21.x backport of #3539 ENF restriction for introspection #3540
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…actory closer to structure on master
dondonz
commented
Mar 22, 2024
| import graphql.schema.GraphQLNamedOutputType; | ||
| import graphql.schema.GraphQLObjectType; | ||
| import graphql.schema.GraphQLSchema; | ||
| import graphql.schema.GraphQLType; |
Member
Author
There was a problem hiding this comment.
Git is extremely confused by the diff in this file. All other files are pretty much the result of Git cherry pick - this one is the only problematic one
There were major structural changes to this file to prepare for the defer feature to be released in v22. Of course Git can't work out what to do
Instead I've copy pasted the file from master, and deleted any defer references. This is essentially a copy of the non-defer pathway in master.
Member
There was a problem hiding this comment.
I think this is a good idea. So basically this is master code without the defer code added. Seems like a great idea.
The tests have not been changed AND they all pass so great approach
dondonz
commented
Mar 22, 2024
| import graphql.Assert; | ||
|
|
||
| import java.io.File; | ||
| import java.io.BufferedReader; |
Member
Author
There was a problem hiding this comment.
This file was changed in another PR due to be included in the forthcoming v22 release. We have to backport this too.
dondonz
commented
Mar 22, 2024
| Map<String, FragmentDefinition> fragments, | ||
| CoercedVariables coercedVariableValues, | ||
| Options options) { | ||
| return new ExecutableNormalizedOperationFactoryImpl( |
Member
Author
There was a problem hiding this comment.
Structural change - a ExecutableNormalizedOperationFactoryImpl was added after v21.x, in preparation for defer
dondonz
commented
Mar 22, 2024
| return groupByCommonParentsNoDeferSupport(fields); | ||
| } | ||
|
|
||
| private List<CollectedFieldGroup> groupByCommonParentsNoDeferSupport(Collection<CollectedField> fields) { |
Member
Author
There was a problem hiding this comment.
Keeping in the "no defer" method in
Balance between wanting to make this file look like master (and reduce risk of bad cherry pick) and then having this odd sounding method talking about a feature in the future
I opted for safety
dondonz
commented
Mar 22, 2024
| int maxLevel) { | ||
| if (curLevel > maxLevel) { | ||
| throw new AbortExecutionException("Maximum query depth exceeded " + curLevel + " > " + maxLevel); | ||
| private static class ExecutableNormalizedOperationFactoryImpl { |
Member
Author
There was a problem hiding this comment.
New static class introduced to assist with new defer feature
bbakerman
approved these changes
Mar 23, 2024
Member
bbakerman
left a comment
bbakerman
left a comment
There was a problem hiding this comment.
Yupp - ENF has great tests and this is passing. I like the approach taken
dondonz
changed the title
github-merge-queue bot
referenced
this pull request
in camunda/camunda
Apr 23, 2024
…#17666) [](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [com.graphql-java:graphql-java](https://togithub.com/graphql-java/graphql-java) | `21.4` -> `21.5` | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | [](https://docs.renovatebot.com/merge-confidence/) | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>graphql-java/graphql-java (com.graphql-java:graphql-java)</summary> ### [`v21.5`](https://togithub.com/graphql-java/graphql-java/releases/tag/v21.5): 21.5 [Compare Source](https://togithub.com/graphql-java/graphql-java/compare/v21.4...v21.5) This is a special release to add further limits to introspection queries. This release contains a backport of PR [#​3539](https://togithub.com/graphql-java/graphql-java/issues/3539). #### What's Changed - 21.x backport of [#​3539](https://togithub.com/graphql-java/graphql-java/issues/3539) ENF restriction for introspection by [@​dondonz](https://togithub.com/dondonz) in [https://github.com/graphql-java/graphql-java/pull/3540](https://togithub.com/graphql-java/graphql-java/pull/3540) **Full Changelog**: graphql-java/graphql-java@v21.4...v21.5 </details> --- ### Configuration 📅 **Schedule**: Branch creation - "after 10pm every weekday,before 6am every weekday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/camunda/zeebe). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMTMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjMxMy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJhdXRvbWVyZ2UiXX0=-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
](https://renovatebot.com){kind=link}
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Backporting #3539 for 21.x. The difficulty is that there were major changes in
ExecutableNormalizedOperationFactoryin preparation for the new defer feature in v22.The changes in PR #3539 are harder and riskier to pull into the old
ExecutableNormalizedOperationFactorystructure. I propose it is safer to update 21.x (and prior versions) to the new file structureI want to have another close look at this PR with fresh eyes because this is a complicated cherry pick. Here's an early look and we'll get the build going