GraphQL was first introduced into the Foreman project in 2018. Since then, I do not believe it has been widely adopted by plugins or used by core. We then have two APIs we are attempting to support, the REST API and GraphQL.
I am wondering if this is a dependency that we can remove from Foreman to reduce our dependencies, and attack surfaces.
We will have to find capacity to remove it from REX and ansible Code search results Ā· GitHub
There is at least one consumer outside of Foreman itself:
I have heard a while back downstream of some consultants using it to make customized dashboards etc for customers. Would be worthwhile to ask SA/consultants and get a feel how much itās being used downstream still.
Do we use GraphQL for our internal cross-plugin communication?
I think we donāt, so it could be ājust a removalā without breaking any features*.
* Didnāt check into details, I might be wrong.
Hello there! Apologies for injecting myself into this conversation, but I can only assume (or, at least, I hope so) this topic in connected to latest news on GraphQL.
While this conversation is going on, my question is what would be the recommended steps people should take for their existing deployments?
Is there a new and updated version of Foreman coming, maybe? If so, any ETA, by any chance?
Thanks!
Which news do you speak of?
I think that CVE serves as a good example to think about our dependencies.
Hello there @ehelms,
Sorry to interrupt this thread again with the topic of CVE.
I was wondering if this vulnerability will be remediated anytime soon in any upcoming or recent versions of Foreman?
Not so to much to delete graphql but to update the rubygem package to a newer version?
I created two PRs to backport the versions to the 3.14 and 3.13 repositories:
But they are currently failing and I am not sure why, but someone else will tell me for sure. 
They are passing and merged it appears! Thanks @Dirk !