition to 2.12.1 and updates ancestor dependency @apollo/gateway. These dependencies need to be updated together.

Updates @apollo/composition from 2.10.1 to 2.12.1

Release notes

Sourced from @​apollo/composition's releases.

@​apollo/composition@​2.12.1

Patch Changes

• Fixed access control verification of transitive requirements (through @requires and/or @fromContext) to ensure it works with chains of transitive dependencies. (#3343)

• Allow interface object fields to specify access control (#3343)

  Update composition logic to allow specifying access control directives (@authenticated, @requiresScopes and @policy) on @interfaceObject fields. While we disallow access control on interface types and fields, we decided to support it on @interfaceObject as it is a useful pattern to define a single resolver (that may need access controls) for common interface fields. Alternative would require our users to explicitly define resolvers for all implementations which defeats the purpose of @interfaceObject.

  This PR refactors in how we propagate access control by providing additional merge sources when merging directives on interfaces, interface fields and object fields.

• Updated dependencies [09e596e6a0c753071ca822e84f525d73ada395cf, ac1ed2946c48e0fef4b413b192d8c5fbdb2370ae]:

  • @​apollo/federation-internals@​2.12.1
  • @​apollo/query-graphs@​2.12.1

@​apollo/composition@​2.12.0

Minor Changes

• Federation 2.12 and Connect 0.3 (#3276)

• Added isSuccess argument to @connect and @source (#3294)

• Fixes a bug where composition may not generate a satisfiability error for an unsatisfiable @shareable mutation field. (#3305) (#3305)

• Automatically propagate authorization requirements from implementing type to interface in the supergraph. (#3321)

  Authorization requirements now automatically propagate from implementing types to interfaces during composition. Direct auth specifications on interfaces are no longer allowed. Interface access requires satisfying ALL implementing types' requirements (AND rule), with these requirements included in the supergraph for backward compatibility with older routers.

• Fix transitive auth requirements on @requires and @fromcontext (#3321)

  Adds new postMergeValidation check to ensure that all fields that depends on data from other parts of the supergraph through @requires and/or @fromContext directives explicitly specify matching @authenticated, @requiresScopes and/or @policy auth requirements, e.g.

  type T @key(fields: "id") {
    id: ID!
    extra: String @external
    # we need explicit `@authenticated` as it is needed to access extra
    requiresExtra: String @requires(fields: "extra") @authenticated
  }
  type T @​key(fields: "id") {
  id: ID!
  extra: String @​authenticated
  }

• Adding new CompositionOption maxValidationSubgraphPaths. This value represents the maximum number of SubgraphPathInfo objects that may exist in a ValidationTraversal when checking for satisfiability. Setting this value can help composition error before running out of memory. Default is 1,000,000. (#3275)

• Restrict usage of auth directives on interfaces (#3321)

... (truncated)

Changelog

Sourced from @​apollo/composition's changelog.

2.12.1

Patch Changes

• Fixed access control verification of transitive requirements (through @requires and/or @fromContext) to ensure it works with chains of transitive dependencies. (#3343)

• Allow interface object fields to specify access control (#3343)

  Update composition logic to allow specifying access control directives (@authenticated, @requiresScopes and @policy) on @interfaceObject fields. While we disallow access control on interface types and fields, we decided to support it on @interfaceObject as it is a useful pattern to define a single resolver (that may need access controls) for common interface fields. Alternative would require our users to explicitly define resolvers for all implementations which defeats the purpose of @interfaceObject.

  This PR refactors in how we propagate access control by providing additional merge sources when merging directives on interfaces, interface fields and object fields.

• Updated dependencies [09e596e6a0c753071ca822e84f525d73ada395cf, ac1ed2946c48e0fef4b413b192d8c5fbdb2370ae]:

  • @​apollo/federation-internals@​2.12.1
  • @​apollo/query-graphs@​2.12.1

2.12.0

Minor Changes

• Federation 2.12 and Connect 0.3 (#3276)

• Added isSuccess argument to @​connect and @​source (#3294)

• Fixes a bug where composition may not generate a satisfiability error for an unsatisfiable @shareable mutation field. (#3305) (#3305)

• Automatically propagate authorization requirements from implementing type to interface in the supergraph. (#3321)

  Authorization requirements now automatically propagate from implementing types to interfaces during composition. Direct auth specifications on interfaces are no longer allowed. Interface access requires satisfying ALL implementing types' requirements (AND rule), with these requirements included in the supergraph for backward compatibility with older routers.

