[DEPENDABOT]: Bump graphql-spring-boot-starter-test from 7.0.1 to 8.1.0 in /api

[dependabot]

Bumps graphql-spring-boot-starter-test from 7.0.1 to 8.1.0.

Release notes

Sourced from graphql-spring-boot-starter-test's releases.

8.1.0

Disabled insecure default for CORS allowed origins

The default value opened up GraphQL server for javascript access from all origins with the wildcard operator. This has been disabled. Instead you need to specifically configure the allowed origins (comma separated to configure multiple domains). You could use the wildcard operator again if you really want to, but this is not recommended.

graphql.servet.cors.allowed-origins = http://some.domain.com

Allow graphql.GraphQL.Builder#doNotAddDefaultInstrumentations to be set

Instead of a specific property we've introduced an object that can be used to configure the GraphQL.Builder just before it's used to build the GraphQL insteance. This can be achieved by exposing a GraphQLBuilderConfigurer bean, e.g.

@Component
class DisableDefaultInstrumentationsConfigurer implements GraphQLBuilderConfigurer {
  @Override
  public void configure(GraphQL.Builder builder) {
    builder.doNotAddDefaultInstrumentations();
  }
}

Add support for GraphiQL header editor #441

GraphiQL now supports a header editor. We've upgraded the GraphiQL version to this one to add support for it. You can still use the header configuration through properties. Those will be combined and visible in the header editor once enabled:

graphiql:
  props:
    variables:
      headerEditorEnabled: true

For all supported GraphiQL props see: https://github.com/graphql/graphiql/tree/main/packages/graphiql#options.

Other changes

• Update graphql-java-servlet to 10.1.0: https://github.com/graphql-java-kickstart/graphql-java-servlet/releases/tag/v10.1.0
• Update graphql-java-tools to 6.3.0: https://github.com/graphql-java-kickstart/graphql-java-tools/releases/tag/6.3.0
• Upgrade bundled playground to 1.7.26
• Can't cast to dataFetchingEnvironment.getContext() to graphql.kickstart.spring.GraphQLSpringServerWebExchangeContext #426
• Migrate all tests to JUnit 5 / AssertJ #480
• Upgraded to Gradle 6.7
• No location, path, extensions When graphql.servlet.exception-handlers-enabled Set to true #478
• GraphQLTestTemplate: post() Should Be Public #475
• Feature/fix test subscription reset #472
• Update GraphQLController to use ObjectMapper to map ExecutionResult #471
• Support Async Timeout Property in GraphQLServletProperties #469
• Failed to load subscription client when CDN is enabled #463
• Add fluent API support for test template and response #443
• Provided SubscriptionExecutionStrategy is not used #430
• Add graphQL endpoint template resolve as in graphiql controller. #412
• Deprecated introspectionEnabled but new property not accepted #402
• GraphQLResponseCache support
• tracing-enabled: metrics-only fails to start #392
• Subscription does not handle properly NonNullableFieldWasNullException #378
• Bug? instrumentExecutionContext not called for subscriptions #358

... (truncated)

Commits

• cdd2720 Bump servlet to released 10.1.0 version
• 0a83f13 Fix issue with error handler
• c298f43 Add GraphQLBuilderConfigurer to allow to customize GraphQL build fix #486
• bd5b6ae Fix code style formatting according to spec
• cdb0a89 Servlet 10.1.0 adds path info to subscription exception fix #378
• 0631b00 Fix security hotspot making cors by default less permissive
• fd2d4aa Wire execution strategy provider into subscription websocket fix #430
• fa370cc Reinstate possibility to disable introspection fix #402
• fe06ca3 Fix unit tests
• 3164992 Add instrumentation to subscriptions fix #358
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #64.