Releases: apollographql/federation
@apollo/query-graphs@2.8.5
Patch Changes
- Updated dependencies []:
- @apollo/federation-internals@2.8.5
@apollo/gateway@2.8.5
🔒 Security
CVE-2024-43414: Prevent uncontrolled recursion for complex queries
Correct a bug where complex queries can cause uncontrolled recursion due to failure to reduce the number of possible query plans (classified as CWE-674). (#3128)
This weakness impacts all v2 versions of @apollo/gateway
prior to this release. See the associated Github Advisory, GHSA-fmj9-77q8-g6c4, for more information.
- Updated dependencies [
926cbb7949200e12b81100a07fa3438b5ae9efd0
]:- @apollo/query-planner@2.8.5
- @apollo/composition@2.8.5
- @apollo/federation-internals@2.8.5
@apollo/federation-internals@2.8.5
@apollo/federation-internals@2.8.5
@apollo/composition@2.8.5
Patch Changes
- Updated dependencies []:
- @apollo/federation-internals@2.8.5
- @apollo/query-graphs@2.8.5
@apollo/subgraph@2.9.0-beta.0
Patch Changes
- Updated dependencies [
02c2a34a62c3717a4885449172e404f19ebf66c9
,0ccfd937d4b4a576f890665ceebbd7986fac5d0c
,e0a5075c0d12a0e2f7ef303b246e3216a139d3e0
]:- @apollo/federation-internals@2.9.0-beta.0
@apollo/query-planner@2.9.0-beta.0
Patch Changes
-
Fix issue where variable was not passed into subgraph when embedded in a fragment (#3119)
-
Updated dependencies [
acfe3193429c7f99b4fc564b20828aaa8659a75c
,02c2a34a62c3717a4885449172e404f19ebf66c9
,0ccfd937d4b4a576f890665ceebbd7986fac5d0c
,e0a5075c0d12a0e2f7ef303b246e3216a139d3e0
]:- @apollo/query-graphs@2.9.0-beta.0
- @apollo/federation-internals@2.9.0-beta.0
@apollo/query-graphs@2.9.0-beta.0
Patch Changes
-
Avoid type explosion for inline fragments where the type condition is an interface that implements the parent type. (#3122)
-
Updated dependencies [
02c2a34a62c3717a4885449172e404f19ebf66c9
,0ccfd937d4b4a576f890665ceebbd7986fac5d0c
,e0a5075c0d12a0e2f7ef303b246e3216a139d3e0
]:- @apollo/federation-internals@2.9.0-beta.0
@apollo/gateway@2.9.0-beta.0
Patch Changes
-
Avoid type explosion for inline fragments where the type condition is an interface that implements the parent type. (#3122)
-
Reduce memory overhead during satisfiability checking when there are many options. (#3109)
-
Updated dependencies [
02c2a34a62c3717a4885449172e404f19ebf66c9
,0ccfd937d4b4a576f890665ceebbd7986fac5d0c
,e0a5075c0d12a0e2f7ef303b246e3216a139d3e0
]:- @apollo/federation-internals@2.9.0-beta.0
- @apollo/composition@2.9.0-beta.0
- @apollo/query-planner@2.9.0-beta.0
@apollo/federation-internals@2.9.0-beta.0
Minor Changes
- Implements two new directives for defining custom costs for demand control. The
@cost
directive allows setting a custom weight to a particular field in the graph, overriding the default cost calculation. The@listSize
directive gives the cost calculator information about how to estimate the size of lists returned by subgraphs. This can either be a static size or a value derived from input arguments, such as paging parameters. (#3074)
Patch Changes
@apollo/composition@2.9.0-beta.0
Minor Changes
- Implements two new directives for defining custom costs for demand control. The
@cost
directive allows setting a custom weight to a particular field in the graph, overriding the default cost calculation. The@listSize
directive gives the cost calculator information about how to estimate the size of lists returned by subgraphs. This can either be a static size or a value derived from input arguments, such as paging parameters. (#3074)
Patch Changes
-
Reduce memory overhead during satisfiability checking when there are many options. (#3109)
-
Updated dependencies [
acfe3193429c7f99b4fc564b20828aaa8659a75c
,02c2a34a62c3717a4885449172e404f19ebf66c9
,0ccfd937d4b4a576f890665ceebbd7986fac5d0c
,e0a5075c0d12a0e2f7ef303b246e3216a139d3e0
]:- @apollo/query-graphs@2.9.0-beta.0
- @apollo/federation-internals@2.9.0-beta.0