chore: update dependencies (#99)

* Update dependencies

* Relax flask dependency to allow flask 2

* Fixes for quart >=0.15

Fix quart.request.get_data signature

QuartClient -> TestClientProtocol
* Lint
* Fix aiohttp tests
* Update sanic to v22.6
* Make sanic v22.9 work
* Fix deprecation warnings
DeprecationWarning: Use 'content=<...>' to upload raw bytes/text content.

* Update graphiql to 1.4.7 for security reason
"All versions of graphiql < 1.4.7 are vulnerable to an XSS attack."
https://github.com/graphql/graphiql/blob/ab2b52f06213bd9bf90c905c1b460b6939f3d856/docs/security/2021-introspection-schema-xss.md

* Fix webob graphiql check
Was working by accident before

* Fix quart PytestCollectionWarning
cannot collect test class 'TestClientProtocol' because it has a __init__ constructor
* Make Jinja2 optional
* Add python 3.11 and remove 3.6
* Tweak quart for python 3.7 to 3.11
* Fix test for python 3.11

Co-authored-by: Giovanni Campagna <[email protected]>
Co-authored-by: Choongkyu Kim <[email protected]>

Author: 3 people

.github/workflows/deploy.yml

@@ -10,11 +10,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
-    - name: Set up Python 3.9
-      uses: actions/setup-python@v2
+    - uses: actions/checkout@v3
+    - name: Set up Python
+      uses: actions/setup-python@v4
       with:
-        python-version: 3.9
+        python-version: "3.10"
     - name: Build wheel and source tarball
       run: |
         pip install wheel

.github/workflows/lint.yml

@@ -7,11 +7,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
-    - name: Set up Python 3.9
-      uses: actions/setup-python@v2
+    - uses: actions/checkout@v3
+    - name: Set up Python
+      uses: actions/setup-python@v4
       with:
-        python-version: 3.9
+        python-version: "3.10"
     - name: Install dependencies
       run: |
         python -m pip install --upgrade pip

.github/workflows/tests.yml

@@ -8,22 +8,22 @@ jobs:
     strategy:
       max-parallel: 4
       matrix:
-        python-version: ["3.6", "3.7", "3.8", "3.9", "3.10"]
+        python-version: ["3.7", "3.8", "3.9", "3.10", "3.11"]
         os: [ubuntu-latest, windows-latest]
         exclude:
-          - os: windows-latest
-            python-version: "3.6"
           - os: windows-latest
             python-version: "3.7"
           - os: windows-latest
             python-version: "3.8"
           - os: windows-latest
-            python-version: "3.10"
+            python-version: "3.9"
+          - os: windows-latest
+            python-version: "3.11"
 
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v2
+        uses: actions/setup-python@v4
         with:
           python-version: ${{ matrix.python-version }}
       - name: Install dependencies
@@ -39,11 +39,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v2
-      - name: Set up Python 3.9
-        uses: actions/setup-python@v2
+      - uses: actions/checkout@v3
+      - name: Set up Python
+        uses: actions/setup-python@v4
         with:
-          python-version: 3.9
+          python-version: "3.10"
       - name: Install test dependencies
         run: |
           python -m pip install --upgrade pip

graphql_server/__init__.py

@@ -9,17 +9,7 @@
 import json
 from collections import namedtuple
 from collections.abc import MutableMapping
-from typing import (
-    Any,
-    Callable,
-    Collection,
-    Dict,
-    List,
-    Optional,
-    Type,
-    Union,
-    cast,
-)
+from typing import Any, Callable, Collection, Dict, List, Optional, Type, Union, cast
 
 from graphql.error import GraphQLError
 from graphql.execution import ExecutionResult, execute

graphql_server/quart/graphqlview.py

@@ -1,5 +1,4 @@
 import copy
-import sys
 from collections.abc import MutableMapping
 from functools import partial
 from typing import List
@@ -165,11 +164,11 @@ async def parse_body():
         # information provided by content_type
         content_type = request.mimetype
         if content_type == "application/graphql":
-            refined_data = await request.get_data(raw=False)
+            refined_data = await request.get_data(as_text=True)
             return {"query": refined_data}
 
         elif content_type == "application/json":
-            refined_data = await request.get_data(raw=False)
+            refined_data = await request.get_data(as_text=True)
             return load_json_body(refined_data)
 
         elif content_type == "application/x-www-form-urlencoded":
@@ -191,20 +190,8 @@ def should_display_graphiql(self):
     def request_wants_html():
         best = request.accept_mimetypes.best_match(["application/json", "text/html"])
 
-        # Needed as this was introduced at Quart 0.8.0: https://gitlab.com/pgjones/quart/-/issues/189
-        def _quality(accept, key: str) -> float:
-            for option in accept.options:
-                if accept._values_match(key, option.value):
-                    return option.quality
-            return 0.0
-
-        if sys.version_info >= (3, 7):
-            return (
-                best == "text/html"
-                and request.accept_mimetypes[best]
-                > request.accept_mimetypes["application/json"]
-            )
-        else:
-            return best == "text/html" and _quality(
-                request.accept_mimetypes, best
-            ) > _quality(request.accept_mimetypes, "application/json")
+        return (
+            best == "text/html"
+            and request.accept_mimetypes[best]
+            > request.accept_mimetypes["application/json"]
+        )

graphql_server/render_graphiql.py

@@ -1,4 +1,4 @@
-"""Based on (express-graphql)[https://github.com/graphql/express-graphql/blob/master/src/renderGraphiQL.js] and
+"""Based on (express-graphql)[https://github.com/graphql/express-graphql/blob/main/src/renderGraphiQL.ts] and
 (subscriptions-transport-ws)[https://github.com/apollographql/subscriptions-transport-ws]"""
 import json
 import re
@@ -7,7 +7,7 @@
 from jinja2 import Environment
 from typing_extensions import TypedDict
 
-GRAPHIQL_VERSION = "1.0.3"
+GRAPHIQL_VERSION = "1.4.7"
 
 GRAPHIQL_TEMPLATE = """<!--
 The request to this GraphQL server provided the header "Accept: text/html"
@@ -34,12 +34,12 @@
     }
   </style>
   <link href="//cdn.jsdelivr.net/npm/graphiql@{{graphiql_version}}/graphiql.css" rel="stylesheet" />
-  <script src="//cdn.jsdelivr.net/npm/promise-polyfill@8.1.3/dist/polyfill.min.js"></script>
-  <script src="//cdn.jsdelivr.net/npm/unfetch@4.1.0/dist/unfetch.umd.js"></script>
-  <script src="//cdn.jsdelivr.net/npm/react@16.13.1/umd/react.production.min.js"></script>
-  <script src="//cdn.jsdelivr.net/npm/react-dom@16.13.1/umd/react-dom.production.min.js"></script>
+  <script src="//cdn.jsdelivr.net/npm/promise-polyfill@8.2.0/dist/polyfill.min.js"></script>
+  <script src="//cdn.jsdelivr.net/npm/unfetch@4.2.0/dist/unfetch.umd.js"></script>
+  <script src="//cdn.jsdelivr.net/npm/react@16.14.0/umd/react.production.min.js"></script>
+  <script src="//cdn.jsdelivr.net/npm/react-dom@16.14.0/umd/react-dom.production.min.js"></script>
   <script src="//cdn.jsdelivr.net/npm/graphiql@{{graphiql_version}}/graphiql.min.js"></script>
-  <script src="//cdn.jsdelivr.net/npm/[email protected].16/browser/client.js"></script>
+  <script src="//cdn.jsdelivr.net/npm/[email protected].18/browser/client.js"></script>
   <script src="//cdn.jsdelivr.net/npm/[email protected]/browser/client.js"></script>
 </head>
 <body>
@@ -308,9 +308,8 @@ async def render_graphiql_async(
     jinja_env: Optional[Environment] = config.get("jinja_env")
 
     if jinja_env:
-        # This method returns a Template. See https://jinja.palletsprojects.com/en/2.11.x/api/#jinja2.Template
         template = jinja_env.from_string(graphiql_template)
-        if jinja_env.is_async:  # type: ignore
+        if jinja_env.is_async:
             source = await template.render_async(**template_vars)
         else:
             source = template.render(**template_vars)

graphql_server/sanic/graphqlview.py

@@ -85,7 +85,7 @@ def get_validation_rules(self):
             return specified_rules
         return self.validation_rules
 
