chore(deps): update dependency apollographql/router to v1.60.1

[renovate]

This PR contains the following updates:

Package	Update	Change
apollographql/router	minor	v1.26.0 -> v1.60.1

---

Release Notes

apollographql/router (apollographql/router)

v1.60.1

Compare Source

🐛 Fixes

Header propagation rules passthrough (PR #​6690)

Header propagation contains logic to prevent headers from being propagated more than once. This was broken
in https://github.com/apollographql/router/pull/6281 which always considered a header propagated regardless if a rule
actually matched.

This PR alters the logic so that only when a header is populated then the header is marked as fixed.

The following will now work again:

headers:
  all:
    request:
      - propagate:
          named: a
          rename: b
      - propagate:
          named: b

Note that defaulting a head WILL populate a header, so make sure to include your defaults last in your propagation
rules.

headers:
  all:
    request:
      - propagate:
          named: a
          rename: b
          default: defaulted # This will prevent any further rule evaluation for header `b`
      - propagate:
          named: b

Instead, make sure that your headers are defaulted last:

headers:
  all:
    request:
      - propagate:
          named: a
          rename: b
      - propagate:
          named: b
          default: defaulted # OK

By @​BrynCooke in https://github.com/apollographql/router/pull/6690

Entity cache: fix directive conflicts in cache-control header (Issue #​6441)

Unnecessary cache-control directives are created in cache-control header. The router will now filter out unnecessary values from the cache-control header when the request resolves. So if there's max-age=10, no-cache, must-revalidate, no-store, the expected value for the cache-control header would simply be no-store. Please see the MDN docs for justification of this reasoning: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control#preventing_storing

By @​bnjjj in https://github.com/apollographql/router/pull/6543

Resolve regressions in fragment compression for certain operations (PR #​6651)

In v1.58.0 we introduced a new compression strategy for subgraph GraphQL operations to replace an older, more complicated algorithm.

While we were able to validate improvements for a majority of cases, some regressions still surfaced. To address this, we are extending it to compress more operations with the following outcomes:

• The P99 overhead of running the new compression algorithm on the largest operations in our corpus is now just 10ms
• In case of better compression, at P99 it shrinks the operations by 50Kb when compared to the old algorithm
• In case of worse compression, at P99 it only adds an additional 108 bytes compared to the old algorithm, which was an acceptable trade-off versus added complexity

By @​dariuszkuc in https://github.com/apollographql/router/pull/6651

v1.60.0

Compare Source

🚀 Features

Improve BatchProcessor observability (Issue #​6558)

A new metric has been introduced to allow observation of how many spans are being dropped by an telemetry batch processor.

• apollo.router.telemetry.batch_processor.errors - The number of errors encountered by exporter batch processors.
  • name: One of apollo-tracing, datadog-tracing, jaeger-collector, otlp-tracing, zipkin-tracing.
  • error = One of channel closed, channel full.

By observing the number of spans dropped it is possible to estimate what batch processor settings will work for you.

In addition, the log message for dropped spans will now indicate which batch processor is affected.

By @​bryncooke in https://github.com/apollographql/router/pull/6558

🐛 Fixes

Improve performance of query hashing by using a precomputed schema hash (PR #​6622)

The router now uses a simpler and faster query hashing algorithm with more predictable CPU and memory usage. This improvement is enabled by using a precomputed hash of the entire schema, rather than computing and hashing the subset of types and fields used by each query.

For more details on why these design decisions were made, please see the PR description

By @​IvanGoncharov in https://github.com/apollographql/router/pull/6622

Truncate invalid error paths (PR #​6359)

This fix addresses an issue where the router was silently dropping subgraph errors that included invalid paths.

According to the GraphQL Specification an error path must point to a response field:

If an error can be associated to a particular field in the GraphQL result, it must contain an entry with the key path that details the path of the response field which experienced the error.

The router now truncates the path to the nearest valid field path if a subgraph error includes a path that can't be matched to a response field,

By @​IvanGoncharov in https://github.com/apollographql/router/pull/6359

Eagerly init subgraph operation for subscription primary nodes (PR #​6509)

When subgraph operations are deserialized, typically from a query plan cache, they are not automatically parsed into a full document. Instead, each node needs to initialize its operation(s) prior to execution. With this change, the primary node inside SubscriptionNode is initialized in the same way as other nodes in the plan.

By @​tninesling in https://github.com/apollographql/router/pull/6509

Fix increased memory usage in sysinfo since Router 1.59.0 (PR #​6634)

In version 1.59.0, Apollo Router started using the sysinfo crate to gather metrics about available CPUs and RAM. By default, that crate uses rayon internally to parallelize its handling of system processes. In turn, rayon creates a pool of long-lived threads.

In a particular benchmark on a 32-core Linux server, this caused resident memory use to increase by about 150 MB. This is likely a combination of stack space (which only gets freed when the thread terminates) and per-thread space reserved by the heap allocator to reduce cross-thread synchronization cost.

This regression is now fixed by:

• Disabling sysinfo’s use of rayon, so the thread pool is not created and system processes information is gathered in a sequential loop.
• Making sysinfo not gather that information in the first place since Router does not use it.

By @​SimonSapin in https://github.com/apollographql/router/pull/6634

Optimize demand control lookup (PR #​6450)

The performance of demand control in the router has been optimized.

Previously, demand control could reduce router throughput due to its extra processing required for scoring.

This fix improves performance by shifting more data to be computed at plugin initialization and consolidating lookup queries:

• Cost directives for arguments are now stored in a map alongside those for field definitions
• All precomputed directives are bundled into a struct for each field, along with that field's extended schema type. This reduces 5 individual lookups to a single lookup.
• Response scoring was looking up each field's definition twice. This is now reduced to a single lookup.

By @​tninesling in https://github.com/apollographql/router/pull/6450

Fix missing Content-Length header in subgraph requests (Issue #​6503)

A change in 1.59.0 caused the Router to send requests to subgraphs without a Content-Length header, which would cause issues with some GraphQL servers that depend on that header.

This solves the underlying bug and reintroduces the Content-Length header.

By @​nmoutschen in https://github.com/apollographql/router/pull/6538

🛠 Maintenance

Remove the legacy query planner (PR #​6418)

The legacy query planner has been removed in this release. In the previous release, router v1.58, it was no longer used by default but was still available through the experimental_query_planner_mode configuration key. That key is now removed.

Also removed are configuration keys which were only relevant to the legacy planner:

• supergraph.query_planning.experimental_parallelism: the new planner can always use available parallelism.
• supergraph.experimental_reuse_query_fragments: this experimental algorithm that attempted to
  reuse fragments from the original operation while forming subgraph requests is no longer present. Instead, by default new fragment definitions are generated based on the shape of the subgraph operation.

By @​SimonSapin in https://github.com/apollographql/router/pull/6418

Migrate various metrics to OTel instruments (PR #​6476, PR #​6356, PR #​6539)

Various metrics using our legacy mechanism based on the tracing crate are migrated to OTel instruments.

By @​goto-bus-stop in https://github.com/apollographql/router/pull/6476, https://github.com/apollographql/router/pull/6356, https://github.com/apollographql/router/pull/6539

📚 Documentation

Add instrumentation configuration examples (PR #​6487)

The docs for router telemetry have new example configurations for common use cases for selectors and condition.

By @​shorgi in https://github.com/apollographql/router/pull/6487

🧪 Experimental

Remove experimental_retry option (PR #​6338)

The experimental_retry option has been removed due to its limited use and functionality during its experimental phase.

By @​bnjjj in https://github.com/apollographql/router/pull/6338

v1.59.2

Compare Source

[!IMPORTANT]

This release contains important fixes which address resource utilization regressions which impacted Router v1.59.0 and v1.59.1. These regressions were in the form of:

1. A small baseline increase in memory usage; AND
2. Additional per-request CPU and memory usage for queries which included references to abstract types with a large number of implementations

If you have enabled Distributed query plan caching, this release contains changes which necessarily alter the hashing algorithm used for the cache keys. On account of this, you should anticipate additional cache regeneration cost when updating between these versions while the new hashing algorithm comes into service.

🐛 Fixes

Improve performance of query hashing by using a precomputed schema hash (PR #​6622)

The router now uses a simpler and faster query hashing algorithm with more predictable CPU and memory usage. This improvement is enabled by using a precomputed hash of the entire schema, rather than computing and hashing the subset of types and fields used by each query.

For more details on why these design decisions were made, please see the PR description

By @​IvanGoncharov in https://github.com/apollographql/router/pull/6622

Fix increased memory usage in sysinfo since Router 1.59.0 (PR #​6634)

In version 1.59.0, Apollo Router started using the sysinfo crate to gather metrics about available CPUs and RAM. By default, that crate uses rayon internally to parallelize its handling of system processes. In turn, rayon creates a pool of long-lived threads.

