release: on branch main (#3345)

github-actions[bot] · web-flow · commit fd436fad1588 · 2025-11-13T09:41:06.000-06:00
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @apollo/composition@2.12.1 ### Patch Changes - Fixed access control verification of transitive requirements (through `@requires` and/or `@fromContext`) to ensure it works with chains of transitive dependencies. ([#3343](#3343)) - Allow interface object fields to specify access control ([#3343](#3343)) Update composition logic to allow specifying access control directives (`@authenticated`, `@requiresScopes` and `@policy`) on `@interfaceObject` fields. While we disallow access control on interface types and fields, we decided to support it on `@interfaceObject` as it is a useful pattern to define a single resolver (that may need access controls) for common interface fields. Alternative would require our users to explicitly define resolvers for all implementations which defeats the purpose of `@interfaceObject`. This PR refactors in how we propagate access control by providing additional merge sources when merging directives on interfaces, interface fields and object fields. - Updated dependencies \[[`09e596e6a0c753071ca822e84f525d73ada395cf`](09e596e), [`ac1ed2946c48e0fef4b413b192d8c5fbdb2370ae`](ac1ed29)]: - @apollo/federation-internals@2.12.1 - @apollo/query-graphs@2.12.1 ## @apollo/gateway@2.12.1 ### Patch Changes - Updated dependencies \[[`b19431e4a92206703e29aba859a5fc7574b9ef8b`](b19431e), [`09e596e6a0c753071ca822e84f525d73ada395cf`](09e596e), [`ac1ed2946c48e0fef4b413b192d8c5fbdb2370ae`](ac1ed29)]: - @apollo/composition@2.12.1 - @apollo/federation-internals@2.12.1 - @apollo/query-planner@2.12.1 ## @apollo/federation-internals@2.12.1 ### Patch Changes - Allow interface object fields to specify access control ([#3343](#3343)) Update composition logic to allow specifying access control directives (`@authenticated`, `@requiresScopes` and `@policy`) on `@interfaceObject` fields. While we disallow access control on interface types and fields, we decided to support it on `@interfaceObject` as it is a useful pattern to define a single resolver (that may need access controls) for common interface fields. Alternative would require our users to explicitly define resolvers for all implementations which defeats the purpose of `@interfaceObject`. This PR refactors in how we propagate access control by providing additional merge sources when merging directives on interfaces, interface fields and object fields. - Fixed demand control validations to unwrap non-nullable composite types and fields when performing validations. ([#3343](#3343)) ## @apollo/query-graphs@2.12.1 ### Patch Changes - Updated dependencies \[[`09e596e6a0c753071ca822e84f525d73ada395cf`](09e596e), [`ac1ed2946c48e0fef4b413b192d8c5fbdb2370ae`](ac1ed29)]: - @apollo/federation-internals@2.12.1 ## @apollo/query-planner@2.12.1 ### Patch Changes - Updated dependencies \[[`09e596e6a0c753071ca822e84f525d73ada395cf`](09e596e), [`ac1ed2946c48e0fef4b413b192d8c5fbdb2370ae`](ac1ed29)]: - @apollo/federation-internals@2.12.1 - @apollo/query-graphs@2.12.1 ## @apollo/subgraph@2.12.1 ### Patch Changes - Updated dependencies \[[`09e596e6a0c753071ca822e84f525d73ada395cf`](09e596e), [`ac1ed2946c48e0fef4b413b192d8c5fbdb2370ae`](ac1ed29)]: - @apollo/federation-internals@2.12.1 ## apollo-federation-integration-testsuite@2.12.1 Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
diff --git a/.changeset/orange-yaks-double.md b/.changeset/orange-yaks-double.md
diff --git a/.changeset/shaggy-adults-help.md b/.changeset/shaggy-adults-help.md
diff --git a/.changeset/smart-crabs-jump.md b/.changeset/smart-crabs-jump.md
diff --git a/composition-js/CHANGELOG.md b/composition-js/CHANGELOG.md
@@ -1,5 +1,21 @@
 # CHANGELOG for `@apollo/composition`
 
+## 2.12.1
+
+### Patch Changes
+
+- Fixed access control verification of transitive requirements (through `@requires` and/or `@fromContext`) to ensure it works with chains of transitive dependencies. ([#3343](https://github.com/apollographql/federation/pull/3343))
+
+- Allow interface object fields to specify access control ([#3343](https://github.com/apollographql/federation/pull/3343))
+
+  Update composition logic to allow specifying access control directives (`@authenticated`, `@requiresScopes` and `@policy`) on `@interfaceObject` fields. While we disallow access control on interface types and fields, we decided to support it on `@interfaceObject` as it is a useful pattern to define a single resolver (that may need access controls) for common interface fields. Alternative would require our users to explicitly define resolvers for all implementations which defeats the purpose of `@interfaceObject`.
+
+  This PR refactors in how we propagate access control by providing additional merge sources when merging directives on interfaces, interface fields and object fields.
+
+- Updated dependencies [[`09e596e6a0c753071ca822e84f525d73ada395cf`](https://github.com/apollographql/federation/commit/09e596e6a0c753071ca822e84f525d73ada395cf), [`ac1ed2946c48e0fef4b413b192d8c5fbdb2370ae`](https://github.com/apollographql/federation/commit/ac1ed2946c48e0fef4b413b192d8c5fbdb2370ae)]:
+  - @apollo/federation-internals@2.12.1
+  - @apollo/query-graphs@2.12.1
+
 ## 2.12.0
 
 ### Minor Changes
diff --git a/composition-js/package.json b/composition-js/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@apollo/composition",
-  "version": "2.12.0",
+  "version": "2.12.1",
   "description": "Apollo Federation composition utilities",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -27,8 +27,8 @@
     "access": "public"
   },
   "dependencies": {
-    "@apollo/federation-internals": "2.12.0",
-    "@apollo/query-graphs": "2.12.0"
+    "@apollo/federation-internals": "2.12.1",
+    "@apollo/query-graphs": "2.12.1"
   },
   "peerDependencies": {
     "graphql": "^16.5.0"
diff --git a/federation-integration-testsuite-js/CHANGELOG.md b/federation-integration-testsuite-js/CHANGELOG.md
@@ -1,5 +1,7 @@
 # CHANGELOG for `federation-integration-testsuite-js`
 
+## 2.12.1
+
 ## 2.12.0
 
 ### Minor Changes
diff --git a/federation-integration-testsuite-js/package.json b/federation-integration-testsuite-js/package.json
@@ -1,7 +1,7 @@
 {
   "name": "apollo-federation-integration-testsuite",
   "private": true,
-  "version": "2.12.0",
+  "version": "2.12.1",
   "description": "Apollo Federation Integrations / Test Fixtures",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
diff --git a/gateway-js/CHANGELOG.md b/gateway-js/CHANGELOG.md
@@ -1,5 +1,14 @@
 # CHANGELOG for `@apollo/gateway`
 
+## 2.12.1
+
+### Patch Changes
+
+- Updated dependencies [[`b19431e4a92206703e29aba859a5fc7574b9ef8b`](https://github.com/apollographql/federation/commit/b19431e4a92206703e29aba859a5fc7574b9ef8b), [`09e596e6a0c753071ca822e84f525d73ada395cf`](https://github.com/apollographql/federation/commit/09e596e6a0c753071ca822e84f525d73ada395cf), [`ac1ed2946c48e0fef4b413b192d8c5fbdb2370ae`](https://github.com/apollographql/federation/commit/ac1ed2946c48e0fef4b413b192d8c5fbdb2370ae)]:
+  - @apollo/composition@2.12.1
+  - @apollo/federation-internals@2.12.1
+  - @apollo/query-planner@2.12.1
+
 ## 2.12.0
 
 ### Minor Changes
diff --git a/gateway-js/package.json b/gateway-js/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@apollo/gateway",
-  "version": "2.12.0",
+  "version": "2.12.1",
   "description": "Apollo Gateway",
   "author": "Apollo <packages@apollographql.com>",
   "main": "dist/index.js",
@@ -25,9 +25,9 @@
     "access": "public"
   },
   "dependencies": {
-    "@apollo/composition": "2.12.0",
-    "@apollo/federation-internals": "2.12.0",
-    "@apollo/query-planner": "2.12.0",
+    "@apollo/composition": "2.12.1",
+    "@apollo/federation-internals": "2.12.1",
+    "@apollo/query-planner": "2.12.1",
     "@apollo/server-gateway-interface": "^1.1.0",
     "@apollo/usage-reporting-protobuf": "^4.1.0",
     "@apollo/utils.createhash": "^2.0.0",
diff --git a/internals-js/CHANGELOG.md b/internals-js/CHANGELOG.md
@@ -1,5 +1,17 @@
 # CHANGELOG for `@apollo/federation-internals`
 
