release: on branch version-2.11 (preview) (#3334)

This PR was opened by the [Changesets
release](https://github.com/changesets/action) GitHub action. When
you're ready to do a release, you can merge this and the packages will
be published to npm automatically. If you're not ready to do a release
yet, that's fine, whenever you add more changesets to version-2.11, this
PR will be updated.

⚠️⚠️⚠️⚠️⚠️⚠️

`version-2.11` is currently in **pre mode** so this branch has
prereleases rather than normal releases. If you want to exit
prereleases, run `changeset pre exit` on `version-2.11`.

⚠️⚠️⚠️⚠️⚠️⚠️

# Releases
## @apollo/[email protected]

### Patch Changes

- Fixed access control verification of transitive requirements (through
`@requires` and/or `@fromContext`) to ensure it works with chains of
transitive dependencies.
([#3333](#3333))

- Allow interface object fields to specify access control
([#3333](#3333))

Update composition logic to allow specifying access control directives
(`@authenticated`, `@requiresScopes` and `@policy`) on
`@interfaceObject` fields. While we disallow access control on interface
types and fields, we decided to support it on `@interfaceObject` as it
is a useful pattern to define a single resolver (that may need access
controls) for common interface fields. Alternative would require our
users to explicitly define resolvers for all implementations which
defeats the purpose of `@interfaceObject`.

This PR refactors in how we propagate access control by providing
additional merge sources when merging directives on interfaces,
interface fields and object fields.

- Updated dependencies
\[[`e1c58611c3c996b4fff98a54e49f00549ff2115d`](e1c5861)]:
    -   @apollo/[email protected]
    -   @apollo/[email protected]

## @apollo/[email protected]

### Patch Changes

- Updated dependencies
\[[`5ee4d966487e714ae6bc6445bf53d75ccbbaf6ae`](5ee4d96),
[`e1c58611c3c996b4fff98a54e49f00549ff2115d`](e1c5861)]:
    -   @apollo/[email protected]
    -   @apollo/[email protected]
    -   @apollo/[email protected]

## @apollo/[email protected]

### Patch Changes

- Allow interface object fields to specify access control
([#3333](#3333))

Update composition logic to allow specifying access control directives
(`@authenticated`, `@requiresScopes` and `@policy`) on
`@interfaceObject` fields. While we disallow access control on interface
types and fields, we decided to support it on `@interfaceObject` as it
is a useful pattern to define a single resolver (that may need access
controls) for common interface fields. Alternative would require our
users to explicitly define resolvers for all implementations which
defeats the purpose of `@interfaceObject`.

This PR refactors in how we propagate access control by providing
additional merge sources when merging directives on interfaces,
interface fields and object fields.

## @apollo/[email protected]

### Patch Changes

- Updated dependencies
\[[`e1c58611c3c996b4fff98a54e49f00549ff2115d`](e1c5861)]:
    -   @apollo/[email protected]

## @apollo/[email protected]

### Patch Changes

- Updated dependencies
\[[`e1c58611c3c996b4fff98a54e49f00549ff2115d`](e1c5861)]:
    -   @apollo/[email protected]
    -   @apollo/[email protected]

## @apollo/[email protected]

### Patch Changes

- Updated dependencies
\[[`e1c58611c3c996b4fff98a54e49f00549ff2115d`](e1c5861)]:
    -   @apollo/[email protected]

## [email protected]

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

Author: github-actions[bot]

.changeset/pre.json

@@ -10,5 +10,8 @@
     "@apollo/query-planner": "2.11.5",
     "@apollo/subgraph": "2.11.5"
   },
-  "changesets": []
+  "changesets": [
+    "orange-yaks-double",
+    "shaggy-adults-help"
+  ]
 }

composition-js/CHANGELOG.md

@@ -1,5 +1,21 @@
 # CHANGELOG for `@apollo/composition`
 
+## 2.11.5-preview.0
+
+### Patch Changes
+
+- Fixed access control verification of transitive requirements (through `@requires` and/or `@fromContext`) to ensure it works with chains of transitive dependencies. ([#3333](https://github.com/apollographql/federation/pull/3333))
+
+- Allow interface object fields to specify access control ([#3333](https://github.com/apollographql/federation/pull/3333))
+
+  Update composition logic to allow specifying access control directives (`@authenticated`, `@requiresScopes` and `@policy`) on `@interfaceObject` fields. While we disallow access control on interface types and fields, we decided to support it on `@interfaceObject` as it is a useful pattern to define a single resolver (that may need access controls) for common interface fields. Alternative would require our users to explicitly define resolvers for all implementations which defeats the purpose of `@interfaceObject`.
+
+  This PR refactors in how we propagate access control by providing additional merge sources when merging directives on interfaces, interface fields and object fields.
+
+- Updated dependencies [[`e1c58611c3c996b4fff98a54e49f00549ff2115d`](https://github.com/apollographql/federation/commit/e1c58611c3c996b4fff98a54e49f00549ff2115d)]:
+  - @apollo/federation-internals@2.11.5-preview.0
+  - @apollo/query-graphs@2.11.5-preview.0
+
 ## 2.11.4
 
 ### Patch Changes

composition-js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@apollo/composition",
-  "version": "2.11.4",
+  "version": "2.11.5-preview.0",
   "description": "Apollo Federation composition utilities",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
@@ -27,8 +27,8 @@
     "access": "public"
   },
   "dependencies": {
-    "@apollo/federation-internals": "2.11.4",
-    "@apollo/query-graphs": "2.11.4"
+    "@apollo/federation-internals": "2.11.5-preview.0",
+    "@apollo/query-graphs": "2.11.5-preview.0"
   },
   "peerDependencies": {
     "graphql": "^16.5.0"

federation-integration-testsuite-js/CHANGELOG.md

@@ -1,5 +1,7 @@
 # CHANGELOG for `federation-integration-testsuite-js`
 
+## 2.11.5-preview.0
+
 ## 2.11.4
 
 ## 2.11.3

federation-integration-testsuite-js/package.json

@@ -1,7 +1,7 @@
 {
   "name": "apollo-federation-integration-testsuite",
   "private": true,
-  "version": "2.11.4",
+  "version": "2.11.5-preview.0",
   "description": "Apollo Federation Integrations / Test Fixtures",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

gateway-js/CHANGELOG.md

@@ -1,5 +1,14 @@
 # CHANGELOG for `@apollo/gateway`
 
+## 2.11.5-preview.0
+
+### Patch Changes
+
+- Updated dependencies [[`5ee4d966487e714ae6bc6445bf53d75ccbbaf6ae`](https://github.com/apollographql/federation/commit/5ee4d966487e714ae6bc6445bf53d75ccbbaf6ae), [`e1c58611c3c996b4fff98a54e49f00549ff2115d`](https://github.com/apollographql/federation/commit/e1c58611c3c996b4fff98a54e49f00549ff2115d)]:
+  - @apollo/composition@2.11.5-preview.0
+  - @apollo/federation-internals@2.11.5-preview.0
+  - @apollo/query-planner@2.11.5-preview.0
+
 ## 2.11.4
 
 ### Patch Changes

gateway-js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@apollo/gateway",
-  "version": "2.11.4",
+  "version": "2.11.5-preview.0",
   "description": "Apollo Gateway",
   "author": "Apollo <[email protected]>",
   "main": "dist/index.js",
@@ -25,9 +25,9 @@
     "access": "public"
   },
   "dependencies": {
-    "@apollo/composition": "2.11.4",
-    "@apollo/federation-internals": "2.11.4",
-    "@apollo/query-planner": "2.11.4",
+    "@apollo/composition": "2.11.5-preview.0",
+    "@apollo/federation-internals": "2.11.5-preview.0",
+    "@apollo/query-planner": "2.11.5-preview.0",
     "@apollo/server-gateway-interface": "^1.1.0",
     "@apollo/usage-reporting-protobuf": "^4.1.0",
     "@apollo/utils.createhash": "^2.0.0",

internals-js/CHANGELOG.md

@@ -1,5 +1,15 @@
 # CHANGELOG for `@apollo/federation-internals`
 
+## 2.11.5-preview.0
+
+### Patch Changes
+
+- Allow interface object fields to specify access control ([#3333](https://github.com/apollographql/federation/pull/3333))
+
+  Update composition logic to allow specifying access control directives (`@authenticated`, `@requiresScopes` and `@policy`) on `@interfaceObject` fields. While we disallow access control on interface types and fields, we decided to support it on `@interfaceObject` as it is a useful pattern to define a single resolver (that may need access controls) for common interface fields. Alternative would require our users to explicitly define resolvers for all implementations which defeats the purpose of `@interfaceObject`.
+
+  This PR refactors in how we propagate access control by providing additional merge sources when merging directives on interfaces, interface fields and object fields.
+
 ## 2.11.4
 
 ### Patch Changes

internals-js/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@apollo/federation-internals",
-  "version": "2.11.4",
+  "version": "2.11.5-preview.0",
   "description": "Apollo Federation internal utilities",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",