GraphQL for Java with Spring Boot made easy.

Netflix, Inc.

Last update: Jan 9, 2023

Overview

dgs-framework

Documentation can be found here, including a getting started guide.

The DGS Framework (Domain Graph Service) is a GraphQL server framework for Spring Boot, developed by Netflix.

Features include:

Annotation based Spring Boot programming model
Test framework for writing query tests as unit tests
Gradle Code Generation plugin to create types from schema
Easy integration with GraphQL Federation
Integration with Spring Security
GraphQL subscriptions (WebSockets and SSE)
File uploads
Error handling
Many extension points

Getting Started

Follow the getting started guide!

Contributing, asking questions and reporting issues.

Please read our contributor guide!

Comments

bug: When trying to use Persisted queries I get exception

Please read our contributor guide before creating an issue.

Expected behavior

To be able to query for data while using persisted queries on the apollo client.

Actual behavior

Any requests with the extension (e.g. {"operationName":"getMarketForecasts","variables":{"effectiveDate":"2022-02-17"},"extensions":{"persistedQuery":{"version":1,"sha256Hash":"81edfa7234a38d8dee7b60971cae1c44d1b001b81376bdd66530552a64d5a0d8"}}}) for persisted queries and a hash give the error: 2022-03-04 14:20:57,627 ERROR [http-nio-8090-exec-6] org.apache.juli.logging.DirectJDKLog: Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.NullPointerException: null cannot be cast to non-null type kotlin.String] with root cause java.lang.NullPointerException: null cannot be cast to non-null type kotlin.String at com.netflix.graphql.dgs.mvc.DgsRestController$graphql$executionResult$1.invoke(DgsRestController.kt:161) at com.netflix.graphql.dgs.mvc.DgsRestController$graphql$executionResult$1.invoke(DgsRestController.kt:158) at com.netflix.graphql.dgs.internal.utils.TimeTracer.logTime(TimeTracer.kt:24) at com.netflix.graphql.dgs.mvc.DgsRestController.graphql(DgsRestController.kt:158) at jdk.internal.reflect.GeneratedMethodAccessor94.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:566) at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190) at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138) at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:105) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:879) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:793) at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909) at javax.servlet.http.HttpServlet.service(HttpServlet.java:660) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.CorsFilter.doFilterInternal(CorsFilter.java:92) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at io.opentelemetry.javaagent.instrumentation.springwebmvc.HandlerMappingResourceNameFilter.doFilter(HandlerMappingResourceNameFilter.java:59) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:93) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1590) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:834)

Steps to reproduce

While using the package in the frontend: "apollo-link-persisted-queries": "0.2.5", (https://www.npmjs.com/package/apollo-link-persisted-queries) try and query a dgs graphql service and it should give a 500 response. Note: A test case would be highly appreciated, but we understand that's not always possible
bug

opened by Ancient-Dragon 24
Spring Boot 3
Pull request checklist

[x] Please read our contributor guide

[x] Consider creating a discussion on the discussion forum first

[ ] Make sure the PR doesn't introduce backward compatibility issues

[x] Make sure to have sufficient test cases

Pull Request type

[ ] Bugfix

[ ] Feature

[x] Refactoring (no functional changes, no api changes)

[x] Build related changes

[ ] Other (please describe):

Changes in this PR

Describe the new behavior from this PR, and why it's needed Issue https://github.com/Netflix/dgs-framework/issues/948

Spring Boot 3 has been released! This PR has prepared dgs-framework for Spring Boot 3. Many project maintainers are currently validating their projects against Sprint Boot 3 to prepare for the upgrade. I have tested this branch extensively against my own Spring Boot 3 project.

Version upgrades:

Spring Boot 3.0.0

Spring Framework 6.0.3

Spring Security 6.0.1

Spring Cloud 2022.0.0

JDK target 17

Alternatives considered

Describe alternative implementation you have considered

N/A
opened by Stuckya 21
Add support for PreparsedDocumentProvider

I’ve started exploring an implementation https://github.com/bergerandrew/dgs-framework/tree/query-caching but since a PreparsedDocumentProvider can return existing entries without re-running query validation, it is incompatible with schema reloading or custom ReloadSchemaIndicator implementations.

Are there any plans to add support for query caching using PreparsedDocumentProvider?

opened by bergerandrew 20

bug: 5.4.0 does not properly upgrade grapqhl-java to 19.0

Considering the release notes, it should be upgraded to 19.0, but for me it is still on 18.3, leading to issues like.

Gradle 7.5.1
Java 17
netflix dgs 5.4.0
spring boot 2.7.4

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [graphql.schema.GraphQLSchema]: Factory method 'schema' threw exception; nested exception is java.lang.NoSuchMethodError: 'graphql.schema.idl.RuntimeWiring graphql.schema.idl.RuntimeWiring.transform(java.util.function.Consumer)'
	at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:185)
	at org.springframework.beans.factory.support.ConstructorResolver.instantiate(ConstructorResolver.java:653)
	... 78 more
Caused by: java.lang.NoSuchMethodError: 'graphql.schema.idl.RuntimeWiring graphql.schema.idl.RuntimeWiring.transform(java.util.function.Consumer)'
	at com.apollographql.federation.graphqljava.Federation.ensureFederationDirectiveDefinitionsExist(Federation.java:194)
	at com.apollographql.federation.graphqljava.Federation.transform(Federation.java:67)
	at com.netflix.graphql.dgs.internal.DgsSchemaProvider.computeSchema(DgsSchemaProvider.kt:184)
	at com.netflix.graphql.dgs.internal.DgsSchemaProvider.schema(DgsSchemaProvider.kt:122)
	at com.netflix.graphql.dgs.autoconfig.DgsAutoConfiguration.schema(DgsAutoConfiguration.kt:206)

Currently using this to fix that

dependencyManagement {
    dependencies {
        // FIXME: Fixing open CVEs - remove when the transitive dependencies have been updated
        dependency "org.yaml:snakeyaml:1.33"
        dependency "net.datafaker:datafaker:1.6.0"
        dependency "com.google.protobuf:protobuf-java:3.21.7"
        dependency "com.graphql-java:java-dataloader:3.2.0"
       	// Fix netflix dgs graqphl java update
        dependency "com.graphql-java:graphql-java:19.2"
        dependency "com.graphql-java:graphql-java-extended-scalars:19.0"
    }
}

documentation

opened by EugenMayer 18

feat: implement GraphQL over WebSocket Protocol
Pull request checklist

[x] Please read our contributor guide

[x] Consider creating a discussion on the discussion forum first

[x] Make sure the PR doesn't introduce backward compatibility issues

[ ] Make sure to have sufficient test cases

Pull Request type

[ ] Bugfix

[x] Feature

[ ] Refactoring (no functional changes, no api changes)

[ ] Build related changes

[ ] Other (please describe):

Changes in this PR

Describe the new behavior from this PR, and why it's needed Issue https://github.com/Netflix/dgs-framework/discussions/684

Alternatives considered

Describe alternative implementation you have considered
opened by amondnet 17
Custom scalars not usable as mutation input
Hey guys,

First of all, I really like your framework! I was trying to add a custom scalar (LocalDateTime) to my project, using the latest dgs release 3.5.1. I followed instructions on https://netflix.github.io/dgs/scalars/ and made changes accordingly. However when I tested it it threw exceptions. Then I tried the other method mentioned in https://github.com/Netflix/dgs-examples-java/blob/main/src/main/java/com/example/demo/scalars/DateTimeScalar.java and got the same error.

