Setting GraphQL depth limit to 10

[TomHawk123]

Context & Requests for Reviewers

This PR answers Issue #108

Tests

Ran locally and slammed the server with an overly complex query to confirm crashing of service. Implemented depth limit of 10 and tested:

Expected to Fail:

curl -s -X POST http://localhost:8080/graphql \
  -H 'Content-Type: application/json' \
  -d '{"query":"{ jobs { edges { node { item { submittedBy { roles { org { policies { rules { conditions { id } } } } } } } } } } }"}' \
  | jq .

Expected to Succeed:

curl -s -X POST http://localhost:8080/graphql \
  -H 'Content-Type: application/json' \
  -d '{"query":"{ __typename }"}' \
  | jq .

(Optional) Rollout Plan

After testing by reviewers, this should be able to rollout immediately.

[pawiecz]

@TomHawk123 it looks like the package-lock.json was generated with npm <v24.13.1 - this could be the reason for locks desync in the CI checks: https://github.com/roostorg/coop/actions/runs/22804564190/job/66321426089?pr=109#step:3:79

I'll submit locking the .nvmrc at v24.14.0 for the time being to keep the CI consistent.

[pawiecz]

Patch looks good!

I'll merge #112 so we could address the CI warning.

[TomHawk123]

Patch looks good!

I'll merge #112 so we could address the CI warning.

I don't think I can merge until @juanmrad approves the PR after addressing his change request and/or until the CI warning can be addressed.

approving

[juanmrad]

@TomHawk123 can you merge main to re-trigger CI and make sure all passes.

[pawiecz]

This PR still has misaligned Betterer results (even after merging recent changes from main).

I'll run Betterer again on this branch, amend the results so that CI doesn't complain about the results getting improved (sigh) and merge this PR.