release-1721282306424
版本发布时间: 2024-07-18 13:58:26
dotansimha/graphql-yoga最新发布版本:release-1723761948464(2024-08-16 06:45:48)
@graphql-yoga/apollo-link@3.6.1
@graphql-yoga/urql-exchange@3.6.1
Patch Changes
-
#3345
c6f3900Thanks @renovate! - dependencies updates:- Updated dependency
@urql/core@^5.0.0↗︎ (from^3.0.0 || ^4.0.0, inpeerDependencies)
- Updated dependency
@graphql-yoga/graphiql@4.3.1
Patch Changes
-
#3338
4252e3dThanks @ardatan! - dependencies updates:- Added dependency
tslib@2.6.3↗︎ (todependencies)
- Added dependency
-
#3346
e98970aThanks @renovate! - dependencies updates:- Updated dependency
@graphiql/plugin-explorer@^3.0.0↗︎ (from^1.0.3, independencies)
- Updated dependency
graphql-yoga@5.6.1
Patch Changes
-
#3338
4252e3dThanks @ardatan! - dependencies updates:- Updated dependency
@whatwg-node/server@^0.9.36↗︎ (from^0.9.33, independencies)
- Updated dependency
@graphql-yoga/nestjs@3.6.1
Patch Changes
- Updated dependencies
[
4252e3d]:
@graphql-yoga/nestjs-federation@3.6.1
Patch Changes
- Updated dependencies []:
- @graphql-yoga/nestjs@3.6.1
- @graphql-yoga/plugin-apollo-inline-trace@3.6.1
@graphql-yoga/plugin-apollo-inline-trace@3.6.1
Patch Changes
- Updated dependencies
[
4252e3d]:
@graphql-yoga/apollo-managed-federation@0.3.1
Patch Changes
- Updated dependencies
[
4252e3d]:
@graphql-yoga/plugin-apq@3.6.1
Patch Changes
- Updated dependencies
[
4252e3d]:
@graphql-yoga/plugin-csrf-prevention@3.6.1
Patch Changes
- Updated dependencies
[
4252e3d]:
@graphql-yoga/plugin-defer-stream@3.6.1
Patch Changes
- Updated dependencies
[
4252e3d]:
@graphql-yoga/plugin-disable-introspection@2.6.1
Patch Changes
- Updated dependencies
[
4252e3d]:
@graphql-yoga/plugin-graphql-sse@3.6.1
Patch Changes
- Updated dependencies
[
4252e3d]:
@graphql-yoga/plugin-jwt@3.0.0
Major Changes
-
#3366
057ad06Thanks @dotansimha! - Re-write for the JWT plugin. This plugin can be configured now with multiple providers, lookup locations, token verification, and more.The version has better version coverage, and it provides an improved API for configuring provider and custom behaviors.
Breaking Change: New Plugin Configuration
Signing key providers
❌ The
signingKeyoption has be removed. ❌ ThejwksUri+jwksOptsoptions has been removed. ✅ Multiple signing key providers and support for fallbacks (singingKeyProviders[]). ✅ Improved API for defining signing key configuration. ✅ Better defaults for caching and rate-limiting for remote JWKS providers.Before
useJWT({ signingKey: "...", // or jwksUri: "http://example.com/..." jwksOpts: { // ... } })After
import { createInlineSigningKeyProvider, createRemoteJwksSigningKeyProvider, useJWT } from '@graphql-yoga/plugin-jwt' useJWT({ // Pass one or more providers singingKeyProviders: [ createRemoteJwksSigningKeyProvider({ // ... }) // This one also acts as a fallback in case of a fetching issue with the 1st provider createInlineSigningKeyProvider({ signingKey: "..."}) ] })Improved Token Lookup
❌ Removed
getTokenoption from the root config. ✅ Added support for autmatically extracting the JWT token from cookie or header. ✅ Easier setup for extracting from multiple locations. ✅getTokenis still available for advanced use-cases, you can pass a custom function tolookupLocations.Before
useJWT({ getToken: payload => payload.request.headers.get('...') })After
With built-in extractors:
imoprt { extractFromHeader, extractFromCookie, useJWT } from '@graphql-yoga/plugin-jwt' const yoga = createYoga({ // ... plugins: [ useCookies(), // Required if "extractFromCookie" is used. useJWT({ lookupLocations: [ extractFromHeader({ name: 'authorization', prefix: 'Bearer' }), extractFromHeader({ name: 'x-legacy-auth' }), extractFromHeader({ name: 'x-api-key', prefix: 'API-Access' }), extractFromCookie({ name: 'browserAuth' }) ] }) ] })With a custom
getToken:useJWT({ lookupLocations: [payload => payload.request.headers.get('...')] })Improved Verification Options
❌ Removed root-level config
algorithms+audience+issuerflags. ✅ Easy API for customizing token verifications (based onjsonwebtokenlibrary). ✅ Better defaults for token algorithm verification (before:RS256, after:RS256andHS256)Before
useJWT({ algorithms: ['RS256'], audience: 'my.app', issuer: 'http://my-issuer' })After
useJWT({ tokenVerification: { algorithms: ['RS256', 'HS256'], audience: 'my.app', issuer: 'http://my-issuer' // You can pass more options to `jsonwebtoken.verify("...", options)` here } })Customized Token Rejection
✅ New config flag
reject: { ... }for configuring how to handle a missing or invalid tokens (enbaled by default).useJWT({ reject: { missingToken: true, invalidToken: true } })Flexible Context Injection
❌ Removed root-level config
extendContextFieldflags. ✅ Added root-level configextendContext(boolean/string) ✅ Token and payload are injected now to the context (structure:{ payload: {}, token: { value, prefix }})Before
useJWT({ reject: { extendContextField: true } })After
// Can be a boolean. By default injects to "context.jwt" field useJWT({ reject: { extendContext: true } }) // Or an object to customize the field name useJWT({ reject: { extendContext: 'myJwt' } })
Patch Changes
-
#3366
057ad06Thanks @dotansimha! - dependencies updates:- Added dependency
@whatwg-node/server-plugin-cookies@1.0.2↗︎ (todependencies)
- Added dependency
- Updated dependencies
[
4252e3d]:
@graphql-yoga/plugin-persisted-operations@3.6.1
Patch Changes
-
#3339
f245472Thanks @ziolekjj! - IncludeoperationNamein context params for persisted operations -
Updated dependencies [
4252e3d]:
@graphql-yoga/plugin-prometheus@5.3.1
Patch Changes
- Updated dependencies
[
4252e3d]:
@graphql-yoga/plugin-response-cache@3.8.1
Patch Changes
- Updated dependencies
[
4252e3d]:
@graphql-yoga/plugin-sofa@3.6.1
Patch Changes
- Updated dependencies
[
4252e3d]:
@graphql-yoga/render-graphiql@5.6.1
Patch Changes
- Updated dependencies
[
4252e3d]: