Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Release new version - changesets #509

Merged
merged 1 commit into from
Mar 4, 2025
Merged

Release new version - changesets #509

merged 1 commit into from
Mar 4, 2025

Conversation

neo4j-team-graphql
Copy link
Collaborator

This PR was opened by the Changesets release GitHub action. When you're ready to do a release, you can merge this and the packages will be published to npm automatically. If you're not ready to do a release yet, that's fine, whenever you add more changesets to main, this PR will be updated.

Releases

@neo4j/cypher-builder@2.3.2

Patch Changes

  • #505 dd5acb5 Thanks @angrykoala! - New options to disable automatic escaping of labels and relationship types have been added to the .build method on clauses, inside the new object unsafeEscapeOptions:

    • disableLabelEscaping (defaults to false): If set to true, node labels will not be escaped if unsafe.

    • disableRelationshipTypeEscaping (defaults to false): If set to true, relationship types will not be escaped if unsafe

      For example:

      const personNode = new Cypher.Node();
const movieNode = new Cypher.Node();

const matchQuery = new Cypher.Match(
    new Cypher.Pattern(personNode, {
        labels: ["Person"],
        properties: {
            ["person name"]: new Cypher.Literal(`Uneak "Seveer`),
        },
    })
        .related({ type: "ACTED IN" })
        .to(movieNode, { labels: ["A Movie"] })
).return(personNode);

const queryResult = matchQuery.build({
    unsafeEscapeOptions: {
        disableLabelEscaping: true,
        disableRelationshipTypeEscaping: true,
    },
});

      This query will generate the following (invalid) Cypher:

      MATCH (this0:Person { `person name`: "Uneak \"Seveer" })-[:ACTED IN]->(this1:A Movie)
RETURN this0

      Instead of the default (safe) Cypher:

      MATCH (this0:Person { `person name`: "Uneak \"Seveer" })-[:`ACTED IN`]->(this1:`A Movie`)
RETURN this0

      WARNING:: Changing these options may lead to code injection and unsafe Cypher.

@sonarqubecloud SonarQubeCloud
Copy link

sonarqubecloud bot commented Mar 4, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@angrykoala angrykoala merged commit d18325b into main Mar 4, 2025
10 checks passed
@angrykoala angrykoala deleted the changeset-release/main branch March 4, 2025 15:21
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@neo4j-team-graphql @angrykoala