-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BREAKING/BUGFIX Strict coercion of scalar types #1382
Conversation
8693de1
to
2dc3be7
Compare
This no longer accepts incoming variable values in a potentially lossy way, mirroring the existing behavior for literals. This fixes an issue with GraphQL.js being not spec compliant. This is breaking since servers which used to accept incorrect variable values will now return errors to clients. Serialization of values is not affected in the same way, since this is not a client-visible behavior. As a bonus, this adds unique serialization and coercion functions for the ID type, allowing to be more restrictive on numeric types and un-stringable object types, while directly supporting valueOf() methods (ala MongoDB). The changes to how the ID type serializes and coerces data could be potentially breaking. Fixes #1324
2dc3be7
to
56ac106
Compare
src/type/scalars.js
Outdated
const result = | ||
value && | ||
typeof value.valueOf === 'function' && | ||
value.valueOf !== Object.prototype.valueOf |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think we don't need this check since:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/valueOf
By default, the valueOf method is inherited by every object descended from Object. Every built-in core object overrides this method to return an appropriate value. If an object has no primitive value, valueOf returns the object itself.
So it would be enough to just call value.valueOf()
and it default one it will fail the next check.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're probably right, I'll double check by running the tests
src/type/scalars.js
Outdated
@@ -99,7 +112,7 @@ export const GraphQLFloat = new GraphQLScalarType({ | |||
}, | |||
}); | |||
|
|||
function coerceString(value: mixed): string { | |||
function serializeString(value: mixed): string { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we make it strict similar to serializeID
so it would expect only string and object with either valueOf
or toString
?
Or at least throw on serializeString({})
instead of returning [object Object]
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, I agree the [object Object] scenario is useless - it should only string coerce if there's a toString implementation worth calling
…gic to string serialization
## Version **14.0.0** of **graphql** was just published. <table> <tr> <th align=left> Dependency </th> <td> <a target=_blank href=https://github.com/graphql/graphql-js>graphql</a> </td> </tr> <tr> <th align=left> Current Version </th> <td> 0.13.2 </td> </tr> <tr> <th align=left> Type </th> <td> dependency </td> </tr> </table> The version **14.0.0** is **not covered** by your **current version range**. If you don’t accept this pull request, your project will work just like it did before. However, you might be missing out on a bunch of new features, fixes and/or performance improvements from the dependency update. It might be worth looking into these changes and trying to get this project onto the latest version of graphql. If you have a solid test suite and good coverage, a passing build is a strong indicator that you can take advantage of these changes directly by merging the proposed change into your project. If the build fails or you don’t have such unconditional trust in your tests, this branch is a great starting point for you to work on the update. --- <details> <summary>Release Notes</summary> <strong>v14.0.0</strong> <p><strong>Breaking:</strong></p> <ul> <li>Drops support for node v4 and v9, makes sure node v10 is supported (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="320331530" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1338" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1338">#1338</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="347064508" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1445" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1445">#1445</a>)</li> <li>Reject invalid scalar value coercion (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="329203491" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1365" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1365">#1365</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="320302933" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1336" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1336">#1336</a>)</li> <li>Removes <code>VariablesDefaultValueAllowed</code> validation rule, and <code>ProvidedNonNullArguments</code> became <code>ProvidedRequiredArguments</code> (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="302567815" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1274" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1274">#1274</a>)</li> <li>Stricter coercion of Scalar Types (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="331077407" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1382" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1382">#1382</a>)</li> <li>Removes deprecated Introspection fields <code>onOperation</code>, <code>onFragment</code>, and <code>onField</code> (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="331430870" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1385" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1385">#1385</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="343635964" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1429" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1429">#1429</a>)</li> <li><code>GraphQL*Config</code> are now exact types (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="331763019" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1391" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1391">#1391</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="347050549" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1443" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1443">#1443</a>)</li> <li>"Schema Change" keys in <code>BreakingChangeType</code> and <code>DangerousChangeType</code> for detecting adding args and input fields changed name (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="355220055" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1492" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1492">#1492</a>)</li> <li><code>formatError</code> API changed for error message extensions. To upgrade without changing existing server responses, wrap <code>graphql</code>'s <code>formatError</code>:</li> </ul> <pre><code>import { formatError as baseFormatError, /* ... */ } from 'graphql'; { // other options formatError(error) { const { extensions, ...rest } = baseFormatError(error); return { ...extensions, ...rest }; }, } </code></pre> <p><strong>New:</strong></p> <ul> <li>Parse new schema extensions (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="315664664" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1314" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1314">#1314</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="317012679" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1323" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1323">#1323</a>)</li> <li>Export SDL AST types (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="315694355" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1315" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1315">#1315</a>)</li> <li><code>extendSchema</code> extended with spec-compliant SDL extensions (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="330426164" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1373" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1373">#1373</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="331961053" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1392" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1392">#1392</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="346266873" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1441" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1441">#1441</a>)</li> <li><code>symbol.toStringTag</code> support (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="307864327" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1297" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1297">#1297</a>)</li> <li>Expose <code>getOperationRootType(schema, operationAST)</code> (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="322058451" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1345" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1345">#1345</a>)</li> <li>Package is marked as side-effect free (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="314458450" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1312" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1312">#1312</a>)</li> <li><code>validateSchema</code> works with Schema extensions (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="337240645" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1410" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1410">#1410</a>)</li> <li><code>validate</code> works on SDL definitions (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="345971682" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1438" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1438">#1438</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="331081195" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1383" href="https://urls.greenkeeper.io/graphql/graphql-js/issues/1383">#1383</a>)</li> <li>directives can be added to variable definitions, behind <code>experimentalVariableDefinitionDirectives</code> flag (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="345484247" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1437" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1437">#1437</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="348424943" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1454" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1454">#1454</a>)</li> <li>ASTNode predicates, like <code>isDefinitionNode</code> and <code>isTypeSystemDefinitionNode</code> (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="349160476" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1459" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1459">#1459</a>)</li> <li><code>isRequiredArgument</code> and <code>isRequiredInputField</code> predicates (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="349831716" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1463" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1463">#1463</a>)</li> </ul> <p><strong>Fixed:</strong></p> <ul> <li>Fixes for custom enum types</li> <li>Prettier, Flow and eslint upgrades (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="310208412" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1304" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1304">#1304</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="316500173" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1319" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1319">#1319</a>)</li> <li>Babel 7 upgrade (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="323277037" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1350" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1350">#1350</a>)</li> <li>Introspection query perf improved (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="318663971" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1329" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1329">#1329</a>)</li> <li><code>introspectionFromSchema</code> has default options (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="336268824" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1408" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1408">#1408</a>)</li> <li><code>buildSchema</code> memory leaks and infinite recursion fixed (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="341094161" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1417" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1417">#1417</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="343182956" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1427" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1427">#1427</a>)</li> <li><code>watch</code> command fixed (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="347719430" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1449" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1449">#1449</a>)</li> <li>Benchmarking for <code>validation</code> (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="350893741" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1471" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1471">#1471</a>)</li> </ul> <p><strong>Deprecated:</strong></p> <p>These will be removed in v15</p> <ul> <li><code>introspectionQuery</code>, use <code>getIntrospectionQuery</code> (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="331432132" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1386" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1386">#1386</a>)</li> <li><code>getDescription</code>, use the schema AST node to get descriptions (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="333742859" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1396" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1396">#1396</a>)</li> <li><code>isValidJSValue</code>, use <code>coerceValue</code> (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="331432132" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1386" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1386">#1386</a>)</li> <li><code>isValidLiteralValue</code>, use validation (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="331432132" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1386" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1386">#1386</a>)</li> </ul> </details> <details> <summary>FAQ and help</summary> There is a collection of [frequently asked questions](https://greenkeeper.io/faq.html). If those don’t help, you can always [ask the humans behind Greenkeeper](https://github.com/greenkeeperio/greenkeeper/issues/new). </details> --- Your [Greenkeeper](https://greenkeeper.io) bot 🌴
## Version **14.0.0** of **graphql** was just published. <table> <tr> <th align=left> Dependency </th> <td> <a target=_blank href=https://github.com/graphql/graphql-js>graphql</a> </td> </tr> <tr> <th align=left> Current Version </th> <td> 0.13.2 </td> </tr> <tr> <th align=left> Type </th> <td> dependency </td> </tr> </table> The version **14.0.0** is **not covered** by your **current version range**. If you don’t accept this pull request, your project will work just like it did before. However, you might be missing out on a bunch of new features, fixes and/or performance improvements from the dependency update. It might be worth looking into these changes and trying to get this project onto the latest version of graphql. If you have a solid test suite and good coverage, a passing build is a strong indicator that you can take advantage of these changes directly by merging the proposed change into your project. If the build fails or you don’t have such unconditional trust in your tests, this branch is a great starting point for you to work on the update. --- <details> <summary>Release Notes</summary> <strong>v14.0.0</strong> <p><strong>Breaking:</strong></p> <ul> <li>Drops support for node v4 and v9, makes sure node v10 is supported (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="320331530" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1338" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1338">#1338</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="347064508" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1445" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1445">#1445</a>)</li> <li>Reject invalid scalar value coercion (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="329203491" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1365" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1365">#1365</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="320302933" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1336" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1336">#1336</a>)</li> <li>Removes <code>VariablesDefaultValueAllowed</code> validation rule, and <code>ProvidedNonNullArguments</code> became <code>ProvidedRequiredArguments</code> (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="302567815" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1274" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1274">#1274</a>)</li> <li>Stricter coercion of Scalar Types (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="331077407" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1382" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1382">#1382</a>)</li> <li>Removes deprecated Introspection fields <code>onOperation</code>, <code>onFragment</code>, and <code>onField</code> (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="331430870" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1385" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1385">#1385</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="343635964" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1429" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1429">#1429</a>)</li> <li><code>GraphQL*Config</code> are now exact types (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="331763019" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1391" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1391">#1391</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="347050549" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1443" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1443">#1443</a>)</li> <li>"Schema Change" keys in <code>BreakingChangeType</code> and <code>DangerousChangeType</code> for detecting