From 6207a02df53f428b4997e907c35a31b26c253f13 Mon Sep 17 00:00:00 2001
From: Manuel <5673677+mtrezza@users.noreply.github.com>
Date: Tue, 2 May 2023 00:02:06 +0200
Subject: [PATCH 01/53] ci: Fix CI workflow not running on release branches
(#8527)
---
.github/workflows/ci.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index dc27805e5f..91cad880f5 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,7 +1,7 @@
name: ci
on:
push:
- branches: [ release*, alpha, beta ]
+ branches: [ release, alpha, beta, next-major, 'release-[0-9]+.x.x' ]
pull_request:
branches:
- '**'
From 130285318784a41054148c9ecd5cfeace0d15e34 Mon Sep 17 00:00:00 2001
From: Lucas Coratger <73360179+coratgerl@users.noreply.github.com>
Date: Mon, 8 May 2023 20:43:52 +0200
Subject: [PATCH 02/53] docs: Fix missing logo in API docs (#8528)
---
jsdoc-conf.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/jsdoc-conf.json b/jsdoc-conf.json
index efbaa0a37c..4a1e5de846 100644
--- a/jsdoc-conf.json
+++ b/jsdoc-conf.json
@@ -29,7 +29,7 @@
"template": "./node_modules/clean-jsdoc-theme",
"theme_opts": {
"default_theme": "dark",
- "title": "
",
+ "title": "Parse Server",
"create_style": "header, .sidebar-section-title, .sidebar-title { color: #139cee !important } .logo { margin-left : 40px; margin-right: 40px }"
}
},
From 2caea310be412d82b04a85716bc769ccc410316d Mon Sep 17 00:00:00 2001
From: alljinx <42472198+alljinx@users.noreply.github.com>
Date: Tue, 9 May 2023 15:03:00 +0200
Subject: [PATCH 03/53] feat: Add option to change the log level of logs
emitted by Cloud Functions (#8530)
---
spec/CloudCodeLogger.spec.js | 36 ++++++++++++++++++++++++++++++++++
src/Options/Definitions.js | 10 ++++++++++
src/Options/docs.js | 2 ++
src/Options/index.js | 8 ++++++++
src/Routers/FunctionsRouter.js | 4 ++--
5 files changed, 58 insertions(+), 2 deletions(-)
diff --git a/spec/CloudCodeLogger.spec.js b/spec/CloudCodeLogger.spec.js
index 2cde9de640..b4dd5a42d8 100644
--- a/spec/CloudCodeLogger.spec.js
+++ b/spec/CloudCodeLogger.spec.js
@@ -182,6 +182,42 @@ describe('Cloud Code Logger', () => {
});
});
+ it('should log cloud function execution using the custom log level', async done => {
+ Parse.Cloud.define('aFunction', () => {
+ return 'it worked!';
+ });
+
+ Parse.Cloud.define('bFunction', () => {
+ throw new Error('Failed');
+ });
+
+ await Parse.Cloud.run('aFunction', { foo: 'bar' }).then(() => {
+ const log = spy.calls.allArgs().find(log => log[1].startsWith('Ran cloud function '))?.[0];
+ expect(log).toEqual('info');
+ });
+
+ await reconfigureServer({
+ silent: true,
+ logLevels: {
+ cloudFunctionSuccess: 'warn',
+ cloudFunctionError: 'info',
+ },
+ });
+
+ spy = spyOn(Config.get('test').loggerController.adapter, 'log').and.callThrough();
+
+ try {
+ await Parse.Cloud.run('bFunction', { foo: 'bar' });
+ throw new Error('bFunction should have failed');
+ } catch {
+ const log = spy.calls
+ .allArgs()
+ .find(log => log[1].startsWith('Failed running cloud function bFunction for '))?.[0];
+ expect(log).toEqual('info');
+ done();
+ }
+ });
+
it('should log cloud function triggers using the custom log level', async () => {
Parse.Cloud.beforeSave('TestClass', () => {});
Parse.Cloud.afterSave('TestClass', () => {});
diff --git a/src/Options/Definitions.js b/src/Options/Definitions.js
index 7987363ff2..d6acc948e3 100644
--- a/src/Options/Definitions.js
+++ b/src/Options/Definitions.js
@@ -993,6 +993,16 @@ module.exports.AuthAdapter = {
},
};
module.exports.LogLevels = {
+ cloudFunctionError: {
+ env: 'PARSE_SERVER_LOG_LEVELS_CLOUD_FUNCTION_ERROR',
+ help: 'Log level used by the Cloud Code Functions on error. Default is `error`.',
+ default: 'error',
+ },
+ cloudFunctionSuccess: {
+ env: 'PARSE_SERVER_LOG_LEVELS_CLOUD_FUNCTION_SUCCESS',
+ help: 'Log level used by the Cloud Code Functions on success. Default is `info`.',
+ default: 'info',
+ },
triggerAfter: {
env: 'PARSE_SERVER_LOG_LEVELS_TRIGGER_AFTER',
help:
diff --git a/src/Options/docs.js b/src/Options/docs.js
index b5a78aace1..8ebf63b97d 100644
--- a/src/Options/docs.js
+++ b/src/Options/docs.js
@@ -236,6 +236,8 @@
/**
* @interface LogLevels
+ * @property {String} cloudFunctionError Log level used by the Cloud Code Functions on error. Default is `error`.
+ * @property {String} cloudFunctionSuccess Log level used by the Cloud Code Functions on success. Default is `info`.
* @property {String} triggerAfter Log level used by the Cloud Code Triggers `afterSave`, `afterDelete`, `afterSaveFile`, `afterDeleteFile`, `afterFind`, `afterLogout`. Default is `info`.
* @property {String} triggerBeforeError Log level used by the Cloud Code Triggers `beforeSave`, `beforeSaveFile`, `beforeDeleteFile`, `beforeFind`, `beforeLogin` on error. Default is `error `.
* @property {String} triggerBeforeSuccess Log level used by the Cloud Code Triggers `beforeSave`, `beforeSaveFile`, `beforeDeleteFile`, `beforeFind`, `beforeLogin` on success. Default is `info`.
diff --git a/src/Options/index.js b/src/Options/index.js
index 009b31a5d5..59e040b57f 100644
--- a/src/Options/index.js
+++ b/src/Options/index.js
@@ -577,4 +577,12 @@ export interface LogLevels {
:DEFAULT: error
*/
triggerBeforeError: ?string;
+ /* Log level used by the Cloud Code Functions on success. Default is `info`.
+ :DEFAULT: info
+ */
+ cloudFunctionSuccess: ?string;
+ /* Log level used by the Cloud Code Functions on error. Default is `error`.
+ :DEFAULT: error
+ */
+ cloudFunctionError: ?string;
}
diff --git a/src/Routers/FunctionsRouter.js b/src/Routers/FunctionsRouter.js
index d239908103..4972453fc3 100644
--- a/src/Routers/FunctionsRouter.js
+++ b/src/Routers/FunctionsRouter.js
@@ -140,7 +140,7 @@ export class FunctionsRouter extends PromiseRouter {
result => {
try {
const cleanResult = logger.truncateLogMessage(JSON.stringify(result.response.result));
- logger.info(
+ logger[req.config.logLevels.cloudFunctionSuccess](
`Ran cloud function ${functionName} for user ${userString} with:\n Input: ${cleanInput}\n Result: ${cleanResult}`,
{
functionName,
@@ -155,7 +155,7 @@ export class FunctionsRouter extends PromiseRouter {
},
error => {
try {
- logger.error(
+ logger[req.config.logLevels.cloudFunctionError](
`Failed running cloud function ${functionName} for user ${userString} with:\n Input: ${cleanInput}\n Error: ` +
JSON.stringify(error),
{
From 4187a973cc1382b91b6948d4aef7c386e16b583d Mon Sep 17 00:00:00 2001
From: semantic-release-bot
Date: Tue, 9 May 2023 13:04:52 +0000
Subject: [PATCH 04/53] chore(release): 6.1.0-alpha.9 [skip ci]
# [6.1.0-alpha.9](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.8...6.1.0-alpha.9) (2023-05-09)
### Features
* Add option to change the log level of logs emitted by Cloud Functions ([#8530](https://github.com/parse-community/parse-server/issues/8530)) ([2caea31](https://github.com/parse-community/parse-server/commit/2caea310be412d82b04a85716bc769ccc410316d))
---
changelogs/CHANGELOG_alpha.md | 7 +++++++
package-lock.json | 4 ++--
package.json | 2 +-
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/changelogs/CHANGELOG_alpha.md b/changelogs/CHANGELOG_alpha.md
index a2b4c268d6..2c0c70ba8e 100644
--- a/changelogs/CHANGELOG_alpha.md
+++ b/changelogs/CHANGELOG_alpha.md
@@ -1,3 +1,10 @@
+# [6.1.0-alpha.9](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.8...6.1.0-alpha.9) (2023-05-09)
+
+
+### Features
+
+* Add option to change the log level of logs emitted by Cloud Functions ([#8530](https://github.com/parse-community/parse-server/issues/8530)) ([2caea31](https://github.com/parse-community/parse-server/commit/2caea310be412d82b04a85716bc769ccc410316d))
+
# [6.1.0-alpha.8](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.7...6.1.0-alpha.8) (2023-05-01)
diff --git a/package-lock.json b/package-lock.json
index a3c6b0f3cc..893483caf4 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
{
"name": "parse-server",
- "version": "6.1.0-beta.2",
+ "version": "6.1.0-alpha.9",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "parse-server",
- "version": "6.1.0-beta.2",
+ "version": "6.1.0-alpha.9",
"hasInstallScript": true,
"license": "Apache-2.0",
"dependencies": {
diff --git a/package.json b/package.json
index 8f7bbb5c37..8ed73f2d5c 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "parse-server",
- "version": "6.1.0-beta.2",
+ "version": "6.1.0-alpha.9",
"description": "An express module providing a Parse-compatible API server",
"main": "lib/index.js",
"repository": {
From afd0515e207bd947840579d3f245980dffa6f804 Mon Sep 17 00:00:00 2001
From: Diamond Lewis
Date: Thu, 11 May 2023 19:39:54 -0500
Subject: [PATCH 05/53] fix: Cloud Code Trigger `afterSave` executes even if
not set (#8520)
---
spec/ParseLiveQuery.spec.js | 22 ++++++++++++++++++++++
src/RestWrite.js | 26 +++++++++++++++-----------
2 files changed, 37 insertions(+), 11 deletions(-)
diff --git a/spec/ParseLiveQuery.spec.js b/spec/ParseLiveQuery.spec.js
index 38259f50d0..959df18cf9 100644
--- a/spec/ParseLiveQuery.spec.js
+++ b/spec/ParseLiveQuery.spec.js
@@ -2,6 +2,7 @@
const Auth = require('../lib/Auth');
const UserController = require('../lib/Controllers/UserController').UserController;
const Config = require('../lib/Config');
+const triggers = require('../lib/triggers');
const validatorFail = () => {
throw 'you are not authorized';
};
@@ -1212,4 +1213,25 @@ describe('ParseLiveQuery', function () {
object.set({ location: secondPoint });
await object.save();
});
+
+ it('prevent afterSave trigger if not exists', async () => {
+ await reconfigureServer({
+ liveQuery: {
+ classNames: ['TestObject'],
+ },
+ startLiveQueryServer: true,
+ verbose: false,
+ silent: true,
+ });
+ spyOn(triggers, 'maybeRunTrigger').and.callThrough();
+ const object1 = new TestObject();
+ const object2 = new TestObject();
+ const object3 = new TestObject();
+ await Parse.Object.saveAll([object1, object2, object3]);
+
+ expect(triggers.maybeRunTrigger).toHaveBeenCalledTimes(0);
+ expect(object1.id).toBeDefined();
+ expect(object2.id).toBeDefined();
+ expect(object3.id).toBeDefined();
+ });
});
diff --git a/src/RestWrite.js b/src/RestWrite.js
index 3a8385e52a..c703ee50bb 100644
--- a/src/RestWrite.js
+++ b/src/RestWrite.js
@@ -1577,17 +1577,21 @@ RestWrite.prototype.runAfterSaveTrigger = function () {
const { originalObject, updatedObject } = this.buildParseObjects();
updatedObject._handleSaveResponse(this.response.response, this.response.status || 200);
- this.config.database.loadSchema().then(schemaController => {
- // Notifiy LiveQueryServer if possible
- const perms = schemaController.getClassLevelPermissions(updatedObject.className);
- this.config.liveQueryController.onAfterSave(
- updatedObject.className,
- updatedObject,
- originalObject,
- perms
- );
- });
-
+ if (hasLiveQuery) {
+ this.config.database.loadSchema().then(schemaController => {
+ // Notify LiveQueryServer if possible
+ const perms = schemaController.getClassLevelPermissions(updatedObject.className);
+ this.config.liveQueryController.onAfterSave(
+ updatedObject.className,
+ updatedObject,
+ originalObject,
+ perms
+ );
+ });
+ }
+ if (!hasAfterSaveHook) {
+ return Promise.resolve();
+ }
// Run afterSave trigger
return triggers
.maybeRunTrigger(
From 559b1de828c3e3f73eee3599a29f0db2741a73c4 Mon Sep 17 00:00:00 2001
From: semantic-release-bot
Date: Fri, 12 May 2023 00:41:19 +0000
Subject: [PATCH 06/53] chore(release): 6.1.0-alpha.10 [skip ci]
# [6.1.0-alpha.10](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.9...6.1.0-alpha.10) (2023-05-12)
### Bug Fixes
* Cloud Code Trigger `afterSave` executes even if not set ([#8520](https://github.com/parse-community/parse-server/issues/8520)) ([afd0515](https://github.com/parse-community/parse-server/commit/afd0515e207bd947840579d3f245980dffa6f804))
---
changelogs/CHANGELOG_alpha.md | 7 +++++++
package-lock.json | 4 ++--
package.json | 2 +-
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/changelogs/CHANGELOG_alpha.md b/changelogs/CHANGELOG_alpha.md
index 2c0c70ba8e..d93598c0b0 100644
--- a/changelogs/CHANGELOG_alpha.md
+++ b/changelogs/CHANGELOG_alpha.md
@@ -1,3 +1,10 @@
+# [6.1.0-alpha.10](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.9...6.1.0-alpha.10) (2023-05-12)
+
+
+### Bug Fixes
+
+* Cloud Code Trigger `afterSave` executes even if not set ([#8520](https://github.com/parse-community/parse-server/issues/8520)) ([afd0515](https://github.com/parse-community/parse-server/commit/afd0515e207bd947840579d3f245980dffa6f804))
+
# [6.1.0-alpha.9](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.8...6.1.0-alpha.9) (2023-05-09)
diff --git a/package-lock.json b/package-lock.json
index 893483caf4..eec1a02906 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
{
"name": "parse-server",
- "version": "6.1.0-alpha.9",
+ "version": "6.1.0-alpha.10",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "parse-server",
- "version": "6.1.0-alpha.9",
+ "version": "6.1.0-alpha.10",
"hasInstallScript": true,
"license": "Apache-2.0",
"dependencies": {
diff --git a/package.json b/package.json
index 8ed73f2d5c..11e4233823 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "parse-server",
- "version": "6.1.0-alpha.9",
+ "version": "6.1.0-alpha.10",
"description": "An express module providing a Parse-compatible API server",
"main": "lib/index.js",
"repository": {
From 6f885d36b94902fdfea873fc554dee83589e6029 Mon Sep 17 00:00:00 2001
From: Daniel
Date: Thu, 18 May 2023 03:49:25 +1000
Subject: [PATCH 07/53] feat: `extendSessionOnUse` to automatically renew Parse
Sessions (#8505)
---
spec/Auth.spec.js | 29 ++++++++++++++++++++++
spec/index.spec.js | 16 ++++++++++++
src/Auth.js | 50 ++++++++++++++++++++++++++++++++++++--
src/Config.js | 5 ++++
src/Options/Definitions.js | 6 +++++
src/Options/docs.js | 1 +
src/Options/index.js | 3 +++
7 files changed, 108 insertions(+), 2 deletions(-)
diff --git a/spec/Auth.spec.js b/spec/Auth.spec.js
index 5ed6bfe941..26421487df 100644
--- a/spec/Auth.spec.js
+++ b/spec/Auth.spec.js
@@ -94,6 +94,35 @@ describe('Auth', () => {
});
});
+ it('can use extendSessionOnUse', async () => {
+ await reconfigureServer({
+ extendSessionOnUse: true,
+ });
+
+ const user = new Parse.User();
+ await user.signUp({
+ username: 'hello',
+ password: 'password',
+ });
+ const session = await new Parse.Query(Parse.Session).first();
+ const updatedAt = new Date('2010');
+ const expiry = new Date();
+ expiry.setHours(expiry.getHours() + 1);
+
+ await Parse.Server.database.update(
+ '_Session',
+ { objectId: session.id },
+ {
+ expiresAt: { __type: 'Date', iso: expiry.toISOString() },
+ updatedAt: updatedAt.toISOString(),
+ }
+ );
+ await session.fetch();
+ await new Promise(resolve => setTimeout(resolve, 1000));
+ await session.fetch();
+ expect(session.get('expiresAt') > expiry).toBeTrue();
+ });
+
it('should load auth without a config', async () => {
const user = new Parse.User();
await user.signUp({
diff --git a/spec/index.spec.js b/spec/index.spec.js
index 08ef16a77b..66654aaec4 100644
--- a/spec/index.spec.js
+++ b/spec/index.spec.js
@@ -367,6 +367,22 @@ describe('server', () => {
});
});
+ it('should throw when extendSessionOnUse is invalid', async () => {
+ await expectAsync(
+ reconfigureServer({
+ extendSessionOnUse: 'yolo',
+ })
+ ).toBeRejectedWith('extendSessionOnUse must be a boolean value');
+ });
+
+ it('should throw when revokeSessionOnPasswordReset is invalid', async () => {
+ await expectAsync(
+ reconfigureServer({
+ revokeSessionOnPasswordReset: 'yolo',
+ })
+ ).toBeRejectedWith('revokeSessionOnPasswordReset must be a boolean value');
+ });
+
it('fails if the session length is not a number', done => {
reconfigureServer({ sessionLength: 'test' })
.then(done.fail)
diff --git a/src/Auth.js b/src/Auth.js
index abd14391db..0617301d69 100644
--- a/src/Auth.js
+++ b/src/Auth.js
@@ -3,6 +3,8 @@ import { isDeepStrictEqual } from 'util';
import { getRequestObject, resolveError } from './triggers';
import Deprecator from './Deprecator/Deprecator';
import { logger } from './logger';
+import RestQuery from './RestQuery';
+import RestWrite from './RestWrite';
// An Auth object tells you who is requesting something and whether
// the master key was used.
@@ -66,6 +68,47 @@ function nobody(config) {
return new Auth({ config, isMaster: false });
}
+const throttle = {};
+const renewSessionIfNeeded = async ({ config, session, sessionToken }) => {
+ if (!config?.extendSessionOnUse) {
+ return;
+ }
+ clearTimeout(throttle[sessionToken]);
+ throttle[sessionToken] = setTimeout(async () => {
+ try {
+ if (!session) {
+ const { results } = await new RestQuery(
+ config,
+ master(config),
+ '_Session',
+ { sessionToken },
+ { limit: 1 }
+ ).execute();
+ console.log({ results });
+ session = results[0];
+ }
+ const lastUpdated = new Date(session?.updatedAt);
+ const yesterday = new Date();
+ yesterday.setDate(yesterday.getDate() - 1);
+ if (lastUpdated > yesterday || !session) {
+ return;
+ }
+ const expiresAt = config.generateSessionExpiresAt();
+ await new RestWrite(
+ config,
+ master(config),
+ '_Session',
+ { objectId: session.objectId },
+ { expiresAt: Parse._encode(expiresAt) }
+ ).execute();
+ } catch (e) {
+ if (e?.code !== Parse.Error.OBJECT_NOT_FOUND) {
+ logger.error('Could not update session expiry: ', e);
+ }
+ }
+ }, 500);
+};
+
// Returns a promise that resolves to an Auth object
const getAuthForSessionToken = async function ({
config,
@@ -78,6 +121,7 @@ const getAuthForSessionToken = async function ({
const userJSON = await cacheController.user.get(sessionToken);
if (userJSON) {
const cachedUser = Parse.Object.fromJSON(userJSON);
+ renewSessionIfNeeded({ config, sessionToken });
return Promise.resolve(
new Auth({
config,
@@ -112,18 +156,20 @@ const getAuthForSessionToken = async function ({
if (results.length !== 1 || !results[0]['user']) {
throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN, 'Invalid session token');
}
+ const session = results[0];
const now = new Date(),
- expiresAt = results[0].expiresAt ? new Date(results[0].expiresAt.iso) : undefined;
+ expiresAt = session.expiresAt ? new Date(session.expiresAt.iso) : undefined;
if (expiresAt < now) {
throw new Parse.Error(Parse.Error.INVALID_SESSION_TOKEN, 'Session token is expired.');
}
- const obj = results[0]['user'];
+ const obj = session.user;
delete obj.password;
obj['className'] = '_User';
obj['sessionToken'] = sessionToken;
if (cacheController) {
cacheController.user.put(sessionToken, obj);
}
+ renewSessionIfNeeded({ config, session, sessionToken });
const userObject = Parse.Object.fromJSON(obj);
return new Auth({
config,
diff --git a/src/Config.js b/src/Config.js
index 812d28c367..747af78f82 100644
--- a/src/Config.js
+++ b/src/Config.js
@@ -86,6 +86,7 @@ export class Config {
logLevels,
rateLimit,
databaseOptions,
+ extendSessionOnUse,
}) {
if (masterKey === readOnlyMasterKey) {
throw new Error('masterKey and readOnlyMasterKey should be different');
@@ -103,6 +104,10 @@ export class Config {
throw 'revokeSessionOnPasswordReset must be a boolean value';
}
+ if (typeof extendSessionOnUse !== 'boolean') {
+ throw 'extendSessionOnUse must be a boolean value';
+ }
+
if (publicServerURL) {
if (!publicServerURL.startsWith('http://') && !publicServerURL.startsWith('https://')) {
throw 'publicServerURL should be a valid HTTPS URL starting with https://';
diff --git a/src/Options/Definitions.js b/src/Options/Definitions.js
index d6acc948e3..a583c38c24 100644
--- a/src/Options/Definitions.js
+++ b/src/Options/Definitions.js
@@ -227,6 +227,12 @@ module.exports.ParseServerOptions = {
action: parsers.booleanParser,
default: true,
},
+ extendSessionOnUse: {
+ env: 'PARSE_SERVER_EXTEND_SESSION_ON_USE',
+ help: 'Whether Parse Server should automatically extend a valid session by the sessionLength',
+ action: parsers.booleanParser,
+ default: false,
+ },
fileKey: {
env: 'PARSE_SERVER_FILE_KEY',
help: 'Key for your files',
diff --git a/src/Options/docs.js b/src/Options/docs.js
index 8ebf63b97d..856707e0fa 100644
--- a/src/Options/docs.js
+++ b/src/Options/docs.js
@@ -43,6 +43,7 @@
* @property {String} encryptionKey Key for encrypting your files
* @property {Boolean} enforcePrivateUsers Set to true if new users should be created without public read and write access.
* @property {Boolean} expireInactiveSessions Sets whether we should expire the inactive sessions, defaults to true. If false, all new sessions are created with no expiration date.
+ * @property {Boolean} extendSessionOnUse Whether Parse Server should automatically extend a valid session by the sessionLength
* @property {String} fileKey Key for your files
* @property {Adapter} filesAdapter Adapter module for the files sub-system
* @property {FileUploadOptions} fileUpload Options for file uploads
diff --git a/src/Options/index.js b/src/Options/index.js
index 59e040b57f..0411563a8a 100644
--- a/src/Options/index.js
+++ b/src/Options/index.js
@@ -203,6 +203,9 @@ export interface ParseServerOptions {
/* Session duration, in seconds, defaults to 1 year
:DEFAULT: 31536000 */
sessionLength: ?number;
+ /* Whether Parse Server should automatically extend a valid session by the sessionLength
+ :DEFAULT: false */
+ extendSessionOnUse: ?boolean;
/* Default value for limit option on queries, defaults to `100`.
:DEFAULT: 100 */
defaultLimit: ?number;
From c78a5a6f10ce09032579fed8ef4cbd84c1ee96a9 Mon Sep 17 00:00:00 2001
From: semantic-release-bot
Date: Wed, 17 May 2023 17:58:54 +0000
Subject: [PATCH 08/53] chore(release): 6.1.0-alpha.11 [skip ci]
# [6.1.0-alpha.11](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.10...6.1.0-alpha.11) (2023-05-17)
### Features
* `extendSessionOnUse` to automatically renew Parse Sessions ([#8505](https://github.com/parse-community/parse-server/issues/8505)) ([6f885d3](https://github.com/parse-community/parse-server/commit/6f885d36b94902fdfea873fc554dee83589e6029))
---
changelogs/CHANGELOG_alpha.md | 7 +++++++
package-lock.json | 4 ++--
package.json | 2 +-
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/changelogs/CHANGELOG_alpha.md b/changelogs/CHANGELOG_alpha.md
index d93598c0b0..13d27af44b 100644
--- a/changelogs/CHANGELOG_alpha.md
+++ b/changelogs/CHANGELOG_alpha.md
@@ -1,3 +1,10 @@
+# [6.1.0-alpha.11](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.10...6.1.0-alpha.11) (2023-05-17)
+
+
+### Features
+
+* `extendSessionOnUse` to automatically renew Parse Sessions ([#8505](https://github.com/parse-community/parse-server/issues/8505)) ([6f885d3](https://github.com/parse-community/parse-server/commit/6f885d36b94902fdfea873fc554dee83589e6029))
+
# [6.1.0-alpha.10](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.9...6.1.0-alpha.10) (2023-05-12)
diff --git a/package-lock.json b/package-lock.json
index eec1a02906..deed9e6054 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
{
"name": "parse-server",
- "version": "6.1.0-alpha.10",
+ "version": "6.1.0-alpha.11",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "parse-server",
- "version": "6.1.0-alpha.10",
+ "version": "6.1.0-alpha.11",
"hasInstallScript": true,
"license": "Apache-2.0",
"dependencies": {
diff --git a/package.json b/package.json
index 11e4233823..f9d7ced8c7 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "parse-server",
- "version": "6.1.0-alpha.10",
+ "version": "6.1.0-alpha.11",
"description": "An express module providing a Parse-compatible API server",
"main": "lib/index.js",
"repository": {
From d4cda4b26c9bde8c812549b8780bea1cfabdb394 Mon Sep 17 00:00:00 2001
From: Daniel
Date: Fri, 19 May 2023 16:41:48 +1000
Subject: [PATCH 09/53] fix: GridFS file storage doesn't work with certain
`enableSchemaHooks` settings (#8467)
---
spec/FilesController.spec.js | 2 ++
spec/GridFSBucketStorageAdapter.spec.js | 16 ++++++++++++++++
src/Adapters/Files/GridFSBucketAdapter.js | 6 +++++-
3 files changed, 23 insertions(+), 1 deletion(-)
diff --git a/spec/FilesController.spec.js b/spec/FilesController.spec.js
index 8fee5aca2f..a16451f3ef 100644
--- a/spec/FilesController.spec.js
+++ b/spec/FilesController.spec.js
@@ -55,6 +55,8 @@ describe('FilesController', () => {
const config = Config.get(Parse.applicationId);
expect(config.database.adapter._mongoOptions.retryWrites).toBeTrue();
expect(config.filesController.adapter._mongoOptions.retryWrites).toBeTrue();
+ expect(config.filesController.adapter._mongoOptions.enableSchemaHooks).toBeUndefined();
+ expect(config.filesController.adapter._mongoOptions.schemaCacheTtl).toBeUndefined();
});
it('should create a server log on failure', done => {
diff --git a/spec/GridFSBucketStorageAdapter.spec.js b/spec/GridFSBucketStorageAdapter.spec.js
index 419bfdb98d..7e9c84a59e 100644
--- a/spec/GridFSBucketStorageAdapter.spec.js
+++ b/spec/GridFSBucketStorageAdapter.spec.js
@@ -20,6 +20,22 @@ describe_only_db('mongo')('GridFSBucket', () => {
await db.dropDatabase();
});
+ it('should connect to mongo with the supported database options', async () => {
+ const databaseURI = 'mongodb://localhost:27017/parse';
+ const gfsAdapter = new GridFSBucketAdapter(databaseURI, {
+ retryWrites: true,
+ // these are not supported by the mongo client
+ enableSchemaHooks: true,
+ schemaCacheTtl: 5000,
+ maxTimeMS: 30000,
+ });
+
+ const db = await gfsAdapter._connect();
+ const status = await db.admin().serverStatus();
+ expect(status.connections.current > 0).toEqual(true);
+ expect(db.options?.retryWrites).toEqual(true);
+ });
+
it('should save an encrypted file that can only be decrypted by a GridFS adapter with the encryptionKey', async () => {
const unencryptedAdapter = new GridFSBucketAdapter(databaseURI);
const encryptedAdapter = new GridFSBucketAdapter(
diff --git a/src/Adapters/Files/GridFSBucketAdapter.js b/src/Adapters/Files/GridFSBucketAdapter.js
index f2b9c48fad..451165789d 100644
--- a/src/Adapters/Files/GridFSBucketAdapter.js
+++ b/src/Adapters/Files/GridFSBucketAdapter.js
@@ -34,7 +34,11 @@ export class GridFSBucketAdapter extends FilesAdapter {
useNewUrlParser: true,
useUnifiedTopology: true,
};
- this._mongoOptions = Object.assign(defaultMongoOptions, mongoOptions);
+ const _mongoOptions = Object.assign(defaultMongoOptions, mongoOptions);
+ for (const key of ['enableSchemaHooks', 'schemaCacheTtl', 'maxTimeMS']) {
+ delete _mongoOptions[key];
+ }
+ this._mongoOptions = _mongoOptions;
}
_connect() {
From ab301b651856e99ecdd3bba405fe7eade7ccc257 Mon Sep 17 00:00:00 2001
From: semantic-release-bot
Date: Fri, 19 May 2023 06:43:10 +0000
Subject: [PATCH 10/53] chore(release): 6.1.0-alpha.12 [skip ci]
# [6.1.0-alpha.12](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.11...6.1.0-alpha.12) (2023-05-19)
### Bug Fixes
* GridFS file storage doesn't work with certain `enableSchemaHooks` settings ([#8467](https://github.com/parse-community/parse-server/issues/8467)) ([d4cda4b](https://github.com/parse-community/parse-server/commit/d4cda4b26c9bde8c812549b8780bea1cfabdb394))
---
changelogs/CHANGELOG_alpha.md | 7 +++++++
package-lock.json | 4 ++--
package.json | 2 +-
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/changelogs/CHANGELOG_alpha.md b/changelogs/CHANGELOG_alpha.md
index 13d27af44b..b4088dba72 100644
--- a/changelogs/CHANGELOG_alpha.md
+++ b/changelogs/CHANGELOG_alpha.md
@@ -1,3 +1,10 @@
+# [6.1.0-alpha.12](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.11...6.1.0-alpha.12) (2023-05-19)
+
+
+### Bug Fixes
+
+* GridFS file storage doesn't work with certain `enableSchemaHooks` settings ([#8467](https://github.com/parse-community/parse-server/issues/8467)) ([d4cda4b](https://github.com/parse-community/parse-server/commit/d4cda4b26c9bde8c812549b8780bea1cfabdb394))
+
# [6.1.0-alpha.11](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.10...6.1.0-alpha.11) (2023-05-17)
diff --git a/package-lock.json b/package-lock.json
index deed9e6054..98435f92dc 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
{
"name": "parse-server",
- "version": "6.1.0-alpha.11",
+ "version": "6.1.0-alpha.12",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "parse-server",
- "version": "6.1.0-alpha.11",
+ "version": "6.1.0-alpha.12",
"hasInstallScript": true,
"license": "Apache-2.0",
"dependencies": {
diff --git a/package.json b/package.json
index f9d7ced8c7..8a0338e441 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "parse-server",
- "version": "6.1.0-alpha.11",
+ "version": "6.1.0-alpha.12",
"description": "An express module providing a Parse-compatible API server",
"main": "lib/index.js",
"repository": {
From db4c214eac9ef576627062e0960778e534aa414d Mon Sep 17 00:00:00 2001
From: Manuel <5673677+mtrezza@users.noreply.github.com>
Date: Sat, 20 May 2023 23:16:02 +0200
Subject: [PATCH 11/53] docs: Add Synk step for LTS release to CONTRIBUTING
(#8536)
---
CONTRIBUTING.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 47c286c8ce..255364a172 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -496,7 +496,6 @@ The following changes are done in the `alpha` branch, before publishing the last
- Make sure all [deprecations](https://github.com/parse-community/parse-server/blob/alpha/DEPRECATIONS.md) are reflected in code, old code is removed and the deprecations table is updated.