-    async def dispatch_request(self, request, *args, **kwargs):
+    async def __handle_request(self, request, *args, **kwargs):
         try:
             request_method = request.method.lower()
             data = self.parse_body(request)
@@ -173,6 +173,8 @@ async def dispatch_request(self, request, *args, **kwargs):
                 content_type="application/json",
             )
 
+    get = post = put = head = options = patch = delete = __handle_request
+
     # noinspection PyBroadException
     def parse_body(self, request):
         content_type = self.get_mime_type(request)

graphql_server/webob/graphqlview.py

@@ -27,7 +27,6 @@
 
 class GraphQLView:
     schema = None
-    request = None
     root_value = None
     context = None
     pretty = False
@@ -187,8 +186,9 @@ def should_display_graphiql(self, request):
         if not self.graphiql or "raw" in request.params:
             return False
 
-        return self.request_wants_html()
+        return self.request_wants_html(request)
 
-    def request_wants_html(self):
-        best = self.request.accept.best_match(["application/json", "text/html"])
+    @staticmethod
+    def request_wants_html(request):
+        best = request.accept.best_match(["application/json", "text/html"])
         return best == "text/html"

setup.cfg

@@ -5,6 +5,7 @@ ignore = E203, E501, W503
 
 [isort]
 known_first_party=graphql_server
+profile=black
 multi_line_output=3
 include_trailing_comma=True
 force_grid_wrap=0

setup.py

@@ -1,30 +1,33 @@
 from re import search
 from setuptools import setup, find_packages
 
-install_requires = ["graphql-core>=3.2,<3.3", "typing-extensions>=4,<5"]
+install_requires = [
+    "graphql-core>=3.2,<3.3",
+    "typing-extensions>=4,<5",
+]
 
 tests_requires = [
-    "pytest>=6.2,<6.3",
-    "pytest-asyncio>=0.16,<1",
-    "pytest-cov>=3,<4",
-    "aiohttp>=3.8,<4",
-    "Jinja2>=2.11,<3",
+    "pytest>=7.2,<8",
+    "pytest-asyncio>=0.20,<1",
+    "pytest-cov>=4,<5",
+    "Jinja2>=3.1,<4",
+    "sanic-testing>=22.3,<23",
 ]
 
 dev_requires = [
-    "flake8>=4,<5",
+    "flake8>=5,<6",
     "isort>=5,<6",
-    "black>=19.10b0",
-    "mypy>=0.931,<1",
+    "black>=22.12,<22.13",
+    "mypy>=0.991,<1",
     "check-manifest>=0.47,<1",
 ] + tests_requires
 
 install_flask_requires = [
-    "flask>=1,<2",
+    "flask>=1,<3",
 ]
 
 install_sanic_requires = [
-    "sanic>=20.3,<21",
+    "sanic>=21.12,<23",
 ]
 
 install_webob_requires = [
@@ -35,7 +38,7 @@
     "aiohttp>=3.8,<4",
 ]
 
-install_quart_requires = ["quart>=0.6.15,<0.15"]
+install_quart_requires = ["quart>=0.15,<1"]
 
 install_all_requires = (
     install_requires

tests/aiohttp/test_graphiqlview.py

@@ -1,4 +1,5 @@
 import pytest
+import pytest_asyncio
 from aiohttp.test_utils import TestClient, TestServer
 from jinja2 import Environment
 
@@ -12,7 +13,7 @@ def app():
     return app
 
 
-@pytest.fixture
+@pytest_asyncio.fixture
 async def client(app):
     client = TestClient(TestServer(app))
     await client.start_server()

tests/aiohttp/test_graphqlview.py

@@ -2,6 +2,7 @@
 from urllib.parse import urlencode
 
 import pytest
+import pytest_asyncio
 from aiohttp import FormData
 from aiohttp.test_utils import TestClient, TestServer
 
@@ -15,7 +16,7 @@ def app():
     return app
 
 
-@pytest.fixture
+@pytest_asyncio.fixture
 async def client(app):
     client = TestClient(TestServer(app))
     await client.start_server()

tests/quart/conftest.py

@@ -0,0 +1,3 @@
+from quart.typing import TestClientProtocol
+
+TestClientProtocol.__test__ = False  # type: ignore