hasura · BenoitRanque · Sep 24, 2024 · Sep 23, 2024 · Sep 23, 2024 · Sep 23, 2024
diff --git a/.github/workflows/security-audit.yaml b/.github/workflows/security-audit.yaml
@@ -0,0 +1,20 @@
+name: Security audit
+on:
+  pull_request:
+jobs:
+  audit:
+    name: Security Audit
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions-rust-lang/setup-rust-toolchain@v1
+        with:
+          # this defaults to "-D warnings", making warnings fail the entire build.
+          # setting to empty strng to allow builds with warnings
+          # todo: consider removing this, and disallowing pushing with warnings?
+          rustflags: ""
+      # we don't use the audit-check action, because it overwrites our lockfile before checking
+      # ref: https://github.com/rustsec/audit-check/issues/15
+      # todo: once that is fixed, move to audit-check, and set up regular audit check on top of these PR ones 
+      - run: cargo install cargo-audit --locked
+      - run: cargo audit
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+- Implement foreach capability. Instead of producing multiple parallel requests, we produce a single, larger request to send to the target endpoint.
+- Fix bug where introspection including interfaces would fail to parse in some circumstances
+- Config now defaults to asking for a `GRAPHQL_ENDPOINT` env var
+- Fix a bug where default values were not parsed as graphql values, and instead used as string literals
+
 ## [0.1.3]
 
 - Fix incorrect version being returned by capabilities