- Add the future LTS branch `release-#.x.x` to the branch list in [release.config.js](https://github.com/parse-community/parse-server/blob/alpha/release.config.js) so that the branch will later be recognized for release automation.
-
### Publishing Release (forward-merge):
1. Create new temporary branch `build` on branch `beta`.
@@ -547,6 +546,7 @@ The following changes are done in the `alpha` branch, before publishing the last
1. Create LTS branch `release-#.x.x` off the latest version tag on `release` branch.
2. Create temporary branch `build-release` off branch `beta` and create a pull request with `release` as the base branch.
3. Merge branch `build-release` into `release`. Given that there will be breaking changes, a new major release will be created. In the unlikely case that there have been no breaking changes between the previous major release and the upcoming release, a major version increment has to be triggered manually. See the docs of the release automation framework for how to do that.
+4. Add newly created LTS branch `release-#.x.x` from step 1 to [Snyk](https://snyk.io) so that Snyk opens pull requests for the LTS branch; remove previously existing LTS branch `release-#.x.x` from Snyk.
## Versioning
From a27482c57edab59d501c623ab5cba6071e10de43 Mon Sep 17 00:00:00 2001
From: Manuel <5673677+mtrezza@users.noreply.github.com>
Date: Sun, 21 May 2023 01:31:52 +0200
Subject: [PATCH 12/53] refactor: Add new Parse Server option
`fileUpload.fileExtensions` to restrict file upload by file extension (#8539)
---
spec/ParseFile.spec.js | 186 ++++++++++++++++++++++++++++++++-----
src/Config.js | 5 +
src/Options/Definitions.js | 7 ++
src/Options/docs.js | 1 +
src/Options/index.js | 3 +
src/Routers/FilesRouter.js | 32 +++++++
6 files changed, 209 insertions(+), 25 deletions(-)
diff --git a/spec/ParseFile.spec.js b/spec/ParseFile.spec.js
index ed21304d39..88b8a64025 100644
--- a/spec/ParseFile.spec.js
+++ b/spec/ParseFile.spec.js
@@ -37,8 +37,14 @@ describe('Parse.File testing', () => {
});
});
- it('works with _ContentType', done => {
- request({
+ it('works with _ContentType', async () => {
+ await reconfigureServer({
+ fileUpload: {
+ enableForPublic: true,
+ fileExtensions: ['*'],
+ },
+ });
+ let response = await request({
method: 'POST',
url: 'http://localhost:8378/1/files/file',
body: JSON.stringify({
@@ -47,21 +53,18 @@ describe('Parse.File testing', () => {
_ContentType: 'text/html',
base64: 'PGh0bWw+PC9odG1sPgo=',
}),
- }).then(response => {
- const b = response.data;
- expect(b.name).toMatch(/_file.html/);
- expect(b.url).toMatch(/^http:\/\/localhost:8378\/1\/files\/test\/.*file.html$/);
- request({ url: b.url }).then(response => {
- const body = response.text;
- try {
- expect(response.headers['content-type']).toMatch('^text/html');
- expect(body).toEqual('\n');
- } catch (e) {
- jfail(e);
- }
- done();
- });
});
+ const b = response.data;
+ expect(b.name).toMatch(/_file.html/);
+ expect(b.url).toMatch(/^http:\/\/localhost:8378\/1\/files\/test\/.*file.html$/);
+ response = await request({ url: b.url });
+ const body = response.text;
+ try {
+ expect(response.headers['content-type']).toMatch('^text/html');
+ expect(body).toEqual('\n');
+ } catch (e) {
+ jfail(e);
+ }
});
it('works without Content-Type', done => {
@@ -351,25 +354,28 @@ describe('Parse.File testing', () => {
ok(object.toJSON().file.url);
});
- it('content-type used with no extension', done => {
+ it('content-type used with no extension', async () => {
+ await reconfigureServer({
+ fileUpload: {
+ enableForPublic: true,
+ fileExtensions: ['*'],
+ },
+ });
const headers = {
'Content-Type': 'text/html',
'X-Parse-Application-Id': 'test',
'X-Parse-REST-API-Key': 'rest',
};
- request({
+ let response = await request({
method: 'POST',
headers: headers,
url: 'http://localhost:8378/1/files/file',
body: 'fee fi fo',
- }).then(response => {
- const b = response.data;
- expect(b.name).toMatch(/\.html$/);
- request({ url: b.url }).then(response => {
- expect(response.headers['content-type']).toMatch(/^text\/html/);
- done();
- });
});
+ const b = response.data;
+ expect(b.name).toMatch(/\.html$/);
+ response = await request({ url: b.url });
+ expect(response.headers['content-type']).toMatch(/^text\/html/);
});
it('filename is url encoded', done => {
@@ -1298,6 +1304,136 @@ describe('Parse.File testing', () => {
await expectAsync(reconfigureServer({ fileUpload: { [key]: value } })).toBeResolved();
}
}
+ await expectAsync(
+ reconfigureServer({
+ fileUpload: {
+ fileExtensions: 1,
+ },
+ })
+ ).toBeRejectedWith('fileUpload.fileExtensions must be an array.');
+ });
+ });
+ describe('fileExtensions', () => {
+ it('works with _ContentType', async () => {
+ await reconfigureServer({
+ silent: false,
+ fileUpload: {
+ enableForPublic: true,
+ fileExtensions: ['png'],
+ },
+ });
+ await expectAsync(
+ request({
+ method: 'POST',
+ url: 'http://localhost:8378/1/files/file',
+ body: JSON.stringify({
+ _ApplicationId: 'test',
+ _JavaScriptKey: 'test',
+ _ContentType: 'text/html',
+ base64: 'PGh0bWw+PC9odG1sPgo=',
+ }),
+ }).catch(e => {
+ throw new Error(e.data.error);
+ })
+ ).toBeRejectedWith(
+ new Parse.Error(Parse.Error.FILE_SAVE_ERROR, `File upload of extension html is disabled.`)
+ );
+ });
+
+ it('works without Content-Type', async () => {
+ await reconfigureServer({
+ fileUpload: {
+ enableForPublic: true,
+ },
+ });
+ const headers = {
+ 'X-Parse-Application-Id': 'test',
+ 'X-Parse-REST-API-Key': 'rest',
+ };
+ await expectAsync(
+ request({
+ method: 'POST',
+ headers: headers,
+ url: 'http://localhost:8378/1/files/file.html',
+ body: '\n',
+ }).catch(e => {
+ throw new Error(e.data.error);
+ })
+ ).toBeRejectedWith(
+ new Parse.Error(Parse.Error.FILE_SAVE_ERROR, `File upload of extension html is disabled.`)
+ );
+ });
+
+ it('works with array', async () => {
+ await reconfigureServer({
+ fileUpload: {
+ enableForPublic: true,
+ fileExtensions: ['jpg'],
+ },
+ });
+ await expectAsync(
+ request({
+ method: 'POST',
+ url: 'http://localhost:8378/1/files/file',
+ body: JSON.stringify({
+ _ApplicationId: 'test',
+ _JavaScriptKey: 'test',
+ _ContentType: 'text/html',
+ base64: 'PGh0bWw+PC9odG1sPgo=',
+ }),
+ }).catch(e => {
+ throw new Error(e.data.error);
+ })
+ ).toBeRejectedWith(
+ new Parse.Error(Parse.Error.FILE_SAVE_ERROR, `File upload of extension html is disabled.`)
+ );
+ });
+
+ it('works with array without Content-Type', async () => {
+ await reconfigureServer({
+ fileUpload: {
+ enableForPublic: true,
+ fileExtensions: ['jpg'],
+ },
+ });
+ const headers = {
+ 'X-Parse-Application-Id': 'test',
+ 'X-Parse-REST-API-Key': 'rest',
+ };
+ await expectAsync(
+ request({
+ method: 'POST',
+ headers: headers,
+ url: 'http://localhost:8378/1/files/file.html',
+ body: '\n',
+ }).catch(e => {
+ throw new Error(e.data.error);
+ })
+ ).toBeRejectedWith(
+ new Parse.Error(Parse.Error.FILE_SAVE_ERROR, `File upload of extension html is disabled.`)
+ );
+ });
+
+ it('works with array with correct file type', async () => {
+ await reconfigureServer({
+ fileUpload: {
+ enableForPublic: true,
+ fileExtensions: ['html'],
+ },
+ });
+ const response = await request({
+ method: 'POST',
+ url: 'http://localhost:8378/1/files/file',
+ body: JSON.stringify({
+ _ApplicationId: 'test',
+ _JavaScriptKey: 'test',
+ _ContentType: 'text/html',
+ base64: 'PGh0bWw+PC9odG1sPgo=',
+ }),
+ });
+ const b = response.data;
+ expect(b.name).toMatch(/_file.html$/);
+ expect(b.url).toMatch(/^http:\/\/localhost:8378\/1\/files\/test\/.*file.html$/);
});
});
});
diff --git a/src/Config.js b/src/Config.js
index 747af78f82..f63b5d47da 100644
--- a/src/Config.js
+++ b/src/Config.js
@@ -465,6 +465,11 @@ export class Config {
} else if (typeof fileUpload.enableForAuthenticatedUser !== 'boolean') {
throw 'fileUpload.enableForAuthenticatedUser must be a boolean value.';
}
+ if (fileUpload.fileExtensions === undefined) {
+ fileUpload.fileExtensions = FileUploadOptions.fileExtensions.default;
+ } else if (!Array.isArray(fileUpload.fileExtensions)) {
+ throw 'fileUpload.fileExtensions must be an array.';
+ }
}
static validateIps(field, masterKeyIps) {
diff --git a/src/Options/Definitions.js b/src/Options/Definitions.js
index a583c38c24..b0cf602bab 100644
--- a/src/Options/Definitions.js
+++ b/src/Options/Definitions.js
@@ -975,6 +975,13 @@ module.exports.FileUploadOptions = {
action: parsers.booleanParser,
default: false,
},
+ fileExtensions: {
+ env: 'PARSE_SERVER_FILE_UPLOAD_FILE_EXTENSIONS',
+ help:
+ "Sets the allowed file extensions for uploading files. The extension is defined as an array of file extensions, or a regex pattern.
It is recommended to restrict the file upload extensions as much as possible. HTML files are especially problematic as they may be used by an attacker who uploads a HTML form to look legitimate under your app's domain name, or to compromise the session token of another user via accessing the browser's local storage.
Defaults to `^[^hH][^tT][^mM][^lL]?$` which allows any file extension except HTML files.",
+ action: parsers.arrayParser,
+ default: ['^[^hH][^tT][^mM][^lL]?$'],
+ },
};
module.exports.DatabaseOptions = {
enableSchemaHooks: {
diff --git a/src/Options/docs.js b/src/Options/docs.js
index 856707e0fa..6e4d7671eb 100644
--- a/src/Options/docs.js
+++ b/src/Options/docs.js
@@ -222,6 +222,7 @@
* @property {Boolean} enableForAnonymousUser Is true if file upload should be allowed for anonymous users.
* @property {Boolean} enableForAuthenticatedUser Is true if file upload should be allowed for authenticated users.
* @property {Boolean} enableForPublic Is true if file upload should be allowed for anyone, regardless of user authentication.
+ * @property {String[]} fileExtensions Sets the allowed file extensions for uploading files. The extension is defined as an array of file extensions, or a regex pattern.
It is recommended to restrict the file upload extensions as much as possible. HTML files are especially problematic as they may be used by an attacker who uploads a HTML form to look legitimate under your app's domain name, or to compromise the session token of another user via accessing the browser's local storage.
Defaults to `^[^hH][^tT][^mM][^lL]?$` which allows any file extension except HTML files.
*/
/**
diff --git a/src/Options/index.js b/src/Options/index.js
index 0411563a8a..8588a1f7fe 100644
--- a/src/Options/index.js
+++ b/src/Options/index.js
@@ -540,6 +540,9 @@ export interface PasswordPolicyOptions {
}
export interface FileUploadOptions {
+ /* Sets the allowed file extensions for uploading files. The extension is defined as an array of file extensions, or a regex pattern.
It is recommended to restrict the file upload extensions as much as possible. HTML files are especially problematic as they may be used by an attacker who uploads a HTML form to look legitimate under your app's domain name, or to compromise the session token of another user via accessing the browser's local storage.
Defaults to `^[^hH][^tT][^mM][^lL]?$` which allows any file extension except HTML files.
+ :DEFAULT: ["^[^hH][^tT][^mM][^lL]?$"] */
+ fileExtensions: ?(string[]);
/* Is true if file upload should be allowed for anonymous users.
:DEFAULT: false */
enableForAnonymousUser: ?boolean;
diff --git a/src/Routers/FilesRouter.js b/src/Routers/FilesRouter.js
index e911d772a4..ed48a28a68 100644
--- a/src/Routers/FilesRouter.js
+++ b/src/Routers/FilesRouter.js
@@ -140,6 +140,38 @@ export class FilesRouter {
return;
}
+ const fileExtensions = config.fileUpload?.fileExtensions;
+ if (!isMaster && fileExtensions) {
+ const isValidExtension = extension => {
+ return fileExtensions.some(ext => {
+ if (ext === '*') {
+ return true;
+ }
+ const regex = new RegExp(fileExtensions);
+ if (regex.test(extension)) {
+ return true;
+ }
+ });
+ };
+ let extension = contentType;
+ if (filename && filename.includes('.')) {
+ extension = filename.split('.')[1];
+ } else if (contentType && contentType.includes('/')) {
+ extension = contentType.split('/')[1];
+ }
+ extension = extension.split(' ').join('');
+
+ if (!isValidExtension(extension)) {
+ next(
+ new Parse.Error(
+ Parse.Error.FILE_SAVE_ERROR,
+ `File upload of extension ${extension} is disabled.`
+ )
+ );
+ return;
+ }
+ }
+
const base64 = req.body.toString('base64');
const file = new Parse.File(filename, { base64 }, contentType);
const { metadata = {}, tags = {} } = req.fileData || {};
From 7121829bbbe69878bdd03db9c6aeb81f8e437f34 Mon Sep 17 00:00:00 2001
From: Snyk bot
Date: Sun, 21 May 2023 16:58:23 +0100
Subject: [PATCH 13/53] refactor: Upgrade @graphql-tools/merge from 8.3.6 to
8.4.1 (#8544)
---
package-lock.json | 66 ++++++++++++++++++++++++++++++++++++++++-------
package.json | 2 +-
2 files changed, 57 insertions(+), 11 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 98435f92dc..69a70ecdf7 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -11,7 +11,7 @@
"license": "Apache-2.0",
"dependencies": {
"@babel/eslint-parser": "7.19.1",
- "@graphql-tools/merge": "8.3.6",
+ "@graphql-tools/merge": "^8.4.1",
"@graphql-tools/schema": "9.0.4",
"@graphql-tools/utils": "8.12.0",
"@graphql-yoga/node": "2.6.0",
@@ -75,7 +75,7 @@
"all-node-versions": "11.3.0",
"apollo-upload-client": "17.0.0",
"bcrypt-nodejs": "0.0.3",
- "clean-jsdoc-theme": "^4.2.7",
+ "clean-jsdoc-theme": "4.2.7",
"cross-env": "7.0.2",
"deep-diff": "1.0.2",
"eslint": "8.26.0",
@@ -1982,11 +1982,23 @@
}
},
"node_modules/@graphql-tools/merge": {
- "version": "8.3.6",
- "resolved": "https://registry.npmjs.org/@graphql-tools/merge/-/merge-8.3.6.tgz",
- "integrity": "sha512-uUBokxXi89bj08P+iCvQk3Vew4vcfL5ZM6NTylWi8PIpoq4r5nJ625bRuN8h2uubEdRiH8ntN9M4xkd/j7AybQ==",
+ "version": "8.4.1",
+ "resolved": "https://registry.npmjs.org/@graphql-tools/merge/-/merge-8.4.1.tgz",
+ "integrity": "sha512-hssnPpZ818mxgl5+GfyOOSnnflAxiaTn1A1AojZcIbh4J52sS1Q0gSuBR5VrnUDjuxiqoCotpXdAQl+K+U6KLQ==",
"dependencies": {
- "@graphql-tools/utils": "8.12.0",
+ "@graphql-tools/utils": "^9.2.1",
+ "tslib": "^2.4.0"
+ },
+ "peerDependencies": {
+ "graphql": "^14.0.0 || ^15.0.0 || ^16.0.0 || ^17.0.0"
+ }
+ },
+ "node_modules/@graphql-tools/merge/node_modules/@graphql-tools/utils": {
+ "version": "9.2.1",
+ "resolved": "https://registry.npmjs.org/@graphql-tools/utils/-/utils-9.2.1.tgz",
+ "integrity": "sha512-WUw506Ql6xzmOORlriNrD6Ugx+HjVgYxt9KCXD9mHAak+eaXSwuGGPyE60hy9xaDEoXKBsG7SkG69ybitaVl6A==",
+ "dependencies": {
+ "@graphql-typed-document-node/core": "^3.1.1",
"tslib": "^2.4.0"
},
"peerDependencies": {
@@ -2007,6 +2019,18 @@
"graphql": "^14.0.0 || ^15.0.0 || ^16.0.0 || ^17.0.0"
}
},
+ "node_modules/@graphql-tools/schema/node_modules/@graphql-tools/merge": {
+ "version": "8.3.6",
+ "resolved": "https://registry.npmjs.org/@graphql-tools/merge/-/merge-8.3.6.tgz",
+ "integrity": "sha512-uUBokxXi89bj08P+iCvQk3Vew4vcfL5ZM6NTylWi8PIpoq4r5nJ625bRuN8h2uubEdRiH8ntN9M4xkd/j7AybQ==",
+ "dependencies": {
+ "@graphql-tools/utils": "8.12.0",
+ "tslib": "^2.4.0"
+ },
+ "peerDependencies": {
+ "graphql": "^14.0.0 || ^15.0.0 || ^16.0.0 || ^17.0.0"
+ }
+ },
"node_modules/@graphql-tools/utils": {
"version": "8.12.0",
"resolved": "https://registry.npmjs.org/@graphql-tools/utils/-/utils-8.12.0.tgz",
@@ -21972,12 +21996,23 @@
}
},
"@graphql-tools/merge": {
- "version": "8.3.6",
- "resolved": "https://registry.npmjs.org/@graphql-tools/merge/-/merge-8.3.6.tgz",
- "integrity": "sha512-uUBokxXi89bj08P+iCvQk3Vew4vcfL5ZM6NTylWi8PIpoq4r5nJ625bRuN8h2uubEdRiH8ntN9M4xkd/j7AybQ==",
+ "version": "8.4.1",
+ "resolved": "https://registry.npmjs.org/@graphql-tools/merge/-/merge-8.4.1.tgz",
+ "integrity": "sha512-hssnPpZ818mxgl5+GfyOOSnnflAxiaTn1A1AojZcIbh4J52sS1Q0gSuBR5VrnUDjuxiqoCotpXdAQl+K+U6KLQ==",
"requires": {
- "@graphql-tools/utils": "8.12.0",
+ "@graphql-tools/utils": "^9.2.1",
"tslib": "^2.4.0"
+ },
+ "dependencies": {
+ "@graphql-tools/utils": {
+ "version": "9.2.1",
+ "resolved": "https://registry.npmjs.org/@graphql-tools/utils/-/utils-9.2.1.tgz",
+ "integrity": "sha512-WUw506Ql6xzmOORlriNrD6Ugx+HjVgYxt9KCXD9mHAak+eaXSwuGGPyE60hy9xaDEoXKBsG7SkG69ybitaVl6A==",
+ "requires": {
+ "@graphql-typed-document-node/core": "^3.1.1",
+ "tslib": "^2.4.0"
+ }
+ }
}
},
"@graphql-tools/schema": {
@@ -21989,6 +22024,17 @@
"@graphql-tools/utils": "8.12.0",
"tslib": "^2.4.0",
"value-or-promise": "1.0.11"
+ },
+ "dependencies": {
+ "@graphql-tools/merge": {
+ "version": "8.3.6",
+ "resolved": "https://registry.npmjs.org/@graphql-tools/merge/-/merge-8.3.6.tgz",
+ "integrity": "sha512-uUBokxXi89bj08P+iCvQk3Vew4vcfL5ZM6NTylWi8PIpoq4r5nJ625bRuN8h2uubEdRiH8ntN9M4xkd/j7AybQ==",
+ "requires": {
+ "@graphql-tools/utils": "8.12.0",
+ "tslib": "^2.4.0"
+ }
+ }
}
},
"@graphql-tools/utils": {
diff --git a/package.json b/package.json
index 8a0338e441..e7ab8dcbff 100644
--- a/package.json
+++ b/package.json
@@ -20,7 +20,7 @@
"license": "Apache-2.0",
"dependencies": {
"@babel/eslint-parser": "7.19.1",
- "@graphql-tools/merge": "8.3.6",
+ "@graphql-tools/merge": "8.4.1",
"@graphql-tools/schema": "9.0.4",
"@graphql-tools/utils": "8.12.0",
"@graphql-yoga/node": "2.6.0",
From cc57fafe386a5116e6ae64f5861ac67fdb92148f Mon Sep 17 00:00:00 2001
From: Parse Platform <90459499+parseplatformorg@users.noreply.github.com>
Date: Sun, 21 May 2023 23:53:17 +0200
Subject: [PATCH 14/53] refactor: Upgrade ws from 8.9.0 to 8.13.0 (#8551)
---
package-lock.json | 16 ++++++++--------
package.json | 2 +-
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 69a70ecdf7..60832bd0fb 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -52,7 +52,7 @@
"uuid": "9.0.0",
"winston": "3.8.1",
"winston-daily-rotate-file": "4.7.1",
- "ws": "8.9.0"
+ "ws": "^8.13.0"
},
"bin": {
"parse-server": "bin/parse-server"
@@ -20463,15 +20463,15 @@
}
},
"node_modules/ws": {
- "version": "8.9.0",
- "resolved": "https://registry.npmjs.org/ws/-/ws-8.9.0.tgz",
- "integrity": "sha512-Ja7nszREasGaYUYCI2k4lCKIRTt+y7XuqVoHR44YpI49TtryyqbqvDMn5eqfW7e6HzTukDRIsXqzVHScqRcafg==",
+ "version": "8.13.0",
+ "resolved": "https://registry.npmjs.org/ws/-/ws-8.13.0.tgz",
+ "integrity": "sha512-x9vcZYTrFPC7aSIbj7sRCYo7L/Xb8Iy+pW0ng0wt2vCJv7M9HOMy0UoN3rr+IFC7hb7vXoqS+P9ktyLLLhO+LA==",
"engines": {
"node": ">=10.0.0"
},
"peerDependencies": {
"bufferutil": "^4.0.1",
- "utf-8-validate": "^5.0.2"
+ "utf-8-validate": ">=5.0.2"
},
"peerDependenciesMeta": {
"bufferutil": {
@@ -36170,9 +36170,9 @@
}
},
"ws": {
- "version": "8.9.0",
- "resolved": "https://registry.npmjs.org/ws/-/ws-8.9.0.tgz",
- "integrity": "sha512-Ja7nszREasGaYUYCI2k4lCKIRTt+y7XuqVoHR44YpI49TtryyqbqvDMn5eqfW7e6HzTukDRIsXqzVHScqRcafg==",
+ "version": "8.13.0",
+ "resolved": "https://registry.npmjs.org/ws/-/ws-8.13.0.tgz",
+ "integrity": "sha512-x9vcZYTrFPC7aSIbj7sRCYo7L/Xb8Iy+pW0ng0wt2vCJv7M9HOMy0UoN3rr+IFC7hb7vXoqS+P9ktyLLLhO+LA==",
"requires": {}
},
"xmlcreate": {
diff --git a/package.json b/package.json
index e7ab8dcbff..8e6c02d4ae 100644
--- a/package.json
+++ b/package.json
@@ -61,7 +61,7 @@
"uuid": "9.0.0",
"winston": "3.8.1",
"winston-daily-rotate-file": "4.7.1",
- "ws": "8.9.0"
+ "ws": "8.13.0"
},
"devDependencies": {
"@actions/core": "1.9.1",
From 00c362d739e409924c84cc49c5e9da71959a43f5 Mon Sep 17 00:00:00 2001
From: Parse Platform <90459499+parseplatformorg@users.noreply.github.com>
Date: Mon, 22 May 2023 00:26:12 +0200
Subject: [PATCH 15/53] refactor: Upgrade redis from 4.0.6 to 4.6.6 (#8549)
---
package-lock.json | 284 ++++++++++++++++++++--------------------------
package.json | 2 +-
2 files changed, 126 insertions(+), 160 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 60832bd0fb..5f2b1c4917 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -45,7 +45,7 @@
"pg-promise": "11.3.0",
"pluralize": "8.0.0",
"rate-limit-redis": "3.0.1",
- "redis": "4.0.6",
+ "redis": "^4.6.6",
"semver": "7.3.8",
"subscriptions-transport-ws": "0.11.0",
"tv4": "1.3.0",
@@ -2338,60 +2338,6 @@
"eslint-scope": "5.1.1"
}
},
- "node_modules/@node-redis/bloom": {
- "version": "1.0.1",
- "resolved": "https://registry.npmjs.org/@node-redis/bloom/-/bloom-1.0.1.tgz",
- "integrity": "sha512-mXEBvEIgF4tUzdIN89LiYsbi6//EdpFA7L8M+DHCvePXg+bfHWi+ct5VI6nHUFQE5+ohm/9wmgihCH3HSkeKsw==",
- "peerDependencies": {
- "@node-redis/client": "^1.0.0"
- }
- },
- "node_modules/@node-redis/client": {
- "version": "1.0.5",
- "resolved": "https://registry.npmjs.org/@node-redis/client/-/client-1.0.5.tgz",
- "integrity": "sha512-ESZ3bd1f+od62h4MaBLKum+klVJfA4wAeLHcVQBkoXa1l0viFesOWnakLQqKg+UyrlJhZmXJWtu0Y9v7iTMrig==",
- "dependencies": {
- "cluster-key-slot": "1.1.0",
- "generic-pool": "3.8.2",
- "redis-parser": "3.0.0",
- "yallist": "4.0.0"
- },
- "engines": {
- "node": ">=12"
- }
- },
- "node_modules/@node-redis/graph": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/@node-redis/graph/-/graph-1.0.0.tgz",
- "integrity": "sha512-mRSo8jEGC0cf+Rm7q8mWMKKKqkn6EAnA9IA2S3JvUv/gaWW/73vil7GLNwion2ihTptAm05I9LkepzfIXUKX5g==",
- "peerDependencies": {
- "@node-redis/client": "^1.0.0"
- }
- },
- "node_modules/@node-redis/json": {
- "version": "1.0.2",
- "resolved": "https://registry.npmjs.org/@node-redis/json/-/json-1.0.2.tgz",
- "integrity": "sha512-qVRgn8WfG46QQ08CghSbY4VhHFgaTY71WjpwRBGEuqGPfWwfRcIf3OqSpR7Q/45X+v3xd8mvYjywqh0wqJ8T+g==",
- "peerDependencies": {
- "@node-redis/client": "^1.0.0"
- }
- },
- "node_modules/@node-redis/search": {
- "version": "1.0.5",
- "resolved": "https://registry.npmjs.org/@node-redis/search/-/search-1.0.5.tgz",
- "integrity": "sha512-MCOL8iCKq4v+3HgEQv8zGlSkZyXSXtERgrAJ4TSryIG/eLFy84b57KmNNa/V7M1Q2Wd2hgn2nPCGNcQtk1R1OQ==",
- "peerDependencies": {
- "@node-redis/client": "^1.0.0"
- }
- },
- "node_modules/@node-redis/time-series": {
- "version": "1.0.2",
- "resolved": "https://registry.npmjs.org/@node-redis/time-series/-/time-series-1.0.2.tgz",
- "integrity": "sha512-HGQ8YooJ8Mx7l28tD7XjtB3ImLEjlUxG1wC1PAjxu6hPJqjPshUZxAICzDqDjtIbhDTf48WXXUcx8TQJB1XTKA==",
- "peerDependencies": {
- "@node-redis/client": "^1.0.0"
- }
- },
"node_modules/@node-rs/bcrypt": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/@node-rs/bcrypt/-/bcrypt-1.1.0.tgz",
@@ -2950,6 +2896,59 @@
}
}
},
+ "node_modules/@redis/bloom": {
+ "version": "1.2.0",
+ "resolved": "https://registry.npmjs.org/@redis/bloom/-/bloom-1.2.0.tgz",
+ "integrity": "sha512-HG2DFjYKbpNmVXsa0keLHp/3leGJz1mjh09f2RLGGLQZzSHpkmZWuwJbAvo3QcRY8p80m5+ZdXZdYOSBLlp7Cg==",
+ "peerDependencies": {
+ "@redis/client": "^1.0.0"
+ }
+ },
+ "node_modules/@redis/client": {
+ "version": "1.5.7",
+ "resolved": "https://registry.npmjs.org/@redis/client/-/client-1.5.7.tgz",
+ "integrity": "sha512-gaOBOuJPjK5fGtxSseaKgSvjiZXQCdLlGg9WYQst+/GRUjmXaiB5kVkeQMRtPc7Q2t93XZcJfBMSwzs/XS9UZw==",
+ "dependencies": {
+ "cluster-key-slot": "1.1.2",
+ "generic-pool": "3.9.0",
+ "yallist": "4.0.0"
+ },
+ "engines": {
+ "node": ">=14"
+ }
+ },
+ "node_modules/@redis/graph": {
+ "version": "1.1.0",
+ "resolved": "https://registry.npmjs.org/@redis/graph/-/graph-1.1.0.tgz",
+ "integrity": "sha512-16yZWngxyXPd+MJxeSr0dqh2AIOi8j9yXKcKCwVaKDbH3HTuETpDVPcLujhFYVPtYrngSco31BUcSa9TH31Gqg==",
+ "peerDependencies": {
+ "@redis/client": "^1.0.0"
+ }
+ },
+ "node_modules/@redis/json": {
+ "version": "1.0.4",
+ "resolved": "https://registry.npmjs.org/@redis/json/-/json-1.0.4.tgz",
+ "integrity": "sha512-LUZE2Gdrhg0Rx7AN+cZkb1e6HjoSKaeeW8rYnt89Tly13GBI5eP4CwDVr+MY8BAYfCg4/N15OUrtLoona9uSgw==",
+ "peerDependencies": {
+ "@redis/client": "^1.0.0"
+ }
+ },
+ "node_modules/@redis/search": {
+ "version": "1.1.2",
+ "resolved": "https://registry.npmjs.org/@redis/search/-/search-1.1.2.tgz",
+ "integrity": "sha512-/cMfstG/fOh/SsE+4/BQGeuH/JJloeWuH+qJzM8dbxuWvdWibWAOAHHCZTMPhV3xIlH4/cUEIA8OV5QnYpaVoA==",
+ "peerDependencies": {
+ "@redis/client": "^1.0.0"
+ }
+ },
+ "node_modules/@redis/time-series": {
+ "version": "1.0.4",
+ "resolved": "https://registry.npmjs.org/@redis/time-series/-/time-series-1.0.4.tgz",
+ "integrity": "sha512-ThUIgo2U/g7cCuZavucQTQzA9g9JbDDY2f64u3AbAoz/8vE2lt2U37LamDUVChhaDA3IRT9R6VvJwqnUfTJzng==",
+ "peerDependencies": {
+ "@redis/client": "^1.0.0"
+ }
+ },
"node_modules/@repeaterjs/repeater": {
"version": "3.0.4",
"resolved": "https://registry.npmjs.org/@repeaterjs/repeater/-/repeater-3.0.4.tgz",
@@ -5070,9 +5069,9 @@
}
},
"node_modules/cluster-key-slot": {
- "version": "1.1.0",
- "resolved": "https://registry.npmjs.org/cluster-key-slot/-/cluster-key-slot-1.1.0.tgz",
- "integrity": "sha512-2Nii8p3RwAPiFwsnZvukotvow2rIHM+yQ6ZcBXGHdniadkYGZYiGmkHJIbZPIV9nfv7m/U1IPMVVcAhoWFeklw==",
+ "version": "1.1.2",
+ "resolved": "https://registry.npmjs.org/cluster-key-slot/-/cluster-key-slot-1.1.2.tgz",
+ "integrity": "sha512-RMr0FhtfXemyinomL4hrWcYJxmX6deFdCxpJzhDttxgO1+bcCnkk+9drydLVDmAMG7NE6aN/fl4F7ucU/90gAA==",
"engines": {
"node": ">=0.10.0"
}
@@ -8247,9 +8246,9 @@
}
},
"node_modules/generic-pool": {
- "version": "3.8.2",
- "resolved": "https://registry.npmjs.org/generic-pool/-/generic-pool-3.8.2.tgz",
- "integrity": "sha512-nGToKy6p3PAbYQ7p1UlWl6vSPwfwU6TMSWK7TTu+WUY4ZjyZQGniGGt2oNVvyNSpyZYSB43zMXVLcBm08MTMkg==",
+ "version": "3.9.0",
+ "resolved": "https://registry.npmjs.org/generic-pool/-/generic-pool-3.9.0.tgz",
+ "integrity": "sha512-hymDOu5B53XvN4QT9dBmZxPX4CWhBPPLguTZ9MMFeFa/Kg0xWVfylOVNlJji/E7yTZWFd/q9GO5TxDLq156D7g==",
"engines": {
"node": ">= 4"
}
@@ -17298,35 +17297,16 @@
}
},
"node_modules/redis": {
- "version": "4.0.6",
- "resolved": "https://registry.npmjs.org/redis/-/redis-4.0.6.tgz",
- "integrity": "sha512-IaPAxgF5dV0jx+A9l6yd6R9/PAChZIoAskDVRzUODeLDNhsMlq7OLLTmu0AwAr0xjrJ1bibW5xdpRwqIQ8Q0Xg==",
+ "version": "4.6.6",
+ "resolved": "https://registry.npmjs.org/redis/-/redis-4.6.6.tgz",
+ "integrity": "sha512-aLs2fuBFV/VJ28oLBqYykfnhGGkFxvx0HdCEBYdJ99FFbSEMZ7c1nVKwR6ZRv+7bb7JnC0mmCzaqu8frgOYhpA==",
"dependencies": {
- "@node-redis/bloom": "1.0.1",
- "@node-redis/client": "1.0.5",
- "@node-redis/graph": "1.0.0",
- "@node-redis/json": "1.0.2",
- "@node-redis/search": "1.0.5",
- "@node-redis/time-series": "1.0.2"
- }
- },
- "node_modules/redis-errors": {
- "version": "1.2.0",
- "resolved": "https://registry.npmjs.org/redis-errors/-/redis-errors-1.2.0.tgz",
- "integrity": "sha512-1qny3OExCf0UvUV/5wpYKf2YwPcOqXzkwKKSmKHiE6ZMQs5heeE/c8eXK+PNllPvmjgAbfnsbpkGZWy8cBpn9w==",
- "engines": {
- "node": ">=4"
- }
- },
- "node_modules/redis-parser": {
- "version": "3.0.0",
- "resolved": "https://registry.npmjs.org/redis-parser/-/redis-parser-3.0.0.tgz",
- "integrity": "sha512-DJnGAeenTdpMEH6uAJRK/uiyEIH9WVsUmoLwzudwGJUwZPp80PDBWPHXSAGNPwNvIXAbe7MSUB1zQFugFml66A==",
- "dependencies": {
- "redis-errors": "^1.0.0"
- },
- "engines": {
- "node": ">=4"
+ "@redis/bloom": "1.2.0",
+ "@redis/client": "1.5.7",
+ "@redis/graph": "1.1.0",
+ "@redis/json": "1.0.4",
+ "@redis/search": "1.1.2",
+ "@redis/time-series": "1.0.4"
}
},
"node_modules/regenerate": {
@@ -22279,47 +22259,6 @@
"eslint-scope": "5.1.1"
}
},
- "@node-redis/bloom": {
- "version": "1.0.1",
- "resolved": "https://registry.npmjs.org/@node-redis/bloom/-/bloom-1.0.1.tgz",
- "integrity": "sha512-mXEBvEIgF4tUzdIN89LiYsbi6//EdpFA7L8M+DHCvePXg+bfHWi+ct5VI6nHUFQE5+ohm/9wmgihCH3HSkeKsw==",
- "requires": {}
- },
- "@node-redis/client": {
- "version": "1.0.5",
- "resolved": "https://registry.npmjs.org/@node-redis/client/-/client-1.0.5.tgz",
- "integrity": "sha512-ESZ3bd1f+od62h4MaBLKum+klVJfA4wAeLHcVQBkoXa1l0viFesOWnakLQqKg+UyrlJhZmXJWtu0Y9v7iTMrig==",
- "requires": {
- "cluster-key-slot": "1.1.0",
- "generic-pool": "3.8.2",
- "redis-parser": "3.0.0",
- "yallist": "4.0.0"
- }
- },
- "@node-redis/graph": {
- "version": "1.0.0",
- "resolved": "https://registry.npmjs.org/@node-redis/graph/-/graph-1.0.0.tgz",
- "integrity": "sha512-mRSo8jEGC0cf+Rm7q8mWMKKKqkn6EAnA9IA2S3JvUv/gaWW/73vil7GLNwion2ihTptAm05I9LkepzfIXUKX5g==",
- "requires": {}
- },
- "@node-redis/json": {
- "version": "1.0.2",
- "resolved": "https://registry.npmjs.org/@node-redis/json/-/json-1.0.2.tgz",
- "integrity": "sha512-qVRgn8WfG46QQ08CghSbY4VhHFgaTY71WjpwRBGEuqGPfWwfRcIf3OqSpR7Q/45X+v3xd8mvYjywqh0wqJ8T+g==",
- "requires": {}
- },
- "@node-redis/search": {
- "version": "1.0.5",
- "resolved": "https://registry.npmjs.org/@node-redis/search/-/search-1.0.5.tgz",
- "integrity": "sha512-MCOL8iCKq4v+3HgEQv8zGlSkZyXSXtERgrAJ4TSryIG/eLFy84b57KmNNa/V7M1Q2Wd2hgn2nPCGNcQtk1R1OQ==",
- "requires": {}
- },
- "@node-redis/time-series": {
- "version": "1.0.2",
- "resolved": "https://registry.npmjs.org/@node-redis/time-series/-/time-series-1.0.2.tgz",
- "integrity": "sha512-HGQ8YooJ8Mx7l28tD7XjtB3ImLEjlUxG1wC1PAjxu6hPJqjPshUZxAICzDqDjtIbhDTf48WXXUcx8TQJB1XTKA==",
- "requires": {}
- },
"@node-rs/bcrypt": {
"version": "1.1.0",
"resolved": "https://registry.npmjs.org/@node-rs/bcrypt/-/bcrypt-1.1.0.tgz",
@@ -22715,6 +22654,46 @@
}
}
},
+ "@redis/bloom": {
+ "version": "1.2.0",
+ "resolved": "https://registry.npmjs.org/@redis/bloom/-/bloom-1.2.0.tgz",
+ "integrity": "sha512-HG2DFjYKbpNmVXsa0keLHp/3leGJz1mjh09f2RLGGLQZzSHpkmZWuwJbAvo3QcRY8p80m5+ZdXZdYOSBLlp7Cg==",
+ "requires": {}
+ },
+ "@redis/client": {
+ "version": "1.5.7",
+ "resolved": "https://registry.npmjs.org/@redis/client/-/client-1.5.7.tgz",
+ "integrity": "sha512-gaOBOuJPjK5fGtxSseaKgSvjiZXQCdLlGg9WYQst+/GRUjmXaiB5kVkeQMRtPc7Q2t93XZcJfBMSwzs/XS9UZw==",
+ "requires": {
+ "cluster-key-slot": "1.1.2",
+ "generic-pool": "3.9.0",
+ "yallist": "4.0.0"
+ }
+ },
+ "@redis/graph": {
+ "version": "1.1.0",
+ "resolved": "https://registry.npmjs.org/@redis/graph/-/graph-1.1.0.tgz",
+ "integrity": "sha512-16yZWngxyXPd+MJxeSr0dqh2AIOi8j9yXKcKCwVaKDbH3HTuETpDVPcLujhFYVPtYrngSco31BUcSa9TH31Gqg==",
+ "requires": {}
+ },
+ "@redis/json": {
+ "version": "1.0.4",
+ "resolved": "https://registry.npmjs.org/@redis/json/-/json-1.0.4.tgz",
+ "integrity": "sha512-LUZE2Gdrhg0Rx7AN+cZkb1e6HjoSKaeeW8rYnt89Tly13GBI5eP4CwDVr+MY8BAYfCg4/N15OUrtLoona9uSgw==",
+ "requires": {}
+ },
+ "@redis/search": {
+ "version": "1.1.2",
+ "resolved": "https://registry.npmjs.org/@redis/search/-/search-1.1.2.tgz",
+ "integrity": "sha512-/cMfstG/fOh/SsE+4/BQGeuH/JJloeWuH+qJzM8dbxuWvdWibWAOAHHCZTMPhV3xIlH4/cUEIA8OV5QnYpaVoA==",
+ "requires": {}
+ },
+ "@redis/time-series": {
+ "version": "1.0.4",
+ "resolved": "https://registry.npmjs.org/@redis/time-series/-/time-series-1.0.4.tgz",
+ "integrity": "sha512-ThUIgo2U/g7cCuZavucQTQzA9g9JbDDY2f64u3AbAoz/8vE2lt2U37LamDUVChhaDA3IRT9R6VvJwqnUfTJzng==",
+ "requires": {}
+ },
"@repeaterjs/repeater": {
"version": "3.0.4",
"resolved": "https://registry.npmjs.org/@repeaterjs/repeater/-/repeater-3.0.4.tgz",
@@ -24379,9 +24358,9 @@
}
},
"cluster-key-slot": {
- "version": "1.1.0",
- "resolved": "https://registry.npmjs.org/cluster-key-slot/-/cluster-key-slot-1.1.0.tgz",
- "integrity": "sha512-2Nii8p3RwAPiFwsnZvukotvow2rIHM+yQ6ZcBXGHdniadkYGZYiGmkHJIbZPIV9nfv7m/U1IPMVVcAhoWFeklw=="
+ "version": "1.1.2",
+ "resolved": "https://registry.npmjs.org/cluster-key-slot/-/cluster-key-slot-1.1.2.tgz",
+ "integrity": "sha512-RMr0FhtfXemyinomL4hrWcYJxmX6deFdCxpJzhDttxgO1+bcCnkk+9drydLVDmAMG7NE6aN/fl4F7ucU/90gAA=="
},
"code-point-at": {
"version": "1.1.0",
@@ -26853,9 +26832,9 @@
}
},
"generic-pool": {
- "version": "3.8.2",
- "resolved": "https://registry.npmjs.org/generic-pool/-/generic-pool-3.8.2.tgz",
- "integrity": "sha512-nGToKy6p3PAbYQ7p1UlWl6vSPwfwU6TMSWK7TTu+WUY4ZjyZQGniGGt2oNVvyNSpyZYSB43zMXVLcBm08MTMkg=="
+ "version": "3.9.0",
+ "resolved": "https://registry.npmjs.org/generic-pool/-/generic-pool-3.9.0.tgz",
+ "integrity": "sha512-hymDOu5B53XvN4QT9dBmZxPX4CWhBPPLguTZ9MMFeFa/Kg0xWVfylOVNlJji/E7yTZWFd/q9GO5TxDLq156D7g=="
},
"gensync": {
"version": "1.0.0-beta.2",
@@ -33703,29 +33682,16 @@
}
},
"redis": {
- "version": "4.0.6",
- "resolved": "https://registry.npmjs.org/redis/-/redis-4.0.6.tgz",
- "integrity": "sha512-IaPAxgF5dV0jx+A9l6yd6R9/PAChZIoAskDVRzUODeLDNhsMlq7OLLTmu0AwAr0xjrJ1bibW5xdpRwqIQ8Q0Xg==",
- "requires": {
- "@node-redis/bloom": "1.0.1",
- "@node-redis/client": "1.0.5",
- "@node-redis/graph": "1.0.0",
- "@node-redis/json": "1.0.2",
- "@node-redis/search": "1.0.5",
- "@node-redis/time-series": "1.0.2"
- }
- },
- "redis-errors": {
- "version": "1.2.0",
- "resolved": "https://registry.npmjs.org/redis-errors/-/redis-errors-1.2.0.tgz",
- "integrity": "sha512-1qny3OExCf0UvUV/5wpYKf2YwPcOqXzkwKKSmKHiE6ZMQs5heeE/c8eXK+PNllPvmjgAbfnsbpkGZWy8cBpn9w=="
- },
- "redis-parser": {
- "version": "3.0.0",
- "resolved": "https://registry.npmjs.org/redis-parser/-/redis-parser-3.0.0.tgz",
- "integrity": "sha512-DJnGAeenTdpMEH6uAJRK/uiyEIH9WVsUmoLwzudwGJUwZPp80PDBWPHXSAGNPwNvIXAbe7MSUB1zQFugFml66A==",
- "requires": {
- "redis-errors": "^1.0.0"
+ "version": "4.6.6",
+ "resolved": "https://registry.npmjs.org/redis/-/redis-4.6.6.tgz",
+ "integrity": "sha512-aLs2fuBFV/VJ28oLBqYykfnhGGkFxvx0HdCEBYdJ99FFbSEMZ7c1nVKwR6ZRv+7bb7JnC0mmCzaqu8frgOYhpA==",
+ "requires": {
+ "@redis/bloom": "1.2.0",
+ "@redis/client": "1.5.7",
+ "@redis/graph": "1.1.0",
+ "@redis/json": "1.0.4",
+ "@redis/search": "1.1.2",
+ "@redis/time-series": "1.0.4"
}
},
"regenerate": {
diff --git a/package.json b/package.json
index 8e6c02d4ae..0d42ed88dd 100644
--- a/package.json
+++ b/package.json
@@ -54,7 +54,7 @@
"pg-promise": "11.3.0",
"pluralize": "8.0.0",
"rate-limit-redis": "3.0.1",
- "redis": "4.0.6",
+ "redis": "4.6.6",
"semver": "7.3.8",
"subscriptions-transport-ws": "0.11.0",
"tv4": "1.3.0",
From 4c1093e2e48a00f5be849456a60443deaa544103 Mon Sep 17 00:00:00 2001
From: Daniel
Date: Tue, 23 May 2023 00:39:32 +1000
Subject: [PATCH 16/53] refactor: Upgrade path-to-regexp from 0.1.7 to 6.2.1
(#8558)
---
package-lock.json | 24 +++++++++++++++++-------
package.json | 2 +-
src/cloud-code/Parse.Cloud.js | 4 ++--
src/middlewares.js | 8 ++++++--
4 files changed, 26 insertions(+), 12 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 5f2b1c4917..0251984a35 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -40,7 +40,7 @@
"mongodb": "4.10.0",
"mustache": "4.2.0",
"parse": "4.0.1",
- "path-to-regexp": "0.1.7",
+ "path-to-regexp": "6.2.1",
"pg-monitor": "2.0.0",
"pg-promise": "11.3.0",
"pluralize": "8.0.0",
@@ -7314,6 +7314,11 @@
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
"integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
},
+ "node_modules/express/node_modules/path-to-regexp": {
+ "version": "0.1.7",
+ "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
+ "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ=="
+ },
"node_modules/ext": {
"version": "1.7.0",
"resolved": "https://registry.npmjs.org/ext/-/ext-1.7.0.tgz",
@@ -16206,9 +16211,9 @@
"dev": true
},
"node_modules/path-to-regexp": {
- "version": "0.1.7",
- "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
- "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ=="
+ "version": "6.2.1",
+ "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.1.tgz",
+ "integrity": "sha512-JLyh7xT1kizaEvcaXOQwOc2/Yhw6KZOvPf1S8401UyLk86CU79LN3vl7ztXGm/pZ+YjoyAJ4rxmHwbkBXJX+yw=="
},
"node_modules/path-type": {
"version": "4.0.0",
@@ -26129,6 +26134,11 @@
"version": "2.0.0",
"resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
"integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A=="
+ },
+ "path-to-regexp": {
+ "version": "0.1.7",
+ "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
+ "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ=="
}
}
},
@@ -32836,9 +32846,9 @@
"dev": true
},
"path-to-regexp": {
- "version": "0.1.7",
- "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
- "integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ=="
+ "version": "6.2.1",
+ "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-6.2.1.tgz",
+ "integrity": "sha512-JLyh7xT1kizaEvcaXOQwOc2/Yhw6KZOvPf1S8401UyLk86CU79LN3vl7ztXGm/pZ+YjoyAJ4rxmHwbkBXJX+yw=="
},
"path-type": {
"version": "4.0.0",
diff --git a/package.json b/package.json
index 0d42ed88dd..127abee3eb 100644
--- a/package.json
+++ b/package.json
@@ -49,7 +49,7 @@
"mongodb": "4.10.0",
"mustache": "4.2.0",
"parse": "4.0.1",
- "path-to-regexp": "0.1.7",
+ "path-to-regexp": "6.2.1",
"pg-monitor": "2.0.0",
"pg-promise": "11.3.0",
"pluralize": "8.0.0",
diff --git a/src/cloud-code/Parse.Cloud.js b/src/cloud-code/Parse.Cloud.js
index 5540e8d719..01bf65f42c 100644
--- a/src/cloud-code/Parse.Cloud.js
+++ b/src/cloud-code/Parse.Cloud.js
@@ -82,9 +82,9 @@ const getRoute = parseClass => {
'@File': 'files',
}[parseClass] || 'classes';
if (parseClass === '@File') {
- return `/${route}/:id?*`;
+ return `/${route}/:id?(.*)`;
}
- return `/${route}/${parseClass}/:id?*`;
+ return `/${route}/${parseClass}/:id?(.*)`;
};
/** @namespace
* @name Parse
diff --git a/src/middlewares.js b/src/middlewares.js
index 2e450f3e03..faaafe542f 100644
--- a/src/middlewares.js
+++ b/src/middlewares.js
@@ -9,7 +9,7 @@ import MongoStorageAdapter from './Adapters/Storage/Mongo/MongoStorageAdapter';
import PostgresStorageAdapter from './Adapters/Storage/Postgres/PostgresStorageAdapter';
import rateLimit from 'express-rate-limit';
import { RateLimitOptions } from './Options/Definitions';
-import pathToRegexp from 'path-to-regexp';
+import { pathToRegexp } from 'path-to-regexp';
import ipRangeCheck from 'ip-range-check';
import RedisStore from 'rate-limit-redis';
import { createClient } from 'redis';
@@ -512,8 +512,12 @@ export const addRateLimit = (route, config, cloud) => {
},
});
}
+ let transformPath = route.requestPath.replaceAll('/*', '/(.*)');
+ if (transformPath === '*') {
+ transformPath = '(.*)';
+ }
config.rateLimits.push({
- path: pathToRegexp(route.requestPath),
+ path: pathToRegexp(transformPath),
handler: rateLimit({
windowMs: route.requestTimeWindow,
max: route.requestCount,
From a005874776d31bd14e5c86ad7d64c2b91549b021 Mon Sep 17 00:00:00 2001
From: Daniel
Date: Tue, 23 May 2023 01:11:50 +1000
Subject: [PATCH 17/53] refactor: Upgrade commander from 5.1.0 to 10.0.1
(#8557)
---
package-lock.json | 31 +++++++++++++++++++++++--------
package.json | 2 +-
spec/CLI.spec.js | 3 +--
src/cli/utils/commander.js | 2 +-
4 files changed, 26 insertions(+), 12 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 0251984a35..5f38c25bb1 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -19,7 +19,7 @@
"@parse/push-adapter": "4.1.2",
"bcryptjs": "2.4.3",
"body-parser": "1.20.1",
- "commander": "5.1.0",
+ "commander": "10.0.1",
"cors": "2.8.5",
"deepcopy": "2.1.0",
"express": "4.18.2",
@@ -5196,11 +5196,11 @@
}
},
"node_modules/commander": {
- "version": "5.1.0",
- "resolved": "https://registry.npmjs.org/commander/-/commander-5.1.0.tgz",
- "integrity": "sha512-P0CysNDQ7rtVw4QIQtm+MRxV66vKFSvlsQvGYXZWR3qFU0jlMKHZZZgw8e+8DSah4UDKMqnknRDQz+xuQXQ/Zg==",
+ "version": "10.0.1",
+ "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz",
+ "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug==",
"engines": {
- "node": ">= 6"
+ "node": ">=14"
}
},
"node_modules/commondir": {
@@ -10426,6 +10426,15 @@
"integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
"dev": true
},
+ "node_modules/lint-staged/node_modules/commander": {
+ "version": "5.1.0",
+ "resolved": "https://registry.npmjs.org/commander/-/commander-5.1.0.tgz",
+ "integrity": "sha512-P0CysNDQ7rtVw4QIQtm+MRxV66vKFSvlsQvGYXZWR3qFU0jlMKHZZZgw8e+8DSah4UDKMqnknRDQz+xuQXQ/Zg==",
+ "dev": true,
+ "engines": {
+ "node": ">= 6"
+ }
+ },
"node_modules/lint-staged/node_modules/cosmiconfig": {
"version": "6.0.0",
"resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-6.0.0.tgz",
@@ -24462,9 +24471,9 @@
}
},
"commander": {
- "version": "5.1.0",
- "resolved": "https://registry.npmjs.org/commander/-/commander-5.1.0.tgz",
- "integrity": "sha512-P0CysNDQ7rtVw4QIQtm+MRxV66vKFSvlsQvGYXZWR3qFU0jlMKHZZZgw8e+8DSah4UDKMqnknRDQz+xuQXQ/Zg=="
+ "version": "10.0.1",
+ "resolved": "https://registry.npmjs.org/commander/-/commander-10.0.1.tgz",
+ "integrity": "sha512-y4Mg2tXshplEbSGzx7amzPwKKOCGuoSRP/CjEdwwk0FOGlUbq6lKuoyDZTNZkmxHdJtp54hdfY/JUrdL7Xfdug=="
},
"commondir": {
"version": "1.0.1",
@@ -28521,6 +28530,12 @@
"integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
"dev": true
},
+ "commander": {
+ "version": "5.1.0",
+ "resolved": "https://registry.npmjs.org/commander/-/commander-5.1.0.tgz",
+ "integrity": "sha512-P0CysNDQ7rtVw4QIQtm+MRxV66vKFSvlsQvGYXZWR3qFU0jlMKHZZZgw8e+8DSah4UDKMqnknRDQz+xuQXQ/Zg==",
+ "dev": true
+ },
"cosmiconfig": {
"version": "6.0.0",
"resolved": "https://registry.npmjs.org/cosmiconfig/-/cosmiconfig-6.0.0.tgz",
diff --git a/package.json b/package.json
index 127abee3eb..33727a9832 100644
--- a/package.json
+++ b/package.json
@@ -28,7 +28,7 @@
"@parse/push-adapter": "4.1.2",
"bcryptjs": "2.4.3",
"body-parser": "1.20.1",
- "commander": "5.1.0",
+ "commander": "10.0.1",
"cors": "2.8.5",
"deepcopy": "2.1.0",
"express": "4.18.2",
diff --git a/spec/CLI.spec.js b/spec/CLI.spec.js
index 9affc31016..20667fd349 100644
--- a/spec/CLI.spec.js
+++ b/spec/CLI.spec.js
@@ -74,7 +74,7 @@ describe('commander additions', () => {
done();
});
- it('should load properly use args over env', done => {
+ it('should load properly use args over env', () => {
commander.loadDefinitions(testDefinitions);
commander.parse(['node', './CLI.spec.js', '--arg0', 'arg0Value', '--arg4', ''], {
PROGRAM_ARG_0: 'arg0ENVValue',
@@ -86,7 +86,6 @@ describe('commander additions', () => {
expect(commander.arg1).toEqual('arg1ENVValue');
expect(commander.arg2).toEqual(4);
expect(commander.arg4).toEqual('');
- done();
});
it('should fail in action as port is invalid', done => {
diff --git a/src/cli/utils/commander.js b/src/cli/utils/commander.js
index 8b8826fe69..75075bb3ac 100644
--- a/src/cli/utils/commander.js
+++ b/src/cli/utils/commander.js
@@ -136,5 +136,5 @@ Command.prototype.getOptions = function () {
}, {});
};
-export default new Command();
+export default new Command().storeOptionsAsProperties();
/* eslint-enable no-console */
From b0b99e7451b0c632702ce42336609fdd0dbee340 Mon Sep 17 00:00:00 2001
From: Snyk bot
Date: Wed, 24 May 2023 00:39:18 +0100
Subject: [PATCH 18/53] refactor: Security upgrade @parse/push-adapter from
4.1.2 to 4.1.3 (#8572)
---
package-lock.json | 20 ++++++++++----------
package.json | 2 +-
2 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 5f38c25bb1..365f254c54 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -11,12 +11,12 @@
"license": "Apache-2.0",
"dependencies": {
"@babel/eslint-parser": "7.19.1",
- "@graphql-tools/merge": "^8.4.1",
+ "@graphql-tools/merge": "8.4.1",
"@graphql-tools/schema": "9.0.4",
"@graphql-tools/utils": "8.12.0",
"@graphql-yoga/node": "2.6.0",
"@parse/fs-files-adapter": "1.2.2",
- "@parse/push-adapter": "4.1.2",
+ "@parse/push-adapter": "^4.1.3",
"bcryptjs": "2.4.3",
"body-parser": "1.20.1",
"commander": "10.0.1",
@@ -45,14 +45,14 @@
"pg-promise": "11.3.0",
"pluralize": "8.0.0",
"rate-limit-redis": "3.0.1",
- "redis": "^4.6.6",
+ "redis": "4.6.6",
"semver": "7.3.8",
"subscriptions-transport-ws": "0.11.0",
"tv4": "1.3.0",
"uuid": "9.0.0",
"winston": "3.8.1",
"winston-daily-rotate-file": "4.7.1",
- "ws": "^8.13.0"
+ "ws": "8.13.0"
},
"bin": {
"parse-server": "bin/parse-server"
@@ -2809,9 +2809,9 @@
}
},
"node_modules/@parse/push-adapter": {
- "version": "4.1.2",
- "resolved": "https://registry.npmjs.org/@parse/push-adapter/-/push-adapter-4.1.2.tgz",
- "integrity": "sha512-034vZTlAzgdfefIY4+Q4j8DHS/VwUAIVoh1JeRkHNfyQmUQ++uKbQbUQdJ/nf11HHS69kwLENs13BmhlHMpyHQ==",
+ "version": "4.1.3",
+ "resolved": "https://registry.npmjs.org/@parse/push-adapter/-/push-adapter-4.1.3.tgz",
+ "integrity": "sha512-Oy53ag7DpUva5dUWwP6tNEsrxv2xU9QIk+rb84q1DIm1qVgo2yl4oXcZ3FPG2Ks/NYURbv4w+z9oaSgVfyBRfQ==",
"dependencies": {
"@parse/node-apn": "5.1.3",
"@parse/node-gcm": "1.0.2",
@@ -22608,9 +22608,9 @@
}
},
"@parse/push-adapter": {
- "version": "4.1.2",
- "resolved": "https://registry.npmjs.org/@parse/push-adapter/-/push-adapter-4.1.2.tgz",
- "integrity": "sha512-034vZTlAzgdfefIY4+Q4j8DHS/VwUAIVoh1JeRkHNfyQmUQ++uKbQbUQdJ/nf11HHS69kwLENs13BmhlHMpyHQ==",
+ "version": "4.1.3",
+ "resolved": "https://registry.npmjs.org/@parse/push-adapter/-/push-adapter-4.1.3.tgz",
+ "integrity": "sha512-Oy53ag7DpUva5dUWwP6tNEsrxv2xU9QIk+rb84q1DIm1qVgo2yl4oXcZ3FPG2Ks/NYURbv4w+z9oaSgVfyBRfQ==",
"requires": {
"@parse/node-apn": "5.1.3",
"@parse/node-gcm": "1.0.2",
diff --git a/package.json b/package.json
index 33727a9832..91dd562275 100644
--- a/package.json
+++ b/package.json
@@ -25,7 +25,7 @@
"@graphql-tools/utils": "8.12.0",
"@graphql-yoga/node": "2.6.0",
"@parse/fs-files-adapter": "1.2.2",
- "@parse/push-adapter": "4.1.2",
+ "@parse/push-adapter": "4.1.3",
"bcryptjs": "2.4.3",
"body-parser": "1.20.1",
"commander": "10.0.1",
From f911f2cd3a8c45cd326272dcd681532764a3761e Mon Sep 17 00:00:00 2001
From: Daniel
Date: Thu, 25 May 2023 21:13:39 +1000
Subject: [PATCH 19/53] fix: Rate limit feature is incompatible with Node 14
(#8578)
---
src/middlewares.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/middlewares.js b/src/middlewares.js
index faaafe542f..b86dafb6b7 100644
--- a/src/middlewares.js
+++ b/src/middlewares.js
@@ -512,7 +512,7 @@ export const addRateLimit = (route, config, cloud) => {
},
});
}
- let transformPath = route.requestPath.replaceAll('/*', '/(.*)');
+ let transformPath = route.requestPath.split('/*').join('/(.*)');
if (transformPath === '*') {
transformPath = '(.*)';
}
From 3030c7652edda516bb43acc0fa6f625bef1ba2b2 Mon Sep 17 00:00:00 2001
From: semantic-release-bot
Date: Thu, 25 May 2023 11:15:05 +0000
Subject: [PATCH 20/53] chore(release): 6.1.0-alpha.13 [skip ci]
# [6.1.0-alpha.13](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.12...6.1.0-alpha.13) (2023-05-25)
### Bug Fixes
* Rate limit feature is incompatible with Node 14 ([#8578](https://github.com/parse-community/parse-server/issues/8578)) ([f911f2c](https://github.com/parse-community/parse-server/commit/f911f2cd3a8c45cd326272dcd681532764a3761e))
---
changelogs/CHANGELOG_alpha.md | 7 +++++++
package-lock.json | 4 ++--
package.json | 2 +-
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/changelogs/CHANGELOG_alpha.md b/changelogs/CHANGELOG_alpha.md
index b4088dba72..9a5cae7fda 100644
--- a/changelogs/CHANGELOG_alpha.md
+++ b/changelogs/CHANGELOG_alpha.md
@@ -1,3 +1,10 @@
+# [6.1.0-alpha.13](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.12...6.1.0-alpha.13) (2023-05-25)
+
+
+### Bug Fixes
+
+* Rate limit feature is incompatible with Node 14 ([#8578](https://github.com/parse-community/parse-server/issues/8578)) ([f911f2c](https://github.com/parse-community/parse-server/commit/f911f2cd3a8c45cd326272dcd681532764a3761e))
+
# [6.1.0-alpha.12](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.11...6.1.0-alpha.12) (2023-05-19)
diff --git a/package-lock.json b/package-lock.json
index 365f254c54..88bf2460ed 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
{
"name": "parse-server",
- "version": "6.1.0-alpha.12",
+ "version": "6.1.0-alpha.13",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "parse-server",
- "version": "6.1.0-alpha.12",
+ "version": "6.1.0-alpha.13",
"hasInstallScript": true,
"license": "Apache-2.0",
"dependencies": {
diff --git a/package.json b/package.json
index 91dd562275..717f720a74 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "parse-server",
- "version": "6.1.0-alpha.12",
+ "version": "6.1.0-alpha.13",
"description": "An express module providing a Parse-compatible API server",
"main": "lib/index.js",
"repository": {
From fd6a0077f2e5cf83d65e52172ae5a950ab0f1eae Mon Sep 17 00:00:00 2001
From: Daniel
Date: Thu, 25 May 2023 22:00:56 +1000
Subject: [PATCH 21/53] fix: Unnecessary log entries by `extendSessionOnUse`
(#8562)
---
src/Auth.js | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/Auth.js b/src/Auth.js
index 0617301d69..96c99cbb1d 100644
--- a/src/Auth.js
+++ b/src/Auth.js
@@ -84,7 +84,6 @@ const renewSessionIfNeeded = async ({ config, session, sessionToken }) => {
{ sessionToken },
{ limit: 1 }
).execute();
- console.log({ results });
session = results[0];
}
const lastUpdated = new Date(session?.updatedAt);
From 28aeda3f160efcbbcf85a85484a8d26567fa9761 Mon Sep 17 00:00:00 2001
From: Daniel
Date: Fri, 26 May 2023 06:02:33 +1000
Subject: [PATCH 22/53] feat: Allow `Parse.Object` pointers in Cloud Code
arguments (#8490)
---
spec/CloudCode.spec.js | 21 +++++++++++++++++++++
src/Routers/FunctionsRouter.js | 6 ++++++
2 files changed, 27 insertions(+)
diff --git a/spec/CloudCode.spec.js b/spec/CloudCode.spec.js
index c02999ad51..e77b1c69a7 100644
--- a/spec/CloudCode.spec.js
+++ b/spec/CloudCode.spec.js
@@ -1352,6 +1352,27 @@ describe('Cloud Code', () => {
});
});
+ it('allow cloud to encode Parse Objects', async () => {
+ const user = new Parse.User();
+ user.setUsername('username');
+ user.setPassword('password');
+ user.set('deleted', false);
+ await user.signUp();
+ Parse.Cloud.define(
+ 'deleteAccount',
+ async req => {
+ expect(req.params.object instanceof Parse.Object).toBeTrue();
+ req.params.object.set('deleted', true);
+ await req.params.object.save(null, { useMasterKey: true });
+ return 'Object deleted';
+ },
+ {
+ requireMaster: true,
+ }
+ );
+ await Parse.Cloud.run('deleteAccount', { object: user.toPointer() }, { useMasterKey: true });
+ });
+
it('beforeSave should not affect fetched pointers', done => {
Parse.Cloud.beforeSave('BeforeSaveUnchanged', () => {});
diff --git a/src/Routers/FunctionsRouter.js b/src/Routers/FunctionsRouter.js
index 4972453fc3..da69d54e0c 100644
--- a/src/Routers/FunctionsRouter.js
+++ b/src/Routers/FunctionsRouter.js
@@ -18,6 +18,12 @@ function parseObject(obj) {
return Object.assign(new Date(obj.iso), obj);
} else if (obj && obj.__type == 'File') {
return Parse.File.fromJSON(obj);
+ } else if (obj && obj.__type == 'Pointer') {
+ return Parse.Object.fromJSON({
+ __type: 'Pointer',
+ className: obj.className,
+ objectId: obj.objectId,
+ });
} else if (obj && typeof obj === 'object') {
return parseParams(obj);
} else {
From c2e4f8369be64289ccab9d5cac592165c1fe8483 Mon Sep 17 00:00:00 2001
From: Daniel
Date: Fri, 26 May 2023 07:59:42 +1000
Subject: [PATCH 23/53] refactor: Upgrade lru-cache from 7.12.0 to 9.1.1
(#8559)
---
package-lock.json | 16 ++++++++--------
package.json | 2 +-
spec/SessionTokenCache.spec.js | 2 +-
src/Adapters/Cache/LRUCache.js | 2 +-
src/LiveQuery/ParseLiveQueryServer.js | 6 +++---
src/LiveQuery/SessionTokenCache.js | 2 +-
6 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 88bf2460ed..6af50dfddf 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -35,7 +35,7 @@
"jwks-rsa": "2.1.5",
"ldapjs": "2.3.3",
"lodash": "4.17.21",
- "lru-cache": "7.12.0",
+ "lru-cache": "9.1.1",
"mime": "3.0.0",
"mongodb": "4.10.0",
"mustache": "4.2.0",
@@ -11056,11 +11056,11 @@
}
},
"node_modules/lru-cache": {
- "version": "7.12.0",
- "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-7.12.0.tgz",
- "integrity": "sha512-OIP3DwzRZDfLg9B9VP/huWBlpvbkmbfiBy8xmsXp4RPmE4A3MhwNozc5ZJ3fWnSg8fDcdlE/neRTPG2ycEKliw==",
+ "version": "9.1.1",
+ "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-9.1.1.tgz",
+ "integrity": "sha512-65/Jky17UwSb0BuB9V+MyDpsOtXKmYwzhyl+cOa9XUiI4uV2Ouy/2voFP3+al0BjZbJgMBD8FojMpAf+Z+qn4A==",
"engines": {
- "node": ">=12"
+ "node": "14 || >=16.14"
}
},
"node_modules/lru-memoizer": {
@@ -29041,9 +29041,9 @@
"dev": true
},
"lru-cache": {
- "version": "7.12.0",
- "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-7.12.0.tgz",
- "integrity": "sha512-OIP3DwzRZDfLg9B9VP/huWBlpvbkmbfiBy8xmsXp4RPmE4A3MhwNozc5ZJ3fWnSg8fDcdlE/neRTPG2ycEKliw=="
+ "version": "9.1.1",
+ "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-9.1.1.tgz",
+ "integrity": "sha512-65/Jky17UwSb0BuB9V+MyDpsOtXKmYwzhyl+cOa9XUiI4uV2Ouy/2voFP3+al0BjZbJgMBD8FojMpAf+Z+qn4A=="
},
"lru-memoizer": {
"version": "2.1.4",
diff --git a/package.json b/package.json
index 717f720a74..9c1d33e67f 100644
--- a/package.json
+++ b/package.json
@@ -44,7 +44,7 @@
"jwks-rsa": "2.1.5",
"ldapjs": "2.3.3",
"lodash": "4.17.21",
- "lru-cache": "7.12.0",
+ "lru-cache": "9.1.1",
"mime": "3.0.0",
"mongodb": "4.10.0",
"mustache": "4.2.0",
diff --git a/spec/SessionTokenCache.spec.js b/spec/SessionTokenCache.spec.js
index de1b101c56..6b3c83df62 100644
--- a/spec/SessionTokenCache.spec.js
+++ b/spec/SessionTokenCache.spec.js
@@ -47,7 +47,7 @@ describe('SessionTokenCache', function () {
sessionTokenCache.getUserId('sessionToken').then(userIdFromCache => {
expect(userIdFromCache).toBe('userId');
- expect(sessionTokenCache.cache.length).toBe(1);
+ expect(sessionTokenCache.cache.size).toBe(1);
done();
});
});
diff --git a/src/Adapters/Cache/LRUCache.js b/src/Adapters/Cache/LRUCache.js
index f54d8503f9..129a006376 100644
--- a/src/Adapters/Cache/LRUCache.js
+++ b/src/Adapters/Cache/LRUCache.js
@@ -1,4 +1,4 @@
-import LRU from 'lru-cache';
+import { LRUCache as LRU } from 'lru-cache';
import defaults from '../../defaults';
export class LRUCache {
diff --git a/src/LiveQuery/ParseLiveQueryServer.js b/src/LiveQuery/ParseLiveQueryServer.js
index 0b71265f33..1105a2a6b7 100644
--- a/src/LiveQuery/ParseLiveQueryServer.js
+++ b/src/LiveQuery/ParseLiveQueryServer.js
@@ -19,7 +19,7 @@ import {
} from '../triggers';
import { getAuthForSessionToken, Auth } from '../Auth';
import { getCacheController, getDatabaseController } from '../Controllers';
-import LRU from 'lru-cache';
+import { LRUCache as LRU } from 'lru-cache';
import UserRouter from '../Routers/UsersRouter';
import DatabaseController from '../Controllers/DatabaseController';
import { isDeepStrictEqual } from 'util';
@@ -518,7 +518,7 @@ class ParseLiveQueryServer {
]);
auth1.auth?.clearRoleCache(sessionToken);
auth2.auth?.clearRoleCache(sessionToken);
- this.authCache.del(sessionToken);
+ this.authCache.delete(sessionToken);
})
);
} catch (e) {
@@ -548,7 +548,7 @@ class ParseLiveQueryServer {
result.error = error;
this.authCache.set(sessionToken, Promise.resolve(result), this.config.cacheTimeout);
} else {
- this.authCache.del(sessionToken);
+ this.authCache.delete(sessionToken);
}
return result;
});
diff --git a/src/LiveQuery/SessionTokenCache.js b/src/LiveQuery/SessionTokenCache.js
index 13b84c7367..a7f52b65a0 100644
--- a/src/LiveQuery/SessionTokenCache.js
+++ b/src/LiveQuery/SessionTokenCache.js
@@ -1,5 +1,5 @@
import Parse from 'parse/node';
-import LRU from 'lru-cache';
+import { LRUCache as LRU } from 'lru-cache';
import logger from '../logger';
function userForSessionToken(sessionToken) {
From d7ac0cd9f8006fdb88552cb51bf9a10a5dded204 Mon Sep 17 00:00:00 2001
From: Manuel <5673677+mtrezza@users.noreply.github.com>
Date: Sun, 28 May 2023 01:31:42 +0200
Subject: [PATCH 24/53] ci: Skip CI for changes in MD files (#8583)
---
.github/workflows/ci.yml | 2 ++
1 file changed, 2 insertions(+)
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 91cad880f5..756e4e2419 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -5,6 +5,8 @@ on:
pull_request:
branches:
- '**'
+ paths-ignore:
+ - '**/**.md'
env:
NODE_VERSION: 19.3.0
PARSE_SERVER_TEST_TIMEOUT: 20000
From bd39ac54f45350286dc7795d3fcaa94e99996dec Mon Sep 17 00:00:00 2001
From: semantic-release-bot
Date: Sat, 27 May 2023 23:32:51 +0000
Subject: [PATCH 25/53] chore(release): 6.1.0-alpha.14 [skip ci]
# [6.1.0-alpha.14](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.13...6.1.0-alpha.14) (2023-05-27)
### Bug Fixes
* Unnecessary log entries by `extendSessionOnUse` ([#8562](https://github.com/parse-community/parse-server/issues/8562)) ([fd6a007](https://github.com/parse-community/parse-server/commit/fd6a0077f2e5cf83d65e52172ae5a950ab0f1eae))
### Features
* Allow `Parse.Object` pointers in Cloud Code arguments ([#8490](https://github.com/parse-community/parse-server/issues/8490)) ([28aeda3](https://github.com/parse-community/parse-server/commit/28aeda3f160efcbbcf85a85484a8d26567fa9761))
---
changelogs/CHANGELOG_alpha.md | 11 +++++++++++
package-lock.json | 4 ++--
package.json | 2 +-
3 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/changelogs/CHANGELOG_alpha.md b/changelogs/CHANGELOG_alpha.md
index 9a5cae7fda..6332515081 100644
--- a/changelogs/CHANGELOG_alpha.md
+++ b/changelogs/CHANGELOG_alpha.md
@@ -1,3 +1,14 @@
+# [6.1.0-alpha.14](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.13...6.1.0-alpha.14) (2023-05-27)
+
+
+### Bug Fixes
+
+* Unnecessary log entries by `extendSessionOnUse` ([#8562](https://github.com/parse-community/parse-server/issues/8562)) ([fd6a007](https://github.com/parse-community/parse-server/commit/fd6a0077f2e5cf83d65e52172ae5a950ab0f1eae))
+
+### Features
+
+* Allow `Parse.Object` pointers in Cloud Code arguments ([#8490](https://github.com/parse-community/parse-server/issues/8490)) ([28aeda3](https://github.com/parse-community/parse-server/commit/28aeda3f160efcbbcf85a85484a8d26567fa9761))
+
# [6.1.0-alpha.13](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.12...6.1.0-alpha.13) (2023-05-25)
diff --git a/package-lock.json b/package-lock.json
index 6af50dfddf..ca648a642b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
{
"name": "parse-server",
- "version": "6.1.0-alpha.13",
+ "version": "6.1.0-alpha.14",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "parse-server",
- "version": "6.1.0-alpha.13",
+ "version": "6.1.0-alpha.14",
"hasInstallScript": true,
"license": "Apache-2.0",
"dependencies": {
diff --git a/package.json b/package.json
index 9c1d33e67f..0d9e6d5b44 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "parse-server",
- "version": "6.1.0-alpha.13",
+ "version": "6.1.0-alpha.14",
"description": "An express module providing a Parse-compatible API server",
"main": "lib/index.js",
"repository": {
From a37d1ee24420c84470a9360fe2e1de50d0f7af15 Mon Sep 17 00:00:00 2001
From: Manuel <5673677+mtrezza@users.noreply.github.com>
Date: Sun, 28 May 2023 01:44:10 +0200
Subject: [PATCH 26/53] docs: Add code ownership section to CONTRIBUTING guide
(#8584)
---
CONTRIBUTING.md | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 255364a172..a37df4037e 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -11,6 +11,7 @@
- [Review Feedback](#review-feedback)
- [Merge Readiness](#merge-readiness)
- [Review Validity](#review-validity)
+ - [Code Ownership](#code-ownership)
- [Environment Setup](#environment-setup)
- [Recommended Tools](#recommended-tools)
- [Setting up your local machine](#setting-up-your-local-machine)
@@ -34,6 +35,8 @@
- [Breaking Change](#breaking-change-1)
- [Reverting](#reverting)
- [Security Vulnerability](#security-vulnerability)
+ - [Local Testing](#local-testing)
+ - [Merging](#merging-1)
- [Releasing](#releasing)
- [General Considerations](#general-considerations)
- [Major Release / Long-Term-Support](#major-release--long-term-support)
@@ -143,6 +146,12 @@ It's contrary to an open, collaborative environment to expect others to be invol
Your arguments must focus on the issue, not on your assumption of someone else's personal experience. We will take immediate and appropriate action in case of personal attacks, regardless of your previous contributions. Personal attacks are not permissible. If you became a victim of personal attacks, you can privately [report](https://docs.github.com/en/communities/maintaining-your-safety-on-github/reporting-abuse-or-spam) the GitHub comment to the Parse Platform PMC.
+### Code Ownership
+
+> *Can I open a new pull request based on another author's pull request?*
+
+If your pull request contains work from someone else then you are required to get their permission to use their work in your pull request. Please make sure to observe the [license](LICENSE) for more details. In addition, as an appreciative gesture you should clearly mention that your pull request is based on another pull request with a link in the top-most comment of your pull request. To avoid this issue we encourage contributors to collaborate on a single pull request to preserve the commit history and clearly identify each author's contribution. To do so, you can review the other author's pull request and submit your code suggestions, or ask the original author to grant you write access to their repository to also be able to make commits directly to their pull request.
+
## Environment Setup
### Recommended Tools
From 5eb690c1c54a8c1697061ff0df503eaea4f8ff67 Mon Sep 17 00:00:00 2001
From: Corey
Date: Sun, 28 May 2023 06:58:16 -0400
Subject: [PATCH 27/53] refactor: Incorrect spelling in hooks error message
(#8585)
---
spec/ParseHooks.spec.js | 2 +-
src/Controllers/HooksController.js | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/spec/ParseHooks.spec.js b/spec/ParseHooks.spec.js
index d5d980d3d0..f4bcc2e440 100644
--- a/spec/ParseHooks.spec.js
+++ b/spec/ParseHooks.spec.js
@@ -208,7 +208,7 @@ describe('Hooks', () => {
expect(err).not.toBe(null);
if (err) {
expect(err.code).toBe(143);
- expect(err.message).toBe('function name: my_new_function already exits');
+ expect(err.message).toBe('function name: my_new_function already exists');
}
return Parse.Hooks.removeFunction('my_new_function');
}
diff --git a/src/Controllers/HooksController.js b/src/Controllers/HooksController.js
index 9cc5f427e8..277104ef32 100644
--- a/src/Controllers/HooksController.js
+++ b/src/Controllers/HooksController.js
@@ -144,7 +144,7 @@ export class HooksController {
if (aHook.functionName) {
return this.getFunction(aHook.functionName).then(result => {
if (result) {
- throw new Parse.Error(143, `function name: ${aHook.functionName} already exits`);
+ throw new Parse.Error(143, `function name: ${aHook.functionName} already exists`);
} else {
return this.createOrUpdateHook(aHook);
}
From 0823a02fbf80bc88dc403bc47e9f5c6597ea78b4 Mon Sep 17 00:00:00 2001
From: patelmilanun <20059797+patelmilanun@users.noreply.github.com>
Date: Sun, 28 May 2023 04:32:02 -0700
Subject: [PATCH 28/53] fix: Inaccurate table total row count for PostgreSQL
(#8511)
---
src/Adapters/Storage/Postgres/PostgresStorageAdapter.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js b/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js
index 82ac0c20dc..83dd4444e7 100644
--- a/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js
+++ b/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js
@@ -2040,7 +2040,7 @@ export class PostgresStorageAdapter implements StorageAdapter {
if (where.pattern.length > 0 || !estimate) {
qs = `SELECT count(*) FROM $1:name ${wherePattern}`;
} else {
- qs = 'SELECT reltuples AS approximate_row_count FROM pg_class WHERE relname = $1';
+ qs = 'SELECT n_live_tup AS approximate_row_count FROM pg_stat_all_tables WHERE relname = $1;';
}
return this._client
From 6c5f89a56bf21609818b8aac7c55137101f8c62f Mon Sep 17 00:00:00 2001
From: semantic-release-bot
Date: Sun, 28 May 2023 11:59:52 +0000
Subject: [PATCH 29/53] chore(release): 6.1.0-alpha.15 [skip ci]
# [6.1.0-alpha.15](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.14...6.1.0-alpha.15) (2023-05-28)
### Bug Fixes
* Inaccurate table total row count for PostgreSQL ([#8511](https://github.com/parse-community/parse-server/issues/8511)) ([0823a02](https://github.com/parse-community/parse-server/commit/0823a02fbf80bc88dc403bc47e9f5c6597ea78b4))
---
changelogs/CHANGELOG_alpha.md | 7 +++++++
package-lock.json | 4 ++--
package.json | 2 +-
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/changelogs/CHANGELOG_alpha.md b/changelogs/CHANGELOG_alpha.md
index 6332515081..5ca44aa573 100644
--- a/changelogs/CHANGELOG_alpha.md
+++ b/changelogs/CHANGELOG_alpha.md
@@ -1,3 +1,10 @@
+# [6.1.0-alpha.15](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.14...6.1.0-alpha.15) (2023-05-28)
+
+
+### Bug Fixes
+
+* Inaccurate table total row count for PostgreSQL ([#8511](https://github.com/parse-community/parse-server/issues/8511)) ([0823a02](https://github.com/parse-community/parse-server/commit/0823a02fbf80bc88dc403bc47e9f5c6597ea78b4))
+
# [6.1.0-alpha.14](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.13...6.1.0-alpha.14) (2023-05-27)
diff --git a/package-lock.json b/package-lock.json
index ca648a642b..46db012795 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
{
"name": "parse-server",
- "version": "6.1.0-alpha.14",
+ "version": "6.1.0-alpha.15",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "parse-server",
- "version": "6.1.0-alpha.14",
+ "version": "6.1.0-alpha.15",
"hasInstallScript": true,
"license": "Apache-2.0",
"dependencies": {
diff --git a/package.json b/package.json
index 0d9e6d5b44..c839cae1be 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "parse-server",
- "version": "6.1.0-alpha.14",
+ "version": "6.1.0-alpha.15",
"description": "An express module providing a Parse-compatible API server",
"main": "lib/index.js",
"repository": {
From 6722110f203bc5fdcaa68cdf091cf9e7b48d1cff Mon Sep 17 00:00:00 2001
From: Manuel <5673677+mtrezza@users.noreply.github.com>
Date: Sun, 28 May 2023 21:44:42 +0200
Subject: [PATCH 30/53] revert: fix: Inaccurate table total row count for
PostgreSQL
This reverts commit 0823a02fbf80bc88dc403bc47e9f5c6597ea78b4.
---
src/Adapters/Storage/Postgres/PostgresStorageAdapter.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js b/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js
index 83dd4444e7..82ac0c20dc 100644
--- a/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js
+++ b/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js
@@ -2040,7 +2040,7 @@ export class PostgresStorageAdapter implements StorageAdapter {
if (where.pattern.length > 0 || !estimate) {
qs = `SELECT count(*) FROM $1:name ${wherePattern}`;
} else {
- qs = 'SELECT n_live_tup AS approximate_row_count FROM pg_stat_all_tables WHERE relname = $1;';
+ qs = 'SELECT reltuples AS approximate_row_count FROM pg_class WHERE relname = $1';
}
return this._client
From fc81b411e944aef90cd2f9cb0052923983d6ac9e Mon Sep 17 00:00:00 2001
From: semantic-release-bot
Date: Sun, 28 May 2023 19:46:01 +0000
Subject: [PATCH 31/53] chore(release): 6.1.0-alpha.16 [skip ci]
# [6.1.0-alpha.16](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.15...6.1.0-alpha.16) (2023-05-28)
### Reverts
* fix: Inaccurate table total row count for PostgreSQL ([6722110](https://github.com/parse-community/parse-server/commit/6722110f203bc5fdcaa68cdf091cf9e7b48d1cff))
---
changelogs/CHANGELOG_alpha.md | 7 +++++++
package-lock.json | 4 ++--
package.json | 2 +-
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/changelogs/CHANGELOG_alpha.md b/changelogs/CHANGELOG_alpha.md
index 5ca44aa573..3002b21d26 100644
--- a/changelogs/CHANGELOG_alpha.md
+++ b/changelogs/CHANGELOG_alpha.md
@@ -1,3 +1,10 @@
+# [6.1.0-alpha.16](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.15...6.1.0-alpha.16) (2023-05-28)
+
+
+### Reverts
+
+* fix: Inaccurate table total row count for PostgreSQL ([6722110](https://github.com/parse-community/parse-server/commit/6722110f203bc5fdcaa68cdf091cf9e7b48d1cff))
+
# [6.1.0-alpha.15](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.14...6.1.0-alpha.15) (2023-05-28)
diff --git a/package-lock.json b/package-lock.json
index 46db012795..289dde1767 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
{
"name": "parse-server",
- "version": "6.1.0-alpha.15",
+ "version": "6.1.0-alpha.16",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "parse-server",
- "version": "6.1.0-alpha.15",
+ "version": "6.1.0-alpha.16",
"hasInstallScript": true,
"license": "Apache-2.0",
"dependencies": {
diff --git a/package.json b/package.json
index c839cae1be..ad6bc5e8b9 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "parse-server",
- "version": "6.1.0-alpha.15",
+ "version": "6.1.0-alpha.16",
"description": "An express module providing a Parse-compatible API server",
"main": "lib/index.js",
"repository": {
From 505dd6bcfe2ce787a85d380b60b0d4dc5656fea1 Mon Sep 17 00:00:00 2001
From: Daniel
Date: Mon, 29 May 2023 22:11:45 +1000
Subject: [PATCH 32/53] ci: Fix flaky definitions check (#8504)
---
ci/definitionsCheck.js | 19 +++----------------
1 file changed, 3 insertions(+), 16 deletions(-)
diff --git a/ci/definitionsCheck.js b/ci/definitionsCheck.js
index 735d9c0b9d..e73473a984 100644
--- a/ci/definitionsCheck.js
+++ b/ci/definitionsCheck.js
@@ -1,27 +1,14 @@
const fs = require('fs').promises;
const { exec } = require('child_process');
const core = require('@actions/core');
-const { nextTick } = require('process');
-const { AbortController } = require("node-abort-controller");
+const util = require('util');
(async () => {
const [currentDefinitions, currentDocs] = await Promise.all([
fs.readFile('./src/Options/Definitions.js', 'utf8'),
fs.readFile('./src/Options/docs.js', 'utf8'),
]);
- exec('npm run definitions');
- const ac = new AbortController();
- const { signal } = ac;
- const watcher = fs.watch('./src/Options/docs.js', {signal});
- let i = 0;
- // eslint-disable-next-line
- for await (const _ of watcher) {
- i++;
- if (i === 3) {
- ac.abort();
- break;
- }
- }
- await new Promise(resolve => nextTick(resolve));
+ const execute = util.promisify(exec);
+ await execute('npm run definitions');
const [newDefinitions, newDocs] = await Promise.all([
fs.readFile('./src/Options/Definitions.js', 'utf8'),
fs.readFile('./src/Options/docs.js', 'utf8'),
From fc3b7526a6350dc0111e3016dfbc55eeb1b021f7 Mon Sep 17 00:00:00 2001
From: Corey
Date: Mon, 29 May 2023 11:40:51 -0400
Subject: [PATCH 33/53] refactor: Upgrade pg-promise from 11.3.0 to 11.5.0
(#8586)
---
package-lock.json | 149 +++++++++++++++++++++++++---------------------
package.json | 2 +-
2 files changed, 81 insertions(+), 70 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 289dde1767..6341e654a1 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -16,7 +16,7 @@
"@graphql-tools/utils": "8.12.0",
"@graphql-yoga/node": "2.6.0",
"@parse/fs-files-adapter": "1.2.2",
- "@parse/push-adapter": "^4.1.3",
+ "@parse/push-adapter": "4.1.3",
"bcryptjs": "2.4.3",
"body-parser": "1.20.1",
"commander": "10.0.1",
@@ -42,7 +42,7 @@
"parse": "4.0.1",
"path-to-regexp": "6.2.1",
"pg-monitor": "2.0.0",
- "pg-promise": "11.3.0",
+ "pg-promise": "11.5.0",
"pluralize": "8.0.0",
"rate-limit-redis": "3.0.1",
"redis": "4.6.6",
@@ -4090,9 +4090,9 @@
}
},
"node_modules/assert-options": {
- "version": "0.8.0",
- "resolved": "https://registry.npmjs.org/assert-options/-/assert-options-0.8.0.tgz",
- "integrity": "sha512-qSELrEaEz4sGwTs4Qh+swQkjiHAysC4rot21+jzXU86dJzNG+FDqBzyS3ohSoTRf4ZLA3FSwxQdiuNl5NXUtvA==",
+ "version": "0.8.1",
+ "resolved": "https://registry.npmjs.org/assert-options/-/assert-options-0.8.1.tgz",
+ "integrity": "sha512-5lNGRB5g5i2bGIzb+J1QQE1iKU/WEMVBReFIc5pPDWjcPj23otPL0eI6PB2v7QPi0qU6Mhym5D3y0ZiSIOf3GA==",
"engines": {
"node": ">=10.0.0"
}
@@ -15175,11 +15175,6 @@
"safer-buffer": "^2.0.2",
"tweetnacl": "~0.14.0"
},
- "bin": {
- "sshpk-conv": "bin/sshpk-conv",
- "sshpk-sign": "bin/sshpk-sign",
- "sshpk-verify": "bin/sshpk-verify"
- },
"engines": {
"node": ">=0.10.0"
}
@@ -16245,14 +16240,14 @@
"integrity": "sha512-7EAHlyLHI56VEIdK57uwHdHKIaAGbnXPiw0yWbarQZOKaKpvUIgW0jWRVLiatnM+XXlSwsanIBH/hzGMJulMow=="
},
"node_modules/pg": {
- "version": "8.9.0",
- "resolved": "https://registry.npmjs.org/pg/-/pg-8.9.0.tgz",
- "integrity": "sha512-ZJM+qkEbtOHRuXjmvBtOgNOXOtLSbxiMiUVMgE4rV6Zwocy03RicCVvDXgx8l4Biwo8/qORUnEqn2fdQzV7KCg==",
+ "version": "8.11.0",
+ "resolved": "https://registry.npmjs.org/pg/-/pg-8.11.0.tgz",
+ "integrity": "sha512-meLUVPn2TWgJyLmy7el3fQQVwft4gU5NGyvV0XbD41iU9Jbg8lCH4zexhIkihDzVHJStlt6r088G6/fWeNjhXA==",
"dependencies": {
"buffer-writer": "2.0.0",
"packet-reader": "1.0.0",
- "pg-connection-string": "^2.5.0",
- "pg-pool": "^3.5.2",
+ "pg-connection-string": "^2.6.0",
+ "pg-pool": "^3.6.0",
"pg-protocol": "^1.6.0",
"pg-types": "^2.1.0",
"pgpass": "1.x"
@@ -16260,6 +16255,9 @@
"engines": {
"node": ">= 8.0.0"
},
+ "optionalDependencies": {
+ "pg-cloudflare": "^1.1.0"
+ },
"peerDependencies": {
"pg-native": ">=3.0.1"
},
@@ -16269,10 +16267,16 @@
}
}
},
+ "node_modules/pg-cloudflare": {
+ "version": "1.1.0",
+ "resolved": "https://registry.npmjs.org/pg-cloudflare/-/pg-cloudflare-1.1.0.tgz",
+ "integrity": "sha512-tGM8/s6frwuAIyRcJ6nWcIvd3+3NmUKIs6OjviIm1HPPFEt5MzQDOTBQyhPWg/m0kCl95M6gA1JaIXtS8KovOA==",
+ "optional": true
+ },
"node_modules/pg-connection-string": {
- "version": "2.5.0",
- "resolved": "https://registry.npmjs.org/pg-connection-string/-/pg-connection-string-2.5.0.tgz",
- "integrity": "sha512-r5o/V/ORTA6TmUnyWZR9nCj1klXCO2CEKNRlVuJptZe85QuhFayC7WeMic7ndayT5IRIR0S0xFxFi2ousartlQ=="
+ "version": "2.6.0",
+ "resolved": "https://registry.npmjs.org/pg-connection-string/-/pg-connection-string-2.6.0.tgz",
+ "integrity": "sha512-x14ibktcwlHKoHxx9X3uTVW9zIGR41ZB6QNhHb21OPNdCCO3NaRnpJuwKIQSR4u+Yqjx4HCvy7Hh7VSy1U4dGg=="
},
"node_modules/pg-int8": {
"version": "1.0.1",
@@ -16283,11 +16287,11 @@
}
},
"node_modules/pg-minify": {
- "version": "1.6.2",
- "resolved": "https://registry.npmjs.org/pg-minify/-/pg-minify-1.6.2.tgz",
- "integrity": "sha512-1KdmFGGTP6jplJoI8MfvRlfvMiyBivMRP7/ffh4a11RUFJ7kC2J0ZHlipoKiH/1hz+DVgceon9U2qbaHpPeyPg==",
+ "version": "1.6.3",
+ "resolved": "https://registry.npmjs.org/pg-minify/-/pg-minify-1.6.3.tgz",
+ "integrity": "sha512-NoSsPqXxbkD8RIe+peQCqiea4QzXgosdTKY8p7PsbbGsh2F8TifDj/vJxfuR8qJwNYrijdSs7uf0tAe6WOyCsQ==",
"engines": {
- "node": ">=8.0"
+ "node": ">=12.0.0"
}
},
"node_modules/pg-monitor": {
@@ -16357,22 +16361,22 @@
"integrity": "sha512-+5nt5AAniqsCnu2cEQQdpzCAh33kVx8n0VoFidKpB1dVVLAN/F+bgVOqOJqOnEnrhp222clB5p3vUlD+1QAnfg=="
},
"node_modules/pg-pool": {
- "version": "3.5.2",
- "resolved": "https://registry.npmjs.org/pg-pool/-/pg-pool-3.5.2.tgz",
- "integrity": "sha512-His3Fh17Z4eg7oANLob6ZvH8xIVen3phEZh2QuyrIl4dQSDVEabNducv6ysROKpDNPSD+12tONZVWfSgMvDD9w==",
+ "version": "3.6.0",
+ "resolved": "https://registry.npmjs.org/pg-pool/-/pg-pool-3.6.0.tgz",
+ "integrity": "sha512-clFRf2ksqd+F497kWFyM21tMjeikn60oGDmqMT8UBrynEwVEX/5R5xd2sdvdo1cZCFlguORNpVuqxIj+aK4cfQ==",
"peerDependencies": {
"pg": ">=8.0"
}
},
"node_modules/pg-promise": {
- "version": "11.3.0",
- "resolved": "https://registry.npmjs.org/pg-promise/-/pg-promise-11.3.0.tgz",
- "integrity": "sha512-A2CYmax5gsqVAO2N0ET9oPRCPX3kpKymj9qLVK7+jszlJL6l8uJDq/DGqLpxNi5VHwK7Dmm2WNRdrwkh1xuaxQ==",
+ "version": "11.5.0",
+ "resolved": "https://registry.npmjs.org/pg-promise/-/pg-promise-11.5.0.tgz",
+ "integrity": "sha512-ZfhntV6Yoc3S0hQWOlEodk5fEmF9ADxKl0vNvBnZgzvLt73uY29wVaNBz2AZK2J0gVmm/zhO51RXPtI4MgKkSQ==",
"dependencies": {
- "assert-options": "0.8.0",
- "pg": "8.9.0",
- "pg-minify": "1.6.2",
- "spex": "3.2.0"
+ "assert-options": "0.8.1",
+ "pg": "8.11.0",
+ "pg-minify": "1.6.3",
+ "spex": "3.3.0"
},
"engines": {
"node": ">=14.0"
@@ -16407,9 +16411,9 @@
}
},
"node_modules/pgpass/node_modules/split2": {
- "version": "4.1.0",
- "resolved": "https://registry.npmjs.org/split2/-/split2-4.1.0.tgz",
- "integrity": "sha512-VBiJxFkxiXRlUIeyMQi8s4hgvKCSjtknJv/LVYbrgALPwf5zSKmEwV9Lst25AkvMDnvxODugjdl6KZgwKM1WYQ==",
+ "version": "4.2.0",
+ "resolved": "https://registry.npmjs.org/split2/-/split2-4.2.0.tgz",
+ "integrity": "sha512-UcjcJOWknrNkF6PLX83qcHM6KHgVKNkV62Y8a5uYDVv9ydGQVwAHMKqHdJje1VTWpljG0WYpCDhrCdAOYH4TWg==",
"engines": {
"node": ">= 10.x"
}
@@ -18771,11 +18775,11 @@
"dev": true
},
"node_modules/spex": {
- "version": "3.2.0",
- "resolved": "https://registry.npmjs.org/spex/-/spex-3.2.0.tgz",
- "integrity": "sha512-9srjJM7NaymrpwMHvSmpDeIK5GoRMX/Tq0E8aOlDPS54dDnDUIp30DrP9SphMPEETDLzEM9+4qo+KipmbtPecg==",
+ "version": "3.3.0",
+ "resolved": "https://registry.npmjs.org/spex/-/spex-3.3.0.tgz",
+ "integrity": "sha512-VNiXjFp6R4ldPbVRYbpxlD35yRHceecVXlct1J4/X80KuuPnW2AXMq3sGwhnJOhKkUsOxAT6nRGfGE5pocVw5w==",
"engines": {
- "node": ">=4.5"
+ "node": ">=10.0.0"
}
},
"node_modules/split": {
@@ -23617,9 +23621,9 @@
}
},
"assert-options": {
- "version": "0.8.0",
- "resolved": "https://registry.npmjs.org/assert-options/-/assert-options-0.8.0.tgz",
- "integrity": "sha512-qSELrEaEz4sGwTs4Qh+swQkjiHAysC4rot21+jzXU86dJzNG+FDqBzyS3ohSoTRf4ZLA3FSwxQdiuNl5NXUtvA=="
+ "version": "0.8.1",
+ "resolved": "https://registry.npmjs.org/assert-options/-/assert-options-0.8.1.tgz",
+ "integrity": "sha512-5lNGRB5g5i2bGIzb+J1QQE1iKU/WEMVBReFIc5pPDWjcPj23otPL0eI6PB2v7QPi0qU6Mhym5D3y0ZiSIOf3GA=="
},
"assert-plus": {
"version": "1.0.0",
@@ -32883,23 +32887,30 @@
"integrity": "sha512-7EAHlyLHI56VEIdK57uwHdHKIaAGbnXPiw0yWbarQZOKaKpvUIgW0jWRVLiatnM+XXlSwsanIBH/hzGMJulMow=="
},
"pg": {
- "version": "8.9.0",
- "resolved": "https://registry.npmjs.org/pg/-/pg-8.9.0.tgz",
- "integrity": "sha512-ZJM+qkEbtOHRuXjmvBtOgNOXOtLSbxiMiUVMgE4rV6Zwocy03RicCVvDXgx8l4Biwo8/qORUnEqn2fdQzV7KCg==",
+ "version": "8.11.0",
+ "resolved": "https://registry.npmjs.org/pg/-/pg-8.11.0.tgz",
+ "integrity": "sha512-meLUVPn2TWgJyLmy7el3fQQVwft4gU5NGyvV0XbD41iU9Jbg8lCH4zexhIkihDzVHJStlt6r088G6/fWeNjhXA==",
"requires": {
"buffer-writer": "2.0.0",
"packet-reader": "1.0.0",
- "pg-connection-string": "^2.5.0",
- "pg-pool": "^3.5.2",
+ "pg-cloudflare": "^1.1.0",
+ "pg-connection-string": "^2.6.0",
+ "pg-pool": "^3.6.0",
"pg-protocol": "^1.6.0",
"pg-types": "^2.1.0",
"pgpass": "1.x"
}
},
+ "pg-cloudflare": {
+ "version": "1.1.0",
+ "resolved": "https://registry.npmjs.org/pg-cloudflare/-/pg-cloudflare-1.1.0.tgz",
+ "integrity": "sha512-tGM8/s6frwuAIyRcJ6nWcIvd3+3NmUKIs6OjviIm1HPPFEt5MzQDOTBQyhPWg/m0kCl95M6gA1JaIXtS8KovOA==",
+ "optional": true
+ },
"pg-connection-string": {
- "version": "2.5.0",
- "resolved": "https://registry.npmjs.org/pg-connection-string/-/pg-connection-string-2.5.0.tgz",
- "integrity": "sha512-r5o/V/ORTA6TmUnyWZR9nCj1klXCO2CEKNRlVuJptZe85QuhFayC7WeMic7ndayT5IRIR0S0xFxFi2ousartlQ=="
+ "version": "2.6.0",
+ "resolved": "https://registry.npmjs.org/pg-connection-string/-/pg-connection-string-2.6.0.tgz",
+ "integrity": "sha512-x14ibktcwlHKoHxx9X3uTVW9zIGR41ZB6QNhHb21OPNdCCO3NaRnpJuwKIQSR4u+Yqjx4HCvy7Hh7VSy1U4dGg=="
},
"pg-int8": {
"version": "1.0.1",
@@ -32907,9 +32918,9 @@
"integrity": "sha512-WCtabS6t3c8SkpDBUlb1kjOs7l66xsGdKpIPZsg4wR+B3+u9UAum2odSsF9tnvxg80h4ZxLWMy4pRjOsFIqQpw=="
},
"pg-minify": {
- "version": "1.6.2",
- "resolved": "https://registry.npmjs.org/pg-minify/-/pg-minify-1.6.2.tgz",
- "integrity": "sha512-1KdmFGGTP6jplJoI8MfvRlfvMiyBivMRP7/ffh4a11RUFJ7kC2J0ZHlipoKiH/1hz+DVgceon9U2qbaHpPeyPg=="
+ "version": "1.6.3",
+ "resolved": "https://registry.npmjs.org/pg-minify/-/pg-minify-1.6.3.tgz",
+ "integrity": "sha512-NoSsPqXxbkD8RIe+peQCqiea4QzXgosdTKY8p7PsbbGsh2F8TifDj/vJxfuR8qJwNYrijdSs7uf0tAe6WOyCsQ=="
},
"pg-monitor": {
"version": "2.0.0",
@@ -32974,20 +32985,20 @@
}
},
"pg-pool": {
- "version": "3.5.2",
- "resolved": "https://registry.npmjs.org/pg-pool/-/pg-pool-3.5.2.tgz",
- "integrity": "sha512-His3Fh17Z4eg7oANLob6ZvH8xIVen3phEZh2QuyrIl4dQSDVEabNducv6ysROKpDNPSD+12tONZVWfSgMvDD9w==",
+ "version": "3.6.0",
+ "resolved": "https://registry.npmjs.org/pg-pool/-/pg-pool-3.6.0.tgz",
+ "integrity": "sha512-clFRf2ksqd+F497kWFyM21tMjeikn60oGDmqMT8UBrynEwVEX/5R5xd2sdvdo1cZCFlguORNpVuqxIj+aK4cfQ==",
"requires": {}
},
"pg-promise": {
- "version": "11.3.0",
- "resolved": "https://registry.npmjs.org/pg-promise/-/pg-promise-11.3.0.tgz",
- "integrity": "sha512-A2CYmax5gsqVAO2N0ET9oPRCPX3kpKymj9qLVK7+jszlJL6l8uJDq/DGqLpxNi5VHwK7Dmm2WNRdrwkh1xuaxQ==",
+ "version": "11.5.0",
+ "resolved": "https://registry.npmjs.org/pg-promise/-/pg-promise-11.5.0.tgz",
+ "integrity": "sha512-ZfhntV6Yoc3S0hQWOlEodk5fEmF9ADxKl0vNvBnZgzvLt73uY29wVaNBz2AZK2J0gVmm/zhO51RXPtI4MgKkSQ==",
"requires": {
- "assert-options": "0.8.0",
- "pg": "8.9.0",
- "pg-minify": "1.6.2",
- "spex": "3.2.0"
+ "assert-options": "0.8.1",
+ "pg": "8.11.0",
+ "pg-minify": "1.6.3",
+ "spex": "3.3.0"
}
},
"pg-protocol": {
@@ -33016,9 +33027,9 @@
},
"dependencies": {
"split2": {
- "version": "4.1.0",
- "resolved": "https://registry.npmjs.org/split2/-/split2-4.1.0.tgz",
- "integrity": "sha512-VBiJxFkxiXRlUIeyMQi8s4hgvKCSjtknJv/LVYbrgALPwf5zSKmEwV9Lst25AkvMDnvxODugjdl6KZgwKM1WYQ=="
+ "version": "4.2.0",
+ "resolved": "https://registry.npmjs.org/split2/-/split2-4.2.0.tgz",
+ "integrity": "sha512-UcjcJOWknrNkF6PLX83qcHM6KHgVKNkV62Y8a5uYDVv9ydGQVwAHMKqHdJje1VTWpljG0WYpCDhrCdAOYH4TWg=="
}
}
},
@@ -34853,9 +34864,9 @@
"dev": true
},
"spex": {
- "version": "3.2.0",
- "resolved": "https://registry.npmjs.org/spex/-/spex-3.2.0.tgz",
- "integrity": "sha512-9srjJM7NaymrpwMHvSmpDeIK5GoRMX/Tq0E8aOlDPS54dDnDUIp30DrP9SphMPEETDLzEM9+4qo+KipmbtPecg=="
+ "version": "3.3.0",
+ "resolved": "https://registry.npmjs.org/spex/-/spex-3.3.0.tgz",
+ "integrity": "sha512-VNiXjFp6R4ldPbVRYbpxlD35yRHceecVXlct1J4/X80KuuPnW2AXMq3sGwhnJOhKkUsOxAT6nRGfGE5pocVw5w=="
},
"split": {
"version": "1.0.1",
diff --git a/package.json b/package.json
index ad6bc5e8b9..cd06e45523 100644
--- a/package.json
+++ b/package.json
@@ -51,7 +51,7 @@
"parse": "4.0.1",
"path-to-regexp": "6.2.1",
"pg-monitor": "2.0.0",
- "pg-promise": "11.3.0",
+ "pg-promise": "11.5.0",
"pluralize": "8.0.0",
"rate-limit-redis": "3.0.1",
"redis": "4.6.6",
From 9f1edd09f7e1084615a72cf254633cd9ce3405cb Mon Sep 17 00:00:00 2001
From: Parse Platform <90459499+parseplatformorg@users.noreply.github.com>
Date: Mon, 29 May 2023 20:20:43 +0200
Subject: [PATCH 34/53] refactor: Upgrade express-rate-limit from 6.6.0 to
6.7.0 (#8595)
---
package-lock.json | 14 +++++++-------
package.json | 2 +-
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 6341e654a1..28398b6130 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -23,7 +23,7 @@
"cors": "2.8.5",
"deepcopy": "2.1.0",
"express": "4.18.2",
- "express-rate-limit": "6.6.0",
+ "express-rate-limit": "^6.7.0",
"follow-redirects": "1.15.2",
"graphql": "16.6.0",
"graphql-list-fields": "2.0.2",
@@ -7291,9 +7291,9 @@
}
},
"node_modules/express-rate-limit": {
- "version": "6.6.0",
- "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.6.0.tgz",
- "integrity": "sha512-HFN2+4ZGdkQOS8Qli4z6knmJFnw6lZed67o6b7RGplWeb1Z0s8VXaj3dUgPIdm9hrhZXTRpCTHXA0/2Eqex0vA==",
+ "version": "6.7.0",
+ "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.7.0.tgz",
+ "integrity": "sha512-vhwIdRoqcYB/72TK3tRZI+0ttS8Ytrk24GfmsxDXK9o9IhHNO5bXRiXQSExPQ4GbaE5tvIS7j1SGrxsuWs+sGA==",
"engines": {
"node": ">= 12.9.0"
},
@@ -26156,9 +26156,9 @@
}
},
"express-rate-limit": {
- "version": "6.6.0",
- "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.6.0.tgz",
- "integrity": "sha512-HFN2+4ZGdkQOS8Qli4z6knmJFnw6lZed67o6b7RGplWeb1Z0s8VXaj3dUgPIdm9hrhZXTRpCTHXA0/2Eqex0vA==",
+ "version": "6.7.0",
+ "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-6.7.0.tgz",
+ "integrity": "sha512-vhwIdRoqcYB/72TK3tRZI+0ttS8Ytrk24GfmsxDXK9o9IhHNO5bXRiXQSExPQ4GbaE5tvIS7j1SGrxsuWs+sGA==",
"requires": {}
},
"ext": {
diff --git a/package.json b/package.json
index cd06e45523..b4f24be68a 100644
--- a/package.json
+++ b/package.json
@@ -32,7 +32,7 @@
"cors": "2.8.5",
"deepcopy": "2.1.0",
"express": "4.18.2",
- "express-rate-limit": "6.6.0",
+ "express-rate-limit": "6.7.0",
"follow-redirects": "1.15.2",
"graphql": "16.6.0",
"graphql-list-fields": "2.0.2",
From 15704a68f101e3bfab1077b24ea7cfcc1acc4cb6 Mon Sep 17 00:00:00 2001
From: Parse Platform <90459499+parseplatformorg@users.noreply.github.com>
Date: Mon, 29 May 2023 22:54:41 +0200
Subject: [PATCH 35/53] refactor: Upgrade rate-limit-redis from 3.0.1 to 3.0.2
(#8596)
---
package-lock.json | 14 +++++++-------
package.json | 2 +-
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 28398b6130..8934629a3e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -44,7 +44,7 @@
"pg-monitor": "2.0.0",
"pg-promise": "11.5.0",
"pluralize": "8.0.0",
- "rate-limit-redis": "3.0.1",
+ "rate-limit-redis": "^3.0.2",
"redis": "4.6.6",
"semver": "7.3.8",
"subscriptions-transport-ws": "0.11.0",
@@ -16927,9 +16927,9 @@
}
},
"node_modules/rate-limit-redis": {
- "version": "3.0.1",
- "resolved": "https://registry.npmjs.org/rate-limit-redis/-/rate-limit-redis-3.0.1.tgz",
- "integrity": "sha512-L6yhOUBrAZ8VEMX9DwlM3X6hfm8yq+gBO4LoOW7+JgmNq59zE7QmLz4v5VnwYPvLeSh/e7PDcrzUI3UumJw1iw==",
+ "version": "3.0.2",
+ "resolved": "https://registry.npmjs.org/rate-limit-redis/-/rate-limit-redis-3.0.2.tgz",
+ "integrity": "sha512-4SBK6AzIr9PKkCF4HmSDcJH2O2KKMF3fZEcsbNMXyaL5I9d6X71uOreUldFRiyrRyP+qkQrTxzJ38ZKKN+sScw==",
"engines": {
"node": ">= 14.5.0"
},
@@ -33403,9 +33403,9 @@
"integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg=="
},
"rate-limit-redis": {
- "version": "3.0.1",
- "resolved": "https://registry.npmjs.org/rate-limit-redis/-/rate-limit-redis-3.0.1.tgz",
- "integrity": "sha512-L6yhOUBrAZ8VEMX9DwlM3X6hfm8yq+gBO4LoOW7+JgmNq59zE7QmLz4v5VnwYPvLeSh/e7PDcrzUI3UumJw1iw==",
+ "version": "3.0.2",
+ "resolved": "https://registry.npmjs.org/rate-limit-redis/-/rate-limit-redis-3.0.2.tgz",
+ "integrity": "sha512-4SBK6AzIr9PKkCF4HmSDcJH2O2KKMF3fZEcsbNMXyaL5I9d6X71uOreUldFRiyrRyP+qkQrTxzJ38ZKKN+sScw==",
"requires": {}
},
"raw-body": {
diff --git a/package.json b/package.json
index b4f24be68a..684bf622fa 100644
--- a/package.json
+++ b/package.json
@@ -53,7 +53,7 @@
"pg-monitor": "2.0.0",
"pg-promise": "11.5.0",
"pluralize": "8.0.0",
- "rate-limit-redis": "3.0.1",
+ "rate-limit-redis": "3.0.2",
"redis": "4.6.6",
"semver": "7.3.8",
"subscriptions-transport-ws": "0.11.0",
From c0d1bc4f72486d08f5ed77b8b9cea511a1f4d31e Mon Sep 17 00:00:00 2001
From: Snyk bot
Date: Tue, 30 May 2023 19:00:12 +0100
Subject: [PATCH 36/53] refactor: Upgrade winston from 3.8.1 to 3.8.2 (#8598)
---
package-lock.json | 20 +++++++++++---------
package.json | 2 +-
2 files changed, 12 insertions(+), 10 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 8934629a3e..f3be934eb2 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -23,7 +23,7 @@
"cors": "2.8.5",
"deepcopy": "2.1.0",
"express": "4.18.2",
- "express-rate-limit": "^6.7.0",
+ "express-rate-limit": "6.7.0",
"follow-redirects": "1.15.2",
"graphql": "16.6.0",
"graphql-list-fields": "2.0.2",
@@ -44,13 +44,13 @@
"pg-monitor": "2.0.0",
"pg-promise": "11.5.0",
"pluralize": "8.0.0",
- "rate-limit-redis": "^3.0.2",
+ "rate-limit-redis": "3.0.2",
"redis": "4.6.6",
"semver": "7.3.8",
"subscriptions-transport-ws": "0.11.0",
"tv4": "1.3.0",
"uuid": "9.0.0",
- "winston": "3.8.1",
+ "winston": "^3.8.2",
"winston-daily-rotate-file": "4.7.1",
"ws": "8.13.0"
},
@@ -20307,10 +20307,11 @@
}
},
"node_modules/winston": {
- "version": "3.8.1",
- "resolved": "https://registry.npmjs.org/winston/-/winston-3.8.1.tgz",
- "integrity": "sha512-r+6YAiCR4uI3N8eQNOg8k3P3PqwAm20cLKlzVD9E66Ch39+LZC+VH1UKf9JemQj2B3QoUHfKD7Poewn0Pr3Y1w==",
+ "version": "3.8.2",
+ "resolved": "https://registry.npmjs.org/winston/-/winston-3.8.2.tgz",
+ "integrity": "sha512-MsE1gRx1m5jdTTO9Ld/vND4krP2To+lgDoMEHGGa4HIlAUyXJtfc7CxQcGXVyz2IBpw5hbFkj2b/AtUdQwyRew==",
"dependencies": {
+ "@colors/colors": "1.5.0",
"@dabh/diagnostics": "^2.0.2",
"async": "^3.2.3",
"is-stream": "^2.0.0",
@@ -36045,10 +36046,11 @@
}
},
"winston": {
- "version": "3.8.1",
- "resolved": "https://registry.npmjs.org/winston/-/winston-3.8.1.tgz",
- "integrity": "sha512-r+6YAiCR4uI3N8eQNOg8k3P3PqwAm20cLKlzVD9E66Ch39+LZC+VH1UKf9JemQj2B3QoUHfKD7Poewn0Pr3Y1w==",
+ "version": "3.8.2",
+ "resolved": "https://registry.npmjs.org/winston/-/winston-3.8.2.tgz",
+ "integrity": "sha512-MsE1gRx1m5jdTTO9Ld/vND4krP2To+lgDoMEHGGa4HIlAUyXJtfc7CxQcGXVyz2IBpw5hbFkj2b/AtUdQwyRew==",
"requires": {
+ "@colors/colors": "1.5.0",
"@dabh/diagnostics": "^2.0.2",
"async": "^3.2.3",
"is-stream": "^2.0.0",
diff --git a/package.json b/package.json
index 684bf622fa..4ea51de157 100644
--- a/package.json
+++ b/package.json
@@ -59,7 +59,7 @@
"subscriptions-transport-ws": "0.11.0",
"tv4": "1.3.0",
"uuid": "9.0.0",
- "winston": "3.8.1",
+ "winston": "3.8.2",
"winston-daily-rotate-file": "4.7.1",
"ws": "8.13.0"
},
From 5ab370d58e4f9fca8b4b0c18afdd6549d906bc2f Mon Sep 17 00:00:00 2001
From: Parse Platform <90459499+parseplatformorg@users.noreply.github.com>
Date: Wed, 31 May 2023 11:09:10 +0200
Subject: [PATCH 37/53] refactor: Upgrade @babel/eslint-parser from 7.19.1 to
7.21.8 (#8591)
---
package-lock.json | 14 +++++++-------
package.json | 2 +-
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index f3be934eb2..cdcc09a0a0 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,7 +10,7 @@
"hasInstallScript": true,
"license": "Apache-2.0",
"dependencies": {
- "@babel/eslint-parser": "7.19.1",
+ "@babel/eslint-parser": "^7.21.8",
"@graphql-tools/merge": "8.4.1",
"@graphql-tools/schema": "9.0.4",
"@graphql-tools/utils": "8.12.0",
@@ -299,9 +299,9 @@
}
},
"node_modules/@babel/eslint-parser": {
- "version": "7.19.1",
- "resolved": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.19.1.tgz",
- "integrity": "sha512-AqNf2QWt1rtu2/1rLswy6CDP7H9Oh3mMhk177Y67Rg8d7RD9WfOLLv8CGn6tisFvS2htm86yIe1yLF6I1UDaGQ==",
+ "version": "7.21.8",
+ "resolved": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.21.8.tgz",
+ "integrity": "sha512-HLhI+2q+BP3sf78mFUZNCGc10KEmoUqtUT1OCdMZsN+qr4qFeLUod62/zAnF3jNQstwyasDkZnVXwfK2Bml7MQ==",
"dependencies": {
"@nicolo-ribaudo/eslint-scope-5-internals": "5.1.1-v1",
"eslint-visitor-keys": "^2.1.0",
@@ -20801,9 +20801,9 @@
}
},
"@babel/eslint-parser": {
- "version": "7.19.1",
- "resolved": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.19.1.tgz",
- "integrity": "sha512-AqNf2QWt1rtu2/1rLswy6CDP7H9Oh3mMhk177Y67Rg8d7RD9WfOLLv8CGn6tisFvS2htm86yIe1yLF6I1UDaGQ==",
