Summary A query depth restriction using the max-depth can be bypassed if ignoreIntrospection is enabled (which is the default configuration) by naming your query/fragment __schema. Details In the countDepth function, we have the following code that calculates the depth of a used fragment: typescript } else if (node.kind == Kind.FRAGMENT_SPREAD) { if (this.visitedFragments.has(node.name.value)) { return this.visitedFragments.get(node.name.value) ?? 0; } else { this.visitedFragments.set(node.name.value, -1); } const fragment = this.context.getFragment(node.name.value); if (fragment) { let fragmentDepth; if (this.config.flattenFragments) { fragmentDepth = this.countDepth(fragment, parentDepth); } else { fragmentDepth = this.countDepth(fragment, parentDepth + 1); } depth = Math.max(depth, fragmentDepth); if (this.visitedFragments.get(node.name.value) === -1) { this.visitedFragments.set(node.name.value, fragmentDepth); } } } which will calculate the depth of the fragment used in the current node, store the value in this.visitedFragments and re-use it in the future to avoid re-calculating the depth for the same fragment. The issue arises when the same fragment is used multiple times, at different depths. The current caching takes into account the depth of the first occurrence, which means if the fragment is re-used later in a higher…Read More