Skip to content

chore(deps): bump strawberry-graphql-django from 0.73.1 to 0.74.1 in /backend#3416

Merged
arkid15r merged 1 commit intomainfrom
dependabot/pip/backend/main/strawberry-graphql-django-0.74.1
Jan 19, 2026
Merged

chore(deps): bump strawberry-graphql-django from 0.73.1 to 0.74.1 in /backend#3416
arkid15r merged 1 commit intomainfrom
dependabot/pip/backend/main/strawberry-graphql-django-0.74.1

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 19, 2026

Bumps strawberry-graphql-django from 0.73.1 to 0.74.1.

Release notes

Sourced from strawberry-graphql-django's releases.

0.74.1

Pagination pageInfo.limit now returns the actual limit applied (after defaults and max caps), not the raw request value.

For example, with PAGINATION_DEFAULT_LIMIT=20, PAGINATION_MAX_LIMIT=50:

{ fruits(pagination: { limit: null }) { pageInfo { limit } } }

Before:

{
  "data": {
    "fruits": {
      "pageInfo": {
        "limit": null
      }
    }
  }
}

After:

{
  "data": {
    "fruits": {
      "pageInfo": {
        "limit": 20
      }
    }
  }
}

Also fixes limit: null to use PAGINATION_DEFAULT_LIMIT instead of PAGINATION_MAX_LIMIT.

This release was contributed by @​bellini666 in strawberry-graphql/strawberry-django#848

0.74.0

Add configurable PAGINATION_MAX_LIMIT setting to cap pagination requests, preventing clients from requesting unlimited data via limit: null or excessive limits.

This addresses security and performance concerns by allowing projects to enforce a maximum number of records that can be requested through pagination.

Configuration:

STRAWBERRY_DJANGO = {
    "PAGINATION_MAX_LIMIT": 1000,  # Cap all requests to 1000 records
}
</tr></table>

... (truncated)

Changelog

Sourced from strawberry-graphql-django's changelog.

0.74.1 - 2026-01-18

Pagination pageInfo.limit now returns the actual limit applied (after defaults and max caps), not the raw request value.

For example, with PAGINATION_DEFAULT_LIMIT=20, PAGINATION_MAX_LIMIT=50:

{ fruits(pagination: { limit: null }) { pageInfo { limit } } }

Before:

{
  "data": {
    "fruits": {
      "pageInfo": {
        "limit": null
      }
    }
  }
}

After:

{
  "data": {
    "fruits": {
      "pageInfo": {
        "limit": 20
      }
    }
  }
}

Also fixes limit: null to use PAGINATION_DEFAULT_LIMIT instead of PAGINATION_MAX_LIMIT.

This release was contributed by @​bellini666 in #848

0.74.0 - 2026-01-17

Add configurable PAGINATION_MAX_LIMIT setting to cap pagination requests, preventing clients from requesting unlimited data via limit: null or excessive limits.

This addresses security and performance concerns by allowing projects to enforce a maximum number of records that can be requested through pagination.

Configuration:

... (truncated)

Commits
  • fd45081 fix: sync pageInfo.limit with effective pagination limit (#848)
  • 455019f ci: bump autopub and set git user/email for releases
  • e6a2ea9 chore: fix user/PRs/issues links on CHANGELOG.md
  • 6446aa9 chore: add a CHANGELOG header on CHANGELOG.md
  • 554d6bd chore: add stripped CHANGELOG again
  • bc2c6f9 🤖 Release 0.74.0
  • e9f51a3 feat: implement pagination max limit setting (#847)
  • 45d176b [pre-commit.ci] pre-commit autoupdate (#843)
  • 558e3f5 chore: update autopub to 1.0.0a53
  • 92a0f83 chore: make PR link clickable in CHANGELOG.md
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump strawberry-graphql-django in /backend
f4141bc 
Bumps [strawberry-graphql-django](https://github.com/strawberry-graphql/strawberry-django) from 0.73.1 to 0.74.1.
- [Release notes](https://github.com/strawberry-graphql/strawberry-django/releases)
- [Changelog](https://github.com/strawberry-graphql/strawberry-django/blob/main/CHANGELOG.md)
- [Commits](strawberry-graphql/strawberry-django@0.73.1...0.74.1)

---
updated-dependencies:
- dependency-name: strawberry-graphql-django
  dependency-version: 0.74.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jan 19, 2026
@dependabot dependabot bot requested review from arkid15r and kasya as code owners January 19, 2026 07:43
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jan 19, 2026
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jan 19, 2026

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Jan 19, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@arkid15r arkid15r added this pull request to the merge queue Jan 19, 2026
Merged via the queue into main with commit a9e7c7e Jan 19, 2026
30 of 31 checks passed
@arkid15r arkid15r deleted the dependabot/pip/backend/main/strawberry-graphql-django-0.74.1 branch January 19, 2026 19:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arkid15r arkid15r arkid15r approved these changes

@kasya kasya Awaiting requested review from kasya kasya is a code owner

Assignees

No one assigned

Labels

backend dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@arkid15r

Comments