releases.shpreview
Apollo GraphQL/Apollo Federation

Apollo Federation

$npx -y @buildinternet/releases show apollo-federation
Mon
Wed
Fri
AprMayJunJulAugSepOctNovDecJanFebMarApr
Less
More
Releases48Avg15/moVersions@apollo/gateway@2.13.0-preview.2 → @apollo/subgraph@2.13.3
Nov 13, 2025

Patch Changes

Patch Changes

Patch Changes

Patch Changes

  • Fixed access control verification of transitive requirements (through @requires and/or @fromContext) to ensure it works with chains of transitive dependencies. (#3343)

  • Allow interface object fields to specify access control (#3343)

    Update composition logic to allow specifying access control directives (@authenticated, @requiresScopes and @policy) on @interfaceObject fields. While we disallow access control on interface types and fields, we decided to support it on @interfaceObject as it is a useful pattern to define a single resolver (that may need access controls) for common interface fields. Alternative would require our users to explicitly define resolvers for all implementations which defeats the purpose of @interfaceObject.

    This PR refactors in how we propagate access control by providing additional merge sources when merging directives on interfaces, interface fields and object fields.

  • Updated dependencies [09e596e6a0c753071ca822e84f525d73ada395cf, ac1ed2946c48e0fef4b413b192d8c5fbdb2370ae]:

    • @apollo/federation-internals@2.12.1
    • @apollo/query-graphs@2.12.1

Patch Changes

  • Allow interface object fields to specify access control (#3343)

    Update composition logic to allow specifying access control directives (@authenticated, @requiresScopes and @policy) on @interfaceObject fields. While we disallow access control on interface types and fields, we decided to support it on @interfaceObject as it is a useful pattern to define a single resolver (that may need access controls) for common interface fields. Alternative would require our users to explicitly define resolvers for all implementations which defeats the purpose of @interfaceObject.

    This PR refactors in how we propagate access control by providing additional merge sources when merging directives on interfaces, interface fields and object fields.

  • Fixed demand control validations to unwrap non-nullable composite types and fields when performing validations. (#3343)

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Patch Changes

  • Allow interface object fields to specify access control (#3333)

    Update composition logic to allow specifying access control directives (@authenticated, @requiresScopes and @policy) on @interfaceObject fields. While we disallow access control on interface types and fields, we decided to support it on @interfaceObject as it is a useful pattern to define a single resolver (that may need access controls) for common interface fields. Alternative would require our users to explicitly define resolvers for all implementations which defeats the purpose of @interfaceObject.

    This PR refactors in how we propagate access control by providing additional merge sources when merging directives on interfaces, interface fields and object fields.

  • Fixed demand control validations to unwrap non-nullable composite types and fields when performing validations. (#3336)

Patch Changes

  • Fixed access control verification of transitive requirements (through @requires and/or @fromContext) to ensure it works with chains of transitive dependencies. (#3333)

  • Allow interface object fields to specify access control (#3333)

    Update composition logic to allow specifying access control directives (@authenticated, @requiresScopes and @policy) on @interfaceObject fields. While we disallow access control on interface types and fields, we decided to support it on @interfaceObject as it is a useful pattern to define a single resolver (that may need access controls) for common interface fields. Alternative would require our users to explicitly define resolvers for all implementations which defeats the purpose of @interfaceObject.

    This PR refactors in how we propagate access control by providing additional merge sources when merging directives on interfaces, interface fields and object fields.

  • Updated dependencies [e1c58611c3c996b4fff98a54e49f00549ff2115d, 3e2d1fd315db54a089fedf131cfaa27792bdd049]:

    • @apollo/federation-internals@2.11.5
    • @apollo/query-graphs@2.11.5

Patch Changes

  • Allow interface object fields to specify access control (#3341)

    Update composition logic to allow specifying access control directives (@authenticated, @requiresScopes and @policy) on @interfaceObject fields. While we disallow access control on interface types and fields, we decided to support it on @interfaceObject as it is a useful pattern to define a single resolver (that may need access controls) for common interface fields. Alternative would require our users to explicitly define resolvers for all implementations which defeats the purpose of @interfaceObject.

    This PR refactors in how we propagate access control by providing additional merge sources when merging directives on interfaces, interface fields and object fields.

Patch Changes

Patch Changes

Patch Changes

  • Fixed access control verification of transitive requirements (through @requires and/or @fromContext) to ensure it works with chains of transitive dependencies. (#3341)

  • Allow interface object fields to specify access control (#3341)

    Update composition logic to allow specifying access control directives (@authenticated, @requiresScopes and @policy) on @interfaceObject fields. While we disallow access control on interface types and fields, we decided to support it on @interfaceObject as it is a useful pattern to define a single resolver (that may need access controls) for common interface fields. Alternative would require our users to explicitly define resolvers for all implementations which defeats the purpose of @interfaceObject.

    This PR refactors in how we propagate access control by providing additional merge sources when merging directives on interfaces, interface fields and object fields.

  • Updated dependencies [20c75d1d60a48fc289d88c8d29652f1afc7553e4]:

    • @apollo/federation-internals@2.10.4
    • @apollo/query-graphs@2.10.4

Patch Changes

Patch Changes

Patch Changes

Patch Changes

Previous2345Next
Latest
@apollo/subgraph@2.13.3
Source
@apollographql/federation
Changelog
View changelog
Tracking Since
Nov 4, 2025
Last checked Apr 20, 2026
.json·.md·.atom