Skip to content

Build(deps): bump strawberry-graphql[fastapi] from 0.254.0 to 0.258.0

Ronan Amicel requested to merge dependabot-pip-strawberry-graphql-fastapi--0.258.0 into main

Bumps strawberry-graphql[fastapi] from 0.254.0 to 0.258.0.

Release notes

Sourced from strawberry-graphql[fastapi]'s releases.

🍓 0.258.0

Add the ability to override the "max results" a relay's connection can return on a per-field basis.

The default value for this is defined in the schema's config, and set to 100 unless modified by the user. Now, that per-field value will take precedence over it.

For example:

@strawerry.type
class Query:
    # This will still use the default value in the schema's config
    fruits: ListConnection[Fruit] = relay.connection()
# This will reduce the maximum number of results to 10
limited_fruits: ListConnection[Fruit] = relay.connection(max_results=10)
This will increase the maximum number of results to 10
higher_limited_fruits: ListConnection[Fruit] = relay.connection(max_results=10_000)

Note that this only affects ListConnection and subclasses. If you are implementing your own connection resolver, there's an extra keyword named max_results: int | None that will be passed to it.

Releases contributed by @​bellini666 via #3746

🍓 0.257.0

The common node: Node used to resolve relay nodes means we will be relying on is_type_of to check if the returned object is in fact a subclass of the Node interface.

However, integrations such as Django, SQLAlchemy and Pydantic will not return the type itself, but instead an alike object that is later resolved to the expected type.

In case there are more than one possible type defined for that model that is being returned, the first one that replies True to is_type_of check would be used in the resolution, meaning that when asking for "PublicUser:123", strawberry could end up returning "User:123", which can lead to security issues (such as data leakage).

In here we are introducing a new strawberry.cast, which will be used to mark an object with the already known type by us, and when asking for is_type_of that mark will be used to check instead, ensuring we will return the correct type.

That cast is already in place for the relay node resolution and pydantic.

... (truncated)

Changelog

Sourced from strawberry-graphql[fastapi]'s changelog.

0.258.0 - 2025-01-12

Add the ability to override the "max results" a relay's connection can return on a per-field basis.

The default value for this is defined in the schema's config, and set to 100 unless modified by the user. Now, that per-field value will take precedence over it.

For example:

@strawerry.type
class Query:
    # This will still use the default value in the schema's config
    fruits: ListConnection[Fruit] = relay.connection()
# This will reduce the maximum number of results to 10
limited_fruits: ListConnection[Fruit] = relay.connection(max_results=10)
This will increase the maximum number of results to 10
higher_limited_fruits: ListConnection[Fruit] = relay.connection(max_results=10_000)

Note that this only affects ListConnection and subclasses. If you are implementing your own connection resolver, there's an extra keyword named max_results: int | None that will be passed to it.

Contributed by Thiago Bellini Ribeiro via [PR #3746](strawberry-graphql/strawberry#3746)

0.257.0 - 2025-01-09

The common node: Node used to resolve relay nodes means we will be relying on is_type_of to check if the returned object is in fact a subclass of the Node interface.

However, integrations such as Django, SQLAlchemy and Pydantic will not return the type itself, but instead an alike object that is later resolved to the expected type.

In case there are more than one possible type defined for that model that is being returned, the first one that replies True to is_type_of check would be used in the resolution, meaning that when asking for "PublicUser:123", strawberry could end up returning "User:123", which can lead to security issues (such as data leakage).

In here we are introducing a new strawberry.cast, which will be used to mark

... (truncated)

Commits

Merge request reports