Upcoming Release Changes

[theguild-bot]

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@graphql-hive/laboratory@0.1.4

Patch Changes

• #7963
  4a8bd4f
  Thanks @mskorokhodov! - Implemented functionality that allows
  to have multiple queries in same operation while working only with focused one (run button, query
  builder)

• #7892
  fab4b03
  Thanks @mskorokhodov! - Hive Laboratory renders Hive Router
  query plan if included in response extensions

@graphql-hive/render-laboratory@0.1.4

Patch Changes

• #7963
  4a8bd4f
  Thanks @mskorokhodov! - Implemented functionality that allows
  to have multiple queries in same operation while working only with focused one (run button, query
  builder)

• #7892
  fab4b03
  Thanks @mskorokhodov! - Hive Laboratory renders Hive Router
  query plan if included in response extensions

• Updated dependencies
  [4a8bd4f,
  fab4b03]:

  • @graphql-hive/laboratory@0.1.4

hive@11.0.3

Patch Changes

• #7993
  730771f
  Thanks @n1ru4l! - Address vulnerability
  GHSA-72c6-fx6q-fr5w.

• #7988
  d7e7025
  Thanks @n1ru4l! - Address vulnerability
  GHSA-247c-9743-5963.

• #7961
  40fd27d
  Thanks @n1ru4l! - Update
  nodemailer to address vulnerability
  GHSA-vvjj-xcjg-gr5g.

• #7993
  730771f
  Thanks @n1ru4l! - Address vulnerability
  GHSA-v9ww-2j6r-98q6.

• #7976
  ed9ab34
  Thanks @n1ru4l! - address vulnerability
  GHSA-r4q5-vmmm-2653

• #7967
  9708f71
  Thanks @n1ru4l! - Fix schema contract composition applying
  @inaccessible on the federation types ContextArgument and FieldValue on the supergraph SDL.

  This mitigates the following error in apollo-router upon processing the supergraph:

  could not create router: Api error(s): The supergraph schema failed to produce a valid API schema: The following errors occurred:
    - Core feature type `join__ContextArgument` cannot use @inaccessible.
    - Core feature type `join__FieldValue` cannot use @inaccessible.
  

• #7993
  730771f
  Thanks @n1ru4l! - Address vulnerability
  GHSA-xq3m-2v4x-88gg.

• #7978
  9c6989c
  Thanks @jdolle! - Add schema linting support for type extensions

• #7993
  730771f
  Thanks @n1ru4l! - Address vulnerability
  CVE-2026-6414.

• #7988
  d7e7025
  Thanks @n1ru4l! - Address vulnerability
  GHSA-39q2-94rc-95cp.

• #7980
  c46b2f2
  Thanks @n1ru4l! - Address vulnerability
  GHSA-fvcv-3m26-pcqx.

• #7993
  730771f
  Thanks @n1ru4l! - Address vulnerability
  CVE-2026-6410.

• #7961
  40fd27d
  Thanks @n1ru4l! - Update
  opentelemetry-go to address vulnerability
  CVE-2026-39883.

[gemini-code-assist]

Code Review

This pull request addresses security vulnerabilities in nodemailer and opentelemetry-go, fixes a schema composition error involving @inaccessible federation types, and increments the deployment version to 11.0.3. A redundant Cargo.lock entry was identified in the .gitignore file that should be removed.

[gemini-code-assist]

The entry Cargo.lock is already present in this file multiple times (lines 145-163). Adding it again is redundant and indicates a potential issue with the automation script or process managing this file. Please remove the duplicates.

[github-actions]

🚀 Snapshot Release (rc)

The latest changes of this PR are available as rc on npm (based on the declared changesets):

Package	Version	Info
@graphql-hive/laboratory	0.1.4-rc-20260416110134-6d8aa2bf6564616ec1973c8cd43a0cdef7db0fe0	npm ↗︎ unpkg ↗︎
@graphql-hive/render-laboratory	0.1.4-rc-20260416110134-6d8aa2bf6564616ec1973c8cd43a0cdef7db0fe0	npm ↗︎ unpkg ↗︎
hive	11.0.3-rc-20260416110134-6d8aa2bf6564616ec1973c8cd43a0cdef7db0fe0	npm ↗︎ unpkg ↗︎

[github-actions]

🐋 This PR was built and pushed to the following Docker images:

Targets: build

Platforms: linux/amd64

Image Tag: 6d8aa2bf6564616ec1973c8cd43a0cdef7db0fe0