Skip to content

32nd alpha release for v1.0.0

Pre-release
Pre-release
Compare
Choose a tag to compare
@hasura-bot hasura-bot released this 18 Dec 11:07
· 7711 commits to master since this release
v1.0.0-alpha32
87edce1

Changelog

⚠️ 🐛 A recent refactor in the way how command line flags are parsed casued a bug in which the flags have become positional. Please hold off on updating to this release if you're using flags. Environment variables continue to work.

This bug is now fixed in v1.0.0-alpha33. Please ignore this version and update to the latest.

🚨 Breaking changes 🚨

Please read the changelog carefully before upgrading to this release

  1. If you are using the upsert feature (on_conflict argument in inserts), this release will most likely break your mutations.
    The changes were necessary to make graphql-engine's permissions as close to Postgres's RLS as possible so that we do not inadvertently introduce any security bugs.

    1. Previously graphql-engine allowed upsert behavior with an option called Allow Upsert in the insert permissions. From now on,
      upsert (on_conflict argument) is allowed only if update permissions are defined on the table. graphql-engine will then enforce these conditions:
      1. Only the columns that are specified in update permissions are allowed with update_columns.
      2. Only the rows that match the update permissions' filter are allowed to be updated.
    2. We've also removed the deprecated action field from on_conflict
    3. update_columns is now mandatory in on_conflict.

  2. The structure of errors has changed and conforms to the current GraphQL spec. These are potentially breaking changes.

    The previous error structure looked like this:

    {
  "errors": [
    {
      "path": "$.selectionSet.author.args.order_by[0].articles_aggregate.cout",
      "code": "validation-failed",
      "message": "field \"cout\" not found in type: 'article_aggregate_order_by'"
    }
  ] 
}

    The current error structure looks like this:

    {
  "errors": [
    {
      "extensions": {
        "path": "$.selectionSet.author.args.order_by[0].articles_aggregate.cout",
        "code": "validation-failed"
      },
      "message": "field \"cout\" not found in type: 'article_aggregate_order_by'"
    }
  ]
}

  3. Previously graphql-engine allowed any number of top level fields in subscriptions, this is now restricted to one as per the spec. This will
    help us with the optimisations that are planned for the next release.

🎁 New features 🎁

  • Authentication webhook can now be triggered with POST requests. Set HASURA_AUTH_HOOK_MODE=POST and server now sends incoming headers as JSON POST body to the webhook. (close #1138) (#1147)
  • GraphQL input objects and arrays are now parsed as scalar values. This means that non-native GraphQL types (e.g. json, jsonb etc.) can now be passed in the query itself. Earlier these had to passed separatly in variables. (close #1132) (#1137)
  • Conflicting GraphQL types from remote schemas are merged into one type if they have same structure. This enables adding other Hasura GraphQL Engine schemas as remote schemas. (closes #1112, #1135) (#1145)
  • order_by can now refer to aggregates on related columns. For example, order authors based on the number of their articles: (close #1039) (#1042) 
    {
  author (order_by: {articles_aggregate: { count: desc }}) {
    id
    name
  }
}
  • CLI now shows better error messages (including filenames) if there are errors in applying migrations. (close #1136) (#1143)
  • Console now shows column types next to names while setting update columns on event triggers. Shoutout to @pthm who proposed and worked on this PR 🙏. (#1188)
  • Console can now be used to update event triggers. (close #489) (#1124)

🐛 🚫 Bug fixes 🚫 🐛

  • The JWT library jose is updated to fixe a bug that threw a cryptic error when x5t is present in claims. (closes #983) (#1202)
  • Fixes a bug that caused old trigger functions to remain while updating the event trigger. (#1214)
  • CLI now handles duplicate migration versions gracefully and throws better error messages. (close #1148) (#1157)
  • Fixes a bug in console that caused numbers to get stripped off while auto-generating relationship names. (close #1139) (#1144)
  • Console now handles cross-schema references in permissions builder gracefully. (close #1127, #1152) (#1158)

Other changes

  • server: refactor to remove warnings especially with orphan instances (#1163)
  • server: refactor server cli code, add more cli options & version command (closes #51, #144, #1090, #1195) (#1200)
  • server: add consolePath in console.html template (#1222)
  • console: console semver check fix for non-tag versions (#1134)
  • console: export console remote schemas (#1165)
  • console: fix preloader refresh on events page (close #1000) (#1153)
  • console: show response status code in event trigger events tab (close #1022) (#1203)
  • console: permissions ui improvments (close #1068) (#1205)
  • console: optimise the on-load queries on console using bulk api (close #1191) (#1196)
Assets 5