strawberry-graphql QueryDepthLimiter DoS via circular fragment spreads

The QueryDepthLimiter extension lacks cycle detection in fragment spreads. The determine_depth function recursively resolves FragmentSpreadNode without tracking visited fragments, enabling infinite recursion on circular references.

Users of strawberry-graphql who use the QueryDepthLimiter extension.

Update to a patched version of strawberry-graphql that adds cycle detection in determine_depth, or disable QueryDepthLimiter until a patch is available.