Closed Martomate closed 1 year ago
See https://github.com/MichalLytek/type-graphql/issues/1397
Using class-validator >=0.14.0
:
const schema = await buildSchema({
// ...
validate: { forbidUnknownValues: false } // <--
});
Closing as duplicate #1396 #1401 🔒
Is there still a security risk here with class-validator? According to its maintainers, the main change in 0.14.0 was to enable forbidUnknownValues
by default
With GraphQL I guess not, it has own type system, fields validation and you can't put values not present in schema.
Describe the Bug When
TypeGraphQL 1.1.1
is used together withclass-validator 0.14.0
the TypqGraphQL validation stops working (it crashes).This happens in the validate-args file and the reason is most likely that there was a breaking change in class-validator 0.14.0 (see here). All my integration tests work with class-validator 0.13.2, but most of them fail with 0.14.0.
To Reproduce
Create a resolver with a mutation that takes this input:
This is what is returned to the API caller:
For some reason TypeGraphQL uses class-validator without specifying it as a dependency, so I was quite surprised to find this incompatibility.