[email protected] (#376)

crates/apollo-compiler/Cargo.toml

@@ -17,7 +17,7 @@ categories = [
 edition = "2021"
 
 [dependencies]
-apollo-parser = { path = "../apollo-parser", version = "0.3.0" }
+apollo-parser = { path = "../apollo-parser", version = "0.4.0" }
 rowan = "0.15.5"
 salsa = "0.16.1"
 uuid = { version = "1.1", features = ["serde", "v4"] }

crates/apollo-encoder/Cargo.toml

@@ -20,7 +20,7 @@ categories = [
 edition = "2021"
 
 [dependencies]
-apollo-parser = { path = "../apollo-parser", version = "0.3.1", optional = true }
+apollo-parser = { path = "../apollo-parser", version = "0.4.0", optional = true }
 thiserror = "1.0.37"
 
 [features]

crates/apollo-parser/CHANGELOG.md

@@ -18,7 +18,7 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
 
 ## Documentation -->
 
-# [x.x.x] (unreleased) - 2022-mm-dd
+# [0.4.0](https://crates.io/crates/apollo-parser/0.4.0) - 2022-11-28
 ## BREAKING
 - **make conversions from GraphQL Values to Rust types fallible - [goto-bus-stop], [pull/371] fixing [issue/358]**
 
@@ -34,10 +34,46 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm
   let x: i32 = graphql_value.try_into()?;
   ```
 
-  [goto-bus-stop]: https://github.com/goto-bus-stop 
+  [goto-bus-stop]: https://github.com/goto-bus-stop
   [pull/371]: https://github.com/apollographql/apollo-rs/pull/371
   [issue/358]: https://github.com/apollographql/apollo-rs/pull/358
 
+- **Move `with_recursion_limit` constructor to a builder method - [goto-bus-stop], [pull/347]**
+
+  If you were using the `Parser::with_recursion_limit` constructor, you now need to use `Parser::new().recursion_limit()` instead.
+
+## Features
+- **add API to limit number of tokens to parse - [goto-bus-stop], [pull/347]**
+
+  When dealing with untrusted queries, malicious users can submit very large queries to attempt to cause
+  denial-of-service by using lots of memory. To accompany the existing `recursion_limit` API preventing
+  stack overflows, you can now use `token_limit` to abort parsing when a large number of tokens is reached.
+
+  You can use the new `err.is_limit()` API to check if a parse failed because a hard limit was reached.
+
+  ```rust
+  let source = format!("query {{ {fields} }}", fields = "a ".repeat(20_000));
+
+  let parser = Parser::new(source)
+      .recursion_limit(10)
+      // You may need an even higher limit if your application actually sends very large queries!
+      .token_limit(10_000);
+
+  let (ast, errors) = parser.parse();
+  if errors.iter().any(|err| err.is_limit()) {
+      // there was a limiting error
+  }
+  ```
+
+  [goto-bus-stop]: https://github.com/goto-bus-stop
+  [pull/347]: https://github.com/apollographql/apollo-rs/pull/347
+
+## Maintenance
+- **Use `eat()` in a loop instead of recursing in `bump()` - [goto-bus-stop], [pull/361]**
+
+  [goto-bus-stop]: https://github.com/goto-bus-stop
+  [pull/361]: https://github.com/apollographql/apollo-rs/pull/361
+
 # [0.3.2](https://crates.io/crates/apollo-parser/0.3.2) - 2022-11-15
 ## Fixes
 - **lexing escaped and unicode characters in block strings - [lrlna], [pull/357] fixing [issue/341], [issue/342], [issue/343]**

crates/apollo-parser/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "apollo-parser"
-version = "0.3.2"
+version = "0.4.0"
 authors = ["Irina Shestak <[email protected]>"]
 license = "MIT OR Apache-2.0"
 repository = "https://github.com/apollographql/apollo-rs"

crates/apollo-parser/README.md

@@ -29,7 +29,7 @@ Add this to your `Cargo.toml` to start using `apollo-parser`:
 ```toml
 # Just an example, change to the necessary package version.
 [dependencies]
-apollo-parser = "0.3.2"
+apollo-parser = "0.4.0"
 ```
 
 Or using [cargo-edit]:

crates/apollo-smith/Cargo.toml

@@ -25,7 +25,7 @@ categories = [
 
 [dependencies]
 apollo-encoder = { path = "../apollo-encoder", version = "0.3.4" }
-apollo-parser = { path = "../apollo-parser", version = "0.3.1", optional = true }
+apollo-parser = { path = "../apollo-parser", version = "0.4.0", optional = true }
 arbitrary = { version = "1.0.3", features = ["derive"] }
 once_cell = "1.9.0"
 thiserror = "1.0.37"