I've been able to reproduce the issue using my fork of the dgs-examples repo: https://github.com/faust2199/dgs-examples-java/tree/dgs-issue . After adding submittedDate to the input type, the following mutation causes an internal error:

mutation { addReview (review: { showId: 1 username: "dgs-user" starScore: 0 submittedDate: "1999-02-01T05:43:53.28Z" }) { username submittedDate } }

{ "errors": [ { "message": "java.lang.IllegalArgumentException: Cannot construct instance of `java.time.OffsetDateTime` (no Creators, like default constructor, exist): cannot deserialize from Object value (no delegate- or property-based Creator)\n at [Source: UNKNOWN; line: -1, column: -1] (through reference chain: com.example.demo.generated.types.SubmittedReview[\"submittedDate\"])", "locations": [], "path": [ "addReview" ], "extensions": { "errorType": "INTERNAL" } } ], "data": { "addReview": null } }

By the way, I ran across the following piece of code when looking at the stack trace. https://github.com/Netflix/dgs-framework/blob/3d38065e9525f349563881ff069b6dc09a865373/graphql-dgs/src/main/kotlin/com/netflix/graphql/dgs/internal/DgsSchemaProvider.kt#L268

Is it creating a new ObjectMapper on every request? I think it is more efficient to reuse.

Thanks in advance!
opened by faust2199 16

bug: upgrading to 4.6.0/4.7.3 leads to DgsInvalidInputArgumentException

We have this query

    spaces(
       first: Int!, 
		offset: Int!
        search: String,
        type: SpaceTypeFilter = BASIC,
        sortBy: [SpaceSortBy] = [{direction: ASC, field: TITLE}, {direction: ASC, field: ID}]
    ): SpaceGraphQlViewConnection!

input UserSortBy {
    field: UserSortByField,
    direction: SortDirection = ASC
}

enum UserSortByField {
    ID,
    USER_NAME,
    FIRST_NAME,
    LAST_NAME,
    COMPANY,
    EMAIL
}

enum SortDirection {
    ASC,
    DESC
}

While this works just find with 4.5.1, we get an exception in 4.6.0/4.7.0

com.netflix.graphql.dgs.exceptions.DgsInvalidInputArgumentException: Specified type 'class de.kontextwork.dwcore.base.space.model.api.SpaceSortBy' is invalid for sortBy.
	at com.netflix.graphql.dgs.internal.DataFetcherInvoker.processInputArgument(DataFetcherInvoker.kt:198) ~[graphql-dgs-4.6.0.jar:4.6.0]
	at com.netflix.graphql.dgs.internal.DataFetcherInvoker.invokeDataFetcher(DataFetcherInvoker.kt:62) ~[graphql-dgs-4.6.0.jar:4.6.0]
	at com.netflix.graphql.dgs.internal.DgsSchemaProvider.createBasicDataFetcher$lambda-19(DgsSchemaProvider.kt:310) ~[graphql-dgs-4.6.0.jar:4.6.0]
	at com.netflix.graphql.dgs.internal.DgsSchemaProvider$$Lambda$1209/0x0000000000000000.get(Unknown Source) ~[?:?]
	at graphql.execution.ExecutionStrategy.fetchField(ExecutionStrategy.java:270) [graphql-java-16.2.jar:?]
	at graphql.execution.ExecutionStrategy.resolveFieldWithInfo(ExecutionStrategy.java:203) [graphql-java-16.2.jar:?]
	at graphql.execution.AsyncExecutionStrategy.execute(AsyncExecutionStrategy.java:60) [graphql-java-16.2.jar:?]
	at graphql.execution.Execution.executeOperation(Execution.java:165) [graphql-java-16.2.jar:?]
	at graphql.execution.Execution.execute(Execution.java:104) [graphql-java-16.2.jar:?]
	at graphql.GraphQL.execute(GraphQL.java:557) [graphql-java-16.2.jar:?]
	at graphql.GraphQL.parseValidateAndExecute(GraphQL.java:482) [graphql-java-16.2.jar:?]
	at graphql.GraphQL.executeAsync(GraphQL.java:446) [graphql-java-16.2.jar:?]
	at com.netflix.graphql.dgs.internal.BaseDgsQueryExecutor.baseExecute(DefaultDgsQueryExecutor.kt:226) [graphql-dgs-4.6.0.jar:4.6.0]
	at com.netflix.graphql.dgs.internal.DefaultDgsQueryExecutor.execute(DefaultDgsQueryExecutor.kt:80) [graphql-dgs-4.6.0.jar:4.6.0]
	at com.netflix.graphql.dgs.internal.DefaultDgsQueryExecutor.getJsonResult(DefaultDgsQueryExecutor.kt:156) [graphql-dgs-4.6.0.jar:4.6.0]
	at com.netflix.graphql.dgs.internal.DefaultDgsQueryExecutor.getJsonResult$default(DefaultDgsQueryExecutor.kt:155) [graphql-dgs-4.6.0.jar:4.6.0]
	at com.netflix.graphql.dgs.internal.DefaultDgsQueryExecutor.executeAndExtractJsonPath(DefaultDgsQueryExecutor.kt:106) [graphql-dgs-4.6.0.jar:4.6.0]
	at com.netflix.graphql.dgs.DgsQueryExecutor.executeAndExtractJsonPath(DgsQueryExecutor.java:103) [graphql-dgs-4.6.0.jar:4.6.0]
	at de.kontextwork.dwcore.base.space.graphql.SpaceDataFetcherFullTest.getSpaces(SpaceDataFetcherFullTest.java:102) [test/:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
	at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
	at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
	at org.junit.platform.commons.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:688) [junit-platform-commons-1.7.2.jar:1.7.2]
	at org.junit.jupiter.engine.execution.MethodInvocation.proceed(MethodInvocation.java:60) [junit-jupiter-engine-5.7.2.jar:5.7.2]
	at org.junit.jupiter.engine.execution.InvocationInterceptorChain$ValidatingInvocation.proceed(InvocationInterceptorChain.java:131) [junit-jupiter-engine-5.7.2.jar:5.7.2]
	at org.junit.jupiter.engine.extension.TimeoutExtension.intercept(TimeoutExtension.java:149) [junit-jupiter-engine-5.7.2.jar:5.7.2]
	at org.junit.jupiter.engine.extension.TimeoutExtension.interceptTestableMethod(TimeoutExtension.java:140) [junit-jupiter-engine-5.7.2.jar:5.7.2]
	at org.junit.jupiter.engine.extension.TimeoutExtension.interceptTestMethod(TimeoutExtension.java:84) [junit-jupiter-engine-5.7.2.jar:5.7.2]
	at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor$$Lambda$151/0x0000000000000000.apply(Unknown Source) [junit-jupiter-engine-5.7.2.jar:5.7.2]
	at org.junit.jupiter.engine.execution.ExecutableInvoker$ReflectiveInterceptorCall.lambda$ofVoidMethod$0(ExecutableInvoker.java:115) [junit-jupiter-engine-5.7.2.jar:5.7.2]
	at org.junit.jupiter.engine.execution.ExecutableInvoker$ReflectiveInterceptorCall$$Lambda$152/0x0000000000000000.apply(Unknown Source) [junit-jupiter-engine-5.7.2.jar:5.7.2]
	at org.junit.jupiter.engine.execution.ExecutableInvoker.lambda$invoke$0(ExecutableInvoker.java:105) [junit-jupiter-engine-5.7.2.jar:5.7.2]
	at org.junit.jupiter.engine.execution.ExecutableInvoker$$Lambda$1533/0x0000000000000000.apply(Unknown Source) [junit-jupiter-engine-5.7.2.jar:5.7.2]
	at org.junit.jupiter.engine.execution.InvocationInterceptorChain$InterceptedInvocation.proceed(InvocationInterceptorChain.java:106) [junit-jupiter-engine-5.7.2.jar:5.7.2]
	at org.junit.jupiter.engine.execution.InvocationInterceptorChain.proceed(InvocationInterceptorChain.java:64) [junit-jupiter-engine-5.7.2.jar:5.7.2]
	at org.junit.jupiter.engine.execution.InvocationInterceptorChain.chainAndInvoke(InvocationInterceptorChain.java:45) [junit-jupiter-engine-5.7.2.jar:5.7.2]
	at org.junit.jupiter.engine.execution.InvocationInterceptorChain.invoke(InvocationInterceptorChain.java:37) [junit-jupiter-engine-5.7.2.jar:5.7.2]
	at org.junit.jupiter.engine.execution.ExecutableInvoker.invoke(ExecutableInvoker.java:104) [junit-jupiter-engine-5.7.2.jar:5.7.2]
	at org.junit.jupiter.engine.execution.ExecutableInvoker.invoke(ExecutableInvoker.java:98) [junit-jupiter-engine-5.7.2.jar:5.7.2]
	at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.lambda$invokeTestMethod$6(TestMethodTestDescriptor.java:210) [junit-jupiter-engine-5.7.2.jar:5.7.2]
	at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor$$Lambda$1672/0x0000000000000000.execute(Unknown Source) [junit-jupiter-engine-5.7.2.jar:5.7.2]
	at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.invokeTestMethod(TestMethodTestDescriptor.java:206) [junit-jupiter-engine-5.7.2.jar:5.7.2]
	at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.execute(TestMethodTestDescriptor.java:131) [junit-jupiter-engine-5.7.2.jar:5.7.2]
	at org.junit.jupiter.engine.descriptor.TestMethodTestDescriptor.execute(TestMethodTestDescriptor.java:65) [junit-jupiter-engine-5.7.2.jar:5.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$5(NodeTestTask.java:139) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask$$Lambda$230/0x0000000000000000.execute(Unknown Source) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$7(NodeTestTask.java:129) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask$$Lambda$229/0x0000000000000000.invoke(Unknown Source) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:137) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:127) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask$$Lambda$228/0x0000000000000000.execute(Unknown Source) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:126) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:84) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService$$Lambda$234/0x0000000000000000.accept(Unknown Source) [junit-platform-engine-1.7.2.jar:1.7.2]
	at java.util.ArrayList.forEach(ArrayList.java:1541) [?:?]
	at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.invokeAll(SameThreadHierarchicalTestExecutorService.java:38) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$5(NodeTestTask.java:143) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask$$Lambda$230/0x0000000000000000.execute(Unknown Source) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$7(NodeTestTask.java:129) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask$$Lambda$229/0x0000000000000000.invoke(Unknown Source) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:137) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:127) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask$$Lambda$228/0x0000000000000000.execute(Unknown Source) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:126) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:84) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService$$Lambda$234/0x0000000000000000.accept(Unknown Source) [junit-platform-engine-1.7.2.jar:1.7.2]
	at java.util.ArrayList.forEach(ArrayList.java:1541) [?:?]
	at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.invokeAll(SameThreadHierarchicalTestExecutorService.java:38) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$5(NodeTestTask.java:143) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask$$Lambda$230/0x0000000000000000.execute(Unknown Source) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$7(NodeTestTask.java:129) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask$$Lambda$229/0x0000000000000000.invoke(Unknown Source) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.Node.around(Node.java:137) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask.lambda$executeRecursively$8(NodeTestTask.java:127) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask$$Lambda$228/0x0000000000000000.execute(Unknown Source) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.ThrowableCollector.execute(ThrowableCollector.java:73) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask.executeRecursively(NodeTestTask.java:126) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.NodeTestTask.execute(NodeTestTask.java:84) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.SameThreadHierarchicalTestExecutorService.submit(SameThreadHierarchicalTestExecutorService.java:32) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.HierarchicalTestExecutor.execute(HierarchicalTestExecutor.java:57) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.engine.support.hierarchical.HierarchicalTestEngine.execute(HierarchicalTestEngine.java:51) [junit-platform-engine-1.7.2.jar:1.7.2]
	at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:108) [junit-platform-launcher-1.7.2.jar:1.7.2]
	at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:88) [junit-platform-launcher-1.7.2.jar:1.7.2]
	at org.junit.platform.launcher.core.EngineExecutionOrchestrator.lambda$execute$0(EngineExecutionOrchestrator.java:54) [junit-platform-launcher-1.7.2.jar:1.7.2]
	at org.junit.platform.launcher.core.EngineExecutionOrchestrator$$Lambda$183/0x0000000000000000.accept(Unknown Source) [junit-platform-launcher-1.7.2.jar:1.7.2]
	at org.junit.platform.launcher.core.EngineExecutionOrchestrator.withInterceptedStreams(EngineExecutionOrchestrator.java:67) [junit-platform-launcher-1.7.2.jar:1.7.2]
	at org.junit.platform.launcher.core.EngineExecutionOrchestrator.execute(EngineExecutionOrchestrator.java:52) [junit-platform-launcher-1.7.2.jar:1.7.2]
	at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:96) [junit-platform-launcher-1.7.2.jar:1.7.2]
	at org.junit.platform.launcher.core.DefaultLauncher.execute(DefaultLauncher.java:75) [junit-platform-launcher-1.7.2.jar:1.7.2]
	at com.intellij.junit5.JUnit5IdeaTestRunner.startRunnerWithArgs(JUnit5IdeaTestRunner.java:71) [junit5-rt.jar:?]
	at com.intellij.rt.junit.IdeaTestRunner$Repeater.startRunnerWithArgs(IdeaTestRunner.java:33) [junit-rt.jar:?]
	at com.intellij.rt.junit.JUnitStarter.prepareStreamsAndStart(JUnitStarter.java:221) [junit-rt.jar:?]
	at com.intellij.rt.junit.JUnitStarter.main(JUnitStarter.java:54) [junit-rt.jar:?]
Caused by: java.lang.NoSuchFieldException: field
	at java.lang.Class.getDeclaredFieldImpl(Native Method) ~[?:?]
	at java.lang.Class.getDeclaredFieldInternal(Class.java:910) ~[?:?]
	at java.lang.Class.getDeclaredField(Class.java:885) ~[?:?]
	at com.netflix.graphql.dgs.internal.InputObjectMapper.mapToJavaObject(InputObjectMapper.kt:55) ~[graphql-dgs-4.6.0.jar:4.6.0]
	at com.netflix.graphql.dgs.internal.DataFetcherInvoker.convertValue(DataFetcherInvoker.kt:238) ~[graphql-dgs-4.6.0.jar:4.6.0]
	at com.netflix.graphql.dgs.internal.DataFetcherInvoker.processInputArgument(DataFetcherInvoker.kt:196) ~[graphql-dgs-4.6.0.jar:4.6.0]

Not sure I can understand what changed in this regard by the Changelogs - did we do something wrong in the first place?

