Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

changesets for branch dev #6032

Merged
merged 1 commit into from
Mar 7, 2025
Merged

changesets for branch dev #6032

merged 1 commit into from
Mar 7, 2025

Conversation

neo4j-team-graphql
Copy link
Collaborator

@neo4j-team-graphql neo4j-team-graphql commented Feb 28, 2025
edited
Loading

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to dev, this PR will be updated.

Releases

@neo4j/graphql@6.4.0

Minor Changes

  • #6029 f792a02 Thanks @darrellwarde! - Add a new field directive @sortable which can be used to configure whether results can be sorted by field values or not.

Patch Changes

  • #6046 dcf4c76 Thanks @angrykoala! - Add unsafeEscapeOptions to Neo4jGraphQL features with the following flags:

    • disableRelationshipTypeEscaping (default to false)

    • disableNodeLabelEscaping (defaults to false)

      These flags remove the automatic escaping of node labels and relationship types in the generated Cypher.

      For example, given the following schema:

      type Actor {
    name: String!
}

type Movie {
    title: String!
    actors: [Actor!]! @relationship(type: "ACTED IN", direction: OUT)
}

      A GraphQL query going through the actors relationship:

      query {
    movies {
        title
        actors {
            name
        }
    }
}

      Will normally generate the following Cypher for the relationship:

      MATCH (this:Movie)-[this0:`ACTED IN`]->(this1:Actor)

      The label ACTED IN is escaped by placing it inside backticks (```), as some characters in it are susceptible of code injection.

      If the option disableRelationshipTypeEscaping is set in Neo4jGraphQL, this safety mechanism will be disabled:

      new Neo4jGraphQL({
    typeDefs,
    features: {
        unsafeEscapeOptions: {
            disableRelationshipTypeEscaping: true,
        },
    },
});

      Generating the following (incorrect) Cypher instead:

      MATCH (this:Movie)-[this0:ACTED IN]->(this1:Actor)

      This can be useful in very custom scenarios where the Cypher needs to be tweaked or if the labels and types have already been escaped.

      Warning: This is a safety mechanism to avoid Cypher injection. Changing these options may lead to code injection and an unsafe server.

  • #6042 9ff8a10 Thanks @MacondoExpress! - Fixed bug that causes connection fields for interfaces to not be able to be filtered using the typename filters.

@neo4j-team-graphql neo4j-team-graphql force-pushed the changeset-release/dev branch 4 times, most recently from de1aea9 to be70ef8 Compare March 7, 2025 10:53
@angrykoala angrykoala merged commit a2a29ae into dev Mar 7, 2025
44 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@neo4j-team-graphql @angrykoala