[otel] rely on context for parenting spans correctly

[EmrysMyrddin]

Walkthrough: https://youtu.be/YqzgToNJ9wc

resolves #516
resolves #514
resolves #515
resolves #517
resolves #513

[theguild-bot]

🚀 Snapshot Release (alpha)

The latest changes of this PR are available as alpha on npm (based on the declared changesets):

Package	Version	Info
@graphql-tools/batch-delegate	9.0.30-alpha-0389c268eae4d089f15abeb07efc955af3945cdd	npm ↗︎ unpkg ↗︎
@graphql-tools/batch-execute	9.0.12-alpha-0389c268eae4d089f15abeb07efc955af3945cdd	npm ↗︎ unpkg ↗︎
@graphql-tools/delegate	10.2.12-alpha-0389c268eae4d089f15abeb07efc955af3945cdd	npm ↗︎ unpkg ↗︎
@graphql-tools/executor-common	0.0.2-alpha-0389c268eae4d089f15abeb07efc955af3945cdd	npm ↗︎ unpkg ↗︎
@graphql-tools/executor-graphql-ws	2.0.2-alpha-0389c268eae4d089f15abeb07efc955af3945cdd	npm ↗︎ unpkg ↗︎
@graphql-tools/executor-http	1.2.7-alpha-0389c268eae4d089f15abeb07efc955af3945cdd	npm ↗︎ unpkg ↗︎
@graphql-tools/federation	3.1.2-alpha-0389c268eae4d089f15abeb07efc955af3945cdd	npm ↗︎ unpkg ↗︎
@graphql-mesh/fusion-runtime	0.11.0-alpha-0389c268eae4d089f15abeb07efc955af3945cdd	npm ↗︎ unpkg ↗︎
@graphql-hive/gateway	1.9.5-alpha-0389c268eae4d089f15abeb07efc955af3945cdd	npm ↗︎ unpkg ↗︎
@graphql-mesh/hmac-upstream-signature	1.2.20-alpha-0389c268eae4d089f15abeb07efc955af3945cdd	npm ↗︎ unpkg ↗︎
@graphql-mesh/plugin-opentelemetry	1.3.41-alpha-0389c268eae4d089f15abeb07efc955af3945cdd	npm ↗︎ unpkg ↗︎
@graphql-mesh/plugin-prometheus	1.3.29-alpha-0389c268eae4d089f15abeb07efc955af3945cdd	npm ↗︎ unpkg ↗︎
@graphql-hive/gateway-runtime	1.4.13-alpha-0389c268eae4d089f15abeb07efc955af3945cdd	npm ↗︎ unpkg ↗︎
@graphql-tools/stitch	9.4.17-alpha-0389c268eae4d089f15abeb07efc955af3945cdd	npm ↗︎ unpkg ↗︎
@graphql-tools/stitching-directives	3.1.27-alpha-0389c268eae4d089f15abeb07efc955af3945cdd	npm ↗︎ unpkg ↗︎
@graphql-mesh/transport-common	0.7.29-alpha-0389c268eae4d089f15abeb07efc955af3945cdd	npm ↗︎ unpkg ↗︎
@graphql-mesh/transport-http	0.6.33-alpha-0389c268eae4d089f15abeb07efc955af3945cdd	npm ↗︎ unpkg ↗︎
@graphql-mesh/transport-http-callback	0.5.20-alpha-0389c268eae4d089f15abeb07efc955af3945cdd	npm ↗︎ unpkg ↗︎
@graphql-mesh/transport-ws	1.0.3-alpha-0389c268eae4d089f15abeb07efc955af3945cdd	npm ↗︎ unpkg ↗︎
@graphql-tools/wrap	10.0.30-alpha-0389c268eae4d089f15abeb07efc955af3945cdd	npm ↗︎ unpkg ↗︎

[theguild-bot]

🚀 Snapshot Release (Binary for Linux-X64)

The latest changes of this PR are available for download (based on the declared changesets).

[theguild-bot]

🚀 Snapshot Release (Binary for macOS-ARM64)

The latest changes of this PR are available for download (based on the declared changesets).

[theguild-bot]

🚀 Snapshot Release (Bun Docker Image)

The latest changes of this PR are available as image on GitHub Container Registry (based on the declared changesets):

ghcr.io/graphql-hive/gateway:1.9.5-alpha-0389c268eae4d089f15abeb07efc955af3945cdd-bun

[theguild-bot]

🚀 Snapshot Release (Node Docker Image)

The latest changes of this PR are available as image on GitHub Container Registry (based on the declared changesets):

ghcr.io/graphql-hive/gateway:1.9.5-alpha-0389c268eae4d089f15abeb07efc955af3945cdd

[theguild-bot]

🚀 Snapshot Release (Binary for macOS-X64)

The latest changes of this PR are available for download (based on the declared changesets).

[theguild-bot]

🚀 Snapshot Release (Binary for Windows-X64)

The latest changes of this PR are available for download (based on the declared changesets).

[theguild-bot]

🚀 Snapshot Release (Binary for Linux-ARM64)

The latest changes of this PR are available for download (based on the declared changesets).

[coderabbitai]

📝 Walkthrough

Summary by CodeRabbit

• New Features

  • Enhanced telemetry and tracing capabilities with improved context management and hierarchical trace structure for clearer analysis during GraphQL and HTTP operations.
  • Introduced state management and context stack utilities to bolster error handling and trace visualization.

• Chores

  • Updated numerous dependencies and added explicit dependency resolutions across the platform to ensure compatibility and improved performance.

Walkthrough

The changes include multiple dependency updates across various packages, notably updating @graphql-tools/utils from ^10.7.0 to ^10.8.1 and introducing new dependencies such as @opentelemetry/context-async-hooks. The updates span modifications to OpenTelemetry integration, including adjustments to span types, improved hierarchical trace construction with a new span tree builder, and refined error handling in tests. Additionally, the changes add state management utilities via a new withState function and introduce an OtelContextStack for context tracking, alongside several new functions for initializing and finalizing spans.

Changes

File	Change Summary
.changeset/@graphql-mesh_plugin-opentelemetry-532-dependencies.md, packages/plugins/opentelemetry/package.json, package.json	Updated @graphql-tools/utils to ^10.8.1; added dependency @opentelemetry/context-async-hooks; added resolution for @envelop/core; updated graphql-yoga and added development dependency @whatwg-node/server.
e2e/opentelemetry/opentelemetry.e2e.ts	Modified Jaeger trace types by introducing JaegerTraceSpan, updated the JaegerTracesApiResponse structure, added the buildSpanTree function, and updated tests to expect a new hierarchical span structure with increased span counts.
packages/plugins/opentelemetry/src/plugin-utils.ts	Added the withState utility function along with related types (HttpState, GraphQLState, GatewayState, etc.) and the getMostSpecificState function for managing and accessing state efficiently.
packages/plugins/opentelemetry/src/plugin.ts	Introduced new types for context building and tracing (e.g. OnContextBuildingEventPayload, OnFetchHookDone, ContextManager), and updated plugin options and control flow to improve span tracing and error handling for OpenTelemetry integration.
packages/plugins/opentelemetry/src/spans.ts	Added multiple functions to start and end spans for HTTP and GraphQL operations (including parsing, validating, executing, subgraph fetches, and upstream HTTP fetches), with enhanced context propagation and refined error recording in done callbacks.
packages/plugins/opentelemetry/src/utils.ts	Introduced mapMaybePromise and toPromise methods to handle Promise-like values, enhancing utility support for asynchronous operations.
.changeset/@graphql-hive_* .changeset/@graphql-tools_*	Multiple changesets updated dependency versions, primarily updating @graphql-tools/utils from ^10.7.0 to ^10.8.1 and upgrading related packages such as @graphql-hive/core across various modules.
packages/plugins/opentelemetry/src/context-stack.ts	Added the OtelContextStack class that manages a stack of OpenTelemetry contexts, with methods to push/pop contexts and generate a string representation based on span names.

Sequence Diagram(s)

sequenceDiagram
    participant Client
    participant Gateway
    participant Plugin
    participant Spans
    Client->>Gateway: Sends GraphQL request
    Gateway->>Plugin: Forwards request to OpenTelemetry plugin
    Plugin->>Spans: Initiates span (e.g. startGraphQLSpan)
    Spans-->>Plugin: Returns updated context and done callback
    Plugin->>Spans: Calls additional functions (e.g. addExecutionArgsToGraphqlSpan, startUpstreamHttpFetchSpan)
    Spans-->>Plugin: Processes span operations and error handling
    Plugin->>Gateway: Completes processing and returns trace data

Loading

Assessment against linked issues

Objective	Addressed	Explanation
[otel] Subgraph execution span relationships (#516, #517)	✅
[otel] Missing fetch span under subgraph.execute spans (#514)	✅
[otel] Reporting of "critical path" is broken (#515)	✅
[otel] Incorrect error.message attribute in spans of failed execution (#513)	✅

Possibly related PRs

• enhance(runtime): prepare for the future supergraph executor #590: Involves similar updates to @graphql-tools/utils, directly affecting dependency management in gateway packages.
• Upcoming Release Changes #575: Addresses the same dependency update for the gateway, indicating a strong code-level relation.
• Update Examples #587: Also updates the @graphql-tools/utils dependency in the gateway package, showing clear overlap.

Suggested reviewers

• dotansimha

Poem

I'm a bunny in the code garden, so spry,
Hopping through updates as the changes fly.
Dependencies refreshed and spans aligned,
With state and context now well-designed.
My whiskers twitch with every new trace—
A hoppin' celebration in our codebase space! 🐇✨

✨ Finishing Touches

• 📝 Generate Docstrings (Beta)

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 11

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8c466f4 and 69ab3e4.

⛔ Files ignored due to path filters (35)

• examples/apq-subgraphs/example.tar.gz is excluded by !**/*.gz
• examples/apq-subgraphs/package-lock.json is excluded by !**/package-lock.json
• examples/extra-fields/example.tar.gz is excluded by !**/*.gz
• examples/extra-fields/package-lock.json is excluded by !**/package-lock.json
• examples/federation-example/example.tar.gz is excluded by !**/*.gz
• examples/federation-example/package-lock.json is excluded by !**/package-lock.json
• examples/federation-mixed/example.tar.gz is excluded by !**/*.gz
• examples/federation-mixed/package-lock.json is excluded by !**/package-lock.json
• examples/federation-subscriptions-passthrough/example.tar.gz is excluded by !**/*.gz
• examples/federation-subscriptions-passthrough/package-lock.json is excluded by !**/package-lock.json
• examples/file-upload/example.tar.gz is excluded by !**/*.gz
• examples/file-upload/package-lock.json is excluded by !**/package-lock.json
• examples/hmac-auth-https/example.tar.gz is excluded by !**/*.gz
• examples/hmac-auth-https/package-lock.json is excluded by !**/package-lock.json
• examples/interface-additional-resolvers/example.tar.gz is excluded by !**/*.gz
• examples/interface-additional-resolvers/package-lock.json is excluded by !**/package-lock.json
• examples/json-schema-subscriptions/example.tar.gz is excluded by !**/*.gz
• examples/json-schema-subscriptions/package-lock.json is excluded by !**/package-lock.json
• examples/openapi-additional-resolvers/example.tar.gz is excluded by !**/*.gz
• examples/openapi-additional-resolvers/package-lock.json is excluded by !**/package-lock.json
• examples/openapi-arg-rename/example.tar.gz is excluded by !**/*.gz
• examples/openapi-arg-rename/package-lock.json is excluded by !**/package-lock.json
• examples/openapi-javascript-wiki/example.tar.gz is excluded by !**/*.gz
• examples/openapi-javascript-wiki/package-lock.json is excluded by !**/package-lock.json
• examples/openapi-subscriptions/example.tar.gz is excluded by !**/*.gz
• examples/openapi-subscriptions/package-lock.json is excluded by !**/package-lock.json
• examples/operation-field-permissions/example.tar.gz is excluded by !**/*.gz
• examples/operation-field-permissions/package-lock.json is excluded by !**/package-lock.json
• examples/programmatic-batching/example.tar.gz is excluded by !**/*.gz
• examples/programmatic-batching/package-lock.json is excluded by !**/package-lock.json
• examples/subscriptions-with-transforms/example.tar.gz is excluded by !**/*.gz
• examples/subscriptions-with-transforms/package-lock.json is excluded by !**/package-lock.json
• examples/type-merging-batching/example.tar.gz is excluded by !**/*.gz
• examples/type-merging-batching/package-lock.json is excluded by !**/package-lock.json
• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (40)

• .changeset/@graphql-mesh_plugin-opentelemetry-532-dependencies.md (1 hunks)
• e2e/auto-type-merging/package.json (1 hunks)
• e2e/extra-fields/package.json (1 hunks)
• e2e/hmac-auth-https/package.json (1 hunks)
• e2e/interface-additional-resolvers/package.json (1 hunks)
• e2e/opentelemetry/opentelemetry.e2e.ts (4 hunks)
• e2e/opentelemetry/package.json (1 hunks)
• e2e/retry-timeout/package.json (1 hunks)
• e2e/subscriptions-with-transforms/package.json (1 hunks)
• e2e/type-merging-batching/package.json (1 hunks)
• examples/apq-subgraphs/package.json (1 hunks)
• examples/extra-fields/package.json (1 hunks)
• examples/federation-example/package.json (1 hunks)
• examples/federation-mixed/package.json (1 hunks)
• examples/federation-subscriptions-passthrough/package.json (1 hunks)
• examples/file-upload/package.json (1 hunks)
• examples/hmac-auth-https/package.json (1 hunks)
• examples/interface-additional-resolvers/package.json (1 hunks)
• examples/json-schema-subscriptions/package.json (1 hunks)
• examples/openapi-additional-resolvers/package.json (1 hunks)
• examples/openapi-arg-rename/package.json (1 hunks)
• examples/openapi-javascript-wiki/package.json (1 hunks)
• examples/openapi-subscriptions/package.json (1 hunks)
• examples/operation-field-permissions/package.json (1 hunks)
• examples/programmatic-batching/package.json (1 hunks)
• examples/subscriptions-with-transforms/package.json (1 hunks)
• examples/type-merging-batching/package.json (1 hunks)
• package.json (1 hunks)
• packages/executors/http/package.json (1 hunks)
• packages/fusion-runtime/package.json (1 hunks)
• packages/gateway/package.json (1 hunks)
• packages/plugins/hmac-upstream-signature/package.json (1 hunks)
• packages/plugins/opentelemetry/package.json (2 hunks)
• packages/plugins/opentelemetry/src/contextManager.ts (1 hunks)
• packages/plugins/opentelemetry/src/plugin-utils.ts (1 hunks)
• packages/plugins/opentelemetry/src/plugin.ts (4 hunks)
• packages/plugins/opentelemetry/src/spans.ts (5 hunks)
• packages/plugins/opentelemetry/src/utils.ts (1 hunks)
• packages/plugins/prometheus/package.json (2 hunks)
• packages/runtime/package.json (1 hunks)

🧰 Additional context used

📓 Path-based instructions (6)

`examples/**`: In this directory we keep all the examples. E...

examples/**: In this directory we keep all the examples. Examples are generated using a scheduled CI pipeline.
When changes are made to Gateway config, we expect to see some changes in the examples directory.

• examples/apq-subgraphs/package.json
• examples/federation-mixed/package.json
• examples/file-upload/package.json
• examples/federation-example/package.json
• examples/programmatic-batching/package.json
• examples/operation-field-permissions/package.json
• examples/openapi-javascript-wiki/package.json
• examples/federation-subscriptions-passthrough/package.json
• examples/openapi-arg-rename/package.json
• examples/openapi-subscriptions/package.json
• examples/openapi-additional-resolvers/package.json
• examples/json-schema-subscriptions/package.json
• examples/extra-fields/package.json
• examples/subscriptions-with-transforms/package.json
• examples/interface-additional-resolvers/package.json
• examples/type-merging-batching/package.json
• examples/hmac-auth-https/package.json

`**`: For all PRs, we would like to verify that a Linear iss...

**: For all PRs, we would like to verify that a Linear issue is linked. Check if there's a mention for "GW-*" in the PR description, and the us know when it's missing.

In most cases, when a PR adds a new functionality, we would like to make sure it has documentation in the corresponding console project.
Use the global knowledge feature to search for PRs in graphql-hive/console repository that adds documentation. Suggest to create a follow up issue to add the missing documentation.

• examples/apq-subgraphs/package.json
• e2e/type-merging-batching/package.json
• examples/federation-mixed/package.json
• examples/file-upload/package.json
• e2e/subscriptions-with-transforms/package.json
• e2e/opentelemetry/package.json
• examples/federation-example/package.json
• examples/programmatic-batching/package.json
• examples/operation-field-permissions/package.json
• examples/openapi-javascript-wiki/package.json
• packages/plugins/hmac-upstream-signature/package.json
• examples/federation-subscriptions-passthrough/package.json
• e2e/retry-timeout/package.json
• e2e/hmac-auth-https/package.json
• e2e/auto-type-merging/package.json
• e2e/extra-fields/package.json
• packages/gateway/package.json
• packages/runtime/package.json
• e2e/interface-additional-resolvers/package.json
• examples/openapi-arg-rename/package.json
• examples/openapi-subscriptions/package.json
• examples/openapi-additional-resolvers/package.json
• packages/executors/http/package.json
• examples/json-schema-subscriptions/package.json
• packages/fusion-runtime/package.json
• packages/plugins/prometheus/package.json
• examples/extra-fields/package.json
• package.json
• examples/subscriptions-with-transforms/package.json
• examples/interface-additional-resolvers/package.json
• examples/type-merging-batching/package.json
• packages/plugins/opentelemetry/src/contextManager.ts
• packages/plugins/opentelemetry/package.json
• packages/plugins/opentelemetry/src/utils.ts
• packages/plugins/opentelemetry/src/plugin.ts
• packages/plugins/opentelemetry/src/plugin-utils.ts
• examples/hmac-auth-https/package.json
• packages/plugins/opentelemetry/src/spans.ts
• e2e/opentelemetry/opentelemetry.e2e.ts

`e2e/**`: This directory includes end-to-end tests for the g...

e2e/**: This directory includes end-to-end tests for the gateway.
The examples directory is generated based on the code in this directory.

• e2e/type-merging-batching/package.json
• e2e/subscriptions-with-transforms/package.json
• e2e/opentelemetry/package.json
• e2e/retry-timeout/package.json
• e2e/hmac-auth-https/package.json
• e2e/auto-type-merging/package.json
• e2e/extra-fields/package.json
• e2e/interface-additional-resolvers/package.json
• e2e/opentelemetry/opentelemetry.e2e.ts

`packages/**`: In this directory we keep all packages releva...

packages/**: In this directory we keep all packages relevant to the gateway.

In most cases, when changes are made to the source code / dependencies in these directories, we also require to have a corresponding changeset file, created using yarn changeset with a full description on the changes with an example.
Also, when new features are added the packages, the changeset file should mention minor semver change. When a bug is fixed, patch needs to be used. The major bump is used for a PR that has breaking changes.

• packages/plugins/hmac-upstream-signature/package.json
• packages/gateway/package.json
• packages/runtime/package.json
• packages/executors/http/package.json
• packages/fusion-runtime/package.json
• packages/plugins/prometheus/package.json
• packages/plugins/opentelemetry/src/contextManager.ts
• packages/plugins/opentelemetry/package.json
• packages/plugins/opentelemetry/src/utils.ts
• packages/plugins/opentelemetry/src/plugin.ts
• packages/plugins/opentelemetry/src/plugin-utils.ts
• packages/plugins/opentelemetry/src/spans.ts

`packages/plugins/**`: The directories inside this dir are g...

packages/plugins/**: The directories inside this dir are gateway plugins. Plugins adds functionality to the GraphQL gateway, at the runtime level. Plugins included are authorization, authentication, caching, persisted documents and more.

• packages/plugins/hmac-upstream-signature/package.json
• packages/plugins/prometheus/package.json
• packages/plugins/opentelemetry/src/contextManager.ts
• packages/plugins/opentelemetry/package.json
• packages/plugins/opentelemetry/src/utils.ts
• packages/plugins/opentelemetry/src/plugin.ts
• packages/plugins/opentelemetry/src/plugin-utils.ts
• packages/plugins/opentelemetry/src/spans.ts

`packages/gateway/**`: The main runtime for the Hive gateway...

packages/gateway/**: The main runtime for the Hive gateway.
This package is CLI that runs the gateway and configures the internals of the gateway function.

• packages/gateway/package.json

🪛 Biome (1.9.4)

packages/plugins/opentelemetry/src/utils.ts

[error] 1-1: A Node.js builtin module should be imported with the node: protocol.

Using the node: protocol is more explicit and signals that the imported module belongs to Node.js.
Unsafe fix: Add the node: protocol.

(lint/style/useNodejsImportProtocol)

---

[error] 27-27: Do not add then to an object.

(lint/suspicious/noThenProperty)

packages/plugins/opentelemetry/src/plugin.ts

[error] 339-339: Forbidden non-null assertion.

(lint/style/noNonNullAssertion)

---

[error] 371-371: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 375-375: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 395-395: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 401-401: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 421-421: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 427-427: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 441-441: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 452-452: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 459-459: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 493-493: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 341-341: This let declares a variable that is only assigned once.

'handler' is never reassigned.

Safe fix: Use const instead.

(lint/style/useConst)

packages/plugins/opentelemetry/src/plugin-utils.ts

[error] 9-9: This let declares a variable that is only assigned once.

'states' is never reassigned.

Safe fix: Use const instead.

(lint/style/useConst)

---

[error] 27-27: This let declares a variable that is only assigned once.

'pluginWithState' is never reassigned.

Safe fix: Use const instead.

(lint/style/useConst)

---

[error] 35-35: This let declares a variable that is only assigned once.

'state' is never reassigned.

Safe fix: Use const instead.

(lint/style/useConst)

e2e/opentelemetry/opentelemetry.e2e.ts

[error] 568-568: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 570-570: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 578-578: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 599-599: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

🔇 Additional comments (50)

packages/plugins/opentelemetry/src/plugin-utils.ts (1)

1-8: No further issues found; well-structured and clear.
Everything else in this file appears correct and maintainable.

Also applies to: 10-26, 28-34, 36-105

packages/plugins/opentelemetry/src/spans.ts (1)

1-113: All other spans logic looks great.
The additions thoroughly cover span lifecycle management, attribute setting, and error handling for GraphQL operations.

Also applies to: 118-367

packages/plugins/opentelemetry/src/plugin.ts (1)

1-579: Add a changeset and confirm Linear issue reference.
• Since you modified code within “packages/**”, please ensure a corresponding changeset exists describing these updates.
• Also, there's no mention of “GW-*” in the PR description. Please confirm whether a relevant Linear issue should be linked.

🧰 Tools

🪛 Biome (1.9.4)

[error] 339-339: Forbidden non-null assertion.

(lint/style/noNonNullAssertion)

---

[error] 371-371: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 375-375: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 395-395: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 401-401: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 421-421: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 427-427: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 441-441: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 452-452: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 459-459: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 493-493: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 341-341: This let declares a variable that is only assigned once.

'handler' is never reassigned.

Safe fix: Use const instead.

(lint/style/useConst)

e2e/opentelemetry/opentelemetry.e2e.ts (2)

27-27: No issues found.
The array type definition looks correct.

---

83-85: Ensure error re-throwing logic aligns with desired behavior.
If the signal is aborted, this block re-throws the last encountered error (stored in 'err'). This may mask the actual AbortError or other errors if the code doesn't exit the loop immediately. Verify that this is indeed the desired behavior.

packages/plugins/opentelemetry/src/contextManager.ts (1)

1-43: Implementation looks solid.
This stack-based approach for context management is straightforward and easy to follow. Great job! Just ensure that concurrent calls to push/pop won't break the stack invariants if used in multi-threaded contexts (e.g., Worker threads).

packages/plugins/opentelemetry/src/utils.ts (1)

27-30: Double-check custom Promise layering.
Attaching .then, .catch, and .finally directly to the returned object can raise concerns from lint tools, as it mimics native Promises. Ensure this approach handles all edge cases or consider simpler transformations that rely on Promise APIs directly.

🧰 Tools

🪛 Biome (1.9.4)

[error] 27-27: Do not add then to an object.

(lint/suspicious/noThenProperty)

e2e/extra-fields/package.json (1)

7-7: Dependency Version Update for graphql-yoga
The version has been bumped from "^5.10.11" to "^5.11.0". This is a coordinated upgrade across the codebase. Please ensure that the new version is compatible with all usage scenarios in your tests.

e2e/type-merging-batching/package.json (1)

7-7: graphql-yoga Upgrade Consistency
The dependency update to "^5.11.0" is consistent with other packages. Verify that any minor API changes introduced in graphql-yoga do not affect the functionality within this e2e test context.

e2e/interface-additional-resolvers/package.json (1)

7-7: Updated graphql-yoga Version
Updating to "^5.11.0" is aligned with the coordinated dependency bumps. Double-check that the integration with the interface additional resolvers functionality continues to work as expected.

e2e/retry-timeout/package.json (1)

8-8: graphql-yoga Dependency Update
The dependency version has been updated from "^5.10.11" to "^5.11.0". Please confirm that the new version does not introduce any unforeseen timeout or retry behavior differences.

.changeset/@graphql-mesh_plugin-opentelemetry-532-dependencies.md (1)

1-8: Changeset Dependency Updates for @graphql-mesh/plugin-opentelemetry
This changeset adds a new dependency "@opentelemetry/context-async-hooks" at "^1.30.1" and updates "graphql-yoga" to "^5.11.0". These modifications support enhanced OpenTelemetry context management. Ensure that the added dependency is fully compatible with the plugin's tracing and context parenting functionality.

e2e/subscriptions-with-transforms/package.json (1)

8-8: Upgrade graphql-yoga Dependency Version

The dependency "graphql-yoga" has been updated to "^5.11.0", aligning with the broader upgrade across the project. This change helps ensure consistency across different e2e test suites.

e2e/auto-type-merging/package.json (1)

8-8: Consistent Dependency Update for graphql-yoga

The "graphql-yoga" version has been updated to "^5.11.0" in the devDependencies. This is consistent with other parts of the repository and should help reduce version conflicts.

e2e/opentelemetry/package.json (1)

9-9: Align graphql-yoga Version with Overall Dependency Upgrades

Updating "graphql-yoga" to "^5.11.0" in this file is important for maintaining consistency, especially as it supports OpenTelemetry-related e2e tests. Please verify that the change does not introduce any behavioral differences affecting the tracing and context propagation features.

examples/openapi-javascript-wiki/package.json (1)

10-10: Update @graphql-hive/gateway Dependency Version

The dependency "@graphql-hive/gateway" has been updated from "^1.9.0" to "^1.9.1". This change ensures that the example remains up to date with the latest improvements and releases. Confirm that the change is reflected in both functionality and documentation as needed.

examples/openapi-additional-resolvers/package.json (1)

10-10: Upgrade @graphql-hive/gateway Dependency Version

The dependency update to "@graphql-hive/gateway" version "^1.9.1" is straightforward and consistent with similar updates across the repository. Ensure that any integration tests for the examples confirm compatibility with the new version.

examples/file-upload/package.json (1)

8-8: Gateway Dependency Version Update Confirmed
The @graphql-hive/gateway dependency is updated to ^1.9.1, which is consistent with the broader dependency standardization across the repository.

examples/apq-subgraphs/package.json (1)

12-12: Gateway Dependency Version Upgrade
The dependency update to @graphql-hive/gateway version ^1.9.1 aligns with the changes in other example projects. No issues detected.

examples/interface-additional-resolvers/package.json (2)

7-7: GraphQL-Yoga Version Update
Upgrading graphql-yoga to ^5.11.0 is in line with upgrading efforts across the project. Ensure compatibility with any custom middleware or configurations if applicable.

---

9-9: Gateway Dependency Version Update
The version of @graphql-hive/gateway has been updated to ^1.9.1, ensuring consistency with similar modifications elsewhere.

examples/programmatic-batching/package.json (1)

10-10: Consistent Update for Gateway Dependency
The update of @graphql-hive/gateway to ^1.9.1 maintains consistency with the dependency versions in other examples.

examples/openapi-arg-rename/package.json (1)

10-10: Updated Gateway Dependency Version
The dependency @graphql-hive/gateway is now set to ^1.9.1, which matches the standardized upgrade across the repository.

examples/extra-fields/package.json (3)

7-7: Upgrade of graphql-yoga dependency version.
The version has been bumped from "^5.10.11" to "^5.11.0" which appears consistent with the other upgrades in this PR.

---

9-9: Upgrade of @graphql-hive/gateway dependency version.
The update from "^1.9.0" to "^1.9.1" is clear and aligns with the coordinated dependency upgrades across affected packages.

---

1-20: Missing Linear Issue Reference.
Please ensure that the PR description includes a reference to the corresponding Linear issue ID (e.g. "GW-...") as required by guidelines. This helps maintain traceability for dependency and functionality changes.

examples/operation-field-permissions/package.json (1)

9-9: Upgrade of @graphql-hive/gateway dependency version.
The dependency version has been updated to "^1.9.1" consistently with similar changes elsewhere in the repository.

examples/type-merging-batching/package.json (2)

7-7: Upgrade of graphql-yoga dependency version.
The bump to "^5.11.0" ensures consistency with the overall dependency uplift in this PR.

---

9-9: Upgrade of @graphql-hive/gateway dependency version.
The update to "^1.9.1" is correct and aligns with the coordinated updates made in other package.json files.

examples/subscriptions-with-transforms/package.json (2)

8-8: Upgrade of graphql-yoga dependency version.
The dependency version has been updated to "^5.11.0" from its previous version, which is consistent with similar changes in the PR.

---

10-10: Upgrade of @graphql-hive/gateway dependency version.
The dependency update to "^1.9.1" is applied correctly.

examples/openapi-subscriptions/package.json (1)

12-12: Upgrade of @graphql-hive/gateway dependency version.
The version bump to "^1.9.1" is consistent with the dependency updates across the repository.

examples/json-schema-subscriptions/package.json (2)

1-4: Ensure PR Issue Linking for Traceability

It appears there is no explicit reference to a relevant GW-* Linear issue in the PR description or metadata in this file. Please double-check that the PR description includes the appropriate GW-* issue link(s) for proper traceability.

---

13-13: Dependency Version Update Confirmed

The dependency "@graphql-hive/gateway" has been successfully updated to "^1.9.1". This change is consistent with the coordinated version upgrades across the repository.

examples/federation-example/package.json (1)

12-12: Consistent Gateway Dependency Upgrade

The "@graphql-hive/gateway" dependency is updated to "^1.9.1" on line 12. This maintains consistency with other examples and aligns with the overall dependency upgrade strategy.

e2e/hmac-auth-https/package.json (1)

16-16: GraphQL-Yoga Dependency Version Update

The "graphql-yoga" dependency has been updated to "^5.11.0", which is in line with similar updates across multiple packages in this PR.

examples/federation-mixed/package.json (1)

12-12: Gateway Dependency Version Update

The update of "@graphql-hive/gateway" to "^1.9.1" on line 12 is correctly applied and consistent with the rest of the repository.

examples/federation-subscriptions-passthrough/package.json (1)

18-18: Uniform Dependency Upgrade Across Examples

The "@graphql-hive/gateway" dependency update to "^1.9.1" on line 18 ensures uniformity across our examples. This change looks correct and is aligned with the PR objectives.

examples/hmac-auth-https/package.json (2)

15-15: Update @graphql-hive/gateway Dependency Version
The version has been bumped to "^1.9.1", which aligns with the other package updates in this PR. Please ensure that any related documentation or changeset files (if applicable) are updated accordingly.

---

20-20: Update graphql-yoga Dependency Version
The update to "^5.11.0" is consistent with the coordinated dependency upgrades across the project. Verify that no breaking changes are introduced by this bump and that integration tests pass.

packages/plugins/hmac-upstream-signature/package.json (1)

57-57: Update graphql-yoga Version in DevDependencies
Bumping "graphql-yoga" to "^5.11.0" here ensures consistency with the repository’s overall dependency strategy. Please confirm that a corresponding changeset file is provided to document this minor version update.

packages/plugins/prometheus/package.json (2)

42-45: Update graphql-yoga in PeerDependencies
The dependency version for "graphql-yoga" in peerDependencies has been updated to "^5.11.0", ensuring that consumers of this package use a compatible version. Make sure to update any related documentation if needed.

---

57-62: Update graphql-yoga in DevDependencies
Similarly, the devDependencies now reflect the "^5.11.0" version. Please check that a changeset file is created to formally record this dependency update and that tests validate the upgrade.

packages/executors/http/package.json (1)

57-57: Update graphql-yoga in DevDependencies
The upgrade to "^5.11.0" for "graphql-yoga" maintains consistency with other package updates. It’s important to run end-to-end tests to ensure that no regressions or compatibility issues are introduced by this change.

packages/fusion-runtime/package.json (1)

61-61: Update graphql-yoga Dependency Version
The dependency "graphql-yoga" has been updated to "^5.11.0", which fits the coordinated update strategy across the codebase. Ensure that downstream consumers are aware of this update and that the changeset file (if not already present) is added to document the minor version bump.

packages/plugins/opentelemetry/package.json (2)

53-53: Dependency Addition: @opentelemetry/context-async-hooks
The new dependency "@opentelemetry/context-async-hooks": "^1.30.1" enhances async context propagation essential for proper span parenting. Ensure that this version is fully compatible with the rest of the OpenTelemetry packages in use.

---

68-68: Upgrade: graphql-yoga Version Update
The update of "graphql-yoga" to "^5.11.0" in devDependencies aligns this package with other parts of the codebase. Please verify that this minor version bump does not introduce breaking changes within your plugin's context or tests.

packages/runtime/package.json (1)

81-83: Dependency Standardization: graphql-yoga Version Update
Updating "graphql-yoga" to "^5.11.0" standardizes the dependency across multiple packages. Ensure that you run integration and e2e tests to validate that no runtime issues arise from this version bump.

package.json (1)

63-63: ⚠️ Potential issue

Resolution Addition: @envelop/core Pinning
The new resolution for "@envelop/core" pins it to "5.1.0-alpha-20250206123608-cd323a08c43c066eb34cba698d61b4f059ab5ee5". Since this is an alpha version, please confirm that its use is intentional and that it has been vetted for stability within your environment. Consider adding a comment or documentation reference for future maintainers regarding the choice of an alpha release.

packages/gateway/package.json (1)

86-88: Dependency Upgrade: graphql-yoga Version Update
The "graphql-yoga" dependency has been updated to "^5.11.0" to keep consistency with the rest of the packages. Please ensure that this update has been tested thoroughly in the gateway’s runtime to prevent any unintended behavior changes.

[coderabbitai]

🧹 Nitpick (assertive)

Consider enumerating reference types for clarity.
Currently, the 'references' property accepts arbitrary string values for 'refType'. If you know the valid reference types (e.g. "CHILD_OF", "FOLLOWS_FROM"), you might consider an enum or string literal union for better type safety.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 69ab3e4 and 7c9ddc8.

📒 Files selected for processing (1)

• packages/plugins/opentelemetry/src/plugin-utils.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (3)

`packages/**`: In this directory we keep all packages releva...

packages/**: In this directory we keep all packages relevant to the gateway.

In most cases, when changes are made to the source code / dependencies in these directories, we also require to have a corresponding changeset file, created using yarn changeset with a full description on the changes with an example.
Also, when new features are added the packages, the changeset file should mention minor semver change. When a bug is fixed, patch needs to be used. The major bump is used for a PR that has breaking changes.

• packages/plugins/opentelemetry/src/plugin-utils.ts

`packages/plugins/**`: The directories inside this dir are g...

packages/plugins/**: The directories inside this dir are gateway plugins. Plugins adds functionality to the GraphQL gateway, at the runtime level. Plugins included are authorization, authentication, caching, persisted documents and more.

• packages/plugins/opentelemetry/src/plugin-utils.ts

`**`: For all PRs, we would like to verify that a Linear iss...

**: For all PRs, we would like to verify that a Linear issue is linked. Check if there's a mention for "GW-*" in the PR description, and the us know when it's missing.

In most cases, when a PR adds a new functionality, we would like to make sure it has documentation in the corresponding console project.
Use the global knowledge feature to search for PRs in graphql-hive/console repository that adds documentation. Suggest to create a follow up issue to add the missing documentation.

• packages/plugins/opentelemetry/src/plugin-utils.ts

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (3)

packages/plugins/opentelemetry/src/plugin-utils.ts (3)

3-56: Consider thread-safety when maintaining shared state.

The withState function stores data in states using WeakMap. Each map is keyed by objects such as request, context, or executionRequest. Ensure there are no concurrency concerns when multiple requests flow through this plugin in parallel (e.g., multi-threaded or multi-worker environments). If concurrency is controlled by your runtime, this approach is typically safe, but it’s worth verifying that no race conditions occur when reading/writing the same scopes in states.

---

58-75: Well-structured hierarchical state retrieval.

The getMostSpecificState function elegantly supports fallback ordering from forSubgraphExecution to forOperation and finally to forRequest. This is clean and logically sound. No changes required.

---

77-105: Conditional types usage is commendable.

The PayloadWithState and WithState generics effectively tailor state properties to various payload shapes. The approach is advanced but well-structured. This should greatly improve type safety in real usage scenarios.

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 7c9ddc8 and 4842900.

📒 Files selected for processing (1)

• packages/plugins/opentelemetry/src/plugin.ts (4 hunks)

🧰 Additional context used

📓 Path-based instructions (3)

`packages/**`: In this directory we keep all packages releva...

packages/**: In this directory we keep all packages relevant to the gateway.

In most cases, when changes are made to the source code / dependencies in these directories, we also require to have a corresponding changeset file, created using yarn changeset with a full description on the changes with an example.
Also, when new features are added the packages, the changeset file should mention minor semver change. When a bug is fixed, patch needs to be used. The major bump is used for a PR that has breaking changes.

• packages/plugins/opentelemetry/src/plugin.ts

`packages/plugins/**`: The directories inside this dir are g...

packages/plugins/**: The directories inside this dir are gateway plugins. Plugins adds functionality to the GraphQL gateway, at the runtime level. Plugins included are authorization, authentication, caching, persisted documents and more.

• packages/plugins/opentelemetry/src/plugin.ts

`**`: For all PRs, we would like to verify that a Linear iss...

**: For all PRs, we would like to verify that a Linear issue is linked. Check if there's a mention for "GW-*" in the PR description, and the us know when it's missing.

In most cases, when a PR adds a new functionality, we would like to make sure it has documentation in the corresponding console project.
Use the global knowledge feature to search for PRs in graphql-hive/console repository that adds documentation. Suggest to create a follow up issue to add the missing documentation.

• packages/plugins/opentelemetry/src/plugin.ts

🪛 Biome (1.9.4)

packages/plugins/opentelemetry/src/plugin.ts

[error] 339-339: Forbidden non-null assertion.

(lint/style/noNonNullAssertion)

---

[error] 371-371: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 375-375: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 395-395: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 401-401: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 421-421: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 427-427: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 441-441: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 452-452: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 459-459: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 493-493: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (3)

packages/plugins/opentelemetry/src/plugin.ts (3)

58-60: Nice utility for conditional tracing configuration.
Defining BooleanOrPredicate is a clean and flexible way to conditionally enable or disable spans. This approach is both readable and extensible.

---

68-72: Verify compatibility of contextManager with targeted environments.
If you plan to run in browser environments, importing @opentelemetry/context-async-hooks may cause issues, since AsyncLocalStorage typically requires Node. Please ensure that this fallback logic aligns with your deployment environment(s).

---

339-339: Avoid using non-null assertions.
The repeated usage of ! for forOperation.otel! and related fields can mask potential null/undefined issues. Consider checking for existence or using optional chaining.

- forOperation.otel!.pop();
+ forOperation.otel?.pop();

Alternatively, refine the type definitions to ensure these values are never optional if that's guaranteed by design.

Also applies to: 371-371, 375-375, 395-395, 401-401, 421-421, 427-427, 441-441, 452-452, 459-459, 493-493

🧰 Tools

🪛 Biome (1.9.4)

[error] 339-339: Forbidden non-null assertion.

(lint/style/noNonNullAssertion)

[coderabbitai]

Caution

Inline review comments failed to post. This is likely due to GitHub's limits when posting large numbers of comments.

Actionable comments posted: 5

🔭 Outside diff range comments (2)

packages/plugins/opentelemetry/src/spans.ts (1)

202-241: startGraphQLValidateSpan: Nicely aggregates validation errors.

Recording multiple errors in the span is helpful, though note the loop at line 234 references for (const error in result). That iterates over property names, not Error objects. Use for (const error of result) for correct iteration.

-        for (const error in result) {
-          span.recordException(error);
-        }
+        for (const error of result) {
+          span.recordException(error);
+        }

package.json (1)

1-1: Missing Linear Issue Reference

The PR description does not reference a related "GW-*" linear issue. Please ensure that a corresponding linear issue is linked to adhere to project workflow standards.

♻️ Duplicate comments (1)

packages/plugins/opentelemetry/src/plugin.ts (1)

339-339: Avoid non-null assertions for safer code.
Repeated usage of ! can mask undefined or null states and cause runtime issues. Consider refining your types or using optional chaining (?.) to avoid potential errors.

Here's an example fix for line 339 (applies similarly to other lines):

-        forOperation.otel! = new OtelContextStack(ctx);
+        if (forOperation.otel) {
+          forOperation.otel = new OtelContextStack(ctx);
+        }

Also applies to: 371-371, 375-375, 395-395, 401-401, 421-421, 427-427, 441-441, 452-452, 459-459, 493-493

🧰 Tools

🪛 Biome (1.9.4)

[error] 339-339: Forbidden non-null assertion.

(lint/style/noNonNullAssertion)

🛑 Comments failed to post (5)

packages/plugins/opentelemetry/src/contextManager.ts (2)

25-27: 🧹 Nitpick (assertive)

Optional return of the new top context.

When using push, returning the new top context (or the updated this.#current) could be beneficial for quick chaining. This is optional but can improve usability of the API.

---

33-41: 🧹 Nitpick (assertive)

Graceful handling of missing spans in toString.

If trace.getSpan(node.ctx) returns null, the conversion (trace.getSpan(node.ctx) as unknown as { name: string }).name could fail. Consider a simple existence check or fallback name to prevent potential runtime errors.