Thanks

bug

opened by EugenMayer 15

feature: Integration with WebFlux ReactiveSecurityContextHolder
Describe the Feature Request

Currently we are trying to access ReactiveSecurityContextHolder to fetch the Principal, since we are dependant on Roles to show the proper Data.

e.g.:

@DgsQuery(field = "stuffByFilter") public CompletionStage<List<Stuff>> leaves(@InputArgument("filter") final StuffFilter filter) { return ReactiveSecurityContextHolder.getContext() .map(SecurityContext::getAuthentication) .map(Authentication::getPrincipal) .map(Object::toString) .doOnNext(log::info) .flatMapMany(principal -> randomStuff()) .collectList() .toFuture(); }

The above code returns empty list as no logging is generated and no breakpoints are hit.

Describe Preferred Solution

Ideally we could get the current Principal available in the WebFlux Call chain via ReactiveSecurityContextHolder
enhancement
opened by driverpt 14

bug: Issues deserializing complex input objects in 4.7.3

I'm seeing a couple different issues deserializing input objects after upgrading to 4.7.3.

If you have a list of enums in an input field, those enum objects are not deserialized into instances of the enum. They are left as strings.
If you have an object that you are attempting to deserialize into that has fields that are in a superclass instead of directly on the target class, an exception is thrown while deserializing the input claiming that the field does not exist.

Expected behavior

Input values are correctly deserialized into the appropriate java types.

Actual behavior

Enums are left as strings (when in a List). It is impossible to deserialize into fields that are on parent classes of the target class.

Steps to reproduce

Here's a simple test case for the enum deserialization issue:

type Query {
    withInputContainingEnumList(input: Input!): Output!
}

input Input {
    values: [SomeEnum!]!
}

type Output {
    values: [SomeEnum!]!
}

enum SomeEnum {
    ONE, TWO
}

    @DgsComponent
    public class Fetcher {
        @DgsQuery(field = DgsConstants.QUERY.WithInputContainingEnumList)
        public Output doQuery(@InputArgument("input") Input input) {
            // Blows up on the next line. The value is still a string, not an enum instance.
            var enumValue = input.getValues().get(0);
            return Output.newBuilder().values(List.of(enumValue)).build();
        }
    }

For the second issue, we have type mappings set up to point at a pre-existing class that has its fields defined on an ancestor class.

When the input deserialization logic calls getDeclaredField, an exception is thrown.

    @Getter
    @Setter
    public class Parent {
        String someField;
    }

    public class Child extends Parent {

    }

type Query {    
    withChild(child: ChildInput): ChildOutput
}

input ChildInput {
    someField: String!
}

type ChildOutput {
    someField: String!
}

// gradle generator config
generateJava {
    // ...
    typeMapping = [
            ChildInput: 'Child',
            ChildOutput: 'Child'
    ]
}

    @DgsComponent
    public static class Fetcher {
        @DgsQuery(field = DgsConstants.QUERY.WithChild)
        public Child doQuery(@InputArgument("child") Child input) {
            // We never get to this point. An exception is thrown during deserialization
            return null;
        }
    }

bug

opened by nsnichols 13

Introduce config properties
The DGS framework takes a hard stance on how to configure itself:

Hardcoded /graphql path

Hardcoded /schema.json path and whether it is enabled or not

Hardcoded /graphiql path and whether it is enabled or not

Hardcoded classpath*:schema/**/*.graphql* to load the schema files from

It would be nice if DGS would offer some configuration options like:

dgs.graphql.path = /graphql dgs.graphql.schema-location = classpath*:schema/**/*.graphql* dgs.graphql.schema-json.enabled = true dgs.graphql.schema-json.path = /schema.json dgs.graphql.graphiql.enabled = true dgs.graphql.graphiql.path = /graphiql

Rationale is to be able to change paths, but also to disable certain functionality. E.g. GraphiQL is very useful during development but it might be desired or required to disable this in production because of security requirements or customized GraphiQL pages served differently (same for /schema.json). For the schema-location, some might want to use a different location like classpath:graphql/schema.graphqls to reduce classpath scanning.

Probably there are more hardcoded things that could be moved to @ConfigrationProperties (websockets?)
enhancement
opened by marceloverdijk 13
Serialize Map types in GraphQLQuery
Pull request checklist

[x] Please read our contributor guide

[ ] Consider creating a discussion on the discussion forum first

[x] Make sure the PR doesn't introduce backward compatibility issues

[x] Make sure to have sufficient test cases

Pull Request type

[x] Bugfix

[ ] Feature

[ ] Refactoring (no functional changes, no api changes)

[ ] Build related changes

[ ] Other (please describe):

Changes in this PR

Issue #290

Support Maps in GraphQLQuery serialization. This is useful for JSON and Object scalars.

Alternatives considered

n/a
opened by richardcresswell 12
Bump actions/cache from 3.0.11 to 3.2.2
Bumps actions/cache from 3.0.11 to 3.2.2.

Release notes

Sourced from actions/cache's releases.

v3.2.2

What's Changed

Fix formatting error in restore/README.md by @me-and in actions/cache#1044

save/README.md: Fix typo in example by @mmuetzel in actions/cache#1040

README.md: remove outdated Windows cache tip link by @me-and in actions/cache#1042

Revert compression changes related to windows but keep version logging by @Phantsure in actions/cache#1049

New Contributors

@me-and made their first contribution in actions/cache#1044

@mmuetzel made their first contribution in actions/cache#1040

Full Changelog: https://github.com/actions/cache/compare/v3.2.1...v3.2.2

v3.2.1

What's Changed

Release compression related changes for windows by @Phantsure in actions/cache#1039

Upgrade codeql to v2 by @Phantsure in actions/cache#1023

Full Changelog: https://github.com/actions/cache/compare/v3.2.0...v3.2.1

v3.2.0

What's Changed

fix wrong timeout env var key in README.md by @walterddr in actions/cache#959

Updated release doc with correct env variable by @kotewar in actions/cache#960

Create pull_request_template.md by @pdotl in actions/cache#963

Update README with clearer info about cache-hit and its value by @kotewar in actions/cache#961

Change datadog/squid to Ubuntu/squid in CI check by @bishal-pdMSFT in actions/cache#976

Add more details to version section in readme by @bishal-pdMSFT in actions/cache#971

Update hashFiles documentation reference by @asaf400 in actions/cache#979

Updated link for cache segment download info by @kotewar in actions/cache#986

Readme update for deleting caches by @t-dedah in actions/cache#981

Add oncall logic to assign issues and PRs by @vsvipul in actions/cache#997

Bump minimatch from 3.0.4 to 3.1.2 by @dependabot in actions/cache#998

Revert "Bump minimatch from 3.0.4 to 3.1.2" by @vsvipul in actions/cache#1005

Fix npm vulnerability by @Phantsure in actions/cache#1007

refactor: Use early return pattern to avoid nested conditions by @jongwooo in actions/cache#1013

Use cache in check-dist.yml by @jongwooo in actions/cache#1004

chore: Use built-in cache action to cache dependencies by @jongwooo in actions/cache#1014

Updated node example by @t-dedah in actions/cache#1008

Fix: Node npm doc example by @apascualm in actions/cache#1026

docs: fix an invalid link in workarounds.md by @teatimeguest in actions/cache#929

General Availability release for granular cache by @kotewar in actions/cache#1035 More details here on beta release.

