[Batching] Build upon the recent configuration changes to enable subgraph filtering

.changesets/feat_geal_jwks_headers.md

@@ -0,0 +1,5 @@
+### Add headers to the JWKS download request ([Issue #4651](https://github.com/apollographql/router/issues/4651))
+
+This adds the ability to set static headers on HTTP requests to download a JWKS from an identity provider
+
+By [@Geal](https://github.com/Geal) in https://github.com/apollographql/router/pull/4688

.changesets/feat_geal_jwt_source.md

@@ -0,0 +1,5 @@
+### Support loading JWT from other sources ([PR #4711](https://github.com/apollographql/router/pull/4711))
+
+The token can be stored in different headers, but it can also be carried by a cookie. This adds cookies as an alternative source of tokens, and allows multiple alternative sources
+
+By [@Geal](https://github.com/Geal) in https://github.com/apollographql/router/pull/4711

.changesets/fix_bryn_datadog_trace_id.md

@@ -0,0 +1,17 @@
+### Attach `dd.trace_id` to JSON formatted log messages ([PR #4764](https://github.com/apollographql/router/pull/4764))
+
+To enable correlation between DataDog tracing and logs, `dd.trace_id` must appear as a span attribute on the root of each JSON formatted log message.
+Once you configure the `dd.trace_id` attribute in router.yaml, it will automatically be extracted from the root span and attached to the logs:
+
+```yaml title="router.yaml"
+telemetry:
+  instrumentation:
+    spans:
+      mode: spec_compliant
+      router:
+        attributes:
+          dd.trace_id: true
+```
+
+
+By [@BrynCooke](https://github.com/BrynCooke) in https://github.com/apollographql/router/pull/4764

.circleci/config.yml

@@ -42,13 +42,20 @@ executors:
     environment:
       CARGO_BUILD_JOBS: 8
       RUST_TEST_THREADS: 8
-  macos_build: &macos_build_executor
+  arm_macos_build: &arm_macos_build_executor
     macos:
       # See https://circleci.com/docs/xcode-policy along with the support matrix
       # at https://circleci.com/docs/using-macos#supported-xcode-versions.
       # We use the major.minor notation to bring in compatible patches.
       xcode: 14.2
     resource_class: macos.m1.medium.gen1
+  intel_macos_build: &intel_macos_build_executor
+    macos:
+      # See https://circleci.com/docs/xcode-policy along with the support matrix
+      # at https://circleci.com/docs/using-macos#supported-xcode-versions.
+      # We use the major.minor notation to bring in compatible patches.
+      xcode: 14.2
+    resource_class: macos.x86.medium.gen2
   macos_test: &macos_test_executor
     macos:
       # See https://circleci.com/docs/xcode-policy along with the support matrix
@@ -159,7 +166,7 @@ commands:
       - when:
           condition:
             or:
-              - equal: [ *macos_build_executor, << parameters.platform >> ]
+              - equal: [ *arm_macos_build_executor, << parameters.platform >> ]
               - equal: [ *macos_test_executor, << parameters.platform >> ]
           steps:
             - run:
@@ -170,7 +177,20 @@ commands:
             - run:
                 name: Write arch
                 command: |
-                  echo 'osx' >> ~/.arch
+                  echo 'osx-aarch64' >> ~/.arch
+      - when:
+          condition:
+            equal: [ *intel_macos_build_executor, << parameters.platform >> ]
+          steps:
+            - run:
+                name: Make link to md5
+                command: |
+                  mkdir -p ~/.local/aliases
+                  ln -s /sbin/md5 ~/.local/aliases/md5sum
+            - run:
+                name: Write arch
+                command: |
+                  echo 'osx-x86' >> ~/.arch
       - when:
           condition:
             or:
@@ -243,7 +263,8 @@ commands:
       - when:
           condition:
             or:
-              - equal: [ *macos_build_executor, << parameters.platform >> ]
+              - equal: [ *intel_macos_build_executor, << parameters.platform >> ]
+              - equal: [ *arm_macos_build_executor, << parameters.platform >> ]
               - equal: [ *macos_test_executor, << parameters.platform >> ]
           steps:
             - run:
@@ -284,7 +305,8 @@ commands:
       - when:
           condition:
             or:
-              - equal: [ *macos_build_executor, << parameters.platform >> ]
+              - equal: [ *intel_macos_build_executor, << parameters.platform >> ]
+              - equal: [ *arm_macos_build_executor, << parameters.platform >> ]
               - equal: [ *macos_test_executor, << parameters.platform >> ]
           steps:
             - run:
@@ -333,15 +355,6 @@ commands:
                 name: Special case for Windows because of ssh-agent
                 command: |
                   printf "[net]\ngit-fetch-with-cli = true" >> ~/.cargo/Cargo.toml
-      - when:
-          condition:
-            or:
-              - equal: [ *macos_build_executor, << parameters.platform >> ]
-          steps:
-            - run:
-                name: Special case for OSX x86_64 builds
-                command: |
-                  rustup target add x86_64-apple-darwin
 
   install_extra_tools:
     steps:
@@ -593,7 +606,10 @@ jobs:
           platform: << parameters.platform >>
       - when:
           condition:
-            equal: [ *macos_build_executor, << parameters.platform >> ]
+            or:
+              - equal: [ *intel_macos_build_executor, << parameters.platform >> ]
+              - equal: [ *arm_macos_build_executor, << parameters.platform >> ]
+
           steps:
             - when:
                 condition:
@@ -602,28 +618,13 @@ jobs:
                   - run: cargo xtask release prepare nightly
             - run:
                 command: >
-                  cargo xtask dist --target aarch64-apple-darwin
-            - run:
-                command: >
-                  cargo xtask dist --target x86_64-apple-darwin
+                  cargo xtask dist
             - run:
                 command: >
                   mkdir -p artifacts
             - run:
                 command: >
                   cargo xtask package
-                  --target aarch64-apple-darwin
-                  --apple-team-id ${APPLE_TEAM_ID}
-                  --apple-username ${APPLE_USERNAME}
-                  --cert-bundle-base64 ${MACOS_CERT_BUNDLE_BASE64}
-                  --cert-bundle-password ${MACOS_CERT_BUNDLE_PASSWORD}
-                  --keychain-password ${MACOS_KEYCHAIN_PASSWORD}
-                  --notarization-password ${MACOS_NOTARIZATION_PASSWORD}
-                  --output artifacts/
-            - run:
-                command: >
-                  cargo xtask package
-                  --target x86_64-apple-darwin
                   --apple-team-id ${APPLE_TEAM_ID}
                   --apple-username ${APPLE_USERNAME}
                   --cert-bundle-base64 ${MACOS_CERT_BUNDLE_BASE64}
@@ -956,7 +957,7 @@ workflows:
           matrix:
             parameters:
               platform:
-                [ macos_build, windows_build, amd_linux_build, arm_linux_build ]
+                [ intel_macos_build, arm_macos_build, windows_build, amd_linux_build, arm_linux_build ]
       - secops/wiz-docker:
           context:
             - platform-docker-ro
@@ -1053,7 +1054,7 @@ workflows:
           matrix:
             parameters:
               platform:
-                [ macos_build, windows_build, amd_linux_build, arm_linux_build ]
+                [ intel_macos_build, arm_macos_build, windows_build, amd_linux_build, arm_linux_build ]
           filters:
             branches:
               ignore: /.*/

.gitleaks.toml

@@ -69,6 +69,7 @@
 
         paths = [
             '''^apollo-router\/src\/.+\/testdata\/.+''',
+            '''^apollo-router/src/plugins/authentication/tests.rs$'''
         ]
 
 [[ rules ]]

CHANGELOG.md

@@ -4,6 +4,75 @@ All notable changes to Router will be documented in this file.
 
 This project adheres to [Semantic Versioning v2.0.0](https://semver.org/spec/v2.0.0.html).
 
+
+# [1.41.1] - 2024-03-08
+
+> [!NOTE]
+>
+> v1.41.1 replaces a failed publish of v1.41.0.  The version number had to be moved from v1.41.0 to v1.41.1, but the release is otherwise the same.  Apologies for the confusion!
+
+## 🚀 Features
+
+### Entity caching: Add tracing spans around Redis interactions ([PR #4667](https://github.com/apollographql/router/pull/4667))
+
+This adds `cache_lookup` and `cache_store` spans to traces which show Redis calls related to our recently announced [entity caching](https://www.apollographql.com/docs/router/configuration/entity-caching/) feature.  This also changes the behavior slightly so that storing in Redis does not stop the execution of the rest of the query.
+
+By [@Geal](https://github.com/Geal) in https://github.com/apollographql/router/pull/4667
+
+### Use Gzip compression when downloading Persisted Query manifests ([PR #4622](https://github.com/apollographql/router/pull/4622))
+
+Router will now request Gzip compression when downloading Persisted Query manifests for improved network efficiency.
+
+By [@glasser](https://github.com/glasser) in https://github.com/apollographql/router/pull/4622
+
+### Redis: add a fail open option ([Issue #4334](https://github.com/apollographql/router/issues/4334))
+
+This option configures the Router's behavior in case it cannot connect to Redis:
+- By default, the router will start and all requests will be handled in a degraded state.
+- Alternatively, this option can be configured to prevent the router from starting if it can't connect to Redis.
+
+By [@Geal](https://github.com/Geal) in https://github.com/apollographql/router/pull/4534
+
+## 🐛 Fixes
+
+### Default header now correctly set when `experimental_response_trace_id` is enabled ([Issue #4699](https://github.com/apollographql/router/issues/4699))
+
+When configuring the `experimental_response_trace_id` without an explicit header it now correctly takes the default one `apollo-trace-id`.
+
+Example of configuration:
+
+```yaml
+telemetry:
+  exporters:
+    tracing:
+      experimental_response_trace_id:
+        enabled: true
+```
+
+By [@bnjjj](https://github.com/bnjjj) in https://github.com/apollographql/router/pull/4702
+
+# [1.41.0] - 2024-03-08
+
+> [!NOTE]
+>
+> The release of v1.41.0 failed unexpectedly late in the deployment process due to a preventable publishing failure.  The release has been yanked from Crates.io on account of not being published successfully across all deployment targets.  This release is fully replaced by v1.41.1.  Apologies for the confusion!
+
+# [1.40.2] - 2024-03-06
+
+## 🔒 Security
+
+### Apply `limits.http_max_request_bytes` on streaming request body decompression ([PR #4759](https://github.com/apollographql/router/pull/4759))
+
+This release fixes a Denial-of-Service (DoS) type vulnerability which exists in affected versions of the Router according to our [published security advistory](https://github.com/apollographql/router/security/advisories/GHSA-cgqf-3cq5-wvcj).  The fix changes the evaluation of the `limits.http_max_request_bytes` configuration to take place on a stream of bytes, allowing it to be applied to compressed HTTP payloads, prior to decompression.  Previously, the limit was only being applied after the entirety of the compressed payload was decompressed, which could result in significant memory consumption which exceeded configured expectations while compressed payloads were expanded.
+
+## 🐛 Fixes
+
+### Re-activate the macOS Intel builder ([PR #4723](https://github.com/apollographql/router/pull/4723))
+
+We have re-activated macOS Intel (x86) builds in CircleCI, despite their upcoming deprecation, while we take a different approach to solving this and maintaining Intel support for the time-being.   This became necessary since cross-compiling the router from ARM to x86 resulted in issues with V8 snapshots and runtime issues on the macOS Intel binaries produced by those Apple Silicon build machines.
+
+By [@Geal](https://github.com/Geal) in https://github.com/apollographql/router/pull/4723
+
 # [1.40.1] - 2024-02-16
 
 ## 🐛 Fixes

Cargo.lock

@@ -251,7 +251,7 @@ dependencies = [
 
 [[package]]
 name = "apollo-router"
-version = "1.40.1"
+version = "1.41.1"
 dependencies = [
  "access-json",
  "anyhow",
@@ -278,6 +278,7 @@ dependencies = [
  "clap",
  "console",
  "console-subscriber",
+ "cookie",
  "dashmap",
  "derivative",
  "derive_more",
@@ -408,7 +409,7 @@ dependencies = [
 
 [[package]]
 name = "apollo-router-benchmarks"
-version = "1.40.1"
+version = "1.41.1"
 dependencies = [
  "apollo-parser",
  "apollo-router",
@@ -424,7 +425,7 @@ dependencies = [
 
 [[package]]
 name = "apollo-router-scaffold"
-version = "1.40.1"
+version = "1.41.1"
 dependencies = [
  "anyhow",
  "cargo-scaffold",
@@ -1668,6 +1669,16 @@ version = "0.4.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6245d59a3e82a7fc217c5828a6692dbc6dfb63a0c8c90495621f7b9d79704a0e"
 
+[[package]]
+name = "cookie"
+version = "0.18.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3cd91cf61412820176e137621345ee43b3f4423e589e7ae4e50d601d93e35ef8"
+dependencies = [
+ "time",
+ "version_check",
+]
+
 [[package]]
 name = "cookie-factory"
 version = "0.3.2"

apollo-router-benchmarks/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "apollo-router-benchmarks"
-version = "1.40.1"
+version = "1.41.1"
 authors = ["Apollo Graph, Inc. <packages@apollographql.com>"]
 edition = "2021"
 license = "Elastic-2.0"

apollo-router-scaffold/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "apollo-router-scaffold"
-version = "1.40.1"
+version = "1.41.1"
 authors = ["Apollo Graph, Inc. <packages@apollographql.com>"]
 edition = "2021"
 license = "Elastic-2.0"

apollo-router-scaffold/templates/base/Cargo.toml

@@ -22,7 +22,7 @@ apollo-router = { path ="{{integration_test}}apollo-router" }
 apollo-router = { git="https://github.com/apollographql/router.git", branch="{{branch}}" }
 {{else}}
 # Note if you update these dependencies then also update xtask/Cargo.toml
-apollo-router = "1.40.1"
+apollo-router = "1.41.1"
 {{/if}}
 {{/if}}
 async-trait = "0.1.52"