In a particular benchmark on a 32-core Linux server, this caused resident memory use to increase by about 150 MB. This is likely a combination of stack space (which only gets freed when the thread terminates) and per-thread space reserved by the heap allocator to reduce cross-thread synchronization cost.

This regression is now fixed by:

• Disabling sysinfo’s use of rayon, so the thread pool is not created and system processes information is gathered in a sequential loop.
• Making sysinfo not gather that information in the first place since Router does not use it.

By @​SimonSapin in https://github.com/apollographql/router/pull/6634

v1.59.1

Compare Source

[!IMPORTANT]

This release was impacted by a resource utilization regression which was fixed in v1.59.2. See the release notes for that release for more details. As a result, we recommend using v1.59.2 rather than v1.59.1 or v1.59.0.

🐛 Fixes

Fix transmitted header value for Datadog priority sampling resolution (PR #​6017)

The router now transmits correct values of x-datadog-sampling-priority to downstream services.

Previously, an x-datadog-sampling-priority of -1 was incorrectly converted to 0 for downstream requests, and 2 was incorrectly converted to 1. When propagating to downstream services, this resulted in values of USER_REJECT being incorrectly transmitted as AUTO_REJECT.

Enable accurate Datadog APM metrics (PR #​6017)

The router supports a new preview feature, the preview_datadog_agent_sampling option, to enable sending all spans to the Datadog Agent so APM metrics and views are accurate.

Previously, the sampler option in telemetry.exporters.tracing.common.sampler wasn't Datadog-aware. To get accurate Datadog APM metrics, all spans must be sent to the Datadog Agent with a psr or sampling.priority attribute set appropriately to record the sampling decision.

The preview_datadog_agent_sampling option enables accurate Datadog APM metrics. It should be used when exporting to the Datadog Agent, via OTLP or Datadog-native.

telemetry:
  exporters:
    tracing:
      common:

### Only 10 percent of spans will be forwarded from the Datadog agent to Datadog. Experiment to find a value that is good for you!
        sampler: 0.1

### Send all spans to the Datadog agent.
        preview_datadog_agent_sampling: true

Using these options can decrease your Datadog bill, because you will be sending only a percentage of spans from the Datadog Agent to Datadog.

[!IMPORTANT]

• Users must enable preview_datadog_agent_sampling to get accurate APM metrics. Users that have been using recent versions of the router will have to modify their configuration to retain full APM metrics.
• The router doesn't support in-agent ingestion control.
• Configuring traces_per_second in the Datadog Agent won't dynamically adjust the router's sampling rate to meet the target rate.
• Sending all spans to the Datadog Agent may require that you tweak the batch_processor settings in your exporter config. This applies to both OTLP and Datadog native exporters.

Learn more by reading the updated Datadog tracing documentation for more information on configuration options and their implications.

Fix non-parent sampling (PR #​6481)

When the user specifies a non-parent sampler the router should ignore the information from upstream and use its own sampling rate.

The following configuration would not work correctly:

  exporters:
    tracing:
      common:
        service_name: router
        sampler: 0.00001
        parent_based_sampler: false

All spans are being sampled.
This is now fixed and the router will correctly ignore any upstream sampling decision.

By @​BrynCooke in https://github.com/apollographql/router/pull/6481

v1.59.0

Compare Source

[!IMPORTANT]

This release was impacted by a resource utilization regression which was fixed in v1.59.2. See the release notes for that release for more details. As a result, we recommend using v1.59.2 rather than v1.59.1 or v1.59.0.

[!IMPORTANT]
If you have enabled distributed query plan caching, updates to the query planner in this release will result in query plan caches being regenerated rather than reused. On account of this, you should anticipate additional cache regeneration cost when updating to this router version while the new query plans come into service.

🚀 Features

General availability of native query planner

The router's native, Rust-based, query planner is now generally available and enabled by default.

The native query planner achieves better performance for a variety of graphs. In our tests, we observe:

• 10x median improvement in query planning time (observed via apollo.router.query_planning.plan.duration)
• 2.9x improvement in router’s CPU utilization
• 2.2x improvement in router’s memory usage

Note: you can expect generated plans and subgraph operations in the native
query planner to have slight differences when compared to the legacy, JavaScript-based query planner. We've ascertained these differences to be semantically insignificant, based on comparing ~2.5 million known unique user operations in GraphOS as well as
comparing ~630 million operations across actual router deployments in shadow
mode for a four month duration.

The native query planner supports Federation v2 supergraphs. If you are using Federation v1 today, see our migration guide on how to update your composition build step. Subgraph changes are typically not needed.

The legacy, JavaScript, query planner is deprecated in this release, but you can still switch
back to it if you are still using Federation v1 supergraph:

experimental_query_planner_mode: legacy

Note: The subgraph operations generated by the query planner are not
guaranteed consistent release over release. We strongly recommend against
relying on the shape of planned subgraph operations, as new router features and
optimizations will continuously affect it.

By @​sachindshinde, @​goto-bus-stop, @​duckki, @​TylerBloom, @​SimonSapin, @​dariuszkuc, @​lrlna, @​clenfest, and @​o0Ignition0o.

Ability to skip persisted query list safelisting enforcement via plugin (PR #​6403)

If safelisting is enabled, a router_service plugin can skip enforcement of the safelist (including the require_id check) by adding the key apollo_persisted_queries::safelist::skip_enforcement with value true to the request context.

Note: this doesn't affect the logging of unknown operations by the persisted_queries.log_unknown option.

In cases where an operation would have been denied but is allowed due to the context key existing, the attribute persisted_queries.safelist.enforcement_skipped is set on the apollo.router.operations.persisted_queries metric with value true.

By @​glasser in https://github.com/apollographql/router/pull/6403

Add fleet awareness plugin (PR #​6151)

A new fleet_awareness plugin has been added that reports telemetry to Apollo about the configuration and deployment of the router.

The reported telemetry include CPU and memory usage, CPU frequency, and other deployment characteristics such as operating system and cloud provider. For more details, along with a full list of data captured and how to opt out, go to our
data privacy policy.

By @​jonathanrainer, @​nmoutschen, @​loshz in https://github.com/apollographql/router/pull/6151

Add fleet awareness schema metric (PR #​6283)

The router now supports the apollo.router.instance.schema metric for its fleet_detector plugin. It has two attributes: schema_hash and launch_id.

By @​loshz and @​nmoutschen in https://github.com/apollographql/router/pull/6283

Support client name for persisted query lists (PR #​6198)

The persisted query manifest fetched from Apollo Uplink can now contain a clientName field in each operation. Two operations with the same id but different clientName are considered to be distinct operations, and they may have distinct bodies.

The router resolves the client name by taking the first from the following that exists:

• Reading the apollo_persisted_queries::client_name context key that may be set by a router_service plugin
• Reading the HTTP header named by telemetry.apollo.client_name_header, which defaults to apollographql-client-name

If a client name can be resolved for a request, the router first tries to find a persisted query with the specified ID and the resolved client name.

If there is no operation with that ID and client name, or if a client name cannot be resolved, the router tries to find a persisted query with the specified ID and no client name specified. This means that existing PQ lists that don't contain client names will continue to work.

To learn more, go to persisted queries docs.

By @​glasser in https://github.com/apollographql/router/pull/6198

🐛 Fixes

Fix coprocessor empty body object panic (PR #​6398)

Previously, the router would panic if a coprocessor responds with an empty body object at the supergraph stage:

{
  ... // other fields
  "body": {} // empty object
}

This has been fixed in this release.

Note: the previous issue didn't affect coprocessors that responded with formed responses.

By @​BrynCooke in https://github.com/apollographql/router/pull/6398

Ensure cost directives are picked up when not explicitly imported (PR #​6328)

With the recent composition changes, importing @cost results in a supergraph schema with the cost specification import at the top. The @cost directive itself is not explicitly imported, as it's expected to be available as the default export from the cost link. In contrast, uses of @listSize to translate to an explicit import in the supergraph.

Old SDL link

@​link(
    url: "https://specs.apollo.dev/cost/v0.1"
    import: ["@​cost", "@​listSize"]
)

New SDL link

@​link(url: "https://specs.apollo.dev/cost/v0.1", import: ["@​listSize"])

Instead of using the directive names from the import list in the link, the directive names now come from SpecDefinition::directive_name_in_schema, which is equivalent to the change we made on the composition side.

By @​tninesling in https://github.com/apollographql/router/pull/6328

Fix query hashing algorithm (PR #​6205)

The router includes a schema-aware query hashing algorithm designed to return the same hash across schema updates if the query remains unaffected. This update enhances the algorithm by addressing various corner cases to improve its reliability and consistency.

By @​Geal in https://github.com/apollographql/router/pull/6205

Fix typo in persisted query metric attribute (PR #​6332)

The apollo.router.operations.persisted_queries metric reports an attribute when a persisted query was not found.
Previously, the attribute name was persisted_quieries.not_found, with one i too many. Now it's persisted_queries.not_found.

