@neo4j/graphql@5.12.0

Minor Changes

• #6033 48704e2 Thanks @darrellwarde! - Add a new field directive @sortable which can be used to configure whether results can be sorted by field values or not.

Patch Changes

• #6043 d090d0b Thanks @angrykoala! - Add unsafeEscapeOptions to Neo4jGraphQL features with the following flags:

  • disableRelationshipTypeEscaping (default to false)
  • disableNodeLabelEscaping (defaults to false)

  These flags remove the automatic escaping of node labels and relationship types in the generated Cypher.

  For example, given the following schema:

  type Actor {
      name: String!
  }
  
  type Movie {
      title: String!
      actors: [Actor!]! @relationship(type: "ACTED IN", direction: OUT)
  }

  A GraphQL query going through the actors relationship:

  query {
      movies {
          title
          actors {
              name
          }
      }
  }

  Will normally generate the following Cypher for the relationship:

  MATCH (this:Movie)-[this0:`ACTED IN`]->(this1:Actor)

  The label ACTED IN is escaped by placing it inside backticks (```), as some characters in it are susceptible of code injection.

  If the option disableRelationshipTypeEscaping is set in Neo4jGraphQL, this safety mechanism will be disabled:

  new Neo4jGraphQL({
      typeDefs,
      features: {
          unsafeEscapeOptions: {
              disableRelationshipTypeEscaping: true,
          },
      },
  });

  Generating the following (incorrect) Cypher instead:

  MATCH (this:Movie)-[this0:ACTED IN]->(this1:Actor)

  This can be useful in very custom scenarios where the Cypher needs to be tweaked or if the labels and types have already been escaped.

  Warning: This is a safety mechanism to avoid Cypher injection. Changing these options may lead to code injection and an unsafe server.

• #6041 c119004 Thanks @MacondoExpress! - Fixed bug that causes connection fields for interfaces to not be able to be filtered using the typename filters.