Skip to content

@neo4j/graphql@6.4.0
Compare
Choose a tag to compare
@neo4j-team-graphql neo4j-team-graphql released this 07 Mar 15:31
· 86 commits to dev since this release
@neo4j/graphql@6.4.0
a2a29ae
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Minor Changes

  • #6029 f792a02 Thanks @darrellwarde! - Add a new field directive @sortable which can be used to configure whether results can be sorted by field values or not.

Patch Changes

  • #6046 dcf4c76 Thanks @angrykoala! - Add unsafeEscapeOptions to Neo4jGraphQL features with the following flags:

    • disableRelationshipTypeEscaping (default to false)

    • disableNodeLabelEscaping (defaults to false)

      These flags remove the automatic escaping of node labels and relationship types in the generated Cypher.

      For example, given the following schema:

      type Actor {
    name: String!
}

type Movie {
    title: String!
    actors: [Actor!]! @relationship(type: "ACTED IN", direction: OUT)
}

      A GraphQL query going through the actors relationship:

      query {
    movies {
        title
        actors {
            name
        }
    }
}

      Will normally generate the following Cypher for the relationship:

      MATCH (this:Movie)-[this0:`ACTED IN`]->(this1:Actor)

      The label ACTED IN is escaped by placing it inside backticks (```), as some characters in it are susceptible of code injection.

      If the option disableRelationshipTypeEscaping is set in Neo4jGraphQL, this safety mechanism will be disabled:

      new Neo4jGraphQL({
    typeDefs,
    features: {
        unsafeEscapeOptions: {
            disableRelationshipTypeEscaping: true,
        },
    },
});

      Generating the following (incorrect) Cypher instead:

      MATCH (this:Movie)-[this0:ACTED IN]->(this1:Actor)

      This can be useful in very custom scenarios where the Cypher needs to be tweaked or if the labels and types have already been escaped.

      Warning: This is a safety mechanism to avoid Cypher injection. Changing these options may lead to code injection and an unsafe server.

  • #6042 9ff8a10 Thanks @MacondoExpress! - Fixed bug that causes connection fields for interfaces to not be able to be filtered using the typename filters.

Assets 2
Loading