By @​goto-bus-stop in https://github.com/apollographql/router/pull/6332

Fix telemetry instrumentation using supergraph query selector (PR #​6324)

Previously, router telemetry instrumentation that used query selectors could log errors with messages such as this is a bug and should not happen.

These errors have now been fixed, and configurations with query selectors such as the following work properly:

telemetry:
  exporters:
    metrics:
      common:
        views:

### Define a custom view because operation limits are different than the default latency-oriented view of OpenTelemetry
          - name: oplimits.*
            aggregation:
              histogram:
                buckets:
                  - 0
                  - 5
                  - 10
                  - 25
                  - 50
                  - 100
                  - 500
                  - 1000
  instrumentation:
    instruments:
      supergraph:
        oplimits.aliases:
          value:
            query: aliases
          type: histogram
          unit: number
          description: "Aliases for an operation"
        oplimits.depth:
          value:
            query: depth
          type: histogram
          unit: number
          description: "Depth for an operation"
        oplimits.height:
          value:
            query: height
          type: histogram
          unit: number
          description: "Height for an operation"
        oplimits.root_fields:
          value:
            query: root_fields
          type: histogram
          unit: number
          description: "Root fields for an operation"

By @​bnjjj in https://github.com/apollographql/router/pull/6324

More consistent attributes on apollo.router.operations.persisted_queries metric (PR #​6403)

Version 1.28.1 added several unstable metrics, including apollo.router.operations.persisted_queries.

When an operation is rejected, Router includes a persisted_queries.safelist.rejected.unknown attribute on the metric. Previously, this attribute had the value true if the operation is logged (via log_unknown), and false if the operation is not logged. (The attribute is not included at all if the operation is not rejected.) This appears to have been a mistake, as you can also tell whether it is logged via the persisted_queries.logged attribute.

Router now only sets this attribute to true, and never to false. Note these metrics are unstable and will continue to change.

By @​glasser in https://github.com/apollographql/router/pull/6403

Drop experimental reuse fragment query optimization option (PR #​6354)

Drop support for the experimental reuse fragment query optimization. This implementation was not only very slow but also very buggy due to its complexity.

Auto generation of fragments is a much simpler (and faster) algorithm that in most cases produces better results. Fragment auto generation is the default optimization since v1.58 release.

By @​dariuszkuc in https://github.com/apollographql/router/pull/6353

📃 Configuration

Add version number to distributed query plan cache keys (PR #​6406)

The router now includes its version number in the cache keys of distributed cache entries. Given that a new router release may change how query plans are generated or represented, including the router version in a cache key enables the router to use separate cache entries for different versions.

If you have enabled distributed query plan caching, expect additional processing for your cache to update for this router release.

By @​SimonSapin in https://github.com/apollographql/router/pull/6406

🛠 Maintenance

Remove catch_unwind wrapper around the native query planner (PR #​6397)

As part of internal maintenance of the query planner, the
catch_unwind wrapper around the native query planner has been removed. This wrapper served as an extra safeguard for potential panics the native planner could produce. The
native query planner however no longer has any code paths that could panic. We have also
not witnessed a panic in the last four months, having processed 560 million real
user operations through the native planner.

This maintenance work also removes backtrace capture for federation errors, which
was used for debugging and is no longer necessary as we have the confidence in
the native planner's implementation.

By @​lrlna in https://github.com/apollographql/router/pull/6397

Deprecate various metrics (PR #​6350)

Several metrics have been deprecated in this release, in favor of OpenTelemetry-compatible alternatives:

• apollo_router_deduplicated_subscriptions_total - use the apollo.router.operations.subscriptions metric's subscriptions.deduplicated attribute.
• apollo_authentication_failure_count - use the apollo.router.operations.authentication.jwt metric's authentication.jwt.failed attribute.
• apollo_authentication_success_count - use the apollo.router.operations.authentication.jwt metric instead. If the authentication.jwt.failed attribute is absent or false, the authentication succeeded.
• apollo_require_authentication_failure_count - use the http.server.request.duration metric's http.response.status_code attribute. Requests with authentication failures have HTTP status code 401.
• apollo_router_timeout - this metric conflates timed-out requests from client to the router, and requests from the router to subgraphs. Timed-out requests have HTTP status code 504. Use the http.response.status_code attribute on the http.server.request.duration metric to identify timed-out router requests, and the same attribute on the http.client.request.duration metric to identify timed-out subgraph requests.

The deprecated metrics will continue to work in the 1.x release line.

By @​goto-bus-stop in https://github.com/apollographql/router/pull/6350

v1.58.1

Compare Source

[!IMPORTANT]
If you have enabled Distributed query plan caching, this release contains changes which necessarily alter the hashing algorithm used for the cache keys. On account of this, you should anticipate additional cache regeneration cost when updating between these versions while the new hashing algorithm comes into service.

🐛 Fixes

Particular supergraph telemetry customizations using the query selector do not error (PR #​6324)

Telemetry customizations like those featured in the request limits telemetry documentation now work as intended when using the query selector on the supergraph layer. Prior to this fix, this was sometimes causing a this is a bug and should not happen error, but is now resolved.

By @​bnjjj in https://github.com/apollographql/router/pull/6324

Native query planner now receives both "plan" and "path" limits configuration (PR #​6316)

The native query planner now correctly sets two experimental configuration options for limiting query planning complexity. These were previously available in the configuration and observed by the legacy planner, but were not being passed to the new native planner until now:

• supergraph.query_planning.experimental_plans_limit
• supergraph.query_planning.experimental_paths_limit

By @​goto-bus-stop in https://github.com/apollographql/router/pull/6316

v1.58.0

Compare Source

[!IMPORTANT]
If you have enabled Distributed query plan caching, this release contains changes which necessarily alter the hashing algorithm used for the cache keys. On account of this, you should anticipate additional cache regeneration cost when updating between these versions while the new hashing algorithm comes into service.

🚀 Features

Support DNS resolution strategy configuration (PR #​6109)

The router now supports a configurable DNS resolution strategy for the URLs of coprocessors and subgraphs.
The new option is called dns_resolution_strategy and supports the following values:

• ipv4_only - Only query for A (IPv4) records.
• ipv6_only - Only query for AAAA (IPv6) records.
• ipv4_and_ipv6 - Query for both A (IPv4) and AAAA (IPv6) records in parallel.
• ipv6_then_ipv4 - Query for AAAA (IPv6) records first; if that fails, query for A (IPv4) records.
• ipv4_then_ipv6(default) - Query for A (IPv4) records first; if that fails, query for AAAA (IPv6) records.

You can change the DNS resolution strategy applied to a subgraph's URL:

traffic_shaping:
  all:
    dns_resolution_strategy: ipv4_then_ipv6

You can also change the DNS resolution strategy applied to a coprocessor's URL:

coprocessor:
  url: http://coprocessor.example.com:8081
  client:
    dns_resolution_strategy: ipv4_then_ipv6

By @​IvanGoncharov in https://github.com/apollographql/router/pull/6109

Configuration options for HTTP/1 max headers and buffer limits (PR #​6194)

This update introduces configuration options that allow you to adjust the maximum number of HTTP/1 request headers and the maximum buffer size allocated for headers.

By default, the router accepts HTTP/1 requests with up to 100 headers and allocates ~400 KiB of buffer space to store them. If you need to handle requests with more headers or require a different buffer size, you can now configure these limits in the router's configuration file:

limits:
  http1_request_max_headers: 200
  http1_request_max_buf_size: 200kib

If you are using the router as a Rust crate, the http1_request_max_buf_size option requires the hyper_header_limits feature and also necessitates using Apollo's fork of the Hyper crate until the changes are merged upstream.
You can include this fork by adding the following patch to your Cargo.toml file:

[patch.crates-io]
"hyper" = { git = "https://github.com/apollographql/hyper.git", tag = "header-customizations-20241108" }

By @​IvanGoncharov in https://github.com/apollographql/router/pull/6194

Compress subgraph operations by generating fragments (PR #​6013)

The router now compresses operations sent to subgraphs by default by generating fragment
definitions and using them in the operation.

This change enables generate_query_fragments by default while disabling experimental_reuse_query_fragments. When enabled, experimental_reuse_query_fragments attempts to intelligently reuse the fragment definitions
from the original operation. However, fragment generation with generate_query_fragments is much faster and produces better outputs in most cases.

If you are relying on the shape of fragments in your subgraph operations or tests, you can opt out of the new algorithm with the configuration below.

