Update async-graphql and limit directives

Fix the security advisory for async-graphlq: CVE-2024-47614

Author: tpoliaw

Cargo.toml

@@ -8,8 +8,8 @@ license = "Apache-2.0"
 unwrap_used = "deny"
 
 [dependencies]
-async-graphql = { version = "=7.0.9", features = ["tracing"] }
-async-graphql-axum = "=7.0.9"
+async-graphql = { version = "7.0.11", features = ["tracing"] }
+async-graphql-axum = "7.0.11"
 axum = "0.7.5"
 chrono = "0.4.38"
 clap = { version = "4.5.16", features = ["cargo", "derive", "env"] }

src/graphql.rs

@@ -52,6 +52,7 @@ pub async fn serve_graphql(db: &Path, opts: ServeOptions) {
     info!("Serving graphql endpoints on {:?}", opts.addr());
     let schema = Schema::build(Query, Mutation, EmptySubscription)
         .extension(Tracing)
+        .limit_directives(32)
         .data(db)
         .finish();
     let app = Router::new()