Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build: Release #8324

Merged
merged 122 commits into from
Nov 19, 2022
Merged

build: Release #8324

merged 122 commits into from
Nov 19, 2022

Conversation

mtrezza
Copy link
Member

@mtrezza mtrezza commented Nov 19, 2022

No description provided.

mtrezza and others added 30 commits June 17, 2022 19:31
@mtrezza
docs: add release instructions (parse-community#8056)
4a10396
@mtrezza
fix: certificate in Apple Game Center auth adapter not validated [ski…
75af9a2 
…p release] (parse-community#8058)
@mtrezza
fix: invalid file request not properly handled [skip release] (parse-…
4c9e956 
…community#8062)
@snyk-bot
refactor: upgrade ws from 8.6.0 to 8.7.0 (parse-community#8064)
e26beb1
@snyk-bot
refactor: upgrade follow-redirects from 1.15.0 to 1.15.1 (parse-commu…
86832b9 
…nity#8063)
@davimacedo
refactor: upgrade winston-daily-rotate-file from 4.6.1 to 4.7.1 (pars…
42c9543 
…e-community#8066)
@mtrezza
docs: add missing heading to commit message section (parse-community#…
7844442 
…8079)
@mtrezza
docs: add LTS explanation and open vulnerabilities to README (parse-c…
35cd691 
…ommunity#8077)
@mtrezza
docs: add template and issue link requirements (parse-community#8080)
0fd600c
@dplewis
refactor: upgrade jwks-rsa from 2.1.3 to 2.1.4 (parse-community#8088)
e8eb546
@mtrezza
fix: protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [sk…
9fd4516 
…ip release] (parse-community#8076)
@dplewis
refactor: upgrade @graphql-tools/schema from 8.3.13 to 8.3.14 (parse-…
65ce274 
…community#8087)
@dplewis
refactor: upgrade @graphql-tools/utils from 8.6.12 to 8.6.13 (parse-c…
abd8536 
…ommunity#8086)
@davimacedo
refactor: upgrade ws from 8.7.0 to 8.8.0 (parse-community#8092)
0d16a64
@dplewis
refactor: upgrade @graphql-tools/merge from 8.2.13 to 8.2.14 (parse-c…
6e68656 
…ommunity#8085)
@yomybaby
fix: graphQL query ignores condition equalTo with value false (pa…
7f5a15d 
…rse-community#8032)
@semantic-release-bot
chore(release): 5.3.0-alpha.19 [skip ci]
e3f634e 
# [5.3.0-alpha.19](parse-community/parse-server@5.3.0-alpha.18...5.3.0-alpha.19) (2022-07-03)

### Bug Fixes

* certificate in Apple Game Center auth adapter not validated [skip release] ([parse-community#8058](parse-community#8058)) ([75af9a2](parse-community@75af9a2))
* graphQL query ignores condition `equalTo` with value `false` ([parse-community#8032](parse-community#8032)) ([7f5a15d](parse-community@7f5a15d))
* invalid file request not properly handled [skip release] ([parse-community#8062](parse-community#8062)) ([4c9e956](parse-community@4c9e956))
* protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] ([parse-community#8076](parse-community#8076)) ([9fd4516](parse-community@9fd4516))
@dependabot
refactor: bump undici from 5.2.0 to 5.6.0 (parse-community#8094)
38ba9b4
@snyk-bot
refactor: upgrade @graphql-tools/merge from 8.2.14 to 8.2.15 (parse-c…
24fe6dc 
…ommunity#8100)
@dependabot
refactor: bump moment from 2.29.3 to 2.29.4 (parse-community#8101)
e93a0aa
@snyk-bot
refactor: upgrade winston from 3.7.2 to 3.8.0 (parse-community#8103)
266011c
@snyk-bot
refactor: upgrade @graphql-tools/schema from 8.3.14 to 8.5.0 (parse-c…
861fb21 
…ommunity#8104)
@snyk-bot
refactor: upgrade @graphql-tools/merge from 8.2.15 to 8.3.0 (parse-co…
a96e15b 
…mmunity#8106)
@dependabot
fix: security upgrade undici from 5.6.0 to 5.8.0 (parse-community#8108)
4aa016b
@semantic-release-bot
chore(release): 5.3.0-alpha.20 [skip ci]
145008c 
# [5.3.0-alpha.20](parse-community/parse-server@5.3.0-alpha.19...5.3.0-alpha.20) (2022-07-22)

### Bug Fixes

* security upgrade undici from 5.6.0 to 5.8.0 ([parse-community#8108](parse-community#8108)) ([4aa016b](parse-community@4aa016b))
@snyk-bot
refactor: upgrade lru-cache from 7.10.1 to 7.10.2 (parse-community#8102)
1246551
@davimacedo
refactor: upgrade ldapjs from 2.3.2 to 2.3.3 (parse-community#8091)
2ea4e37
@snyk-bot
refactor: upgrade lru-cache from 7.10.2 to 7.12.0 (parse-community#8114)
3351ca7
@Moumouls
fix: internal indices for classes _Idempotency and _Role are not …
c16f529 
…protected in defined schema (parse-community#8121)
@semantic-release-bot
chore(release): 5.3.0-alpha.21 [skip ci]
eef750a 
# [5.3.0-alpha.21](parse-community/parse-server@5.3.0-alpha.20...5.3.0-alpha.21) (2022-08-05)

