From 289846b552f294115ad340ad054e1951bdd81f70 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Thu, 8 Aug 2024 10:01:34 -0700 Subject: [PATCH] Version Packages (#7917) This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated. # Releases ## @apollo/server@4.11.0 ### Minor Changes - [#7916](https://github.com/apollographql/apollo-server/pull/7916) [`4686454`](https://github.com/apollographql/apollo-server/commit/46864546e131d0079785575f621d69862e635663) Thanks [@andrewmcgivery](https://github.com/andrewmcgivery)! - Add `hideSchemaDetailsFromClientErrors` option to ApolloServer to allow hiding 'did you mean' suggestions from validation errors. Even with introspection disabled, it is possible to "fuzzy test" a graph manually or with automated tools to try to determine the shape of your schema. This is accomplished by taking advantage of the default behavior where a misspelt field in an operation will be met with a validation error that includes a helpful "did you mean" as part of the error text. For example, with this option set to `true`, an error would read `Cannot query field "help" on type "Query".` whereas with this option set to `false` it would read `Cannot query field "help" on type "Query". Did you mean "hello"?`. We recommend enabling this option in production to avoid leaking information about your schema to malicious actors. To enable, set this option to `true` in your `ApolloServer` options: ```javascript const server = new ApolloServer({ typeDefs, resolvers, hideSchemaDetailsFromClientErrors: true, }); ``` ## @apollo/server-integration-testsuite@4.11.0 ### Patch Changes - Updated dependencies \[[`4686454`](https://github.com/apollographql/apollo-server/commit/46864546e131d0079785575f621d69862e635663)]: - @apollo/server@4.11.0 Co-authored-by: github-actions[bot] --- .changeset/pretty-buckets-develop.md | 22 -------------------- package-lock.json | 8 +++---- packages/integration-testsuite/CHANGELOG.md | 7 +++++++ packages/integration-testsuite/package.json | 4 ++-- packages/server/CHANGELOG.md | 23 +++++++++++++++++++++ packages/server/package.json | 2 +- 6 files changed, 37 insertions(+), 29 deletions(-) delete mode 100644 .changeset/pretty-buckets-develop.md diff --git a/.changeset/pretty-buckets-develop.md b/.changeset/pretty-buckets-develop.md deleted file mode 100644 index 396f388602d..00000000000 --- a/.changeset/pretty-buckets-develop.md +++ /dev/null @@ -1,22 +0,0 @@ ---- -'@apollo/server': minor ---- - -Add `hideSchemaDetailsFromClientErrors` option to ApolloServer to allow hiding 'did you mean' suggestions from validation errors. - -Even with introspection disabled, it is possible to "fuzzy test" a graph manually or with automated tools to try to determine the shape of your schema. This is accomplished by taking advantage of the default behavior where a misspelt field in an operation -will be met with a validation error that includes a helpful "did you mean" as part of the error text. - -For example, with this option set to `true`, an error would read `Cannot query field "help" on type "Query".` whereas with this option set to `false` it would read `Cannot query field "help" on type "Query". Did you mean "hello"?`. - -We recommend enabling this option in production to avoid leaking information about your schema to malicious actors. - -To enable, set this option to `true` in your `ApolloServer` options: - -```javascript -const server = new ApolloServer({ - typeDefs, - resolvers, - hideSchemaDetailsFromClientErrors: true -}); -``` diff --git a/package-lock.json b/package-lock.json index 667efc4926d..868e5ee9900 100644 --- a/package-lock.json +++ b/package-lock.json @@ -14430,12 +14430,12 @@ }, "packages/integration-testsuite": { "name": "@apollo/server-integration-testsuite", - "version": "4.10.5", + "version": "4.11.0", "license": "MIT", "dependencies": { "@apollo/cache-control-types": "^1.0.3", "@apollo/client": "^3.6.9", - "@apollo/server": "4.10.5", + "@apollo/server": "4.11.0", "@apollo/usage-reporting-protobuf": "^4.1.1", "@apollo/utils.createhash": "^2.0.0", "@apollo/utils.keyvaluecache": "^2.1.0", @@ -14474,7 +14474,7 @@ }, "packages/server": { "name": "@apollo/server", - "version": "4.10.5", + "version": "4.11.0", "license": "MIT", "dependencies": { "@apollo/cache-control-types": "^1.0.3", @@ -14764,7 +14764,7 @@ "requires": { "@apollo/cache-control-types": "^1.0.3", "@apollo/client": "^3.6.9", - "@apollo/server": "4.10.5", + "@apollo/server": "4.11.0", "@apollo/usage-reporting-protobuf": "^4.1.1", "@apollo/utils.createhash": "^2.0.0", "@apollo/utils.keyvaluecache": "^2.1.0", diff --git a/packages/integration-testsuite/CHANGELOG.md b/packages/integration-testsuite/CHANGELOG.md index 1521a8b211c..c12c51d4d3a 100644 --- a/packages/integration-testsuite/CHANGELOG.md +++ b/packages/integration-testsuite/CHANGELOG.md @@ -1,5 +1,12 @@ # @apollo/server-integration-testsuite +## 4.11.0 + +### Patch Changes + +- Updated dependencies [[`4686454`](https://github.com/apollographql/apollo-server/commit/46864546e131d0079785575f621d69862e635663)]: + - @apollo/server@4.11.0 + ## 4.10.5 ### Patch Changes diff --git a/packages/integration-testsuite/package.json b/packages/integration-testsuite/package.json index a9c4fb367d7..fad8299c018 100644 --- a/packages/integration-testsuite/package.json +++ b/packages/integration-testsuite/package.json @@ -1,6 +1,6 @@ { "name": "@apollo/server-integration-testsuite", - "version": "4.10.5", + "version": "4.11.0", "description": "Test suite for Apollo Server integrations", "main": "dist/index.js", "types": "dist/index.d.ts", @@ -28,7 +28,7 @@ "dependencies": { "@apollo/cache-control-types": "^1.0.3", "@apollo/client": "^3.6.9", - "@apollo/server": "4.10.5", + "@apollo/server": "4.11.0", "@apollo/usage-reporting-protobuf": "^4.1.1", "@apollo/utils.createhash": "^2.0.0", "@apollo/utils.keyvaluecache": "^2.1.0", diff --git a/packages/server/CHANGELOG.md b/packages/server/CHANGELOG.md index 534c00d5ab0..f691b4afc30 100644 --- a/packages/server/CHANGELOG.md +++ b/packages/server/CHANGELOG.md @@ -1,5 +1,28 @@ # @apollo/server +## 4.11.0 + +### Minor Changes + +- [#7916](https://github.com/apollographql/apollo-server/pull/7916) [`4686454`](https://github.com/apollographql/apollo-server/commit/46864546e131d0079785575f621d69862e635663) Thanks [@andrewmcgivery](https://github.com/andrewmcgivery)! - Add `hideSchemaDetailsFromClientErrors` option to ApolloServer to allow hiding 'did you mean' suggestions from validation errors. + + Even with introspection disabled, it is possible to "fuzzy test" a graph manually or with automated tools to try to determine the shape of your schema. This is accomplished by taking advantage of the default behavior where a misspelt field in an operation + will be met with a validation error that includes a helpful "did you mean" as part of the error text. + + For example, with this option set to `true`, an error would read `Cannot query field "help" on type "Query".` whereas with this option set to `false` it would read `Cannot query field "help" on type "Query". Did you mean "hello"?`. + + We recommend enabling this option in production to avoid leaking information about your schema to malicious actors. + + To enable, set this option to `true` in your `ApolloServer` options: + + ```javascript + const server = new ApolloServer({ + typeDefs, + resolvers, + hideSchemaDetailsFromClientErrors: true, + }); + ``` + ## 4.10.5 ### Patch Changes diff --git a/packages/server/package.json b/packages/server/package.json index 77335536190..229ed842f2d 100644 --- a/packages/server/package.json +++ b/packages/server/package.json @@ -1,6 +1,6 @@ { "name": "@apollo/server", - "version": "4.10.5", + "version": "4.11.0", "description": "Core engine for Apollo GraphQL server", "type": "module", "main": "dist/cjs/index.js",