From da8a6205dfcc7ec12c15c36c35007b086d43f79b Mon Sep 17 00:00:00 2001 From: bryn Date: Thu, 24 Aug 2023 16:12:22 +0100 Subject: [PATCH 1/6] prep release: v1.28.0 --- .../docs_abernix_hot_reload_clarify.md | 14 - .changesets/exp_pq_safelist_normalization.md | 14 - .../feat_bryn_router_analytics_initial.md | 10 - .../feat_igni_stats_report_key_hash.md | 19 -- .../fix_garypen_3140_flush_otlp_metrics.md | 9 - .../maint_frog_deejay_motorcar_planetarium.md | 8 - .../maint_garypen_3587_enable_1_28_0.md | 7 - .changesets/maint_simon_rust71.md | 9 - CHANGELOG.md | 112 +++++++ Cargo.lock | 6 +- apollo-router-benchmarks/Cargo.toml | 2 +- apollo-router-scaffold/Cargo.toml | 2 +- .../templates/base/Cargo.toml | 2 +- .../templates/base/xtask/Cargo.toml | 2 +- apollo-router/Cargo.toml | 2 +- .../tracing/docker-compose.datadog.yml | 2 +- dockerfiles/tracing/docker-compose.jaeger.yml | 2 +- dockerfiles/tracing/docker-compose.zipkin.yml | 2 +- docs/source/containerization/docker.mdx | 2 +- docs/source/containerization/kubernetes.mdx | 28 +- helm/chart/router/Chart.yaml | 4 +- helm/chart/router/README.md | 6 +- licenses.html | 288 ++++++++++-------- scripts/install.sh | 2 +- 24 files changed, 305 insertions(+), 249 deletions(-) delete mode 100644 .changesets/docs_abernix_hot_reload_clarify.md delete mode 100644 .changesets/exp_pq_safelist_normalization.md delete mode 100644 .changesets/feat_bryn_router_analytics_initial.md delete mode 100644 .changesets/feat_igni_stats_report_key_hash.md delete mode 100644 .changesets/fix_garypen_3140_flush_otlp_metrics.md delete mode 100644 .changesets/maint_frog_deejay_motorcar_planetarium.md delete mode 100644 .changesets/maint_garypen_3587_enable_1_28_0.md delete mode 100644 .changesets/maint_simon_rust71.md diff --git a/.changesets/docs_abernix_hot_reload_clarify.md b/.changesets/docs_abernix_hot_reload_clarify.md deleted file mode 100644 index 7decd80dfa..0000000000 --- a/.changesets/docs_abernix_hot_reload_clarify.md +++ /dev/null @@ -1,14 +0,0 @@ -### Clarify that hot-reload does not affect Uplink-delivered config/schema ([PR #3596](https://github.com/apollographql/router/pull/3596)) - -This documentation adjustment (and small CLI help change) tries to clarify some confusion around the `--hot-reload` command line argument and the scope of it's operation. - -Concretely, the supergraph and configuration that is delivered through a [GraphOS Launch](https://www.apollographql.com/docs/graphos/delivery/launches/) (and delivered through Uplink) is _always_ loaded immediately and will take effect as soon as possible. - -On the other hand, files that are provided locally - e.g., `--config ./file.yaml` and `--supergraph ./supergraph.graphql` - are only reloaded: - -- If `--hot-reload` is passed (or if another flag infers `--hot-reload`, as is the case with `--dev`) and a supergraph or configuration is changed; or -- When the router process is sent a SIGHUP. - -Otherwise, files provided locally to the router are only re-started if the router process is completely restarted. - -By [@abernix](https://github.com/abernix) in https://github.com/apollographql/router/pull/3596 \ No newline at end of file diff --git a/.changesets/exp_pq_safelist_normalization.md b/.changesets/exp_pq_safelist_normalization.md deleted file mode 100644 index fae430f03c..0000000000 --- a/.changesets/exp_pq_safelist_normalization.md +++ /dev/null @@ -1,14 +0,0 @@ -### Improvements to safelisting with Persisted Queries (preview) - -(The Persisted Queries feature was initially released in Router v1.25.0, as part of a private preview requiring enablement by Apollo support. The feature is now in public preview and is accessible to any enterprise GraphOS organization.) - -Several improvements to safelisting behavior based on preview feedback: - -* When the safelist is enabled (but `require_id` is not), matching now ignores the order of top-level definitions (operations and fragments) and ignored tokens (whitespace, comments, commas, etc), so that differences in these purely syntactic elements do not affect whether an operation is considered to be in the safelist. -* If introspection is enabled on the server, any operation whose top-level fields are introspection fields (`__type`, `__schema`, or `__typename`) is considered to be in the safelist. (Previously, Router instead looked for two specific introspection queries from a particular version of Apollo Sandbox if sandbox was enabled; this hard-coded check is removed.) This special case is not applied if `require_id` is enabled, so that Router never parses freeform GraphQL in this mode. -* When `log_unknown` is enabled and `apq` has not been disabled, Router now logs any operation not in the safelist as unknown, even those sent via IDs if the operation was found in the APQ cache rather than the manifest. -* When `log_unknown` and `require_id` are both enabled, Router now logs all operations that rejects (i.e., all operations sent as freeform GraphQL). Previously, Router only logged the operations that would have been rejected by the safelist feature with `require_id` disabled (i.e., operations sent as freeform GraphQL that do not match an operation in the manifest). - -As a side effect of this change, Router now re-downloads the PQ manifest when reloading configuration dynamically rather than caching it across reloads. If this causes a notable performance regression for your use case, please file an issue. - -By [@glasser](https://github.com/glasser) in https://github.com/apollographql/router/pull/3566 diff --git a/.changesets/feat_bryn_router_analytics_initial.md b/.changesets/feat_bryn_router_analytics_initial.md deleted file mode 100644 index c12af057b7..0000000000 --- a/.changesets/feat_bryn_router_analytics_initial.md +++ /dev/null @@ -1,10 +0,0 @@ -### Adds some new (unstable) metrics ([PR #3609](https://github.com/apollographql/router/pull/3609)) - -Many of our existing metrics are poorly and inconsistently named. In addition they follow prometheus style rather than otel style. - -This PR adds some new metrics that will hopefully give us a good foundation to build upon. -New metrics are namespaced `apollo.router.operations.*`. - -Until officially documented the metrics should be treated as unstable, as we may need change the names to ensure consistency. - -By [@BrynCooke](https://github.com/BrynCooke) in https://github.com/apollographql/router/pull/3609 diff --git a/.changesets/feat_igni_stats_report_key_hash.md b/.changesets/feat_igni_stats_report_key_hash.md deleted file mode 100644 index 1971b41d63..0000000000 --- a/.changesets/feat_igni_stats_report_key_hash.md +++ /dev/null @@ -1,19 +0,0 @@ -### Expose the stats_reports_key hash to plugins. ([Issue #2728](https://github.com/apollographql/router/issues/2728)) - -This changeset exposes a new key in the context, `apollo_operation_id`, which identifies operation you can find in studio: - -``` -https://studio.apollographql.com/graph//variant//operations?query= -``` - -This new context key is exposed at various stages of the operation pipeline: - -- Execution service request -- Subgraph service request - -- Subgraph service response -- Execution service response -- Supergraph service response -- Router service response - -By [@o0Ignition0o](https://github.com/o0Ignition0o) in https://github.com/apollographql/router/pull/3586 diff --git a/.changesets/fix_garypen_3140_flush_otlp_metrics.md b/.changesets/fix_garypen_3140_flush_otlp_metrics.md deleted file mode 100644 index 2a59b526c8..0000000000 --- a/.changesets/fix_garypen_3140_flush_otlp_metrics.md +++ /dev/null @@ -1,9 +0,0 @@ -### Try to stop OTLP controllers when Telemetry is dropped ([Issue #3140](https://github.com/apollographql/router/issues/3140)) - -We already have code to specifically drop tracers and we are adding some additional logic to do the same thing with metrics exporters. - -This will improve the transmission of metrics from OTLP controllers when a router is shut down. - -fixes: #3140 - -By [@garypen](https://github.com/garypen) in https://github.com/apollographql/router/pull/3143 \ No newline at end of file diff --git a/.changesets/maint_frog_deejay_motorcar_planetarium.md b/.changesets/maint_frog_deejay_motorcar_planetarium.md deleted file mode 100644 index 49a87b2a4b..0000000000 --- a/.changesets/maint_frog_deejay_motorcar_planetarium.md +++ /dev/null @@ -1,8 +0,0 @@ -### Add OTLP exporter for Apollo metrics ([PR #3354](https://github.com/apollographql/router/pull/3354), [PR #3651](https://github.com/apollographql/router/pull/3651)) - -This PR adds an OTLP metrics exporter for a Apollo pipeline that can compliment the existing protobuf format. - -Note that new metrics of the format `apollo.router.*` are currently not stable. -Once we have added enough metrics to ensure that we are consistent then they will be stabilized and documented. - -By [@BrynCooke](https://github.com/BrynCooke) in https://github.com/apollographql/router/pull/3354 and https://github.com/apollographql/router/pull/3651 diff --git a/.changesets/maint_garypen_3587_enable_1_28_0.md b/.changesets/maint_garypen_3587_enable_1_28_0.md deleted file mode 100644 index 70275603bb..0000000000 --- a/.changesets/maint_garypen_3587_enable_1_28_0.md +++ /dev/null @@ -1,7 +0,0 @@ -### Enable checking for kubernetes 1.28.0 in kubeconform ([Issue #3587](https://github.com/apollographql/router/issues/3587)) - -Support has now been added for kubernetes `1.28.0` and we can re-enable checking. - -This is reverting the change from #3584. - -By [@garypen](https://github.com/garypen) in https://github.com/apollographql/router/pull/3638 \ No newline at end of file diff --git a/.changesets/maint_simon_rust71.md b/.changesets/maint_simon_rust71.md deleted file mode 100644 index 35e6e71e62..0000000000 --- a/.changesets/maint_simon_rust71.md +++ /dev/null @@ -1,9 +0,0 @@ -### Upgrade to Rust 1.71.1 ([PR #3536](https://github.com/apollographql/router/pull/3536)) - -This includes the fix for [CVE-2023-38497](https://blog.rust-lang.org/2023/08/03/cve-2023-38497.html). - -We’re applying the upgrade as a precaution, but we don’t have any shared multi-user environments which build the Router (whether developer workstations or other environments). This CVE would only affect users who were building the Router themselves using Cargo on such shared multi-user machines and wouldn’t affect our published binaries, the use of our Docker images, etc. - -Users building custom binaries should consider their own build environments to determine if they were impacted. - -By [@SimonSapin](https://github.com/SimonSapin) in https://github.com/apollographql/router/pull/3536 diff --git a/CHANGELOG.md b/CHANGELOG.md index 24b5b86bb8..ecd090bd8c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,118 @@ All notable changes to Router will be documented in this file. This project adheres to [Semantic Versioning v2.0.0](https://semver.org/spec/v2.0.0.html). +# [1.28.0] - 2023-08-24 + +## 🚀 Features + +### Expose the stats_reports_key hash to plugins. ([Issue #2728](https://github.com/apollographql/router/issues/2728)) + +This changeset exposes a new key in the context, `apollo_operation_id`, which identifies operation you can find in studio: + +``` +https://studio.apollographql.com/graph//variant//operations?query= +``` + +This new context key is exposed at various stages of the operation pipeline: + +- Execution service request +- Subgraph service request + +- Subgraph service response +- Execution service response +- Supergraph service response +- Router service response + +By [@o0Ignition0o](https://github.com/o0Ignition0o) in https://github.com/apollographql/router/pull/3586 + +### Adds some new (unstable) metrics ([PR #3609](https://github.com/apollographql/router/pull/3609)) + +Many of our existing metrics are poorly and inconsistently named. In addition they follow prometheus style rather than otel style. + +This PR adds some new metrics that will hopefully give us a good foundation to build upon. +New metrics are namespaced `apollo.router.operations.*`. + +Until officially documented the metrics should be treated as unstable, as we may need change the names to ensure consistency. + +By [@BrynCooke](https://github.com/BrynCooke) in https://github.com/apollographql/router/pull/3609 + +## 🐛 Fixes + +### Try to stop OTLP controllers when Telemetry is dropped ([Issue #3140](https://github.com/apollographql/router/issues/3140)) + +We already have code to specifically drop tracers and we are adding some additional logic to do the same thing with metrics exporters. + +This will improve the transmission of metrics from OTLP controllers when a router is shut down. + +fixes: #3140 + +By [@garypen](https://github.com/garypen) in https://github.com/apollographql/router/pull/3143 + +## 🛠 Maintenance + +### Enable checking for kubernetes 1.28.0 in kubeconform ([Issue #3587](https://github.com/apollographql/router/issues/3587)) + +Support has now been added for kubernetes `1.28.0` and we can re-enable checking. + +This is reverting the change from #3584. + +By [@garypen](https://github.com/garypen) in https://github.com/apollographql/router/pull/3638 + +### Upgrade to Rust 1.71.1 ([PR #3536](https://github.com/apollographql/router/pull/3536)) + +This includes the fix for [CVE-2023-38497](https://blog.rust-lang.org/2023/08/03/cve-2023-38497.html). + +We’re applying the upgrade as a precaution, but we don’t have any shared multi-user environments which build the Router (whether developer workstations or other environments). This CVE would only affect users who were building the Router themselves using Cargo on such shared multi-user machines and wouldn’t affect our published binaries, the use of our Docker images, etc. + +Users building custom binaries should consider their own build environments to determine if they were impacted. + +By [@SimonSapin](https://github.com/SimonSapin) in https://github.com/apollographql/router/pull/3536 + +### Add OTLP exporter for Apollo metrics ([PR #3354](https://github.com/apollographql/router/pull/3354), [PR #3651](https://github.com/apollographql/router/pull/3651)) + +This PR adds an OTLP metrics exporter for a Apollo pipeline that can compliment the existing protobuf format. + +Note that new metrics of the format `apollo.router.*` are currently not stable. +Once we have added enough metrics to ensure that we are consistent then they will be stabilized and documented. + +By [@BrynCooke](https://github.com/BrynCooke) in https://github.com/apollographql/router/pull/3354 and https://github.com/apollographql/router/pull/3651 + +## 📚 Documentation + +### Clarify that hot-reload does not affect Uplink-delivered config/schema ([PR #3596](https://github.com/apollographql/router/pull/3596)) + +This documentation adjustment (and small CLI help change) tries to clarify some confusion around the `--hot-reload` command line argument and the scope of it's operation. + +Concretely, the supergraph and configuration that is delivered through a [GraphOS Launch](https://www.apollographql.com/docs/graphos/delivery/launches/) (and delivered through Uplink) is _always_ loaded immediately and will take effect as soon as possible. + +On the other hand, files that are provided locally - e.g., `--config ./file.yaml` and `--supergraph ./supergraph.graphql` - are only reloaded: + +- If `--hot-reload` is passed (or if another flag infers `--hot-reload`, as is the case with `--dev`) and a supergraph or configuration is changed; or +- When the router process is sent a SIGHUP. + +Otherwise, files provided locally to the router are only re-started if the router process is completely restarted. + +By [@abernix](https://github.com/abernix) in https://github.com/apollographql/router/pull/3596 + +## 🧪 Experimental + +### Improvements to safelisting with Persisted Queries (preview) + +(The Persisted Queries feature was initially released in Router v1.25.0, as part of a private preview requiring enablement by Apollo support. The feature is now in public preview and is accessible to any enterprise GraphOS organization.) + +Several improvements to safelisting behavior based on preview feedback: + +* When the safelist is enabled (but `require_id` is not), matching now ignores the order of top-level definitions (operations and fragments) and ignored tokens (whitespace, comments, commas, etc), so that differences in these purely syntactic elements do not affect whether an operation is considered to be in the safelist. +* If introspection is enabled on the server, any operation whose top-level fields are introspection fields (`__type`, `__schema`, or `__typename`) is considered to be in the safelist. (Previously, Router instead looked for two specific introspection queries from a particular version of Apollo Sandbox if sandbox was enabled; this hard-coded check is removed.) This special case is not applied if `require_id` is enabled, so that Router never parses freeform GraphQL in this mode. +* When `log_unknown` is enabled and `apq` has not been disabled, Router now logs any operation not in the safelist as unknown, even those sent via IDs if the operation was found in the APQ cache rather than the manifest. +* When `log_unknown` and `require_id` are both enabled, Router now logs all operations that rejects (i.e., all operations sent as freeform GraphQL). Previously, Router only logged the operations that would have been rejected by the safelist feature with `require_id` disabled (i.e., operations sent as freeform GraphQL that do not match an operation in the manifest). + +As a side effect of this change, Router now re-downloads the PQ manifest when reloading configuration dynamically rather than caching it across reloads. If this causes a notable performance regression for your use case, please file an issue. + +By [@glasser](https://github.com/glasser) in https://github.com/apollographql/router/pull/3566 + + + # [1.27.0] - 2023-08-18 ## 🚀 Features diff --git a/Cargo.lock b/Cargo.lock index da9a66d821..a7c68322a5 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -274,7 +274,7 @@ dependencies = [ [[package]] name = "apollo-router" -version = "1.27.0" +version = "1.28.0" dependencies = [ "access-json", "anyhow", @@ -420,7 +420,7 @@ dependencies = [ [[package]] name = "apollo-router-benchmarks" -version = "1.27.0" +version = "1.28.0" dependencies = [ "apollo-parser 0.6.0", "apollo-router", @@ -436,7 +436,7 @@ dependencies = [ [[package]] name = "apollo-router-scaffold" -version = "1.27.0" +version = "1.28.0" dependencies = [ "anyhow", "cargo-scaffold", diff --git a/apollo-router-benchmarks/Cargo.toml b/apollo-router-benchmarks/Cargo.toml index b9e9da0946..d102871ac4 100644 --- a/apollo-router-benchmarks/Cargo.toml +++ b/apollo-router-benchmarks/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "apollo-router-benchmarks" -version = "1.27.0" +version = "1.28.0" authors = ["Apollo Graph, Inc. "] edition = "2021" license = "Elastic-2.0" diff --git a/apollo-router-scaffold/Cargo.toml b/apollo-router-scaffold/Cargo.toml index 5fe5dbd6bd..5abcda038b 100644 --- a/apollo-router-scaffold/Cargo.toml +++ b/apollo-router-scaffold/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "apollo-router-scaffold" -version = "1.27.0" +version = "1.28.0" authors = ["Apollo Graph, Inc. "] edition = "2021" license = "Elastic-2.0" diff --git a/apollo-router-scaffold/templates/base/Cargo.toml b/apollo-router-scaffold/templates/base/Cargo.toml index 6a799b7dc8..03daa69ba8 100644 --- a/apollo-router-scaffold/templates/base/Cargo.toml +++ b/apollo-router-scaffold/templates/base/Cargo.toml @@ -22,7 +22,7 @@ apollo-router = { path ="{{integration_test}}apollo-router" } apollo-router = { git="https://github.com/apollographql/router.git", branch="{{branch}}" } {{else}} # Note if you update these dependencies then also update xtask/Cargo.toml -apollo-router = "1.27.0" +apollo-router = "1.28.0" {{/if}} {{/if}} async-trait = "0.1.52" diff --git a/apollo-router-scaffold/templates/base/xtask/Cargo.toml b/apollo-router-scaffold/templates/base/xtask/Cargo.toml index 564a542555..3006c77fe1 100644 --- a/apollo-router-scaffold/templates/base/xtask/Cargo.toml +++ b/apollo-router-scaffold/templates/base/xtask/Cargo.toml @@ -13,7 +13,7 @@ apollo-router-scaffold = { path ="{{integration_test}}apollo-router-scaffold" } {{#if branch}} apollo-router-scaffold = { git="https://github.com/apollographql/router.git", branch="{{branch}}" } {{else}} -apollo-router-scaffold = { git = "https://github.com/apollographql/router.git", tag = "v1.27.0" } +apollo-router-scaffold = { git = "https://github.com/apollographql/router.git", tag = "v1.28.0" } {{/if}} {{/if}} anyhow = "1.0.58" diff --git a/apollo-router/Cargo.toml b/apollo-router/Cargo.toml index f79c1e0006..4b51c185b1 100644 --- a/apollo-router/Cargo.toml +++ b/apollo-router/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "apollo-router" -version = "1.27.0" +version = "1.28.0" authors = ["Apollo Graph, Inc. "] repository = "https://github.com/apollographql/router/" documentation = "https://docs.rs/apollo-router" diff --git a/dockerfiles/tracing/docker-compose.datadog.yml b/dockerfiles/tracing/docker-compose.datadog.yml index 8bffa5cdaf..e24fbc4ac8 100644 --- a/dockerfiles/tracing/docker-compose.datadog.yml +++ b/dockerfiles/tracing/docker-compose.datadog.yml @@ -3,7 +3,7 @@ services: apollo-router: container_name: apollo-router - image: ghcr.io/apollographql/router:v1.27.0 + image: ghcr.io/apollographql/router:v1.28.0 volumes: - ./supergraph.graphql:/etc/config/supergraph.graphql - ./router/datadog.router.yaml:/etc/config/configuration.yaml diff --git a/dockerfiles/tracing/docker-compose.jaeger.yml b/dockerfiles/tracing/docker-compose.jaeger.yml index 598912d24a..e31bc9dba0 100644 --- a/dockerfiles/tracing/docker-compose.jaeger.yml +++ b/dockerfiles/tracing/docker-compose.jaeger.yml @@ -4,7 +4,7 @@ services: apollo-router: container_name: apollo-router #build: ./router - image: ghcr.io/apollographql/router:v1.27.0 + image: ghcr.io/apollographql/router:v1.28.0 volumes: - ./supergraph.graphql:/etc/config/supergraph.graphql - ./router/jaeger.router.yaml:/etc/config/configuration.yaml diff --git a/dockerfiles/tracing/docker-compose.zipkin.yml b/dockerfiles/tracing/docker-compose.zipkin.yml index 30b915e04a..247d44e22c 100644 --- a/dockerfiles/tracing/docker-compose.zipkin.yml +++ b/dockerfiles/tracing/docker-compose.zipkin.yml @@ -4,7 +4,7 @@ services: apollo-router: container_name: apollo-router build: ./router - image: ghcr.io/apollographql/router:v1.27.0 + image: ghcr.io/apollographql/router:v1.28.0 volumes: - ./supergraph.graphql:/etc/config/supergraph.graphql - ./router/zipkin.router.yaml:/etc/config/configuration.yaml diff --git a/docs/source/containerization/docker.mdx b/docs/source/containerization/docker.mdx index 2f17d88f79..3633268802 100644 --- a/docs/source/containerization/docker.mdx +++ b/docs/source/containerization/docker.mdx @@ -11,7 +11,7 @@ The default behaviour of the router images is suitable for a quickstart or devel Note: The [docker documentation](https://docs.docker.com/engine/reference/run/) for the run command may be helpful when reading through the examples. -Note: The exact image version to use is your choice depending on which release you wish to use. In the following examples, replace `` with your chosen version. e.g.: `v1.27.0` +Note: The exact image version to use is your choice depending on which release you wish to use. In the following examples, replace `` with your chosen version. e.g.: `v1.28.0` ## Override the configuration diff --git a/docs/source/containerization/kubernetes.mdx b/docs/source/containerization/kubernetes.mdx index 7d940ec0c4..cd954c775e 100644 --- a/docs/source/containerization/kubernetes.mdx +++ b/docs/source/containerization/kubernetes.mdx @@ -13,7 +13,7 @@ import { Link } from 'gatsby'; [Helm](https://helm.sh) is the package manager for kubernetes. -There is a complete [helm chart definition](https://github.com/apollographql/router/tree/v1.27.0/helm/chart/router) in the repo which illustrates how to use helm to deploy the router in kubernetes. +There is a complete [helm chart definition](https://github.com/apollographql/router/tree/v1.28.0/helm/chart/router) in the repo which illustrates how to use helm to deploy the router in kubernetes. In both the following examples, we are using helm to install the router: - into namespace "router-deploy" (create namespace if it doesn't exist) @@ -64,10 +64,10 @@ kind: ServiceAccount metadata: name: release-name-router labels: - helm.sh/chart: router-1.27.0 + helm.sh/chart: router-1.28.0 app.kubernetes.io/name: router app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "v1.27.0" + app.kubernetes.io/version: "v1.28.0" app.kubernetes.io/managed-by: Helm --- # Source: router/templates/secret.yaml @@ -76,10 +76,10 @@ kind: Secret metadata: name: "release-name-router" labels: - helm.sh/chart: router-1.27.0 + helm.sh/chart: router-1.28.0 app.kubernetes.io/name: router app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "v1.27.0" + app.kubernetes.io/version: "v1.28.0" app.kubernetes.io/managed-by: Helm data: managedFederationApiKey: "UkVEQUNURUQ=" @@ -90,10 +90,10 @@ kind: ConfigMap metadata: name: release-name-router labels: - helm.sh/chart: router-1.27.0 + helm.sh/chart: router-1.28.0 app.kubernetes.io/name: router app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "v1.27.0" + app.kubernetes.io/version: "v1.28.0" app.kubernetes.io/managed-by: Helm data: configuration.yaml: | @@ -117,10 +117,10 @@ kind: Service metadata: name: release-name-router labels: - helm.sh/chart: router-1.27.0 + helm.sh/chart: router-1.28.0 app.kubernetes.io/name: router app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "v1.27.0" + app.kubernetes.io/version: "v1.28.0" app.kubernetes.io/managed-by: Helm spec: type: ClusterIP @@ -143,10 +143,10 @@ kind: Deployment metadata: name: release-name-router labels: - helm.sh/chart: router-1.27.0 + helm.sh/chart: router-1.28.0 app.kubernetes.io/name: router app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "v1.27.0" + app.kubernetes.io/version: "v1.28.0" app.kubernetes.io/managed-by: Helm annotations: @@ -172,7 +172,7 @@ spec: - name: router securityContext: {} - image: "ghcr.io/apollographql/router:v1.27.0" + image: "ghcr.io/apollographql/router:v1.28.0" imagePullPolicy: IfNotPresent args: - --hot-reload @@ -224,10 +224,10 @@ kind: Pod metadata: name: "release-name-router-test-connection" labels: - helm.sh/chart: router-1.27.0 + helm.sh/chart: router-1.28.0 app.kubernetes.io/name: router app.kubernetes.io/instance: release-name - app.kubernetes.io/version: "v1.27.0" + app.kubernetes.io/version: "v1.28.0" app.kubernetes.io/managed-by: Helm annotations: "helm.sh/hook": test diff --git a/helm/chart/router/Chart.yaml b/helm/chart/router/Chart.yaml index 4d097ecfd8..e974702737 100644 --- a/helm/chart/router/Chart.yaml +++ b/helm/chart/router/Chart.yaml @@ -20,10 +20,10 @@ type: application # so it matches the shape of our release process and release automation. # By proxy of that decision, this version uses SemVer 2.0.0, though the prefix # of "v" is not included. -version: 1.27.0 +version: 1.28.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "v1.27.0" \ No newline at end of file +appVersion: "v1.28.0" \ No newline at end of file diff --git a/helm/chart/router/README.md b/helm/chart/router/README.md index be23505bfe..46c6fd683f 100644 --- a/helm/chart/router/README.md +++ b/helm/chart/router/README.md @@ -2,7 +2,7 @@ [router](https://github.com/apollographql/router) Rust Graph Routing runtime for Apollo Federation -![Version: 1.27.0](https://img.shields.io/badge/Version-1.27.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.27.0](https://img.shields.io/badge/AppVersion-v1.27.0-informational?style=flat-square) +![Version: 1.28.0](https://img.shields.io/badge/Version-1.28.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.28.0](https://img.shields.io/badge/AppVersion-v1.28.0-informational?style=flat-square) ## Prerequisites @@ -11,7 +11,7 @@ ## Get Repo Info ```console -helm pull oci://ghcr.io/apollographql/helm-charts/router --version 1.27.0 +helm pull oci://ghcr.io/apollographql/helm-charts/router --version 1.28.0 ``` ## Install Chart @@ -19,7 +19,7 @@ helm pull oci://ghcr.io/apollographql/helm-charts/router --version 1.27.0 **Important:** only helm3 is supported ```console -helm upgrade --install [RELEASE_NAME] oci://ghcr.io/apollographql/helm-charts/router --version 1.27.0 --values my-values.yaml +helm upgrade --install [RELEASE_NAME] oci://ghcr.io/apollographql/helm-charts/router --version 1.28.0 --values my-values.yaml ``` _See [configuration](#configuration) below._ diff --git a/licenses.html b/licenses.html index a1779da7fb..afd55100d8 100644 --- a/licenses.html +++ b/licenses.html @@ -45,13 +45,13 @@

Third Party Licenses

Overview of licenses:

@@ -64,9 +64,8 @@

Used by:

  • aws-config
  • aws-credential-types
    • -
  • aws-endpoint
  • aws-http
    • -
  • aws-sig-auth
    • +
  • aws-runtime
  • aws-sigv4
  • aws-smithy-async
  • aws-smithy-client
    • @@ -74,6 +73,8 @@

    Used by:

  • aws-smithy-http-tower
  • aws-smithy-json
  • aws-smithy-query
    • +
  • aws-smithy-runtime
    • +
  • aws-smithy-runtime-api
  • aws-smithy-types
  • aws-smithy-xml
  • aws-types
    • @@ -451,6 +452,7 @@

    Used by:

    Apache License 2.0

    Used by:

      +
    • deranged
    • time
    • time-core
    • time-macros
      • @@ -3989,6 +3991,7 @@

      Used by:

      • anyhow
      • async-trait
        • +
      • basic-toml
      • dyn-clone
      • erased-serde
      • ghost
        • @@ -7140,16 +7143,14 @@

        Used by:

        • addr2line
        • ahash
          • -
        • ahash
        • arbitrary
        • arc-swap
        • async-channel
          • -
        • async-compression
          • +
        • async-compression
        • autocfg
        • backtrace
        • base64
        • base64
          • -
        • base64
        • bitflags
        • bitflags
        • bstr
          • @@ -7165,6 +7166,7 @@

          Used by:

        • countme
        • crossbeam-channel
        • crossbeam-utils
          • +
        • debugid
        • derivative
        • derive_arbitrary
        • either
          • @@ -7195,7 +7197,6 @@

          Used by:

        • hermit-abi
        • httparse
        • humantime-serde
          • -
        • hyper-rustls
        • hyper-rustls
        • hyper-timeout
        • idna
          • @@ -7204,6 +7205,7 @@

          Used by:

        • indexmap
        • inventory
        • itertools
          • +
        • itertools
        • jobserver
        • js-sys
        • lazy_static
          • @@ -7218,6 +7220,7 @@

          Used by:

        • mockall
        • mockall_derive
        • multimap
          • +
        • multimap
        • num
        • num-bigint
        • num-bigint-dig
          • @@ -7288,6 +7291,7 @@

          Used by:

        • thread_local
        • threadpool
        • tikv-jemalloc-sys
          • +
        • tikv-jemallocator
        • toml
        • toml_datetime
        • toml_edit
          • @@ -10491,11 +10495,7 @@

          Apache License 2.0

          Used by:

          ../../LICENSE-APACHE
          @@ -11146,7 +11146,10 @@

          Used by:

          Apache License 2.0

          Used by:

            -
          • askama_shared
            • +
          • apollo-compiler
            • +
          • apollo-encoder
            • +
          • apollo-parser
            • +
          • apollo-smith
          • block-modes
          • curve25519-dalek-derive
          • deadpool-runtime
            • @@ -11162,7 +11165,6 @@

            Used by:

          • num-cmp
          • rhai_codegen
          • thrift
            • -
          • tikv-jemallocator
          • try_match_inner
          • try_match_inner
          • unic-char-property
            • @@ -11247,6 +11249,26 @@

            Used by:

            See the License for the specific language governing permissions and limitations under the License. + +
          • +

            Apache License 2.0

            +

            Used by:

            + + 
            Copyright 2023 The allocator-api2 project developers
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

          • Apache License 2.0

            @@ -11379,6 +11401,43 @@

            Used by:

            // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +
            • +
          • +

            BSD 3-Clause "New" or "Revised" License

            +

            Used by:

            + + 
            BSD 3-Clause License
+
+Copyright (c) 2013, Julien Schmidt
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this
+   list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice,
+   this list of conditions and the following disclaimer in the documentation
+   and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from
+   this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
          • @@ -11407,7 +11466,7 @@

            Used by:

            BSD 3-Clause "New" or "Revised" License

            Used by:

            Copyright (c) 2016 by Armin Ronacher.
 
@@ -11537,79 +11596,6 @@ 
            Used by:
            
 contributors may be used to endorse or promote products derived from
 this software without specific prior written permission.
 
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
-IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
-OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
            -
            • -
          • -

            BSD 3-Clause "New" or "Revised" License

            -

            Used by:

            - - 
            Copyright (c) 2016-2021 isis agora lovecruft. All rights reserved.
-Copyright (c) 2016-2021 Henry de Valence. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-1. Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-notice, this list of conditions and the following disclaimer in the
-documentation and/or other materials provided with the distribution.
-
-3. Neither the name of the copyright holder nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
-IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
-HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
-TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
-PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
-LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
-NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 
-
-========================================================================
-
-Portions of curve25519-dalek were originally derived from Adam Langley's
-Go ed25519 implementation, found at <https://github.com/agl/ed25519/>,
-under the following licence:
-
-========================================================================
-
-Copyright (c) 2012 The Go Authors. All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-   * Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-   * Redistributions in binary form must reproduce the above
-copyright notice, this list of conditions and the following disclaimer
-in the documentation and/or other materials provided with the
-distribution.
-   * Neither the name of Google Inc. nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
 IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
 TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
@@ -11700,6 +11686,7 @@ 
            BSD 3-Clause "New" or "Revised" Licens
                 
            Used by:
            
                 
                 
            Copyright (c) <year> <owner>. 
 
@@ -11753,6 +11740,53 @@ 
            Creative Commons Zero v1.0 Universal
            
                 
            Used by:
            
                 
+                
            Creative Commons CC0 1.0 Universal
+
+<<beginOptional;name=ccOptionalIntro>> CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED HEREUNDER.  <<endOptional>>
+
+Statement of Purpose
+
+The laws of most jurisdictions throughout the world automatically confer exclusive Copyright and Related Rights (defined below) upon the creator and subsequent owner(s) (each and all, an "owner") of an original work of authorship and/or a database (each, a "Work").
+
+Certain owners wish to permanently relinquish those rights to a Work for the purpose of contributing to a commons of creative, cultural and scientific works ("Commons") that the public can reliably and without fear of later claims of infringement build upon, modify, incorporate in other works, reuse and redistribute as freely as possible in any form whatsoever and for any purposes, including without limitation commercial purposes. These owners may contribute to the Commons to promote the ideal of a free culture and the further production of creative, cultural and scientific works, or to gain reputation or greater distribution for their Work in part through the use and efforts of others.
+
+For these and/or other purposes and motivations, and without any expectation of additional consideration or compensation, the person associating CC0 with a Work (the "Affirmer"), to the extent that he or she is an owner of Copyright and Related Rights in the Work, voluntarily elects to apply CC0 to the Work and publicly distribute the Work under its terms, with knowledge of his or her Copyright and Related Rights in the Work and the meaning and intended legal effect of CC0 on those rights.
+
+1. Copyright and Related Rights. A Work made available under CC0 may be protected by copyright and related or neighboring rights ("Copyright and Related Rights"). Copyright and Related Rights include, but are not limited to, the following:
+
+     i. the right to reproduce, adapt, distribute, perform, display, communicate, and translate a Work;
+
+     ii. moral rights retained by the original author(s) and/or performer(s);
+
+     iii. publicity and privacy rights pertaining to a person's image or likeness depicted in a Work;
+
+     iv. rights protecting against unfair competition in regards to a Work, subject to the limitations in paragraph 4(a), below;
+
+     v. rights protecting the extraction, dissemination, use and reuse of data in a Work;
+
+     vi. database rights (such as those arising under Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases, and under any national implementation thereof, including any amended or successor version of such directive); and
+
+     vii. other similar, equivalent or corresponding rights throughout the world based on applicable law or treaty, and any national implementations thereof.
+
+2. Waiver. To the greatest extent permitted by, but not in contravention of, applicable law, Affirmer hereby overtly, fully, permanently, irrevocably and unconditionally waives, abandons, and surrenders all of Affirmer's Copyright and Related Rights and associated claims and causes of action, whether now known or unknown (including existing as well as future claims and causes of action), in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each member of the public at large and to the detriment of Affirmer's heirs and successors, fully intending that such Waiver shall not be subject to revocation, rescission, cancellation, termination, or any other legal or equitable action to disrupt the quiet enjoyment of the Work by the public as contemplated by Affirmer's express Statement of Purpose.
+
+3. Public License Fallback. Should any part of the Waiver for any reason be judged legally invalid or ineffective under applicable law, then the Waiver shall be preserved to the maximum extent permitted taking into account Affirmer's express Statement of Purpose. In addition, to the extent the Waiver is so judged Affirmer hereby grants to each affected person a royalty-free, non transferable, non sublicensable, non exclusive, irrevocable and unconditional license to exercise Affirmer's Copyright and Related Rights in the Work (i) in all territories worldwide, (ii) for the maximum duration provided by applicable law or treaty (including future time extensions), (iii) in any current or future medium and for any number of copies, and (iv) for any purpose whatsoever, including without limitation commercial, advertising or promotional purposes (the "License"). The License shall be deemed effective as of the date CC0 was applied by Affirmer to the Work. Should any part of the License for any reason be judged legally invalid or ineffective under applicable law, such partial invalidity or ineffectiveness shall not invalidate the remainder of the License, and in such case Affirmer hereby affirms that he or she will not (i) exercise any of his or her remaining Copyright and Related Rights in the Work or (ii) assert any associated claims and causes of action with respect to the Work, in either case contrary to Affirmer's express Statement of Purpose.
+
+4. Limitations and Disclaimers.
+
+     a. No trademark or patent rights held by Affirmer are waived, abandoned, surrendered, licensed or otherwise affected by this document.
+
+     b. Affirmer offers the Work as-is and makes no representations or warranties of any kind concerning the Work, express, implied, statutory or otherwise, including without limitation warranties of title, merchantability, fitness for a particular purpose, non infringement, or the absence of latent or other defects, accuracy, or the present or absence of errors, whether or not discoverable, all to the greatest extent permissible under applicable law.
+
+     c. Affirmer disclaims responsibility for clearing rights of other persons that may apply to the Work or any use thereof, including without limitation any person's Copyright and Related Rights in the Work. Further, Affirmer disclaims responsibility for obtaining any necessary consents, permissions or other rights required for any use of the Work.
+
+     d. Affirmer understands and acknowledges that Creative Commons is not a party to this document and has no duty or obligation with respect to this CC0 or use of the Work. 
            
