Skip to content

chore(release): router crates and artifacts #583

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

chore(release): router crates and artifacts #583

wants to merge 1 commit into from

Conversation

@knope-bot
Copy link
Contributor

@knope-bot knope-bot bot commented Nov 21, 2025
edited
Loading

Important

Merging this pull request will create these releases

config 0.0.12 (2025-11-21)

Features

Breaking

Removed pool_idle_timeout_seconds from traffic_shaping, instead use pool_idle_timeout with duration format.

traffic_shaping:
-  pool_idle_timeout_seconds: 30
+  pool_idle_timeout: 30s

#540 by @ardatan

executor 6.1.0 (2025-11-21)

Features

Directive-Based Authorization

Introducing directive-based authorization. This allows you to enforce fine-grained access control directly from your subgraph schemas using the @authenticated and @requiresScopes directives.

This new authorization layer runs before the query planner, ensuring that unauthorized requests are handled efficiently without reaching your subgraphs.

Configuration

You can configure how the router handles unauthorized requests with two modes:

  • filter (default): Silently removes any fields the user is not authorized to see from the query. The response will contain null for the removed fields and an error in the errors array.
  • reject: Rejects the entire GraphQL operation if it requests any field the user is not authorized to access.

To configure this, add the following to your router.yaml configuration file:

authentication:
  directives:
    unauthorized:
      # "filter" (default): Removes unauthorized fields from the query and returns errors.
      # "reject": Rejects the entire request if any unauthorized field is requested.
      mode: reject

If this section is omitted, the router will use filter mode by default.

JWT Scope Requirements

When using the @requiresScopes directive, the router expects the user's granted scopes to be present in the JWT payload. The scopes should be in an array of strings or a string (scopes separated by space), within a claim named scope.

Here is an example of a JWT payload with the correct format:

{
  "sub": "user-123",
  "scope": [
    "read:products",
    "write:reviews"
  ],
  "iat": 1516239022
}

Breaking

Removed pool_idle_timeout_seconds from traffic_shaping, instead use pool_idle_timeout with duration format.

traffic_shaping:
-  pool_idle_timeout_seconds: 30
+  pool_idle_timeout: 30s

#540 by @ardatan

router 0.0.20 (2025-11-21)

Features

Directive-Based Authorization

Introducing directive-based authorization. This allows you to enforce fine-grained access control directly from your subgraph schemas using the @authenticated and @requiresScopes directives.

This new authorization layer runs before the query planner, ensuring that unauthorized requests are handled efficiently without reaching your subgraphs.

Configuration

You can configure how the router handles unauthorized requests with two modes:

  • filter (default): Silently removes any fields the user is not authorized to see from the query. The response will contain null for the removed fields and an error in the errors array.
  • reject: Rejects the entire GraphQL operation if it requests any field the user is not authorized to access.

To configure this, add the following to your router.yaml configuration file:

authentication:
  directives:
    unauthorized:
      # "filter" (default): Removes unauthorized fields from the query and returns errors.
      # "reject": Rejects the entire request if any unauthorized field is requested.
      mode: reject

If this section is omitted, the router will use filter mode by default.

JWT Scope Requirements

When using the @requiresScopes directive, the router expects the user's granted scopes to be present in the JWT payload. The scopes should be in an array of strings or a string (scopes separated by space), within a claim named scope.

Here is an example of a JWT payload with the correct format:

{
  "sub": "user-123",
  "scope": [
    "read:products",
    "write:reviews"
  ],
  "iat": 1516239022
}

Breaking

Removed pool_idle_timeout_seconds from traffic_shaping, instead use pool_idle_timeout with duration format.

traffic_shaping:
-  pool_idle_timeout_seconds: 30
+  pool_idle_timeout: 30s

#540 by @ardatan

query-planner 2.1.0 (2025-11-21)

Features

Directive-Based Authorization

Introducing directive-based authorization. This allows you to enforce fine-grained access control directly from your subgraph schemas using the @authenticated and @requiresScopes directives.

This new authorization layer runs before the query planner, ensuring that unauthorized requests are handled efficiently without reaching your subgraphs.