Note: The subgraph operations generated by the query planner are not guaranteed consistent release over release. We strongly recommend against relying on the shape of planned subgraph operations, as new router features and optimizations will continuously affect it. We plan to remove experimental_reuse_query_fragments in a future release.

supergraph:
  generate_query_fragments: false
  experimental_reuse_query_fragments: true

By @​lrlna in https://github.com/apollographql/router/pull/6013

Add subgraph request id (PR #​5858)

The router now supports a subgraph request ID that is a unique string identifying a subgraph request and response. It allows plugins and coprocessors to keep some state per subgraph request by matching on this ID. It's available in coprocessors as subgraphRequestId and Rhai scripts as request.subgraph.id and response.subgraph.id.

By @​Geal in https://github.com/apollographql/router/pull/5858

Add extensions.service for all subgraph errors (PR #​6191)

For improved debuggability, the router now supports adding a subgraph's name as an extension to all errors originating from the subgraph.

If include_subgraph_errors is true for a particular subgraph, all errors originating in this subgraph will have the subgraph's name exposed as a service extension.

You can enable subgraph errors with the following configuration:

include_subgraph_errors:
  all: true # Propagate errors from all subgraphs

Note: This option is enabled by default by the router's dev mode.

Consequently, when a subgraph returns an error, it will have a service extension with the subgraph name as its value. The following example shows the extension for a products subgraph:

{
  "data": null,
  "errors": [
    {
      "message": "Invalid product ID",
      "path": [],
      "extensions": {
        "service": "products"
      }
    }
  ]
}

By @​IvanGoncharov in https://github.com/apollographql/router/pull/6191

Add @context support in the native query planner (PR #​6310)

The @context feature is now available in the native query planner.
This brings the native query planner to feature parity with the legacy query planner for all Federation v2 graphs. The native query planner can be enabled with the following configuration:

experimental_query_planner_mode: new

By @​clenfest, @​TylerBloom in https://github.com/apollographql/router/pull/6310

🐛 Fixes

Remove noisy demand control logs (PR #​6192)

Demand control no longer logs warnings when a subgraph response is missing a requested field.

By @​tninesling in https://github.com/apollographql/router/pull/6192

Renamed headers' original values can again be propagated (PR #​6281)

PR #​4535 introduced a regression where the following header propagation config would not work:

headers:
- propagate:
    named: a
    rename: b
- propagate:
    named: a
    rename: c

The goal of the original PR was to prevent multiple headers from being mapped to a single target header. However, it did not consider renames and instead prevented multiple mappings from the same source header.
The router now propagates headers properly and ensures that a target header is only propagated to once.

By @​BrynCooke in https://github.com/apollographql/router/pull/6281

Introspection response deduplication should always produce results (Issue #​6249)

To reduce CPU usage, query planning and introspection queries are deduplicated. In some cases, deduplicated introspection queries were not receiving their result. This issue has been fixed, and the router now sends results in all cases.

By @​Geal in https://github.com/apollographql/router/pull/6257

Don't log response data upon notification failure for subgraph batching (PR #​6150)

For a subgraph batching operation, the router now doesn't log the entire subgraph response when failing to notify a waiting batch participant. This saves the router from logging the large amount of data (PII and/or non-PII data) that a subgraph response may contain.

By @​garypen in https://github.com/apollographql/router/pull/6150

Move heavy computation to a thread pool with a priority queue (PR #​6247)

The router now avoids blocking threads when executing asynchronous code by using a thread pool with a priority queue.

This improves the performance of the following components that can take non-trivial amounts of CPU time:

• GraphQL parsing
• GraphQL validation
• Query planning
• Schema introspection

The size of the thread pool is based on the number of available CPU cores.

The thread pool replaces the router's prior implementation that used Tokio’s spawn_blocking.

apollo.router.compute_jobs.queued is a new gauge metric for the number of items in the thread pool's priority queue.

Note: when the native query planner is enabled, the dedicated queue of the legacy query planner is no longer used, so the apollo.router.query_planning.queued metric is no longer emitted.

By @​SimonSapin in https://github.com/apollographql/router/pull/6247

Limit the amount of GraphQL validation errors returned per response (PR #​6187)

When an invalid query is submitted, the router now returns at most one hundred GraphQL parsing and validation errors in a response. This prevents generating too large of a response for a nonsensical document.

By @​goto-bus-stop in https://github.com/apollographql/router/pull/6187

Remove placeholders from file upload query variables (PR #​6293)

Previously, file upload query variables in subgraph requests incorrectly contained internal placeholders.
According to the GraphQL Multipart Request Spec, these variables should be set to null.
This issue has been fixed by ensuring that the router complies with the specification and improving compatibility with subgraphs handling file uploads.