### Bug Fixes

* internal indices for classes `_Idempotency` and `_Role` are not protected in defined schema ([parse-community#8121](parse-community#8121)) ([c16f529](parse-community@c16f529))
mtrezza and others added 17 commits October 17, 2022 23:04
@mtrezza
docs: remove differentiation between MongoDB 5.x versions (parse-comm…
8863ad2 
…unity#8246)
@parseplatformorg
refactor: upgrade ws from 8.8.1 to 8.9.0 (parse-community#8247)
b249123
@parseplatformorg
refactor: upgrade pg-monitor from 1.4.1 to 1.5.0 (parse-community#8248)
a049952
@dependabot
refactor: bump async from 3.2.1 to 3.2.4 (parse-community#8254)
fb50332
@dblythy
fix: relation constraints in compound queries Parse.Query.or, `Pars…
28f0d26 
…e.Query.and` not working (parse-community#8203)
@semantic-release-bot
chore(release): 5.3.0-alpha.31 [skip ci]
b54af6b 
# [5.3.0-alpha.31](parse-community/parse-server@5.3.0-alpha.30...5.3.0-alpha.31) (2022-10-24)

### Bug Fixes

* relation constraints in compound queries `Parse.Query.or`, `Parse.Query.and` not working ([parse-community#8203](parse-community#8203)) ([28f0d26](parse-community@28f0d26))
@dblythy
ci: remove running CI for superseded commits (parse-community#8213)
c41e5fc
@parseplatformorg
refactor: upgrade semver from 7.3.7 to 7.3.8 (parse-community#8261)
4918665
@snyk-bot
refactor: upgrade body-parser from 1.20.0 to 1.20.1 (parse-community#…
eab9cdd 
…8262)
@dblythy
feat: add convenience access to Parse Server configuration in Cloud C…
9f11115 
…ode via `Parse.Server` (parse-community#8244)
@semantic-release-bot
chore(release): 5.3.0-alpha.32 [skip ci]
9053e79 
# [5.3.0-alpha.32](parse-community/parse-server@5.3.0-alpha.31...5.3.0-alpha.32) (2022-10-29)

### Features

* add convenience access to Parse Server configuration in Cloud Code via `Parse.Server` ([parse-community#8244](parse-community#8244)) ([9f11115](parse-community@9f11115))
@mtrezza
Merge branch 'beta' into build-beta
5e9d494
@mtrezza
build: beta release (parse-community#8264)
1d277db
@semantic-release-bot
chore(release): 5.4.0-beta.1 [skip ci]
0e30c76 
# [5.4.0-beta.1](parse-community/parse-server@5.3.0...5.4.0-beta.1) (2022-10-29)

### Bug Fixes

* authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration `appIds` is set as a string (e.g. `abc`) instead of an array of strings (e.g. `["abc"]`) ([GHSA-r657-33vp-gp22](GHSA-r657-33vp-gp22)) [skip release] ([parse-community#8187](parse-community#8187)) ([8c8ec71](parse-community@8c8ec71))
* brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) ([parse-community#8146](parse-community#8146)) [skip release] ([4c0c7c7](parse-community@4c0c7c7))
* certificate in Apple Game Center auth adapter not validated [skip release] ([parse-community#8058](parse-community#8058)) ([75af9a2](parse-community@75af9a2))
* graphQL query ignores condition `equalTo` with value `false` ([parse-community#8032](parse-community#8032)) ([7f5a15d](parse-community@7f5a15d))
* internal indices for classes `_Idempotency` and `_Role` are not protected in defined schema ([parse-community#8121](parse-community#8121)) ([c16f529](parse-community@c16f529))
* invalid file request not properly handled [skip release] ([parse-community#8062](parse-community#8062)) ([4c9e956](parse-community@4c9e956))
* liveQuery with `containedIn` not working when object field is an array ([parse-community#8128](parse-community#8128)) ([1d9605b](parse-community@1d9605b))
* protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] ([parse-community#8076](parse-community#8076)) ([9fd4516](parse-community@9fd4516))
* push notifications `badge` doesn't update with Installation beforeSave trigger ([parse-community#8162](parse-community#8162)) ([3c75c2b](parse-community@3c75c2b))
* query aggregation pipeline cannot handle value of type `Date` when `directAccess: true` ([parse-community#8167](parse-community#8167)) ([e424137](parse-community@e424137))
* relation constraints in compound queries `Parse.Query.or`, `Parse.Query.and` not working ([parse-community#8203](parse-community#8203)) ([28f0d26](parse-community@28f0d26))
* security upgrade undici from 5.6.0 to 5.8.0 ([parse-community#8108](parse-community#8108)) ([4aa016b](parse-community@4aa016b))
* server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests ([GHSA-h423-w6qv-2wj3](GHSA-h423-w6qv-2wj3)) [skip release] ([parse-community#8238](parse-community#8238)) ([c03908f](parse-community@c03908f))
* session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](GHSA-6w4q-23cf-j9jp)) [skip release] ([parse-community#8180](parse-community#8180)) ([37fed30](parse-community@37fed30))
* sorting by non-existing value throws `INVALID_SERVER_ERROR` on Postgres ([parse-community#8157](parse-community#8157)) ([3b775a1](parse-community@3b775a1))
* updating object includes unchanged keys in client response for certain key types ([parse-community#8159](parse-community#8159)) ([37af1d7](parse-community@37af1d7))

