Bump graphql-java from 17.0 to 17.3

[dependabot]

Bumps graphql-java from 17.0 to 17.3.

Release notes

Sourced from graphql-java's releases.

17.3

This bug fix version of graphql-java provides new limits to help prevent Denial Of Service attacks induced by over parsing and validation.

Attackers can craft queries that consume lot of resources to parse and validate, which which ultimately invalid can deny real queries from being serviced.

graphql-java/graphql-java#2549

graphql-java/graphql-java#2553

There are new limits imposed by default. Parsing will be terminated after 1500 tokens and only 100 validation errors will be captured.

We chose to put in defaults so that people will get some amount of bad query parse and validate DOS protection out of the box.

There are JVM wide methods to change the default on these if that's problematic for your implementation.

There is also a small fix in the ValueResolver

graphql-java/graphql-java@8530366

17.2

This is a bugfix release which contains the following changes:

https://github.com/graphql-java/graphql-java/milestone/36?closed=1

17.1

Upgrade to DataLoader 3.1.0

This release upgrade the DataLoader library to 3.1.0 which adds the ability to have an external value cache in place during data loader batch calls.

You can use it to model access to external caches like REDIS amd even do batch "cache gets".

Commits

• bf4e324 Fixing master test
• 7f27a04 Help prevent DOS attacks on graphql servers (#2549)
• 23d352f Support Max validation errors being produced (#2553)
• 84984aa Added a named SDL definition (#2538)
• ba2a29a minor performance improvement (#2532)
• 8530366 This fixes a Bug in the ValueResolver (#2531)
• 27b11d9 Merge pull request #2513 from graphql-java/fix_glob_matching_on_window
• 45b5901 Merge pull request #2520 from schenkman/instrumentation_field_errors
• 8ca743d inline variable
• 908d9f0 Update test name with issue number
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #222.