Merge branch 'master' into DB/liveQuery-session

Author: dblythy

.babelrc

@@ -7,7 +7,8 @@
         ["@babel/preset-env", {
             "targets": {
                 "node": "12"
-            }
+            },
+            "exclude": ["proposal-dynamic-import"]
         }]
     ],
     "sourceMaps": "inline"

.github/workflows/ci.yml

@@ -7,7 +7,7 @@ on:
     branches:
       - '**'
 env:
-  NODE_VERSION: 14.17.6
+  NODE_VERSION: 14.18.0
   PARSE_SERVER_TEST_TIMEOUT: 20000
 jobs:
   check-ci:
@@ -17,7 +17,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Use Node.js ${{ matrix.NODE_VERSION }}
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v2
         with:
           node-version: ${{ matrix.node-version }}
       - name: Cache Node.js modules
@@ -29,8 +29,10 @@ jobs:
             ${{ runner.os }}-node-${{ matrix.NODE_VERSION }}-
       - name: Install dependencies
         run: npm ci
-      - name: CI Self-Check
+      - name: CI Environments Check
         run: npm run ci:check
+      - name: CI Node Engine Check
+        run: npm run ci:checkNodeEngine
   check-changelog:
     name: Changelog
     timeout-minutes: 5
@@ -45,7 +47,7 @@ jobs:
      steps:
        - uses: actions/checkout@v2
        - name: Use Node.js ${{ matrix.NODE_VERSION }}
-         uses: actions/setup-node@v1
+         uses: actions/setup-node@v2
          with:
            node-version: ${{ matrix.node-version }}
        - name: Cache Node.js modules
@@ -65,7 +67,7 @@ jobs:
      steps:
        - uses: actions/checkout@v2
        - name: Use Node.js ${{ matrix.NODE_VERSION }}
-         uses: actions/setup-node@v1
+         uses: actions/setup-node@v2
          with:
            node-version: ${{ matrix.node-version }}
        - name: Cache Node.js modules
@@ -101,43 +103,43 @@ jobs:
       matrix:
         include:
           - name: MongoDB 5.0, ReplicaSet, WiredTiger
-            MONGODB_VERSION: 5.0.2
+            MONGODB_VERSION: 5.0.3
             MONGODB_TOPOLOGY: replicaset
             MONGODB_STORAGE_ENGINE: wiredTiger
-            NODE_VERSION: 14.17.6
+            NODE_VERSION: 14.18.0
           - name: MongoDB 4.4, ReplicaSet, WiredTiger
-            MONGODB_VERSION: 4.4.8
+            MONGODB_VERSION: 4.4.9
             MONGODB_TOPOLOGY: replicaset
             MONGODB_STORAGE_ENGINE: wiredTiger
-            NODE_VERSION: 14.17.6
+            NODE_VERSION: 14.18.0
           - name: MongoDB 4.2, ReplicaSet, WiredTiger
-            MONGODB_VERSION: 4.2.15
+            MONGODB_VERSION: 4.2.17
             MONGODB_TOPOLOGY: replicaset
             MONGODB_STORAGE_ENGINE: wiredTiger
-            NODE_VERSION: 14.17.6
+            NODE_VERSION: 14.18.0
           - name: MongoDB 4.0, ReplicaSet, WiredTiger
-            MONGODB_VERSION: 4.0.25
+            MONGODB_VERSION: 4.0.27
             MONGODB_TOPOLOGY: replicaset
             MONGODB_STORAGE_ENGINE: wiredTiger
-            NODE_VERSION: 14.17.6
+            NODE_VERSION: 14.18.0
           - name: MongoDB 4.0, Standalone, MMAPv1
-            MONGODB_VERSION: 4.0.25
+            MONGODB_VERSION: 4.0.27
             MONGODB_TOPOLOGY: standalone
             MONGODB_STORAGE_ENGINE: mmapv1
-            NODE_VERSION: 14.17.6
+            NODE_VERSION: 14.18.0
           - name: Redis Cache
             PARSE_SERVER_TEST_CACHE: redis
-            MONGODB_VERSION: 4.4.8
+            MONGODB_VERSION: 4.4.9
             MONGODB_TOPOLOGY: standalone
             MONGODB_STORAGE_ENGINE: wiredTiger
-            NODE_VERSION: 14.17.6
+            NODE_VERSION: 14.18.0
           - name: Node 12
-            MONGODB_VERSION: 4.4.8
+            MONGODB_VERSION: 4.4.9
             MONGODB_TOPOLOGY: standalone
             MONGODB_STORAGE_ENGINE: wiredTiger
             NODE_VERSION: 12.22.6
           - name: Node 15
-            MONGODB_VERSION: 4.4.8
+            MONGODB_VERSION: 4.4.9
             MONGODB_TOPOLOGY: standalone
             MONGODB_STORAGE_ENGINE: wiredTiger
             NODE_VERSION: 15.14.0
@@ -159,7 +161,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Use Node.js ${{ matrix.NODE_VERSION }}
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v2
         with:
           node-version: ${{ matrix.NODE_VERSION }}
       - name: Cache Node.js modules
@@ -182,16 +184,16 @@ jobs:
         include:
           - name: PostgreSQL 11, PostGIS 3.0
             POSTGRES_IMAGE: postgis/postgis:11-3.0
-            NODE_VERSION: 14.17.6
+            NODE_VERSION: 14.18.0
           - name: PostgreSQL 11, PostGIS 3.1
             POSTGRES_IMAGE: postgis/postgis:11-3.1
-            NODE_VERSION: 14.17.6
+            NODE_VERSION: 14.18.0
           - name: PostgreSQL 12, PostGIS 3.1
             POSTGRES_IMAGE: postgis/postgis:12-3.1
-            NODE_VERSION: 14.17.6
+            NODE_VERSION: 14.18.0
           - name: PostgreSQL 13, PostGIS 3.1
             POSTGRES_IMAGE: postgis/postgis:13-3.1
-            NODE_VERSION: 14.17.6
+            NODE_VERSION: 14.18.0
       fail-fast: false
     name: ${{ matrix.name }}
     timeout-minutes: 15
@@ -219,7 +221,7 @@ jobs:
     steps:
       - uses: actions/checkout@v2
       - name: Use Node.js ${{ matrix.NODE_VERSION }}
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v2
         with:
           node-version: ${{ matrix.NODE_VERSION }}
       - name: Cache Node.js modules

.github/workflows/docker-publish.yml

@@ -2,12 +2,11 @@ name: docker
 
 on:
   schedule:
-    - cron: '19 17 * * *' # Nightly builds capture upstream updates to dependency images such as node.
+    # Nightly builds capture upstream updates to dependency images such as node.
+    - cron: '19 17 * * *'
   push:
     branches: [ master ]
     tags: [ '*.*.*' ]
-  pull_request:
-    branches: [ master ]
 
 env:
   REGISTRY: docker.io
@@ -22,6 +21,10 @@ jobs:
       packages: write
 
     steps:
+      - name: Determine branch name
+        id: branch
+        run: echo "::set-output name=branch_name::${GITHUB_REF#refs/*/}"
+
       - name: Checkout repository
         uses: actions/checkout@v2
 
@@ -45,7 +48,7 @@ jobs:
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           flavor: |
-            latest=true
+            latest=${{ steps.branch.outputs.branch_name == 'master' }}
 
       - name: Build and push Docker image
         uses: docker/build-push-action@v2

.github/workflows/release-manual-docker.yml

@@ -0,0 +1,57 @@
+# Trigger this workflow only to manually create a Docker release; this should only be used
+# in extraordinary circumstances, as Docker releases are normally created automatically as
+# part of the automated release workflow.
+
+name: release-manual-docker
+on:
+  workflow_dispatch:
+    inputs:
+      ref:
+        default: ''
+        description: 'Reference (tag / SHA):'  
+env:
+  REGISTRY: docker.io
+  IMAGE_NAME: parseplatform/parse-server
+jobs:
+  build:
+    runs-on: ubuntu-18.04
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Determine branch name
+        id: branch
+        run: echo "::set-output name=branch_name::${GITHUB_REF#refs/*/}"
+      - name: Checkout repository
+        uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.inputs.ref }}
+      - name: Set up QEMU
+        id: qemu
+        uses: docker/setup-qemu-action@v1
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+      - name: Log into Docker Hub
+        if: github.event_name != 'pull_request'
+        uses: docker/login-action@v1
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+      - name: Extract Docker metadata
+        id: meta
+        uses: docker/metadata-action@v3
+        with:
+          images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
+          flavor: |
+            latest=${{ steps.branch.outputs.branch_name == 'master' && github.event.inputs.ref == '' }}
+          tags: |
+            type=semver,enable=true,pattern={{version}},value=${{ github.event.inputs.ref }}
+            type=raw,enable=${{ github.event.inputs.ref == '' }},value=latest
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          platforms: linux/amd64, linux/arm/v6, linux/arm/v7, linux/arm64/v8
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}

