-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Web API: update graphql-java
13.0 dependency to newest stable one
#2181
Labels
dependencies
Pull requests that update a dependency file
In progress
P2 - important
Security
Technology upgrade
Vulnerabilities
Web API
Comments
jhou-pro
added
Security
P1 - urgent
In progress
Web API
Vulnerabilities
dependencies
Pull requests that update a dependency file
labels
Feb 9, 2024
jhou-pro
added a commit
that referenced
this issue
Feb 9, 2024
jhou-pro
added a commit
that referenced
this issue
Feb 9, 2024
jhou-pro
added a commit
that referenced
this issue
Feb 13, 2024
…they have been moved from graphql-java.
jhou-pro
added a commit
that referenced
this issue
Feb 21, 2024
jhou-pro
added a commit
that referenced
this issue
Feb 22, 2024
jhou-pro
added a commit
that referenced
this issue
Apr 11, 2024
jhou-pro
added a commit
that referenced
this issue
Apr 13, 2024
jhou-pro
added a commit
that referenced
this issue
Apr 13, 2024
… as in graphql-java. This is to be able to change it as per additional requirements.
jhou-pro
added a commit
that referenced
this issue
Apr 17, 2024
At this stage we prefer pojo-like 'is/get' property accessors (aka getters) in TG. The same principle should be used for Web API field value resolving from internally fetched entities. These tests are needed to formalise this. In fact, current version of graphql-java's PropertyDataFetcher prefers record-like accessors pojo-like 'is/get' accessors and thus some of these tests fail. Two @ignore tests and two stubs were added for potential future cases: 1. if we move from 'is/get' pojo-like getters to record-like, potentially autocompiled, accessors 2. if we support record-typed properties in TG and its Web API.
jhou-pro
added a commit
that referenced
this issue
Apr 17, 2024
…erifier. This is to be more consistent with widely used Reflector.obtainPropertyAccessor. This will only affect boolean props that may have both 'get' and 'is' accessors (there are no constraints in this regard).
jhou-pro
added a commit
that referenced
this issue
Apr 17, 2024
… only). This is to be more consistent with widely used Reflector.obtainPropertyAccessor. This will only affect boolean props that may have both 'get' and 'is' accessors (there are no constraints in this regard).
jhou-pro
added a commit
that referenced
this issue
Apr 17, 2024
This is to be more consistent with widely used Reflector.obtainPropertyAccessor. This will only affect boolean props that may have both 'get' and 'is' accessors (there are no constraints in this regard).
jhou-pro
added a commit
that referenced
this issue
Apr 17, 2024
…ike ones (TG way). This change is covered by WebApiPropertyDataFetcherTest. Also previously failing WebApiCollectionalFieldTest are now passing. There User.roles() record-like accessor returned totally different data than User.getRoles() accessor.
jhou-pro
added a commit
that referenced
this issue
Apr 18, 2024
jhou-pro
added a commit
that referenced
this issue
Apr 18, 2024
jhou-pro
added a commit
that referenced
this issue
Apr 30, 2024
jhou-pro
added a commit
that referenced
this issue
May 16, 2024
jhou-pro
added a commit
that referenced
this issue
May 16, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
dependencies
Pull requests that update a dependency file
In progress
P2 - important
Security
Technology upgrade
Vulnerabilities
Web API
Description
Our current
graphql-java
dependency has vulnerabilities. AlsoGraphQL
specification has been evolved. We need to update ourWeb API
implementation to conform to most recent specification and non-vulnerable internals.Long / BigDecimal
scalars -- define custom ones to support TG types (e.g. as forMoney / Date
)ValuesResolver
made more private and API changed -- sync with these changesgraphql-java
Expected outcome
Up-to-date TG
Web API
GraphQL
-based implementation with no vulnerabilities.The text was updated successfully, but these errors were encountered: