Bump @apollo/gateway from 2.0.4 to 2.5.0 in /apollo-gateway

[dependabot]

Bumps @apollo/gateway from 2.0.4 to 2.5.0.

Release notes

Sourced from @​apollo/gateway's releases.

@​apollo/gateway@​2.5.0

Minor Changes

• Do not run the full suite of graphQL validations on supergraphs and their extracted subgraphs by default in production environment. (#2657)

  Running those validations on every updates of the schema takes a non-negligible amount of time (especially on large schema) and mainly only serves in catching bugs early in the supergraph handling code, and in some limited cases, provide slightly better messages when a corrupted supergraph is received, neither of which is worth the cost in production environment.

  A new validateSupergraph option is also introduced in the gateway configuration to force this behaviour.

• Support responses from subgraphs which use the application/graphql-response+json content-type header. (#2162)

  See graphql-over-http spec for more details: https://graphql.github.io/graphql-over-http/draft/#sec-application-graphql-response-json

• Introduce the new @authenticated directive for composition (#2644)

  Note that this directive will only be fully supported by the Apollo Router as a GraphOS Enterprise feature at runtime. Also note that composition of valid @authenticated directive applications will succeed, but the resulting supergraph will not be executable by the Gateway or an Apollo Router which doesn't have the GraphOS Enterprise entitlement.

  Users may now compose @authenticated applications from their subgraphs into a supergraph. This addition will support a future version of Apollo Router that enables authenticated access to specific types and fields via directive applications.

  The directive is defined as follows:

  directive @authenticated on
    | FIELD_DEFINITION
    | OBJECT
    | INTERFACE
    | SCALAR
    | ENUM

  In order to compose your @authenticated usages, you must update your subgraph's federation spec version to v2.5 and add the @authenticated import to your existing imports like so:

  @link(url: "https://specs.apollo.dev/federation/v2.5", import: [..., "@authenticated"])

• Introduce the new @requiresScopes directive for composition (#2649)

  Note that this directive will only be fully supported by the Apollo Router as a GraphOS Enterprise feature at runtime. Also note that composition of valid @requiresScopes directive applications will succeed, but the resulting supergraph will not be executable by the Gateway or an Apollo Router which doesn't have the GraphOS Enterprise entitlement.

  Users may now compose @requiresScopes applications from their subgraphs into a supergraph. This addition will support a future version of Apollo Router that enables scoped access to specific types and fields via directive applications.

  The directive is defined as follows:

  scalar federation__Scope

... (truncated)

Changelog

Sourced from @​apollo/gateway's changelog.

CHANGELOG for @apollo/gateway

2.4.10

Patch Changes

• Revert #2639 from v2.4.9 (#2681)

  PR #2639 attempts to resolve issues with query fragment reuse, but we've since turned up multiple issues (at least 1 of which is a regression - see #2680. For now, this reverts it until we resolve the regression for a future patch release.

• Updated dependencies [b6be9f96]:

  • @​apollo/query-planner@​2.4.10
  • @​apollo/federation-internals@​2.4.10
  • @​apollo/composition@​2.4.10

2.4.9

Patch Changes

• Try reusing named fragments in subgraph fetches even if those fragment only apply partially to the subgraph. Before this change, only named fragments that were applying entirely to a subgraph were tried, leading to less reuse that expected. Concretely, this change can sometimes allow the generation of smaller subgraph fetches. (#2639)

• Updated dependencies [7ac83456, d60349b3, 1bb7c512, 02eab3ac, fd4545c2]:

  • @​apollo/query-planner@​2.4.9
  • @​apollo/federation-internals@​2.4.9
  • @​apollo/composition@​2.4.9

2.4.8

Patch Changes

• Updated dependencies [62e0d254, 1293034c, 7f1ef73e, 2a97f372]:
  • @​apollo/federation-internals@​2.4.8
  • @​apollo/query-planner@​2.4.8
  • @​apollo/composition@​2.4.8

2.4.7

Patch Changes

• Re-work the code use to try to reuse query named fragments to improve performance (thus sometimes improving query (#2604) planning performance), to fix a possibly raised assertion error (with a message of form like Cannot add selection of field X to selection set of parent type Y), and to fix a rare issue where an interface or union field was not being queried for all the types it should be.
• Updated dependencies [2d44f346]:
  • @​apollo/query-planner@​2.4.7
  • @​apollo/composition@​2.4.7
  • @​apollo/federation-internals@​2.4.7

2.4.6

Patch Changes

• Updated dependencies [5cd17e69, 8ca107ac, e136ad87]:

... (truncated)

Commits

• 43e965c Version Packages (#2597)
• 9a9589f Merge branch 'main' into next
• 0519eec Version Packages (#2682)
• b6be9f9 Revert #2639, an attempt to fix query fragment reuse (#2681)
• 4f3c3b9 Introduce @requiresScopes directive in composition (#2649)
• fe1e3d7 Skip some supergraph validations in production by default (#2657)
• 8f3c301 Merge branch 'main' into next
• 9396c0d Introduce @authenticated directive in composition (#2644)
• db90ba1 Allows passing the list of supported features when building a supergraph (#2656)
• 20923a3 Version Packages (#2634)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #366.