+
            • +
          • +

            Creative Commons Zero v1.0 Universal

            +

            Used by:

            + 
            Creative Commons Legal Code
@@ -11986,9 +12020,9 @@ 
            Used by:
            
                 
-                
            Elastic License 2.0
+                
            Copyright 2021 Apollo Graph, Inc.
 
-URL: https://www.elastic.co/licensing/elastic-license
+Elastic License 2.0
 
 ## Acceptance
 
@@ -12079,6 +12113,8 @@ 
            Used by:
            
 **use** means anything you do with the software requiring one of your licenses.
 
 **trademark** means trademarks, service marks, and similar rights.
+
+--------------------------------------------------------------------------------
          • @@ -12176,6 +12212,36 @@

            Used by:

            // WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN // ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF // OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +
            • +
          • +

            ISC License

            +

            Used by:

            + + 
            // Copyright 2021 Brian Smith.
+//
+// Permission to use, copy, modify, and/or distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHORS DISCLAIM ALL WARRANTIES
+// WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+// MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR
+// ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+// WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+// ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+// OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+#[test]
+fn cert_without_extensions_test() {
+    // Check the certificate is valid with
+    // `openssl x509 -in cert_without_extensions.der -inform DER -text -noout`
+    const CERT_WITHOUT_EXTENSIONS_DER: &[u8] = include_bytes!("cert_without_extensions.der");
+
+    assert!(webpki::EndEntityCert::try_from(CERT_WITHOUT_EXTENSIONS_DER).is_ok());
+}
          • @@ -12272,7 +12338,6 @@

            ISC License

            Used by:

            ISC License:
 
@@ -12709,7 +12774,7 @@ 
            MIT License
            
                 
            Used by:
            
                 
                 
            Copyright (c) 2016 William Orr <will@worrbase.com>
 
@@ -14060,6 +14125,7 @@ 
            Used by:
            
                     
          • difflib
            • 
                     
          • jsonschema
            • 
                     
          • lazy-regex-proc_macros
            • 
+                    
          • nu-ansi-term
            • 
                     
          • serde_v8
            • 
                     
          • v8
            • 
                     
          • valuable
            • 
@@ -14299,7 +14365,6 @@ 
            MIT License
            
                 
            Used by:
            
                 
                 
            The MIT License (MIT)
 
@@ -14418,7 +14483,6 @@ 
            Used by:
            
                 
            MIT License
            
                 
            Used by:
            
                 
              
-                    
            • aho-corasick
              • 
                     
            • aho-corasick
              • 
                     
            • byteorder
              • 
                     
            • globset
              • 
@@ -15037,10 +15101,8 @@ 
              Used by:
              
                 
              MIT License
              
                 
              Used by:
              
                 
                
-                    
              • aho-corasick
                • 
                     
              • aho-corasick
                • 
                     
              • byteorder
                • 
-                    
              • globset
                • 
                     
              • memchr
                • 
                     
              • regex-automata
                • 
                     
              • same-file
                • 
@@ -15449,6 +15511,7 @@ 
                Mozilla Public License 2.0
                
                 
                Used by:
                
                 
                 
                Mozilla Public License Version 2.0
 ==================================
@@ -15823,35 +15886,6 @@ 
                Used by:
                
 
   This Source Code Form is "Incompatible With Secondary Licenses", as
   defined by the Mozilla Public License, v. 2.0.
-
                
-            
-            
              • 
-                
                Mozilla Public License 2.0
                
-                
                Used by:
                
-                
-                
                This packge contains a modified version of ca-bundle.crt:
-
-ca-bundle.crt -- Bundle of CA Root Certificates
-
-Certificate data from Mozilla as of: Thu Nov  3 19:04:19 2011#
-This is a bundle of X.509 certificates of public Certificate Authorities
-(CA). These were automatically extracted from Mozilla's root certificates
-file (certdata.txt).  This file can be found in the mozilla source tree:
-http://mxr.mozilla.org/mozilla/source/security/nss/lib/ckfw/builtins/certdata.txt?raw=1#
-It contains the certificates in PEM format and therefore
-can be directly used with curl / libcurl / php_curl, or with
-an Apache+mod_ssl webserver for SSL client authentication.
-Just configure this file as the SSLCACertificateFile.#
-
-***** BEGIN LICENSE BLOCK *****
-This Source Code Form is subject to the terms of the Mozilla Public License,
-v. 2.0. If a copy of the MPL was not distributed with this file, You can obtain
-one at http://mozilla.org/MPL/2.0/.
-
-***** END LICENSE BLOCK *****
-@(#) $RCSfile: certdata.txt,v $ $Revision: 1.80 $ $Date: 2011/11/03 15:11:58 $
 
                
             
                • 
             
              • 
diff --git a/scripts/install.sh b/scripts/install.sh
index d96e44fcb6..c1fa5d20ab 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -11,7 +11,7 @@ BINARY_DOWNLOAD_PREFIX="https://github.com/apollographql/router/releases/downloa
 
 # Router version defined in apollo-router's Cargo.toml
 # Note: Change this line manually during the release steps.
-PACKAGE_VERSION="v1.27.0"
+PACKAGE_VERSION="v1.28.0"
 
 download_binary() {
     downloader --check

From 43dbf05f83ef530759a29e4f0f2c55d5c605be2f Mon Sep 17 00:00:00 2001
From: bryn 
Date: Thu, 24 Aug 2023 16:21:49 +0100
Subject: [PATCH 2/6] Update federation matrix

---
 docs/source/federation-version-support.mdx | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/docs/source/federation-version-support.mdx b/docs/source/federation-version-support.mdx
index 5dc15857ef..42b22f5f4d 100644
--- a/docs/source/federation-version-support.mdx
+++ b/docs/source/federation-version-support.mdx
@@ -27,7 +27,23 @@ The table below shows which version of federation each router release is compile
     
     
         
-            v1.24.0 and later (see latest releases)
+            v1.28.0 and later (see latest releases)
+        
+        
+            2.5.1
+        
+    
+    
+        
+            v1.25.0 - v1.27.0
+        
+        
+            2.4.10
+        
+    
+    
+        
+            v1.24.0
         
         
             2.4.9
@@ -35,7 +51,7 @@ The table below shows which version of federation each router release is compile
     
     
         
-            v1.21.0 and later (see latest releases)
+            v1.21.0 - v1.23.0
         
         
             2.4.8

From 66245a2fd488b685ee9a0e820f80e8cbc72e2aa8 Mon Sep 17 00:00:00 2001
From: bryn 
Date: Thu, 24 Aug 2023 16:42:12 +0100
Subject: [PATCH 3/6] Initial changelog editorial

---
 CHANGELOG.md | 39 +++++++++++++++------------------------
 1 file changed, 15 insertions(+), 24 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ecd090bd8c..6fcb9e747f 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,17 +10,16 @@ This project adheres to [Semantic Versioning v2.0.0](https://semver.org/spec/v2.
 