+ "version": "7.21.8",
+ "resolved": "https://registry.npmjs.org/@babel/eslint-parser/-/eslint-parser-7.21.8.tgz",
+ "integrity": "sha512-HLhI+2q+BP3sf78mFUZNCGc10KEmoUqtUT1OCdMZsN+qr4qFeLUod62/zAnF3jNQstwyasDkZnVXwfK2Bml7MQ==",
"requires": {
"@nicolo-ribaudo/eslint-scope-5-internals": "5.1.1-v1",
"eslint-visitor-keys": "^2.1.0",
diff --git a/package.json b/package.json
index 4ea51de157..b10e9a8bb0 100644
--- a/package.json
+++ b/package.json
@@ -19,7 +19,7 @@
],
"license": "Apache-2.0",
"dependencies": {
- "@babel/eslint-parser": "7.19.1",
+ "@babel/eslint-parser": "7.21.8",
"@graphql-tools/merge": "8.4.1",
"@graphql-tools/schema": "9.0.4",
"@graphql-tools/utils": "8.12.0",
From bf2a224e46612d2edd9ac8605f2e0212b4b6d60c Mon Sep 17 00:00:00 2001
From: Parse Platform <90459499+parseplatformorg@users.noreply.github.com>
Date: Wed, 31 May 2023 22:09:48 +0200
Subject: [PATCH 38/53] refactor: Upgrade body-parser from 1.20.1 to 1.20.2
(#8594)
---
package-lock.json | 113 ++++++++++++++++++++++++++++++++++++----------
package.json | 2 +-
2 files changed, 91 insertions(+), 24 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index cdcc09a0a0..269c3ccadb 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -18,7 +18,7 @@
"@parse/fs-files-adapter": "1.2.2",
"@parse/push-adapter": "4.1.3",
"bcryptjs": "2.4.3",
- "body-parser": "1.20.1",
+ "body-parser": "^1.20.2",
"commander": "10.0.1",
"cors": "2.8.5",
"deepcopy": "2.1.0",
@@ -4386,12 +4386,12 @@
"dev": true
},
"node_modules/body-parser": {
- "version": "1.20.1",
- "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz",
- "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==",
+ "version": "1.20.2",
+ "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz",
+ "integrity": "sha512-ml9pReCu3M61kGlqoTm2umSXTlRTuGTx0bfYj+uIUKKYycG5NtSbeetV3faSU6R7ajOPw0g/J1PvK4qNy7s5bA==",
"dependencies": {
"bytes": "3.1.2",
- "content-type": "~1.0.4",
+ "content-type": "~1.0.5",
"debug": "2.6.9",
"depd": "2.0.0",
"destroy": "1.2.0",
@@ -4399,7 +4399,7 @@
"iconv-lite": "0.4.24",
"on-finished": "2.4.1",
"qs": "6.11.0",
- "raw-body": "2.5.1",
+ "raw-body": "2.5.2",
"type-is": "~1.6.18",
"unpipe": "1.0.0"
},
@@ -5270,9 +5270,9 @@
}
},
"node_modules/content-type": {
- "version": "1.0.4",
- "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
- "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA==",
+ "version": "1.0.5",
+ "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
+ "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==",
"engines": {
"node": ">= 0.6"
}
@@ -7301,6 +7301,29 @@
"express": "^4 || ^5"
}
},
+ "node_modules/express/node_modules/body-parser": {
+ "version": "1.20.1",
+ "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz",
+ "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==",
+ "dependencies": {
+ "bytes": "3.1.2",
+ "content-type": "~1.0.4",
+ "debug": "2.6.9",
+ "depd": "2.0.0",
+ "destroy": "1.2.0",
+ "http-errors": "2.0.0",
+ "iconv-lite": "0.4.24",
+ "on-finished": "2.4.1",
+ "qs": "6.11.0",
+ "raw-body": "2.5.1",
+ "type-is": "~1.6.18",
+ "unpipe": "1.0.0"
+ },
+ "engines": {
+ "node": ">= 0.8",
+ "npm": "1.2.8000 || >= 1.4.16"
+ }
+ },
"node_modules/express/node_modules/debug": {
"version": "2.6.9",
"resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
@@ -7319,6 +7342,20 @@
"resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
"integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ=="
},
+ "node_modules/express/node_modules/raw-body": {
+ "version": "2.5.1",
+ "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
+ "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==",
+ "dependencies": {
+ "bytes": "3.1.2",
+ "http-errors": "2.0.0",
+ "iconv-lite": "0.4.24",
+ "unpipe": "1.0.0"
+ },
+ "engines": {
+ "node": ">= 0.8"
+ }
+ },
"node_modules/ext": {
"version": "1.7.0",
"resolved": "https://registry.npmjs.org/ext/-/ext-1.7.0.tgz",
@@ -16938,9 +16975,9 @@
}
},
"node_modules/raw-body": {
- "version": "2.5.1",
- "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
- "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==",
+ "version": "2.5.2",
+ "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz",
+ "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==",
"dependencies": {
"bytes": "3.1.2",
"http-errors": "2.0.0",
@@ -23853,12 +23890,12 @@
"dev": true
},
"body-parser": {
- "version": "1.20.1",
- "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz",
- "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==",
+ "version": "1.20.2",
+ "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.2.tgz",
+ "integrity": "sha512-ml9pReCu3M61kGlqoTm2umSXTlRTuGTx0bfYj+uIUKKYycG5NtSbeetV3faSU6R7ajOPw0g/J1PvK4qNy7s5bA==",
"requires": {
"bytes": "3.1.2",
- "content-type": "~1.0.4",
+ "content-type": "~1.0.5",
"debug": "2.6.9",
"depd": "2.0.0",
"destroy": "1.2.0",
@@ -23866,7 +23903,7 @@
"iconv-lite": "0.4.24",
"on-finished": "2.4.1",
"qs": "6.11.0",
- "raw-body": "2.5.1",
+ "raw-body": "2.5.2",
"type-is": "~1.6.18",
"unpipe": "1.0.0"
},
@@ -24544,9 +24581,9 @@
}
},
"content-type": {
- "version": "1.0.4",
- "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
- "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA=="
+ "version": "1.0.5",
+ "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz",
+ "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA=="
},
"conventional-changelog-angular": {
"version": "5.0.13",
@@ -26136,6 +26173,25 @@
"vary": "~1.1.2"
},
"dependencies": {
+ "body-parser": {
+ "version": "1.20.1",
+ "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.1.tgz",
+ "integrity": "sha512-jWi7abTbYwajOytWCQc37VulmWiRae5RyTpaCyDcS5/lMdtwSz5lOpDE67srw/HYe35f1z3fDQw+3txg7gNtWw==",
+ "requires": {
+ "bytes": "3.1.2",
+ "content-type": "~1.0.4",
+ "debug": "2.6.9",
+ "depd": "2.0.0",
+ "destroy": "1.2.0",
+ "http-errors": "2.0.0",
+ "iconv-lite": "0.4.24",
+ "on-finished": "2.4.1",
+ "qs": "6.11.0",
+ "raw-body": "2.5.1",
+ "type-is": "~1.6.18",
+ "unpipe": "1.0.0"
+ }
+ },
"debug": {
"version": "2.6.9",
"resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
@@ -26153,6 +26209,17 @@
"version": "0.1.7",
"resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
"integrity": "sha512-5DFkuoqlv1uYQKxy8omFBeJPQcdoE07Kv2sferDCrAq1ohOU+MSDswDIbnx3YAM60qIOnYa53wBhXW0EbMonrQ=="
+ },
+ "raw-body": {
+ "version": "2.5.1",
+ "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
+ "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==",
+ "requires": {
+ "bytes": "3.1.2",
+ "http-errors": "2.0.0",
+ "iconv-lite": "0.4.24",
+ "unpipe": "1.0.0"
+ }
}
}
},
@@ -33410,9 +33477,9 @@
"requires": {}
},
"raw-body": {
- "version": "2.5.1",
- "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.1.tgz",
- "integrity": "sha512-qqJBtEyVgS0ZmPGdCFPWJ3FreoqvG4MVQln/kCgF7Olq95IbOp0/BWyMwbdtn4VTvkM8Y7khCQ2Xgk/tcrCXig==",
+ "version": "2.5.2",
+ "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz",
+ "integrity": "sha512-8zGqypfENjCIqGhgXToC8aB2r7YrBX+AQAfIPs/Mlk+BtPTztOvTS01NRW/3Eh60J+a48lt8qsCzirQ6loCVfA==",
"requires": {
"bytes": "3.1.2",
"http-errors": "2.0.0",
diff --git a/package.json b/package.json
index b10e9a8bb0..f288bd6a79 100644
--- a/package.json
+++ b/package.json
@@ -27,7 +27,7 @@
"@parse/fs-files-adapter": "1.2.2",
"@parse/push-adapter": "4.1.3",
"bcryptjs": "2.4.3",
- "body-parser": "1.20.1",
+ "body-parser": "1.20.2",
"commander": "10.0.1",
"cors": "2.8.5",
"deepcopy": "2.1.0",
From 3ec453d88548f03bdd31f9c5fecbaf3bfb6ac298 Mon Sep 17 00:00:00 2001
From: Parse Platform <90459499+parseplatformorg@users.noreply.github.com>
Date: Thu, 1 Jun 2023 16:09:24 +0200
Subject: [PATCH 39/53] refactor: Upgrade semver from 7.3.8 to 7.5.0 (#8593)
---
package-lock.json | 14 +++++++-------
package.json | 2 +-
2 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 269c3ccadb..d7f2fab021 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -46,7 +46,7 @@
"pluralize": "8.0.0",
"rate-limit-redis": "3.0.2",
"redis": "4.6.6",
- "semver": "7.3.8",
+ "semver": "^7.5.0",
"subscriptions-transport-ws": "0.11.0",
"tv4": "1.3.0",
"uuid": "9.0.0",
@@ -18182,9 +18182,9 @@
}
},
"node_modules/semver": {
- "version": "7.3.8",
- "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.8.tgz",
- "integrity": "sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==",
+ "version": "7.5.0",
+ "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.0.tgz",
+ "integrity": "sha512-+XC0AD/R7Q2mPSRuy2Id0+CGTZ98+8f+KvwirxOKIEyid+XSx6HbC63p+O4IndTHuX5Z+JxQ0TghCkO5Cg/2HA==",
"dependencies": {
"lru-cache": "^6.0.0"
},
@@ -34415,9 +34415,9 @@
}
},
"semver": {
- "version": "7.3.8",
- "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.8.tgz",
- "integrity": "sha512-NB1ctGL5rlHrPJtFDVIVzTyQylMLu9N9VICA6HSFJo8MCGVTMW6gfpicwKmmK/dAjTOrqu5l63JJOpDSrAis3A==",
+ "version": "7.5.0",
+ "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.0.tgz",
+ "integrity": "sha512-+XC0AD/R7Q2mPSRuy2Id0+CGTZ98+8f+KvwirxOKIEyid+XSx6HbC63p+O4IndTHuX5Z+JxQ0TghCkO5Cg/2HA==",
"requires": {
"lru-cache": "^6.0.0"
},
diff --git a/package.json b/package.json
index f288bd6a79..5442642d4c 100644
--- a/package.json
+++ b/package.json
@@ -55,7 +55,7 @@
"pluralize": "8.0.0",
"rate-limit-redis": "3.0.2",
"redis": "4.6.6",
- "semver": "7.3.8",
+ "semver": "7.5.0",
"subscriptions-transport-ws": "0.11.0",
"tv4": "1.3.0",
"uuid": "9.0.0",
From 8c9a56e8eaeadd39425491a6335a33a74b4c23ed Mon Sep 17 00:00:00 2001
From: Parse Platform <90459499+parseplatformorg@users.noreply.github.com>
Date: Sat, 3 Jun 2023 14:16:14 +0200
Subject: [PATCH 40/53] refactor: Upgrade parse from 4.0.1 to 4.1.0 (#8604)
---
package-lock.json | 104 ++++++++++++++++++++--------------------------
package.json | 2 +-
2 files changed, 46 insertions(+), 60 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index d7f2fab021..90f9c1a71f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,7 +10,7 @@
"hasInstallScript": true,
"license": "Apache-2.0",
"dependencies": {
- "@babel/eslint-parser": "^7.21.8",
+ "@babel/eslint-parser": "7.21.8",
"@graphql-tools/merge": "8.4.1",
"@graphql-tools/schema": "9.0.4",
"@graphql-tools/utils": "8.12.0",
@@ -18,7 +18,7 @@
"@parse/fs-files-adapter": "1.2.2",
"@parse/push-adapter": "4.1.3",
"bcryptjs": "2.4.3",
- "body-parser": "^1.20.2",
+ "body-parser": "1.20.2",
"commander": "10.0.1",
"cors": "2.8.5",
"deepcopy": "2.1.0",
@@ -39,18 +39,18 @@
"mime": "3.0.0",
"mongodb": "4.10.0",
"mustache": "4.2.0",
- "parse": "4.0.1",
+ "parse": "^4.1.0",
"path-to-regexp": "6.2.1",
"pg-monitor": "2.0.0",
"pg-promise": "11.5.0",
"pluralize": "8.0.0",
"rate-limit-redis": "3.0.2",
"redis": "4.6.6",
- "semver": "^7.5.0",
+ "semver": "7.5.0",
"subscriptions-transport-ws": "0.11.0",
"tv4": "1.3.0",
"uuid": "9.0.0",
- "winston": "^3.8.2",
+ "winston": "3.8.2",
"winston-daily-rotate-file": "4.7.1",
"ws": "8.13.0"
},
@@ -1775,6 +1775,7 @@
"version": "7.18.0",
"resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.18.0.tgz",
"integrity": "sha512-YMQvx/6nKEaucl0MY56mwIG483xk8SDNdlUwb2Ts6FUpr7fm85DxEmsY18LXBNhcTz6tO6JwZV8w1W06v8UKeg==",
+ "dev": true,
"dependencies": {
"regenerator-runtime": "^0.13.4"
},
@@ -1783,12 +1784,12 @@
}
},
"node_modules/@babel/runtime-corejs3": {
- "version": "7.17.8",
- "resolved": "https://registry.npmjs.org/@babel/runtime-corejs3/-/runtime-corejs3-7.17.8.tgz",
- "integrity": "sha512-ZbYSUvoSF6dXZmMl/CYTMOvzIFnbGfv4W3SEHYgMvNsFTeLaF2gkGAF4K2ddmtSK4Emej+0aYcnSC6N5dPCXUQ==",
+ "version": "7.21.0",
+ "resolved": "https://registry.npmjs.org/@babel/runtime-corejs3/-/runtime-corejs3-7.21.0.tgz",
+ "integrity": "sha512-TDD4UJzos3JJtM+tHX+w2Uc+KWj7GV+VKKFdMVd2Rx8sdA19hcc3P3AHFYd5LVOw+pYuSd5lICC3gm52B6Rwxw==",
"dependencies": {
- "core-js-pure": "^3.20.2",
- "regenerator-runtime": "^0.13.4"
+ "core-js-pure": "^3.25.1",
+ "regenerator-runtime": "^0.13.11"
},
"engines": {
"node": ">=6.9.0"
@@ -9182,9 +9183,9 @@
}
},
"node_modules/idb-keyval": {
- "version": "6.0.3",
- "resolved": "https://registry.npmjs.org/idb-keyval/-/idb-keyval-6.0.3.tgz",
- "integrity": "sha512-yh8V7CnE6EQMu9YDwQXhRxwZh4nv+8xm/HV4ZqK4IiYFJBWYGjJuykADJbSP+F/GDXUBwCSSNn/14IpGL81TuA==",
+ "version": "6.2.0",
+ "resolved": "https://registry.npmjs.org/idb-keyval/-/idb-keyval-6.2.0.tgz",
+ "integrity": "sha512-uw+MIyQn2jl3+hroD7hF8J7PUviBU7BPKWw4f/ISf32D4LoGu98yHjrzWWJDASu9QNrX10tCJqk9YY0ClWm8Ng==",
"dependencies": {
"safari-14-idb-fix": "^3.0.0"
}
@@ -16121,20 +16122,19 @@
}
},
"node_modules/parse": {
- "version": "4.0.1",
- "resolved": "https://registry.npmjs.org/parse/-/parse-4.0.1.tgz",
- "integrity": "sha512-ctv7zaVKlQIBSbarorB7TH3yacDzCvgWBP4ccpLKxlpe21QlaY88kv9V7ca7JdG/Txb3qWug4MwepQoPogXB6Q==",
+ "version": "4.1.0",
+ "resolved": "https://registry.npmjs.org/parse/-/parse-4.1.0.tgz",
+ "integrity": "sha512-s0Ti+nWrKWj9DlFcmkEE05fGwa/K5ycZSdqCz01F8YL7Hevqv4WLXAmYGOwzq5UJSZ005seKgb20KwVwLdy/Zg==",
"dependencies": {
- "@babel/runtime": "7.18.0",
- "@babel/runtime-corejs3": "7.17.8",
- "idb-keyval": "6.0.3",
+ "@babel/runtime-corejs3": "7.21.0",
+ "idb-keyval": "6.2.0",
"react-native-crypto-js": "1.0.0",
- "uuid": "3.4.0",
- "ws": "8.6.0",
+ "uuid": "9.0.0",
+ "ws": "8.12.0",
"xmlhttprequest": "1.8.0"
},
"engines": {
- "node": ">=14.21.0 <17 || >=18 <19"
+ "node": ">=14.21.0 <17 || >=18 <20"
},
"optionalDependencies": {
"crypto-js": "4.1.1"
@@ -16167,25 +16167,16 @@
"node": ">=6"
}
},
- "node_modules/parse/node_modules/uuid": {
- "version": "3.4.0",
- "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz",
- "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==",
- "deprecated": "Please upgrade to version 7 or higher. Older versions may use Math.random() in certain circumstances, which is known to be problematic. See https://v8.dev/blog/math-random for details.",
- "bin": {
- "uuid": "bin/uuid"
- }
- },
"node_modules/parse/node_modules/ws": {
- "version": "8.6.0",
- "resolved": "https://registry.npmjs.org/ws/-/ws-8.6.0.tgz",
- "integrity": "sha512-AzmM3aH3gk0aX7/rZLYvjdvZooofDu3fFOzGqcSnQ1tOcTWwhM/o+q++E8mAyVVIyUdajrkzWUGftaVSDLn1bw==",
+ "version": "8.12.0",
+ "resolved": "https://registry.npmjs.org/ws/-/ws-8.12.0.tgz",
+ "integrity": "sha512-kU62emKIdKVeEIOIKVegvqpXMSTAMLJozpHZaJNDYqBjzlSYXQGviYwN1osDLJ9av68qHd4a2oSjd7yD4pacig==",
"engines": {
"node": ">=10.0.0"
},
"peerDependencies": {
"bufferutil": "^4.0.1",
- "utf-8-validate": "^5.0.2"
+ "utf-8-validate": ">=5.0.2"
},
"peerDependenciesMeta": {
"bufferutil": {
@@ -21873,17 +21864,18 @@
"version": "7.18.0",
"resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.18.0.tgz",
"integrity": "sha512-YMQvx/6nKEaucl0MY56mwIG483xk8SDNdlUwb2Ts6FUpr7fm85DxEmsY18LXBNhcTz6tO6JwZV8w1W06v8UKeg==",
+ "dev": true,
"requires": {
"regenerator-runtime": "^0.13.4"
}
},
"@babel/runtime-corejs3": {
- "version": "7.17.8",
- "resolved": "https://registry.npmjs.org/@babel/runtime-corejs3/-/runtime-corejs3-7.17.8.tgz",
- "integrity": "sha512-ZbYSUvoSF6dXZmMl/CYTMOvzIFnbGfv4W3SEHYgMvNsFTeLaF2gkGAF4K2ddmtSK4Emej+0aYcnSC6N5dPCXUQ==",
+ "version": "7.21.0",
+ "resolved": "https://registry.npmjs.org/@babel/runtime-corejs3/-/runtime-corejs3-7.21.0.tgz",
+ "integrity": "sha512-TDD4UJzos3JJtM+tHX+w2Uc+KWj7GV+VKKFdMVd2Rx8sdA19hcc3P3AHFYd5LVOw+pYuSd5lICC3gm52B6Rwxw==",
"requires": {
- "core-js-pure": "^3.20.2",
- "regenerator-runtime": "^0.13.4"
+ "core-js-pure": "^3.25.1",
+ "regenerator-runtime": "^0.13.11"
}
},
"@babel/template": {
@@ -27606,9 +27598,9 @@
}
},
"idb-keyval": {
- "version": "6.0.3",
- "resolved": "https://registry.npmjs.org/idb-keyval/-/idb-keyval-6.0.3.tgz",
- "integrity": "sha512-yh8V7CnE6EQMu9YDwQXhRxwZh4nv+8xm/HV4ZqK4IiYFJBWYGjJuykADJbSP+F/GDXUBwCSSNn/14IpGL81TuA==",
+ "version": "6.2.0",
+ "resolved": "https://registry.npmjs.org/idb-keyval/-/idb-keyval-6.2.0.tgz",
+ "integrity": "sha512-uw+MIyQn2jl3+hroD7hF8J7PUviBU7BPKWw4f/ISf32D4LoGu98yHjrzWWJDASu9QNrX10tCJqk9YY0ClWm8Ng==",
"requires": {
"safari-14-idb-fix": "^3.0.0"
}
@@ -32847,29 +32839,23 @@
}
},
"parse": {
- "version": "4.0.1",
- "resolved": "https://registry.npmjs.org/parse/-/parse-4.0.1.tgz",
- "integrity": "sha512-ctv7zaVKlQIBSbarorB7TH3yacDzCvgWBP4ccpLKxlpe21QlaY88kv9V7ca7JdG/Txb3qWug4MwepQoPogXB6Q==",
+ "version": "4.1.0",
+ "resolved": "https://registry.npmjs.org/parse/-/parse-4.1.0.tgz",
+ "integrity": "sha512-s0Ti+nWrKWj9DlFcmkEE05fGwa/K5ycZSdqCz01F8YL7Hevqv4WLXAmYGOwzq5UJSZ005seKgb20KwVwLdy/Zg==",
"requires": {
- "@babel/runtime": "7.18.0",
- "@babel/runtime-corejs3": "7.17.8",
+ "@babel/runtime-corejs3": "7.21.0",
"crypto-js": "4.1.1",
- "idb-keyval": "6.0.3",
+ "idb-keyval": "6.2.0",
"react-native-crypto-js": "1.0.0",
- "uuid": "3.4.0",
- "ws": "8.6.0",
+ "uuid": "9.0.0",
+ "ws": "8.12.0",
"xmlhttprequest": "1.8.0"
},
"dependencies": {
- "uuid": {
- "version": "3.4.0",
- "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz",
- "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A=="
- },
"ws": {
- "version": "8.6.0",
- "resolved": "https://registry.npmjs.org/ws/-/ws-8.6.0.tgz",
- "integrity": "sha512-AzmM3aH3gk0aX7/rZLYvjdvZooofDu3fFOzGqcSnQ1tOcTWwhM/o+q++E8mAyVVIyUdajrkzWUGftaVSDLn1bw==",
+ "version": "8.12.0",
+ "resolved": "https://registry.npmjs.org/ws/-/ws-8.12.0.tgz",
+ "integrity": "sha512-kU62emKIdKVeEIOIKVegvqpXMSTAMLJozpHZaJNDYqBjzlSYXQGviYwN1osDLJ9av68qHd4a2oSjd7yD4pacig==",
"requires": {}
}
}
diff --git a/package.json b/package.json
index 5442642d4c..369978721b 100644
--- a/package.json
+++ b/package.json
@@ -48,7 +48,7 @@
"mime": "3.0.0",
"mongodb": "4.10.0",
"mustache": "4.2.0",
- "parse": "4.0.1",
+ "parse": "4.1.0",
"path-to-regexp": "6.2.1",
"pg-monitor": "2.0.0",
"pg-promise": "11.5.0",
From 0ce36927598ac35ca72c447aa724d6f66222b793 Mon Sep 17 00:00:00 2001
From: Snyk bot
Date: Mon, 5 Jun 2023 09:03:46 +0100
Subject: [PATCH 41/53] refactor: Upgrade semver from 7.5.0 to 7.5.1 (#8612)
---
package-lock.json | 16 ++++++++--------
package.json | 2 +-
2 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/package-lock.json b/package-lock.json
index 90f9c1a71f..5ddc19b436 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -39,14 +39,14 @@
"mime": "3.0.0",
"mongodb": "4.10.0",
"mustache": "4.2.0",
- "parse": "^4.1.0",
+ "parse": "4.1.0",
"path-to-regexp": "6.2.1",
"pg-monitor": "2.0.0",
"pg-promise": "11.5.0",
"pluralize": "8.0.0",
"rate-limit-redis": "3.0.2",
"redis": "4.6.6",
- "semver": "7.5.0",
+ "semver": "^7.5.1",
"subscriptions-transport-ws": "0.11.0",
"tv4": "1.3.0",
"uuid": "9.0.0",
@@ -18173,9 +18173,9 @@
}
},
"node_modules/semver": {
- "version": "7.5.0",
- "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.0.tgz",
- "integrity": "sha512-+XC0AD/R7Q2mPSRuy2Id0+CGTZ98+8f+KvwirxOKIEyid+XSx6HbC63p+O4IndTHuX5Z+JxQ0TghCkO5Cg/2HA==",
+ "version": "7.5.1",
+ "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.1.tgz",
+ "integrity": "sha512-Wvss5ivl8TMRZXXESstBA4uR5iXgEN/VC5/sOcuXdVLzcdkz4HWetIoRfG5gb5X+ij/G9rw9YoGn3QoQ8OCSpw==",
"dependencies": {
"lru-cache": "^6.0.0"
},
@@ -34401,9 +34401,9 @@
}
},
"semver": {
- "version": "7.5.0",
- "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.0.tgz",
- "integrity": "sha512-+XC0AD/R7Q2mPSRuy2Id0+CGTZ98+8f+KvwirxOKIEyid+XSx6HbC63p+O4IndTHuX5Z+JxQ0TghCkO5Cg/2HA==",
+ "version": "7.5.1",
+ "resolved": "https://registry.npmjs.org/semver/-/semver-7.5.1.tgz",
+ "integrity": "sha512-Wvss5ivl8TMRZXXESstBA4uR5iXgEN/VC5/sOcuXdVLzcdkz4HWetIoRfG5gb5X+ij/G9rw9YoGn3QoQ8OCSpw==",
"requires": {
"lru-cache": "^6.0.0"
},
diff --git a/package.json b/package.json
index 369978721b..5d30586d4a 100644
--- a/package.json
+++ b/package.json
@@ -55,7 +55,7 @@
"pluralize": "8.0.0",
"rate-limit-redis": "3.0.2",
"redis": "4.6.6",
- "semver": "7.5.0",
+ "semver": "7.5.1",
"subscriptions-transport-ws": "0.11.0",
"tv4": "1.3.0",
"uuid": "9.0.0",
From 82da30842a55980aa90cb7680fbf6db37ee16dab Mon Sep 17 00:00:00 2001
From: Daniel
Date: Thu, 8 Jun 2023 05:51:53 +1000
Subject: [PATCH 42/53] feat: Add new Parse Server option
`preventSignupWithUnverifiedEmail` to prevent returning a user without
session token on sign-up with unverified email address (#8451)
---
spec/ValidationAndPasswordsReset.spec.js | 101 ++++++++++++-----------
spec/VerifyUserPassword.spec.js | 40 ++++-----
src/Options/Definitions.js | 7 ++
src/Options/docs.js | 1 +
src/Options/index.js | 7 ++
src/RestWrite.js | 6 +-
6 files changed, 88 insertions(+), 74 deletions(-)
diff --git a/spec/ValidationAndPasswordsReset.spec.js b/spec/ValidationAndPasswordsReset.spec.js
index 3272f07fc3..ab944e14c1 100644
--- a/spec/ValidationAndPasswordsReset.spec.js
+++ b/spec/ValidationAndPasswordsReset.spec.js
@@ -242,8 +242,7 @@ describe('Custom Pages, Email Verification, Password Reset', () => {
});
});
- it('allows user to login only after user clicks on the link to confirm email address if preventLoginWithUnverifiedEmail is set to true', done => {
- const user = new Parse.User();
+ it('allows user to login only after user clicks on the link to confirm email address if preventLoginWithUnverifiedEmail is set to true', async () => {
let sendEmailOptions;
const emailAdapter = {
sendVerificationEmail: options => {
@@ -252,59 +251,32 @@ describe('Custom Pages, Email Verification, Password Reset', () => {
sendPasswordResetEmail: () => Promise.resolve(),
sendMail: () => {},
};
- reconfigureServer({
+ await reconfigureServer({
appName: 'emailing app',
verifyUserEmails: true,
preventLoginWithUnverifiedEmail: true,
emailAdapter: emailAdapter,
publicServerURL: 'http://localhost:8378/1',
- })
- .then(() => {
- user.setPassword('other-password');
- user.setUsername('user');
- user.set('email', 'user@parse.com');
- return user.signUp();
- })
- .then(() => {
- expect(sendEmailOptions).not.toBeUndefined();
- request({
- url: sendEmailOptions.link,
- followRedirects: false,
- }).then(response => {
- expect(response.status).toEqual(302);
- expect(response.text).toEqual(
- 'Found. Redirecting to http://localhost:8378/1/apps/verify_email_success.html?username=user'
- );
- user
- .fetch({ useMasterKey: true })
- .then(
- () => {
- expect(user.get('emailVerified')).toEqual(true);
-
- Parse.User.logIn('user', 'other-password').then(
- user => {
- expect(typeof user).toBe('object');
- expect(user.get('emailVerified')).toBe(true);
- done();
- },
- () => {
- fail('login should have succeeded');
- done();
- }
- );
- },
- err => {
- jfail(err);
- fail('this should not fail');
- done();
- }
- )
- .catch(err => {
- jfail(err);
- done();
- });
- });
- });
+ });
+ let user = new Parse.User();
+ user.setPassword('other-password');
+ user.setUsername('user');
+ user.set('email', 'user@example.com');
+ await user.signUp();
+ expect(sendEmailOptions).not.toBeUndefined();
+ const response = await request({
+ url: sendEmailOptions.link,
+ followRedirects: false,
+ });
+ expect(response.status).toEqual(302);
+ expect(response.text).toEqual(
+ 'Found. Redirecting to http://localhost:8378/1/apps/verify_email_success.html?username=user'
+ );
+ user = await new Parse.Query(Parse.User).first({ useMasterKey: true });
+ expect(user.get('emailVerified')).toEqual(true);
+ user = await Parse.User.logIn('user', 'other-password');
+ expect(typeof user).toBe('object');
+ expect(user.get('emailVerified')).toBe(true);
});
it('allows user to login if email is not verified but preventLoginWithUnverifiedEmail is set to false', done => {
@@ -345,6 +317,35 @@ describe('Custom Pages, Email Verification, Password Reset', () => {
});
});
+ it('does not allow signup with preventSignupWithUnverified', async () => {
+ let sendEmailOptions;
+ const emailAdapter = {
+ sendVerificationEmail: options => {
+ sendEmailOptions = options;
+ },
+ sendPasswordResetEmail: () => Promise.resolve(),
+ sendMail: () => {},
+ };
+ await reconfigureServer({
+ appName: 'test',
+ publicServerURL: 'http://localhost:1337/1',
+ verifyUserEmails: true,
+ preventLoginWithUnverifiedEmail: true,
+ preventSignupWithUnverifiedEmail: true,
+ emailAdapter,
+ });
+ const newUser = new Parse.User();
+ newUser.setPassword('asdf');
+ newUser.setUsername('zxcv');
+ newUser.set('email', 'test@example.com');
+ await expectAsync(newUser.signUp()).toBeRejectedWith(
+ new Parse.Error(Parse.Error.EMAIL_NOT_FOUND, 'User email is not verified.')
+ );
+ const user = await new Parse.Query(Parse.User).first({ useMasterKey: true });
+ expect(user).toBeDefined();
+ expect(sendEmailOptions).toBeDefined();
+ });
+
it('fails if you include an emailAdapter, set a publicServerURL, but have no appName and send a password reset email', done => {
reconfigureServer({
appName: undefined,
diff --git a/spec/VerifyUserPassword.spec.js b/spec/VerifyUserPassword.spec.js
index 6734dcdb71..eef2485815 100644
--- a/spec/VerifyUserPassword.spec.js
+++ b/spec/VerifyUserPassword.spec.js
@@ -353,8 +353,9 @@ describe('Verify User Password', () => {
done();
});
});
- it('fails to verify password when preventLoginWithUnverifiedEmail is set to true REST API', done => {
- reconfigureServer({
+
+ it('fails to verify password when preventLoginWithUnverifiedEmail is set to true REST API', async () => {
+ await reconfigureServer({
publicServerURL: 'http://localhost:8378/',
appName: 'emailVerify',
verifyUserEmails: true,
@@ -364,28 +365,21 @@ describe('Verify User Password', () => {
apiKey: 'k',
domain: 'd',
}),
- })
- .then(() => {
- const user = new Parse.User();
- return user.save({
- username: 'unverified-user',
- password: 'mypass',
- email: 'unverified-email@user.com',
- });
- })
- .then(() => {
- return verifyPassword('unverified-email@user.com', 'mypass', true);
- })
- .then(res => {
- expect(res.status).toBe(400);
- expect(res.text).toMatch('{"code":205,"error":"User email is not verified."}');
- done();
- })
- .catch(err => {
- fail(err);
- done();
- });
+ });
+ const user = new Parse.User();
+ await user.save({
+ username: 'unverified-user',
+ password: 'mypass',
+ email: 'unverified-email@example.com',
+ });
+ const res = await verifyPassword('unverified-email@example.com', 'mypass', true);
+ expect(res.status).toBe(400);
+ expect(res.data).toEqual({
+ code: Parse.Error.EMAIL_NOT_FOUND,
+ error: 'User email is not verified.',
+ });
});
+
it('verify password lock account if failed verify password attempts are above threshold', done => {
reconfigureServer({
appName: 'lockout threshold',
diff --git a/src/Options/Definitions.js b/src/Options/Definitions.js
index b0cf602bab..31700b4cc2 100644
--- a/src/Options/Definitions.js
+++ b/src/Options/Definitions.js
@@ -412,6 +412,13 @@ module.exports.ParseServerOptions = {
action: parsers.booleanParser,
default: false,
},
+ preventSignupWithUnverifiedEmail: {
+ env: 'PARSE_SERVER_PREVENT_SIGNUP_WITH_UNVERIFIED_EMAIL',
+ help:
+ "If set to `true` it prevents a user from signing up if the email has not yet been verified and email verification is required. In that case the server responds to the sign-up with HTTP status 400 and a Parse Error 205 `EMAIL_NOT_FOUND`. If set to `false` the server responds with HTTP status 200, and client SDKs return an unauthenticated Parse User without session token. In that case subsequent requests fail until the user's email address is verified.
Default is `false`.
Requires option `verifyUserEmails: true`.",
+ action: parsers.booleanParser,
+ default: false,
+ },
protectedFields: {
env: 'PARSE_SERVER_PROTECTED_FIELDS',
help: 'Protected fields that should be treated with extra security when fetching details.',
diff --git a/src/Options/docs.js b/src/Options/docs.js
index 6e4d7671eb..b1bf31a5e7 100644
--- a/src/Options/docs.js
+++ b/src/Options/docs.js
@@ -77,6 +77,7 @@
* @property {Number} port The port to run the ParseServer, defaults to 1337.
* @property {Boolean} preserveFileName Enable (or disable) the addition of a unique hash to the file names
* @property {Boolean} preventLoginWithUnverifiedEmail Set to `true` to prevent a user from logging in if the email has not yet been verified and email verification is required.
Default is `false`.
Requires option `verifyUserEmails: true`.
+ * @property {Boolean} preventSignupWithUnverifiedEmail If set to `true` it prevents a user from signing up if the email has not yet been verified and email verification is required. In that case the server responds to the sign-up with HTTP status 400 and a Parse Error 205 `EMAIL_NOT_FOUND`. If set to `false` the server responds with HTTP status 200, and client SDKs return an unauthenticated Parse User without session token. In that case subsequent requests fail until the user's email address is verified.
Default is `false`.
Requires option `verifyUserEmails: true`.
* @property {ProtectedFields} protectedFields Protected fields that should be treated with extra security when fetching details.
* @property {String} publicServerURL Public URL to your parse server with http:// or https://.
* @property {Any} push Configuration for push, as stringified JSON. See http://docs.parseplatform.org/parse-server/guide/#push-notifications
diff --git a/src/Options/index.js b/src/Options/index.js
index 8588a1f7fe..492f4323e9 100644
--- a/src/Options/index.js
+++ b/src/Options/index.js
@@ -165,6 +165,13 @@ export interface ParseServerOptions {
Requires option `verifyUserEmails: true`.
:DEFAULT: false */
preventLoginWithUnverifiedEmail: ?boolean;
+ /* If set to `true` it prevents a user from signing up if the email has not yet been verified and email verification is required. In that case the server responds to the sign-up with HTTP status 400 and a Parse Error 205 `EMAIL_NOT_FOUND`. If set to `false` the server responds with HTTP status 200, and client SDKs return an unauthenticated Parse User without session token. In that case subsequent requests fail until the user's email address is verified.
+
+ Default is `false`.
+
+ Requires option `verifyUserEmails: true`.
+ :DEFAULT: false */
+ preventSignupWithUnverifiedEmail: ?boolean;
/* Set the validity duration of the email verification token in seconds after which the token expires. The token is used in the link that is set in the email. After the token expires, the link becomes invalid and a new link has to be sent. If the option is not set or set to `undefined`, then the token never expires.
For example, to expire the token after 2 hours, set a value of 7200 seconds (= 60 seconds * 60 minutes * 2 hours).
diff --git a/src/RestWrite.js b/src/RestWrite.js
index c703ee50bb..f7c6a53592 100644
--- a/src/RestWrite.js
+++ b/src/RestWrite.js
@@ -160,6 +160,9 @@ RestWrite.prototype.execute = function () {
this.response.response.authDataResponse = this.authDataResponse;
}
}
+ if (this.storage.rejectSignup && this.config.preventSignupWithUnverifiedEmail) {
+ throw new Parse.Error(Parse.Error.EMAIL_NOT_FOUND, 'User email is not verified.');
+ }
return this.response;
});
};
@@ -879,7 +882,8 @@ RestWrite.prototype.createSessionTokenIfNeeded = function () {
this.config.verifyUserEmails
) {
// verification is on
- return; // do not create the session token in that case!
+ this.storage.rejectSignup = true;
+ return;
}
return this.createSessionToken();
};
From b01d4f0abb974647a008557f59a71aa35153e92f Mon Sep 17 00:00:00 2001
From: semantic-release-bot
Date: Wed, 7 Jun 2023 19:53:02 +0000
Subject: [PATCH 43/53] chore(release): 6.1.0-alpha.17 [skip ci]
# [6.1.0-alpha.17](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.16...6.1.0-alpha.17) (2023-06-07)
### Features
* Add new Parse Server option `preventSignupWithUnverifiedEmail` to prevent returning a user without session token on sign-up with unverified email address ([#8451](https://github.com/parse-community/parse-server/issues/8451)) ([82da308](https://github.com/parse-community/parse-server/commit/82da30842a55980aa90cb7680fbf6db37ee16dab))
---
changelogs/CHANGELOG_alpha.md | 7 +++++++
package-lock.json | 4 ++--
package.json | 2 +-
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/changelogs/CHANGELOG_alpha.md b/changelogs/CHANGELOG_alpha.md
index 3002b21d26..b16a0daac2 100644
--- a/changelogs/CHANGELOG_alpha.md
+++ b/changelogs/CHANGELOG_alpha.md
@@ -1,3 +1,10 @@
+# [6.1.0-alpha.17](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.16...6.1.0-alpha.17) (2023-06-07)
+
+
+### Features
+
+* Add new Parse Server option `preventSignupWithUnverifiedEmail` to prevent returning a user without session token on sign-up with unverified email address ([#8451](https://github.com/parse-community/parse-server/issues/8451)) ([82da308](https://github.com/parse-community/parse-server/commit/82da30842a55980aa90cb7680fbf6db37ee16dab))
+
# [6.1.0-alpha.16](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.15...6.1.0-alpha.16) (2023-05-28)
diff --git a/package-lock.json b/package-lock.json
index 5ddc19b436..ae2c1bdf3c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
{
"name": "parse-server",
- "version": "6.1.0-alpha.16",
+ "version": "6.1.0-alpha.17",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "parse-server",
- "version": "6.1.0-alpha.16",
+ "version": "6.1.0-alpha.17",
"hasInstallScript": true,
"license": "Apache-2.0",
"dependencies": {
diff --git a/package.json b/package.json
index 5d30586d4a..785845e7f0 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "parse-server",
- "version": "6.1.0-alpha.16",
+ "version": "6.1.0-alpha.17",
"description": "An express module providing a Parse-compatible API server",
"main": "lib/index.js",
"repository": {
From 656d673cf5dea354e4f2b3d4dc2b29a41d311b3e Mon Sep 17 00:00:00 2001
From: Corey
Date: Wed, 7 Jun 2023 22:04:58 -0400
Subject: [PATCH 44/53] feat: Add support for `$eq` query constraint in
LiveQuery (#8614)
---
spec/QueryTools.spec.js | 29 +++++++++++++++++++++++++++++
src/LiveQuery/QueryTools.js | 5 +++++
2 files changed, 34 insertions(+)
diff --git a/spec/QueryTools.spec.js b/spec/QueryTools.spec.js
index dbd3c9a5d3..8dbda98b0a 100644
--- a/spec/QueryTools.spec.js
+++ b/spec/QueryTools.spec.js
@@ -125,6 +125,35 @@ describe('matchesQuery', function () {
expect(matchesQuery(obj, q)).toBe(false);
});
+ it('matches queries with eq constraint', function () {
+ const obj = {
+ objectId: 'Person2',
+ score: 12,
+ name: 'Tom',
+ };
+
+ const q1 = {
+ objectId: {
+ $eq: 'Person2',
+ },
+ };
+
+ const q2 = {
+ score: {
+ $eq: 12,
+ },
+ };
+
+ const q3 = {
+ name: {
+ $eq: 'Tom',
+ },
+ };
+ expect(matchesQuery(obj, q1)).toBe(true);
+ expect(matchesQuery(obj, q2)).toBe(true);
+ expect(matchesQuery(obj, q3)).toBe(true);
+ });
+
it('matches on equality queries', function () {
const day = new Date();
const location = new Parse.GeoPoint({
diff --git a/src/LiveQuery/QueryTools.js b/src/LiveQuery/QueryTools.js
index 50d8d3394a..1607278f46 100644
--- a/src/LiveQuery/QueryTools.js
+++ b/src/LiveQuery/QueryTools.js
@@ -247,6 +247,11 @@ function matchesKeyConstraints(object, key, constraints) {
return false;
}
break;
+ case '$eq':
+ if (!equalObjects(object[key], compareTo)) {
+ return false;
+ }
+ break;
case '$ne':
if (equalObjects(object[key], compareTo)) {
return false;
From 3ea1ace631ed4ccb6ff38c906cfde02f4e3c74b8 Mon Sep 17 00:00:00 2001
From: semantic-release-bot
Date: Thu, 8 Jun 2023 02:06:02 +0000
Subject: [PATCH 45/53] chore(release): 6.1.0-alpha.18 [skip ci]
# [6.1.0-alpha.18](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.17...6.1.0-alpha.18) (2023-06-08)
### Features
* Add support for `$eq` query constraint in LiveQuery ([#8614](https://github.com/parse-community/parse-server/issues/8614)) ([656d673](https://github.com/parse-community/parse-server/commit/656d673cf5dea354e4f2b3d4dc2b29a41d311b3e))
---
changelogs/CHANGELOG_alpha.md | 7 +++++++
package-lock.json | 4 ++--
package.json | 2 +-
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/changelogs/CHANGELOG_alpha.md b/changelogs/CHANGELOG_alpha.md
index b16a0daac2..718c2e41b6 100644
--- a/changelogs/CHANGELOG_alpha.md
+++ b/changelogs/CHANGELOG_alpha.md
@@ -1,3 +1,10 @@
+# [6.1.0-alpha.18](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.17...6.1.0-alpha.18) (2023-06-08)
+
+
+### Features
+
+* Add support for `$eq` query constraint in LiveQuery ([#8614](https://github.com/parse-community/parse-server/issues/8614)) ([656d673](https://github.com/parse-community/parse-server/commit/656d673cf5dea354e4f2b3d4dc2b29a41d311b3e))
+
# [6.1.0-alpha.17](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.16...6.1.0-alpha.17) (2023-06-07)
diff --git a/package-lock.json b/package-lock.json
index ae2c1bdf3c..1333a85173 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
{
"name": "parse-server",
- "version": "6.1.0-alpha.17",
+ "version": "6.1.0-alpha.18",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "parse-server",
- "version": "6.1.0-alpha.17",
+ "version": "6.1.0-alpha.18",
"hasInstallScript": true,
"license": "Apache-2.0",
"dependencies": {
diff --git a/package.json b/package.json
index 785845e7f0..2d0a0b4493 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "parse-server",
- "version": "6.1.0-alpha.17",
+ "version": "6.1.0-alpha.18",
"description": "An express module providing a Parse-compatible API server",
"main": "lib/index.js",
"repository": {
From 967700bdbc94c74f75ba84d2b3f4b9f3fd2dca0b Mon Sep 17 00:00:00 2001
From: Daniel
Date: Thu, 8 Jun 2023 19:04:49 +1000
Subject: [PATCH 46/53] fix: LiveQuery server is not shut down properly when
`handleShutdown` is called (#8491)
---
spec/ParseLiveQuery.spec.js | 35 +++++++++++++++++++
.../Storage/Mongo/MongoStorageAdapter.js | 7 ++--
.../Postgres/PostgresStorageAdapter.js | 4 ++-
src/LiveQuery/ParseLiveQueryServer.js | 15 ++++++++
src/ParseServer.js | 6 ++++
5 files changed, 63 insertions(+), 4 deletions(-)
diff --git a/spec/ParseLiveQuery.spec.js b/spec/ParseLiveQuery.spec.js
index 959df18cf9..015725ac46 100644
--- a/spec/ParseLiveQuery.spec.js
+++ b/spec/ParseLiveQuery.spec.js
@@ -2,6 +2,7 @@
const Auth = require('../lib/Auth');
const UserController = require('../lib/Controllers/UserController').UserController;
const Config = require('../lib/Config');
+const ParseServer = require('../lib/index').ParseServer;
const triggers = require('../lib/triggers');
const validatorFail = () => {
throw 'you are not authorized';
@@ -1214,6 +1215,40 @@ describe('ParseLiveQuery', function () {
await object.save();
});
+ it('does shutdown liveQuery server', async () => {
+ await reconfigureServer({ appId: 'test_app_id' });
+ const config = {
+ appId: 'hello_test',
+ masterKey: 'world',
+ port: 1345,
+ mountPath: '/1',
+ serverURL: 'http://localhost:1345/1',
+ liveQuery: {
+ classNames: ['Yolo'],
+ },
+ startLiveQueryServer: true,
+ };
+ if (process.env.PARSE_SERVER_TEST_DB === 'postgres') {
+ config.databaseAdapter = new databaseAdapter.constructor({
+ uri: databaseURI,
+ collectionPrefix: 'test_',
+ });
+ config.filesAdapter = defaultConfiguration.filesAdapter;
+ }
+ const server = await ParseServer.startApp(config);
+ const client = await Parse.CoreManager.getLiveQueryController().getDefaultLiveQueryClient();
+ client.serverURL = 'ws://localhost:1345/1';
+ const query = await new Parse.Query('Yolo').subscribe();
+ await Promise.all([
+ server.handleShutdown(),
+ new Promise(resolve => query.on('close', resolve)),
+ ]);
+ await new Promise(resolve => setTimeout(resolve, 100));
+ expect(server.liveQueryServer.server.address()).toBeNull();
+ expect(server.liveQueryServer.subscriber.isOpen).toBeFalse();
+ await new Promise(resolve => server.server.close(resolve));
+ });
+
it('prevent afterSave trigger if not exists', async () => {
await reconfigureServer({
liveQuery: {
diff --git a/src/Adapters/Storage/Mongo/MongoStorageAdapter.js b/src/Adapters/Storage/Mongo/MongoStorageAdapter.js
index 78833a026b..2f59819895 100644
--- a/src/Adapters/Storage/Mongo/MongoStorageAdapter.js
+++ b/src/Adapters/Storage/Mongo/MongoStorageAdapter.js
@@ -212,11 +212,12 @@ export class MongoStorageAdapter implements StorageAdapter {
throw error;
}
- handleShutdown() {
+ async handleShutdown() {
if (!this.client) {
- return Promise.resolve();
+ return;
}
- return this.client.close(false);
+ await this.client.close(false);
+ delete this.connectionPromise;
}
_adaptiveCollection(name: string) {
diff --git a/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js b/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js
index 82ac0c20dc..3e8e867799 100644
--- a/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js
+++ b/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js
@@ -1194,7 +1194,9 @@ export class PostgresStorageAdapter implements StorageAdapter {
const now = new Date().getTime();
const helpers = this._pgp.helpers;
debug('deleteAllClasses');
-
+ if (this._client?.$pool.ended) {
+ return;
+ }
await this._client
.task('delete-all-classes', async t => {
try {
diff --git a/src/LiveQuery/ParseLiveQueryServer.js b/src/LiveQuery/ParseLiveQueryServer.js
index 1105a2a6b7..d0b535f3a1 100644
--- a/src/LiveQuery/ParseLiveQueryServer.js
+++ b/src/LiveQuery/ParseLiveQueryServer.js
@@ -93,6 +93,21 @@ class ParseLiveQueryServer {
}
this._createSubscribers();
}
+
+ async shutdown() {
+ if (this.subscriber.isOpen) {
+ await Promise.all([
+ ...[...this.clients.values()].map(client => client.parseWebSocket.ws.close()),
+ this.parseWebSocketServer.close(),
+ ...Array.from(this.subscriber.subscriptions.keys()).map(key =>
+ this.subscriber.unsubscribe(key)
+ ),
+ this.subscriber.close?.(),
+ ]);
+ }
+ this.subscriber.isOpen = false;
+ }
+
_createSubscribers() {
const messageRecieved = (channel, messageStr) => {
logger.verbose('Subscribe message %j', messageStr);
diff --git a/src/ParseServer.js b/src/ParseServer.js
index 04379ecfd3..192ad9c40c 100644
--- a/src/ParseServer.js
+++ b/src/ParseServer.js
@@ -168,6 +168,12 @@ class ParseServer {
if (cacheAdapter && typeof cacheAdapter.handleShutdown === 'function') {
promises.push(cacheAdapter.handleShutdown());
}
+ if (this.liveQueryServer?.server?.close) {
+ promises.push(new Promise(resolve => this.liveQueryServer.server.close(resolve)));
+ }
+ if (this.liveQueryServer) {
+ promises.push(this.liveQueryServer.shutdown());
+ }
return (promises.length > 0 ? Promise.all(promises) : Promise.resolve()).then(() => {
if (this.config.serverCloseComplete) {
this.config.serverCloseComplete();
From e2a7218f74a4c6603f224c665acc5ba6c0838572 Mon Sep 17 00:00:00 2001
From: semantic-release-bot
Date: Thu, 8 Jun 2023 09:05:50 +0000
Subject: [PATCH 47/53] chore(release): 6.1.0-alpha.19 [skip ci]
# [6.1.0-alpha.19](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.18...6.1.0-alpha.19) (2023-06-08)
### Bug Fixes
* LiveQuery server is not shut down properly when `handleShutdown` is called ([#8491](https://github.com/parse-community/parse-server/issues/8491)) ([967700b](https://github.com/parse-community/parse-server/commit/967700bdbc94c74f75ba84d2b3f4b9f3fd2dca0b))
---
changelogs/CHANGELOG_alpha.md | 7 +++++++
package-lock.json | 4 ++--
package.json | 2 +-
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/changelogs/CHANGELOG_alpha.md b/changelogs/CHANGELOG_alpha.md
index 718c2e41b6..9b96e60b47 100644
--- a/changelogs/CHANGELOG_alpha.md
+++ b/changelogs/CHANGELOG_alpha.md
@@ -1,3 +1,10 @@
+# [6.1.0-alpha.19](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.18...6.1.0-alpha.19) (2023-06-08)
+
+
+### Bug Fixes
+
+* LiveQuery server is not shut down properly when `handleShutdown` is called ([#8491](https://github.com/parse-community/parse-server/issues/8491)) ([967700b](https://github.com/parse-community/parse-server/commit/967700bdbc94c74f75ba84d2b3f4b9f3fd2dca0b))
+
# [6.1.0-alpha.18](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.17...6.1.0-alpha.18) (2023-06-08)
diff --git a/package-lock.json b/package-lock.json
index 1333a85173..befd4f9bd5 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
{
"name": "parse-server",
- "version": "6.1.0-alpha.18",
+ "version": "6.1.0-alpha.19",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "parse-server",
- "version": "6.1.0-alpha.18",
+ "version": "6.1.0-alpha.19",
"hasInstallScript": true,
"license": "Apache-2.0",
"dependencies": {
diff --git a/package.json b/package.json
index 2d0a0b4493..78b43b769b 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "parse-server",
- "version": "6.1.0-alpha.18",
+ "version": "6.1.0-alpha.19",
"description": "An express module providing a Parse-compatible API server",
"main": "lib/index.js",
"repository": {
From 03fba97e0549bfcaeee9f2fa4c9905dbcc91840e Mon Sep 17 00:00:00 2001
From: Daniel
Date: Fri, 9 Jun 2023 21:27:56 +1000
Subject: [PATCH 48/53] feat: Add zones for rate limiting by `ip`, `user`,
`session`, `global` (#8508)
---
spec/CloudCode.spec.js | 3 +-
spec/RateLimit.spec.js | 98 ++++++++++++++++++++++++++++++++++
src/Config.js | 6 +++
src/Options/Definitions.js | 5 ++
src/Options/docs.js | 1 +
src/Options/index.js | 11 ++++
src/ParseServer.js | 4 +-
src/cloud-code/Parse.Server.js | 19 +++++++
src/middlewares.js | 17 +++++-
9 files changed, 161 insertions(+), 3 deletions(-)
create mode 100644 src/cloud-code/Parse.Server.js
diff --git a/spec/CloudCode.spec.js b/spec/CloudCode.spec.js
index e77b1c69a7..a8795a4e84 100644
--- a/spec/CloudCode.spec.js
+++ b/spec/CloudCode.spec.js
@@ -95,7 +95,8 @@ describe('Cloud Code', () => {
it('can get config', () => {
const config = Parse.Server;
let currentConfig = Config.get('test');
- expect(Object.keys(config)).toEqual(Object.keys(currentConfig));
+ const server = require('../lib/cloud-code/Parse.Server');
+ expect(Object.keys(config)).toEqual(Object.keys({ ...currentConfig, ...server }));
config.silent = false;
Parse.Server = config;
currentConfig = Config.get('test');
diff --git a/spec/RateLimit.spec.js b/spec/RateLimit.spec.js
index 894c8fcf82..3c57810702 100644
--- a/spec/RateLimit.spec.js
+++ b/spec/RateLimit.spec.js
@@ -335,6 +335,99 @@ describe('rate limit', () => {
await Parse.Cloud.run('test2');
});
+ describe('zone', () => {
+ const middlewares = require('../lib/middlewares');
+ it('can use global zone', async () => {
+ await reconfigureServer({
+ rateLimit: {
+ requestPath: '*',
+ requestTimeWindow: 10000,
+ requestCount: 1,
+ errorResponseMessage: 'Too many requests',
+ includeInternalRequests: true,
+ zone: Parse.Server.RateLimitZone.global,
+ },
+ });
+ const fakeReq = {
+ originalUrl: 'http://example.com/parse/',
+ url: 'http://example.com/',
+ body: {
+ _ApplicationId: 'test',
+ },
+ headers: {
+ 'X-Parse-Application-Id': 'test',
+ 'X-Parse-REST-API-Key': 'rest',
+ },
+ get: key => {
+ return fakeReq.headers[key];
+ },
+ };
+ fakeReq.ip = '127.0.0.1';
+ let fakeRes = jasmine.createSpyObj('fakeRes', ['end', 'status', 'setHeader', 'json']);
+ await new Promise(resolve => middlewares.handleParseHeaders(fakeReq, fakeRes, resolve));
+ fakeReq.ip = '127.0.0.2';
+ fakeRes = jasmine.createSpyObj('fakeRes', ['end', 'status', 'setHeader']);
+ let resolvingPromise;
+ const promise = new Promise(resolve => {
+ resolvingPromise = resolve;
+ });
+ fakeRes.json = jasmine.createSpy('json').and.callFake(resolvingPromise);
+ middlewares.handleParseHeaders(fakeReq, fakeRes, () => {
+ throw 'Should not call next';
+ });
+ await promise;
+ expect(fakeRes.status).toHaveBeenCalledWith(429);
+ expect(fakeRes.json).toHaveBeenCalledWith({
+ code: Parse.Error.CONNECTION_FAILED,
+ error: 'Too many requests',
+ });
+ });
+
+ it('can use session zone', async () => {
+ await reconfigureServer({
+ rateLimit: {
+ requestPath: '/functions/*',
+ requestTimeWindow: 10000,
+ requestCount: 1,
+ errorResponseMessage: 'Too many requests',
+ includeInternalRequests: true,
+ zone: Parse.Server.RateLimitZone.session,
+ },
+ });
+ Parse.Cloud.define('test', () => 'Abc');
+ await Parse.User.signUp('username', 'password');
+ await Parse.Cloud.run('test');
+ await expectAsync(Parse.Cloud.run('test')).toBeRejectedWith(
+ new Parse.Error(Parse.Error.CONNECTION_FAILED, 'Too many requests')
+ );
+ await Parse.User.logIn('username', 'password');
+ await Parse.Cloud.run('test');
+ });
+
+ it('can use user zone', async () => {
+ await reconfigureServer({
+ rateLimit: {
+ requestPath: '/functions/*',
+ requestTimeWindow: 10000,
+ requestCount: 1,
+ errorResponseMessage: 'Too many requests',
+ includeInternalRequests: true,
+ zone: Parse.Server.RateLimitZone.user,
+ },
+ });
+ Parse.Cloud.define('test', () => 'Abc');
+ await Parse.User.signUp('username', 'password');
+ await Parse.Cloud.run('test');
+ await expectAsync(Parse.Cloud.run('test')).toBeRejectedWith(
+ new Parse.Error(Parse.Error.CONNECTION_FAILED, 'Too many requests')
+ );
+ await Parse.User.logIn('username', 'password');
+ await expectAsync(Parse.Cloud.run('test')).toBeRejectedWith(
+ new Parse.Error(Parse.Error.CONNECTION_FAILED, 'Too many requests')
+ );
+ });
+ });
+
it('can validate rateLimit', async () => {
const Config = require('../lib/Config');
const validateRateLimit = ({ rateLimit }) => Config.validateRateLimit(rateLimit);
@@ -350,6 +443,11 @@ describe('rate limit', () => {
expect(() =>
validateRateLimit({ rateLimit: [{ requestTimeWindow: [], requestPath: 'a' }] })
).toThrow('rateLimit.requestTimeWindow must be a number');
+ expect(() =>
+ validateRateLimit({
+ rateLimit: [{ requestPath: 'a', requestTimeWindow: 1000, requestCount: 3, zone: 'abc' }],
+ })
+ ).toThrow('rateLimit.zone must be one of global, session, user, or ip');
expect(() =>
validateRateLimit({
rateLimit: [
diff --git a/src/Config.js b/src/Config.js
index f63b5d47da..5e3a49bb35 100644
--- a/src/Config.js
+++ b/src/Config.js
@@ -18,6 +18,7 @@ import {
SchemaOptions,
SecurityOptions,
} from './Options/Definitions';
+import ParseServer from './cloud-code/Parse.Server';
function removeTrailingSlash(str) {
if (!str) {
@@ -609,6 +610,11 @@ export class Config {
if (option.errorResponseMessage && typeof option.errorResponseMessage !== 'string') {
throw `rateLimit.errorResponseMessage must be a string`;
}
+ const options = Object.keys(ParseServer.RateLimitZone);
+ if (option.zone && !options.includes(option.zone)) {
+ const formatter = new Intl.ListFormat('en', { style: 'short', type: 'disjunction' });
+ throw `rateLimit.zone must be one of ${formatter.format(options)}`;
+ }
}
}
diff --git a/src/Options/Definitions.js b/src/Options/Definitions.js
index 31700b4cc2..3815902c51 100644
--- a/src/Options/Definitions.js
+++ b/src/Options/Definitions.js
@@ -601,6 +601,11 @@ module.exports.RateLimitOptions = {
'The window of time in milliseconds within which the number of requests set in `requestCount` can be made before the rate limit is applied.',
action: parsers.numberParser('requestTimeWindow'),
},
+ zone: {
+ env: 'PARSE_SERVER_RATE_LIMIT_ZONE',
+ help:
+ "The type of rate limit to apply. The following types are supported:
- `global`: rate limit based on the number of requests made by all users
- `ip`: rate limit based on the IP address of the request
- `user`: rate limit based on the user ID of the request
- `session`: rate limit based on the session token of the request
:default: 'ip'",
+ },
};
module.exports.SecurityOptions = {
checkGroups: {
diff --git a/src/Options/docs.js b/src/Options/docs.js
index b1bf31a5e7..847e7df944 100644
--- a/src/Options/docs.js
+++ b/src/Options/docs.js
@@ -111,6 +111,7 @@
* @property {String[]} requestMethods Optional, the HTTP request methods to which the rate limit should be applied, default is all methods.
* @property {String} requestPath The path of the API route to be rate limited. Route paths, in combination with a request method, define the endpoints at which requests can be made. Route paths can be strings, string patterns, or regular expression. See: https://expressjs.com/en/guide/routing.html
* @property {Number} requestTimeWindow The window of time in milliseconds within which the number of requests set in `requestCount` can be made before the rate limit is applied.
+ * @property {String} zone The type of rate limit to apply. The following types are supported:
- `global`: rate limit based on the number of requests made by all users
- `ip`: rate limit based on the IP address of the request
- `user`: rate limit based on the user ID of the request
- `session`: rate limit based on the session token of the request
:default: 'ip'
*/
/**
diff --git a/src/Options/index.js b/src/Options/index.js
index 492f4323e9..87813147f7 100644
--- a/src/Options/index.js
+++ b/src/Options/index.js
@@ -334,6 +334,17 @@ export interface RateLimitOptions {
/* Optional, the URL of the Redis server to store rate limit data. This allows to rate limit requests for multiple servers by calculating the sum of all requests across all servers. This is useful if multiple servers are processing requests behind a load balancer. For example, the limit of 10 requests is reached if each of 2 servers processed 5 requests.
*/
redisUrl: ?string;
+ /*
+ The type of rate limit to apply. The following types are supported:
+
+ - `global`: rate limit based on the number of requests made by all users
+ - `ip`: rate limit based on the IP address of the request
+ - `user`: rate limit based on the user ID of the request
+ - `session`: rate limit based on the session token of the request
+
+ :default: 'ip'
+ */
+ zone: ?string;
}
export interface SecurityOptions {
diff --git a/src/ParseServer.js b/src/ParseServer.js
index 192ad9c40c..6465e1f3c9 100644
--- a/src/ParseServer.js
+++ b/src/ParseServer.js
@@ -444,9 +444,11 @@ class ParseServer {
function addParseCloud() {
const ParseCloud = require('./cloud-code/Parse.Cloud');
+ const ParseServer = require('./cloud-code/Parse.Server');
Object.defineProperty(Parse, 'Server', {
get() {
- return Config.get(Parse.applicationId);
+ const conf = Config.get(Parse.applicationId);
+ return { ...conf, ...ParseServer };
},
set(newVal) {
newVal.appId = Parse.applicationId;
diff --git a/src/cloud-code/Parse.Server.js b/src/cloud-code/Parse.Server.js
new file mode 100644
index 0000000000..71295618f2
--- /dev/null
+++ b/src/cloud-code/Parse.Server.js
@@ -0,0 +1,19 @@
+const ParseServer = {};
+/**
+ * ...
+ *
+ * @memberof Parse.Server
+ * @property {String} global Rate limit based on the number of requests made by all users.
+ * @property {String} session Rate limit based on the sessionToken.
+ * @property {String} user Rate limit based on the user ID.
+ * @property {String} ip Rate limit based on the request ip.
+ * ...
+ */
+ParseServer.RateLimitZone = Object.freeze({
+ global: 'global',
+ session: 'session',
+ user: 'user',
+ ip: 'ip',
+});
+
+module.exports = ParseServer;
diff --git a/src/middlewares.js b/src/middlewares.js
index b86dafb6b7..a7e309b0cc 100644
--- a/src/middlewares.js
+++ b/src/middlewares.js
@@ -549,7 +549,22 @@ export const addRateLimit = (route, config, cloud) => {
}
return request.auth?.isMaster;
},
- keyGenerator: request => {
+ keyGenerator: async request => {
+ if (route.zone === Parse.Server.RateLimitZone.global) {
+ return request.config.appId;
+ }
+ const token = request.info.sessionToken;
+ if (route.zone === Parse.Server.RateLimitZone.session && token) {
+ return token;
+ }
+ if (route.zone === Parse.Server.RateLimitZone.user && token) {
+ if (!request.auth) {
+ await new Promise(resolve => handleParseSession(request, null, resolve));
+ }
+ if (request.auth?.user?.id && request.zone === 'user') {
+ return request.auth.user.id;
+ }
+ }
return request.config.ip;
},
store: redisStore.store,
From c8910abdaae71dac21077465d8197e05e31af33d Mon Sep 17 00:00:00 2001
From: semantic-release-bot
Date: Fri, 9 Jun 2023 11:29:05 +0000
Subject: [PATCH 49/53] chore(release): 6.1.0-alpha.20 [skip ci]
# [6.1.0-alpha.20](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.19...6.1.0-alpha.20) (2023-06-09)
### Features
* Add zones for rate limiting by `ip`, `user`, `session`, `global` ([#8508](https://github.com/parse-community/parse-server/issues/8508)) ([03fba97](https://github.com/parse-community/parse-server/commit/03fba97e0549bfcaeee9f2fa4c9905dbcc91840e))
---
changelogs/CHANGELOG_alpha.md | 7 +++++++
package-lock.json | 4 ++--
package.json | 2 +-
3 files changed, 10 insertions(+), 3 deletions(-)
diff --git a/changelogs/CHANGELOG_alpha.md b/changelogs/CHANGELOG_alpha.md
index 9b96e60b47..b9b1925b78 100644
--- a/changelogs/CHANGELOG_alpha.md
+++ b/changelogs/CHANGELOG_alpha.md
@@ -1,3 +1,10 @@
+# [6.1.0-alpha.20](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.19...6.1.0-alpha.20) (2023-06-09)
+
+
+### Features
+
+* Add zones for rate limiting by `ip`, `user`, `session`, `global` ([#8508](https://github.com/parse-community/parse-server/issues/8508)) ([03fba97](https://github.com/parse-community/parse-server/commit/03fba97e0549bfcaeee9f2fa4c9905dbcc91840e))
+
# [6.1.0-alpha.19](https://github.com/parse-community/parse-server/compare/6.1.0-alpha.18...6.1.0-alpha.19) (2023-06-08)
diff --git a/package-lock.json b/package-lock.json
index befd4f9bd5..39a7a982ae 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
{
"name": "parse-server",
- "version": "6.1.0-alpha.19",
+ "version": "6.1.0-alpha.20",
"lockfileVersion": 2,
"requires": true,
"packages": {
"": {
"name": "parse-server",
- "version": "6.1.0-alpha.19",
+ "version": "6.1.0-alpha.20",
"hasInstallScript": true,
"license": "Apache-2.0",
"dependencies": {
diff --git a/package.json b/package.json
index 78b43b769b..b5a8ebc75e 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "parse-server",
- "version": "6.1.0-alpha.19",
+ "version": "6.1.0-alpha.20",
"description": "An express module providing a Parse-compatible API server",
"main": "lib/index.js",
"repository": {
From 234fb2cbf37eddb6fbcd3183f4931ea4366c73be Mon Sep 17 00:00:00 2001
From: Manuel <5673677+mtrezza@users.noreply.github.com>
Date: Sat, 10 Jun 2023 23:04:48 +0200
Subject: [PATCH 50/53] docs: Add to CONTRIBUTING guide (#8628)
---
CONTRIBUTING.md | 21 +++++++++++++++++++++
1 file changed, 21 insertions(+)
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index a37df4037e..44437df07f 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -12,6 +12,9 @@
- [Merge Readiness](#merge-readiness)
- [Review Validity](#review-validity)
- [Code Ownership](#code-ownership)
+ - [Access Permissions](#access-permissions)
+ - [New Private Repository](#new-private-repository)
+ - [New Public Repository](#new-public-repository)
- [Environment Setup](#environment-setup)
- [Recommended Tools](#recommended-tools)
- [Setting up your local machine](#setting-up-your-local-machine)
@@ -152,6 +155,24 @@ Your arguments must focus on the issue, not on your assumption of someone else's
If your pull request contains work from someone else then you are required to get their permission to use their work in your pull request. Please make sure to observe the [license](LICENSE) for more details. In addition, as an appreciative gesture you should clearly mention that your pull request is based on another pull request with a link in the top-most comment of your pull request. To avoid this issue we encourage contributors to collaborate on a single pull request to preserve the commit history and clearly identify each author's contribution. To do so, you can review the other author's pull request and submit your code suggestions, or ask the original author to grant you write access to their repository to also be able to make commits directly to their pull request.
+### Access Permissions
+
+> *Can I get write access to the repository to make changes faster?*
+
+Keeping our products safe and secure is one of your top priorities. Our security policy mandates that write access to repositories is only provided to as few people as necessary. All usual contributions can be made via public pull requests. If you think you need write access, contact the repository team and explain in detail what the containt is that you are trying to overcome. We want to make contributing for you as easy as possible. If there are any bottlenecks that are slowing you down we will be happy to look into it to improve your contribution experience.
+
+### New Private Repository
+
+> *Can I get a new private repository within the Parse Platform organization to work on some stuff?*
+
+Private repositories are not provided unless there is a significant constraint or requirement that makes it necessary. For example, when collaborating on fixing a security vulnerability we provide private repositories to allow collaborators to share sensitive information within a select group.
+
+### New Public Repository
+
+> *Can I get a new public repository within the Parse Platform organization to work on some stuff?*
+
+First of all, we appreciate your contribution. In rare cases, where we consider it beneficial to the advancement of the repository, a new public repository for a specific purpose may be provided, for example for increased visibility or to provide the organization's GitHub ressources. In other cases, we encourage you to start your contribution in a personal repository of your own GitHub account, and later transfer it to the Parse Platform organization. We will be happy to assist you in the repository transfer.
+
## Environment Setup
### Recommended Tools
From 02a2ef2baa6ea5a87b7dafb9d78026774976dda5 Mon Sep 17 00:00:00 2001
From: Manuel <5673677+mtrezza@users.noreply.github.com>
Date: Sat, 10 Jun 2023 23:08:43 +0200
Subject: [PATCH 51/53] docs: Fix typos in CONTRIBUTING guide (#8629)
---
CONTRIBUTING.md | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 44437df07f..3d70f6aa63 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -159,7 +159,7 @@ If your pull request contains work from someone else then you are required to ge
> *Can I get write access to the repository to make changes faster?*
-Keeping our products safe and secure is one of your top priorities. Our security policy mandates that write access to repositories is only provided to as few people as necessary. All usual contributions can be made via public pull requests. If you think you need write access, contact the repository team and explain in detail what the containt is that you are trying to overcome. We want to make contributing for you as easy as possible. If there are any bottlenecks that are slowing you down we will be happy to look into it to improve your contribution experience.
+Keeping our products safe and secure is one of your top priorities. Our security policy mandates that write access to repositories is only provided to as few people as necessary. All usual contributions can be made via public pull requests. If you think you need write access, contact the repository team and explain in detail what the constraint is that you are trying to overcome. We want to make contributing for you as easy as possible. If there are any bottlenecks that are slowing you down we are happy to receive your feedback to see where we can improve.
### New Private Repository
From fb54ac1f1ef79240036ba61c0a1335360d49a120 Mon Sep 17 00:00:00 2001
From: Manuel Trezza <5673677+mtrezza@users.noreply.github.com>
Date: Sat, 10 Jun 2023 21:49:20 +0200
Subject: [PATCH 52/53] empty commit
From 24c0b03f5eda5ea889306142a5baf5ec38ebde1d Mon Sep 17 00:00:00 2001
From: Manuel Trezza <5673677+mtrezza@users.noreply.github.com>
Date: Sat, 10 Jun 2023 21:53:19 +0200
Subject: [PATCH 53/53] Squashed commit of the following:
commit 150627328fd510062f0552a2a8828314b66dc258
Author: semantic-release-bot
Date: Sat May 20 23:24:03 2023 +0000
chore(release): 6.2.0 [skip ci]
# [6.2.0](https://github.com/parse-community/parse-server/compare/6.1.0...6.2.0) (2023-05-20)
### Features
* Add new Parse Server option `fileUpload.fileExtensions` to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern `^[^hH][^tT][^mM][^lL]?$`, which excludes HTML files; if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to `['.*']` ([#8538](https://github.com/parse-community/parse-server/issues/8538)) ([a318e7b](https://github.com/parse-community/parse-server/commit/a318e7bbafcf7a3425b0a1b3c2dd30f526b4b6f9))
commit a318e7bbafcf7a3425b0a1b3c2dd30f526b4b6f9
Author: Manuel <5673677+mtrezza@users.noreply.github.com>
Date: Sun May 21 01:23:00 2023 +0200
feat: Add new Parse Server option `fileUpload.fileExtensions` to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern `^[^hH][^tT][^mM][^lL]?$`, which excludes HTML files; if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to `['.*']` (#8538)
commit 832702dffd265fb3958599d53528817bf9c3d887
Author: semantic-release-bot
Date: Mon May 1 21:50:23 2023 +0000
chore(release): 6.1.0 [skip ci]
# [6.1.0](https://github.com/parse-community/parse-server/compare/6.0.0...6.1.0) (2023-05-01)
### Bug Fixes
* LiveQuery can return incorrectly formatted date ([#8456](https://github.com/parse-community/parse-server/issues/8456)) ([4ce135a](https://github.com/parse-community/parse-server/commit/4ce135a4fe930776044bc8fd786a4e17a0144e03))
* Nested date is incorrectly decoded as empty object `{}` when fetching a Parse Object ([#8446](https://github.com/parse-community/parse-server/issues/8446)) ([22d2446](https://github.com/parse-community/parse-server/commit/22d2446dfea2bc339affc20535d181097e152acf))
* Parameters missing in `afterFind` trigger of authentication adapters ([#8458](https://github.com/parse-community/parse-server/issues/8458)) ([ce34747](https://github.com/parse-community/parse-server/commit/ce34747e8af54cb0b6b975da38f779a5955d2d59))
* Rate limiting across multiple servers via Redis not working ([#8469](https://github.com/parse-community/parse-server/issues/8469)) ([d9e347d](https://github.com/parse-community/parse-server/commit/d9e347d7413f30f58ffbb8397fc8b5ae23be6ff0))
* Security upgrade jsonwebtoken to 9.0.0 ([#8420](https://github.com/parse-community/parse-server/issues/8420)) ([f5bfe45](https://github.com/parse-community/parse-server/commit/f5bfe4571e82b2b7440d41f3cff0d49937398164))
### Features
* Add `afterFind` trigger to authentication adapters ([#8444](https://github.com/parse-community/parse-server/issues/8444)) ([c793bb8](https://github.com/parse-community/parse-server/commit/c793bb88e7485743c7ceb65fe419cde75833ff33))
* Add option `schemaCacheTtl` for schema cache pulling as alternative to `enableSchemaHooks` ([#8436](https://github.com/parse-community/parse-server/issues/8436)) ([b3b76de](https://github.com/parse-community/parse-server/commit/b3b76de71b1d4265689d052e7837c38ec1fa4323))
* Add Parse Server option `resetPasswordSuccessOnInvalidEmail` to choose success or error response on password reset with invalid email ([#7551](https://github.com/parse-community/parse-server/issues/7551)) ([e5d610e](https://github.com/parse-community/parse-server/commit/e5d610e5e487ddab86409409ac3d7362aba8f59b))
* Add rate limiting across multiple servers via Redis ([#8394](https://github.com/parse-community/parse-server/issues/8394)) ([34833e4](https://github.com/parse-community/parse-server/commit/34833e42eec08b812b733be78df0535ab0e096b6))
* Allow multiple origins for header `Access-Control-Allow-Origin` ([#8517](https://github.com/parse-community/parse-server/issues/8517)) ([4f15539](https://github.com/parse-community/parse-server/commit/4f15539ac244aa2d393ac5177f7604b43f69e271))
* Deprecate LiveQuery `fields` option in favor of `keys` for semantic consistency ([#8388](https://github.com/parse-community/parse-server/issues/8388)) ([a49e323](https://github.com/parse-community/parse-server/commit/a49e323d5ae640bff1c6603ec37fdaddb9328dd1))
* Export `AuthAdapter` to make it available for extension with custom authentication adapters ([#8443](https://github.com/parse-community/parse-server/issues/8443)) ([40c1961](https://github.com/parse-community/parse-server/commit/40c196153b8efa12ae384c1c0092b2ed60a260d6))
commit 18b63d1da7c041bb7a141f8bb9389cc6ce854f8b
Merge: f7eee19d f59d46c9
Author: Manuel <5673677+mtrezza@users.noreply.github.com>
Date: Mon May 1 23:49:22 2023 +0200
build: Release (#8526)
---
changelogs/CHANGELOG_release.md | 28 ++++++++++++++++++++++++++++
spec/ParseFile.spec.js | 2 +-
2 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/changelogs/CHANGELOG_release.md b/changelogs/CHANGELOG_release.md
index c7c35becaa..4cd0131cdb 100644
--- a/changelogs/CHANGELOG_release.md
+++ b/changelogs/CHANGELOG_release.md
@@ -1,3 +1,31 @@
+# [6.2.0](https://github.com/parse-community/parse-server/compare/6.1.0...6.2.0) (2023-05-20)
+
+
+### Features
+
+* Add new Parse Server option `fileUpload.fileExtensions` to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern `^[^hH][^tT][^mM][^lL]?$`, which excludes HTML files; if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to `['.*']` ([#8538](https://github.com/parse-community/parse-server/issues/8538)) ([a318e7b](https://github.com/parse-community/parse-server/commit/a318e7bbafcf7a3425b0a1b3c2dd30f526b4b6f9))
+
+# [6.1.0](https://github.com/parse-community/parse-server/compare/6.0.0...6.1.0) (2023-05-01)
+
+
+### Bug Fixes
+
+* LiveQuery can return incorrectly formatted date ([#8456](https://github.com/parse-community/parse-server/issues/8456)) ([4ce135a](https://github.com/parse-community/parse-server/commit/4ce135a4fe930776044bc8fd786a4e17a0144e03))
+* Nested date is incorrectly decoded as empty object `{}` when fetching a Parse Object ([#8446](https://github.com/parse-community/parse-server/issues/8446)) ([22d2446](https://github.com/parse-community/parse-server/commit/22d2446dfea2bc339affc20535d181097e152acf))
+* Parameters missing in `afterFind` trigger of authentication adapters ([#8458](https://github.com/parse-community/parse-server/issues/8458)) ([ce34747](https://github.com/parse-community/parse-server/commit/ce34747e8af54cb0b6b975da38f779a5955d2d59))
+* Rate limiting across multiple servers via Redis not working ([#8469](https://github.com/parse-community/parse-server/issues/8469)) ([d9e347d](https://github.com/parse-community/parse-server/commit/d9e347d7413f30f58ffbb8397fc8b5ae23be6ff0))
+* Security upgrade jsonwebtoken to 9.0.0 ([#8420](https://github.com/parse-community/parse-server/issues/8420)) ([f5bfe45](https://github.com/parse-community/parse-server/commit/f5bfe4571e82b2b7440d41f3cff0d49937398164))
+
+### Features
+
+* Add `afterFind` trigger to authentication adapters ([#8444](https://github.com/parse-community/parse-server/issues/8444)) ([c793bb8](https://github.com/parse-community/parse-server/commit/c793bb88e7485743c7ceb65fe419cde75833ff33))
+* Add option `schemaCacheTtl` for schema cache pulling as alternative to `enableSchemaHooks` ([#8436](https://github.com/parse-community/parse-server/issues/8436)) ([b3b76de](https://github.com/parse-community/parse-server/commit/b3b76de71b1d4265689d052e7837c38ec1fa4323))
+* Add Parse Server option `resetPasswordSuccessOnInvalidEmail` to choose success or error response on password reset with invalid email ([#7551](https://github.com/parse-community/parse-server/issues/7551)) ([e5d610e](https://github.com/parse-community/parse-server/commit/e5d610e5e487ddab86409409ac3d7362aba8f59b))
+* Add rate limiting across multiple servers via Redis ([#8394](https://github.com/parse-community/parse-server/issues/8394)) ([34833e4](https://github.com/parse-community/parse-server/commit/34833e42eec08b812b733be78df0535ab0e096b6))
+* Allow multiple origins for header `Access-Control-Allow-Origin` ([#8517](https://github.com/parse-community/parse-server/issues/8517)) ([4f15539](https://github.com/parse-community/parse-server/commit/4f15539ac244aa2d393ac5177f7604b43f69e271))
+* Deprecate LiveQuery `fields` option in favor of `keys` for semantic consistency ([#8388](https://github.com/parse-community/parse-server/issues/8388)) ([a49e323](https://github.com/parse-community/parse-server/commit/a49e323d5ae640bff1c6603ec37fdaddb9328dd1))
+* Export `AuthAdapter` to make it available for extension with custom authentication adapters ([#8443](https://github.com/parse-community/parse-server/issues/8443)) ([40c1961](https://github.com/parse-community/parse-server/commit/40c196153b8efa12ae384c1c0092b2ed60a260d6))
+
# [6.0.0](https://github.com/parse-community/parse-server/compare/5.4.0...6.0.0) (2023-01-31)
diff --git a/spec/ParseFile.spec.js b/spec/ParseFile.spec.js
index 88b8a64025..eeab537008 100644
--- a/spec/ParseFile.spec.js
+++ b/spec/ParseFile.spec.js
@@ -1313,10 +1313,10 @@ describe('Parse.File testing', () => {
).toBeRejectedWith('fileUpload.fileExtensions must be an array.');
});
});
+
describe('fileExtensions', () => {
it('works with _ContentType', async () => {
await reconfigureServer({
- silent: false,
fileUpload: {
enableForPublic: true,
fileExtensions: ['png'],