By @​IvanGoncharov in https://github.com/apollographql/router/pull/6293

Overhead processing metrics should exclude subgraph response time when deduplication is enabled (PR #​6207)

The router's calculated overhead processing time has been fixed, where the time spent waiting for the subgraph response of a deduplicated request had been incorrectly included.

By @​Geal in https://github.com/apollographql/router/pull/6207

Fix demand control panic for custom scalars that represent non-GraphQL-compliant JSON (PR #​6288)

Previously, a panic could be triggered in the router's demand control plugin with the following schema:

scalar ArbitraryJson

type MyInput {
    json: ArbitraryJson
}

type Query {
    fetch(args: MyInput): Int
}

Then, submitting the query

query FetchData(: ArbitraryJson) {
    fetch(args: {
        json: 
    })
}

and variables

{
    "myJsonValue": {
        "field.with.dots": 1
    }
}

During scoring, the demand control plugin would attempt to convert the variable structure into a GraphQL-compliant structure requiring valid GraphQL names as keys. The dot characters in the keys however would cause a panic.

With this fix, only the GraphQL compliant part of the input object is scored, and the arbitrary JSON marked by the custom scalar is scored as an opaque scalar (similar to how built-ins like Int or String are processed).

By @​tninesling in https://github.com/apollographql/router/pull/6288

Fix incorrect overriding of concrete type names with interface names when merging responses (PR #​6250)

When using @interfaceObject, differing pieces of data can come back with either concrete types or interface types depending on the source. Previously, receiving the data in a particular order could incorrectly result in the interface name of a type overwriting its concrete name.

To make the response merging order-agnostic, the router now checks the schema to ensure concrete types are not overwritten with interfaces or less specific types.

By @​tninesling in https://github.com/apollographql/router/pull/6250

🛠 Maintenance

Query planner cache key improvements (Issue #​5160)

Several performance improvements have been implemented for query plan cache key generation. In particular, the distributed cache's key format has changed, which adds prefixes to the different key segments to help in debugging.

By @​Geal in https://github.com/apollographql/router/pull/6206

Add entity caching invalidation configuration metrics (PR #​6286)

We've added metrics for our analytics to know if entity caching invalidation is enabled.

By @​bnjjj in https://github.com/apollographql/router/pull/6286

Avoid creating stub span for supergraph events if current span exists (PR #​6096)

The router optimized its telemetry implementation by not creating a redundant span when it already has a span available to use the span's extensions for supergraph events.

By @​bnjjj in https://github.com/apollographql/router/pull/6096

📚 Documentation

Clarify docs for authorization directive composition (PR #​6216)

The docs for authorization directive composition have been clarified, including corrected code examples.

By @​Meschreiber in https://github.com/apollographql/router/pull/6216

v1.57.1

Compare Source

🐛 Fixes

Progressive override: fix query planner cache warmup (PR #​6108)

This fixes an issue in progressive override where the override labels were not transmitted to the query planner during cache warmup. Queries were correctly using the overridden fields at first, but after an update, reverted to non overridden fields, and could not recover.

By @​Geal in https://github.com/apollographql/router/pull/6108

v1.57.0

Compare Source

[!IMPORTANT]
If you have enabled Distributed query plan caching, updates to the query planner in this release will result in query plan caches being re-generated rather than re-used. On account of this, you should anticipate additional cache regeneration cost when updating between these versions while the new query plans come into service.

🚀 Features

Remove legacy schema introspection (PR #​6139)

Schema introspection in the router now runs natively without JavaScript. We have high confidence that the new native implementation returns responses that match the previous Javascript implementation, based on differential testing: fuzzing arbitrary queries against a large schema, and testing a corpus of customer schemas against a comprehensive query.

Changes to the router's YAML configuration:

• The experimental_introspection_mode key has been removed, with the new mode as the only behavior in this release.
• The supergraph.query_planning.legacy_introspection_caching key is removed, with the behavior in this release now similar to what was false: introspection responses are not part of the query plan cache but instead in a separate, small in-memory—only cache.

When using the above deprecated configuration options, the router's automatic configuration migration will ensure that existing configuration continue to work until the next major version of the router. To simplify major upgrades, we recommend reviewing incremental updates to your YAML configuration by comparing the output of ./router config upgrade --config path/to/config.yaml with your existing configuration.

By @​SimonSapin in [https://github.com/apollographql/router/pull/6139]

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[changeset-bot]

⚠️ No Changeset found

Latest commit: a1abdd3

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR