Release 3.9.0 #6537
Merged
Release 3.9.0 #6537
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
✅ Deploy Preview for apollo-server-docs canceled.
|
|
This pull request is automatically built and testable in CodeSandbox. To see build info of the built libraries, click here or the icon next to each commit SHA. Latest deployment of this branch, based on commit 36ecbb1:
|
|
TODO:
|
glasser
reviewed
Jun 14, 2022
rkoron007
reviewed
Jun 15, 2022
docs/source/api/apollo-server.mdx
Outdated
|
|
||
| By default, the cache is unbounded. We don't recommend this, since a malicious client can run your server out of memory and cause it to crash by filling it with APQs. | ||
|
|
||
| If you don't want to configure your own cache, you should set `cache: "bounded"`. The bounded cache is an [`InMemoryLRUCache`](https://www.npmjs.com/package/@apollo/utils.keyvaluecache) with a default size of roughly 30MiB. |
There was a problem hiding this comment.
Removing the first sentence because we now address this above:
Suggested change
| If you don't want to configure your own cache, you should set `cache: "bounded"`. The bounded cache is an [`InMemoryLRUCache`](https://www.npmjs.com/package/@apollo/utils.keyvaluecache) with a default size of roughly 30MiB. | |
| The default bounded cache is an [`InMemoryLRUCache`](https://www.npmjs.com/package/@apollo/utils.keyvaluecache) with a default size of roughly 30MiB. |
There was a problem hiding this comment.
I agree that the duplication doesn't help but I think we should merge it with the previous paragraph and write something like "This bounded cache". Otherwise it's too easy to misread this as describing the default if you specify nothing. It's not a default, it's what "bounded" does.
#6522) Migrate caching dependencies away from `apollo-server-caching` which will no longer be actively developed as of AS v3.9.0. AS will now use `@apollo/utils.keyvaluecache` and support the use of `keyv` caches via a `KeyvAdapter` exported by `@apollo/utils.keyvadapter`.
This introduces a simple Map-backed, unbounded, in-memory cache which implements TTLs. This lets us remove the dependency on keyv and @apollo/utils.keyvadapter for a thing that we're going to actively tell people not to use anyway.
This commit introduces the `cache: "bounded"` option. AS3 has an unbounded cache by default, which means that a malicious client can take an open-ended amount of memory in the cache, crashing the server. Rather than breaking what has been the status quo since the beginning of the project, we've chosen to add an opt-in option in order to use a bounded cache with very little configuration. Similar to `csrfPrevention`, we've updated all examples in our docs to use this `bounded` option. This option will go away in AS4 when a bounded cache becomes the default.
Remove apollo-server-caching, apollo-server-cache-redis, and apollo-server-cache-memcached packages. We will continue to offer bugfixes for these packages as needed but don't intend to continue active development on them. Our recommendation going forward will be to use the keyv package along with our KeyvAdapter from the @apollo/utils.keyvadapter package. Docs updates to come in a following PR (but coupled with this release). The KeyValueCache interface and InMemoryLRUCache wrapper around lru-cache (as well as a few useful cache wrappers like PrefixingKeyValueCache) will continue to exist in the @apollo/utils.keyvaluecache package. It's worth mentioning that InMemoryLRUCache is on a newer major version of lru-cache which doesn't permit the unbounded behavior which we've had by default. In AS 3.9 you can opt into the bounded cache, and in AS4 it will be the default.
Issue a warning in production mode if neither the cache nor the APQ cache (persistedQueries.cache) are configured. We've provided a simple path to using a bounded cache via: #6536 The current default for AS3 is an unbounded in memory cache, which is susceptible to a DOS attack since APQs can fill up the server's memory with no limit. This warning provides an actionable recommendation to update their configuration in order to prevent this.
Add new page for configuring Apollo Server's cache. Include details on how to use `InMemoryCache` as well as `Keyv` + `KeyvAdapter`. Add information about the new `cache: "bounded"` option and the associated risks. Update other cache-related docs to point to the new cache-backends page when appropriate. Co-authored-by: Rose M Koron <32436232+rkoron007@users.noreply.github.com> Co-authored-by: Stephen Barlow <stephen@apollographql.com>
trevor-scheer
force-pushed
the
release-3.9.0
branch
from
a46072f
to
e30c903
Compare
Co-authored-by: Rose M Koron <32436232+rkoron007@users.noreply.github.com>
trevor-scheer
force-pushed
the
release-3.9.0
branch
from
e30c903
to
a640e91
Compare
- apollo-datasource-rest@3.6.1 - apollo-datasource@3.3.2 - apollo-server-azure-functions@3.9.0 - apollo-server-cloud-functions@3.9.0 - apollo-server-cloudflare@3.9.0 - apollo-server-core@3.9.0 - apollo-server-express@3.9.0 - apollo-server-fastify@3.9.0 - apollo-server-hapi@3.9.0 - apollo-server-integration-testsuite@3.9.0 - apollo-server-koa@3.9.0 - apollo-server-lambda@3.9.0 - apollo-server-micro@3.9.0 - apollo-server-plugin-base@3.6.1 - apollo-server-plugin-response-cache@3.6.1 - apollo-server-types@3.6.1 - apollo-server@3.9.0
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As with release PRs in the past, this is a PR tracking a
release-x.y.zbranch for an upcoming release of Apollo Server. 🙌 The version in the title of this PR should correspond to the appropriate branch.Check the appropriate milestone (to the right) for more details on what we hope to get into this release!
The intention of these release branches is to gather changes which are intended to land in a specific version (again, indicated by the subject of this PR). Release branches allow additional clarity into what is being staged, provide a forum for comments from the community pertaining to the release's stability, and to facilitate the creation of pre-releases (e.g.
alpha,beta,rc) without affecting themainbranch.PRs for new features might be opened against or re-targeted to this branch by the project maintainers. The
mainbranch may be periodically merged into this branch up until the point in time that this branch is being prepared for release. Depending on the size of the release, this may be once it reaches RC (release candidate) stage with an-rc.xrelease suffix. Some less substantial releases may be short-lived and may never have pre-release versions.When this version is officially released onto the
latestnpm tag, this PR will be merged intomain.