New Contributors

@walterddr made their first contribution in actions/cache#959

@asaf400 made their first contribution in actions/cache#979

@jongwooo made their first contribution in actions/cache#1013

@apascualm made their first contribution in actions/cache#1026

@teatimeguest made their first contribution in actions/cache#929

... (truncated)

Changelog

Sourced from actions/cache's changelog.

3.0.11

Update toolkit version to 3.0.5 to include @actions/core@^1.10.0

Update @actions/cache to use updated saveState and setOutput functions from @actions/core@^1.10.0

3.1.0-beta.1

Update @actions/cache on windows to use gnu tar and zstd by default and fallback to bsdtar and zstd if gnu tar is not available. (issue)

3.1.0-beta.2

Added support for fallback to gzip to restore old caches on windows.

3.1.0-beta.3

Bug fixes for bsdtar fallback if gnutar not available and gzip fallback if cache saved using old cache action on windows.

3.2.0-beta.1

Added two new actions - restore and save for granular control on cache.

3.2.0

Released the two new actions - restore and save for granular control on cache

3.2.1

Update @actions/cache on windows to use gnu tar and zstd by default and fallback to bsdtar and zstd if gnu tar is not available. (issue)

Added support for fallback to gzip to restore old caches on windows.

Added logs for cache version in case of a cache miss.

3.2.2

Reverted the changes made in 3.2.1 to use gnu tar and zstd by default on windows.

Commits

4723a57 Revert compression changes related to windows but keep version logging (#1049)

d1507cc Merge pull request #1042 from me-and/correct-readme-re-windows

3337563 Merge branch 'main' into correct-readme-re-windows

60c7666 save/README.md: Fix typo in example (#1040)

b053f2b Fix formatting error in restore/README.md (#1044)

501277c README.md: remove outdated Windows cache tip link

c1a5de8 Upgrade codeql to v2 (#1023)

9b0be58 Release compression related changes for windows (#1039)

c17f4bf GA for granular cache (#1035)

ac25611 docs: fix an invalid link in workarounds.md (#929)

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependency-upgrade github_actions
opened by dependabot[bot] 0
feat: allow users to override subscription handling
Pull request checklist

[x] Please read our contributor guide

[x] Consider creating a discussion on the discussion forum first

[x] Make sure the PR doesn't introduce backward compatibility issues

[x] Make sure to have sufficient test cases

Pull Request type

[ ] Bugfix

[ ] Feature

[ ] Refactoring (no functional changes, no api changes)

[ ] Build related changes

[x] Other (please describe): Making method no-longer private Changes in this PR

Our team would like to customise how subscriptions are handled, by extending the functionality offered in the SSE handler.

Issue # N/A

Alternatives considered

Duplicating the handler, but this could easily get out of date etc, didn't seem any harm in allowing users to override if required.
opened by Ancient-Dragon 0
Bump spring-framework-bom from 5.3.23 to 6.0.3
Bumps spring-framework-bom from 5.3.23 to 6.0.3.

Release notes

Sourced from spring-framework-bom's releases.

v6.0.3

:star: New Features

Throw PessimisticLockingFailureException/CannotAcquireLockException instead of plain ConcurrencyFailureException #29675

Introduce additional constructors in MockClientHttpRequest and MockClientHttpResponse #29670

Fall back to JdkClientHttpConnector as ClientHttpConnector #29645

Optimize object creation in RequestMappingHandlerMapping#handleNoMatch #29634

Align multipart codecs on client and server #29630

Deprecate "application/graphql+json" media type after spec changes #29617

HTTP interface client does not call FormHttpMessageWriter when writing form data #29615

ProblemDetail doesn't override the equals method #29606

Add title to SockJS iFrames for accessibility compliance #29594

Forbid loading of a test's ApplicationContext in AOT mode if AOT processing failed #29579

Deprecate JettyWebSocketClient in favor of StandardWebSocketClient #29576

Improve options to expose MessageSource formatted errors for a ProblemDetail response #29574

Make @ModelAttribute and @InitBinder annotations @Reflective #29572

Update BindingReflectionHintsRegistrar to support properties on records #29571

:lady_beetle: Bug Fixes

Cannot use WebDAV methods in Spring MVC 6.0 anymore #29689

AnnotatedElementUtils.findMergedRepeatableAnnotations does not fetch results when other attributes exist in container annotation #29685

BeanWrapperImpl NPE in setWrappedInstance after invoking getPropertyValue #29681

SpEL ConstructorReference does not generate AST representation of arrays #29665

NullPointerException in BindingReflectionHintsRegistrar for anonymous classes #29657

DataBufferInputStream violates InputStream contract #29642

Component scanning no longer uses component index for @Named, @ManagedBean, and other Jakarta annotations #29641

Fix canWrite in PartHttpMessageWriter #29631

NoHandlerFoundException mistakenly returns request headers from ErrorResponse#getHeaders #29626

URI override for @HttpExchange doesn't work if there are both URI and @PathVariable method parameters #29624

Unnecessary parameter name introspection for constructor-arg resolution (leading to LocalVariableTableParameterNameDiscoverer warnings) #29612

Set detail from reason in both constructors of ResponseStatusException #29608

SpEL string literal misses single quotation marks in toStringAST() #29604

AOT code generation fails for bean of type boolean #29598

request-scoped bean with @Lazy fails in native image (due to missing detection of CGLIB lazy resolution proxies) #29584

500 error from WebFlux when parsing Content-Type leads to InvalidMediaTypeException #29565

ConcurrentLruCache implementation is using too much heap memory #29520

Duplicate key violation gets translated to DataIntegrityViolationException instead of DuplicateKeyException in Spring 6 #29511

SpEL: Two double quotes are replaced by one double quote in single quoted String literal (and vice versa) #28356

:notebook_with_decorative_cover: Documentation

Fix ErrorResponse#type documentation #29632

Fix typo in observability documentation #29590

Consistent documentation references to Jakarta WebSocket (2.1) #29581

Unrendered asciidoc headings in reference documentation #29569

Document observability support #29524

:hammer: Dependency Upgrades

... (truncated)

Commits

0fbc94f Release v6.0.3

6e08c56 Improve Javadoc for RepeatableContainers

fb6d3f5 Remove duplicated test code

6fe5652 Support non-standard HTTP methods in FrameworkServlet

ca68bbc Upgrade to Reactor 2022.0.1

e7bcb48 Remove obsolete AttributeMethods.hasOnlyValueAttribute() method

433b1c4 Support repeatable annotation containers with multiple attributes

0b08246 Revise RepeatableContainersTests

c7bdfbe Add missing Javadoc

618989d Update copyright date

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependency-upgrade java
opened by dependabot[bot] 0
Bump actions/checkout from 3.1.0 to 3.2.0
Bumps actions/checkout from 3.1.0 to 3.2.0.

Release notes

Sourced from actions/checkout's releases.

v3.2.0

What's Changed

Add GitHub Action to perform release by @rentziass in actions/checkout#942

Fix status badge by @ScottBrenner in actions/checkout#967

Replace datadog/squid with ubuntu/squid Docker image by @cory-miller in actions/checkout#1002

Wrap pipeline commands for submoduleForeach in quotes by @jokreliable in actions/checkout#964

Update @actions/io to 1.1.2 by @cory-miller in actions/checkout#1029

Upgrading version to 3.2.0 by @vmjoseph in actions/checkout#1039

New Contributors

@ScottBrenner made their first contribution in actions/checkout#967

@cory-miller made their first contribution in actions/checkout#1002

@jokreliable made their first contribution in actions/checkout#964

@vmjoseph made their first contribution in actions/checkout#1039

Full Changelog: https://github.com/actions/checkout/compare/v3...v3.2.0

Changelog

Sourced from actions/checkout's changelog.

Changelog

Commits

755da8c 3.2.0 (#1039)

26d48e8 Update @actions/io to 1.1.2 (#1029)

bf08527 wrap pipeline commands for submoduleForeach in quotes (#964)

5c3ccc2 Replace datadog/squid with ubuntu/squid Docker image (#1002)

1f9a0c2 README - fix status badge (#967)

8230315 Add workflow to update a main version (#942)

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependency-upgrade github_actions
opened by dependabot[bot] 0
Bump spectator-api from 1.3.+ to 1.4.2
Bumps spectator-api from 1.3.+ to 1.4.2.

Release notes

Sourced from spectator-api's releases.

v1.4.2

What's Changed

add more tests for PolledMeter by @sullis in Netflix/spectator#1008

fix check for matching with missing key by @brharrington in Netflix/spectator#1009

update dependencies by @brharrington in Netflix/spectator#1010

Full Changelog: https://github.com/Netflix/spectator/compare/v1.4.1...v1.4.2

v1.4.1

What's Changed

Compatibility with generational ZGC by @DanielThomas in Netflix/spectator#1006

Add ZGC generational memory managers by @DanielThomas in Netflix/spectator#1007

Full Changelog: https://github.com/Netflix/spectator/compare/v1.4.0...v1.4.1

v1.4.0

What's Changed

batch updater for counter, timer, and dist summary by @brharrington in Netflix/spectator#1003

add test for preserving custom statistic by @brharrington in Netflix/spectator#1004

jackson 2.14.0 by @brharrington in Netflix/spectator#1005

Full Changelog: https://github.com/Netflix/spectator/compare/v1.3.10...v1.4.0

v1.3.10

Primary changes:

#999, skip sorting in ArrayTagSet when adding SortedMap.

#1000, avoid allocating extra space when overriding a tag.

#1001, add jdk19 to CI.

A comprehensive list of changes can be found in the commit log: https://github.com/Netflix/spectator/compare/v1.3.9...v1.3.10

v1.3.9

Primary changes:

#997, update dependencies.

#998, add support contains, starts, and ends.

A comprehensive list of changes can be found in the commit log: https://github.com/Netflix/spectator/compare/v1.3.8...v1.3.9

v1.3.8

Primary changes:

#986, special case merging ArrayTagSet and TagList.

#987, fix calculation of array size ArrayTagSet.addAll.

#988, #989, #990, #991, overrides for spliterator to provide better performance.

#992, add rate metric for survivor pool.

... (truncated)

Commits

See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

dependency-upgrade java
opened by dependabot[bot] 0

Releases(v5.5.0)

v5.5.0(Dec 6, 2022)
What’s Changed

Update DGS framework to Spring Boot 2.7. (#1355) @srinivasankavitha

Source code(tar.gz)
Source code(zip)
v5.4.5(Dec 6, 2022)
What’s Changed

Avoid using deprecated instrumentation parameters for metrics. (#1354) @srinivasankavitha

Source code(tar.gz)
Source code(zip)
v5.4.4(Dec 5, 2022)
What’s Changed

Move away from the deprecated GraphQL Java Instrumentation methods. (#1334) @berngp

When an exception was thrown from a dataloader, it would be wrapped i… (#1330) @rreta04

Make session security context available for both WebSocket protocols (#1313) @HuseinJ

Have the ability to turn off the BigDecimal and BigInteger extended scalars (#1311) @berngp

Bump the nebula-release plugin to 17.1.0 (#1312) @berngp

Source code(tar.gz)
Source code(zip)
v5.4.3(Nov 4, 2022)
What’s Changed

Fix mapping with Kotlin default arguments (#1302) @kilink

Source code(tar.gz)
Source code(zip)
v5.4.2(Nov 4, 2022)
What’s Changed

Rework the API expressed by DgsExecutionResult (#1298) @berngp

Enable to set dgs.graphql.websocket.path in webflux (#1246) @jvalde

[Bugfix] Refactor Metrics (#1280) @antholeole

WebClientGraphQLClient RequestBodyUriCustomizer (#1290) @berngp

fix: GraphiQL may render broken and cannot be fully disabled (#1183) @foo4u

Move to net.datafaker:javafaker :1.6.0 to avoid the snakeyaml 1.30-android issue (#1285) @berngp

Source code(tar.gz)
Source code(zip)
v5.4.1(Oct 19, 2022)
What’s Changed

DGS BOM is expresses stronger version constraints for GraphQL Java (#1284) @berngp

Dependency Lock Update (#1282) @berngp

[regresion] Allow Spock Stubs to be used as Data Fetchers (#1279) @berngp

Source code(tar.gz)
Source code(zip)
v5.4.0(Oct 18, 2022)
What’s Changed

Bump actions/cache from 3.0.10 to 3.0.11 (#1274) @dependabot

Bump log4j-to-slf4j from 2.18.0 to 2.19.0 (#1245) @dependabot

Bump mockk from 1.12.4 to 1.13.2 (#1256) @dependabot

Upgrade to graphql-java 19.0 & Federation 2.1.0 (#1270) @berngp

Bump actions/checkout from 2 to 3.1.0 (#1266) @dependabot

Bump actions/cache from 3.0.4 to 3.0.10 (#1267) @dependabot

BUG FIX (#1083): Complex InputArgument serialized as Optional List of Complex Type (#1254) @antholeole

Source code(tar.gz)
Source code(zip)
v5.3.0(Oct 5, 2022)
What’s Changed

Added mechanism for mvc to add response headers using extensions. (#1261) @paulbakker

Added ability to configure log level in subscription error (#1247) @nkonev

Source code(tar.gz)
Source code(zip)
v5.2.4(Sep 22, 2022)
What’s Changed

Upgrading to graphql-java 18.3 (#1239) @berngp

Source code(tar.gz)
Source code(zip)
v5.2.2(Sep 20, 2022)
What’s Changed

Fix excess methods leading to schema duplicate in case mocked DataFecher (#1216) @nkonev

fix: updating to use location to fetch data (#1220) @ClaudenirFreitas

Fix bugs in setting up cleanup task, and handling of connections for websocket subscriptions (#1213) @srinivasankavitha