### Features

* add convenience access to Parse Server configuration in Cloud Code via `Parse.Server` ([parse-community#8244](parse-community#8244)) ([9f11115](parse-community@9f11115))
* add option to change the default value of the `Parse.Query.limit()` constraint ([parse-community#8152](parse-community#8152)) ([0388956](parse-community@0388956))
* add support for MongoDB 6 ([parse-community#8242](parse-community#8242)) ([aba0081](parse-community@aba0081))
* add support for Postgres 15 ([parse-community#8215](parse-community#8215)) ([2feb6c4](parse-community@2feb6c4))
* liveQuery support for unsorted distance queries ([parse-community#8221](parse-community#8221)) ([0f763da](parse-community@0f763da))
@mtrezza
refactor: Remote code execution via MongoDB BSON parser through proto…
46dbecd 
…type pollution; fixes security vulnerability [GHSA-prm5-8g2m-24gg](GHSA-prm5-8g2m-24gg) (parse-community#8298)
@mtrezza
refactor: Parse Server option requestKeywordDenylist can be bypasse…
d9c3c02 
…d via Cloud Code Webhooks or Triggers; fixes security vulnerability [GHSA-xprv-wvh7-qqqx](GHSA-xprv-wvh7-qqqx) (parse-community#8303)
@mtrezza
refactor: Prototype pollution via Cloud Code Webhooks; fixes security…
735669a 
… vulnerability [GHSA-93vw-8fm5-p2jf](GHSA-93vw-8fm5-p2jf) (parse-community#8307)
@parse-github-assistant
Copy link

I will reformat the title to use the proper commit message syntax.

@parse-github-assistant parse-github-assistant bot changed the title build: release build: Release Nov 19, 2022
@parse-github-assistant
Copy link

Thanks for opening this pull request!

  • ❌ Please edit your post and use the provided template when creating a new pull request. This helps everyone to understand your post better and asks for essential information to quicker review the pull request.

@codecov
Copy link

codecov bot commented Nov 19, 2022
edited
Loading

Codecov Report

Base: 94.31% // Head: 94.13% // Decreases project coverage by -0.17% ⚠️

Coverage data is based on head (a9a9772) compared to base (60c5a73).
Patch coverage: 97.33% of modified lines in pull request are covered.

Additional details and impacted files 
@@             Coverage Diff             @@
##           release    #8324      +/-   ##
===========================================
- Coverage    94.31%   94.13%   -0.18%     
===========================================
  Files          182      182              
  Lines        13740    13785      +45     
===========================================
+ Hits         12959    12977      +18     
- Misses         781      808      +27
Impacted Files Coverage Δ
src/GraphQL/helpers/objectsQueries.js 90.62% <ø> (ø)
src/Options/Definitions.js 100.00% <ø> (ø)
src/Options/index.js 100.00% <ø> (ø)
src/Config.js 88.92% <85.71%> (-0.09%) ⬇️
src/LiveQuery/QueryTools.js 94.55% <93.33%> (-0.19%) ⬇️
src/Adapters/Storage/Mongo/MongoStorageAdapter.js 93.19% <100.00%> (+0.02%) ⬆️
...dapters/Storage/Postgres/PostgresStorageAdapter.js 95.71% <100.00%> (+0.24%) ⬆️
src/Controllers/DatabaseController.js 93.91% <100.00%> (+0.02%) ⬆️
src/GraphQL/transformers/query.js 89.77% <100.00%> (ø)
src/ParseServer.js 90.27% <100.00%> (+0.21%) ⬆️
... and 9 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@mtrezza
Copy link
Member Author

mtrezza commented Nov 19, 2022
edited
Loading

This will be the last stable release for Parse Server 5 before it moves into LTS. This release happens ~2 weeks earlier than the expected release date Dec 1st, to free resources for Parse Server 6 release.

@mtrezza mtrezza merged commit e373f09 into parse-community:release Nov 19, 2022
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 5.4.0

@parseplatformorg parseplatformorg added the state:released Released as stable version label Nov 19, 2022
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 5.4.0

@parseplatformorg parseplatformorg added the state:released-5.x.x Released as LTS version label Nov 19, 2022
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 6.0.0-alpha.31

@parseplatformorg parseplatformorg added the state:released-alpha Released as alpha version label Jan 31, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
state:released Released as stable version state:released-5.x.x Released as LTS version state:released-alpha Released as alpha version
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.