From 0bfa6b7cc11bbc16392ce4ad18f2e5f95b092c04 Mon Sep 17 00:00:00 2001 From: Manuel <5673677+mtrezza@users.noreply.github.com> Date: Tue, 24 Aug 2021 00:46:39 +0200 Subject: [PATCH] Release 4.10.2 (#7513) * move graphql-tag from devDependencies to dependencies (#7183) * bump version * Update CHANGELOG.md --- CHANGELOG.md | 22 +++++++++++++--------- package-lock.json | 19 ++++++++++++++----- package.json | 4 ++-- 3 files changed, 29 insertions(+), 16 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f8d03e579e..b4a49e8907 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,16 +1,20 @@ -## Parse Server Changelog +# Parse Server Changelog -### master -[Full Changelog](https://github.com/parse-community/parse-server/compare/4.10.1...master) +# 4.10.2 +[Full Changelog](https://github.com/parse-community/parse-server/compare/4.10.1...4.10.2) -### 4.10.1 +## Fixes +- Move graphql-tag from devDependencies to dependencies (Antonio Davi Macedo Coelho de Castro) [#7183](https://github.com/parse-community/parse-server/pull/7183) + +# 4.10.1 [Full Changelog](https://github.com/parse-community/parse-server/compare/4.10.0...4.10.1) +## Security Fixes - Updated to Parse JS SDK 3.3.0 and other security fixes (Manuel Trezza) [#7508](https://github.com/parse-community/parse-server/pull/7508) > ⚠️ This includes a security fix of the Parse JS SDK where `logIn` will default to `POST` instead of `GET` method. This may require changes in your deployment before you upgrade to this release, see the Parse JS SDK 3.0.0 [release notes](https://github.com/parse-community/Parse-SDK-JS/releases/tag/3.0.0). -### 4.10.0 +# 4.10.0 [Full Changelog](https://github.com/parse-community/parse-server/compare/4.5.2...4.10.0) *Versions >4.5.2 and <4.10.0 are skipped.* @@ -26,16 +30,16 @@ > >**If you are using any of the affected versions, we urgently recommend to upgrade to version `4.10.0`.** -### 4.5.2 +# 4.5.2 [Full Changelog](https://github.com/parse-community/parse-server/compare/4.5.0...4.5.2) -### Security Fixes +## Security Fixes - SECURITY FIX: Fixes incorrect session property `authProvider: password` of anonymous users. When signing up an anonymous user, the session field `createdWith` indicates incorrectly that the session has been created using username and password with `authProvider: password`, instead of an anonymous sign-up with `authProvider: anonymous`. This fixes the issue by setting the correct `authProvider: anonymous` for future sign-ups of anonymous users. This fix does not fix incorrect `authProvider: password` for existing sessions of anonymous users. Consider this if your app logic depends on the `authProvider` field. (Corey Baker) [GHSA-23r4-5mxp-c7g5](https://github.com/parse-community/parse-server/security/advisories/GHSA-23r4-5mxp-c7g5) -### 4.5.1 +# 4.5.1 *This version was published by mistake and was deprecated.* -### 4.5.0 +# 4.5.0 [Full Changelog](https://github.com/parse-community/parse-server/compare/4.4.0...4.5.0) __BREAKING CHANGES:__ diff --git a/package-lock.json b/package-lock.json index 5e89934492..334c9233c5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "parse-server", - "version": "4.10.1", + "version": "4.10.2", "lockfileVersion": 1, "requires": true, "dependencies": { @@ -7310,10 +7310,19 @@ } }, "graphql-tag": { - "version": "2.10.1", - "resolved": "https://registry.npmjs.org/graphql-tag/-/graphql-tag-2.10.1.tgz", - "integrity": "sha512-jApXqWBzNXQ8jYa/HLkZJaVw9jgwNqZkywa2zfFn16Iv1Zb7ELNHkJaXHR7Quvd5SIGsy6Ny7SUKATgnu05uEg==", - "dev": true + "version": "2.12.5", + "resolved": "https://registry.npmjs.org/graphql-tag/-/graphql-tag-2.12.5.tgz", + "integrity": "sha512-5xNhP4063d16Pz3HBtKprutsPrmHZi5IdUGOWRxA2B6VF7BIRGOHZ5WQvDmJXZuPcBg7rYwaFxvQYjqkSdR3TQ==", + "requires": { + "tslib": "^2.1.0" + }, + "dependencies": { + "tslib": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz", + "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw==" + } + } }, "graphql-tools": { "version": "4.0.8", diff --git a/package.json b/package.json index c7c0143d15..ff14d04135 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "parse-server", - "version": "4.10.1", + "version": "4.10.2", "description": "An express module providing a Parse-compatible API server", "main": "lib/index.js", "repository": { @@ -38,6 +38,7 @@ "graphql": "15.4.0", "graphql-list-fields": "2.0.2", "graphql-relay": "0.6.0", + "graphql-tag": "2.12.5", "graphql-upload": "11.0.0", "intersect": "1.0.1", "jsonwebtoken": "8.5.1", @@ -81,7 +82,6 @@ "eslint-plugin-flowtype": "5.1.3", "flow-bin": "0.119.1", "form-data": "3.0.0", - "graphql-tag": "2.10.1", "husky": "4.2.5", "jasmine": "3.5.0", "jsdoc": "3.6.7",