fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@apollo/rover	^0.26.3 -> ^0.27.0
@graphql-hive/core (source)	^0.8.1 -> ^0.9.0
@​types/json-stable-stringify	1.1.0 -> 1.2.0

---

Release Notes

apollographql/rover (@​apollo/rover)

v0.27.0

Compare Source

Important: 3 potentially breaking changes below, indicated by ❗ BREAKING ❗

If using Rover with Connectors, you will need to specify APOLLO_ROVER_DEV_ROUTER_VERSION=2.0.0-preview.X when using rover dev

❗ BREAKING ❗

• Make paths in supergraph.yaml resolve relative to the location of the supergraph.yaml file - @​jonathanrainer PR #​2119

  To support the new Apollo Language Server it is now the case that any paths expressed in the supergraph.yaml file will
  be resolved relative to the file's location on disk, not the location that Rover is running in, at the time.

• Remove fed2 command - @​aaronArinder PR #​2222

  This was a deprecated, hidden, unused command that was for early Federation 2.0 testing. This command has not been
  invoked for a very long time.

• Remove ability to start multiple rover dev sessions - @​jonathanrainer PR #​2352

  Now that Rover supports hot-reloading from supergraph.yaml files we've removed the ability to start multiple
  rover dev sessions, in multiple terminal windows, and have them communicate with each other.

🚀 Features

• Apollo Language Server - @​jonathanrainer

  This brand-new feature aids in subgraph development and also supports connectors. It enhances Apollo tools such as the schema proposals editor and recent versions of IDE plugins and extensions by providing federation-aware syntax highlighting, validation, autocompletion, and more

  PRs Included

  • #​2272
  • #​2345
  • #​2354
  • #​2364
  • #​2369
  • #​2386
  • #​2389

• New version of rover dev - @​dotdat @​aaronArinder @​loshz @​monkpow @​jonathanrainer

  In this version of Rover there is a new version of rover dev built upon a completely new implementation of the
  composition pipeline inside of Rover. This not only allows a better functioning rover dev with more features, but
  it also supports the new Apollo Language Server, for use with Connectors!

  In addition, it also supports hot-reloading of the supergraph.yaml file, subgraphs can be added, removed or edited,
  and this will be all be reflected in the running rover dev session!

  PRs Included

  • #​2118
  • #​2127
  • #​2130
  • #​2131
  • #​2132
  • #​2138
  • #​2141
  • #​2142
  • #​2144
  • #​2145
  • #​2146
  • #​2147
  • #​2149
  • #​2150
  • #​2152
  • #​2154
  • #​2156
  • #​2157
  • #​2158
  • #​2159
  • #​2160
  • #​2163
  • #​2166
  • #​2167
  • #​2171
  • #​2172
  • #​2177
  • #​2178
  • #​2179
  • #​2184
  • #​2189
  • #​2204
  • #​2205
  • #​2207
  • #​2208
  • #​2209
  • #​2210
  • #​2211
  • #​2214
  • #​2223
  • #​2228
  • #​2229
  • #​2251
  • #​2253
  • #​2257
  • #​2267
  • #​2268
  • #​2274
  • #​2282
  • #​2283
  • #​2285
  • #​2288
  • #​2289
  • #​2305
  • #​2308
  • #​2309
  • #​2310
  • #​2311
  • #​2312
  • #​2314
  • #​2316
  • #​2318
  • #​2319
  • #​2320
  • #​2321
  • #​2322
  • #​2326
  • #​2327
  • #​2328
  • #​2329
  • #​2330
  • #​2331
  • #​2332
  • #​2334
  • #​2335
  • #​2336
  • #​2338
  • #​2339
  • #​2340
  • #​2341
  • #​2342
  • #​2343
  • #​2344
  • #​2355
  • #​2356
  • #​2357
  • #​2358
  • #​2360
  • #​2361
  • #​2362
  • #​2365
  • #​2370
  • #​2371
  • #​2374
  • #​2379
  • #​2383
  • #​2384

• Add ability to hot-reload federation_version in supergraph.yaml - @​jonathanrainer PR #​2347

  Rover now has the ability to account for changes in the federation_version field of the supergraph.yaml file,
  while it is running.

• Enabling Remote Proxy Downloads - @​LongLiveCHIEF @​jonathanrainer PR #​2254 #​2372

  Rover now has the ability to be installed from a remote proxy, via the use of environment variables.

• Display the results of custom check tasks - @​swcollard PR #​2087

  Rover now has the ability to print out results of CustomCheckTasks from the Platform API

🐛 Fixes

• Stop Running Router with logs at TRACE level - @​nmoutschen PR #​2143

  We were running the Router at TRACE level logging, which was causing queries to not complete in some cases

• Stop rover dev session if router binary crashes - @​jonathanrainer PR #​2382

  In the past we let the rover dev session continue if the router binary crashed, which led to a misleading state
  of affairs, this has now been fixed.

🛠 Maintenance

• Consolidate Rover Tests - @​jonathanrainer PR #​2095

  Removes old tests now that the E2E tests are more mature and consolidates our examples to clean up the codebase

• Implement breaking changes for apollo-federation-types 0.14 - @​dylan-apollo PR #​2104

• Update apollographql/router to v1.55.0 - @​jonathanrainer PR #​2123

• Update rust crates - @​jonathanrainer PR #​2129

  Includes octocrab to v0.41.0, rstest to v0.23.0 and tower-http to v0.6.0

• Update rust crates - @​jonathanrainer PR #​2136

  Includes git-url-parse to v0.4.5 and tower to v0.5.1

• Update node.js packages - @​jonathanrainer PR #​2137

  Includes concurrently to v9.0.1, eslint to v9.11.1 and nodemon to 3.1.7

• Update apollo-federation-types to v0.14.1 - @​loshz PR #​2161

• Downgrade openssl-src to v300.3.1+3.3.1 - @​aaronArinder PR #​2174

• Fix integration tests against the supergraph-demo repo - @​dotdat PR #​2175

• Refactor Fs::watch_file to be more async - @​dotdat PR #​2176

• Fix Windows tests for rover_std - @​aaronArinder PR #​2180

• Cleanup Fs tests - @​dotdat PR #​2182

• Strip ANSI codes from lint/custom validations tests - @​dotdat PR #​2183

• Update apollographql/router to v1.56.0 - @​jonathanrainer PR #​2123

• Fix Smoke Test Payload to be valid JSON and add test timeout - @​jonathanrainer PR #​2191

• Fix Dependabot Alerts in /examples - @​jonathanrainer PR #​2192

• Switch to a timeout of 15 minutes per matrix job in Smoke Tests - @​jonathanrainer PR #​2193

• Add ability to skip linting check where no .md files have changed - @​jonathanrainer PR #​2194

• Update links after docs re-write has launched - @​jonathanrainer PR #​2195

• Ensure we catch all semver pre-release versions - @​jonathanrainer PR #​2196

• Update tower-http to v0.6.1 - @​jonathanrainer PR #​2197

• Update node.js packages - @​jonathanrainer PR #​2137

  Includes @eslint/compat to v1.2.0, eslint to v9.12.0, node to v20.18.0 and npm to 10.9.0

• Update CI node Docker Image to v20.18.0 - @​jonathanrainer PR #​2199

• Update lychee-lib to v0.16.0 - @​jonathanrainer PR #​2200

• Let lint tests to message Slack if linting check fails - @​jonathanrainer PR #​2201

• Move Smoke Tests away from macOS 12 - @​jonathanrainer PR #​2202

• Remove comma such that payload becomes valid JSON - @​jonathanrainer #​2212

• Update async-trait to v0.1.83 - @​jonathanrainer PR #​2216

• Update axios-mock-adapter to v2.1.0 - @​jonathanrainer PR #​2217

• Update gh CircleCI orb to v2.5.0 - @​jonathanrainer PR #​2218

• Update node CircleCI orb to v6.2.0 - @​jonathanrainer PR #​2219

• Update slack CircleCI orb to v5.0.0 - @​jonathanrainer PR #​2221

• Update package-lock.json across repo to resolve security vulnerabilities - @​jonathanrainer PR #​2226

• Ignore links in CHANGELOG when linting - @​aaronArinder PR #​2227

• Update node.js packages - @​jonathanrainer PR #​2230

  Includes @eslint/compat to v1.2.1 and eslint to v9.13.0

• Update node CircleCI orb to v6.3.0 - @​jonathanrainer PR #​2231

• Update Rust to v1.82.0 - @​jonathanrainer PR #​2232

• Update apollographql/router to v1.57.0 - @​jonathanrainer PR #​2235

• Delete vestigial last_run.uuid file - @​glasser PR #​2236

• Bump macOS CI such that we're using support OpenSSL - @​jonathanrainer PR #​2238

• Update bytes to v1.8.0 - @​jonathanrainer PR #​2240

• Update notify to v7.0.0 - @​jonathanrainer PR #​2241

• Update termimad to v0.31.0 - @​jonathanrainer PR #​2242

• Increase robustness of Smoke Tests - @​jonathanrainer PR #​2243

• Update --timeout for delete commands in line with other tests - @​jonathanrainer PR #​2244

• Update node.js packages - @​jonathanrainer PR #​2245

  Includes @eslint/compat to v1.2.2 and eslint to v9.14.0

• Update ariadne to v0.5.0 - @​jonathanrainer PR #​2246

• Update which to v7.0.0 - @​jonathanrainer PR #​2248

• Update apollographql/router to v1.57.1 - @​jonathanrainer PR #​2249

• Fix up Clippy warnings throughout tests - @​jonathanrainer PR #​2250

• Remove netlify.toml after new Documentation Platform Launch - @​Meschreiber PR #​2258

• Update node.js packages - @​jonathanrainer PR #​2259

  Includes @eslint/compat to v1.2.3, eslint to v9.15.0 and concurrenctly to v9.1.0

• Update slack CircleCI orb to v5.1.1 - @​jonathanrainer PR #​2260

• Update slack-github-action GitHub Action to v1.27.1 - @​jonathanrainer PR #​2264

• Update slack-github-action GitHub Action to v2.0.0 - @​jonathanrainer PR #​2265

• Fix cargo-deny errors blocking CI - @​jonathanrainer PR #​2266

• Update node.js packages - @​jonathanrainer PR #​2259

  Includes node to v20.18.1 and npm to v10.9.1

• Update apollographql/router to v1.58.0 - @​jonathanrainer PR #​2249

• Update node.js packages - @​jonathanrainer PR #​2278

  Includes eslint to v9.16.0 and prettier to v3.4.1

• Update gh CircleCI orb to v2.6.0 - @​jonathanrainer PR #​2279

• Update @graphql-eslint/eslint-plugin to v4.0.0 - @​jonathanrainer PR #​2281

• Update apollographql/federation-rs to v2.9.3 - @​jonathanrainer PR #​2287

• Update apollographql/router to v1.58.1 - @​jonathanrainer PR #​2290

• Update node.js packages - @​jonathanrainer PR #​2291

  Includes @eslint/compat to v1.2.4, @graphql-eslint/eslint-plugin to v4.3.0, npm to v10.9.2 and prettier to v3.4.2

• Update node CircleCI orb to v7.0.0 - @​jonathanrainer PR #​2292

• Update url package - @​dotdat PR #​2296

• Fix xtask lint to support contributions from forked repositories - @​dotdat PR #​2298

• Update node.js packages - @​jonathanrainer PR #​2302

  Includes concurrently to v9.1.2, eslint to v9.17.0, graphql to v16.10.0 and nodemon to v3.1.9

• Remove old security scanning infrastructure - @​peakematt PR #​2303

• Update apollographql/router to v1.59.0 - @​jonathanrainer PR #​2307

• Update gh CircleCI orb to v2.6.2 - @​jonathanrainer PR #​2324

• Update npm to v11 - @​jonathanrainer PR #​2324

• Update apollographql/router to v1.59.1 - @​jonathanrainer PR #​2290

• Update node.js packages - @​jonathanrainer PR #​2350

  Includes compat to v1.2.5, eslint to v9.18.0

• Update notify to v8 - @​jonathanrainer PR #​2351

• Update node Docker CI Image to v20.18.2 - @​jonathanrainer PR #​2366

• Update node.js packages - @​jonathanrainer PR #​2367

  Includes eslint to v9.19.0, node to v20.18.2

• Update apollographql/router to v1.59.2 - @​jonathanrainer PR #​2375

• Update package docs - @​dotdat PR #​2376

• Update CODEOWNERS - @​dotdat PR #​2377

• Update node.js packages - @​jonathanrainer PR #​2380

  Includes compat to v1.2.6, npm to v11.1.0

• Update to latest openssl to resolve security vulnerability - @​jonathanrainer PR #​2381

📚 Documentation

• Add Documentation for Subtasks and all associated traits - @​aaronArinder PR #​2162
• Document the new CompositionRunner struct - @​loshz PR #​2181
• Update docs pages for the new Documentation Platform - @​Meschreiber PR #​2224
• Remove Summit Callout - @​shorgi PR #​2236
• Update links to apollosolutions organisation - @​Meschreiber PR #​2269
• Fix typo - @​Meschreiber PR #​2284
• Remove internal redirects - @​shorgi PR #​2294
• Replace Discord links with Discourse links - @​shorgi PR #​2315
• Update docs post rover dev re-write - @​aaronArinder PR #​2333

graphql-hive/platform (@​graphql-hive/core)

v0.9.1

Compare Source

Patch Changes

• #​6494
  ae2d16d
  Thanks @​n1ru4l! - Replace usage of crypto.randomUUID() with a
  custom UUID generation for better backwards compatability.

v0.9.0

Compare Source

Minor Changes

• #​6488
  f7d65fe
  Thanks @​n1ru4l! - Include and log a x-request-id header for all
  requests sent to the Hive API. This helps users to share more context with Hive staff when
  encountering errors.

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[theguild-bot]

🚀 Snapshot Release (alpha)

The latest changes of this PR are available as alpha on npm (based on the declared changesets):

Package	Version	Info
@graphql-tools/batch-delegate	9.0.30-alpha-d6c215c913a5733111df80cec4665f5b11f54694	npm ↗︎ unpkg ↗︎
@graphql-tools/batch-execute	9.0.12-alpha-d6c215c913a5733111df80cec4665f5b11f54694	npm ↗︎ unpkg ↗︎
@graphql-tools/delegate	10.2.12-alpha-d6c215c913a5733111df80cec4665f5b11f54694	npm ↗︎ unpkg ↗︎
@graphql-tools/executor-common	0.0.2-alpha-d6c215c913a5733111df80cec4665f5b11f54694	npm ↗︎ unpkg ↗︎
@graphql-tools/executor-graphql-ws	2.0.2-alpha-d6c215c913a5733111df80cec4665f5b11f54694	npm ↗︎ unpkg ↗︎
@graphql-tools/executor-http	1.2.7-alpha-d6c215c913a5733111df80cec4665f5b11f54694	npm ↗︎ unpkg ↗︎
@graphql-tools/federation	3.1.2-alpha-d6c215c913a5733111df80cec4665f5b11f54694	npm ↗︎ unpkg ↗︎
@graphql-mesh/fusion-runtime	0.11.0-alpha-d6c215c913a5733111df80cec4665f5b11f54694	npm ↗︎ unpkg ↗︎
@graphql-hive/gateway	1.9.5-alpha-d6c215c913a5733111df80cec4665f5b11f54694	npm ↗︎ unpkg ↗︎
@graphql-mesh/hmac-upstream-signature	1.2.20-alpha-d6c215c913a5733111df80cec4665f5b11f54694	npm ↗︎ unpkg ↗︎
@graphql-mesh/plugin-opentelemetry	1.3.41-alpha-d6c215c913a5733111df80cec4665f5b11f54694	npm ↗︎ unpkg ↗︎
@graphql-mesh/plugin-prometheus	1.3.29-alpha-d6c215c913a5733111df80cec4665f5b11f54694	npm ↗︎ unpkg ↗︎
@graphql-hive/gateway-runtime	1.4.13-alpha-d6c215c913a5733111df80cec4665f5b11f54694	npm ↗︎ unpkg ↗︎
@graphql-tools/stitch	9.4.17-alpha-d6c215c913a5733111df80cec4665f5b11f54694	npm ↗︎ unpkg ↗︎
@graphql-tools/stitching-directives	3.1.27-alpha-d6c215c913a5733111df80cec4665f5b11f54694	npm ↗︎ unpkg ↗︎
@graphql-mesh/transport-common	0.7.29-alpha-d6c215c913a5733111df80cec4665f5b11f54694	npm ↗︎ unpkg ↗︎
@graphql-mesh/transport-http	0.6.33-alpha-d6c215c913a5733111df80cec4665f5b11f54694	npm ↗︎ unpkg ↗︎
@graphql-mesh/transport-http-callback	0.5.20-alpha-d6c215c913a5733111df80cec4665f5b11f54694	npm ↗︎ unpkg ↗︎
@graphql-mesh/transport-ws	1.0.3-alpha-d6c215c913a5733111df80cec4665f5b11f54694	npm ↗︎ unpkg ↗︎
@graphql-tools/wrap	10.0.30-alpha-d6c215c913a5733111df80cec4665f5b11f54694	npm ↗︎ unpkg ↗︎

[theguild-bot]

🚀 Snapshot Release (Binary for Linux-ARM64)

The latest changes of this PR are available for download (based on the declared changesets).

[theguild-bot]

🚀 Snapshot Release (Binary for Linux-X64)

The latest changes of this PR are available for download (based on the declared changesets).

[theguild-bot]

🚀 Snapshot Release (Bun Docker Image)

The latest changes of this PR are available as image on GitHub Container Registry (based on the declared changesets):

ghcr.io/graphql-hive/gateway:1.9.5-alpha-d6c215c913a5733111df80cec4665f5b11f54694-bun

[theguild-bot]

🚀 Snapshot Release (Binary for macOS-ARM64)

The latest changes of this PR are available for download (based on the declared changesets).

[theguild-bot]

🚀 Snapshot Release (Node Docker Image)

The latest changes of this PR are available as image on GitHub Container Registry (based on the declared changesets):

ghcr.io/graphql-hive/gateway:1.9.5-alpha-d6c215c913a5733111df80cec4665f5b11f54694

[theguild-bot]

🚀 Snapshot Release (Binary for macOS-X64)

The latest changes of this PR are available for download (based on the declared changesets).

[theguild-bot]

🚀 Snapshot Release (Binary for Windows-X64)

The latest changes of this PR are available for download (based on the declared changesets).

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.