🚨 CRITICAL: CVE-2026-32621 in @Apollo federation-internals enables prototype pollution — risking code execution & data compromise. Affects versions <2.9.6, <2.10.5, <2.11.6, <2.12.3, <2.13.2. Patch now! https://radar.offseq.com/threat/cve-2026-32621-cwe-1321-improperly-controlled-modi-1de28d7f #OffSeq #CVE202632621 #GraphQL #Security
graphql
Da jetzt anscheinend das neue #ARDSounds ausgerollt ist, hab ich mir mal die #Graphql Api angeguckt. Die ist ganz einfach erreichbar über:
https://api.ardaudiothek.de/apollograph
Mann kann da ganz nett mit Abfragen rumprobieren.
In dem Zuge hab ich mir auch mal alle Sendungen gezogen die dort derzeit zu finden sind und hier reingedumpt:
https://gist.github.com/gboeer/242909e4959fd0b1b47c1a9e5529fea1
New Blog Post: Detecting Circular Type References in GraphQL Schemas
https://www.zaproxy.org/blog/2026-02-06-detecting-graphql-cycles/
#zaproxy #appsec #graphql
It's often easier to use lab tests to make technical decisions for your system. Yet, behaviors can differ in production, and you may want to revisit your choices in the light of real case scenarios. At Deezer we experimented it with GraphQL JIT and here is my notes : https://deezer.io/graphql-jit-is-it-worth-it-64e66f21dbb8 #nodejs #graphql #performance
Edited 1y ago
Released my Umbraco Compose example project: C# client library & CLI that automatically combines content from multiple sources.
Video walkthrough included!
https://www.jeroenbreuer.nl/blog/released-umbraco-compose-example-project
Tried using #GraphQL locally and it turned out to be useful than I expected!
I made a tool to query #RiverWM state via GraphQL and used it to build a status bar: https://typester.dev/blog/2025/09/27/query-river-state-using-graphql
Maybe next I’ll try exposing system info via GraphQL…🤭
#GraphQL's advantage over REST is its access to the #API graph in a single call…but that comes at a cost. The more data you request, the longer you have to wait for it to resolve before you can use it.
We just launched a Storefront API developer preview that tackles this problem head-on: with Defer, you can declare what's important and #Shopify will resolve that first and stream the rest after.
We are actively collecting feedback, so let us know about your experience!
https://shopify.dev/docs/custom-storefronts/building-with-the-storefront-api/defer
Edited 2y ago
I am so upset with the direction Kong is taking Insomnia, it was the perfect application! Super easy to use, bug free, helpful in many ways.
Now it's constantly telling me to restart, the default color scheme is unreadable, and I have to sign in to use it 😭 😭😭
Anyone have a suggestion for a replacement?
Some thoughts on #Copilot.
I spent the past week working on a #Rust #Graphql API project for public health. I had a lot of things I wanted to accomplish over the week, so I lit up a Microsoft copilot license. I’d previously tested copilot in the beta, but turned it off when I went to a paid service.
DGS Framework 6.0 has been released with support for Spring Boot 3! Support for Spring Boot 2.7 will remain to be supported in the 5.x release train of DGS for a while at least. https://github.com/Netflix/dgs-framework/releases/tag/v6.0.0 #Java #DGS #GraphQL #SpringFramework #SpringBoot
Okay, it's official--I'm defaulting to GraphQL instead of REST now. Yes, the queries are annoying to build, but the reduced payloads are worth it, and tbh I'm finding it a bit therapeutic at the moment
While Duniter v2s will process all the blockchain, the data contained in the blocks would not be easily accessible from wallets without the help of indexers.
For this job we choose #Hasura, which provides an automatically generated #GraphQL API based on its #PostgreSQL database.