Skip to content

feat(execution): add max coercion errors option to execution context #4366

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Apr 10, 2025
Merged

feat(execution): add max coercion errors option to execution context #4366

merged 5 commits into from
Apr 10, 2025

Conversation

cristunaranjo
Copy link
Contributor

@cristunaranjo cristunaranjo commented Apr 4, 2025
edited
Loading

This PR add executionOptions property to the ExecutionArgs. Currently only one option can be configured, as is the one I need, but I have built an object so it can easily be extended in the future.

The property allows the configuration of the maximum number of errors (maxErrors) for coercion. This allows the current hardcoded limit (50) to be reduced to a small number to avoid possible DoS attacks.

Also, it updates the execution docs to reflect this new change. I think the documentation was outdated since functions were using positional arguments and now they only accept an object.

No longer updates the docs.

@cristunaranjo cristunaranjo requested a review from a team as a code owner April 4, 2025 15:36
@linux-foundation-easycla Linux Foundation: EasyCLA
Copy link

linux-foundation-easycla bot commented Apr 4, 2025
edited
Loading

CLA Signed

The committers listed above are authorized under a signed CLA.

@cristunaranjo cristunaranjo force-pushed the feat/execution-opts-max-error-coercing branch from 23775d6 to 531c6a2 Compare April 4, 2025 15:39
JoviDeCroock
JoviDeCroock approved these changes Apr 6, 2025
View reviewed changes
website/pages/api-v16/execution.mdx Outdated
@@ -29,16 +29,20 @@ const { execute } = require('graphql'); // CommonJS
### execute

```ts
export function execute(
export function execute({
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this object syntax wasn't intended

JoviDeCroock
JoviDeCroock reviewed Apr 6, 2025
View reviewed changes
website/pages/api-v16/execution.mdx Outdated
Comment on lines 68 to 72
#### options

##### maxCoercionErrors

Set the maximum number of errors allowed for coercing (defaults to 50).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we leave the rest of the docs untouched, the changes seem invalid 😅 like from where I sit the only thing that we need to add is options?: { maxCoercionErrors?: number }; as an argument, not an object-field to the docs

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you are wrong. I cannot add options? as a positional argument without adding the other missing arguments (fieldResolver, typeResolver, subscribeFieldResolver). I don't know why the function accepts positional arguments or an object, I guess to avoid a breaking change, but the code looks like prefer the object solution and the documentation should reflect that.
I might be wrong but I think my changes make sense

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

From the code:

'graphql@16 dropped long-deprecated support for positional arguments, please pass an object instead.',

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That's fair but the docs should still show both methods rather than this kind of driveby change

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have reverted the changes to the docs. My only concern now is that this new options are only documented in the code, so not sure how many people will benefit from them...

It would be nice to update the docs for v17.

@JoviDeCroock JoviDeCroock merged commit 50cbe4a into graphql:16.x.x Apr 10, 2025
17 checks passed
@JoviDeCroock JoviDeCroock mentioned this pull request Apr 10, 2025
Merged
@JoviDeCroock JoviDeCroock added the PR: feature 🚀 requires increase of "minor" version number label Apr 10, 2025
JoviDeCroock pushed a commit that referenced this pull request May 4, 2025
@cristunaranjo @JoviDeCroock
feat(execution): add max coercion errors option to execution context (#…
b3879c8 
…4366)

This PR add `executionOptions` property to the `ExecutionArgs`.
Currently only one option can be configured, as is the one I need, but I
have built an object so it can easily be extended in the future.

The property allows the configuration of the maximum number of errors
(`maxErrors`) for coercion. This allows the current hardcoded limit
(`50`) to be reduced to a small number to avoid possible DoS attacks.

> Also, it updates the execution docs to reflect this new change. I
think the documentation was outdated since functions were using
positional arguments and now they only accept an object.

No longer updates the docs.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JoviDeCroock JoviDeCroock JoviDeCroock approved these changes

Assignees
No one assigned
Labels
PR: feature 🚀 requires increase of "minor" version number
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cristunaranjo @JoviDeCroock