+## 2.12.1
+
+### Patch Changes
+
+- Allow interface object fields to specify access control ([#3343](https://github.com/apollographql/federation/pull/3343))
+
+  Update composition logic to allow specifying access control directives (`@authenticated`, `@requiresScopes` and `@policy`) on `@interfaceObject` fields. While we disallow access control on interface types and fields, we decided to support it on `@interfaceObject` as it is a useful pattern to define a single resolver (that may need access controls) for common interface fields. Alternative would require our users to explicitly define resolvers for all implementations which defeats the purpose of `@interfaceObject`.
+
+  This PR refactors in how we propagate access control by providing additional merge sources when merging directives on interfaces, interface fields and object fields.
+
+- Fixed demand control validations to unwrap non-nullable composite types and fields when performing validations. ([#3343](https://github.com/apollographql/federation/pull/3343))
+
 ## 2.12.0
 
 ### Minor Changes
diff --git a/internals-js/package.json b/internals-js/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@apollo/federation-internals",
-  "version": "2.12.0",
+  "version": "2.12.1",
   "description": "Apollo Federation internal utilities",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
diff --git a/package-lock.json b/package-lock.json
diff --git a/query-graphs-js/CHANGELOG.md b/query-graphs-js/CHANGELOG.md
@@ -1,5 +1,12 @@
 # CHANGELOG for `@apollo/query-graphs`
 
+## 2.12.1
+
+### Patch Changes
+
+- Updated dependencies [[`09e596e6a0c753071ca822e84f525d73ada395cf`](https://github.com/apollographql/federation/commit/09e596e6a0c753071ca822e84f525d73ada395cf), [`ac1ed2946c48e0fef4b413b192d8c5fbdb2370ae`](https://github.com/apollographql/federation/commit/ac1ed2946c48e0fef4b413b192d8c5fbdb2370ae)]:
+  - @apollo/federation-internals@2.12.1
+
 ## 2.12.0
 
 ### Minor Changes
diff --git a/query-graphs-js/package.json b/query-graphs-js/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@apollo/query-graphs",
-  "version": "2.12.0",
+  "version": "2.12.1",
   "description": "Apollo Federation library to work with 'query graphs'",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -23,7 +23,7 @@
     "node": ">=14.15.0"
   },
   "dependencies": {
-    "@apollo/federation-internals": "2.12.0",
+    "@apollo/federation-internals": "2.12.1",
     "deep-equal": "^2.0.5",
     "ts-graphviz": "^1.5.4",
     "uuid": "^9.0.0"
diff --git a/query-planner-js/CHANGELOG.md b/query-planner-js/CHANGELOG.md
@@ -1,5 +1,13 @@
 # CHANGELOG for `@apollo/query-planner`
 
+## 2.12.1
+
+### Patch Changes
+
+- Updated dependencies [[`09e596e6a0c753071ca822e84f525d73ada395cf`](https://github.com/apollographql/federation/commit/09e596e6a0c753071ca822e84f525d73ada395cf), [`ac1ed2946c48e0fef4b413b192d8c5fbdb2370ae`](https://github.com/apollographql/federation/commit/ac1ed2946c48e0fef4b413b192d8c5fbdb2370ae)]:
+  - @apollo/federation-internals@2.12.1
+  - @apollo/query-graphs@2.12.1
+
 ## 2.12.0
 
 ### Minor Changes
diff --git a/query-planner-js/package.json b/query-planner-js/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@apollo/query-planner",
-  "version": "2.12.0",
+  "version": "2.12.1",
   "description": "Apollo Query Planner",
   "author": "Apollo <packages@apollographql.com>",
   "main": "dist/index.js",
@@ -25,8 +25,8 @@
     "access": "public"
   },
   "dependencies": {
-    "@apollo/federation-internals": "2.12.0",
-    "@apollo/query-graphs": "2.12.0",
+    "@apollo/federation-internals": "2.12.1",
+    "@apollo/query-graphs": "2.12.1",
     "@apollo/utils.keyvaluecache": "^2.1.0",
     "chalk": "^4.1.0",
     "deep-equal": "^2.0.5",
diff --git a/subgraph-js/CHANGELOG.md b/subgraph-js/CHANGELOG.md
@@ -1,13 +1,21 @@
 # CHANGELOG for `@apollo/subgraph`
 
