v0.25.0-rc.0

The main feature of the release candidate is the new rover dev with graphref feature - #1984. Testing effort should focus here.

---

This release was automatically created by CircleCI.

If you would like to verify that the binary you have downloaded was built from the source code in this repository, you can compute a checksum of the zipped tarball and compare it to the checksums that are included as release artifacts.

Binaries built for MacOS are signed, notarized, and automatically verified with Gatekeeper.

v0.24.0

❗ BREAKING ❗

• Removed the deprecated plain and json options for --output - @dylan-apollo PR #1804

  The --output option is now only for specifying a file to write to. The --format option should be used to specify the format of the output.

🚀 Features

• Return the name of the linting rule that is violated, as well as the code - @jonathanrainer PR #1907

  Originally only the message from the linting violation was included in the response, but now it also includes the name of the specific linting rule to aid debugging

• Use the Router's /health?ready endpoint to check readiness - @nmoutschen PR #1939

  Previously rover dev used a simple query to establish readiness, but this did not allow for router customizations.

• Adding architecture and OS metrics - @aaronArinder PR #1947

  Allows us to track the Operating Systems and Architectures in use by our users, this will give us more information as to where to focus support efforts

• Allow aarch64 macOS to pull correct supergraph binaries where available - @jonathanrainer PR #1971

  We recently started publishing supergraph binaries for aarch64, so if they are available Rover will use them in preference to x86_64 binaries.

🐛 Fixes

• Don't panic if the telemetry client cannot be initialised - @dylan-apollo PR #1897 - Issue #1893

• Rename .cargo/config to .cargo/config.toml - @jonathanrainer PR #1921

• Fix pnpm installs by moving the binary download location - @jonathanrainer PR #1927 - Issue #1881

  After we inlined the binary-install dependency in v0.23.0 this changed where the downloaded binary was stored when using pnpm. This caused users running the binary to enter an infinite loop. This moves the binary to a new location which avoids this.

• Don't panic on file watcher errors - @nmoutschen PR #1935

  Instead of panicking when errors occur watching files return those errors gracefully to the user.

• Store binaries with version numbers attached so upgrades are possible - @jonathanrainer PR #1932 - Issue #1563

  When downloading binaries via npm they were always stored as rover despite the version. As such, when a new version came out the upgrade would fail. This now doesn't happen, as binaries are stored with their versions number in the name.

• Ensure correct URL is used if subgraph_url and routing_url are provided in a supergraph schema - @jonathanrainer PR #1948 - Issue #1782

• Let --output accept paths with missing intermediate directories - @jonathanrainer PR #1944 - Issue #1787

• Allow rover dev to read Federation Version from supergraph schema - @jonathanrainer PR #1950 - Issue #1735

  The Federation version could be set in the supegraph schema but was being ignored by rover dev. It now is taken into account, along with the overriding environment variable.

• Stop .exe being printed after Federation version during composition - @jonathanrainer PR #1951 - Issue #1390

• Reinstate support for glibc 2.17 - @jonathanrainer PR #1953

  In resolving the issues with CentOS 7 we accidentally removed support for glibc 2.17, this has now been restored

• Be more lenient about supergraph binary versions - @dylan-apollo PR #1966

  In resolving #1390, we were too restrictive in what counted as a valid version. This restores the correct behaviour

• Set package.json to a stable version when testing NPM Installers - @jonathanrainer PR #1967

  When testing whether our NPM installers worked correctly we were trying to download the latest rover binary. On release PRs, where the binary didn't yet exist, this was causing problems.

• Fix mocking of calls to Orbiter in Installer tests - @jonathanrainer PR #1968

• Remove noisy errors from intermediate composition states - @aaronArinder PR #1956

  When rover dev composes multiple subgraphs it does so one at a time. As such if there are dependencies there can be noisy ephemeral errors, this fixes that by waiting until all subgraphs are added before trying composition.

🛠 Maintenance

• Update GitHub CircleCI Orb to v2.3.0 - @Geal PR #1831

• Update plugins to Fed 2.7 and Router 1.43.0 - @smyrick PR #1877

• Update CODEOWNERS - @dotdat PR #1890

  Make Betelgeuse the primary owners of the Rover repository

• Update lychee-lib to v0.15 - @dotData PR #1902

• Add tests and provide status codes as part of linter errors - @dotdat PR #1903

• Add nix files to .gitignore - @aaronArinder PR #1908

• Update apollographql/router to v1.47.0 - @aaronArinder PR #1841

• Update apollographql/federation-rs to v2.7.8 - @aaronArinder PR #1746

• Update node.js to v20 - @aaronArinder PR #1778

• Update Rust to v1.76.0 and the Rust CircleCI Orb to v1.6.1 - @aaronArinder PR #1788

• Update serial_test to v3 - @jonathanrainer PR #1836

• Update which to v6 - @jonathanrainer PR #1835

• Update apollographql/federation-rs to v2.8.0 - @aaronArinder PR #1909

• Update tar to v6.2.1 - @aaronArinder PR #1888

• Update tar to v7 - @aaronArinder PR #1914

• Update node.js packages - @aaronArinder PR #1830

  Includes eslint to v8.57.0, node.js to v20.14.0, nodemon to v3.1.2, npm to v10.8.1 and prettier to v3.3.0

• Update Rust to v1.78.0 - @aaronArinder PR #1912

• Update apollographql/router to v1.48.0 - @aaronArinder PR #1917

• Update zip to v2 - @jonathanrainer PR #1916

• Update eslint to v9.4.0 - @dotdat PR #1913

• Update hyper to v1.0 - @dotdat PR #1789

• Add tests for socket names - @jonathanrainer PR #1918

  In future dependency upgrades we want to ensure that behaviour around socket naming works as expected, so add a test to ensure that.

• Update rust packages - @jonathanrainer PR #1755

  Consolidates updates of pre-1.0 rust crates, check PR for full details of crates updated

• Update notify to v6 - @jonathanrainer PR #1603

• Include cargo-deny checks on PRs - @jonathanrainer PR #1910

  Now we can check for licences that don't correspond to our allowed list and pick up on dependency issues live on PRs

• Pin node.js dev dependencies - @aaronArinder PR #1923

• Allow 0BSD licence - @aaronArinder PR #1924

• Update interprocess to v2 - @dotdat PR #1915

• Update apollographql/router to v1.48.1 - @dotdat PR #1926

• Update Rust to v1.79.0 - @jonathanrainer PR #1931

• Update git2 to v0.19 - @jonathanrainer PR #1930

• Update node.js packages - @jonathanrainer PR #1929

  Includes @eslint/compat to v1.1.0, eslint to v9.5.0, graphql to v16.8.2 and prettier to v3.3.2

• Migrate CI to use manylinux rather than CentOS 7 - @jonathanrainer PR #1952

  As CentOS 7 has now entered End-of-Life, migrate our CI to use a dif...

v0.23.0

🚀 Features

• Add --no-url shorthand to subgraph publish - @lennyburdette PR
  #1809

This is slightly more convenient and less awkward than --routing-url --allow-invalid-routing-url

• Support unix socket URLs - @Geal PR #1879

Since its 1.43.0 release, the Router can now connect to subgraph over unix sockets. This removes a warning when publishing a schema with a unix:// URL.

🐛 Fixes

• Use task specific rayon threadpools and not the global threadpool - @garypen PR #1872

This increases rover's reliability by executing independent tasks in different thread pools.

• Prevent an infinite loop when restarting the router - @Geal PR #1855

When restarting a Router on schema updates, it could happen that an internal task of Rover would go in an infinite loop and consume CPU needlessly. This is now fixed and should make rover dev more reliable.

• Use proposalCoverage in addition to severityLevel to build correct proposal check messaging - @swcollard PR #1845

This updates the message on proposal checks depending on the proposalCoverage field

🛠 Maintenance

• Upgrade axios to address a security warning - @goto-bus-stop PR #1819

The vulnerability didn't affect rover, but now you won't get a warning for it!

• Remove yanked online check - @dylan-apollo PR #1803

📚 Documentation

• Update dev docs about which Router version is used - @smyrick PR #1822

• Update warning about federation_version in rover compose - @smyrick, @Meschreiber PR #1806

• Document how to use subgraph fetch with proposals - @Meschreiber PR #1823

v0.23.0-rc.3

To install this specific version of Rover:

# Note the `v` prefixing the version number
curl -sSL https://rover.apollo.dev/nix/v0.23.0-rc.3 | sh

---

This release was automatically created by CircleCI.

If you would like to verify that the binary you have downloaded was built from the source code in this repository, you can compute a checksum of the zipped tarball and compare it to the checksums that are included as release artifacts.

Binaries built for MacOS are signed, notarized, and automatically verified with Gatekeeper.

v0.23.0-rc.2

To install this specific version of Rover:

# Note the `v` prefixing the version number
curl -sSL https://rover.apollo.dev/nix/v0.23.0-rc.2 | sh

---

This release was automatically created by CircleCI.

If you would like to verify that the binary you have downloaded was built from the source code in this repository, you can compute a checksum of the zipped tarball and compare it to the checksums that are included as release artifacts.

Binaries built for MacOS are signed, notarized, and automatically verified with Gatekeeper.

v0.23.0-rc.1

To install this specific version of Rover:

# Note the `v` prefixing the version number
curl -sSL https://rover.apollo.dev/nix/v0.23.0-rc.1 | sh

---

This release was automatically created by CircleCI.

If you would like to verify that the binary you have downloaded was built from the source code in this repository, you can compute a checksum of the zipped tarball and compare it to the checksums that are included as release artifacts.

Binaries built for MacOS are signed, notarized, and automatically verified with Gatekeeper.

v0.23.0-rc.0

To install this specific version of Rover:

# Note the `v` prefixing the version number
curl -sSL https://rover.apollo.dev/nix/v0.23.0-rc.0 | sh

---

This release was automatically created by CircleCI.

If you would like to verify that the binary you have downloaded was built from the source code in this repository, you can compute a checksum of the zipped tarball and compare it to the checksums that are included as release artifacts.

Binaries built for MacOS are signed, notarized, and automatically verified with Gatekeeper.

v0.22.0

🚀 Features

• Add offline license support - @BrynCooke PR #1796 - Issue #1793

  Adds rover license fetch <graph_ref>

  Output:

  rover license fetch --graph-id starstuff --profile gh
  
  Fetching license for starstuff using credentials from the gh profile.
  Success!
  <redacted jwt>
  

🐛 Fixes

• Handle new rate limit error - @bnjjj #1798

  Update the GraphQL schema and handle the new rate limit error.

🛠 Maintenance

• First trial use of a generator (Scaffolding code for creating a new verb for an existing noun/command) - @tapegram PR #1786

  First try at taking the instructions from the readme on how to scaffold a new verb on an existing command and added plop tooling to be able to generate the scaffolding automatically.

  npx plop

  This is an initial exploratory PR. Later PRs will build this into the dev tooling and expand on the functionality (if we don't decide to remove it)

📚 Documentation

• Move Validating client ops to Apollo CLI section - @Meschreiber #1783

  This PR moves Validating client operations into the Rover > Apollo CLI section.

• Use shared content component for GH action instructions - @Meschreiber #1780

  This PR replaces some text with a new shared content component containing that text.

• Remove note on restricted supergraph.yml expansion - @dylan-apollo #1779 - issue #1629

  supergraph.yaml files now supports environment variable expansion everywhere, not just in introspection headers.

---

This release was automatically created by CircleCI.

If you would like to verify that the binary you have downloaded was built from the source code in this repository, you can compute a checksum of the zipped tarball and compare it to the checksums that are included as release artifacts.

Binaries built for MacOS are signed, notarized, and automatically verified with Gatekeeper.

v0.21.0

🚀 Features

• Add C# as a language in rover template - @dylan-apollo, #1769

  This means you can now filter templates with --language c-sharp. Check out the first C# template by running rover template use subgraph-csharp-hotchocolate-annotation!

• Display proposal check task results in rover subgraph check - @swcollard, #1768

  When running rover subgraph check, proposal check task results will be displayed in Rover. "Proposals" are a GraphOS feature currently in private preview that allow proposing subgraph schema changes before implementation. Integrating them with checks allows subgraph teams to ensure they have properly implemented a proposed schema change. This change will not affect you if your organization has not been granted preview access by Apollo.

---

This release was automatically created by CircleCI.

If you would like to verify that the binary you have downloaded was built from the source code in this repository, you can compute a checksum of the zipped tarball and compare it to the checksums that are included as release artifacts.

Binaries built for MacOS are signed, notarized, and automatically verified with Gatekeeper.

v0.20.0

🚀 Features

• Persisted Queries is now GA - @glasser, #1756

  The rover persisted-queries publish command is now out of the public preview phase and has entered general availability. Check out the documentation for this enterprise feature.

🐛 Fixes

• Better message for a subgraph published with no changes - @bonnici, #1757

  rover subgraph publish now logs a message to stdout when a subgraph was published and there were no changes to the schema.

• Don't log username/password if APOLLO_ROVER_DOWNLOAD_HOST includes authentication in the URL - @EverlastingBugstopper, #1758

  Previously, when using the APOLLO_ROVER_DOWNLOAD_HOST environment variable to override the download location of a plugin binary, Rover would log the entire URL to stdout, potentially leaking username and password authentication details if they were included in the URL. Now, Rover strips that information from the URLs before printing the download location. If Rover is not able to strip that information (likely due to an invalid URL), then it doesn't try to print the sanitized URL at all.

📚 Documentation

• Improve wording of persisted queries documentation - @Meschreiber, #1760

---

This release was automatically created by CircleCI.

If you would like to verify that the binary you have downloaded was built from the source code in this repository, you can compute a checksum of the zipped tarball and compare it to the checksums that are included as release artifacts.

Binaries built for MacOS are signed, notarized, and automatically verified with Gatekeeper.