dependabot[bot] opened a new pull request, #1034: URL: https://github.com/apache/isis/pull/1034
Bumps [graphql-java](https://github.com/graphql-java/graphql-java) from 18.2 to 19.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/graphql-java/graphql-java/releases";>graphql-java's releases</a>.</em></p> <blockquote> <h2>19.0</h2> <p>This is release 19.0 of GraphQL Java. This release doesn't contain any breaking changes.</p> <p>It contains one security related bugfix hardening GraphQL Java more against malicious requests: <a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2892";>#2892</a></p> <p>GraphQL Java now shades Antlr runtime to prevent any further dependency conflicts. Antrl is used internally for parsing and validating of GraphQL requests and SDL. <a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2854";>#2854</a></p> <p>It includes some performance improvements (<a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2786";>#2786</a>, <a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2769";>#2769</a>, <a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2839";>#2839</a>) and several bugfixes and general improvements.</p> <h1>Bugfixes</h1> <p><a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2892";>#2892</a> Security bugfix to prevent DOS attacks</p> <p><a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2818";>#2818</a> Fix silent thread leak for chained instrumentation</p> <p><a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2825";>#2825</a> Fixup Introspection input field deprecation filterting</p> <p><a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2842";>#2842</a> fix runtime exception for deep async queries</p> <p><a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2856";>#2856</a> SchemaPrinter description bugfix</p> <h1>Improvements</h1> <p><a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2786";>#2786</a> performance improvements for validation</p> <p><a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2769";>#2769</a> State is passed explicitly to instrumentation and parameters are NOT mutated</p> <p><a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2854";>#2854</a> Shade Antlr Runtime</p> <p><a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2896";>#2896</a> Update DataLoader to 3.2.0</p> <p><a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2878";>#2878</a> i18n for validation error messages</p> <p><a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2881";>#2881</a> Improve SchemaPrinter</p> <p><a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2872";>#2872</a> Improve AST compact printing</p> <p><a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2846";>#2846</a> Subscription root field valiation</p> <h1>All changes</h1> <p>all PRs: <a href="https://github.com/graphql-java/graphql-java/milestone/38?closed=1";>https://github.com/graphql-java/graphql-java/milestone/38?closed=1</a></p> <h2>18.3</h2> <p>This is a security bugfix release containing only one PR: <a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/pull/2897";>graphql-java/graphql-java#2897</a></p> <p>GraphQL Java has a max token limit per request preventing DOS attacks. But in some circumstances it was not enough to prevent malicious requests. This release fixes this problem.</p> <p>All details can be found here: <a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/pull/2892";>graphql-java/graphql-java#2892</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/graphql-java/graphql-java/commit/35ff68db1e1d567428539d74f2169ca7799ee2a3";><code>35ff68d</code></a> DF SelectionSet Benchmark (<a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2893";>#2893</a>)</li> <li><a href="https://github.com/graphql-java/graphql-java/commit/b1f96e742346a6dff435c64413d1d4a8bcda9f4c";><code>b1f96e7</code></a> Test stability (<a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2903";>#2903</a>)</li> <li><a href="https://github.com/graphql-java/graphql-java/commit/a50757027a3f2e50a316cba6b14cd85919798fbc";><code>a507570</code></a> Donna's catch! (<a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2900";>#2900</a>)</li> <li><a href="https://github.com/graphql-java/graphql-java/commit/2c7878e95424eb7a30c3b45b5e93a82c6015e702";><code>2c7878e</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2899";>#2899</a> from graphql-java/deprecate-cache-control</li> <li><a href="https://github.com/graphql-java/graphql-java/commit/d94bdf456e8a00cd1b836ba515f5ea44c9bfc561";><code>d94bdf4</code></a> Deprecate Apollo Cache Control</li> <li><a href="https://github.com/graphql-java/graphql-java/commit/6d87767c8cdef32da6eb826174347a6bd02ff004";><code>6d87767</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2786";>#2786</a> from jbellenger/jbellenger/validation-perf-redux</li> <li><a href="https://github.com/graphql-java/graphql-java/commit/05ac94238ac9b7c50834b37aa8b27ff714972587";><code>05ac942</code></a> Merge branch 'master' into jbellenger/validation-perf-redux</li> <li><a href="https://github.com/graphql-java/graphql-java/commit/226aabd9ffa863387085483e6b73799507b90b2c";><code>226aabd</code></a> READY - Stop DOS attacks by making the lexer stop early on evil input. (<a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2892";>#2892</a>)</li> <li><a href="https://github.com/graphql-java/graphql-java/commit/ba71a5dba20ed00bf110eb0fa6abc05a44f06508";><code>ba71a5d</code></a> Merge remote-tracking branch 'upstream/master'</li> <li><a href="https://github.com/graphql-java/graphql-java/commit/ab856e2a92fd217f684c6a0e4c234edbd9faae94";><code>ab856e2</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/graphql-java/graphql-java/issues/2896";>#2896</a> from graphql-java/update-java-dataloader</li> <li>Additional commits viewable in <a href="https://github.com/graphql-java/graphql-java/compare/v18.2...v19.0";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
