Bump graphql-java from 18.2 to 19.0

[dependabot]

Bumps graphql-java from 18.2 to 19.0.

Release notes

Sourced from graphql-java's releases.

19.0

This is release 19.0 of GraphQL Java. This release doesn't contain any breaking changes.

It contains one security related bugfix hardening GraphQL Java more against malicious requests: #2892

GraphQL Java now shades Antlr runtime to prevent any further dependency conflicts. Antrl is used internally for parsing and validating of GraphQL requests and SDL. #2854

It includes some performance improvements (#2786, #2769, #2839) and several bugfixes and general improvements.

Bugfixes

#2892 Security bugfix to prevent DOS attacks

#2818 Fix silent thread leak for chained instrumentation

#2825 Fixup Introspection input field deprecation filterting

#2842 fix runtime exception for deep async queries

#2856 SchemaPrinter description bugfix

Improvements

#2786 performance improvements for validation

#2769 State is passed explicitly to instrumentation and parameters are NOT mutated

#2854 Shade Antlr Runtime

#2896 Update DataLoader to 3.2.0

#2878 i18n for validation error messages

#2881 Improve SchemaPrinter

#2872 Improve AST compact printing

#2846 Subscription root field valiation

All changes

all PRs: https://github.com/graphql-java/graphql-java/milestone/38?closed=1

18.3

This is a security bugfix release containing only one PR: graphql-java/graphql-java#2897

GraphQL Java has a max token limit per request preventing DOS attacks. But in some circumstances it was not enough to prevent malicious requests. This release fixes this problem.

All details can be found here: graphql-java/graphql-java#2892

Commits

• 35ff68d DF SelectionSet Benchmark (#2893)
• b1f96e7 Test stability (#2903)
• a507570 Donna's catch! (#2900)
• 2c7878e Merge pull request #2899 from graphql-java/deprecate-cache-control
• d94bdf4 Deprecate Apollo Cache Control
• 6d87767 Merge pull request #2786 from jbellenger/jbellenger/validation-perf-redux
• 05ac942 Merge branch 'master' into jbellenger/validation-perf-redux
• 226aabd READY - Stop DOS attacks by making the lexer stop early on evil input. (#2892)
• ba71a5d Merge remote-tracking branch 'upstream/master'
• ab856e2 Merge pull request #2896 from graphql-java/update-java-dataloader
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)