 ### Expose the stats_reports_key hash to plugins. ([Issue #2728](https://github.com/apollographql/router/issues/2728))
 
-This changeset exposes a new key in the context, `apollo_operation_id`, which identifies operation you can find in studio:
+This changeset exposes a new key in the Context, `apollo_operation_id`, which identifies operation you can find in studio:
 
 ```
 https://studio.apollographql.com/graph//variant//operations?query=
 ```
 
-This new context key is exposed at various stages of the operation pipeline:
+The `apollo_operation_id` context key is exposed during:
 
 - Execution service request
 - Subgraph service request
-
 - Subgraph service response
 - Execution service response
 - Supergraph service response
@@ -28,26 +27,23 @@ This new context key is exposed at various stages of the operation pipeline:
 
 By [@o0Ignition0o](https://github.com/o0Ignition0o) in https://github.com/apollographql/router/pull/3586
 
-### Adds some new (unstable) metrics ([PR #3609](https://github.com/apollographql/router/pull/3609))
+### Add new (unstable) metrics ([PR #3609](https://github.com/apollographql/router/pull/3609))
 
-Many of our existing metrics are poorly and inconsistently named. In addition they follow prometheus style rather than otel style.
+Many of our existing metrics are poorly and inconsistently named. In addition, they follow Prometheus style rather than Otel style.
 
-This PR adds some new metrics that will hopefully give us a good foundation to build upon.
+This changeset adds some new metrics that will give us a good foundation to build upon.
 New metrics are namespaced `apollo.router.operations.*`.
 
-Until officially documented the metrics should be treated as unstable, as we may need change the names to ensure consistency.
+These metrics should be treated as unstable and may change in the future.
 
 By [@BrynCooke](https://github.com/BrynCooke) in https://github.com/apollographql/router/pull/3609
 
 ## 🐛 Fixes
 
-### Try to stop OTLP controllers when Telemetry is dropped ([Issue #3140](https://github.com/apollographql/router/issues/3140))
-
-We already have code to specifically drop tracers and we are adding some additional logic to do the same thing with metrics exporters.
-
-This will improve the transmission of metrics from OTLP controllers when a router is shut down.
+### Flush metrics when Router reloads or shuts down ([Issue #3140](https://github.com/apollographql/router/issues/3140))
 
-fixes: #3140
+When the Router either reloads or shuts down it now flushes metrics.
+Push metrics exporters such as OTLP would have previously missed some metrics, in particular thouse related to reload events.  
 
 By [@garypen](https://github.com/garypen) in https://github.com/apollographql/router/pull/3143
 
@@ -55,9 +51,9 @@ By [@garypen](https://github.com/garypen) in https://github.com/apollographql/ro
 
 ### Enable checking for kubernetes 1.28.0 in kubeconform ([Issue #3587](https://github.com/apollographql/router/issues/3587))
 
-Support has now been added for kubernetes `1.28.0` and we can re-enable checking.
+Kubeconform now supports kubernetes `1.28.0` and we have re-enabled manifest verification in CI.
 
-This is reverting the change from #3584.
+This reverts #3584.
 
 By [@garypen](https://github.com/garypen) in https://github.com/apollographql/router/pull/3638
 
@@ -65,9 +61,7 @@ By [@garypen](https://github.com/garypen) in https://github.com/apollographql/ro
 
 This includes the fix for [CVE-2023-38497](https://blog.rust-lang.org/2023/08/03/cve-2023-38497.html).
 
-We’re applying the upgrade as a precaution, but we don’t have any shared multi-user environments which  build the Router (whether developer workstations or other environments). This CVE would only affect users who were building the Router themselves using Cargo on such shared multi-user machines and wouldn’t affect our published binaries, the use of our Docker images, etc.
-
-Users building custom binaries should consider their own build environments to determine if they were impacted.
+Although Apollo was not affecter, users building custom binaries should consider their own build environments to determine if they were impacted.
 
 By [@SimonSapin](https://github.com/SimonSapin) in https://github.com/apollographql/router/pull/3536
 
@@ -75,16 +69,13 @@ By [@SimonSapin](https://github.com/SimonSapin) in https://github.com/apollograp
 
 This PR adds an OTLP metrics exporter for a Apollo pipeline that can compliment the existing protobuf format.
 
-Note that new metrics of the format `apollo.router.*` are currently not stable.
-Once we have added enough metrics to ensure that we are consistent then they will be stabilized and documented.
-
 By [@BrynCooke](https://github.com/BrynCooke) in https://github.com/apollographql/router/pull/3354 and https://github.com/apollographql/router/pull/3651
 
 ## 📚 Documentation
 
 ### Clarify that hot-reload does not affect Uplink-delivered config/schema ([PR #3596](https://github.com/apollographql/router/pull/3596))
 
-This documentation adjustment (and small CLI help change) tries to clarify some confusion around the `--hot-reload` command line argument and the scope of it's operation.
+This documentation adjustment (and small CLI help change) tries to clarify some confusion around the `--hot-reload` command line argument and the scope of its operation.
 
 Concretely, the supergraph and configuration that is delivered through a [GraphOS Launch](https://www.apollographql.com/docs/graphos/delivery/launches/) (and delivered through Uplink) is _always_ loaded immediately and will take effect as soon as possible.
 
@@ -93,7 +84,7 @@ On the other hand, files that are provided locally - e.g., `--config ./file.yaml
 - If `--hot-reload` is passed (or if another flag infers `--hot-reload`, as is the case with `--dev`) and a supergraph or configuration is changed; or
 - When the router process is sent a SIGHUP.
 
-Otherwise, files provided locally to the router are only re-started if the router process is completely restarted.
+Otherwise, files provided locally to the router are only re-reloaded if the router process is completely restarted.
 
 By [@abernix](https://github.com/abernix) in https://github.com/apollographql/router/pull/3596
 
@@ -9248,4 +9239,4 @@ See our [release stages] for more information.
 
   But the lack of clarity goes back to not having kept track of everything thus far! We can _fix_ our processes to keep track of these things! :smile_cat:
 
-# [0.1.0] - TBA
\ No newline at end of file
+# [0.1.0] - TBA

From b53670bb2039e4cb984e9b199b33ccd131a9001f Mon Sep 17 00:00:00 2001
From: bryn 
Date: Thu, 24 Aug 2023 16:52:21 +0100
Subject: [PATCH 4/6] Initial changelog editorial

---
 CHANGELOG.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6fcb9e747f..e3ce2771d0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -61,7 +61,7 @@ By [@garypen](https://github.com/garypen) in https://github.com/apollographql/ro
 
 This includes the fix for [CVE-2023-38497](https://blog.rust-lang.org/2023/08/03/cve-2023-38497.html).
 
-Although Apollo was not affecter, users building custom binaries should consider their own build environments to determine if they were impacted.
+Although Apollo was not affected, users building custom binaries should consider their own build environments to determine if they were impacted.
 
 By [@SimonSapin](https://github.com/SimonSapin) in https://github.com/apollographql/router/pull/3536
 
@@ -98,8 +98,8 @@ Several improvements to safelisting behavior based on preview feedback:
 
 * When the safelist is enabled (but `require_id` is not), matching now ignores the order of top-level definitions (operations and fragments) and ignored tokens (whitespace, comments, commas, etc), so that differences in these purely syntactic elements do not affect whether an operation is considered to be in the safelist.
 * If introspection is enabled on the server, any operation whose top-level fields are introspection fields (`__type`, `__schema`, or `__typename`) is considered to be in the safelist. (Previously, Router instead looked for two specific introspection queries from a particular version of Apollo Sandbox if sandbox was enabled; this hard-coded check is removed.) This special case is not applied if `require_id` is enabled, so that Router never parses freeform GraphQL in this mode.
-* When `log_unknown` is enabled and `apq` has not been disabled, Router now logs any operation not in the safelist as unknown, even those sent via IDs if the operation was found in the APQ cache rather than the manifest.
-* When `log_unknown` and `require_id` are both enabled, Router now logs all operations that rejects (i.e., all operations sent as freeform GraphQL). Previously, Router only logged the operations that would have been rejected by the safelist feature with `require_id` disabled (i.e., operations sent as freeform GraphQL that do not match an operation in the manifest).
+* When `log_unknown` is enabled and `apq` has not been disabled, the Router now logs any operation not in the safelist as unknown, even those sent via IDs if the operation was found in the APQ cache rather than the manifest.
+* When `log_unknown` and `require_id` are both enabled, the Router now logs all operations that rejects (i.e., all operations sent as freeform GraphQL). Previously, Router only logged the operations that would have been rejected by the safelist feature with `require_id` disabled (i.e., operations sent as freeform GraphQL that do not match an operation in the manifest).
 
 As a side effect of this change, Router now re-downloads the PQ manifest when reloading configuration dynamically rather than caching it across reloads. If this causes a notable performance regression for your use case, please file an issue.
 

From 8a0c6652eb2560186cabcb9473a7efa17c491d22 Mon Sep 17 00:00:00 2001
From: Bryn Cooke 
Date: Fri, 25 Aug 2023 09:57:58 +0100
Subject: [PATCH 5/6] Apply suggestions from code review

Co-authored-by: Jesse Rosenberger 
---
 CHANGELOG.md | 18 +++++-------------
 1 file changed, 5 insertions(+), 13 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e3ce2771d0..1608c6a64b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -8,9 +8,9 @@ This project adheres to [Semantic Versioning v2.0.0](https://semver.org/spec/v2.
 
 ## 🚀 Features
 
-### Expose the stats_reports_key hash to plugins. ([Issue #2728](https://github.com/apollographql/router/issues/2728))
+### Expose the `stats_reports_key` hash to plugins. ([Issue #2728](https://github.com/apollographql/router/issues/2728))
 
-This changeset exposes a new key in the Context, `apollo_operation_id`, which identifies operation you can find in studio:
+This exposes a new key in the `Context`, `apollo_operation_id`, which identifies operation you can find in studio:
 
 ```
 https://studio.apollographql.com/graph//variant//operations?query=
@@ -43,20 +43,12 @@ By [@BrynCooke](https://github.com/BrynCooke) in https://github.com/apollographq
 ### Flush metrics when Router reloads or shuts down ([Issue #3140](https://github.com/apollographql/router/issues/3140))
 
 When the Router either reloads or shuts down it now flushes metrics.
-Push metrics exporters such as OTLP would have previously missed some metrics, in particular thouse related to reload events.  
+Push metrics exporters, such as OTLP, would have previously missed some metrics — in particular those related to _reload_ events.
 
 By [@garypen](https://github.com/garypen) in https://github.com/apollographql/router/pull/3143
 
 ## 🛠 Maintenance
 
-### Enable checking for kubernetes 1.28.0 in kubeconform ([Issue #3587](https://github.com/apollographql/router/issues/3587))
-
-Kubeconform now supports kubernetes `1.28.0` and we have re-enabled manifest verification in CI.
-
-This reverts #3584.
-
-By [@garypen](https://github.com/garypen) in https://github.com/apollographql/router/pull/3638
-
 ### Upgrade to Rust 1.71.1 ([PR #3536](https://github.com/apollographql/router/pull/3536))
 
 This includes the fix for [CVE-2023-38497](https://blog.rust-lang.org/2023/08/03/cve-2023-38497.html).
@@ -65,9 +57,9 @@ Although Apollo was not affected, users building custom binaries should consider
 
 By [@SimonSapin](https://github.com/SimonSapin) in https://github.com/apollographql/router/pull/3536
 
-### Add OTLP exporter for Apollo metrics ([PR #3354](https://github.com/apollographql/router/pull/3354), [PR #3651](https://github.com/apollographql/router/pull/3651))
+### Add Apollo OpenTelemetry metrics ([PR #3354](https://github.com/apollographql/router/pull/3354), [PR #3651](https://github.com/apollographql/router/pull/3651))
 
-This PR adds an OTLP metrics exporter for a Apollo pipeline that can compliment the existing protobuf format.
+We've added an OpenTelemetry metrics exporter which compliments and builds upon our existing Apollo Studio Protobuf format for metric transmission.
 
 By [@BrynCooke](https://github.com/BrynCooke) in https://github.com/apollographql/router/pull/3354 and https://github.com/apollographql/router/pull/3651
 

From adc30d3f54e1a64c7809b33ec5ca9336f08e1fe5 Mon Sep 17 00:00:00 2001
From: bryn 
Date: Fri, 25 Aug 2023 10:05:49 +0100
Subject: [PATCH 6/6] Changelog editorial

---
 CHANGELOG.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1608c6a64b..ca7d6f00db 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -89,9 +89,12 @@ By [@abernix](https://github.com/abernix) in https://github.com/apollographql/ro
 Several improvements to safelisting behavior based on preview feedback:
 
 * When the safelist is enabled (but `require_id` is not), matching now ignores the order of top-level definitions (operations and fragments) and ignored tokens (whitespace, comments, commas, etc), so that differences in these purely syntactic elements do not affect whether an operation is considered to be in the safelist.
-* If introspection is enabled on the server, any operation whose top-level fields are introspection fields (`__type`, `__schema`, or `__typename`) is considered to be in the safelist. (Previously, Router instead looked for two specific introspection queries from a particular version of Apollo Sandbox if sandbox was enabled; this hard-coded check is removed.) This special case is not applied if `require_id` is enabled, so that Router never parses freeform GraphQL in this mode.
+* If introspection is enabled on the server, any operation whose top-level fields are introspection fields (`__type`, `__schema`, or `__typename`) is considered to be in the safelist.
+  This special case is not applied if `require_id` is enabled, so that Router never parses freeform GraphQL in this mode.
 * When `log_unknown` is enabled and `apq` has not been disabled, the Router now logs any operation not in the safelist as unknown, even those sent via IDs if the operation was found in the APQ cache rather than the manifest.
-* When `log_unknown` and `require_id` are both enabled, the Router now logs all operations that rejects (i.e., all operations sent as freeform GraphQL). Previously, Router only logged the operations that would have been rejected by the safelist feature with `require_id` disabled (i.e., operations sent as freeform GraphQL that do not match an operation in the manifest).
+* When `log_unknown` and `require_id` are both enabled, the Router now logs all operations that rejects (i.e., all operations sent as freeform GraphQL). 
+
+  Previously, the Router only logged the operations that would have been rejected by the safelist feature with `require_id` disabled (i.e., operations sent as freeform GraphQL that do not match an operation in the manifest).
 
 As a side effect of this change, Router now re-downloads the PQ manifest when reloading configuration dynamically rather than caching it across reloads. If this causes a notable performance regression for your use case, please file an issue.