Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump strawberry-graphql from 0.250.1 to 0.257.0 in /ci/latest #174

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump strawberry-graphql from 0.250.1 to 0.257.0 in /ci/latest #174

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 10, 2025

Bumps strawberry-graphql from 0.250.1 to 0.257.0.

Release notes

Sourced from strawberry-graphql's releases.

🍓 0.257.0

The common node: Node used to resolve relay nodes means we will be relying on is_type_of to check if the returned object is in fact a subclass of the Node interface.

However, integrations such as Django, SQLAlchemy and Pydantic will not return the type itself, but instead an alike object that is later resolved to the expected type.

In case there are more than one possible type defined for that model that is being returned, the first one that replies True to is_type_of check would be used in the resolution, meaning that when asking for "PublicUser:123", strawberry could end up returning "User:123", which can lead to security issues (such as data leakage).

In here we are introducing a new strawberry.cast, which will be used to mark an object with the already known type by us, and when asking for is_type_of that mark will be used to check instead, ensuring we will return the correct type.

That cast is already in place for the relay node resolution and pydantic.

Releases contributed by @​bellini666 via #3749

🍓 0.256.1

This release updates Strawberry internally to no longer pass keywords arguments to pathlib.PurePath. Support for supplying keyword arguments to pathlib.PurePath is deprecated and scheduled for removal in Python 3.14

Releases contributed by @​DoctorJohn via #3738

🍓 0.256.0

This release drops support for Python 3.8, which reached its end-of-life (EOL) in October 2024. The minimum supported Python version is now 3.9.

We strongly recommend upgrading to Python 3.9 or a newer version, as older versions are no longer maintained and may contain security vulnerabilities.

Releases contributed by @​bellini666 via #3730

🍓 0.255.0

This release adds support for making Relay connection optional, this is useful when you want to add permission classes to the connection and not fail the whole query if the user doesn't have permission to access the connection.

Example:

import strawberry
from strawberry import relay
from strawberry.permission import BasePermission
</tr></table>

... (truncated)

Changelog

Sourced from strawberry-graphql's changelog.

0.257.0 - 2025-01-09

The common node: Node used to resolve relay nodes means we will be relying on is_type_of to check if the returned object is in fact a subclass of the Node interface.

However, integrations such as Django, SQLAlchemy and Pydantic will not return the type itself, but instead an alike object that is later resolved to the expected type.

In case there are more than one possible type defined for that model that is being returned, the first one that replies True to is_type_of check would be used in the resolution, meaning that when asking for "PublicUser:123", strawberry could end up returning "User:123", which can lead to security issues (such as data leakage).

In here we are introducing a new strawberry.cast, which will be used to mark an object with the already known type by us, and when asking for is_type_of that mark will be used to check instead, ensuring we will return the correct type.

That cast is already in place for the relay node resolution and pydantic.

Contributed by Thiago Bellini Ribeiro via [PR #3749](strawberry-graphql/strawberry#3749)

0.256.1 - 2024-12-23

This release updates Strawberry internally to no longer pass keywords arguments to pathlib.PurePath. Support for supplying keyword arguments to pathlib.PurePath is deprecated and scheduled for removal in Python 3.14

Contributed by Jonathan Ehwald via [PR #3738](strawberry-graphql/strawberry#3738)

0.256.0 - 2024-12-21

This release drops support for Python 3.8, which reached its end-of-life (EOL) in October 2024. The minimum supported Python version is now 3.9.

We strongly recommend upgrading to Python 3.9 or a newer version, as older versions are no longer maintained and may contain security vulnerabilities.

Contributed by Thiago Bellini Ribeiro via [PR #3730](strawberry-graphql/strawberry#3730)

0.255.0 - 2024-12-20

... (truncated)

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump strawberry-graphql from 0.250.1 to 0.257.0 in /ci/latest
f33456a 
Bumps [strawberry-graphql](https://github.com/strawberry-graphql/strawberry) from 0.250.1 to 0.257.0.
- [Release notes](https://github.com/strawberry-graphql/strawberry/releases)
- [Changelog](https://github.com/strawberry-graphql/strawberry/blob/main/CHANGELOG.md)
- [Commits](strawberry-graphql/strawberry@0.250.1...0.257.0)

---
updated-dependencies:
- dependency-name: strawberry-graphql
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot requested a review from TaiSakuma as a code owner January 10, 2025 03:31
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jan 10, 2025
@dependabot dependabot bot mentioned this pull request Jan 10, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TaiSakuma TaiSakuma Awaiting requested review from TaiSakuma TaiSakuma is a code owner

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants