[DEPENDABOT]: Bump graphql-spring-boot-starter-test from 7.0.1 to 11.0.0 in /api

[dependabot]

Bumps graphql-spring-boot-starter-test from 7.0.1 to 11.0.0.

Release notes

Sourced from graphql-spring-boot-starter-test's releases.

11.0.0

Library versions across all graphql-java-kickstart will be synchronized from now on. The major and minor version of compatible libraries will always match. The patch section of the version can differ as bugs are fixed.

It is still recommended to not specify transitive dependencies explicitly to ensure compatibility.

Major changes

• upgraded graphql-java dependency to 16.1. See release notes for breaking changes.

Refactored Altair and GraphiQL properties

Both Altair and GraphiQL contained a similar property for setting the base path: altair.static.base-path. This additional layer static doesn't really serve any purpose, so we removed it. From now on the properties are:

altair.base-path=/
graphiql.base-path=/

Only support public exception handler methods

We were using reflection to make exception handler methods accessible, which is bad practice. See also: CERT, SEC05-J. . Any methods currently annotated with @ExceptionHandler used to create GraphQLError require the public modifier from now on.

Minor changes

• Support Mono return type in Webflux resolvers
• Fixed weird characters in Playground IDE
• Don't include irrelevant types in generated schema using Annotations
• Set default CORS headers if missing
• Allow configuring an input prefix when using annotation starter
• Serve Voyager static resources if app context is not root

8.1.1

• Custom exception handler no longer working with #493

8.1.0

Disabled insecure default for CORS allowed origins

The default value opened up GraphQL server for javascript access from all origins with the wildcard operator. This has been disabled. Instead you need to specifically configure the allowed origins (comma separated to configure multiple domains). You could use the wildcard operator again if you really want to, but this is not recommended.

graphql.servet.cors.allowed-origins = http://some.domain.com

Allow graphql.GraphQL.Builder#doNotAddDefaultInstrumentations to be set

Instead of a specific property we've introduced an object that can be used to configure the GraphQL.Builder just before it's used to build the GraphQL insteance. This can be achieved by exposing a GraphQLBuilderConfigurer bean, e.g.

@Component
class DisableDefaultInstrumentationsConfigurer implements GraphQLBuilderConfigurer {
  @Override
  public void configure(GraphQL.Builder builder) {
    builder.doNotAddDefaultInstrumentations();
  }
}

Add support for GraphiQL header editor #441

GraphiQL now supports a header editor. We've upgraded the GraphiQL version to this one to add support for it. You can still use the header configuration through properties. Those will be combined and visible in the header editor once enabled:

... (truncated)

Commits

• 536e4f6 Update version for release
• 3c96b60 Merge pull request #515 from graphql-java-kickstart/feature/graphql-java-16.1
• 1dc90b3 Upgrade to graphql-java 16.1 and tools 11
• e0552aa Merge pull request #514 from graphql-java-kickstart/feature/326-mono-support
• e5850d4 Fix sonar bug
• 1b13c69 Fix sonar bug
• ef28dca Increase coverage webflux starter
• 838f20a Increase coverage webflux starter
• 9400de3 Autoconfigure Generic wrapper for Mono fix #326
• 1b730d3 Merge pull request #510 from ravikrn13/patch-1
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #94.