• Fix transitive auth requirements on @requires and @fromcontext (#3321)

  Adds new postMergeValidation check to ensure that all fields that depends on data from other parts of the supergraph through @requires and/or @fromContext directives explicitly specify matching @authenticated, @requiresScopes and/or @policy auth requirements, e.g.

  type T @key(fields: "id") {
    id: ID!
    extra: String @external
    # we need explicit `@authenticated` as it is needed to access extra
    requiresExtra: String @requires(fields: "extra") @authenticated
  }
  type T @​key(fields: "id") {
  id: ID!
  extra: String @​authenticated
  }

• Adding new CompositionOption maxValidationSubgraphPaths. This value represents the maximum number of SubgraphPathInfo objects that may exist in a ValidationTraversal when checking for satisfiability. Setting this value can help composition error before running out of memory. Default is 1,000,000. (#3275)

... (truncated)

Commits

• fd436fa release: on branch main (#3345)
• 61c3838 fix: addressing feedback on updated access control logic (#3337)
• 09e596e fix: allow interface object fields to specify access control
• b19431e fix: handle @requires chains when verifying access control
• 8aee9f7 release: on branch next (#3322)
• bb4614d fix: automatically propagate auth requirements from type to interface in supe...
• f6af504 fix: stricter merge rules for @​requiresScopes and @​policy
• 99f2da2 fix: transitive auth requirements on @​requires and @​fromContext
• faea2d1 fix: restrict usage of auth directives on interfaces
• 6a1223d release: on branch next (preview) (#3319)
• Additional commits viewable in compare view

Updates @apollo/gateway from 2.10.1 to 2.12.1

Release notes

Sourced from @​apollo/gateway's releases.

@​apollo/gateway@​2.12.1

Patch Changes

• Updated dependencies [b19431e4a92206703e29aba859a5fc7574b9ef8b, 09e596e6a0c753071ca822e84f525d73ada395cf, ac1ed2946c48e0fef4b413b192d8c5fbdb2370ae]:
  • @​apollo/composition@​2.12.1
  • @​apollo/federation-internals@​2.12.1
  • @​apollo/query-planner@​2.12.1

@​apollo/gateway@​2.12.0

Minor Changes

• Federation 2.12 and Connect 0.3 (#3276)

Patch Changes

• Updated dependencies [3e2b0a8569a9fe46726182887ed0b4bfc0b52468, bb4614d338ae03bac51a5fc2439590f172c4e54d, 99f2da21de88f9ad9a32ee7ed64b2d4a92887b40, 468f27842608f4e390cfc88bc7e6b4b0945f95ff, 3fd5157b309f1d3439b2d87c67b0601fb246d04c, b734ea04d118db09cf6077fdd968c8f04a96327a, 4bda3a498eba36e187dfd9ae673eca12d3f3502c, e7e67579908d5cd2fa6fe558228dffe4808cd98d, f3ab499eaf62b1a1c0f08b838d2cbde5accb303a, faea2d1174d80593264f2227cfde9a2ba1a59b96, 0dbc7cc72ffacf324231e9ccb2de4189f6bf3289, 97b9d2edfcfeed99124f9e115f992cbef3804682, f6af504f1ba8283fd00af0d6e3c9c1a665d62736, bc07e979b9fd24c9b94740b170f11023fe99ba1e, a595235d3cf8f67611efd8395332b64d067b5f1f, 9cbdcb53f859c877a476e2725faa4cb205506f57]:
  • @​apollo/query-planner@​2.12.0
  • @​apollo/composition@​2.12.0
  • @​apollo/federation-internals@​2.12.0

@​apollo/gateway@​2.12.0-preview.4

Patch Changes

• Updated dependencies [4bda3a498eba36e187dfd9ae673eca12d3f3502c, f3ab499eaf62b1a1c0f08b838d2cbde5accb303a, bc07e979b9fd24c9b94740b170f11023fe99ba1e, 9cbdcb53f859c877a476e2725faa4cb205506f57]:
  • @​apollo/federation-internals@​2.12.0-preview.4
  • @​apollo/query-planner@​2.12.0-preview.4
  • @​apollo/composition@​2.12.0-preview.4

@​apollo/gateway@​2.12.0-preview.3

Patch Changes

• Updated dependencies [3fd5157b309f1d3439b2d87c67b0601fb246d04c]:
  • @​apollo/composition@​2.12.0-preview.3
  • @​apollo/federation-internals@​2.12.0-preview.3
  • @​apollo/query-planner@​2.12.0-preview.3

@​apollo/gateway@​2.12.0-preview.2

Patch Changes

• Updated dependencies [a595235d3cf8f67611efd8395332b64d067b5f1f]:
  • @​apollo/composition@​2.12.0-preview.2
  • @​apollo/federation-internals@​2.12.0-preview.2
  • @​apollo/query-planner@​2.12.0-preview.2

@​apollo/gateway@​2.12.0-preview.1

Patch Changes

• Updated dependencies []:
  • @​apollo/composition@​2.12.0-preview.1
  • @​apollo/federation-internals@​2.12.0-preview.1

... (truncated)

Changelog

Sourced from @​apollo/gateway's changelog.

2.12.1

Patch Changes

• Updated dependencies [b19431e4a92206703e29aba859a5fc7574b9ef8b, 09e596e6a0c753071ca822e84f525d73ada395cf, ac1ed2946c48e0fef4b413b192d8c5fbdb2370ae]:
  • @​apollo/composition@​2.12.1
  • @​apollo/federation-internals@​2.12.1
  • @​apollo/query-planner@​2.12.1

2.12.0

Minor Changes

• Federation 2.12 and Connect 0.3 (#3276)

Patch Changes

• Updated dependencies [3e2b0a8569a9fe46726182887ed0b4bfc0b52468, bb4614d338ae03bac51a5fc2439590f172c4e54d, 99f2da21de88f9ad9a32ee7ed64b2d4a92887b40, 468f27842608f4e390cfc88bc7e6b4b0945f95ff, 3fd5157b309f1d3439b2d87c67b0601fb246d04c, b734ea04d118db09cf6077fdd968c8f04a96327a, 4bda3a498eba36e187dfd9ae673eca12d3f3502c, e7e67579908d5cd2fa6fe558228dffe4808cd98d, f3ab499eaf62b1a1c0f08b838d2cbde5accb303a, faea2d1174d80593264f2227cfde9a2ba1a59b96, 0dbc7cc72ffacf324231e9ccb2de4189f6bf3289, 97b9d2edfcfeed99124f9e115f992cbef3804682, f6af504f1ba8283fd00af0d6e3c9c1a665d62736, bc07e979b9fd24c9b94740b170f11023fe99ba1e, a595235d3cf8f67611efd8395332b64d067b5f1f, 9cbdcb53f859c877a476e2725faa4cb205506f57]:
  • @​apollo/query-planner@​2.12.0
  • @​apollo/composition@​2.12.0
  • @​apollo/federation-internals@​2.12.0

2.11.3

Patch Changes

• Updated dependencies [4faa114215200daf7ad7518be8e50071fcde783c, 8c7a2cd655ad3060e9f5c3b106cfbdb59251701c]:
  • @​apollo/query-planner@​2.11.3
  • @​apollo/federation-internals@​2.11.3
  • @​apollo/composition@​2.11.3

2.11.2

Patch Changes

• Updated dependencies [28c08bef6e691aefc6ed07c0e7057f9cd803b317, 28c08bef6e691aefc6ed07c0e7057f9cd803b317]:
  • @​apollo/federation-internals@​2.11.2
  • @​apollo/composition@​2.11.2
  • @​apollo/query-planner@​2.11.2

2.11.1

Patch Changes

• Updated dependencies [7799ad1717becf15fb0e82f89619f2ec8a24b4d4, b26794c5724ef23d1f0fd45a40aee3d301557489, 51bed5be49d8e87adae59f568315c9e3488a91e0]:
  • @​apollo/federation-internals@​2.11.1
  • @​apollo/composition@​2.11.1
  • @​apollo/query-planner@​2.11.1

2.11.0

... (truncated)

Commits

• fd436fa release: on branch main (#3345)
• 8aee9f7 release: on branch next (#3322)
• 6a1223d release: on branch next (preview) (#3319)
• 4bd04c2 Merge branch main into next (take 2).
• a96a04d release: on branch main (#3286)
• 5aa37b2 release: on branch next (preview) (#3309)
• b2b3e3b release: on branch next (preview) (#3295)
• 111c437 release: on branch next (preview) (#3288)
• 0c85282 merge main into next (#3287)
• 60bc299 release: on branch main (#3284)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.