adding args and input fields changed name (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="355220055" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1492" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1492">#1492</a>)</li> <li><code>formatError</code> API changed for error message extensions. To upgrade without changing existing server responses, wrap <code>graphql</code>'s <code>formatError</code>:</li> </ul> <pre><code>import { formatError as baseFormatError, /* ... */ } from 'graphql'; { // other options formatError(error) { const { extensions, ...rest } = baseFormatError(error); return { ...extensions, ...rest }; }, } </code></pre> <p><strong>New:</strong></p> <ul> <li>Parse new schema extensions (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="315664664" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1314" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1314">#1314</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="317012679" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1323" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1323">#1323</a>)</li> <li>Export SDL AST types (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="315694355" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1315" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1315">#1315</a>)</li> <li><code>extendSchema</code> extended with spec-compliant SDL extensions (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="330426164" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1373" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1373">#1373</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="331961053" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1392" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1392">#1392</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="346266873" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1441" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1441">#1441</a>)</li> <li><code>symbol.toStringTag</code> support (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="307864327" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1297" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1297">#1297</a>)</li> <li>Expose <code>getOperationRootType(schema, operationAST)</code> (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="322058451" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1345" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1345">#1345</a>)</li> <li>Package is marked as side-effect free (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="314458450" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1312" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1312">#1312</a>)</li> <li><code>validateSchema</code> works with Schema extensions (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="337240645" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1410" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1410">#1410</a>)</li> <li><code>validate</code> works on SDL definitions (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="345971682" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1438" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1438">#1438</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="331081195" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1383" href="https://urls.greenkeeper.io/graphql/graphql-js/issues/1383">#1383</a>)</li> <li>directives can be added to variable definitions, behind <code>experimentalVariableDefinitionDirectives</code> flag (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="345484247" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1437" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1437">#1437</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="348424943" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1454" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1454">#1454</a>)</li> <li>ASTNode predicates, like <code>isDefinitionNode</code> and <code>isTypeSystemDefinitionNode</code> (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="349160476" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1459" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1459">#1459</a>)</li> <li><code>isRequiredArgument</code> and <code>isRequiredInputField</code> predicates (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="349831716" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1463" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1463">#1463</a>)</li> </ul> <p><strong>Fixed:</strong></p> <ul> <li>Fixes for custom enum types</li> <li>Prettier, Flow and eslint upgrades (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="310208412" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1304" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1304">#1304</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="316500173" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1319" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1319">#1319</a>)</li> <li>Babel 7 upgrade (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="323277037" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1350" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1350">#1350</a>)</li> <li>Introspection query perf improved (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="318663971" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1329" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1329">#1329</a>)</li> <li><code>introspectionFromSchema</code> has default options (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="336268824" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1408" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1408">#1408</a>)</li> <li><code>buildSchema</code> memory leaks and infinite recursion fixed (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="341094161" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1417" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1417">#1417</a>, <a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="343182956" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1427" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1427">#1427</a>)</li> <li><code>watch</code> command fixed (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="347719430" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1449" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1449">#1449</a>)</li> <li>Benchmarking for <code>validation</code> (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="350893741" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1471" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1471">#1471</a>)</li> </ul> <p><strong>Deprecated:</strong></p> <p>These will be removed in v15</p> <ul> <li><code>introspectionQuery</code>, use <code>getIntrospectionQuery</code> (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="331432132" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1386" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1386">#1386</a>)</li> <li><code>getDescription</code>, use the schema AST node to get descriptions (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="333742859" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1396" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1396">#1396</a>)</li> <li><code>isValidJSValue</code>, use <code>coerceValue</code> (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="331432132" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1386" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1386">#1386</a>)</li> <li><code>isValidLiteralValue</code>, use validation (<a class="issue-link js-issue-link" data-error-text="Failed to load issue title" data-id="331432132" data-permission-text="Issue title is private" data-url="graphql/graphql-js#1386" href="https://urls.greenkeeper.io/graphql/graphql-js/pull/1386">#1386</a>)</li> </ul> </details> <details> <summary>FAQ and help</summary> There is a collection of [frequently asked questions](https://greenkeeper.io/faq.html). If those don’t help, you can always [ask the humans behind Greenkeeper](https://github.com/greenkeeperio/greenkeeper/issues/new). </details> --- Your [Greenkeeper](https://greenkeeper.io) bot 🌴
This no longer accepts incoming variable values in a potentially lossy way, mirroring the existing behavior for literals. This fixes an issue with GraphQL.js being not spec compliant.
This is breaking since servers which used to accept incorrect variable values will now return errors to clients.
Serialization of values is not affected in the same way, since this is not a client-visible behavior.
As a bonus, this adds unique serialization and coercion functions for the ID type, allowing to be more restrictive on numeric types and un-stringable object types, while directly supporting valueOf() methods (ala MongoDB). The changes to how the ID type serializes and coerces data could be potentially breaking.
Fixes #1324