Skip to content

graphql-armor-block-field-suggestions 3.0.0 depends on graphql 16.0.0 instead of 16.10.0 causing it to fail in some situations #797

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
bramklg opened this issue May 2, 2025 · 1 comment
Open

graphql-armor-block-field-suggestions 3.0.0 depends on graphql 16.0.0 instead of 16.10.0 causing it to fail in some situations #797

bramklg opened this issue May 2, 2025 · 1 comment

Comments

@bramklg
Copy link

bramklg commented May 2, 2025
edited
Loading

I encountered a bug when upgrading all packages and the block field suggestions plug-in stopped working. It turns out that @escape.tech/graphql-armor-block-field-suggestions:3.0.0 that comes with @escape.tech/graphql-armor:3.1.5 depends on graphql 16.0.0 instead of 16.10.0 like the other plugins.

In my own project I also depend on the graphql lib and bumped the version to 16.10.0 and after that the plugin stopped working. Downgrading to 16.0.0 fixed it.

If I look at my yarn.lock file it looks as if all modules depend on 16.10.0:

"@escape.tech/graphql-armor@npm:^3.1.5":
  version: 3.1.5
  resolution: "@escape.tech/graphql-armor@npm:3.1.5"
  dependencies:
    "@escape.tech/graphql-armor-block-field-suggestions": 3.0.0
    "@escape.tech/graphql-armor-cost-limit": 2.4.2
    "@escape.tech/graphql-armor-max-aliases": 2.6.1
    "@escape.tech/graphql-armor-max-depth": 2.4.0
    "@escape.tech/graphql-armor-max-directives": 2.3.0
    "@escape.tech/graphql-armor-max-tokens": 2.5.0
    graphql: ^16.10.0

However, the @escape.tech/graphql-armor-block-field-suggestions/package.json file contains:

  "dependencies": {
    "graphql": "^16.0.0"
  },

I did some testing and I believe this is caused by graphql@16.6.0 and up started shipping two library builds side-by-side in the same NPM package (cjs and esm). This causes error instanceof graphql.GraphQLError to fail if mixed usage of CommonJS and ES Module code is used.

Something like this would fix it, but I'm no JS/TS expert:

const isGraphQLError = (error: unknown): boolean => {
  return error instanceof Error && error.name === 'GraphQLError';
};

const formatter = (error: GraphQLError, mask: string): GraphQLError => {
  if (isGraphQLError(error)) {
    error.message = error.message.replace(/Did you mean ".+"\?/g, mask).trim();
  }
  return error as GraphQLError;
};

This is also how plugins from @envelop check it https://github.com/graphql-hive/envelop/blob/main/packages/core/src/plugins/use-masked-errors.ts#L14

I 'fixed' it in my project with

  "resolutions": {
    "graphql": "^16.11.0"
  },
@bramklg bramklg changed the title graphql-armor-block-field-suggestions 3.0.0 depends on graphql 16.0.0 instead of 16.10.0 graphql-armor-block-field-suggestions 3.0.0 depends on graphql 16.0.0 instead of 16.10.0 causing it to fail in some situations May 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@bramklg