Releases: graphile/crystal
The belated merges release
- upgrade jsonwebtoken to work around security issue in dependency (if this breaks your app you need to submit an issue so we have better tests)
- duck-typing pg in more places
- add experimental support for
.postgraphilerc.js - if no connection string is specified, connect via standard envvar
DATABASE_URLbefore falling back on postgresql envvars (⚠️ if you already haveDATABASE_URLavailable in your environment and you don't use the connection string option then ensure this does what you expect!⚠️ ) - add support for
PGUSERandPGPASSWORDenvvars - doc tweaks
Thanks to everyone who has been patient about me merging their pull requests!
Anyone using postgraphql@next - please switch to using postgraphile as I will not be keeping postgraphql@next up to date soon.
Lots of fixes
This will be the LAST RELEASE OF postgraphql@next - future releases will all go out under the postgraphile moniker because managing both is absorbing too much time. If this is a problem for you, please get in touch. You should be able to switch out postgraphql@next for postgraphile without any issues.
v4 beta is not far away now, my list of remaining tasks has diminished radically:
https://trello.com/b/x4xS0bVG/postgraphile-v4-remaining-tasks
Changelog:
- Fix bigint/bigfloat precision loss
- Fix (remove) incorrect 'pagination' comments on mutation procedures
- Fix null cursors on edges on mutations
- Cursors on edges on mutations now support array of orderBy (potentially breaking change, but given it wasn't working I doubt you're relying on it...)
- Enums with asterisks in are better supported (potentially breaking change if your enums already have asterisks in)
- Better error messages when fields clash
pg@7support- duck-type
pgto avoid being told your config is invalid - Warn when a schema is missing
- Autorename tables that end with
input(s)orpatch(s)so they don't cause conflicts (potentially breaking change if you have any tables named like this (which I deem unlikely)) - Performance: reduce redundancy in the SQL
Thanks for this release goes to all my Patreon supporters 🙏
Introspection cache
This includes the last major feature required to replace v3 - caching the introspection results to disk (see #632). This is particularly important to anyone using PostGraphile on AWS Lambda or similar environments where startup time is at a premium.
- ✨
--write-cache <path>command line option enables you to write introspection results (and anything else that the various plugins, including your own, decide to cache) to a JSON file - ✨
--read-cache <path>command line option reads the cache back from disk allowing plugins to skip certain time-consuming tasks like introspection
You should use --write-cache during the build phase, and then --read-cache when running in production. Please note that the cache does not get invalidated, so if you edit your database schema you will need to rebuild the cache otherwise things may get... interesting.
Use of this feature is not advised unless you understand the ramifications.
I really appreciate the support of the 7 patrons on my Patreon ❤️ Please consider joining them: https://www.patreon.com/benjie
We're so close to v4 beta now I can taste it! There's just one more breaking change I want to introduce - and that's #432, an improvement to create table bar (foo_id int primary key references foo, col text)-style one-to-one relations, so that you can query fooById(id: 7) { id barByFooId { col } } rather than what is currently fooById(id: 7) { id barsByFooId { edges { nodes { col } } } } - i.e. it removes a level of indirection. I hope to add an option to allow you to disable this if you need to restore backwards compatibility, the breaking change will be the change in default behaviour.
(Sidenote: if you're using PostGraphile on AWS Lambda, please allocate at least 512MB of memory or you may risk significantly larger response times according to @jmparsons on gitter - we have not optimised PostGraphile for memory usage yet).
Fix auto-complete in GraphiQL, more error details from Postgres
The codemirror-graphql module now supports [email protected] which resolves the GraphiQL auto-complete issues that we've been experiencing; this release includes this updated dependency.
It's now possible to use --extended-errors to pass through even more keys from the pg error message, we advise you exercise caution when using this feature.
Upgraded send
v3.5.2 3.5.2
Avoid pgSettings / pgDefaultRole clashes
We now throw an error if you try to combine pgSettings function (or pgSettings object with a role key) with pgDefaultRole as this may lead to unexpected results.
pgSettings function
Thanks to @explicitcall in #556, the pgSettings library option can now accept a function which returns settings to add to the PostgreSQL transaction. An example of using this might be something like:
app.use(
postgraphql(process.env.DATABASE_URL, 'public', {
pgSettings: req => ({
'user.id': `${req.session.user_id}`,
}),
})
)Be very careful when using this that you don't open yourself to cross-site request forgery (CSRF) security issues.
Thanks also to @vitaly-t for updating our version of pg-minify.
Version 4 is just around the corner with some significant memory usage and performance improvements, plugin support and more! For a list of breaking changes and to try it out, pop over to #506. Help testing it is greatly appreciated - please let us know whether or not it works for you (positive signals are important here too!).
Extended errors
This release adds --extended-errors where you may pass 'hint', 'detail', 'errcode' or all three (separated by commas) and errors produced will copy over these details from PostgreSQL, thanks to @zopf
We also fix our usage of pg-types, thanks to @vitaly-t
There were also documentation fixes thanks to @psyanite and @tim-field
Thanks everyone!
Bugfixes, Docker, and lots of documentation improvements
This release of v3 contains many fixes and improvements; plus it introduces the Docker image maintained by @angelosarto. There are a couple changes that may impact security depending on how you use PostGraphQL so please pay extra attention to the items in bold below.
ANNOUNCEMENT: v4 is just around the corner - it's a ground-up rebuild of the GraphQL schema generation to improve performance and support plugins to allow you to extend or modify the generated GraphQL schema to your hearts content! There's a few minor breaking changes but for most people it should be pretty much a drop-in replacement. I really need help testing it, and you can track progress on #506
Features
- GraphiQL now uses
credentials: 'same-origin'(#436) - Adds support for mutations that return
void(#435) - Set 401 status on expired token (#472)
- Warn if jwtSecret is set but jwtPgTypeIdentifier is not (#466 and #500)
--jwt-roleoption to extract pgRole from arbitrary JWT path (#480)- Generate Docker image (#496)
Fixes
- Documentation fixes (#423, #477, #497, #498, #503, and #507)
- Fixes processing of command line options
--jwt-secretand--jwt-audiences(#434) - Fixes building when path has spaces in (#441)
- Clarify computed column function criteria (#462)
- Document pgSettings option (#451)
- Don't throw an error when an
Authorizationheader is present if no--jwt-secretspecified (assume the application is handling it) (#437) - Better performance for paginators by utilising CTEs to work around
to_jsonperformance issues (#396) - JWT type names can now contain numbers 0-9, not just 1 and 2 (#511)
Contributors
I want to take this opportunity to thank @calebmer for all his work over the past couple years and for bringing this project to where it is today! He has moved on to working on the Flow team at Facebook, leaving some awfully big shoes to fill - as the new primary maintainer I hope that I can fill them with anywhere near the eloquence that Caleb had!
I'd also like to thank the (many) contributors of this release, including:
- @zorec
- @calebmer
- @nbushak
- @brysgo
- @benjie
- @kenips
- @florianherrengt
- @tim-field
- @chadfurman
- @mikeburgh
- @angelosarto
- @bradleyayers
- @ppKrauss
- @danielbuechele
- @gkchestertron
If you want to chat with us, join us on gitter: https://gitter.im/calebmer/postgraphql