Configuration

You can configure how the router handles unauthorized requests with two modes:

  • filter (default): Silently removes any fields the user is not authorized to see from the query. The response will contain null for the removed fields and an error in the errors array.
  • reject: Rejects the entire GraphQL operation if it requests any field the user is not authorized to access.

To configure this, add the following to your router.yaml configuration file:

authentication:
  directives:
    unauthorized:
      # "filter" (default): Removes unauthorized fields from the query and returns errors.
      # "reject": Rejects the entire request if any unauthorized field is requested.
      mode: reject

If this section is omitted, the router will use filter mode by default.

JWT Scope Requirements

When using the @requiresScopes directive, the router expects the user's granted scopes to be present in the JWT payload. The scopes should be in an array of strings or a string (scopes separated by space), within a claim named scope.

Here is an example of a JWT payload with the correct format:

{
  "sub": "user-123",
  "scope": [
    "read:products",
    "write:reviews"
  ],
  "iat": 1516239022
}

@github-actions
Copy link

github-actions bot commented Nov 21, 2025
edited
Loading

k6-benchmark results

     ✓ response code was 200
     ✓ no graphql errors
     ✓ valid response structure

     █ setup

     checks.........................: 100.00% ✓ 210390      ✗ 0    
     data_received..................: 6.2 GB  205 MB/s
     data_sent......................: 82 MB   2.7 MB/s
     http_req_blocked...............: avg=3.42µs   min=701ns   med=1.75µs  max=4.29ms   p(90)=2.48µs  p(95)=2.87µs  
     http_req_connecting............: avg=1.03µs   min=0s      med=0s      max=2.92ms   p(90)=0s      p(95)=0s      
     http_req_duration..............: avg=20.97ms  min=2.36ms  med=20.07ms max=235.82ms p(90)=28.53ms p(95)=31.6ms  
       { expected_response:true }...: avg=20.97ms  min=2.36ms  med=20.07ms max=235.82ms p(90)=28.53ms p(95)=31.6ms  
     http_req_failed................: 0.00%   ✓ 0           ✗ 70150
     http_req_receiving.............: avg=190.82µs min=24.68µs med=39.69µs max=205.82ms p(90)=87.56µs p(95)=400.67µs
     http_req_sending...............: avg=24.4µs   min=5.27µs  med=10.61µs max=24.77ms  p(90)=15.63µs p(95)=28.38µs 
     http_req_tls_handshaking.......: avg=0s       min=0s      med=0s      max=0s       p(90)=0s      p(95)=0s      
     http_req_waiting...............: avg=20.76ms  min=2.29ms  med=19.94ms max=55.94ms  p(90)=28.28ms p(95)=31.27ms 
     http_reqs......................: 70150   2332.910494/s
     iteration_duration.............: avg=21.38ms  min=5.18ms  med=20.41ms max=258.89ms p(90)=28.95ms p(95)=32.04ms 
     iterations.....................: 70130   2332.245373/s
     vus............................: 50      min=50        max=50 
     vus_max........................: 50      min=50        max=50

@github-actions
Copy link

github-actions bot commented Nov 21, 2025
edited
Loading

🐋 This PR was built and pushed to the following Docker images:

Image Names: ghcr.io/graphql-hive/router

Platforms: linux/amd64,linux/arm64

Image Tags: ghcr.io/graphql-hive/router:pr-583 ghcr.io/graphql-hive/router:sha-f8519cd

Docker metadata 
{
"buildx.build.ref": "builder-fc409ceb-43fb-4524-a9c9-a0f595802483/builder-fc409ceb-43fb-4524-a9c9-a0f5958024830/1gj5t1cmu1c7398rmdvmpkvze",
"containerimage.descriptor": {
  "mediaType": "application/vnd.oci.image.index.v1+json",
  "digest": "sha256:99fd4a8fbf1f4b0aea168bc8d271f3f58109cd486b9fcf565f7fc324689a83e7",
  "size": 1609
},
"containerimage.digest": "sha256:99fd4a8fbf1f4b0aea168bc8d271f3f58109cd486b9fcf565f7fc324689a83e7",
"image.name": "ghcr.io/graphql-hive/router:pr-583,ghcr.io/graphql-hive/router:sha-f8519cd"
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants