Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump graphql-java from 17.0 to 19.0 #233

Closed
wants to merge 1 commit into from
Closed

Bump graphql-java from 17.0 to 19.0 #233

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 1, 2022

Bumps graphql-java from 17.0 to 19.0.

Release notes

Sourced from graphql-java's releases.

19.0

This is release 19.0 of GraphQL Java. It contains one breaking change.

It contains one security related bugfix hardening GraphQL Java more against malicious requests: #2892

GraphQL Java now shades Antlr runtime to prevent any further dependency conflicts. Antlr is used internally for parsing and validating of GraphQL requests and SDL. #2854

It includes some performance improvements (#2786, #2769, #2839) and several bugfixes and general improvements.

Breaking change

#2769 is an improvement to reduce object allocation. It can contain a breaking change if you would implement your own ChainedInstrumentation.

Change in behaviour

#2878 introduces i18n for validation error messages, and by default will set locale to the JVM default locale

Bugfixes

#2892 Security bugfix to prevent DOS attacks

#2818 Fix silent thread leak for chained instrumentation

#2825 Fixup Introspection input field deprecation filterting

#2842 fix runtime exception for deep async queries

#2856 SchemaPrinter description bugfix

Improvements

#2786 performance improvements for validation

#2854 Shade Antlr Runtime

#2896 Update DataLoader to 3.2.0

#2878 i18n for validation error messages

#2881 Improve SchemaPrinter

#2872 Improve AST compact printing

#2846 Subscription root field valiation

All changes

all PRs: https://github.com/graphql-java/graphql-java/milestone/38?closed=1

... (truncated)

Commits
  • 35ff68d DF SelectionSet Benchmark (#2893)
  • b1f96e7 Test stability (#2903)
  • a507570 Donna's catch! (#2900)
  • 2c7878e Merge pull request #2899 from graphql-java/deprecate-cache-control
  • d94bdf4 Deprecate Apollo Cache Control
  • 6d87767 Merge pull request #2786 from jbellenger/jbellenger/validation-perf-redux
  • 05ac942 Merge branch 'master' into jbellenger/validation-perf-redux
  • 226aabd READY - Stop DOS attacks by making the lexer stop early on evil input. (#2892)
  • ba71a5d Merge remote-tracking branch 'upstream/master'
  • ab856e2 Merge pull request #2896 from graphql-java/update-java-dataloader
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump graphql-java from 17.0 to 19.0
7a6daae 
Bumps [graphql-java](https://github.com/graphql-java/graphql-java) from 17.0 to 19.0.
- [Release notes](https://github.com/graphql-java/graphql-java/releases)
- [Commits](graphql-java/graphql-java@v17.0...v19.0)

---
updated-dependencies:
- dependency-name: com.graphql-java:graphql-java
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Aug 1, 2022
@dependabot dependabot bot mentioned this pull request Aug 1, 2022
Closed
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 1, 2022

Superseded by #234.

@dependabot dependabot bot closed this Sep 1, 2022
@dependabot dependabot bot deleted the dependabot/gradle/com.graphql-java-graphql-java-19.0 branch September 1, 2022 21:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants