Merge branch 'strawberry-graphql:main' into provide-execution-context…

…-to-each-schema-extension-hook
strawberry-graphql · Oct 13, 2024 · 54fa2d5 · 54fa2d5
2 parents 069bedb + 56172dc
commit 54fa2d5
Show file tree

Hide file tree

Showing 102 changed files with 1,811 additions and 1,982 deletions.
diff --git a/.alexrc b/.alexrc
@@ -11,6 +11,7 @@
     "execution",
     "special",
     "primitive",
-    "invalid"
+    "invalid",
+    "crash"
   ]
 }
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -24,10 +24,14 @@ jobs:
       sessions: ${{ steps.set-matrix.outputs.sessions }}
     steps:
       - uses: actions/checkout@v4
-      - run: pip install poetry nox nox-poetry
+      - name: Install uv
+        uses: astral-sh/setup-uv@v3
+      - run: uv venv
+      - run: uv pip install poetry nox nox-poetry
       - id: set-matrix
         shell: bash
         run: |
+          . .venv/bin/activate
           echo sessions=$(
             nox --json -t tests -l |
             jq 'map(
@@ -57,21 +61,7 @@ jobs:
             3.10
             3.11
             3.12
-            3.13-dev
-
-      - name: Pip and nox cache
-        id: cache
-        uses: actions/cache@v4
-        with:
-          path: |
-            ~/.cache
-            ~/.nox
-            .nox
-          key:
-            ${{ runner.os }}-nox-${{ matrix.session.session }}-${{ env.pythonLocation }}-${{
-            hashFiles('**/poetry.lock') }}-${{ hashFiles('**/noxfile.py') }}
-          restore-keys: |
-            ${{ runner.os }}-nox-${{ matrix.session.session }}-${{ env.pythonLocation }}
+            3.13
 
       - run: pip install poetry nox nox-poetry uv
       - run: nox -r -t tests -s "${{ matrix.session.session }}"
@@ -96,7 +86,9 @@ jobs:
 
   benchmarks:
     name: 📈 Benchmarks
-    runs-on: ubuntu-latest
+
+    # Using this version because CodSpeed doesn't support Ubuntu 24.04 LTS yet
+    runs-on: ubuntu-22.04
 
     steps:
       - uses: actions/checkout@v4
@@ -113,7 +105,7 @@ jobs:
         if: steps.setup-python.outputs.cache-hit != 'true'
 
       - name: Run benchmarks
-        uses: CodSpeedHQ/action@v2
+        uses: CodSpeedHQ/action@v3
         with:
           token: ${{ secrets.CODSPEED_TOKEN }}
           run: poetry run pytest tests/benchmarks --codspeed

diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/astral-sh/ruff-pre-commit
-    rev: v0.6.5
+    rev: v0.6.9
     hooks:
       - id: ruff-format
         exclude: ^tests/\w+/snapshots/
@@ -14,7 +14,7 @@ repos:
         exclude: (CHANGELOG|TWEET).md
 
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.6.0
+    rev: v5.0.0
     hooks:
       - id: trailing-whitespace
       - id: check-merge-conflict
@@ -25,7 +25,7 @@ repos:
         args: ["--branch", "main"]
 
   - repo: https://github.com/adamchainz/blacken-docs
-    rev: 1.18.0
+    rev: 1.19.0
     hooks:
       - id: blacken-docs
         args: [--skip-errors]

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,99 @@
 CHANGELOG
 =========
 
+0.246.2 - 2024-10-12
+--------------------
+
+This release tweaks the Flask integration's `render_graphql_ide` method to be stricter typed internally, making type checkers ever so slightly happier.
+
+Contributed by [Jonathan Ehwald](https://github.com/DoctorJohn) via [PR #3666](https://github.com/strawberry-graphql/strawberry/pull/3666/)
+
+
+0.246.1 - 2024-10-09
+--------------------
+
+This release adds support for using raw Python enum types in your schema
+(enums that are not decorated with `@strawberry.enum`)
+
+This is useful if you have enum types from other places in your code
+that you want to use in strawberry.
+i.e
+```py
+# somewhere.py
+from enum import Enum
+
+
+class AnimalKind(Enum):
+    AXOLOTL, CAPYBARA = range(2)
+
+
+# gql/animals
+from somewhere import AnimalKind
+
+
+@strawberry.type
+class AnimalType:
+    kind: AnimalKind
+```
+
+Contributed by [ניר](https://github.com/nrbnlulu) via [PR #3639](https://github.com/strawberry-graphql/strawberry/pull/3639/)
+
+
+0.246.0 - 2024-10-07
+--------------------
+
+The AIOHTTP, ASGI, and Django test clients' `asserts_errors` option has been renamed to `assert_no_errors` to better reflect its purpose.
+This change is backwards-compatible, but the old option name will raise a deprecation warning.
+
+Contributed by [Jonathan Ehwald](https://github.com/DoctorJohn) via [PR #3661](https://github.com/strawberry-graphql/strawberry/pull/3661/)
+
+
+0.245.0 - 2024-10-07
+--------------------
+
+This release removes the dated `subscriptions_enabled` setting from the Django and Channels integrations.
+Instead, WebSocket support is now enabled by default in all GraphQL IDEs.
+
+Contributed by [Jonathan Ehwald](https://github.com/DoctorJohn) via [PR #3660](https://github.com/strawberry-graphql/strawberry/pull/3660/)
+
+
+0.244.1 - 2024-10-06
+--------------------
+
+Fixes an issue where the codegen tool would crash when working with a nullable list of types.
+
+Contributed by [Jacob Allen](https://github.com/enoua5) via [PR #3653](https://github.com/strawberry-graphql/strawberry/pull/3653/)
+
+
+0.244.0 - 2024-10-05
+--------------------
+
+Starting with this release, WebSocket logic now lives in the base class shared between all HTTP integrations.
+This makes the behaviour of WebSockets much more consistent between integrations and easier to maintain.
+
+Contributed by [Jonathan Ehwald](https://github.com/DoctorJohn) via [PR #3638](https://github.com/strawberry-graphql/strawberry/pull/3638/)
+
+
+0.243.1 - 2024-09-26
+--------------------
+
+This releases adds support for Pydantic 2.9.0's Mypy plugin
+
+Contributed by [Krisque](https://github.com/chrisemke) via [PR #3632](https://github.com/strawberry-graphql/strawberry/pull/3632/)
+
+
+0.243.0 - 2024-09-25
+--------------------
+
+Starting with this release, multipart uploads are disabled by default and Strawberry Django view is no longer implicitly exempted from Django's CSRF protection.
+Both changes relieve users from implicit security implications inherited from the GraphQL multipart request specification which was enabled in Strawberry by default.
+
+These are breaking changes if you are using multipart uploads OR the Strawberry Django view.
+Migrations guides including further information are available on the Strawberry website.
+
+Contributed by [Jonathan Ehwald](https://github.com/DoctorJohn) via [PR #3645](https://github.com/strawberry-graphql/strawberry/pull/3645/)
+
+
 0.242.0 - 2024-09-19
 --------------------
 

diff --git a/docs/breaking-changes.md b/docs/breaking-changes.md
@@ -4,6 +4,7 @@ title: List of breaking changes and deprecations
 
 # List of breaking changes and deprecations
 
+- [Version 0.243.0 - 25 September 2024](./breaking-changes/0.243.0.md)
 - [Version 0.240.0 - 10 September 2024](./breaking-changes/0.240.0.md)
 - [Version 0.236.0 - 17 July 2024](./breaking-changes/0.236.0.md)
 - [Version 0.233.0 - 29 May 2024](./breaking-changes/0.233.0.md)

diff --git a/docs/breaking-changes/0.243.0.md b/docs/breaking-changes/0.243.0.md
@@ -0,0 +1,53 @@
+---
+title: 0.243.0 Breaking Changes
+slug: breaking-changes/0.243.0
+---
+
+# v0.243.0 Breaking Changes
+
+Release v0.243.0 comes with two breaking changes regarding multipart file
+uploads and Django CSRF protection.
+
+## Multipart uploads disabled by default
+
+Previously, support for uploads via the
+[GraphQL multipart request specification](https://github.com/jaydenseric/graphql-multipart-request-spec)
+was enabled by default. This implicitly required Strawberry users to consider
+the
+[security implications outlined in the GraphQL Multipart Request Specification](https://github.com/jaydenseric/graphql-multipart-request-spec/blob/master/readme.md#security).
+Given that most Strawberry users were likely not aware of this, we're making
+multipart file upload support stictly opt-in via a new
+`multipart_uploads_enabled` view settings.
+
+To enable multipart upload support for your Strawberry view integration, please
+follow the updated integration guides and enable appropriate security
+measurements for your server.
+
+## Django CSRF protection enabled
+
+Previously, the Strawberry Django view integration was internally exempted from
+Django's built-in CSRF protection (i.e, the `CsrfViewMiddleware` middleware).
+While this is how many GraphQL APIs operate, implicitly addded exemptions can
+lead to security vulnerabilities. Instead, we delegate the decision of adding an
+CSRF exemption to users now.
+
+Note that having the CSRF protection enabled on your Strawberry Django view
+potentially requires all your clients to send an CSRF token with every request.
+You can learn more about this in the official Django
+[Cross Site Request Forgery protection documentation](https://docs.djangoproject.com/en/dev/ref/csrf/).
+
+To restore the behaviour of the integration before this release, you can add the
+`csrf_exempt` decorator provided by Django yourself:
+
+```python
+from django.urls import path
+from django.views.decorators.csrf import csrf_exempt
+
+from strawberry.django.views import GraphQLView
+
+from api.schema import schema
+
+urlpatterns = [
+    path("graphql/", csrf_exempt(GraphQLView.as_view(schema=schema))),
+]
+```
diff --git a/docs/errors/not-a-strawberry-enum.md b/docs/errors/not-a-strawberry-enum.md
diff --git a/docs/general/subscriptions.md b/docs/general/subscriptions.md
@@ -254,6 +254,55 @@ schema = strawberry.Schema(query=Query, subscription=Subscription)
 
 [pep-525]: https://www.python.org/dev/peps/pep-0525/
 
+## Unsubscribing subscriptions
+
+In GraphQL, it is possible to unsubscribe from a subscription. Strawberry
+supports this behaviour, and is done using a `try...except` block.
+
+In Apollo-client, closing a subscription can be achieved like the following:
+
+```javascript
+const client = useApolloClient();
+const subscriber = client.subscribe({query: ...}).subscribe({...})
+// ...
+// done with subscription. now unsubscribe
+subscriber.unsubscribe();
+```
+
+Strawberry can capture when a subscriber unsubscribes using an
+`asyncio.CancelledError` exception.
+
+```python
+import asyncio
+from typing import AsyncGenerator
+from uuid import uuid4
+
+import strawberry
+
+# track active subscribers
+event_messages = {}
+
+
+@strawberry.type
+class Subscription:
+    @strawberry.subscription
+    async def message(self) -> AsyncGenerator[int, None]:
+        try:
+            subscription_id = uuid4()
+
+            event_messages[subscription_id] = []
+
+            while True:
+                if len(event_messages[subscription_id]) > 0:
+                    yield event_messages[subscription_id]
+                    event_messages[subscription_id].clear()
+
+                await asyncio.sleep(1)
+        except asyncio.CancelledError:
+            # stop listening to events
+            del event_messages[subscription_id]
+```
+
 ## GraphQL over WebSocket protocols
 
 Strawberry support both the legacy