Source code(tar.gz)
Source code(zip)
v5.2.1(Aug 30, 2022)
What’s Changed

fix the DGS graphql path (#1204) @1zg12

Implement graphql-transport-ws protocol for websocket subscriptions (webmvc & webflux) (#1200) @srinivasankavitha

Add duplicate data fetcher validation (#1202) @willemmanuel

Make fed resolver always apply configured exception handler (#1197) @raptros

Source code(tar.gz)
Source code(zip)
v5.1.1(Aug 15, 2022)
What’s Changed

Consume and produce bytes in DgsRestController (#1188) @kilink

Bump datafaker from 1.4.0 to 1.5.0 (#1178) @dependabot

Source code(tar.gz)
Source code(zip)
v5.1.0(Aug 9, 2022)
What’s Changed

New

Context contribution implementation via instrumentation (#1145) @theJC

feat: customize the subscription endpoint for sse (#1137) @Ancient-Dragon

feat: adding pagination description (#1129) @ClaudenirFreitas

Fixes

fix: Update Interface DgsReactiveQueryExecutor based on late (but great) f… (#1174) @theJC

Use registered dataloader name (instead of annotation's name) consistently. (#1144) @srinivasankavitha

Others

Bump mockk from 1.12.4 to 1.12.5 (#1179) @dependabot

Update README.md (#1173) @MayCXC

Update Gradle Wrapper from 7.4.1 to 7.5 (#1152) @github-actions

Bump log4j-to-slf4j from 2.17.2 to 2.18.0 (#1133) @dependabot

Bump log4j-api from 2.17.2 to 2.18.0 (#1132) @dependabot

Source code(tar.gz)
Source code(zip)
v5.0.5(Jul 2, 2022)
What’s Changed

New Features

SSE Request can now be done via GETs (#1122) @Ancient-Dragon

The subscription endpoint can now be customized via the dgs.graphql.websocket.path configuration property (#1117) @TYzzt

The GraphiQL Title can now be configured via the dgs.graphql.graphiql.title configuration property. (#1116) @springmonster

Other

Improve exception message for InvalidTypeResolverException (#1118) @springmonster

Bump actions/setup-python from 3 to 4 (#1107) @dependabot

Bump actions/cache from 3.0.3 to 3.0.4 (#1109) @dependabot

⭐ Special Thanks ⭐

@Ancient-Dragon

@TYzzt

@springmonster

Source code(tar.gz)
Source code(zip)
v5.0.4(Jun 16, 2022)
What’s Changed

Enhancements

DGS annotations now declare @Inherited so that they can be used along CGLIB proxies. (#1113) @noemielb

Allow filtering of DgsComponents in DgsSchemaProvider (#1101) @OskarKjellin

Other Chagnes

Bump actions/cache from 3.0.2 to 3.0.3 (#1093) @dependabot

Upgrade dependency locks to prepare for a release. (#1112) @berngp

Source code(tar.gz)
Source code(zip)
v4.10.5(Jun 9, 2022)
What's Changed

Consider migrating to 5.x. We are not planning on back-porting additional fixes that will be applied to the 5.x branch.

Fixes

Addressing DgsGraphQLMetricsInstrumentation Latency increase by @berngp in (#1096)

Pass MultipartFile class to StdSerializer base class in MultipartFileSerializer by @berngp in (#1097)

Input argument without @InputArgument("input") stopped working by @berngp (#1103)

Full Changelog: https://github.com/Netflix/dgs-framework/compare/v4.10.4...v4.10.5
Source code(tar.gz)
Source code(zip)
v5.0.3(Jun 9, 2022)
What’s Changed

Fixes

Input argument without @InputArgument("input") stopped working (#1102) @berngp

Pass MultipartFile class to StdSerializer base class in MultipartFileSerializer (#1095) @kilink

Source code(tar.gz)
Source code(zip)
v5.0.2(Jun 5, 2022)
What’s Changed

Fixes

Addressing DgsGraphQLMetricsInstrumentation Latency increase (#1092) @berngp

DgsSchemaProvider API to expose resolved Datafetchers & field instrumentation (#1090) @berngp

Chores

Removed unsued LogEvent class (#1086) @berngp

Adopt Gradle JVM Toolchain (#1085) @berngp

Refactor InputArgumentTest (#1084) @berngp

chore(deps): Bump graphql-java-extended-validation to 18.1-hibernate-validator-6.2.0.Final (#1080) @setchy

Source code(tar.gz)
Source code(zip)
v5.0.1(May 28, 2022)
What’s Changed

Fix how the GraphQLCSRFRequestHeaderValidationRule compares the content-type (#1079) @berngp

Source code(tar.gz)
Source code(zip)
v5.0.0(May 26, 2022)
We are releasing a major version for DGS to address a CSRF vulnerability. This version adds a breaking change for callers that target the GraphQL Endpoint, /graphql by default, and don't explicit set the content-type to be one of either application/json, application/graphql, or multipart/form-data, the latter use for file upload. If a client is using multipart/form-data they will now need to include a preflight header that matches any of "x-apollo-operation-name", "apollo-require-preflight", or "graphql-require-preflight".

TL;DR

DGS will only accept requests with content-type of application/json, application/graphql, and multipart/form-data.

DGS will enforce a preflight header if the content-type is multipart/form-data. Acceptable preflight headers are "x-apollo-operation-name", "apollo-require-preflight", or "graphql-require-preflight"

Application developers should provide a sensible CORS policy, doing so is out of scope of the DGS framework but available via Spring Boot and Spring Security.

Although not recommended you can disable the preflight check by setting dgs.graphql.header.validation.enabled to false.

Context

There could be a potential CSRF attacks that can leverage the execution of JS code attached to a content-type: multipart/form-data, or other content-types which will not force the browsers to do a preflight check and enforce the CORS policy. Application developers should provide a sensible CORS policy as well as, if they use cookies, a sensible cookie SameSite policy.

DGS MVC supports the execution of GraphQL operations via HTTP POST requests with content-type: multipart/form-data. Because they are POST requests, they can contain GraphQL mutations. Because they use content-type: multipart/form-data, they can be "simple requests" which are not preflighted by browsers.

Spring Boot applications using DGS that set SameSite=None cookies for authentication are then open to JS code from any origin can that can cause browsers to send cookie-authenticated Mutations to the GraphQL endpoint, this will then be executed without checking your CORS policy first. Although the attack won't be able to see the response to the mutation if your CORS policy is set up properly, the side effects of the mutation will still occur.

In addition, if the Spring Boot application using DGS relies on network properties for security (whether by explicitly looking at the client's IP address or by only being available on a private network), then JS on any origin can cause browsers (which may be on a private network or have an allowed IP address) to send mutations to your GraphQL server, which will be executed without checking your CORS policy first. (This attack does not require your server to use cookies. It is in some cases prevented by some browsers such as Chrome.)

For additional context visit Apollo Server 2 graphql-upload CSRF Page.

