Bump graphql-dgs-platform-dependencies from latest.release to 5.0.4

[dependabot]

Bumps graphql-dgs-platform-dependencies from latest.release to 5.0.4.

Release notes

Sourced from graphql-dgs-platform-dependencies's releases.

v5.0.4

What’s Changed

Enhancements

• DGS annotations now declare @Inherited so that they can be used along CGLIB proxies. (#1113) @​noemielb
• Allow filtering of DgsComponents in DgsSchemaProvider (#1101) @​OskarKjellin

Other Chagnes

• Bump actions/cache from 3.0.2 to 3.0.3 (#1093) @​dependabot
• Upgrade dependency locks to prepare for a release. (#1112) @​berngp

v5.0.3

What’s Changed

Fixes

• Input argument without @​InputArgument("input") stopped working (#1102) @​berngp
• Pass MultipartFile class to StdSerializer base class in MultipartFileSerializer (#1095) @​kilink

v5.0.2

What’s Changed

Fixes

• Addressing DgsGraphQLMetricsInstrumentation Latency increase (#1092) @​berngp
• DgsSchemaProvider API to expose resolved Datafetchers & field instrumentation (#1090) @​berngp

Chores

• Removed unsued LogEvent class (#1086) @​berngp
• Adopt Gradle JVM Toolchain (#1085) @​berngp
• Refactor InputArgumentTest (#1084) @​berngp
• chore(deps): Bump graphql-java-extended-validation to 18.1-hibernate-validator-6.2.0.Final (#1080) @​setchy

v5.0.1

What’s Changed

• Fix how the GraphQLCSRFRequestHeaderValidationRule compares the content-type (#1079) @​berngp

v5.0.0

We are releasing a major version for DGS to address a CSRF vulnerability. This version adds a breaking change for callers that target the GraphQL Endpoint, /graphql by default, and don't explicit set the content-type to be one of either application/json, application/graphql, or multipart/form-data, the latter use for file upload. If a client is using multipart/form-data they will now need to include a preflight header that matches any of "x-apollo-operation-name", "apollo-require-preflight", or "graphql-require-preflight".

TL;DR

• DGS will only accept requests with content-type of application/json, application/graphql, and multipart/form-data.
• DGS will enforce a preflight header if the content-type is multipart/form-data. Acceptable preflight headers are "x-apollo-operation-name", "apollo-require-preflight", or "graphql-require-preflight"

Application developers should provide a sensible CORS policy, doing so is out of scope of the DGS framework but available via Spring Boot and Spring Security.

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #88.