Skip to content
This repository was archived by the owner on Apr 14, 2026. It is now read-only.

Bump webonyx/graphql-php from 14.9.0 to 15.31.5#11

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/composer/webonyx/graphql-php-15.31.5
Open

Bump webonyx/graphql-php from 14.9.0 to 15.31.5#11
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/composer/webonyx/graphql-php-15.31.5

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 14, 2026

Bumps webonyx/graphql-php from 14.9.0 to 15.31.5.

Release notes

Sourced from webonyx/graphql-php's releases.

v15.31.5

Fixed

  • Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation GHSA-68jq-c3rv-pcrr

v15.31.4

Changed

v15.31.3

Fixed

v15.31.2

Changed

Fixed

v15.31.1

Fixed

v15.31.0

Added

  • Support per-schema scalar overrides via types config or typeLoader, without global side effects webonyx/graphql-php#1869
  • Add Type::builtInScalars() and Type::BUILT_IN_SCALAR_NAMES aligning with GraphQL spec terminology webonyx/graphql-php#1869
  • Add Directive::builtInDirectives() and Directive::isBuiltInDirective() aligning with GraphQL spec terminology webonyx/graphql-php#1869

Deprecated

v15.30.2

Fixed

v15.30.1

... (truncated)

Changelog

Sourced from webonyx/graphql-php's changelog.

v15.31.5

Fixed

  • Denial of Service via quadratic complexity in OverlappingFieldsCanBeMerged validation GHSA-68jq-c3rv-pcrr

v15.31.4

Changed

v15.31.3

Fixed

v15.31.2

Changed

Fixed

v15.31.1

Fixed

v15.31.0

Added

  • Support per-schema scalar overrides via types config or typeLoader, without global side effects webonyx/graphql-php#1869
  • Add Type::builtInScalars() and Type::BUILT_IN_SCALAR_NAMES aligning with GraphQL spec terminology webonyx/graphql-php#1869
  • Add Directive::builtInDirectives() and Directive::isBuiltInDirective() aligning with GraphQL spec terminology webonyx/graphql-php#1869

Deprecated

... (truncated)

Upgrade guide

Sourced from webonyx/graphql-php's upgrade guide.

v14.x.x > v15.x.x

BREAKING: Removed error extension field category

The formatting of errors that implement the ClientAware interface no longer contains the key category. This includes both built-in and user-defined errors.

throw new \GraphQL\Error\Error('msg');

Formatting before the change:

'errors' => [
    [
        'message' => 'msg',
        'extensions' => [
            'category' => 'graphql',
        ],
    ],
]

After the change:

'errors' => [
    [
        'message' => 'msg',
    ],
]

The method ClientAware::getCategory() was removed, you may also remove it from your implementations:

use GraphQL\Error\ClientAware;
class MyException extends \Exception implements ClientAware
{
public function isClientSafe(): bool
{
return true;
}

public function getCategory(): string
{

  return 'my-category';


}
</tr></table>

... (truncated)

Commits
  • 089c4ef Add changelog entry for v15.31.5
  • b5e7c99 Deduplicate fields in OverlappingFieldsCanBeMerged to prevent DoS
  • 28e51f8 chore(deps): update dependency ticketswap/phpstan-error-formatter to v1.3.0 (...
  • 8868e83 Add changelog entry for v15.31.4
  • 63288b2 Prioritize count error over null error in @​oneOf coercion (#1891)
  • ca9a962 chore(deps): update dependency phpstan/phpstan to v2.1.46 (#1892)
  • c573200 chore(deps): update dependency phpstan/phpstan to v2.1.45 (#1890)
  • 5113ac2 chore(deps): update dependency phpstan/phpstan to v2.1.44 (#1888)
  • d40959b chore(deps): update codecov/codecov-action action to v6
  • c20acbe v15.31.3 changelog
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump webonyx/graphql-php from 14.9.0 to 15.31.5
2af5024 
Bumps [webonyx/graphql-php](https://github.com/webonyx/graphql-php) from 14.9.0 to 15.31.5.
- [Release notes](https://github.com/webonyx/graphql-php/releases)
- [Changelog](https://github.com/webonyx/graphql-php/blob/master/CHANGELOG.md)
- [Upgrade guide](https://github.com/webonyx/graphql-php/blob/master/UPGRADE.md)
- [Commits](webonyx/graphql-php@v14.9.0...v15.31.5)

---
updated-dependencies:
- dependency-name: webonyx/graphql-php
  dependency-version: 15.31.5
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file php Pull requests that update php code labels Apr 14, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file php Pull requests that update php code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants