From a640e91d5fe41c644f97ace885542ea5de92f4ec Mon Sep 17 00:00:00 2001
From: Trevor Scheer <trevor.scheer@gmail.com>
Date: Tue, 14 Jun 2022 17:06:40 -0700
Subject: [PATCH] Finalizing docs fixes, rework CHANGELOG entries

Co-authored-by: Rose M Koron <32436232+rkoron007@users.noreply.github.com>
---
 CHANGELOG.md                               | 14 ++++++++------
 docs/source/api/apollo-server.mdx          | 12 ++++++------
 docs/source/performance/cache-backends.mdx | 21 +++++++++++++++------
 3 files changed, 29 insertions(+), 18 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index c31a9dfa9ab..0faba276ab2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,12 +10,14 @@ The version headers in this history reflect the versions of Apollo Server itself
 
 ## vNEXT
 
-- Remove internal dependency on `apollo-server-caching`, switch over to `@apollo/utils.keyvaluecache`. This PR specifically also introduces Keyv as an unbounded cache solution, but will replace with our own simple implementation in a follow-up PR targeting this minor version release. [PR #6522](https://github.com/apollographql/apollo-server/pull/6522)
-- Remove dependency on `keyv`/`@apollo/utils.keyvadapter` in favor of a simple `Map`-backed cache which implements TTL [PR #6535](https://github.com/apollographql/apollo-server/pull/6535)
-- Add `cache: "bounded"` configuration option, allowing users to opt into bounded request cache (recommended) [PR #6536](https://github.com/apollographql/apollo-server/pull/6536)
-- Remove `apollo-server-caching` and `apollo-server-cache-*` packages [PR #6541](https://github.com/apollographql/apollo-server/pull/6541)
-- Warn when APQ cache is unbounded in production (which is default) [PR #6545](https://github.com/apollographql/apollo-server/pull/6545)
-- Await `parsingDidEnd` `Promise`. Note from @trevor-scheer: I don't think this resolves the issue it intended to. See [Issue #6567](https://github.com/apollographql/apollo-server/pull/6567) for details. [PR #6559](https://github.com/apollographql/apollo-server/pull/6559)
+- Nothing yet! Stay tuned.
+
+## v3.9.0
+
+- ⚠️ **SECURITY** `apollo-server-core`: The default configuration of Apollo Server is vulnerable to denial of service attacks via memory exhaustion. If you do not currently specify the `cache` option to `new ApolloServer()`, we strongly recommend you specify `cache: 'bounded'`, which replaces the default in-memory unbounded cache with a 30MB in-memory cache, or disable automatic persisted queries with `persistedQueries: null`. Apollo Server now logs a warning in production if you do not configure the cache or disable APQs. See [the docs](https://www.apollographql.com/docs/apollo-server/performance/cache-backends#ensuring-a-bounded-cache) for more details.
+- The `apollo-server-caching` package is no longer published. The TypeScript types `KeyValueCache` and `KeyValueCacheSetOptions` and the classes `PrefixingKeyValueCache` and `InMemoryLRUCache` can be imported from `@apollo/utils.keyvaluecache` instead. The first three exports are identical; `InMemoryLRUCache` is based on `lru-cache` v7 instead of v6, and no longer supports creating unbounded caches (which was the default behavior for `apollo-server-caching`'s `InMemoryLRUCache`). [PR #6522](https://github.com/apollographql/apollo-server/pull/6522)
+- The `apollo-server-cache-redis` and `apollo-server-cache-memcached` packages are no longer published (though previous versions continue to work). We recommend that users of these packages migrate to `@apollo/utils.keyvadapter`, which lets you connect to Redis, Memcached, or any other backend supported by the [Keyv](https://www.npmjs.com/package/keyv) project. See [the new cache backend docs](https://www.apollographql.com/docs/apollo-server/performance/cache-backends) for more details. [PR #6541](https://github.com/apollographql/apollo-server/pull/6541)
+- Avoid unhandled rejection errors if the end hook from a `parsingDidStart` plugin method rejects. [Issue #6567](https://github.com/apollographql/apollo-server/pull/6567) [PR #6559](https://github.com/apollographql/apollo-server/pull/6559)
 
 ## v3.8.2
 
diff --git a/docs/source/api/apollo-server.mdx b/docs/source/api/apollo-server.mdx
index 4bcbe4307d0..f46062c2a9c 100644
--- a/docs/source/api/apollo-server.mdx
+++ b/docs/source/api/apollo-server.mdx
@@ -238,11 +238,11 @@ Available in Apollo Server v3.4.0 and later.
 </td>
 <td>
 
-A `KeyValueCache` which Apollo Server uses for a number of features like APQs and full response caching. This cache is also provided to DataSources and plugins.
+A `KeyValueCache` which Apollo Server uses for several features, including APQs and full response caching. This cache is also available to Apollo Server's data sources and plugins.
 
-By default, the cache is unbounded. We don't recommend this, since a malicious client can run your server out of memory and cause it to crash by filling it with APQs.
+By default, the cache that Apollo Server 3 uses is unbounded. We _strongly recommend_ that all users pass `cache: "bounded"` or configure their cache in a manner that isn't unbounded. This protects your server from attacks that exhaust available memory, causing a DOS.
 
-If you don't want to configure your own cache, you should set `cache: "bounded"`. The bounded cache is an [`InMemoryLRUCache`](https://www.npmjs.com/package/@apollo/utils.keyvaluecache) with a default size of roughly 30MiB.
+The default bounded cache is an [`InMemoryLRUCache`](https://www.npmjs.com/package/@apollo/utils.keyvaluecache) with a default size of roughly 30MiB.
 
 To learn more about configuring Apollo Server's cache, see [Configuring cache backends](../performance/cache-backends).
 
@@ -450,7 +450,7 @@ The default value is `true`. Set this to `false` to use mocked resolvers only fo
 
 ##### `nodeEnv`
 
-`String`
+`string`
 </td>
 <td>
 
@@ -583,7 +583,7 @@ Returns a `Promise` that resolves to an object containing the following properti
 
 ##### `url`
 
-`String`
+`string`
 </td>
 <td>
 
@@ -796,7 +796,7 @@ async function startApolloServer() {
 
 ##### `path`
 
-`String`
+`string`
 </td>
 <td>
 
diff --git a/docs/source/performance/cache-backends.mdx b/docs/source/performance/cache-backends.mdx
index 69a283c971e..e8c05bc44f6 100644
--- a/docs/source/performance/cache-backends.mdx
+++ b/docs/source/performance/cache-backends.mdx
@@ -5,7 +5,7 @@ description: How to configure Apollo Server's cache
 
 > ⚠️ **New in Apollo Server 3.9:** We _strongly recommend_ that all users pass `cache: "bounded"` or configure their cache in a manner that isn't unbounded (which is current default behavior). This protects your server from attacks that exhaust available memory, causing a DOS. See [Ensuring a bounded cache](#ensuring-a-bounded-cache) immediately below for more details.
 
-Many Apollo Server features take advantage of a cache backend (these features include [automatic persisted queries](./performance/apq), the [response cache plugin](./performance/caching#caching-with-responsecacheplugin-advanced), and [`RESTDataSource`](./data/data-sources#restdatasource-reference)). Apollo Server uses an in-memory cache by default, but you can configure it to use a different backend, such as Redis or Memcached.
+Many Apollo Server features take advantage of a cache backend (these features include [automatic persisted queries](./apq), the [response cache plugin](./caching#caching-with-responsecacheplugin-advanced), and [`RESTDataSource`](../data/data-sources#restdatasource-reference)). Apollo Server uses an in-memory cache by default, but you can configure it to use a different backend, such as Redis or Memcached.
 
 You can specify a cache backend by passing a `cache` option to the `ApolloServer` constructor. Your specified cache backend must implement the [`KeyValueCache`](https://github.com/apollographql/apollo-utils/tree/main/packages/keyValueCache#keyvaluecache-interface) interface from the `@apollo/utils.keyvaluecache` package.
 
@@ -31,7 +31,7 @@ const server = new ApolloServer({
 ```
 > The equivalent of this is provided out-of-the-box by Apollo Server 3.9+ by passing `cache: "bounded"` and doesn't require you to install the `@apollo/utils.keyvaluecache` package.
 
-In this example, we've increased the default size and provided a default TTL. For more information on these configuration options, see the [`lru-cache` documentation`](https://www.npmjs.com/package/lru-cache).
+In this example, we've increased the default size and provided a default TTL. For more information on these configuration options, see the [`lru-cache` documentation](https://www.npmjs.com/package/lru-cache).
 ```ts
 import { InMemoryLRUCache } from '@apollo/utils.keyvaluecache';
 
@@ -52,7 +52,7 @@ Apollo no longer maintains any caching backends directly. Instead, we recommend
 
 1. Install the required packages
 ```bash
-npm install keyv @keyv/redis @apollo/utils.keyvadapter
+npm install keyv @apollo/utils.keyvadapter
 ```
 
 2. Configure the Apollo Server `cache`
@@ -62,7 +62,7 @@ import { KeyvAdapter } from '@apollo/utils.keyvadapter';
 
 const server = new ApolloServer({
   // ...,
-  cache: new KeyvAdapter(new Keyv('redis://localhost:6379')),
+  cache: new KeyvAdapter(new Keyv()), // highlight-line
 });
 ```
 
@@ -101,8 +101,9 @@ const server = new ApolloServer({
   typeDefs,
   resolvers,
   csrfPrevention: true,
-  cache: new KeyvAdapter(new Keyv("redis://user:pass@localhost:6379")),
+  cache: new KeyvAdapter(new Keyv("redis://user:pass@localhost:6379")), // highlight-line
 });
+```
 
 ### Redis Sentinel
 ```ts
@@ -113,6 +114,7 @@ const server = new ApolloServer({
   typeDefs,
   resolvers,
   csrfPrevention: true,
+  // highlight-start
   cache: new KeyvAdapter(
     new Keyv("redis://user:pass@localhost:6379", {
       sentinels: [
@@ -121,6 +123,7 @@ const server = new ApolloServer({
       ],
     })
   ),
+  // highlight-end
 });
 ```
 
@@ -142,18 +145,22 @@ import KeyvRedis from "@keyv/redis";
 import Redis from "ioredis";
 import { KeyvAdapter } from "@apollo/utils.keyvadapter";
 
+// highlight-start
 const cluster = new Redis.Cluster([
   { host: "localhost", port: 26379 },
   { host: "localhost", port: 26380 },
 ]);
+// highlight-end
 
 const server = new ApolloServer({
   typeDefs,
   resolvers,
   csrfPrevention: true,
+  // highlight-start
   cache: new KeyvAdapter(new Keyv({ store: new KeyvRedis(cluster) }), {
     disableBatchReads: true,
   }),
+  // highlight-end
 });
 ```
 
@@ -177,6 +184,7 @@ import KeyvMemcache from "@keyv/memcache";
 import { KeyvAdapter } from "@apollo/utils.keyvadapter";
 
 // servers is a comma-separated list of strings
+// highlight-start
 const servers = [
   "user:pass@localhost:11211",
   "user:pass@localhost:11222"
@@ -186,12 +194,13 @@ const memcache = new KeyvMemcache(servers, {
   retries: 10,
   expires: 60,
 });
+// highlight-end
 
 const server = new ApolloServer({
   typeDefs,
   resolvers,
   csrfPrevention: true,
-  cache: new KeyvAdapter(new Keyv({ store: memcache })),
+  cache: new KeyvAdapter(new Keyv({ store: memcache })), // highlight-line
 });
 ```