Skip to content

[email protected]
Compare
Choose a tag to compare
@goto-bus-stop goto-bus-stop released this 29 Nov 08:50
· 577 commits to main since this release
[email protected]
f1544db
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

BREAKING

  • make conversions from GraphQL Values to Rust types fallible - goto-bus-stop, pull/371 fixing issue/358

    In the past you could do:

    let graphql_value: IntValue = get_a_value();
let x: i32 = graphql_value.into();

    But this .into() implementation could panic if the number was out of range.
    Now, this conversion is implemented with the TryFrom trait, so you handle out-of-range errors however you want:

    let graphql_value: IntValue = get_a_value();
let x: i32 = graphql_value.try_into()?;

  • Move with_recursion_limit constructor to a builder method - goto-bus-stop, pull/347

    If you were using the Parser::with_recursion_limit constructor, you now need to use Parser::new().recursion_limit() instead.

Features

  • add API to limit number of tokens to parse - goto-bus-stop, pull/347

    When dealing with untrusted queries, malicious users can submit very large queries to attempt to cause
    denial-of-service by using lots of memory. To accompany the existing recursion_limit API preventing
    stack overflows, you can now use token_limit to abort parsing when a large number of tokens is reached.

    You can use the new err.is_limit() API to check if a parse failed because a hard limit was reached.

    let source = format!("query {{ {fields} }}", fields = "a ".repeat(20_000));

let parser = Parser::new(source)
    .recursion_limit(10)
    // You may need an even higher limit if your application actually sends very large queries!
    .token_limit(10_000);

let (ast, errors) = parser.parse();
if errors.iter().any(|err| err.is_limit()) {
    // there was a limiting error
}

Maintenance

Assets 2
Loading