⭐ Special thanks to the Apollo Server Team for identifying the CSRF. ⭐

What’s Changed

CSRF attack mitigation on requests with multipart/form-data, plain-text, or empty content-types (#1073) @berngp

Source code(tar.gz)
Source code(zip)
v4.10.4(May 24, 2022)
What’s Changed

Highlights

Adoption Apollo Federation 2.0 (#1056) @setchy

We are adopting Apollo Federation 2.0, please review Apollo Federation 2.0 Specification for further details.

New Features

Bumping federation and extended-scalars libs (#1056) @setchy

Fixes

Wrap the DataLoaders after inspection for DgsDataLoaderRegistryConsumer (#1068) @berngp

Improve DgsContext APIs and hint languages for DgsQueryExecutor(s) in IntelliJ (#1063) @berngp

Handle validation of input arguments in query complexity instrumentation (#1062) @berngp

Other Changes

Bump spring-security-bom from 5.6.3 to 5.6.5 (#1061) @dependabot

Bump datafaker from 1.3.0 to 1.4.0 (#1060) @dependabot

Adopt none deprecated DataFetcherExceptionHandler methods. (#1059) @berngp

Source code(tar.gz)
Source code(zip)
v4.10.3(May 19, 2022)
What’s Changed

Highlights

Fix missing Reactor Context in Kotlin suspend datafetchers (#1041) @gnoeley

Preserve Reactor context in reactive data fetcher (#1040) @gnoeley

Fix response payload serialization in DgsReactiveWebsocketHandler (#1050) @kilink

Rework how DgsData methods are invoked (#1013) @kilink

Other Changes

Remove DgsIntrospectionConfigurationProperties (#1026) @kilink

Update to Kotlinter 3.10.0 (#1052) @kilink

Fix various Kotlin compiler warnings (#1053) @kilink

Bump mockk from 1.12.3 to 1.12.4 (#1045) @dependabot

⭐ Special thanks to @gnoeley and @kilink for this release! ⭐
Source code(tar.gz)
Source code(zip)
v4.10.2(May 9, 2022)
What’s Changed

Upgrade to GraphQL Java 18.1 (#1033) @berngp

Added support for union connection declaration (#1030) @BCantos17

Bump spring-cloud-dependencies from 2021.0.1 to 2021.0.2 (#1024) @dependabot

Source code(tar.gz)
Source code(zip)
v4.10.1(May 2, 2022)
What’s Changed

Feature: add UUID Scalar (#1022) @setchy

Source code(tar.gz)
Source code(zip)
v4.10.0(May 2, 2022)
What’s Changed

Highlights

Adopting GraphqL Java 18

We are adopting Graphql Java 18, this new version comes with a considerable number of improvements to the library. We are looking forward to use the performance improvements on validation rules that available in this version. Please review the GraphQL Java v18.0 Release Notes for further details

Moving To Spring 5.3, Spring Boot 2.6, Spring Cloud 2021.0.1

In order to keep the framework healthy we have decided to upgrade to Spring Boot 2.6, Spring 5.3 and Spring Cloud 2022.0.1. If you are moving from Spring Boot 2.3 to Spring Boot 2.6 you might want to review the changes that happened between 2.3 and 2.4. You can review What is new in Spring Boot 2.4 by Phil Webb (@phillip_web). Please review the Spring Boot 2.6 Release Notes if you are interested on the new features available.

Deprecation of collectionType as part of the @InputArgument annotation. (#977) @kilink

The @InputArgument annotation doesn't need the collectionType anymore when you are mapping to a List, Map, or other collections. To do this we are now leveraging the Spring Framework's ResolvableType utilities directly.

Upgrading to Kotlin 1.6.21

We are upgrading to Kotlin 1.6.21, this shouldn't affect you unless you are using Kotlin as well in your project. If you use Kotlin you will need to make sure you upgrade to at least 1.6.20. To review what is new in Kotlin 1.6.20, please visit the official site.

Other

Feature/local time scalar (#1008) @setchy

Remove usage of NoOpPreparsedDocumentProvider (#994) @kilink

Simplify DgsSSESubscriptionHandler by returning Flux (#1001) @kilink

Remove DgsNoOpPreparsedDocumentProvider (#989) @kilink

Add support for defining a default DataFetcherFactory via autoconfig (#979) @jord1e

Use delegation pattern in DgsDataFetchingEnvironment (#978) @kilink

Replace Javafaker with Datafaker (#970) @bodiam

House Keeping Changes

Bump actions/cache from 2 to 3.0.2 (#957) (#991) @dependabot

Bump actions/setup-java from 2 to 3 (#975) @dependabot

Bump actions/upload-artifact from 2 to 3 (#976) @dependabot

Bump log4j-api from 2.17.1 to 2.17.2 (#962) @dependabot

Bump log4j-to-slf4j from 2.17.1 to 2.17.2 (#965) @dependabot

Bump mockk from 1.12.2 to 1.12.3 (#964) @dependabot

Bump nebula.netflixoss from 10.5.1 to 10.6.0 (#870) @dependabot

Bump spectator-api from 1.0.+ to 1.3.0 (#959) (#985) @dependabot

Disable unstable ConcurrentDataFetcherTest test. (#1012) @berngp

Fix Kotlin compiler warning (#973) @kilink

Fix deprecation warnings in DgsDataLoaderProvider (#971) @kilink

Fix various warnings (#974) @kilink

Fold changes to dependencies.lock files in diffs by default (#967) @jord1e

Get rid of unnecessary .let, use MediaType (#972) @kilink

Refactor the fixtures used for testing a custom DataFetcherFactory (#983) @berngp

Stop calling deprecated exchange method on WebClient (#1005) @kilink

Update Gradle Wrapper from 7.3.3 to 7.4.1 (#921) @github-actions

Update dependency lock files (#996) @kilink

Stop using deprecated context methods (#982) @kilink

Avoid passing in empty ChainedInstrumentation (#992) @kilink

Source code(tar.gz)
Source code(zip)
v4.9.25(Apr 4, 2022)
What’s Changed

Set the errors property in the payload when processing subscription events. (#951) @srinivasankavitha

Support @RequestHeader with HttpHeader/Map/MultiValueMap types. (#947) @srinivasankavitha

Source code(tar.gz)
Source code(zip)
v4.9.24(Mar 24, 2022)
What’s Changed

Features

Make the object mapper used for query execution configurable. (#943) @srinivasankavitha

Added operation name in query input and passed in execute method (#941) @PrasoonJain

Automatic data loader naming on classes annotated with nameless @DgsDataLoader (#904) @jord1e

Other

Bump actions/setup-python from 2 to 3 (#911) @dependabot

Update .gitignore (#926) @jord1e

Source code(tar.gz)
Source code(zip)
v4.9.22(Mar 9, 2022)

Source code(tar.gz)
Source code(zip)
v4.9.21(Feb 28, 2022)
What’s Changed

Fix log verbosity of DataFetcherInvoker.invokeDataFetcher (#896) @berngp

Pin graphiql version in the webflux stack as well, already done for mvc. (#885) @srinivasankavitha

Source code(tar.gz)
Source code(zip)
v4.9.20(Feb 9, 2022)
What’s Changed

Move result processors for Flux/Mono to graphql-dgs (#866) @kilink

Source code(tar.gz)
Source code(zip)