feat(audits): Notices section for optional recommendations

docs/interfaces/audits_common.AuditFail.md

@@ -52,4 +52,4 @@ ___
 
 ### status
 
-• **status**: ``"warn"`` \| ``"error"``
+• **status**: ``"notice"`` \| ``"warn"`` \| ``"error"``

docs/modules/handler.md

@@ -252,14 +252,17 @@ Creates an appropriate GraphQL over HTTP response following the provided argumen
 
 If the first argument is an `ExecutionResult`, the operation will be treated as "successful".
 
-If the first argument is _any_ object without the `data` field, it will be treated as an error (as per the spec)
-and the response will be constructed with the help of `acceptedMediaType` complying with the GraphQL over HTTP spec.
+If the first argument is (an array of) `GraphQLError`, or an `ExecutionResult` without the `data` field, it will be treated
+the response will be constructed with the help of `acceptedMediaType` complying with the GraphQL over HTTP spec.
+
+If the first argument is an `Error`, the operation will be treated as a bad request responding with `400: Bad Request` and the
+error will be present in the `ExecutionResult` style.
 
 #### Parameters
 
 | Name | Type |
 | :------ | :------ |
-| `resultOrErrors` | readonly `GraphQLError`[] \| `Readonly`<`ExecutionResult`<`ObjMap`<`unknown`\>, `ObjMap`<`unknown`\>\>\> \| `Readonly`<`GraphQLError`\> |
+| `resultOrErrors` | readonly `GraphQLError`[] \| `Readonly`<`ExecutionResult`<`ObjMap`<`unknown`\>, `ObjMap`<`unknown`\>\>\> \| `Readonly`<`GraphQLError`\> \| `Readonly`<`Error`\> |
 | `acceptedMediaType` | [`AcceptableMediaType`](handler.md#acceptablemediatype) |
 
 #### Returns

implementations/apollo-server/README.md

@@ -3,9 +3,10 @@
 <h1>GraphQL over HTTP audit report</h1>
 
 <ul>
-<li><b>37</b> audits in total</li>
-<li><span style="font-family: monospace">✅</span> <b>31</b> pass</li>
-<li><span style="font-family: monospace">⚠️</span> <b>6</b> warnings (optional)</li>
+<li><b>60</b> audits in total</li>
+<li><span style="font-family: monospace">✅</span> <b>54</b> pass</li>
+<li><span style="font-family: monospace">💡</span> <b>3</b> notices (suggestions)</li>
+<li><span style="font-family: monospace">⚠️</span> <b>3</b> warnings (optional)</li>
 </ul>
 
 <h2>Passing</h2>
@@ -19,9 +20,20 @@
 <li><code>78D5</code> MUST assume utf-8 in request if encoding is unspecified</li>
 <li><code>2C94</code> MUST accept POST requests</li>
 <li><code>9C48</code> MAY NOT allow executing mutations on GET requests</li>
+<li><code>9ABE</code> MAY respond with 4xx status code if content-type is not supplied on POST requests</li>
 <li><code>03D4</code> MUST accept application/json POST requests</li>
+<li><code>A5BF</code> MAY use 400 status code when request body is missing on POST</li>
+<li><code>423L</code> MAY use 400 status code on missing {query} parameter</li>
+<li><code>LKJ0</code> MAY use 400 status code on object {query} parameter</li>
+<li><code>LKJ1</code> MAY use 400 status code on number {query} parameter</li>
+<li><code>LKJ2</code> MAY use 400 status code on boolean {query} parameter</li>
+<li><code>LKJ3</code> MAY use 400 status code on array {query} parameter</li>
 <li><code>34A2</code> SHOULD allow string {query} parameter when accepting application/graphql-response+json</li>
 <li><code>13EE</code> MUST allow string {query} parameter when accepting application/json</li>
+<li><code>6C00</code> MAY use 400 status code on object {operationName} parameter</li>
+<li><code>6C01</code> MAY use 400 status code on number {operationName} parameter</li>
+<li><code>6C02</code> MAY use 400 status code on boolean {operationName} parameter</li>
+<li><code>6C03</code> MAY use 400 status code on array {operationName} parameter</li>
 <li><code>8161</code> SHOULD allow string {operationName} parameter when accepting application/graphql-response+json</li>
 <li><code>B8B3</code> MUST allow string {operationName} parameter when accepting application/json</li>
 <li><code>94B0</code> SHOULD allow null {variables} parameter when accepting application/graphql-response+json</li>
@@ -30,10 +42,22 @@
 <li><code>0221</code> MUST allow null {operationName} parameter when accepting application/json</li>
 <li><code>94B2</code> SHOULD allow null {extensions} parameter when accepting application/graphql-response+json</li>
 <li><code>0222</code> MUST allow null {extensions} parameter when accepting application/json</li>
+<li><code>4760</code> MAY use 400 status code on string {variables} parameter</li>
+<li><code>4761</code> MAY use 400 status code on number {variables} parameter</li>
+<li><code>4762</code> MAY use 400 status code on boolean {variables} parameter</li>
+<li><code>4763</code> MAY use 400 status code on array {variables} parameter</li>
 <li><code>2EA1</code> SHOULD allow map {variables} parameter when accepting application/graphql-response+json</li>
 <li><code>28B9</code> MUST allow map {variables} parameter when accepting application/json</li>
+<li><code>58B0</code> MAY use 400 status code on string {extensions} parameter</li>
+<li><code>58B1</code> MAY use 400 status code on number {extensions} parameter</li>
+<li><code>58B2</code> MAY use 400 status code on boolean {extensions} parameter</li>
+<li><code>58B3</code> MAY use 400 status code on array {extensions} parameter</li>
 <li><code>428F</code> SHOULD allow map {extensions} parameter when accepting application/graphql-response+json</li>
 <li><code>1B7A</code> MUST allow map {extensions} parameter when accepting application/json</li>
+<li><code>B6DC</code> MAY use 4xx or 5xx status codes on JSON parsing failure</li>
+<li><code>BCF8</code> MAY use 400 status code on JSON parsing failure</li>
+<li><code>8764</code> MAY use 4xx or 5xx status codes if parameters are invalid</li>
+<li><code>3E3A</code> MAY use 400 status code if parameters are invalid</li>
 <li><code>865D</code> SHOULD use 4xx or 5xx status codes on document parsing failure when accepting application/graphql-response+json</li>
 <li><code>556A</code> SHOULD use 400 status code on document parsing failure when accepting application/graphql-response+json</li>
 <li><code>D586</code> SHOULD not contain the data entry on document parsing failure when accepting application/graphql-response+json</li>
@@ -43,8 +67,8 @@
 <li><code>86EE</code> SHOULD use a status code of 400 on variable coercion failure when accepting application/graphql-response+json</li>
 </ol>
 
-<h2>Warnings</h2>
-The server <i>SHOULD</i> support these, but is not required.
+<h2>Notices</h2>
+The server <i>MAY</i> support these, but are truly optional. These are suggestions following recommended conventions.
 <ol>
 <li><code>5A70</code> MAY accept application/x-www-form-urlencoded formatted GET requests
 <details>
@@ -160,6 +184,11 @@ The server <i>SHOULD</i> support these, but is not required.
 </code></pre>
 </details>
 </li>
+</ol>
+
+<h2>Warnings</h2>
+The server <i>SHOULD</i> support these, but is not required.
+<ol>
 <li><code>572B</code> SHOULD use 200 status code on document parsing failure when accepting application/json
 <details>
 <summary>Response status code is not 200</summary>

implementations/apollo-server/report.json

@@ -1,6 +1,7 @@
 {
-  "total": 37,
-  "ok": 31,
-  "warn": 6,
+  "total": 60,
+  "ok": 54,
+  "notice": 3,
+  "warn": 3,
   "error": 0
 }