Release 4.10.2 (#7513)
* move graphql-tag from devDependencies to dependencies (#7183) * bump version * Update CHANGELOG.md
This commit is contained in:
Manuel
GitHub
22
CHANGELOG.md
22
CHANGELOG.md
@@ -1,16 +1,20 @@
|
|||||||
## Parse Server Changelog
|
# Parse Server Changelog
|
||||||
|
|
||||||
### master
|
# 4.10.2
|
||||||
[Full Changelog](https://github.com/parse-community/parse-server/compare/4.10.1...master)
|
[Full Changelog](https://github.com/parse-community/parse-server/compare/4.10.1...4.10.2)
|
||||||
|
|
||||||
### 4.10.1
|
## Fixes
|
||||||
|
- Move graphql-tag from devDependencies to dependencies (Antonio Davi Macedo Coelho de Castro) [#7183](https://github.com/parse-community/parse-server/pull/7183)
|
||||||
|
|
||||||
|
# 4.10.1
|
||||||
[Full Changelog](https://github.com/parse-community/parse-server/compare/4.10.0...4.10.1)
|
[Full Changelog](https://github.com/parse-community/parse-server/compare/4.10.0...4.10.1)
|
||||||
|
|
||||||
|
## Security Fixes
|
||||||
- Updated to Parse JS SDK 3.3.0 and other security fixes (Manuel Trezza) [#7508](https://github.com/parse-community/parse-server/pull/7508)
|
- Updated to Parse JS SDK 3.3.0 and other security fixes (Manuel Trezza) [#7508](https://github.com/parse-community/parse-server/pull/7508)
|
||||||
|
|
||||||
> ⚠️ This includes a security fix of the Parse JS SDK where `logIn` will default to `POST` instead of `GET` method. This may require changes in your deployment before you upgrade to this release, see the Parse JS SDK 3.0.0 [release notes](https://github.com/parse-community/Parse-SDK-JS/releases/tag/3.0.0).
|
> ⚠️ This includes a security fix of the Parse JS SDK where `logIn` will default to `POST` instead of `GET` method. This may require changes in your deployment before you upgrade to this release, see the Parse JS SDK 3.0.0 [release notes](https://github.com/parse-community/Parse-SDK-JS/releases/tag/3.0.0).
|
||||||
|
|
||||||
### 4.10.0
|
# 4.10.0
|
||||||
[Full Changelog](https://github.com/parse-community/parse-server/compare/4.5.2...4.10.0)
|
[Full Changelog](https://github.com/parse-community/parse-server/compare/4.5.2...4.10.0)
|
||||||
|
|
||||||
*Versions >4.5.2 and <4.10.0 are skipped.*
|
*Versions >4.5.2 and <4.10.0 are skipped.*
|
||||||
@@ -26,16 +30,16 @@
|
|||||||
>
|
>
|
||||||
>**If you are using any of the affected versions, we urgently recommend to upgrade to version `4.10.0`.**
|
>**If you are using any of the affected versions, we urgently recommend to upgrade to version `4.10.0`.**
|
||||||
|
|
||||||
### 4.5.2
|
# 4.5.2
|
||||||
[Full Changelog](https://github.com/parse-community/parse-server/compare/4.5.0...4.5.2)
|
[Full Changelog](https://github.com/parse-community/parse-server/compare/4.5.0...4.5.2)
|
||||||
|
|
||||||
### Security Fixes
|
## Security Fixes
|
||||||
- SECURITY FIX: Fixes incorrect session property `authProvider: password` of anonymous users. When signing up an anonymous user, the session field `createdWith` indicates incorrectly that the session has been created using username and password with `authProvider: password`, instead of an anonymous sign-up with `authProvider: anonymous`. This fixes the issue by setting the correct `authProvider: anonymous` for future sign-ups of anonymous users. This fix does not fix incorrect `authProvider: password` for existing sessions of anonymous users. Consider this if your app logic depends on the `authProvider` field. (Corey Baker) [GHSA-23r4-5mxp-c7g5](https://github.com/parse-community/parse-server/security/advisories/GHSA-23r4-5mxp-c7g5)
|
- SECURITY FIX: Fixes incorrect session property `authProvider: password` of anonymous users. When signing up an anonymous user, the session field `createdWith` indicates incorrectly that the session has been created using username and password with `authProvider: password`, instead of an anonymous sign-up with `authProvider: anonymous`. This fixes the issue by setting the correct `authProvider: anonymous` for future sign-ups of anonymous users. This fix does not fix incorrect `authProvider: password` for existing sessions of anonymous users. Consider this if your app logic depends on the `authProvider` field. (Corey Baker) [GHSA-23r4-5mxp-c7g5](https://github.com/parse-community/parse-server/security/advisories/GHSA-23r4-5mxp-c7g5)
|
||||||
|
|
||||||
### 4.5.1
|
# 4.5.1
|
||||||
*This version was published by mistake and was deprecated.*
|
*This version was published by mistake and was deprecated.*
|
||||||
|
|
||||||
### 4.5.0
|
# 4.5.0
|
||||||
[Full Changelog](https://github.com/parse-community/parse-server/compare/4.4.0...4.5.0)
|
[Full Changelog](https://github.com/parse-community/parse-server/compare/4.4.0...4.5.0)
|
||||||
|
|
||||||
__BREAKING CHANGES:__
|
__BREAKING CHANGES:__
|
||||||
|
|||||||
19
package-lock.json
generated
19
package-lock.json
generated
@@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "parse-server",
|
"name": "parse-server",
|
||||||
"version": "4.10.1",
|
"version": "4.10.2",
|
||||||
"lockfileVersion": 1,
|
"lockfileVersion": 1,
|
||||||
"requires": true,
|
"requires": true,
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
@@ -7310,10 +7310,19 @@
|
|||||||
}
|
}
|
||||||
},
|
},
|
||||||
"graphql-tag": {
|
"graphql-tag": {
|
||||||
"version": "2.10.1",
|
"version": "2.12.5",
|
||||||
"resolved": "https://registry.npmjs.org/graphql-tag/-/graphql-tag-2.10.1.tgz",
|
"resolved": "https://registry.npmjs.org/graphql-tag/-/graphql-tag-2.12.5.tgz",
|
||||||
"integrity": "sha512-jApXqWBzNXQ8jYa/HLkZJaVw9jgwNqZkywa2zfFn16Iv1Zb7ELNHkJaXHR7Quvd5SIGsy6Ny7SUKATgnu05uEg==",
|
"integrity": "sha512-5xNhP4063d16Pz3HBtKprutsPrmHZi5IdUGOWRxA2B6VF7BIRGOHZ5WQvDmJXZuPcBg7rYwaFxvQYjqkSdR3TQ==",
|
||||||
"dev": true
|
"requires": {
|
||||||
|
"tslib": "^2.1.0"
|
||||||
|
},
|
||||||
|
"dependencies": {
|
||||||
|
"tslib": {
|
||||||
|
"version": "2.3.1",
|
||||||
|
"resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz",
|
||||||
|
"integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw=="
|
||||||
|
}
|
||||||
|
}
|
||||||
},
|
},
|
||||||
"graphql-tools": {
|
"graphql-tools": {
|
||||||
"version": "4.0.8",
|
"version": "4.0.8",
|
||||||
|
|||||||
@@ -1,6 +1,6 @@
|
|||||||
{
|
{
|
||||||
"name": "parse-server",
|
"name": "parse-server",
|
||||||
"version": "4.10.1",
|
"version": "4.10.2",
|
||||||
"description": "An express module providing a Parse-compatible API server",
|
"description": "An express module providing a Parse-compatible API server",
|
||||||
"main": "lib/index.js",
|
"main": "lib/index.js",
|
||||||
"repository": {
|
"repository": {
|
||||||
@@ -38,6 +38,7 @@
|
|||||||
"graphql": "15.4.0",
|
"graphql": "15.4.0",
|
||||||
"graphql-list-fields": "2.0.2",
|
"graphql-list-fields": "2.0.2",
|
||||||
"graphql-relay": "0.6.0",
|
"graphql-relay": "0.6.0",
|
||||||
|
"graphql-tag": "2.12.5",
|
||||||
"graphql-upload": "11.0.0",
|
"graphql-upload": "11.0.0",
|
||||||
"intersect": "1.0.1",
|
"intersect": "1.0.1",
|
||||||
"jsonwebtoken": "8.5.1",
|
"jsonwebtoken": "8.5.1",
|
||||||
@@ -81,7 +82,6 @@
|
|||||||
"eslint-plugin-flowtype": "5.1.3",
|
"eslint-plugin-flowtype": "5.1.3",
|
||||||
"flow-bin": "0.119.1",
|
"flow-bin": "0.119.1",
|
||||||
"form-data": "3.0.0",
|
"form-data": "3.0.0",
|
||||||
"graphql-tag": "2.10.1",
|
|
||||||
"husky": "4.2.5",
|
"husky": "4.2.5",
|
||||||
"jasmine": "3.5.0",
|
"jasmine": "3.5.0",
|
||||||
"jsdoc": "3.6.7",
|
"jsdoc": "3.6.7",
|
||||||
|
|||||||
Reference in New Issue
Block a user