-      names.push((trace.getSpan(node.ctx) as unknown as { name: string }).name);
+      const span = trace.getSpan(node.ctx);
+      if (span) {
+        names.push((span as unknown as { name: string }).name);
+      } else {
+        names.push('(no-span)');
+      }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

  toString() {
    let node: Node | undefined = this.#current;
    const names = [];
    while (node != undefined) {
      const span = trace.getSpan(node.ctx);
      if (span) {
        names.push((span as unknown as { name: string }).name);
      } else {
        names.push('(no-span)');
      }
      node = node.previous;
    }
    return names.join(' -> ');
  }

packages/plugins/opentelemetry/src/plugin-utils.ts (1)

1-2: 🧹 Nitpick (assertive)

Missing required changeset and Linear issue reference.

According to our guidelines, PRs affecting packages/plugins/** should mention a corresponding “GW-*” Linear issue and include a changeset (created via yarn changeset). Please ensure these steps are completed for proper versioning and tracking.

Would you like help generating a changeset or referencing the correct Linear issue?

packages/plugins/opentelemetry/src/spans.ts (2)

87-131: 🧹 Nitpick (assertive)

startGraphQLSpan handles request cycles with callback-based finalization.

The pattern of returning a done function that ends the span is clear. However, the FIXME for async iterable results at line 116 remains unresolved. Consider instrumenting streaming or subscription responses for full coverage.

Would you like a snippet to handle async iterable results automatically?

---

243-293: 🧹 Nitpick (assertive)

startGraphQLExecuteSpan partially handles streaming.

The FIXME comment at line 276 acknowledges the need to handle AsyncIterable results. Consider addressing this now for completeness and consistent instrumentation of subscriptions.

[coderabbitai]

Actionable comments posted: 7

♻️ Duplicate comments (1)

packages/plugins/opentelemetry/src/utils.ts (1)

1-1: Use the Node.js protocol for built-in imports.
As recommended by the linter, switching to node:util/types clarifies that this is a Node.js built-in module.

- import { isPromise } from 'util/types';
+ import { isPromise } from 'node:util/types';

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

import { isPromise } from 'node:util/types';

🧰 Tools

🪛 Biome (1.9.4)

[error] 1-1: A Node.js builtin module should be imported with the node: protocol.

Using the node: protocol is more explicit and signals that the imported module belongs to Node.js.
Unsafe fix: Add the node: protocol.

(lint/style/useNodejsImportProtocol)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d9c727f and 1e187df.

⛔ Files ignored due to path filters (1)

• yarn.lock is excluded by !**/yarn.lock, !**/*.lock

📒 Files selected for processing (9)

• .changeset/@graphql-mesh_plugin-opentelemetry-532-dependencies.md (1 hunks)
• e2e/opentelemetry/opentelemetry.e2e.ts (4 hunks)
• package.json (1 hunks)
• packages/plugins/opentelemetry/package.json (2 hunks)
• packages/plugins/opentelemetry/src/contextManager.ts (1 hunks)
• packages/plugins/opentelemetry/src/plugin-utils.ts (1 hunks)
• packages/plugins/opentelemetry/src/plugin.ts (4 hunks)
• packages/plugins/opentelemetry/src/spans.ts (5 hunks)
• packages/plugins/opentelemetry/src/utils.ts (1 hunks)

🧰 Additional context used

📓 Path-based instructions (4)

`**`: For all PRs, we would like to verify that a Linear iss...

**: For all PRs, we would like to verify that a Linear issue is linked. Check if there's a mention for "GW-*" in the PR description, and the us know when it's missing.

In most cases, when a PR adds a new functionality, we would like to make sure it has documentation in the corresponding console project.
Use the global knowledge feature to search for PRs in graphql-hive/console repository that adds documentation. Suggest to create a follow up issue to add the missing documentation.

• package.json
• packages/plugins/opentelemetry/package.json
• packages/plugins/opentelemetry/src/contextManager.ts
• packages/plugins/opentelemetry/src/utils.ts
• packages/plugins/opentelemetry/src/plugin-utils.ts
• e2e/opentelemetry/opentelemetry.e2e.ts
• packages/plugins/opentelemetry/src/plugin.ts
• packages/plugins/opentelemetry/src/spans.ts

`packages/**`: In this directory we keep all packages releva...

packages/**: In this directory we keep all packages relevant to the gateway.

In most cases, when changes are made to the source code / dependencies in these directories, we also require to have a corresponding changeset file, created using yarn changeset with a full description on the changes with an example.
Also, when new features are added the packages, the changeset file should mention minor semver change. When a bug is fixed, patch needs to be used. The major bump is used for a PR that has breaking changes.

• packages/plugins/opentelemetry/package.json
• packages/plugins/opentelemetry/src/contextManager.ts
• packages/plugins/opentelemetry/src/utils.ts
• packages/plugins/opentelemetry/src/plugin-utils.ts
• packages/plugins/opentelemetry/src/plugin.ts
• packages/plugins/opentelemetry/src/spans.ts

`packages/plugins/**`: The directories inside this dir are g...

packages/plugins/**: The directories inside this dir are gateway plugins. Plugins adds functionality to the GraphQL gateway, at the runtime level. Plugins included are authorization, authentication, caching, persisted documents and more.

• packages/plugins/opentelemetry/package.json
• packages/plugins/opentelemetry/src/contextManager.ts
• packages/plugins/opentelemetry/src/utils.ts
• packages/plugins/opentelemetry/src/plugin-utils.ts
• packages/plugins/opentelemetry/src/plugin.ts
• packages/plugins/opentelemetry/src/spans.ts

`e2e/**`: This directory includes end-to-end tests for the g...

e2e/**: This directory includes end-to-end tests for the gateway.
The examples directory is generated based on the code in this directory.

• e2e/opentelemetry/opentelemetry.e2e.ts

🪛 Biome (1.9.4)

packages/plugins/opentelemetry/src/utils.ts

[error] 1-1: A Node.js builtin module should be imported with the node: protocol.

Using the node: protocol is more explicit and signals that the imported module belongs to Node.js.
Unsafe fix: Add the node: protocol.

(lint/style/useNodejsImportProtocol)

---

[error] 27-27: Do not add then to an object.

(lint/suspicious/noThenProperty)

e2e/opentelemetry/opentelemetry.e2e.ts

[error] 568-568: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 570-570: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 578-578: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 599-599: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

packages/plugins/opentelemetry/src/plugin.ts

[error] 339-339: Forbidden non-null assertion.

(lint/style/noNonNullAssertion)

---

[error] 371-371: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 375-375: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 395-395: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 401-401: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 421-421: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 427-427: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 441-441: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 452-452: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 459-459: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 493-493: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

⏰ Context from checks skipped due to timeout of 90000ms (26)

• GitHub Check: Binary built on ubuntu-24.04-arm
• GitHub Check: Bun Docker image
• GitHub Check: Binary built on windows-latest
• GitHub Check: Node Docker image
• GitHub Check: Binary built on macos-14
• GitHub Check: Binary built on macos-13
• GitHub Check: Binary built on ubuntu-latest
• GitHub Check: E2E / Bun Docker on Ubuntu
• GitHub Check: E2E / Bun on Ubuntu
• GitHub Check: E2E / Node Binary on Windows
• GitHub Check: E2E / Node Binary on Ubuntu
• GitHub Check: E2E / Node Docker on Ubuntu
• GitHub Check: E2E / Node 23 on Ubuntu
• GitHub Check: E2E / Node 22 on Ubuntu
• GitHub Check: E2E / Node 20 on Ubuntu
• GitHub Check: Leaks / Node v23
• GitHub Check: E2E / Node 18 on Ubuntu
• GitHub Check: Benchmark / bun / 1000 items
• GitHub Check: Benchmark / bun / 100 items
• GitHub Check: Leaks / Node v22
• GitHub Check: Benchmark / bun / 10 items
• GitHub Check: Benchmark / node / 1000 items
• GitHub Check: Leaks / Node v20
• GitHub Check: Benchmark / node / 100 items
• GitHub Check: Leaks / Node v18
• GitHub Check: Benchmark / node / 10 items

🔇 Additional comments (15)

packages/plugins/opentelemetry/src/contextManager.ts (2)

1-6: Type definition and usage look good
The Node type is straightforward, and leveraging previous?: Node effectively implements a singly-linked stack.

---

12-15: Stack initialization and push/pop logic look correct
The constructor, push, and pop methods correctly maintain the stack structure.

Also applies to: 25-31

packages/plugins/opentelemetry/src/plugin-utils.ts (3)

3-13: Great approach using withState for centralized state management
This design effectively leverages WeakMap for memory-efficient associations.

---

19-20: Avoid inline reassignment within set
This pattern was flagged in older comments. To maintain clarity, please separate the assignment from the WeakMap.set call.

- let value = states[scope].get(key as any);
- if (!value) states[scope].set(key, (value = {}));
+ let value = states[scope].get(key as any);
+ if (!value) {
+   value = {};
+   states[scope].set(key, value);
+ }

---

27-55: Ensure concurrency safety for shared state access
If this plugin is used in a concurrent environment, consider the thread or process safety of these shared states. Additional synchronization or context scoping may be necessary.

packages/plugins/opentelemetry/src/spans.ts (1)

1-367: Missing changeset and Linear issue reference
Since this is a new or enhanced feature within packages/**, please ensure a corresponding changeset file is added (via yarn changeset) describing the changes (likely a minor bump). Also, no "GW-*" reference was found in the PR description. If this PR addresses a Linear issue, please mention it explicitly.

packages/plugins/opentelemetry/src/plugin.ts (3)

2-6: Add a changeset and link any relevant Linear issue.
These new or modified plugin sources appear in packages/plugins/opentelemetry/, which typically require a changeset using yarn changeset to describe the changes. Also, there's no mention of a “GW-*” issue in the PR description—if there's a corresponding internal ticket, consider adding it to the PR.

---

310-312: Confirm error handling when HTTP span startup fails.
Currently, the error is logged but not rethrown or returned as a response. Verify whether it’s acceptable to proceed with a normal flow if span initialization fails.

---

277-559: Overall implementation looks good.
The structured approach with withState and context.bind for concurrency ensures consistent context usage. No major correctness or performance concerns are apparent.

🧰 Tools

🪛 Biome (1.9.4)

[error] 339-339: Forbidden non-null assertion.

(lint/style/noNonNullAssertion)

---

[error] 371-371: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 375-375: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 395-395: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 401-401: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 421-421: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 427-427: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 441-441: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 452-452: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 459-459: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 493-493: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

e2e/opentelemetry/opentelemetry.e2e.ts (1)

1300-1324: Consider preventing cyclical references in buildSpanTree.
If spans can reference each other in a cycle, it may lead to an infinite recursion. Using a visited set within buildNode can mitigate this risk.

.changeset/@graphql-mesh_plugin-opentelemetry-532-dependencies.md (2)

1-4: Changeset File Header Formatting
The header using YAML separators is correctly structured. It clearly identifies the package and the change type ("patch").

---

5-8: Documenting Dependency Update in Changeset
The changeset clearly documents the addition of the dependency @opentelemetry/context-async-hooks@^1.30.1. Ensure that this update is synchronized with the corresponding changes in the package.json to prevent any inconsistencies.

packages/plugins/opentelemetry/package.json (2)

53-53: New Dependency Addition: @opentelemetry/context-async-hooks
The dependency "@opentelemetry/context-async-hooks": "^1.30.1" has been added, aligning with the intended update. Confirm that this version is compatible with your current OpenTelemetry usage in the codebase.

---

66-66: New Dev Dependency Addition: @whatwg-node/server
The dev dependency "@whatwg-node/server": "^0.9.65" has been added. As noted in previous reviews, ensure that any scripts or documentation dependent on this package are updated accordingly.

package.json (1)

63-63: New Resolution for @envelop/core
The resolution specifying "@envelop/core": "5.1.0-alpha-20250206123608-cd323a08c43c066eb34cba698d61b4f059ab5ee5" has been added. Verify that this version is compatible with the other dependencies and that it resolves potential version conflicts without introducing regressions.

[coderabbitai]

⚠️ Potential issue

Potentially incorrect iteration method
In the validation span logic, for (const error in result) iterates over property names instead of the elements themselves. Use for (const error of result) to properly iterate over array items.

- for (const error in result) {
+ for (const error of result) {
    span.recordException(error);
  }

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	for (const error in result) {
	validateSpan.recordException(error);
	span.recordException(error);
	}
	for (const error of result) {
	span.recordException(error);
	}

[coderabbitai]

🧹 Nitpick (assertive)

Re-check your custom Promise-like object logic.
Returning an object with then, catch, and finally is a manual re-implementation of the Promise interface. This can be fragile or lead to subtle bugs. Consider wrapping mp with a genuine new Promise(...) for better maintainability.

🧰 Tools

🪛 Biome (1.9.4)

[error] 27-27: Do not add then to an object.

(lint/suspicious/noThenProperty)

[coderabbitai]

Actionable comments posted: 2

🔭 Outside diff range comments (1)

.changeset/@graphql-mesh_plugin-opentelemetry-532-dependencies.md (1)

1-9: 🧹 Nitpick (assertive)

Strategic addition of OpenTelemetry context handling.

The addition of @opentelemetry/context-async-hooks aligns perfectly with the PR's objective of improving context handling for parenting spans. This package is specifically designed for managing context in asynchronous operations.

This addition will help ensure proper context propagation across async boundaries, which is crucial for maintaining accurate parent-child relationships in distributed tracing.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: ASSERTIVE
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 1e187df and 0389c26.

📒 Files selected for processing (22)

• .changeset/@graphql-hive_gateway-532-dependencies.md (1 hunks)
• .changeset/@graphql-hive_gateway-runtime-532-dependencies.md (1 hunks)
• .changeset/@graphql-mesh_fusion-runtime-532-dependencies.md (1 hunks)
• .changeset/@graphql-mesh_hmac-upstream-signature-532-dependencies.md (1 hunks)
• .changeset/@graphql-mesh_plugin-opentelemetry-532-dependencies.md (1 hunks)
• .changeset/@graphql-mesh_plugin-prometheus-532-dependencies.md (1 hunks)
• .changeset/@graphql-mesh_transport-common-532-dependencies.md (1 hunks)
• .changeset/@graphql-mesh_transport-http-532-dependencies.md (1 hunks)
• .changeset/@graphql-mesh_transport-http-callback-532-dependencies.md (1 hunks)
• .changeset/@graphql-mesh_transport-ws-532-dependencies.md (1 hunks)
• .changeset/@graphql-tools_batch-delegate-532-dependencies.md (1 hunks)
• .changeset/@graphql-tools_batch-execute-532-dependencies.md (1 hunks)
• .changeset/@graphql-tools_delegate-532-dependencies.md (1 hunks)
• .changeset/@graphql-tools_executor-common-532-dependencies.md (1 hunks)
• .changeset/@graphql-tools_executor-graphql-ws-532-dependencies.md (1 hunks)
• .changeset/@graphql-tools_executor-http-532-dependencies.md (1 hunks)
• .changeset/@graphql-tools_federation-532-dependencies.md (1 hunks)
• .changeset/@graphql-tools_stitch-532-dependencies.md (1 hunks)
• .changeset/@graphql-tools_stitching-directives-532-dependencies.md (1 hunks)
• .changeset/@graphql-tools_wrap-532-dependencies.md (1 hunks)
• packages/plugins/opentelemetry/src/context-stack.ts (1 hunks)
• packages/plugins/opentelemetry/src/plugin.ts (4 hunks)

👮 Files not reviewed due to content moderation or server errors (8)

• .changeset/@graphql-tools_wrap-532-dependencies.md
• .changeset/@graphql-hive_gateway-532-dependencies.md
• .changeset/@graphql-tools_stitch-532-dependencies.md
• .changeset/@graphql-tools_delegate-532-dependencies.md
• .changeset/@graphql-mesh_transport-ws-532-dependencies.md
• .changeset/@graphql-mesh_transport-http-532-dependencies.md
• .changeset/@graphql-mesh_fusion-runtime-532-dependencies.md
• .changeset/@graphql-tools_batch-execute-532-dependencies.md

🧰 Additional context used

📓 Path-based instructions (3)

`packages/**`: In this directory we keep all packages releva...

packages/**: In this directory we keep all packages relevant to the gateway.

In most cases, when changes are made to the source code / dependencies in these directories, we also require to have a corresponding changeset file, created using yarn changeset with a full description on the changes with an example.
Also, when new features are added the packages, the changeset file should mention minor semver change. When a bug is fixed, patch needs to be used. The major bump is used for a PR that has breaking changes.

• packages/plugins/opentelemetry/src/context-stack.ts
• packages/plugins/opentelemetry/src/plugin.ts

`packages/plugins/**`: The directories inside this dir are g...

packages/plugins/**: The directories inside this dir are gateway plugins. Plugins adds functionality to the GraphQL gateway, at the runtime level. Plugins included are authorization, authentication, caching, persisted documents and more.

• packages/plugins/opentelemetry/src/context-stack.ts
• packages/plugins/opentelemetry/src/plugin.ts

`**`: For all PRs, we would like to verify that a Linear iss...

**: For all PRs, we would like to verify that a Linear issue is linked. Check if there's a mention for "GW-*" in the PR description, and the us know when it's missing.

In most cases, when a PR adds a new functionality, we would like to make sure it has documentation in the corresponding console project.
Use the global knowledge feature to search for PRs in graphql-hive/console repository that adds documentation. Suggest to create a follow up issue to add the missing documentation.

• packages/plugins/opentelemetry/src/context-stack.ts
• packages/plugins/opentelemetry/src/plugin.ts

🪛 Biome (1.9.4)

packages/plugins/opentelemetry/src/plugin.ts

[error] 339-339: Forbidden non-null assertion.

(lint/style/noNonNullAssertion)

---

[error] 371-371: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 375-375: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 395-395: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 401-401: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 421-421: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 427-427: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 441-441: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 452-452: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 459-459: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 493-493: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

⏰ Context from checks skipped due to timeout of 90000ms (19)

• GitHub Check: Examples / Convert extra-fields
• GitHub Check: Binary built on windows-latest
• GitHub Check: Binary built on macos-14
• GitHub Check: Bun Docker image
• GitHub Check: Binary built on macos-13
• GitHub Check: Node Docker image
• GitHub Check: E2E / Bun Docker on Ubuntu
• GitHub Check: E2E / Bun on Ubuntu
• GitHub Check: E2E / Node Binary on Windows
• GitHub Check: E2E / Node Binary on Ubuntu
• GitHub Check: E2E / Node Docker on Ubuntu
• GitHub Check: Leaks / Node v23
• GitHub Check: E2E / Node 23 on Ubuntu
• GitHub Check: Leaks / Node v22
• GitHub Check: Leaks / Node v20
• GitHub Check: E2E / Node 22 on Ubuntu
• GitHub Check: E2E / Node 20 on Ubuntu
• GitHub Check: Leaks / Node v18
• GitHub Check: E2E / Node 18 on Ubuntu

🔇 Additional comments (12)

packages/plugins/opentelemetry/src/plugin.ts (1)

1-582: Add a changeset, link any relevant Linear issues, and consider documentation updates.
As per the coding guidelines, packages under packages/plugins/** should include a changeset (yarn changeset) describing the modifications, along with an appropriate semver bump. Also, there's no mention of a “GW-” Linear issue in the PR description. If such an issue exists, please link it. Finally, if these changes require user-facing documentation, you might open a follow-up PR in the graphql-hive/console repository to ensure clarity for end users.

🧰 Tools

🪛 Biome (1.9.4)

[error] 339-339: Forbidden non-null assertion.

(lint/style/noNonNullAssertion)

---

[error] 371-371: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 375-375: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 395-395: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 401-401: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 421-421: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 427-427: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 441-441: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 452-452: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 459-459: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

---

[error] 493-493: Forbidden non-null assertion.

Unsafe fix: Replace with optional chain operator ?. This operator includes runtime checks, so it is safer than the compile-only non-null assertion operator

(lint/style/noNonNullAssertion)

.changeset/@graphql-tools_federation-532-dependencies.md (1)

1-8: Verify compatibility with the new version of @graphql-tools/utils.

All changesets update @graphql-tools/utils from ^10.7.0 to ^10.8.1. While this is marked as a patch update, it's important to verify the changes and potential impact.

Let's check the changes between these versions:

Additionally, let's verify if there are any known issues or breaking changes:

Also applies to: 1-8, 1-8, 1-8, 1-8

❌ Verification inconclusive

🏁 Script executed:

#!/bin/bash
# Description: Check for any reported issues related to the version update

# Check for issues mentioning the version update
gh issue list -R ardatan/graphql-tools --json title,body -q '.[] | select(.title | contains("10.8.1") or .body | contains("10.8.1"))'

# Check for discussions about potential breaking changes
gh api graphql -f query='
{
  repository(owner: "ardatan", name: "graphql-tools") {
    discussions(first: 10) {
      nodes {
        title
        body
      }
    }
  }
}' | jq '.data.repository.discussions.nodes[] | select(.title | contains("10.8.1") or .body | contains("10.8.1"))'

Length of output: 557

---

🌐 Web query:

What are the changes between @graphql-tools/utils version 10.7.0 and 10.8.1?

💡 Result:

Based on the provided search results, there is no information available about @graphql-tools/utils version 10.8.1. The latest documented version in the changelogs is 10.7.2 (released January 6, 2025)[1][8][9]. Here are the key changes up to 10.7.x:

Recent Changes in @graphql-tools/utils (v10.x)

v10.7.2 (Patch)

• Fixed CVE-2024-21529 by updating dset dependency[1].

v10.7.1 (Patch)

• Removed VoidFunction type usage to eliminate dependency on DOM types[1].

v10.7.0 (Minor)

• Added getAbortPromise and registerAbortSignalListener helpers to handle AbortSignal without triggering Node.js MaxListenersExceededWarning[1].

For versions beyond 10.7.x, no changelog data exists in the provided sources[1][3][7][8][9]. If version 10.8.x exists, it might include unreleased updates not yet documented publicly or listed in the indexed search results.

For real-time updates, check npm or the GitHub repository[8][9].

Citations:

• 1: https://the-guild.dev/graphql/tools/changelogs/utils
• 2: https://the-guild.dev/graphql/tools/changelogs/links
• 3: https://github.com/ardatan/graphql-tools/blob/master/packages/load/CHANGELOG.md
• 4: https://test-gsx.cisco.com/c/dam/en_us/about/doing_business/open_source/docs/AppDynamics_Cloud_NextUI-22120-1670618719.pdf
• 5: https://the-guild.dev/graphql/tools/changelogs/executors/yoga
• 6: https://www.cisco.com/content/dam/en_us/about/doing_business/open_source/docs/AppDynamics_Cloud_NextUI-2280-1658894610.pdf
• 7: https://github.com/ardatan/graphql-tools/releases
• 8: https://www.npmjs.com/package/@graphql-tools/utils?activeTab=versions
• 9: https://www.npmjs.com/package/@graphql-tools/utils
• 10: https://community.broadcom.com/communities/community-home/digestviewer?CommunityKey=94bda077-625b-4914-8ac3-c88a06c2cc23

---

Action: Manual Verification for @graphql-tools/utils 10.8.1 Compatibility

Based on the automated checks:

• The GitHub issue and discussions queries did not yield clear results due to command output errors.
• The web query for changes between 10.7.0 and 10.8.1 returned no documented changes (with public changelogs only covering up to 10.7.x).

At this point, while no obvious breaking changes or incompatibilities have been identified, the absence of documented differences for 10.8.1 means we cannot conclusively verify compatibility. It’s recommended to perform further manual testing to ensure that the updated dependency works as expected in your codebase.

.changeset/@graphql-tools_executor-http-532-dependencies.md (1)

1-8: Verify compatibility with the updated @graphql-tools/utils version.

The dependency update to @graphql-tools/utils@^10.8.1 across multiple packages appears to be part of the OpenTelemetry context improvements. Let's verify the compatibility and potential breaking changes.

Also applies to: 1-8, 1-8, 1-8, 1-8

✅ Verification successful

🌐 Web query:

What are the changes in @graphql-tools/utils between versions 10.7.0 and 10.8.1?

💡 Result:

Based on the provided search results, there are no documented changes for @graphql-tools/utils between versions 10.7.0 and 10.8.1 in the available sources.

The latest version explicitly mentioned in the sources is 10.7.2, which includes:

• A security patch for CVE-2024-21529 via dset@^3.1.4 dependency update[4]
• Removal of VoidFunction type usage to avoid DOM type dependencies[4]

Version 10.7.x series introduced:

• New helpers for AbortSignal handling (getAbortPromise, registerAbortSignalListener)[4]
• Memory leak prevention for Node.js event listeners[4]

The search results don't contain any information about versions 10.8.x. The most recent update shown in sources [8][9] indicates 10.7.2 was published ~17 days ago (as of February 11, 2025), suggesting 10.8.x might be unreleased or undocumented in these resources.

For authoritative information about unreleased versions, you would need to check official release notes or repository changelogs not included in these search results[6][9].

Citations:

• 1: https://github.com/ardatan/graphql-tools/blob/master/packages/load/CHANGELOG.md
• 2: https://gitlab.com/gitlab-org/gitlab/-/blob/a8325c425/CHANGELOG.md
• 3: https://the-guild.dev/graphql/tools/changelogs/load
• 4: https://the-guild.dev/graphql/tools/changelogs/utils
• 5: https://github.com/ardatan/graphql-tools/blob/master/packages/stitch/CHANGELOG.md
• 6: https://github.com/ardatan/graphql-tools/releases
• 7: https://the-guild.dev/graphql/tools/changelogs/loaders/graphql-file
• 8: https://www.npmjs.com/package/@graphql-tools/utils
• 9: https://www.npmjs.com/package/@graphql-tools/utils?activeTab=versions
• 10: https://classic.yarnpkg.com/en/package/@graphql-tools/utils

---

Compatibility Check: No breaking changes detected

Based on available sources and the absence of documented changes between versions 10.7.0 and 10.8.1, it appears that the upgrade is a non-breaking patch update. The only noted changes in the 10.7.x series (up to 10.7.2) involve security and minor improvements (such as abort signal handling and memory leak prevention). Since there isn’t any published changelog for a version 10.8.x, it is likely that this update was introduced as part of the OpenTelemetry context improvements without introducing breaking changes.

• No documented changes or breaking updates were found for version 10.8.1.
• The update aligns with patch-level improvements observed in previous versions.
• It is recommended to run your integration tests to verify that no unexpected issues arise as a result of this dependency update.

.changeset/@graphql-tools_stitching-directives-532-dependencies.md (1)

1-8: Verify compatibility with the updated @graphql-tools/utils version.

The update to @graphql-tools/utils@^10.8.1 is part of a coordinated update across multiple packages. While marked as a patch, it's good practice to verify compatibility.

✅ Verification successful

🌐 Web query:

What are the changes between @graphql-tools/utils version 10.7.0 and 10.8.1?

💡 Result:

The key changes between @graphql-tools/utils versions 10.7.* and 10.* include security fixes, new utilities for abort signals, and TypeScript improvements:

Minor Changes

Version .:**
Added two new helper functions:

• getAbortPromise(signal): Creates a promise rejected when an AbortSignal triggers.
• registerAbortSignalListener(signal): Centralizes signal listeners to avoid Node.js MaxListenersExceededWarning errors[^search_1][^search_9].

---

Patch Changes

Version .:**

• Removed VoidFunction type usage due to DOM type dependencies[^search_1].
  Version .:**
• Updated dset dependency (^3.*.*) to resolve CVE-2024-21529[^search_1][^search_9].
  Version .:**
• Internal dependency cleanup with no breaking changes[^search_9].

---

Security Fixes

All patches after ..* include updates addressing CVE-2024-21529, ensuring safer dependency handling[^search_9].

For detailed dependency ranges or migration guidance, refer to the official changelogs[^search_1][^search_9].

Citations:

• 1: https://the-guild.dev/graphql/tools/changelogs/utils
• 2: https://the-guild.dev/graphql/tools/changelogs/links
• 3: https://github.com/ardatan/graphql-tools/blob/master/packages/load/CHANGELOG.md
• 4: https://test-gsx.cisco.com/c/dam/en_us/about/doing_business/open_source/docs/AppDynamics_Cloud_NextUI-22120-1670618719.pdf
• 5: https://the-guild.dev/graphql/tools/changelogs/executors/yoga
• 6: https://www.cisco.com/c/dam/en_us/about/doing_business/open_source/docs/AppDynamics_Cloud_NextUI-2280-1658894610.pdf
• 7: https://github.com/ardatan/graphql-tools/releases
• 8: https://www.npmjs.com/package/@graphql-tools/utils?activeTab=versions
• 9: https://www.npmjs.com/package/@graphql-tools/utils
• 10: https://community.broadcom.com/communities/community-home/digestviewer?CommunityKey=94bda077-625b-4914-8ac3-c88a06c2cc23

---

Compatibility with @graphql-tools/utils v10.8.1 verified.
The changelog indicates that the update from v10.7.0 to v10.8.1 involves security fixes, introduces new helper functions, and makes internal dependency cleanups without breaking changes. The patch update aligns with a non-breaking, backward-compatible enhancement.

• Confirmed that the changes (e.g., removal of VoidFunction, addition of abort signal helpers) are minor and non-disruptive.
• No API breakage or incompatibilities have been reported.

.changeset/@graphql-mesh_transport-http-callback-532-dependencies.md (1)

1-8: LGTM! Consistent with other package updates.

The update to @graphql-tools/utils@^10.8.1 maintains consistency with other packages in the ecosystem.

.changeset/@graphql-mesh_hmac-upstream-signature-532-dependencies.md (1)

1-8: LGTM! Consistent with other package updates.

The update to @graphql-tools/utils@^10.8.1 maintains consistency with other packages in the ecosystem.

.changeset/@graphql-hive_gateway-runtime-532-dependencies.md (1)

1-9: Verify compatibility with the updated @graphql-hive/core version.

While the update to @graphql-tools/utils@^10.8.1 is consistent with other packages, the minor version bump of @graphql-hive/core to ^0.9.0 warrants verification of compatibility and potential new features.

❌ Verification inconclusive

🌐 Web query:

What are the changes in @graphql-hive/core version 0.9.0 compared to 0.8.1?

💡 Result:

Based on the provided search results, there are no specific details about changes in @graphql-hive/core versions 0.9.0 or 0.8.1. The search results primarily cover unrelated packages like DataHub updates ([1]), GraphiQL ([2]), Flutter GraphQL ([3]), Yoga Server plugins ([4][5]), and other repositories ([6][8][9][10]).

The npm registry entry for @graphql-hive/core ([7]) lists v0.8.4 as the latest stable version (published 11 days ago) and mentions an alpha build (v0.9.0-alpha) dated November 11, 2024, but no changelog details are included in the search results.

To answer this query accurately, consult the official @graphql-hive/core changelog or GitHub releases page directly, as no relevant data exists in the provided sources[7][9].

Citations:

• 1: https://datahubproject.io/docs/how/updating-datahub/
• 2: https://github.com/graphql/graphiql/blob/main/packages/graphiql/CHANGELOG.md
• 3: https://pub.dev/packages/graphql_flutter/changelog
• 4: https://the-guild.dev/graphql/yoga-server/changelogs/plugins/apollo-inline-trace
• 5: https://the-guild.dev/graphql/yoga-server/changelogs/graphql-yoga
• 6: https://github.com/graphprotocol/graph-client/blob/main/yarn.lock
• 7: https://www.npmjs.com/package/@graphql-hive/core/v/0.9.0-alpha-20241111130335-031581e4a5960befb953425e198b6ddbbf8b7d3e?activeTab=versions
• 8: https://formulae.brew.sh/formula/
• 9: https://github.com/graphql-hive/console/releases
• 10: https://gitweb.gentoo.org/repo/sync/gentoo.git/plain/metadata/pkg_desc_index?h=stable

---

Compatibility Check for @graphql-hive/core Update

The web search did not return clear changelog or compatibility details for the update from 0.8.1 to 0.9.0. Notably, the npm registry suggests that 0.8.4 is the latest stable version and indicates an alpha release for 0.9.0 without providing a detailed changelog.