CHANGELOG.md

@@ -4,7 +4,8 @@ Jump directly to a version:
 
 | 4.x                                  |
 |--------------------------------------|
-| [**4.10.3 (latest release)**](#4103) |
+| [**4.10.4 (latest release)**](#4104) |
+| [4.10.3](#4103) |
 | [4.10.2](#4102)                      |
 | [4.10.1](#4101)                      |
 | [4.10.0](#4100)                      |
@@ -94,7 +95,7 @@ Jump directly to a version:
 ___
 
 ## Unreleased (Master Branch)
-[Full Changelog](https://github.com/parse-community/parse-server/compare/4.10.3...master)
+[Full Changelog](https://github.com/parse-community/parse-server/compare/4.10.4...master)
 
 ### Breaking Changes
 - Improved schema caching through database real-time hooks. Reduces DB queries, decreases Parse Query execution time and fixes a potential schema memory leak. If multiple Parse Server instances connect to the same DB (for example behind a load balancer), set the [Parse Server Option](https://parseplatform.org/parse-server/api/master/ParseServerOptions.html) `databaseOptions.enableSchemaHooks: true` to enable this feature and keep the schema in sync across all instances. Failing to do so will cause a schema change to not propagate to other instances and re-syncing will only happen when these instances restart. The options `enableSingleSchemaCache` and `schemaCacheTTL` have been removed. To use this feature with MongoDB, a replica set cluster with [change stream](https://docs.mongodb.com/manual/changeStreams/#availability) support is required. (Diamond Lewis, SebC) [#7214](https://github.com/parse-community/parse-server/issues/7214)
@@ -104,6 +105,7 @@ ___
 - Remove support for Node 10 which has reached its End-of-Life date (Manuel Trezza) [#7314](https://github.com/parse-community/parse-server/pull/7314)
 - Remove S3 Files Adapter from Parse Server, instead install separately as `@parse/s3-files-adapter` (Manuel Trezza) [#7324](https://github.com/parse-community/parse-server/pull/7324)
 - Remove Session field `restricted`; the field was a code artifact from a feature that never existed in Open Source Parse Server; if you have been using this field for custom purposes, consider that for new Parse Server installations the field does not exist anymore in the schema, and for existing installations the field default value `false` will not be set anymore when creating a new session (Manuel Trezza) [#7543](https://github.com/parse-community/parse-server/pull/7543)
+- ci: add node engine version check (Manuel Trezza) [#7574](https://github.com/parse-community/parse-server/pull/7574)
 
 ### Notable Changes
 - Added Parse Server Security Check to report weak security settings (Manuel Trezza, dblythy) [#7247](https://github.com/parse-community/parse-server/issues/7247)
@@ -151,6 +153,15 @@ ___
 - Refactor: uniform issue templates across repos (Manuel Trezza) [#7528](https://github.com/parse-community/parse-server/pull/7528)
 - ci: bump ci environment (Manuel Trezza) [#7539](https://github.com/parse-community/parse-server/pull/7539)
 - CI now pushes docker images to Docker Hub (Corey Baker) [#7548](https://github.com/parse-community/parse-server/pull/7548)
+- Allow setting descending sort to full text queries (dblythy) [#7496](https://github.com/parse-community/parse-server/pull/7496)
+- Allow cloud string for ES modules (Daniel Blyth) [#7560](https://github.com/parse-community/parse-server/pull/7560)
+- docs: Introduce deprecation ID for reference in comments and online search (Manuel Trezza) [#7562](https://github.com/parse-community/parse-server/pull/7562)
+
+## 4.10.4
+[Full Changelog](https://github.com/parse-community/parse-server/compare/4.10.3...4.10.4)
+
+### Security Fixes
+- Strip out sessionToken when LiveQuery is used on Parse.User (Daniel Blyth) [GHSA-7pr3-p5fm-8r9x](https://github.com/parse-community/parse-server/security/advisories/GHSA-7pr3-p5fm-8r9x)
 
 ## 4.10.3
 [Full Changelog](https://github.com/parse-community/parse-server/compare/4.10.2...4.10.3)
@@ -177,15 +188,15 @@ ___
 
 *Versions >4.5.2 and <4.10.0 are skipped.*
 
-> ⚠️ A security incident caused a number of incorrect version tags to be pushed to the Parse Server repository. These version tags linked to a personal fork of a contributor who had write access to the repository. The code to which these tags linked has not been reviewed or approved by Parse Platform. Even though no releases were published with these incorrect versions, it was possible to define a Parse Server dependency that pointed to these version tags, for example if you defined this dependency: 
+> ⚠️ A security incident caused a number of incorrect version tags to be pushed to the Parse Server repository. These version tags linked to a personal fork of a contributor who had write access to the repository. The code to which these tags linked has not been reviewed or approved by Parse Platform. Even though no releases were published with these incorrect versions, it was possible to define a Parse Server dependency that pointed to these version tags, for example if you defined this dependency:
 > ```js
 > "parse-server": "[email protected]:parse-community/parse-server.git#4.9.3"
 > ```
-> 
+>
 > We have since deleted the incorrect version tags, but they may still show up if your personal fork on GitHub or locally. We do not know when these tags have been pushed to the Parse Server repository, but we first became aware of this issue on July 21, 2021. We are not aware of any malicious code or concerns related to privacy, security or legality (e.g. proprietary code). However, it has been reported that some functionality does not work as expected and the introduction of security vulnerabilities cannot be ruled out.
 >
-> You may be also affected if you used the Bitnami image for Parse Server. Bitnami picked up the incorrect version tag `4.9.3` and published a new Bitnami image for Parse Server. 
-> 
+> You may be also affected if you used the Bitnami image for Parse Server. Bitnami picked up the incorrect version tag `4.9.3` and published a new Bitnami image for Parse Server.
+>
 >**If you are using any of the affected versions, we urgently recommend to upgrade to version `4.10.0`.**
 
 ## 4.5.2

CONTRIBUTING.md

@@ -19,6 +19,8 @@
     - [Wording Guideline](#wording-guideline)
   - [Parse Error](#parse-error)
   - [Parse Server Configuration](#parse-server-configuration)
+- [Commit Message](#commit-message)
+  - [Breaking Change](#breaking-change)
 - [Code of Conduct](#code-of-conduct)
 
 ## Contributing
@@ -288,6 +290,55 @@ Introducing new [Parse Server configuration][config] parameters requires the fol
 5. Add test cases to ensure the correct parameter value validation. Parse Server throws an error at launch if an invalid value is set for any configuration parameter.
 6. Execute `npm run docs` to generate the documentation in the `/out` directory. Take a look at the documentation whether the description and formatting of the newly introduced parameters is satisfactory.
 
+## Commit Message
+
+For release automation, the title of pull requests needs to be written in a defined syntax. We loosely follow the [Conventional Commits](https://www.conventionalcommits.org) specification, which defines this syntax:
+
+```
+<type>: <summary>
+```
+
+The _type_ is the category of change that is made, possible types are:
+- `feat` - add a new feature
+- `fix` - fix a bug
+- `refactor` - refactor code without impact on features or performance
+- `docs` - add or edit code comments, documentation, GitHub pages
+- `style` - edit code style
+- `build` - retry failing build and anything build process related
+- `perf` - performance optimization
+- `ci` - continuous integration
+- `test` - tests
+
+The _summary_ is a short change description in present tense, not capitalized, without period at the end. This summary will also be used as the changelog entry.
+- It must be short and self-explanatory for a reader who does not see the details of the full pull request description
+- It must not contain abbreviations, e.g. instead of `LQ` write `LiveQuery`
+- It must use the correct product and feature names as referenced in the documentation, e.g. instead of `Cloud Validator` use `Cloud Function validation`
+- In case of a breaking change, the summary must not contain duplicate information that is also in the [BREAKING CHANGE](#breaking-change) chapter of the pull request description. It must not contain a note that it is a breaking change, as this will be automatically flagged as such if the pull request description contains the BREAKING CHANGE chapter.
+
+For example:
+
+```
+feat: add handle to door for easy opening
+```
+
+Currently, we are not making use of the commit _scope_, which would be written as `<type>(<scope>): <summary>`, that attributes a change to a specific part of the product.
+
+### Breaking Change
+
+If a pull request contains a braking change, the description of the pull request must contain a special chapter at the bottom.
+
+The chapter consists of the phrase `BREAKING CHANGE`, capitalized, in a single line without any formatting. It must be followed by an empty line, then a short description of the breaking change, and ideally how the developer should address it. This chapter should contain more details focusing on the "breaking” aspect of the change, as it is intended to assist the developer in adapting their deployment. However, keep it concise, as it will also become part of the changelog entry.
+
+For example:
+
+```
+Detailed pull request description...
+
+BREAKING CHANGE
+
+The door handle has be pulled up to open the door, not down. Adjust your habits accordingly by walking on your hands.
+```
+
 ## Code of Conduct
 
 This project adheres to the [Contributor Covenant Code of Conduct](https://github.com/parse-community/parse-server/blob/master/CODE_OF_CONDUCT.md). By participating, you are expected to honor this code.