Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update dependencies #99

Merged
merged 15 commits into from
Dec 25, 2022
Merged

Update dependencies #99

merged 15 commits into from
Dec 25, 2022

Conversation

kiendang
Copy link
Collaborator

@kiendang kiendang commented Dec 20, 2022
edited
Loading

Update dependencies so that the package works with the latest framework versions in preparation for a stable v3 release. See #96 for context.

The PR's been rebased for convenient commit by commit review.

From sanic v21 view now requires defining the method get, post, ... independently otherwise will throw 405, thus the current approach of overriding dispatch_request won't work. The workaround is to just assign the individual method to dispatch_request

async def __handle_request(self, request, ...): ... # previously dispatch_request

get = post = put = head = options = patch = delete = __handle_request

Close #86
Close #92
Close #94
Close #98

Supersede #87, #89, #91, #95.

@erikwrede

@kiendang kiendang force-pushed the update-dependencies branch 8 times, most recently from 2e064b3 to 7956f6e Compare December 21, 2022 15:51
gcampax and others added 4 commits December 25, 2022 13:15
@gcampax @kiendang
Relax flask dependency to allow flask 2
7b45e70
@Choongkyu @kiendang
Fixes for quart >=0.15
d184cdc 
Fix quart.request.get_data signature

QuartClient -> TestClientProtocol
@kiendang
Lint
8bacf9a
@kiendang
Fix aiohttp tests
ee5b077
@kiendang
Update sanic to v22.6
80d3f7c
@kiendang
Make sanic v22.9 work
271b447
@kiendang
Fix deprecation warnings
aac23bc 
DeprecationWarning: Use 'content=<...>' to upload raw bytes/text content.
@kiendang
Update graphiql to 1.4.7 for security reason
6623379 
"All versions of graphiql < 1.4.7 are vulnerable to an XSS attack."
https://github.com/graphql/graphiql/blob/ab2b52f06213bd9bf90c905c1b460b6939f3d856/docs/security/2021-introspection-schema-xss.md
@kiendang
Fix webob graphiql check
68ff98d 
Was working by accident before
@kiendang
Fix quart PytestCollectionWarning
d1d8835 
cannot collect test class 'TestClientProtocol' because it has a __init__ constructor
erikwrede
erikwrede reviewed Dec 25, 2022
View reviewed changes
Copy link
Member

@erikwrede erikwrede left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great Job! The minimum version changes look reasonable, given the long time this library has been resting dormant.

Please see my comments attached below.

setup.py Outdated
install_requires = ["graphql-core>=3.2,<3.3", "typing-extensions>=4,<5"]
install_requires = [
"graphql-core>=3.2,<3.3",
"Jinja2>=3.1,<4",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is jinja now a required dependency? AFAIK it's only used for GraphiQL, which users can disable.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yup you're right. Just moved it back to test dependencies.

graphql_server/render_graphiql.py
Comment on lines 9 to 11

GRAPHIQL_VERSION = "1.0.3"
GRAPHIQL_VERSION = "1.4.7"

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Any reason to not update to 2.2.0 straight away?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We definitely should upgrade to 2.2.0. I was basing this on https://github.com/graphql/express-graphql/blob/main/src/renderGraphiQL.ts plus the graphiql readme recommending upgrading to 1.4.7 so I was under the impression that 1.4.7 is the latest version. Will try upgrading to 2.2.0 and verifying that everything's working, but maybe we should merge this first and I'll submit a subsequent PR for that?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good!

@kiendang
Copy link
Collaborator Author

Push a few more commits to add python 3.11 and remove 3.6 (EOL) which I suspect is what makes the tests fail.

@erikwrede erikwrede merged commit 184ba72 into graphql-python:master Dec 25, 2022
This was referenced Dec 25, 2022
Closed
Closed
Closed
Closed
@kiendang kiendang deleted the update-dependencies branch December 26, 2022 03:03
@dctalbot dctalbot mentioned this pull request Feb 8, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@erikwrede erikwrede erikwrede approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@kiendang @erikwrede @gcampax @Choongkyu