Bump graphql-java from 14.0 to 17.1

[dependabot]

Bumps graphql-java from 14.0 to 17.1.

Release notes

Sourced from graphql-java's releases.

17.1

Upgrade to DataLoader 3.1.0

This release upgrade the DataLoader library to 3.1.0 which adds the ability to have an external value cache in place during data loader batch calls.

You can use it to model access to external caches like REDIS amd even do batch "cache gets".

17.0

We are happy to announce v17.0 of graphql-java

https://github.com/graphql-java/graphql-java/milestone/31?closed=1

@deprecated supported on input fields

In line with coming graphql spec changes, the @deprecated annotation can now be placed on input fields and not just output fields as before.

graphql-java/graphql-java#2186

Dramatic performance improvements in GraphQLSchema building

The GraphQLSchema is a graph of types and as such has to be built according to strict rules. The previous code would repeated visit and rebuilt the schema and this meant that large schemes could be slow to build.

This code has been extensively benchmarked and improved. For example on a very large and complex schema, total build time went from 3.5 seconds to 1.2 seconds.

Thank you to teams out there that used https://github.com/graphql-java/graphql-anonymizer to submit in real life schemas that we can test with.

Dramatic performance improvements in DataFetchingFieldSelectionSet

The classes that underlie the DataFetchingFieldSelectionSet code have been been remodelled to be dramatically more performant. Before interfaces could create an exponential explosion in objects created. This has been fixed which in turn improves the performance of this code as scale.

Dramatic performance improvements in large query validation

The graphql spec calls for overlapping fields in fragments to be validated in a certain way. The previous code followed the specs psudeo-algorithm correctly but it leads to asymptotic performance problems.

This has been rewritten via graphql-java/graphql-java#2495 based on this article https://tech.xing.com/graphql-overlapping-fields-can-be-merged-fast-ea6e92e0a01 which dramatically improves how fast large queries can validated.

Support of directives on fields and types during introspection

#2221 this is a non spec feature which lets you expose directives through Introspection

Reworked default value validation and improved Scalar coercion

#2325 This is a relatively big change which fixed up how default values are processed. Before that default values were never validated and custom Scalars could cause invalid values printed in SDL or Introspection. This PR includes a new Scalar coercion function valueToLiteral which is needed to implement this correct behaviour.

Better Unicode support in documents

... (truncated)

Commits

• 452abc9 Upgrading back to dataloader 3.2 (#2507)
• 0ea5907 add test for overlapping field validation
• dfc3a92 groups together fields into the one object type during AST compilation (#2501)
• fd86181 Allow getting a field in the schema by FieldCoordinates (#2490)
• a75b54a Fixes #2068 - Silent thread leak on exception in completeValueForList (#2359)
• c7154f8 Merge pull request #2495 from graphql-java/overlapping-fields-performance
• 30f78ad PR feedback
• acd6d1c doc reference to the source of the algorithm
• fdc3be2 doc reference to the source of the algorithm
• c7b12f5 cleanup
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)