Please verify compatibility by reviewing the official GitHub releases or changelog for @graphql-hive/core and testing in a controlled environment to ensure that any new features or changes do not adversely affect the codebase.

.changeset/@graphql-mesh_transport-common-532-dependencies.md (1)

1-8: Verify the impact of @graphql-tools/utils version update.

The coordinated update of @graphql-tools/utils from ^10.7.0 to ^10.8.1 across multiple packages suggests a maintenance effort to keep dependencies in sync. Given this PR's focus on OpenTelemetry context handling, let's verify the changes in this version update.

Also applies to: 1-8, 1-8, 1-8, 1-8

✅ Verification successful

🌐 Web query:

What are the changes in @graphql-tools/utils between versions 10.7.0 and 10.8.1?

💡 Result:

The changes in @graphql-tools/utils between versions 10.7.0 and 10.8.1 include:

Version 10.8.x

• 10.8.1:

  • Patch update with unspecified internal fixes (no detailed changelog provided)[4].

• 10.8.0:

  • Minor update with unspecified enhancements (no detailed changelog provided)[4].

---

Version 10.7.x

• 10.7.2:

  • Security: Updated dset dependency to ^3.1.4 to address CVE-2024-21529[4].

• 10.7.1:

  • Removed use of VoidFunction type to eliminate dependency on DOM types[4].

• 10.7.0:

  • Added helper functions for AbortSignal handling:
    • getAbortPromise: Returns a promise rejected when an AbortSignal is aborted.
    • registerAbortSignalListener: Registers listeners to avoid MaxListenersExceededWarning in Node.js[4].

---

For precise details beyond these summaries, consult the official changelog[4].

Citations:

• 1: https://github.com/ardatan/graphql-tools/blob/master/packages/load/CHANGELOG.md
• 2: https://the-guild.dev/graphql/tools/changelogs/executors/yoga
• 3: https://the-guild.dev/graphql/tools/changelogs/load
• 4: https://the-guild.dev/graphql/tools/changelogs/utils
• 5: https://gitlab.com/gitlab-org/gitlab/-/blob/a8325c425/CHANGELOG.md
• 6: https://github.com/ardatan/graphql-tools/blob/master/packages/stitch/CHANGELOG.md
• 7: https://the-guild.dev/graphql/tools/changelogs/loaders/graphql-file
• 8: https://cve.mitre.org/cgi-bin/cvekey.cgi
• 9: https://github.com/ardatan/graphql-tools/releases
• 10: https://www.npmjs.com/package/@graphql-tools/utils

---

Dependency update impact review: @graphql-tools/utils version update verified

Based on the published changelog:

• Version 10.8.1/10.8.0: Introduce internal fixes and minor enhancements without any shifting in public API behavior.
• Version 10.7.x: Includes a security update (dependency on dset) and minor adjustments (removal of VoidFunction in 10.7.1, added AbortSignal helpers in 10.7.0).
• There are no breaking or functionality changes that would impact the OpenTelemetry context handling or other parts of the codebase relying on @graphql-tools/utils.

Thus, the update from ^10.7.0 to ^10.8.1 is safe and does not introduce adverse effects on our project.

.changeset/@graphql-tools_executor-common-532-dependencies.md (1)

1-8: Verify the compatibility of @graphql-tools/utils update.

Let's verify the version update and check for any breaking changes that might affect the OpenTelemetry context improvements.

✅ Verification successful

🌐 Web query:

What are the changes in @graphql-tools/utils between versions 10.7.0 and 10.8.1?

💡 Result:

Summary of changes in @graphql-tools/utils from v10.7.0 to v10.8.1:

Minor Changes (v10.7.0)

• Introduced new helper functions:
  • getAbortPromise: Creates a promise rejected when an AbortSignal is aborted.
  • registerAbortSignalListener: Registers a listener to abort promises on signal abortion, preventing MaxListenersExceededWarning in Node.js[4].

Patch Changes

• v10.7.1: Removed VoidFunction type usage to eliminate dependency on DOM types[4].
• v10.7.2: Updated dset dependency to v3.1.4 to address CVE-2024-21529[4].
• v10.8.1: General maintenance with unspecified bug fixes or optimizations[4].

No breaking changes were documented between these versions[4][9][10].

Citations:

• 1: https://github.com/ardatan/graphql-tools/blob/master/packages/load/CHANGELOG.md
• 2: https://the-guild.dev/graphql/tools/changelogs/executors/yoga
• 3: https://the-guild.dev/graphql/tools/changelogs/load
• 4: https://the-guild.dev/graphql/tools/changelogs/utils
• 5: https://gitlab.com/gitlab-org/gitlab/-/blob/a8325c425/CHANGELOG.md
• 6: https://github.com/ardatan/graphql-tools/blob/master/packages/stitch/CHANGELOG.md
• 7: https://the-guild.dev/graphql/tools/changelogs/loaders/graphql-file
• 8: https://github.com/ardatan/graphql-tools/releases
• 9: https://www.npmjs.com/package/@graphql-tools/utils
• 10: https://www.npmjs.com/package/@graphql-tools/utils?activeTab=versions

---

Compatibility of @graphql-tools/utils Update Verified:
The version update from 10.7.0 to 10.8.1 involves bug fixes, minor maintenance updates, and dependency security improvements (e.g., updating dset to address CVE-2024-21529). There are no documented breaking changes between these versions, which indicates that this patch update should be compatible with and support the OpenTelemetry context improvements.

.changeset/@graphql-mesh_plugin-prometheus-532-dependencies.md (1)

1-8: LGTM! Consistent dependency update.

The update to @graphql-tools/utils is consistent with other packages, maintaining compatibility across the project.

.changeset/@graphql-tools_executor-graphql-ws-532-dependencies.md (1)

1-8: LGTM! Consistent dependency update across packages.

The update to @graphql-tools/utils is consistently applied across all packages, which is good practice for maintaining compatibility. This coordinated update suggests careful consideration of cross-package dependencies.

Let's verify the impact of this dependency update on the OpenTelemetry context improvements:

✅ Verification successful

🏁 Script executed:

#!/bin/bash
# Search for OpenTelemetry-related changes that might be affected by @graphql-tools/utils
rg -l "opentelemetry|otel|span|trace" | xargs rg "@graphql-tools/utils"

Length of output: 98593

---

Dependency update verified – no adverse impact on OpenTelemetry improvements.

The search results confirm that files in our OpenTelemetry plugin (and related files) continue to reference and use the functionality from @graphql-tools/utils without issues. Although many packages still declare versions like ^10.7.0 or related variants in lockfiles and changelogs, there is no indication that updating the executor’s dependency to ^10.8.1 affects OpenTelemetry-related features. The coordinated update appears consistent and does not break any OpenTelemetry contexts.

.changeset/@graphql-tools_batch-delegate-532-dependencies.md (1)

1-8: Verify compatibility with the updated @graphql-tools/utils version.

The coordinated update of @graphql-tools/utils from ^10.7.0 to ^10.8.1 across multiple packages looks good. However, let's verify the changelog for any breaking changes and ensure compatibility with the OpenTelemetry context improvements.

Also applies to: 1-8, 1-8, 1-8

✅ Verification successful

🏁 Script executed:

#!/bin/bash
# Description: Check for potential compatibility issues with the updated version

# Check if any package.json files still reference the old version
echo "Checking for potential version conflicts..."
rg -g "package.json" "\"@graphql-tools/utils\": \"\\^10\\.7\\.0\""

# Look for any imports of specific utilities that might have changed
echo "Checking utility imports..."
rg "from '@graphql-tools/utils'"

Length of output: 20485

---

🌐 Web query:

What are the changes in @graphql-tools/utils between versions 10.7.0 and 10.8.1?

💡 Result:

Here are the key changes in @graphql-tools/utils between versions 10.7.0 and 10.8.1 based on the official changelogs[4]:

Version 10.8.x

• 10.8.1: Patch update with unspecified general improvements[4]
• 10.8.0: Minor release with unspecified minor changes[4]

Version 10.7.x

• 10.7.2:
  • Security: Bumped dset dependency to address CVE-2024-21529[4]
• 10.7.1:
  • Removed use of VoidFunction type to fix TypeScript compatibility issues requiring DOM types[4]
• 10.7:
  • Added new helper functions:
    • getAbortPromise: Creates promise rejection on AbortSignal abort
    • registerAbortSignalListener: Prevents memory leaks by consolidating signal listeners[4]

There are no documented breaking changes between these versions based on available information[4]. The updates focus on security improvements, TypeScript compatibility fixes, and new utilities for handling abort signals in asynchronous operations.

For detailed dependency updates and implementation specifics, refer to the official changelogs[4].

Citations:

• 1: https://github.com/ardatan/graphql-tools/blob/master/packages/load/CHANGELOG.md
• 2: https://gitlab.com/gitlab-org/gitlab/-/blob/a8325c425/CHANGELOG.md
• 3: https://the-guild.dev/graphql/tools/changelogs/load
• 4: https://the-guild.dev/graphql/tools/changelogs/utils
• 5: https://github.com/ardatan/graphql-tools/blob/master/packages/stitch/CHANGELOG.md
• 6: https://the-guild.dev/graphql/tools/changelogs/loaders/graphql-file
• 7: https://github.com/ardatan/graphql-tools/releases
• 8: https://www.npmjs.com/package/@graphql-tools/utils
• 9: https://www.npmjs.com/package/@graphql-tools/utils?activeTab=versions
• 10: https://classic.yarnpkg.com/en/package/@graphql-tools/utils

---

Compatibility Verified: No breaking changes detected in @graphql-tools/utils 10.8.1 update.

• The official changelog indicates that the changes between 10.7.x and 10.8.1 are limited to security fixes, TypeScript compatibility improvements, and new utilities (e.g., handling abort signals), with no breaking changes.
• Code usage—including OpenTelemetry-related imports—remains compatible, as evidenced by the absence of modified or removed APIs.
• While many packages still reference version ^10.7.0 in their package.json files, the coordinated update in the targeted package aligns with non-breaking adjustments.

[coderabbitai]

🧹 Nitpick (assertive)

Safely handle null spans in toString().
trace.getSpan(node.ctx) can return undefined if no span is associated with the context. Use optional chaining to avoid potential runtime errors:

- names.push((trace.getSpan(node.ctx) as unknown as { name: string }).name);
+ const currentSpan = trace.getSpan(node.ctx);
+ names.push(currentSpan?.name ?? 'unknown-span');

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	names.push((trace.getSpan(node.ctx) as unknown as { name: string }).name);
	const currentSpan = trace.getSpan(node.ctx);
	names.push(currentSpan?.name ?? 'unknown-span');