c5b3bfb2c7
The advisory script brought up a RUSTSEC error:
---
error[A001]: Use after free in lru crate
┌─ /home/haptop/Developer/radicle-link/Cargo.lock:207:1
│
207 │ lru 0.6.6 registry+https://github.com/rust-lang/crates.io-index
│ --------------------------------------------------------------- security vulnerability detected
│
= ID: RUSTSEC-2021-0130
= Advisory: https://rustsec.org/advisories/RUSTSEC-2021-0130
= Lru crate has use after free vulnerability.
Lru crate has two functions for getting an iterator. Both iterators give
references to key and value. Calling specific functions, like pop(), will remove
and free the value, and but it's still possible to access the reference of value
which is already dropped causing use after free.
= Announcement: jeromefroe/lru-rs#120
= Solution: Upgrade to >=0.7.1
---
This patch follows the recommended solution and pins the `lru` crate
to 0.7.1.
|
||
|---|---|---|
| .github | ||
| derive | ||
| docs | ||
| examples@0ce0a43874 | ||
| integrations | ||
| parser | ||
| src | ||
| tests | ||
| value | ||
| .gitignore | ||
| .gitmodules | ||
| .rustfmt.toml | ||
| ARCHITECTURE.md | ||
| Cargo.toml | ||
| CHANGELOG.md | ||
| feature-comparison.md | ||
| LICENSE-APACHE | ||
| LICENSE-MIT | ||
| README.md | ||
A GraphQL server library implemented in Rust
Async-graphql is a high-performance server-side library that supports all GraphQL specifications.
- Feature Comparison
- Book
- 中文文档
- Docs
- GitHub repository
- Cargo package
- Minimum supported Rust version: 1.56.1 or later
Safety
This crate uses #![forbid(unsafe_code)] to ensure everything is implemented in 100% Safe Rust.
Features
- Fully supports async/await
- Type safety
- Rustfmt friendly (Procedural Macro)
- Custom scalars
- Minimal overhead
- Easy integration (poem, actix_web, tide, warp, rocket ...)
- Upload files (Multipart request)
- Subscriptions (WebSocket transport)
- Custom extensions
- Apollo Tracing extension
- Limit query complexity/depth
- Error Extensions
- Apollo Federation
- Batch Queries
- Apollo Persisted Queries
Crate features
This crate offers the following features, all of which are not activated by default:
apollo_tracing: Enable the Apollo tracing extension.apollo_persisted_queries: Enable the Apollo persisted queries extension.log: Enable the logger extension.tracing: Enable the tracing extension.opentelemetry: Enable the OpenTelemetry extension.unblock: Support asynchronous reader for Uploadbson: Integrate with thebsoncrate.chrono: Integrate with thechronocrate.chrono-tz: Integrate with thechrono-tzcrate.url: Integrate with theurlcrate.uuid: Integrate with theuuidcrate.string_number: Enable the StringNumber.dataloader: Support DataLoader.secrecy: Integrate with thesecrecycrate.decimal: Integrate with therust_decimalcrate.cbor: Support for serde_cbor.smol_str: Integrate with thesmol_strcrate.hashbrown: Integrate with thehashbrowncrate.
Apollo Studio
Apollo Studio is a cloud platform that helps you build, monitor, validate, and secure your organization's data graph. An existing extension is available for this crate here
Examples
All examples are in the sub-repository, located in the examples directory.
Run an example:
git submodule update # update the examples repo
cd examples && cargo run --bin [name]
Integrations
- Poem async-graphql-poem
- Actix-web async-graphql-actix-web
- Warp async-graphql-warp
- Tide async-graphql-tide
- Rocket async-graphql-rocket
- Axum async-graphql-axum
Who's using Async-graphql in production?
Community Showcase
- rust-actix-graphql-sqlx-postgresql Using GraphQL with Rust and Apollo Federation
- entity-rs A simplistic framework based on TAO, Facebook's distributed database for Social Graph.
- vimwiki-server Provides graphql server to inspect and manipulate vimwiki files.
- Diana Diana is a GraphQL system for Rust that's designed to work as simply as possible out of the box, without sacrificing configuration ability.
- cindythink
- sudograph
Blog Posts
License
Licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT) at your option.
References
- GraphQL
- GraphQL Multipart Request
- GraphQL Cursor Connections Specification
- GraphQL over WebSocket Protocol
- Apollo Tracing
- Apollo Federation
Contribute
Welcome to contribute !