Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

changesets for branch lts #6034

Merged
merged 1 commit into from
Mar 6, 2025
Merged

changesets for branch lts #6034

merged 1 commit into from
Mar 6, 2025

Conversation

neo4j-team-graphql
Copy link
Collaborator

@neo4j-team-graphql neo4j-team-graphql commented Feb 28, 2025
edited
Loading

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to lts, this PR will be updated.

Releases

@neo4j/graphql@5.12.0

Minor Changes

  • #6033 48704e2 Thanks @darrellwarde! - Add a new field directive @sortable which can be used to configure whether results can be sorted by field values or not.

Patch Changes

  • #6043 d090d0b Thanks @angrykoala! - Add unsafeEscapeOptions to Neo4jGraphQL features with the following flags:

    • disableRelationshipTypeEscaping (default to false)
    • disableNodeLabelEscaping (defaults to false)

    These flags remove the automatic escaping of node labels and relationship types in the generated Cypher.

    For example, given the following schema:

    type Actor {
    name: String!
}

type Movie {
    title: String!
    actors: [Actor!]! @relationship(type: "ACTED IN", direction: OUT)
}

    A GraphQL query going through the actors relationship:

    query {
    movies {
        title
        actors {
            name
        }
    }
}

    Will normally generate the following Cypher for the relationship:

    MATCH (this:Movie)-[this0:`ACTED IN`]->(this1:Actor)

    The label ACTED IN is escaped by placing it inside backticks (```), as some characters in it are susceptible of code injection.

    If the option disableRelationshipTypeEscaping is set in Neo4jGraphQL, this safety mechanism will be disabled:

    new Neo4jGraphQL({
    typeDefs,
    features: {
        unsafeEscapeOptions: {
            disableRelationshipTypeEscaping: true,
        },
    },
});

    Generating the following (incorrect) Cypher instead:

    MATCH (this:Movie)-[this0:ACTED IN]->(this1:Actor)

    This can be useful in very custom scenarios where the Cypher needs to be tweaked or if the labels and types have already been escaped.

    Warning: This is a safety mechanism to avoid Cypher injection. Changing these options may lead to code injection and an unsafe server.

  • #6041 c119004 Thanks @MacondoExpress! - Fixed bug that causes connection fields for interfaces to not be able to be filtered using the typename filters.

@neo4j/graphql-ogm@5.12.0

Patch Changes

@neo4j-team-graphql neo4j-team-graphql force-pushed the changeset-release/lts branch 4 times, most recently from f5fa462 to 9976272 Compare March 5, 2025 16:15
@angrykoala angrykoala merged commit 51f8517 into lts Mar 6, 2025
66 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@neo4j-team-graphql @angrykoala