Strawberry-graphql

--------------------

This release adjusts the schema printer to avoid printing a schema directive
value set to `UNSET` as `""` (empty string).

For example, the following:

python
strawberry.input
class FooInput:
a: str | None = strawberry.UNSET
b: str | None = strawberry.UNSET


strawberry.schema_directive(locations=[Location.FIELD_DEFINITION])
class FooDirective:
input: FooInput


strawberry.type
class Query:
strawberry.field(directives=[FooDirective(input=FooInput(a="aaa"))])
def foo(self, info) -> str: ...


Would previously print as:

graphql
directive fooDirective(
input: FooInput!
optionalInput: FooInput
) on FIELD_DEFINITION

type Query {
foo: String! fooDirective(input: { a: "aaa", b: "" })
}

input FooInput {
a: String
b: String
}


Now it will be correctly printed as:

graphql
directive fooDirective(
input: FooInput!
optionalInput: FooInput
) on FIELD_DEFINITION

type Query {
foo: String! fooDirective(input: { a: "aaa" })
}

input FooInput {
a: String
b: String
}


Contributed by [Thiago Bellini Ribeiro](https://github.com/bellini666) via [PR #3770](https://github.com/strawberry-graphql/strawberry/pull/3770/)

--------------------

Add the ability to override the "max results" a relay's connection can return on
a per-field basis.

The default value for this is defined in the schema's config, and set to `100`
unless modified by the user. Now, that per-field value will take precedence over
it.

For example:

python
strawerry.type
class Query:
This will still use the default value in the schema's config
fruits: ListConnection[Fruit] = relay.connection()

This will reduce the maximum number of results to 10
limited_fruits: ListConnection[Fruit] = relay.connection(max_results=10)

This will increase the maximum number of results to 10
higher_limited_fruits: ListConnection[Fruit] = relay.connection(max_results=10_000)


Note that this only affects `ListConnection` and subclasses. If you are
implementing your own connection resolver, there's an extra keyword named
`max_results: int | None` that will be passed to it.

Contributed by [Thiago Bellini Ribeiro](https://github.com/bellini666) via [PR #3746](https://github.com/strawberry-graphql/strawberry/pull/3746/)

--------------------

The common `node: Node` used to resolve relay nodes means we will be relying on
is_type_of to check if the returned object is in fact a subclass of the Node
interface.

However, integrations such as Django, SQLAlchemy and Pydantic will not return
the type itself, but instead an alike object that is later resolved to the
expected type.

In case there are more than one possible type defined for that model that is
being returned, the first one that replies True to `is_type_of` check would be
used in the resolution, meaning that when asking for `"PublicUser:123"`,
strawberry could end up returning `"User:123"`, which can lead to security
issues (such as data leakage).

In here we are introducing a new `strawberry.cast`, which will be used to mark
an object with the already known type by us, and when asking for is_type_of that
mark will be used to check instead, ensuring we will return the correct type.

That `cast` is already in place for the relay node resolution and pydantic.

Contributed by [Thiago Bellini Ribeiro](https://github.com/bellini666) via [PR #3749](https://github.com/strawberry-graphql/strawberry/pull/3749/)

--------------------

This release updates Strawberry internally to no longer pass keywords arguments
to `pathlib.PurePath`. Support for supplying keyword arguments to
`pathlib.PurePath` is deprecated and scheduled for removal in Python 3.14

Contributed by [Jonathan Ehwald](https://github.com/DoctorJohn) via [PR #3738](https://github.com/strawberry-graphql/strawberry/pull/3738/)

--------------------

This release drops support for Python 3.8, which reached its end-of-life (EOL)
in October 2024. The minimum supported Python version is now 3.9.

We strongly recommend upgrading to Python 3.9 or a newer version, as older
versions are no longer maintained and may contain security vulnerabilities.

Contributed by [Thiago Bellini Ribeiro](https://github.com/bellini666) via [PR #3730](https://github.com/strawberry-graphql/strawberry/pull/3730/)

--------------------

This release adds support for making Relay connection optional, this is useful
when you want to add permission classes to the connection and not fail the whole
query if the user doesn't have permission to access the connection.

Example:

python
import strawberry
from strawberry import relay
from strawberry.permission import BasePermission


class IsAuthenticated(BasePermission):
message = "User is not authenticated"

This method can also be async!
def has_permission(
self, source: typing.Any, info: strawberry.Info, **kwargs
) -> bool:
return False


strawberry.type
class Fruit(relay.Node):
code: relay.NodeID[int]
name: str
weight: float

classmethod
def resolve_nodes(
cls,
*,
info: strawberry.Info,
node_ids: Iterable[str],
):
return []


strawberry.type
class Query:
node: relay.Node = relay.node()

relay.connection(
relay.ListConnection[Fruit] | None, permission_classes=[IsAuthenticated()]
)
def fruits(self) -> Iterable[Fruit]:
This can be a database query, a generator, an async generator, etc
return all_fruits.values()


Contributed by [Patrick Arminio](https://github.com/patrick91) via [PR #3707](https://github.com/strawberry-graphql/strawberry/pull/3707/)