jnak
commented
4 years ago @diverru I just submitted another PR that fixes the thread-safety issues in both Promise and Datalaoder. It includes 2 detailed tests / reproductions. Would you mind taking a look at it? It is critical we get this expedited. Thanks
diverru
syrusakbary
Problem proof: https://gist.github.com/diverru/3b317313366311fc260707cc91e77994 relating problems: #57, #68, #70 My solution is more lightweight than #70
Also, i've found that graphql-core uses promises to handle whole graphql requests, it means that even with SyncExecutor whole graphql request could be handled by another unexpected thread. It leads to huge security problems with global/singleton (even threadlocal) variables.