New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Class Validator forbidUnknownValues #1396
Comments
While that does fix my issue in the short term, The security issue: #1668 |
I will fix that in the long term via the snippet shown above. GraphQL has own set of input field null/undefined validation, so the typical validation issues does not apply to the TypeGraphQL use cases 😉 |
Awesome, thanks for the quick replies! I love the library and seeing the beta version motivated me to start a new project in it. If there's anything I can do to help I'd be more than glad to |
Hello, Do we have a roadmap for that fix? As far as I could understand type-graphql 1.1.1 and class-validator 0.14.0 are not yet playing nicely together and versions less than 0.14.0 of class-validator have yarn audit issues. Is setting { forbidUnknownValues: false } the only alternative by now? Does { forbidUnknownValues: false } restore class-validator behavior to the 0.12.0 version? |
|
A ok. I undestand that in type-graphql context setting this to false does not imply in insecure code because for type-graphql the original security issue is not applicable. |
Yes, GraphQL layer takes care about the set of properties in objects - its validation is done first, before class-validator check in TypeGraphQL. |
Describe the Bug
Upon updating to
class-validator@^0.14.0
, any input regardless of validation throws a validation error as such:To Reproduce
Create an input type:
Upon attempting to use the inputType, the error above throws
Expected Behavior
The error should not throw
Logs
Environment (please complete the following information):
Additional Context
I understand that using the beta package is most likely the issue, however it's been working pretty amazingly so far, and only this module bump caused an issue.
The text was updated successfully, but these errors were encountered: