Skip to content

Bump com.graphql-java:graphql-java from 23.1 to 24.0 in the prod-deps group #1640

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 23, 2025
Merged

Bump com.graphql-java:graphql-java from 23.1 to 24.0 in the prod-deps group #1640

merged 2 commits into from
May 23, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 19, 2025
edited
Loading

Bumps the prod-deps group with 1 update: com.graphql-java:graphql-java.

Updates com.graphql-java:graphql-java from 23.1 to 24.0

Release notes

Sourced from com.graphql-java:graphql-java's releases.

24.0 is a breaking change

This release is an unexpected breaking change release. It was made to help propagate a fix in the DataLoader library

In DataLoader version 4.0.0 we introduced immutability into the DataLoaderOptions class, which was a good thing.

However it left the old mutative setXXX methods in place and made them immutable. This was a mistake. This leads to bugs at runtime for example

DataLoaderOptions options = DataLoaderOptions.newOptions();
if (maxBatchSize != BatchLoader.UNSET_BATCH_SIZE) {
  options.setMaxBatchSize(maxBatchSize);
}
return options.setCacheMap(cache);

The above code would continue to compile but the setMaxBatchSize() would never take affected at runtime with the immutable support.

So to help address this bug a DataLoader version 5.0.0 was released and it has removed the setXXX methods and requires the Builder methods to be used to ensure that code that relied on the old mutative methods now break at compile time and not at runtime.

In turn we have released this new version of graphql-java - we have designated it a breaking change because of this transitive DataLoader breaking change

We consider v23.x poisoned and we don't recommend you use it because of the latent bug above.

But the release notes of 23 are still relevant when you upgrade from 22: https://github.com/graphql-java/graphql-java/releases/tag/v23.0

Small performance fixes

There are also a set of small performance oriented fixes that have gone out in this release.

What's Changed

Full Changelog: graphql-java/graphql-java@v23.1...v24.0

Commits
  • cab5b9f Merge pull request #3974 from graphql-java/Cherry-pick-3929-dont-allocate-non...
  • 861050a Merge pull request #3973 from graphql-java/Cherry-pick-3930-remove-optional-s...
  • f8858ea Merge pull request #3972 from graphql-java/Cherry-pick-3931-imperative-filter...
  • fbb0fd1 Cherry pick PR 3929 reduce nonnullablefieldvalidator allocations
  • 697298e Cherry pick 3930 remove optional streams
  • 306c66a Merge pull request #3971 from graphql-java/Cherry-pick-3932-remove-streams-fr...
  • 53a5215 Merge pull request #3970 from graphql-java/Cherry-pick-3934-execution-step-in...
  • fb68283 Cherry pick 3931 imperative filters
  • e20dad9 Merge pull request #3969 from graphql-java/Cherry-pick-3935-skip-builder-on-esp
  • 5676eb9 Merge pull request #3968 from graphql-java/Cherry-pick-3942-fix-singleton-to-...
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels May 19, 2025
@dependabot dependabot bot requested review from a team as code owners May 19, 2025 03:41
@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels May 19, 2025
@github-actions github-actions bot added the pom label May 19, 2025
@dependabot dependabot bot force-pushed the dependabot/maven/prod-deps-99d1244593 branch from a24869c to 6531130 Compare May 20, 2025 14:52
@dependabot
Bump com.graphql-java:graphql-java in the prod-deps group
25de6a5 
Bumps the prod-deps group with 1 update: [com.graphql-java:graphql-java](https://github.com/graphql-java/graphql-java).


Updates `com.graphql-java:graphql-java` from 23.1 to 24.0
- [Release notes](https://github.com/graphql-java/graphql-java/releases)
- [Commits](graphql-java/graphql-java@v23.1...v24.0)

---
updated-dependencies:
- dependency-name: com.graphql-java:graphql-java
  dependency-version: '24.0'
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod-deps
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/maven/prod-deps-99d1244593 branch from 6531130 to 25de6a5 Compare May 22, 2025 03:10
@jolarsen jolarsen merged commit dc1a3be into master May 23, 2025
3 checks passed
@jolarsen jolarsen deleted the dependabot/maven/prod-deps-99d1244593 branch May 23, 2025 14:21
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file java Pull requests that update Java code pom
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jolarsen