Skip to content

v0.3.0

Choose a tag to compare

View all tags
@apollo-bot2 apollo-bot2 released this 24 Sep 17:04
· 1816 commits to main since this release
v0.3.0
4bdba02
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Important: 1 breaking change below, indicated by ❗ BREAKING ❗

❗ BREAKING ❗

  • rover supergraph compose uses a newer composition function that is incompatible with older versions of @apollo/gateway - EverlastingBugstopper, issue/801 pull/832

    The rover supergraph compose command produces a supergraph schema by using composition functions from the @apollo/federation package. Because that library is still in pre-1.0 releases (as are Rover and Apollo Gateway), this update to Rover means rover supergraph compose will create a supergraph schema with new functionality. In turn, this requires that you update your @apollo/gateway version to >= v0.39.x.

🚀 Features

  • Adds options to bypass TLS validation - EverlastingBugstopper, issue/720 pull/837

    In some configurations, often on internal networks, you might need Rover to communicate over encrypted channels (e.g., HTTPS) but avoid the more stringent digital certificate verifications that validate hostnames. You might even need to bypass the digital certificate validation entirely. This is generally not recommended and considered to be much less secure but for cases where it's necessary, but now there are two flags you can use to configure how Rover validates HTTPS requests:

    • The --insecure-accept-invalid-hostnames flag disables hostname validation. If hostname verification is not used, any valid certificate for any site is trusted for use from any other. This introduces a significant vulnerability to person-in-the-middle attacks.

    • The --insecure-accept-invalid-certs flag disables certificate validation. If invalid certificates are trusted, any certificate for any site is trusted for use. This includes expired certificates. This introduces significant vulnerabilities, and should only be used as a last resort.

  • Adds option to increase rover's request timeout - EverlastingBugstopper, issue/792 pull/838

    By default, Rover times out requests to the Apollo Studio API and your graph endpoints after 30 seconds. Now, if you're executing a command that might take longer than 30 seconds to process, you can increase this timeout with the --client-timeout option like so:

    rover subgraph check my-graph --validation-period 1m --client-timeout=60

🛠 Maintenance

  • Simplify error formatting - EverlastingBugstopper, pull/845

    Now, Rover always indents the suggestion by 8 spaces instead of determining its length based on the length of the error descriptor, and the underlying cause of request errors will only be printed once.

📚 Documentation

  • Clarify --output json support in migration guide, and provide an example jq script - EverlastingBugstopper, issue/839 pull/840

    The Apollo CLI migration guide now mentions Rover's support for --output json, and our --output json docs now link to an example bash script for converting a check response to markdown.

This release was automatically created by CircleCI.

If you would like to verify that the binary you have downloaded was built from the source code in this repository, you can compute a checksum of the zipped tarball and compare it to the checksums that are included as release artifacts.

Binaries built for MacOS are signed, notarized, and automatically verified with Gatekeeper.

Assets 10
Loading