+## 2.12.1
+
+### Patch Changes
+
+- Updated dependencies [[`09e596e6a0c753071ca822e84f525d73ada395cf`](https://github.com/apollographql/federation/commit/09e596e6a0c753071ca822e84f525d73ada395cf), [`ac1ed2946c48e0fef4b413b192d8c5fbdb2370ae`](https://github.com/apollographql/federation/commit/ac1ed2946c48e0fef4b413b192d8c5fbdb2370ae)]:
+  - @apollo/federation-internals@2.12.1
+
 ## 2.12.0
 
 ### Minor Changes
 
 - Federation 2.12 and Connect 0.3 ([#3276](https://github.com/apollographql/federation/pull/3276))
 
 ### Patch Changes
-- 
+
+-
 - When a `GraphQLScalarType` resolver is provided to `buildSubgraphSchema()`, omitted configuration options in the `GraphQLScalarType` no longer cause the corresponding properties in the GraphQL document/AST to be cleared. To explicitly clear these properties, use `null` for the configuration option instead. ([#3287](https://github.com/apollographql/federation/pull/3287))
 
 - Updated dependencies [[`3e2b0a8569a9fe46726182887ed0b4bfc0b52468`](https://github.com/apollographql/federation/commit/3e2b0a8569a9fe46726182887ed0b4bfc0b52468), [`bb4614d338ae03bac51a5fc2439590f172c4e54d`](https://github.com/apollographql/federation/commit/bb4614d338ae03bac51a5fc2439590f172c4e54d), [`99f2da21de88f9ad9a32ee7ed64b2d4a92887b40`](https://github.com/apollographql/federation/commit/99f2da21de88f9ad9a32ee7ed64b2d4a92887b40), [`468f27842608f4e390cfc88bc7e6b4b0945f95ff`](https://github.com/apollographql/federation/commit/468f27842608f4e390cfc88bc7e6b4b0945f95ff), [`3fd5157b309f1d3439b2d87c67b0601fb246d04c`](https://github.com/apollographql/federation/commit/3fd5157b309f1d3439b2d87c67b0601fb246d04c), [`b734ea04d118db09cf6077fdd968c8f04a96327a`](https://github.com/apollographql/federation/commit/b734ea04d118db09cf6077fdd968c8f04a96327a), [`4bda3a498eba36e187dfd9ae673eca12d3f3502c`](https://github.com/apollographql/federation/commit/4bda3a498eba36e187dfd9ae673eca12d3f3502c), [`e7e67579908d5cd2fa6fe558228dffe4808cd98d`](https://github.com/apollographql/federation/commit/e7e67579908d5cd2fa6fe558228dffe4808cd98d), [`faea2d1174d80593264f2227cfde9a2ba1a59b96`](https://github.com/apollographql/federation/commit/faea2d1174d80593264f2227cfde9a2ba1a59b96), [`97b9d2edfcfeed99124f9e115f992cbef3804682`](https://github.com/apollographql/federation/commit/97b9d2edfcfeed99124f9e115f992cbef3804682), [`f6af504f1ba8283fd00af0d6e3c9c1a665d62736`](https://github.com/apollographql/federation/commit/f6af504f1ba8283fd00af0d6e3c9c1a665d62736), [`a595235d3cf8f67611efd8395332b64d067b5f1f`](https://github.com/apollographql/federation/commit/a595235d3cf8f67611efd8395332b64d067b5f1f)]:
diff --git a/subgraph-js/package.json b/subgraph-js/package.json
@@ -1,6 +1,6 @@
 {
   "name": "@apollo/subgraph",
-  "version": "2.12.0",
+  "version": "2.12.1",
   "description": "Apollo Subgraph Utilities",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -25,7 +25,7 @@
   },
   "dependencies": {
     "@apollo/cache-control-types": "^1.0.2",
-    "@apollo/federation-internals": "2.12.0"
+    "@apollo/federation-internals": "2.12.1"
   },
   "peerDependencies": {
     "graphql": "^16.5.0"

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "apollo-federation-integration-testsuite",`
`3`	`3`	`"private": true,`
`4`		`- "version": "2.12.0",`
	`4`	`+ "version": "2.12.1",`
`5`	`5`	`"description": "Apollo Federation Integrations / Test Fixtures",`
`6`	`6`	`"main": "dist/index.js",`
`7`	`7`	`"types": "dist/index.d.ts",`