Skip to content

add graphql-js v17 blog post#2430

Merged
yaacovCR merged 2 commits into
graphql:sourcefrom
yaacovCR:introducing-graphql-js-v17-blog
Jun 16, 2026
Merged

add graphql-js v17 blog post#2430
yaacovCR merged 2 commits into
graphql:sourcefrom
yaacovCR:introducing-graphql-js-v17-blog

Conversation

@yaacovCR

@yaacovCR yaacovCR commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

@vercel

vercel Bot commented Jun 15, 2026

Copy link
Copy Markdown

@yaacovCR is attempting to deploy a commit to the The GraphQL Foundation Team on Vercel.

A member of the Team first needs to authorize it.

@vercel

vercel Bot commented Jun 15, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
graphql-github-io Ready Ready Preview, Comment Jun 15, 2026 5:42pm

Request Review

Comment thread src/pages/blog/2026-06-15-introducing-graphql-js-v17.mdx

@martinbonnin martinbonnin left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very very (very) excited by this!

@yaacovCR yaacovCR merged commit 202e8d5 into graphql:source Jun 16, 2026
6 checks passed
@yaacovCR yaacovCR deleted the introducing-graphql-js-v17-blog branch June 16, 2026 16:41
Comment on lines +109 to +110
from validation errors. Use it alongside `NoSchemaIntrospectionCustomRule` to
reduce schema-shape leakage through both suggestion text and introspection.

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I find this really problematic. The shape of the schema is generally inferrable from the way that it's queried, "reducing schema-shape leakage" is not something that we should be posting about. These rules are important for security, hideSuggestions because it's expensive and is a DoS vector, and NoSchemaIntrospectionCustomRule because validation can also be a target of attacks (particularly depth attacks), but the motivation for these should be security of the system in terms of avoiding DoS attacks, not in terms of preventing "schema-shape leakage". The shape of the schema should not be a secret - if it's a secret, then it's very hard to safely query it! Fields that are not queried should not be in the schema. Secret experimental fields for features only visible to a few users should be in a schema that's only visible to those same users.

@benjie benjie left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So much great stuff in this release, thanks for your hard work on this @yaacovCR and for the great summary post covering the main things and teasing what's to come! 🚀 🙌

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants