From 4f114068a17cbf3258bea631d5001cb3883a959f Mon Sep 17 00:00:00 2001
From: semantic-release-bot <semantic-release-bot@martynus.net>
Date: Mon, 1 Nov 2021 16:12:16 +0000
Subject: [PATCH 01/19] chore(release): 5.0.0-beta.1 [skip ci]

# [5.0.0-beta.1](https://github.com/parse-community/parse-server/compare/4.5.0...5.0.0-beta.1) (2021-11-01)

### Bug Fixes

* add deprecation warning for `Parse.Cloud.httpRequest` ([#7595](https://github.com/parse-community/parse-server/issues/7595)) ([ab1dddd](https://github.com/parse-community/parse-server/commit/ab1dddd406589800e1a8ebe8381b9da702e9c641))
* add support for descending sorting of full text search ([#7496](https://github.com/parse-community/parse-server/issues/7496)) ([8ed9442](https://github.com/parse-community/parse-server/commit/8ed94421e69b1d4fde4ec3625a1f4cfbd6d39c2b))
* allow LiveQuery on Parse.Session ([#7554](https://github.com/parse-community/parse-server/issues/7554)) ([caee281](https://github.com/parse-community/parse-server/commit/caee281bc58901fea7cead21d6a9a0bb2022d91b))
* combined `and` query with relational query condition returns incorrect results ([#7593](https://github.com/parse-community/parse-server/issues/7593)) ([174886e](https://github.com/parse-community/parse-server/commit/174886e385e091c6bbd4a84891ef95f80b50d05c))
* empty file tags cause upload error for some providers ([#7300](https://github.com/parse-community/parse-server/issues/7300)) ([4d16702](https://github.com/parse-community/parse-server/commit/4d167026aebed38bf3a3b74599ab3771d1da3245))
* **Logger:** Handle interpolating stdout ([#7114](https://github.com/parse-community/parse-server/issues/7114)) ([1ede078](https://github.com/parse-community/parse-server/commit/1ede078154213d3426cc492612ce41bdb1eda43b))
* improve security by deprecating creating users with public access by default ([#7319](https://github.com/parse-community/parse-server/issues/7319)) ([484c2e8](https://github.com/parse-community/parse-server/commit/484c2e81cace608eb28508a0926b17b3ba9e6233))
* package.json & package-lock.json to reduce vulnerabilities ([#7112](https://github.com/parse-community/parse-server/issues/7112)) ([7b8d8dd](https://github.com/parse-community/parse-server/commit/7b8d8ddbb0de583621a4d2ede95793c6516bc4c0))
* package.json & package-lock.json to reduce vulnerabilities ([#7218](https://github.com/parse-community/parse-server/issues/7218)) ([0476832](https://github.com/parse-community/parse-server/commit/047683219daf7940590db1237f6826a038bdc41d))
* package.json & package-lock.json to reduce vulnerabilities ([#7373](https://github.com/parse-community/parse-server/issues/7373)) ([b6843de](https://github.com/parse-community/parse-server/commit/b6843de904bf273bf664d94536defa39f91751b3))
* package.json & package-lock.json to reduce vulnerabilities ([#7405](https://github.com/parse-community/parse-server/issues/7405)) ([d915bac](https://github.com/parse-community/parse-server/commit/d915bacee7c6ded60b303582d2a6b85d42dc3cf4))
* package.json & package-lock.json to reduce vulnerabilities ([#7423](https://github.com/parse-community/parse-server/issues/7423)) ([bea4707](https://github.com/parse-community/parse-server/commit/bea4707783febc0fc6ea055835ffbc517cd2b067))
* package.json & package-lock.json to reduce vulnerabilities ([#7509](https://github.com/parse-community/parse-server/issues/7509)) ([65c967a](https://github.com/parse-community/parse-server/commit/65c967a4c446aebb535cbbbcb0ceb38d45da7859))
* Pass customObjectId in beforeSave ([#7167](https://github.com/parse-community/parse-server/issues/7167)) ([7224cde](https://github.com/parse-community/parse-server/commit/7224cde0232d79fea0f4b2d0bc2cb7641ec467d8)), closes [#6733](https://github.com/parse-community/parse-server/issues/6733)
* **utils:** permutation helper ([#7355](https://github.com/parse-community/parse-server/issues/7355)) ([91be6bb](https://github.com/parse-community/parse-server/commit/91be6bb59a61c126b7a25431655064342464905c))
* set objects in afterFind triggers ([#7311](https://github.com/parse-community/parse-server/issues/7311)) ([68a3a87](https://github.com/parse-community/parse-server/commit/68a3a875017d545253f0438c5d4c1c2b6c6c3b22))
* setting a field to null does not delete it via GraphQL API ([#7649](https://github.com/parse-community/parse-server/issues/7649)) ([626fad2](https://github.com/parse-community/parse-server/commit/626fad2e71017dcc62196c487de5f908fa43000b))
* upgrade @apollographql/graphql-playground-html from 1.6.26 to 1.6.27 ([#7274](https://github.com/parse-community/parse-server/issues/7274)) ([a05e9b1](https://github.com/parse-community/parse-server/commit/a05e9b1c0fee8ad917812637256faa1e0a1b40f6))
* upgrade @apollographql/graphql-playground-html from 1.6.27 to 1.6.28 ([#7411](https://github.com/parse-community/parse-server/issues/7411)) ([c58bf57](https://github.com/parse-community/parse-server/commit/c58bf57f51ebc9df3a624fb3ecdacdf4647f1dea))
* upgrade @apollographql/graphql-playground-html from 1.6.28 to 1.6.29 ([#7473](https://github.com/parse-community/parse-server/issues/7473)) ([39f7c83](https://github.com/parse-community/parse-server/commit/39f7c831e6493cff9cd64195b64e886fda4624f8))
* upgrade @parse/simple-mailgun-adapter from 1.1.0 to 1.2.0 ([#7109](https://github.com/parse-community/parse-server/issues/7109)) ([8ff0d08](https://github.com/parse-community/parse-server/commit/8ff0d08dcf5a9ada931359df3e78543445312f15))
* upgrade apollo-server-express from 2.19.0 to 2.19.1 ([#7122](https://github.com/parse-community/parse-server/issues/7122)) ([33bdd87](https://github.com/parse-community/parse-server/commit/33bdd8709266f17489c319e43b3f2a7d8ea27fd5))
* upgrade apollo-server-express from 2.19.1 to 2.19.2 ([#7165](https://github.com/parse-community/parse-server/issues/7165)) ([4b6e9ff](https://github.com/parse-community/parse-server/commit/4b6e9ffc3d2c1969c285c94f7cf2cfc7af03227e))
* upgrade apollo-server-express from 2.19.2 to 2.20.0 ([#7239](https://github.com/parse-community/parse-server/issues/7239)) ([d10e990](https://github.com/parse-community/parse-server/commit/d10e99007b70816707944060905cff7da5018eb0))
* upgrade apollo-server-express from 2.21.0 to 2.21.1 ([#7308](https://github.com/parse-community/parse-server/issues/7308)) ([3dc4597](https://github.com/parse-community/parse-server/commit/3dc459746dbd4a2d245f2bde688cd087a5b74703))
* upgrade apollo-server-express from 2.21.1 to 2.22.1 ([#7357](https://github.com/parse-community/parse-server/issues/7357)) ([25690ad](https://github.com/parse-community/parse-server/commit/25690ad515551bda33dd581789ffeb9a218c8033))
* upgrade apollo-server-express from 2.22.1 to 2.22.2 ([#7362](https://github.com/parse-community/parse-server/issues/7362)) ([181fbf9](https://github.com/parse-community/parse-server/commit/181fbf9d46bee61b5c67a411b4a41c38d201cc73))
* upgrade apollo-server-express from 2.22.2 to 2.23.0 ([#7380](https://github.com/parse-community/parse-server/issues/7380)) ([87476da](https://github.com/parse-community/parse-server/commit/87476da31e28e064fa7192998c67de9c31ac18a6))
* upgrade apollo-server-express from 2.23.0 to 2.24.0 ([#7395](https://github.com/parse-community/parse-server/issues/7395)) ([ff5755b](https://github.com/parse-community/parse-server/commit/ff5755b05ac554a107a443a8870f4c2442b0a5f3))
* upgrade apollo-server-express from 2.24.0 to 2.24.1 ([#7424](https://github.com/parse-community/parse-server/issues/7424)) ([bfdb6a9](https://github.com/parse-community/parse-server/commit/bfdb6a93e8c0d78524820b32abaff174776520f3))
* upgrade apollo-server-express from 2.24.1 to 2.25.0 ([#7435](https://github.com/parse-community/parse-server/issues/7435)) ([4e5eba6](https://github.com/parse-community/parse-server/commit/4e5eba6c6c7bc6e643ac6477df15beea1ba60364))
* upgrade apollo-server-express from 2.25.0 to 2.25.1 ([#7449](https://github.com/parse-community/parse-server/issues/7449)) ([682f1bf](https://github.com/parse-community/parse-server/commit/682f1bf14388e134fbd993e274f5738ec2e57e02))
* upgrade apollo-server-express from 2.25.1 to 2.25.2 ([#7465](https://github.com/parse-community/parse-server/issues/7465)) ([1fe4708](https://github.com/parse-community/parse-server/commit/1fe47087a92c80e7ee8cc6e3e26b3a67f8df68ee))
* upgrade follow-redirects from 1.13.0 to 1.13.1 ([#7106](https://github.com/parse-community/parse-server/issues/7106)) ([16b4aad](https://github.com/parse-community/parse-server/commit/16b4aadfe2b5b5b24e6e3bbe22c93a92f02c9eb3))
* upgrade follow-redirects from 1.13.1 to 1.13.2 ([#7194](https://github.com/parse-community/parse-server/issues/7194)) ([738ba9f](https://github.com/parse-community/parse-server/commit/738ba9fc704a770bd1e2af23bca31ed7202f99cd))
* upgrade follow-redirects from 1.13.2 to 1.13.3 ([#7285](https://github.com/parse-community/parse-server/issues/7285)) ([d144819](https://github.com/parse-community/parse-server/commit/d144819d21b59b11dc957346748ce3200349a6b7))
* upgrade follow-redirects from 1.13.3 to 1.14.0 ([#7389](https://github.com/parse-community/parse-server/issues/7389)) ([38c01c6](https://github.com/parse-community/parse-server/commit/38c01c6bc32fe769c3a636e45b389e2a995c2ee6))
* upgrade follow-redirects from 1.14.0 to 1.14.1 ([#7408](https://github.com/parse-community/parse-server/issues/7408)) ([8976ecc](https://github.com/parse-community/parse-server/commit/8976ecc4a9c91eeb1d0f3448eff7720b43c7747a))
* upgrade graphql from 15.4.0 to 15.5.0 ([#7201](https://github.com/parse-community/parse-server/issues/7201)) ([5a09687](https://github.com/parse-community/parse-server/commit/5a0968721d6d04cdde86d3df569a77910bcae803))
* upgrade graphql from 15.5.0 to 15.5.1 ([#7462](https://github.com/parse-community/parse-server/issues/7462)) ([bbd7ee7](https://github.com/parse-community/parse-server/commit/bbd7ee7313e19c43b15e16027439739590393dd1))
* upgrade graphql from 15.5.1 to 15.5.2 ([#7587](https://github.com/parse-community/parse-server/issues/7587)) ([dee4d96](https://github.com/parse-community/parse-server/commit/dee4d9662749eb699891c8a3797fa0b0467c6355))
* upgrade graphql from 15.5.2 to 15.5.3 ([#7596](https://github.com/parse-community/parse-server/issues/7596)) ([bcbc035](https://github.com/parse-community/parse-server/commit/bcbc035627c552a7940bec4ae210ca1522215246))
* upgrade graphql from 15.5.3 to 15.6.0 ([#7612](https://github.com/parse-community/parse-server/issues/7612)) ([407ed6e](https://github.com/parse-community/parse-server/commit/407ed6ee36ea42d7eb525f42b1f3da6f41230504))
* upgrade graphql-relay from 0.6.0 to 0.7.0 ([#7443](https://github.com/parse-community/parse-server/issues/7443)) ([770e36f](https://github.com/parse-community/parse-server/commit/770e36ff43c42e4ed3db73a30436079a0460a1f0))
* upgrade graphql-relay from 0.7.0 to 0.8.0 ([#7467](https://github.com/parse-community/parse-server/issues/7467)) ([9923cd3](https://github.com/parse-community/parse-server/commit/9923cd3869ab80e70c5ca9765628ba0a28a6facc))
* upgrade graphql-tag from 2.10.1 to 2.12.0 ([#7234](https://github.com/parse-community/parse-server/issues/7234)) ([add67fd](https://github.com/parse-community/parse-server/commit/add67fdd2284a58386f6afd35edeaa8534579e33))
* upgrade graphql-tag from 2.12.0 to 2.12.1 ([#7282](https://github.com/parse-community/parse-server/issues/7282)) ([36de1db](https://github.com/parse-community/parse-server/commit/36de1db65dc3c2bbf8f8051ee1862a06ef41e7f9))
* upgrade graphql-tag from 2.12.1 to 2.12.2 ([#7325](https://github.com/parse-community/parse-server/issues/7325)) ([50e5557](https://github.com/parse-community/parse-server/commit/50e55571fdaa1ac3ca43d215c4bc62136d684873))
* upgrade graphql-tag from 2.12.2 to 2.12.4 ([#7396](https://github.com/parse-community/parse-server/issues/7396)) ([8099cb0](https://github.com/parse-community/parse-server/commit/8099cb05a48956b073f3e7d96c30b69292c06adc))
* upgrade graphql-tag from 2.12.4 to 2.12.5 ([#7466](https://github.com/parse-community/parse-server/issues/7466)) ([2b3355c](https://github.com/parse-community/parse-server/commit/2b3355cb022724838499a5d83c0d532040953566))
* upgrade jwks-rsa from 1.11.0 to 1.12.0 ([#7102](https://github.com/parse-community/parse-server/issues/7102)) ([029edbf](https://github.com/parse-community/parse-server/commit/029edbf706c4b1754afbb5ce69600a373b91cb9b))
* upgrade jwks-rsa from 1.12.1 to 1.12.2 ([#7147](https://github.com/parse-community/parse-server/issues/7147)) ([bcb2b52](https://github.com/parse-community/parse-server/commit/bcb2b52f7a1322a780b95b77081827d6c8c25840))
* upgrade jwks-rsa from 1.12.2 to 1.12.3 ([#7284](https://github.com/parse-community/parse-server/issues/7284)) ([a53d74c](https://github.com/parse-community/parse-server/commit/a53d74c13b86d43e1694132feddccce6ee2bede9))
* upgrade ldapjs from 2.2.2 to 2.2.3 ([#7095](https://github.com/parse-community/parse-server/issues/7095)) ([fb465e5](https://github.com/parse-community/parse-server/commit/fb465e599e8768b9e229ec8689e033d7063e50b3))
* upgrade ldapjs from 2.2.3 to 2.2.4 ([#7275](https://github.com/parse-community/parse-server/issues/7275)) ([35f0c55](https://github.com/parse-community/parse-server/commit/35f0c55e93dc0572049a85befbc80175620f7d29))
* upgrade ldapjs from 2.2.4 to 2.3.0 ([#7436](https://github.com/parse-community/parse-server/issues/7436)) ([7df6c02](https://github.com/parse-community/parse-server/commit/7df6c020b18b8ea9d04b718fa4e070be800b9268))
* upgrade ldapjs from 2.3.0 to 2.3.1 ([#7524](https://github.com/parse-community/parse-server/issues/7524)) ([dee5a13](https://github.com/parse-community/parse-server/commit/dee5a13a85336cdd9d3bcd938c4118fffe8b9670))
* upgrade mime from 2.4.6 to 2.4.7 ([#7110](https://github.com/parse-community/parse-server/issues/7110)) ([fefcabe](https://github.com/parse-community/parse-server/commit/fefcabe858f3817dca337390c2198abbf12f9bdf))
* upgrade mime from 2.4.7 to 2.5.0 ([#7166](https://github.com/parse-community/parse-server/issues/7166)) ([6097e82](https://github.com/parse-community/parse-server/commit/6097e82194772847954dc2c2b7559543cc7531cc))
* upgrade mime from 2.5.0 to 2.5.2 ([#7261](https://github.com/parse-community/parse-server/issues/7261)) ([687f4b7](https://github.com/parse-community/parse-server/commit/687f4b7cf245ce578674a4cc0e0d276b23d5780d))
* upgrade mongodb from 3.6.6 to 3.6.7 ([#7425](https://github.com/parse-community/parse-server/issues/7425)) ([61affe2](https://github.com/parse-community/parse-server/commit/61affe26293f7218e88878d027514d68975cfc8c))
* upgrade mongodb from 3.6.7 to 3.6.8 ([#7430](https://github.com/parse-community/parse-server/issues/7430)) ([c36588e](https://github.com/parse-community/parse-server/commit/c36588e3c2d16fab3f38aecc77f0e827bda38f95))
* upgrade mongodb from 3.6.8 to 3.6.9 ([#7445](https://github.com/parse-community/parse-server/issues/7445)) ([17cf1a4](https://github.com/parse-community/parse-server/commit/17cf1a46e557b502b132c415b922508e032209a9))
* upgrade mongodb from 3.6.9 to 3.6.10 ([#7474](https://github.com/parse-community/parse-server/issues/7474)) ([45d29cc](https://github.com/parse-community/parse-server/commit/45d29cc58c373c9e1d489dbd7a750f2a0f6bc89b))
* upgrade mustache from 4.1.0 to 4.2.0 ([#7358](https://github.com/parse-community/parse-server/issues/7358)) ([94b7b32](https://github.com/parse-community/parse-server/commit/94b7b320062579e788df6c9f72d7a786f98f7cc5))
* upgrade parse from 3.1.0 to 3.2.0 ([#7378](https://github.com/parse-community/parse-server/issues/7378)) ([e9f54e2](https://github.com/parse-community/parse-server/commit/e9f54e2bddd8430864b1628ab077a0a3aae73e47))
* upgrade pg-promise from 10.10.1 to 10.10.2 ([#7399](https://github.com/parse-community/parse-server/issues/7399)) ([d365f1f](https://github.com/parse-community/parse-server/commit/d365f1f7cb44cfdeac9931308ff25dcd9ba3d79b))
* upgrade pg-promise from 10.10.2 to 10.11.0 ([#7510](https://github.com/parse-community/parse-server/issues/7510)) ([a967e79](https://github.com/parse-community/parse-server/commit/a967e7921961ea7a33ae9ff02555839cecf2b15f))
* upgrade pg-promise from 10.8.1 to 10.8.6 ([#7118](https://github.com/parse-community/parse-server/issues/7118)) ([8851810](https://github.com/parse-community/parse-server/commit/8851810a85747456cd2f3e5d3876371306b8c23d))
* upgrade pg-promise from 10.8.6 to 10.8.7 ([#7148](https://github.com/parse-community/parse-server/issues/7148)) ([231c669](https://github.com/parse-community/parse-server/commit/231c669133eea494f2db7f23fdff2e9d004c9e18))
* upgrade pg-promise from 10.8.7 to 10.9.0 ([#7168](https://github.com/parse-community/parse-server/issues/7168)) ([fcacd4d](https://github.com/parse-community/parse-server/commit/fcacd4d24e34ff48367d2c68bb97743b8a20216c))
* upgrade pg-promise from 10.9.0 to 10.9.1 ([#7170](https://github.com/parse-community/parse-server/issues/7170)) ([cca493b](https://github.com/parse-community/parse-server/commit/cca493b9fb33a4c34eaaf624ec4aedd18b11dca7))
* upgrade pg-promise from 10.9.1 to 10.9.2 ([#7209](https://github.com/parse-community/parse-server/issues/7209)) ([c05102b](https://github.com/parse-community/parse-server/commit/c05102b90c925498459b45c755298cb482ac596c))
* upgrade redis from 3.1.1 to 3.1.2 ([#7387](https://github.com/parse-community/parse-server/issues/7387)) ([f65bd22](https://github.com/parse-community/parse-server/commit/f65bd228fb3491ba217558ec288dd2ee60d0d37d))
* upgrade semver from 7.3.2 to 7.3.4 ([#7092](https://github.com/parse-community/parse-server/issues/7092)) ([7e687b1](https://github.com/parse-community/parse-server/commit/7e687b1e943372d105ca359177824241af278534))
* upgrade subscriptions-transport-ws from 0.9.19 to 0.10.0 ([#7450](https://github.com/parse-community/parse-server/issues/7450)) ([d36a53b](https://github.com/parse-community/parse-server/commit/d36a53b2bfade99942e3c9b827c9abb38d2de26b))
* upgrade uuid from 8.3.1 to 8.3.2 ([#7101](https://github.com/parse-community/parse-server/issues/7101)) ([f17a063](https://github.com/parse-community/parse-server/commit/f17a063209b451da291918dac165e177f0bee6a0))
* upgrade winston-daily-rotate-file from 4.5.0 to 4.5.1 ([#7309](https://github.com/parse-community/parse-server/issues/7309)) ([8643ae4](https://github.com/parse-community/parse-server/commit/8643ae438f1ea48c93d2860889568f9f3a5a62b8))
* upgrade winston-daily-rotate-file from 4.5.1 to 4.5.2 ([#7376](https://github.com/parse-community/parse-server/issues/7376)) ([e143fb1](https://github.com/parse-community/parse-server/commit/e143fb1bf6a52bb21c483fbf72f74d2282cfbeee))
* upgrade winston-daily-rotate-file from 4.5.2 to 4.5.3 ([#7398](https://github.com/parse-community/parse-server/issues/7398)) ([e9d8ed4](https://github.com/parse-community/parse-server/commit/e9d8ed4acb03160c8f6d669859fe57d8281937b4))
* upgrade winston-daily-rotate-file from 4.5.3 to 4.5.4 ([#7402](https://github.com/parse-community/parse-server/issues/7402)) ([4f80a5f](https://github.com/parse-community/parse-server/commit/4f80a5f4afbc008d2f642ee0c581a25483240e9a))
* upgrade winston-daily-rotate-file from 4.5.4 to 4.5.5 ([#7407](https://github.com/parse-community/parse-server/issues/7407)) ([5abbeeb](https://github.com/parse-community/parse-server/commit/5abbeeb8d11be810993c528b8458be894039a5fc))
* upgrade ws from 7.4.0 to 7.4.1 ([#7098](https://github.com/parse-community/parse-server/issues/7098)) ([1068838](https://github.com/parse-community/parse-server/commit/106883809c96a758bb23ae6dd7fff7465fbd8f60))
* upgrade ws from 7.4.1 to 7.4.2 ([#7132](https://github.com/parse-community/parse-server/issues/7132)) ([857d4ec](https://github.com/parse-community/parse-server/commit/857d4ecfd5a383d6debd849a1af1d45820aee0c0))
* upgrade ws from 7.4.2 to 7.4.3 ([#7224](https://github.com/parse-community/parse-server/issues/7224)) ([ec8f784](https://github.com/parse-community/parse-server/commit/ec8f78424f0043fa74ef1f3a7baa96a3d1e95b59))
* upgrade ws from 7.4.3 to 7.4.4 ([#7298](https://github.com/parse-community/parse-server/issues/7298)) ([a080e4c](https://github.com/parse-community/parse-server/commit/a080e4c766c33cc5b5c304bbdba69e93743f9db1))
* upgrade ws from 7.4.4 to 7.4.5 ([#7381](https://github.com/parse-community/parse-server/issues/7381)) ([34f3dd9](https://github.com/parse-community/parse-server/commit/34f3dd9e7e1908b713355ddb235b1e5d02634663))
* upgrade ws from 7.5.3 to 8.2.1 ([#7580](https://github.com/parse-community/parse-server/issues/7580)) ([c3da290](https://github.com/parse-community/parse-server/commit/c3da2908fabfa4f7f49c0f6d5b3d32de692dd388))
* upgrade ws from 8.2.1 to 8.2.2 ([#7598](https://github.com/parse-community/parse-server/issues/7598)) ([20cb333](https://github.com/parse-community/parse-server/commit/20cb3333aba67fb89e4e2cda586c559bdb4a23ef))

### Features

* add support for Postgres 14 ([#7644](https://github.com/parse-community/parse-server/issues/7644)) ([090350a](https://github.com/parse-community/parse-server/commit/090350a7a0fac945394ca1cb24b290316ef06aa7))
* add user-defined schema and migrations ([#7418](https://github.com/parse-community/parse-server/issues/7418)) ([25d5c30](https://github.com/parse-community/parse-server/commit/25d5c30be2111be332eb779eb0697774a17da7af))
* alphabetical graphql api, fix internal reassign, enhanced Graphql schema cache system ([#7344](https://github.com/parse-community/parse-server/issues/7344)) ([85ef721](https://github.com/parse-community/parse-server/commit/85ef7217b04e36395e46316004293e9c8ca67df9))
* **LiveQuery:** Support $and, $nor, $containedBy, $geoWithin ([#7113](https://github.com/parse-community/parse-server/issues/7113)) ([93781b2](https://github.com/parse-community/parse-server/commit/93781b2195d8074032d2c4dfd77a56acf17dc9e1))
* **AggregateRouter:** support native mongodb syntax in aggregation pipelines ([#7339](https://github.com/parse-community/parse-server/issues/7339)) ([8fddac3](https://github.com/parse-community/parse-server/commit/8fddac39bf866886c3b432219acc4d5e8169ddc0))

### BREAKING CHANGES

* To delete a field via the GraphQL API, the field value has to be set to `null`. Previously, setting a field value to `null` would save a null value in the database, which was not according to the [GraphQL specs](https://spec.graphql.org/June2018/#sec-Null-Value). To delete a file field use `file: null`, the previous way of using `file: { file: null }` has become obsolete. ([626fad2](626fad2))
---
 changelogs/CHANGELOG_beta.md | 107 +++++++++++++++++++++++++++++++++++
 package-lock.json            |   2 +-
 package.json                 |   2 +-
 3 files changed, 109 insertions(+), 2 deletions(-)
 create mode 100644 changelogs/CHANGELOG_beta.md

diff --git a/changelogs/CHANGELOG_beta.md b/changelogs/CHANGELOG_beta.md
new file mode 100644
index 00000000..72be8698
--- /dev/null
+++ b/changelogs/CHANGELOG_beta.md
@@ -0,0 +1,107 @@
+# [5.0.0-beta.1](https://github.com/parse-community/parse-server/compare/4.5.0...5.0.0-beta.1) (2021-11-01)
+
+
+### Bug Fixes
+
+* add deprecation warning for `Parse.Cloud.httpRequest` ([#7595](https://github.com/parse-community/parse-server/issues/7595)) ([ab1dddd](https://github.com/parse-community/parse-server/commit/ab1dddd406589800e1a8ebe8381b9da702e9c641))
+* add support for descending sorting of full text search ([#7496](https://github.com/parse-community/parse-server/issues/7496)) ([8ed9442](https://github.com/parse-community/parse-server/commit/8ed94421e69b1d4fde4ec3625a1f4cfbd6d39c2b))
+* allow LiveQuery on Parse.Session ([#7554](https://github.com/parse-community/parse-server/issues/7554)) ([caee281](https://github.com/parse-community/parse-server/commit/caee281bc58901fea7cead21d6a9a0bb2022d91b))
+* combined `and` query with relational query condition returns incorrect results ([#7593](https://github.com/parse-community/parse-server/issues/7593)) ([174886e](https://github.com/parse-community/parse-server/commit/174886e385e091c6bbd4a84891ef95f80b50d05c))
+* empty file tags cause upload error for some providers ([#7300](https://github.com/parse-community/parse-server/issues/7300)) ([4d16702](https://github.com/parse-community/parse-server/commit/4d167026aebed38bf3a3b74599ab3771d1da3245))
+* **Logger:** Handle interpolating stdout ([#7114](https://github.com/parse-community/parse-server/issues/7114)) ([1ede078](https://github.com/parse-community/parse-server/commit/1ede078154213d3426cc492612ce41bdb1eda43b))
+* improve security by deprecating creating users with public access by default ([#7319](https://github.com/parse-community/parse-server/issues/7319)) ([484c2e8](https://github.com/parse-community/parse-server/commit/484c2e81cace608eb28508a0926b17b3ba9e6233))
+* package.json & package-lock.json to reduce vulnerabilities ([#7112](https://github.com/parse-community/parse-server/issues/7112)) ([7b8d8dd](https://github.com/parse-community/parse-server/commit/7b8d8ddbb0de583621a4d2ede95793c6516bc4c0))
+* package.json & package-lock.json to reduce vulnerabilities ([#7218](https://github.com/parse-community/parse-server/issues/7218)) ([0476832](https://github.com/parse-community/parse-server/commit/047683219daf7940590db1237f6826a038bdc41d))
+* package.json & package-lock.json to reduce vulnerabilities ([#7373](https://github.com/parse-community/parse-server/issues/7373)) ([b6843de](https://github.com/parse-community/parse-server/commit/b6843de904bf273bf664d94536defa39f91751b3))
+* package.json & package-lock.json to reduce vulnerabilities ([#7405](https://github.com/parse-community/parse-server/issues/7405)) ([d915bac](https://github.com/parse-community/parse-server/commit/d915bacee7c6ded60b303582d2a6b85d42dc3cf4))
+* package.json & package-lock.json to reduce vulnerabilities ([#7423](https://github.com/parse-community/parse-server/issues/7423)) ([bea4707](https://github.com/parse-community/parse-server/commit/bea4707783febc0fc6ea055835ffbc517cd2b067))
+* package.json & package-lock.json to reduce vulnerabilities ([#7509](https://github.com/parse-community/parse-server/issues/7509)) ([65c967a](https://github.com/parse-community/parse-server/commit/65c967a4c446aebb535cbbbcb0ceb38d45da7859))
+* Pass customObjectId in beforeSave ([#7167](https://github.com/parse-community/parse-server/issues/7167)) ([7224cde](https://github.com/parse-community/parse-server/commit/7224cde0232d79fea0f4b2d0bc2cb7641ec467d8)), closes [#6733](https://github.com/parse-community/parse-server/issues/6733)
+* **utils:** permutation helper ([#7355](https://github.com/parse-community/parse-server/issues/7355)) ([91be6bb](https://github.com/parse-community/parse-server/commit/91be6bb59a61c126b7a25431655064342464905c))
+* set objects in afterFind triggers ([#7311](https://github.com/parse-community/parse-server/issues/7311)) ([68a3a87](https://github.com/parse-community/parse-server/commit/68a3a875017d545253f0438c5d4c1c2b6c6c3b22))
+* setting a field to null does not delete it via GraphQL API ([#7649](https://github.com/parse-community/parse-server/issues/7649)) ([626fad2](https://github.com/parse-community/parse-server/commit/626fad2e71017dcc62196c487de5f908fa43000b))
+* upgrade @apollographql/graphql-playground-html from 1.6.26 to 1.6.27 ([#7274](https://github.com/parse-community/parse-server/issues/7274)) ([a05e9b1](https://github.com/parse-community/parse-server/commit/a05e9b1c0fee8ad917812637256faa1e0a1b40f6))
+* upgrade @apollographql/graphql-playground-html from 1.6.27 to 1.6.28 ([#7411](https://github.com/parse-community/parse-server/issues/7411)) ([c58bf57](https://github.com/parse-community/parse-server/commit/c58bf57f51ebc9df3a624fb3ecdacdf4647f1dea))
+* upgrade @apollographql/graphql-playground-html from 1.6.28 to 1.6.29 ([#7473](https://github.com/parse-community/parse-server/issues/7473)) ([39f7c83](https://github.com/parse-community/parse-server/commit/39f7c831e6493cff9cd64195b64e886fda4624f8))
+* upgrade @parse/simple-mailgun-adapter from 1.1.0 to 1.2.0 ([#7109](https://github.com/parse-community/parse-server/issues/7109)) ([8ff0d08](https://github.com/parse-community/parse-server/commit/8ff0d08dcf5a9ada931359df3e78543445312f15))
+* upgrade apollo-server-express from 2.19.0 to 2.19.1 ([#7122](https://github.com/parse-community/parse-server/issues/7122)) ([33bdd87](https://github.com/parse-community/parse-server/commit/33bdd8709266f17489c319e43b3f2a7d8ea27fd5))
+* upgrade apollo-server-express from 2.19.1 to 2.19.2 ([#7165](https://github.com/parse-community/parse-server/issues/7165)) ([4b6e9ff](https://github.com/parse-community/parse-server/commit/4b6e9ffc3d2c1969c285c94f7cf2cfc7af03227e))
+* upgrade apollo-server-express from 2.19.2 to 2.20.0 ([#7239](https://github.com/parse-community/parse-server/issues/7239)) ([d10e990](https://github.com/parse-community/parse-server/commit/d10e99007b70816707944060905cff7da5018eb0))
+* upgrade apollo-server-express from 2.21.0 to 2.21.1 ([#7308](https://github.com/parse-community/parse-server/issues/7308)) ([3dc4597](https://github.com/parse-community/parse-server/commit/3dc459746dbd4a2d245f2bde688cd087a5b74703))
+* upgrade apollo-server-express from 2.21.1 to 2.22.1 ([#7357](https://github.com/parse-community/parse-server/issues/7357)) ([25690ad](https://github.com/parse-community/parse-server/commit/25690ad515551bda33dd581789ffeb9a218c8033))
+* upgrade apollo-server-express from 2.22.1 to 2.22.2 ([#7362](https://github.com/parse-community/parse-server/issues/7362)) ([181fbf9](https://github.com/parse-community/parse-server/commit/181fbf9d46bee61b5c67a411b4a41c38d201cc73))
+* upgrade apollo-server-express from 2.22.2 to 2.23.0 ([#7380](https://github.com/parse-community/parse-server/issues/7380)) ([87476da](https://github.com/parse-community/parse-server/commit/87476da31e28e064fa7192998c67de9c31ac18a6))
+* upgrade apollo-server-express from 2.23.0 to 2.24.0 ([#7395](https://github.com/parse-community/parse-server/issues/7395)) ([ff5755b](https://github.com/parse-community/parse-server/commit/ff5755b05ac554a107a443a8870f4c2442b0a5f3))
+* upgrade apollo-server-express from 2.24.0 to 2.24.1 ([#7424](https://github.com/parse-community/parse-server/issues/7424)) ([bfdb6a9](https://github.com/parse-community/parse-server/commit/bfdb6a93e8c0d78524820b32abaff174776520f3))
+* upgrade apollo-server-express from 2.24.1 to 2.25.0 ([#7435](https://github.com/parse-community/parse-server/issues/7435)) ([4e5eba6](https://github.com/parse-community/parse-server/commit/4e5eba6c6c7bc6e643ac6477df15beea1ba60364))
+* upgrade apollo-server-express from 2.25.0 to 2.25.1 ([#7449](https://github.com/parse-community/parse-server/issues/7449)) ([682f1bf](https://github.com/parse-community/parse-server/commit/682f1bf14388e134fbd993e274f5738ec2e57e02))
+* upgrade apollo-server-express from 2.25.1 to 2.25.2 ([#7465](https://github.com/parse-community/parse-server/issues/7465)) ([1fe4708](https://github.com/parse-community/parse-server/commit/1fe47087a92c80e7ee8cc6e3e26b3a67f8df68ee))
+* upgrade follow-redirects from 1.13.0 to 1.13.1 ([#7106](https://github.com/parse-community/parse-server/issues/7106)) ([16b4aad](https://github.com/parse-community/parse-server/commit/16b4aadfe2b5b5b24e6e3bbe22c93a92f02c9eb3))
+* upgrade follow-redirects from 1.13.1 to 1.13.2 ([#7194](https://github.com/parse-community/parse-server/issues/7194)) ([738ba9f](https://github.com/parse-community/parse-server/commit/738ba9fc704a770bd1e2af23bca31ed7202f99cd))
+* upgrade follow-redirects from 1.13.2 to 1.13.3 ([#7285](https://github.com/parse-community/parse-server/issues/7285)) ([d144819](https://github.com/parse-community/parse-server/commit/d144819d21b59b11dc957346748ce3200349a6b7))
+* upgrade follow-redirects from 1.13.3 to 1.14.0 ([#7389](https://github.com/parse-community/parse-server/issues/7389)) ([38c01c6](https://github.com/parse-community/parse-server/commit/38c01c6bc32fe769c3a636e45b389e2a995c2ee6))
+* upgrade follow-redirects from 1.14.0 to 1.14.1 ([#7408](https://github.com/parse-community/parse-server/issues/7408)) ([8976ecc](https://github.com/parse-community/parse-server/commit/8976ecc4a9c91eeb1d0f3448eff7720b43c7747a))
+* upgrade graphql from 15.4.0 to 15.5.0 ([#7201](https://github.com/parse-community/parse-server/issues/7201)) ([5a09687](https://github.com/parse-community/parse-server/commit/5a0968721d6d04cdde86d3df569a77910bcae803))
+* upgrade graphql from 15.5.0 to 15.5.1 ([#7462](https://github.com/parse-community/parse-server/issues/7462)) ([bbd7ee7](https://github.com/parse-community/parse-server/commit/bbd7ee7313e19c43b15e16027439739590393dd1))
+* upgrade graphql from 15.5.1 to 15.5.2 ([#7587](https://github.com/parse-community/parse-server/issues/7587)) ([dee4d96](https://github.com/parse-community/parse-server/commit/dee4d9662749eb699891c8a3797fa0b0467c6355))
+* upgrade graphql from 15.5.2 to 15.5.3 ([#7596](https://github.com/parse-community/parse-server/issues/7596)) ([bcbc035](https://github.com/parse-community/parse-server/commit/bcbc035627c552a7940bec4ae210ca1522215246))
+* upgrade graphql from 15.5.3 to 15.6.0 ([#7612](https://github.com/parse-community/parse-server/issues/7612)) ([407ed6e](https://github.com/parse-community/parse-server/commit/407ed6ee36ea42d7eb525f42b1f3da6f41230504))
+* upgrade graphql-relay from 0.6.0 to 0.7.0 ([#7443](https://github.com/parse-community/parse-server/issues/7443)) ([770e36f](https://github.com/parse-community/parse-server/commit/770e36ff43c42e4ed3db73a30436079a0460a1f0))
+* upgrade graphql-relay from 0.7.0 to 0.8.0 ([#7467](https://github.com/parse-community/parse-server/issues/7467)) ([9923cd3](https://github.com/parse-community/parse-server/commit/9923cd3869ab80e70c5ca9765628ba0a28a6facc))
+* upgrade graphql-tag from 2.10.1 to 2.12.0 ([#7234](https://github.com/parse-community/parse-server/issues/7234)) ([add67fd](https://github.com/parse-community/parse-server/commit/add67fdd2284a58386f6afd35edeaa8534579e33))
+* upgrade graphql-tag from 2.12.0 to 2.12.1 ([#7282](https://github.com/parse-community/parse-server/issues/7282)) ([36de1db](https://github.com/parse-community/parse-server/commit/36de1db65dc3c2bbf8f8051ee1862a06ef41e7f9))
+* upgrade graphql-tag from 2.12.1 to 2.12.2 ([#7325](https://github.com/parse-community/parse-server/issues/7325)) ([50e5557](https://github.com/parse-community/parse-server/commit/50e55571fdaa1ac3ca43d215c4bc62136d684873))
+* upgrade graphql-tag from 2.12.2 to 2.12.4 ([#7396](https://github.com/parse-community/parse-server/issues/7396)) ([8099cb0](https://github.com/parse-community/parse-server/commit/8099cb05a48956b073f3e7d96c30b69292c06adc))
+* upgrade graphql-tag from 2.12.4 to 2.12.5 ([#7466](https://github.com/parse-community/parse-server/issues/7466)) ([2b3355c](https://github.com/parse-community/parse-server/commit/2b3355cb022724838499a5d83c0d532040953566))
+* upgrade jwks-rsa from 1.11.0 to 1.12.0 ([#7102](https://github.com/parse-community/parse-server/issues/7102)) ([029edbf](https://github.com/parse-community/parse-server/commit/029edbf706c4b1754afbb5ce69600a373b91cb9b))
+* upgrade jwks-rsa from 1.12.1 to 1.12.2 ([#7147](https://github.com/parse-community/parse-server/issues/7147)) ([bcb2b52](https://github.com/parse-community/parse-server/commit/bcb2b52f7a1322a780b95b77081827d6c8c25840))
+* upgrade jwks-rsa from 1.12.2 to 1.12.3 ([#7284](https://github.com/parse-community/parse-server/issues/7284)) ([a53d74c](https://github.com/parse-community/parse-server/commit/a53d74c13b86d43e1694132feddccce6ee2bede9))
+* upgrade ldapjs from 2.2.2 to 2.2.3 ([#7095](https://github.com/parse-community/parse-server/issues/7095)) ([fb465e5](https://github.com/parse-community/parse-server/commit/fb465e599e8768b9e229ec8689e033d7063e50b3))
+* upgrade ldapjs from 2.2.3 to 2.2.4 ([#7275](https://github.com/parse-community/parse-server/issues/7275)) ([35f0c55](https://github.com/parse-community/parse-server/commit/35f0c55e93dc0572049a85befbc80175620f7d29))
+* upgrade ldapjs from 2.2.4 to 2.3.0 ([#7436](https://github.com/parse-community/parse-server/issues/7436)) ([7df6c02](https://github.com/parse-community/parse-server/commit/7df6c020b18b8ea9d04b718fa4e070be800b9268))
+* upgrade ldapjs from 2.3.0 to 2.3.1 ([#7524](https://github.com/parse-community/parse-server/issues/7524)) ([dee5a13](https://github.com/parse-community/parse-server/commit/dee5a13a85336cdd9d3bcd938c4118fffe8b9670))
+* upgrade mime from 2.4.6 to 2.4.7 ([#7110](https://github.com/parse-community/parse-server/issues/7110)) ([fefcabe](https://github.com/parse-community/parse-server/commit/fefcabe858f3817dca337390c2198abbf12f9bdf))
+* upgrade mime from 2.4.7 to 2.5.0 ([#7166](https://github.com/parse-community/parse-server/issues/7166)) ([6097e82](https://github.com/parse-community/parse-server/commit/6097e82194772847954dc2c2b7559543cc7531cc))
+* upgrade mime from 2.5.0 to 2.5.2 ([#7261](https://github.com/parse-community/parse-server/issues/7261)) ([687f4b7](https://github.com/parse-community/parse-server/commit/687f4b7cf245ce578674a4cc0e0d276b23d5780d))
+* upgrade mongodb from 3.6.6 to 3.6.7 ([#7425](https://github.com/parse-community/parse-server/issues/7425)) ([61affe2](https://github.com/parse-community/parse-server/commit/61affe26293f7218e88878d027514d68975cfc8c))
+* upgrade mongodb from 3.6.7 to 3.6.8 ([#7430](https://github.com/parse-community/parse-server/issues/7430)) ([c36588e](https://github.com/parse-community/parse-server/commit/c36588e3c2d16fab3f38aecc77f0e827bda38f95))
+* upgrade mongodb from 3.6.8 to 3.6.9 ([#7445](https://github.com/parse-community/parse-server/issues/7445)) ([17cf1a4](https://github.com/parse-community/parse-server/commit/17cf1a46e557b502b132c415b922508e032209a9))
+* upgrade mongodb from 3.6.9 to 3.6.10 ([#7474](https://github.com/parse-community/parse-server/issues/7474)) ([45d29cc](https://github.com/parse-community/parse-server/commit/45d29cc58c373c9e1d489dbd7a750f2a0f6bc89b))
+* upgrade mustache from 4.1.0 to 4.2.0 ([#7358](https://github.com/parse-community/parse-server/issues/7358)) ([94b7b32](https://github.com/parse-community/parse-server/commit/94b7b320062579e788df6c9f72d7a786f98f7cc5))
+* upgrade parse from 3.1.0 to 3.2.0 ([#7378](https://github.com/parse-community/parse-server/issues/7378)) ([e9f54e2](https://github.com/parse-community/parse-server/commit/e9f54e2bddd8430864b1628ab077a0a3aae73e47))
+* upgrade pg-promise from 10.10.1 to 10.10.2 ([#7399](https://github.com/parse-community/parse-server/issues/7399)) ([d365f1f](https://github.com/parse-community/parse-server/commit/d365f1f7cb44cfdeac9931308ff25dcd9ba3d79b))
+* upgrade pg-promise from 10.10.2 to 10.11.0 ([#7510](https://github.com/parse-community/parse-server/issues/7510)) ([a967e79](https://github.com/parse-community/parse-server/commit/a967e7921961ea7a33ae9ff02555839cecf2b15f))
+* upgrade pg-promise from 10.8.1 to 10.8.6 ([#7118](https://github.com/parse-community/parse-server/issues/7118)) ([8851810](https://github.com/parse-community/parse-server/commit/8851810a85747456cd2f3e5d3876371306b8c23d))
+* upgrade pg-promise from 10.8.6 to 10.8.7 ([#7148](https://github.com/parse-community/parse-server/issues/7148)) ([231c669](https://github.com/parse-community/parse-server/commit/231c669133eea494f2db7f23fdff2e9d004c9e18))
+* upgrade pg-promise from 10.8.7 to 10.9.0 ([#7168](https://github.com/parse-community/parse-server/issues/7168)) ([fcacd4d](https://github.com/parse-community/parse-server/commit/fcacd4d24e34ff48367d2c68bb97743b8a20216c))
+* upgrade pg-promise from 10.9.0 to 10.9.1 ([#7170](https://github.com/parse-community/parse-server/issues/7170)) ([cca493b](https://github.com/parse-community/parse-server/commit/cca493b9fb33a4c34eaaf624ec4aedd18b11dca7))
+* upgrade pg-promise from 10.9.1 to 10.9.2 ([#7209](https://github.com/parse-community/parse-server/issues/7209)) ([c05102b](https://github.com/parse-community/parse-server/commit/c05102b90c925498459b45c755298cb482ac596c))
+* upgrade redis from 3.1.1 to 3.1.2 ([#7387](https://github.com/parse-community/parse-server/issues/7387)) ([f65bd22](https://github.com/parse-community/parse-server/commit/f65bd228fb3491ba217558ec288dd2ee60d0d37d))
+* upgrade semver from 7.3.2 to 7.3.4 ([#7092](https://github.com/parse-community/parse-server/issues/7092)) ([7e687b1](https://github.com/parse-community/parse-server/commit/7e687b1e943372d105ca359177824241af278534))
+* upgrade subscriptions-transport-ws from 0.9.19 to 0.10.0 ([#7450](https://github.com/parse-community/parse-server/issues/7450)) ([d36a53b](https://github.com/parse-community/parse-server/commit/d36a53b2bfade99942e3c9b827c9abb38d2de26b))
+* upgrade uuid from 8.3.1 to 8.3.2 ([#7101](https://github.com/parse-community/parse-server/issues/7101)) ([f17a063](https://github.com/parse-community/parse-server/commit/f17a063209b451da291918dac165e177f0bee6a0))
+* upgrade winston-daily-rotate-file from 4.5.0 to 4.5.1 ([#7309](https://github.com/parse-community/parse-server/issues/7309)) ([8643ae4](https://github.com/parse-community/parse-server/commit/8643ae438f1ea48c93d2860889568f9f3a5a62b8))
+* upgrade winston-daily-rotate-file from 4.5.1 to 4.5.2 ([#7376](https://github.com/parse-community/parse-server/issues/7376)) ([e143fb1](https://github.com/parse-community/parse-server/commit/e143fb1bf6a52bb21c483fbf72f74d2282cfbeee))
+* upgrade winston-daily-rotate-file from 4.5.2 to 4.5.3 ([#7398](https://github.com/parse-community/parse-server/issues/7398)) ([e9d8ed4](https://github.com/parse-community/parse-server/commit/e9d8ed4acb03160c8f6d669859fe57d8281937b4))
+* upgrade winston-daily-rotate-file from 4.5.3 to 4.5.4 ([#7402](https://github.com/parse-community/parse-server/issues/7402)) ([4f80a5f](https://github.com/parse-community/parse-server/commit/4f80a5f4afbc008d2f642ee0c581a25483240e9a))
+* upgrade winston-daily-rotate-file from 4.5.4 to 4.5.5 ([#7407](https://github.com/parse-community/parse-server/issues/7407)) ([5abbeeb](https://github.com/parse-community/parse-server/commit/5abbeeb8d11be810993c528b8458be894039a5fc))
+* upgrade ws from 7.4.0 to 7.4.1 ([#7098](https://github.com/parse-community/parse-server/issues/7098)) ([1068838](https://github.com/parse-community/parse-server/commit/106883809c96a758bb23ae6dd7fff7465fbd8f60))
+* upgrade ws from 7.4.1 to 7.4.2 ([#7132](https://github.com/parse-community/parse-server/issues/7132)) ([857d4ec](https://github.com/parse-community/parse-server/commit/857d4ecfd5a383d6debd849a1af1d45820aee0c0))
+* upgrade ws from 7.4.2 to 7.4.3 ([#7224](https://github.com/parse-community/parse-server/issues/7224)) ([ec8f784](https://github.com/parse-community/parse-server/commit/ec8f78424f0043fa74ef1f3a7baa96a3d1e95b59))
+* upgrade ws from 7.4.3 to 7.4.4 ([#7298](https://github.com/parse-community/parse-server/issues/7298)) ([a080e4c](https://github.com/parse-community/parse-server/commit/a080e4c766c33cc5b5c304bbdba69e93743f9db1))
+* upgrade ws from 7.4.4 to 7.4.5 ([#7381](https://github.com/parse-community/parse-server/issues/7381)) ([34f3dd9](https://github.com/parse-community/parse-server/commit/34f3dd9e7e1908b713355ddb235b1e5d02634663))
+* upgrade ws from 7.5.3 to 8.2.1 ([#7580](https://github.com/parse-community/parse-server/issues/7580)) ([c3da290](https://github.com/parse-community/parse-server/commit/c3da2908fabfa4f7f49c0f6d5b3d32de692dd388))
+* upgrade ws from 8.2.1 to 8.2.2 ([#7598](https://github.com/parse-community/parse-server/issues/7598)) ([20cb333](https://github.com/parse-community/parse-server/commit/20cb3333aba67fb89e4e2cda586c559bdb4a23ef))
+
+### Features
+
+* add support for Postgres 14 ([#7644](https://github.com/parse-community/parse-server/issues/7644)) ([090350a](https://github.com/parse-community/parse-server/commit/090350a7a0fac945394ca1cb24b290316ef06aa7))
+* add user-defined schema and migrations ([#7418](https://github.com/parse-community/parse-server/issues/7418)) ([25d5c30](https://github.com/parse-community/parse-server/commit/25d5c30be2111be332eb779eb0697774a17da7af))
+* alphabetical graphql api, fix internal reassign, enhanced Graphql schema cache system ([#7344](https://github.com/parse-community/parse-server/issues/7344)) ([85ef721](https://github.com/parse-community/parse-server/commit/85ef7217b04e36395e46316004293e9c8ca67df9))
+* **LiveQuery:** Support $and, $nor, $containedBy, $geoWithin ([#7113](https://github.com/parse-community/parse-server/issues/7113)) ([93781b2](https://github.com/parse-community/parse-server/commit/93781b2195d8074032d2c4dfd77a56acf17dc9e1))
+* **AggregateRouter:** support native mongodb syntax in aggregation pipelines ([#7339](https://github.com/parse-community/parse-server/issues/7339)) ([8fddac3](https://github.com/parse-community/parse-server/commit/8fddac39bf866886c3b432219acc4d5e8169ddc0))
+
+
+### BREAKING CHANGES
+
+* To delete a field via the GraphQL API, the field value has to be set to `null`. Previously, setting a field value to `null` would save a null value in the database, which was not according to the [GraphQL specs](https://spec.graphql.org/June2018/#sec-Null-Value). To delete a file field use `file: null`, the previous way of using `file: { file: null }` has become obsolete. ([626fad2](626fad2))
diff --git a/package-lock.json b/package-lock.json
index 6b37705a..e65f70c3 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "5.0.0-alpha.5",
+  "version": "5.0.0-beta.1",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index 23c1981c..beff1a38 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "5.0.0-alpha.5",
+  "version": "5.0.0-beta.1",
   "description": "An express module providing a Parse-compatible API server",
   "main": "lib/index.js",
   "repository": {

From e91e38836653d4910fb470e64061919d5c5a6a05 Mon Sep 17 00:00:00 2001
From: Manuel Trezza <5673677+mtrezza@users.noreply.github.com>
Date: Mon, 1 Nov 2021 17:23:07 +0100
Subject: [PATCH 02/19] docs: fix changelog which was expectedly incorrect on
 first beta release

---
 CHANGELOG.md                 |   4 +-
 changelogs/CHANGELOG_beta.md | 167 ++++++++++++++---------------------
 2 files changed, 68 insertions(+), 103 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a9777056..7c12e7cf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,7 +15,7 @@ Details:
 - Purpose: official release
 - Suitable environment: production
 
-<!--## ⚠️ [Beta Releases][log_beta]
+## ⚠️ [Beta Releases][log_beta]
 
 > ### “Please try out, we’d love your feedback!”
 
@@ -26,7 +26,7 @@ Details:
 - NPM channel: `@beta`
 - Branch: [beta][branch_beta]
 - Purpose: feature maturation
-- Suitable environment: development -->
+- Suitable environment: development
 
 ## 🔥 [Alpha Releases][log_alpha]
 
diff --git a/changelogs/CHANGELOG_beta.md b/changelogs/CHANGELOG_beta.md
index 72be8698..e0a8bf2e 100644
--- a/changelogs/CHANGELOG_beta.md
+++ b/changelogs/CHANGELOG_beta.md
@@ -1,107 +1,72 @@
 # [5.0.0-beta.1](https://github.com/parse-community/parse-server/compare/4.5.0...5.0.0-beta.1) (2021-11-01)
 
+### BREAKING CHANGES
+- Improved schema caching through database real-time hooks. Reduces DB queries, decreases Parse Query execution time and fixes a potential schema memory leak. If multiple Parse Server instances connect to the same DB (for example behind a load balancer), set the [Parse Server Option](https://parseplatform.org/parse-server/api/master/ParseServerOptions.html) `databaseOptions.enableSchemaHooks: true` to enable this feature and keep the schema in sync across all instances. Failing to do so will cause a schema change to not propagate to other instances and re-syncing will only happen when these instances restart. The options `enableSingleSchemaCache` and `schemaCacheTTL` have been removed. To use this feature with MongoDB, a replica set cluster with [change stream](https://docs.mongodb.com/manual/changeStreams/#availability) support is required. (Diamond Lewis, SebC) [#7214](https://github.com/parse-community/parse-server/issues/7214)
+- Added file upload restriction. File upload is now only allowed for authenticated users by default for improved security. To allow file upload also for Anonymous Users or Public, set the `fileUpload` parameter in the [Parse Server Options](https://parseplatform.org/parse-server/api/master/ParseServerOptions.html) (dblythy, Manuel Trezza) [#7071](https://github.com/parse-community/parse-server/pull/7071)
+- Removed [parse-server-simple-mailgun-adapter](https://github.com/parse-community/parse-server-simple-mailgun-adapter) dependency; to continue using the adapter it has to be explicitly installed (Manuel Trezza) [#7321](https://github.com/parse-community/parse-server/pull/7321)
+- Remove support for MongoDB 3.6 which has reached its End-of-Life date and PostgreSQL 10 (Manuel Trezza) [#7315](https://github.com/parse-community/parse-server/pull/7315)
+- Remove support for Node 10 which has reached its End-of-Life date (Manuel Trezza) [#7314](https://github.com/parse-community/parse-server/pull/7314)
+- Remove S3 Files Adapter from Parse Server, instead install separately as `@parse/s3-files-adapter` (Manuel Trezza) [#7324](https://github.com/parse-community/parse-server/pull/7324)
+- Remove Session field `restricted`; the field was a code artifact from a feature that never existed in Open Source Parse Server; if you have been using this field for custom purposes, consider that for new Parse Server installations the field does not exist anymore in the schema, and for existing installations the field default value `false` will not be set anymore when creating a new session (Manuel Trezza) [#7543](https://github.com/parse-community/parse-server/pull/7543)
+- ci: add node engine version check (Manuel Trezza) [#7574](https://github.com/parse-community/parse-server/pull/7574)
+- To delete a field via the GraphQL API, the field value has to be set to `null`. Previously, setting a field value to `null` would save a null value in the database, which was not according to the [GraphQL specs](https://spec.graphql.org/June2018/#sec-Null-Value). To delete a file field use `file: null`, the previous way of using `file: { file: null }` has become obsolete. ([626fad2](626fad2))
 
-### Bug Fixes
-
-* add deprecation warning for `Parse.Cloud.httpRequest` ([#7595](https://github.com/parse-community/parse-server/issues/7595)) ([ab1dddd](https://github.com/parse-community/parse-server/commit/ab1dddd406589800e1a8ebe8381b9da702e9c641))
-* add support for descending sorting of full text search ([#7496](https://github.com/parse-community/parse-server/issues/7496)) ([8ed9442](https://github.com/parse-community/parse-server/commit/8ed94421e69b1d4fde4ec3625a1f4cfbd6d39c2b))
-* allow LiveQuery on Parse.Session ([#7554](https://github.com/parse-community/parse-server/issues/7554)) ([caee281](https://github.com/parse-community/parse-server/commit/caee281bc58901fea7cead21d6a9a0bb2022d91b))
-* combined `and` query with relational query condition returns incorrect results ([#7593](https://github.com/parse-community/parse-server/issues/7593)) ([174886e](https://github.com/parse-community/parse-server/commit/174886e385e091c6bbd4a84891ef95f80b50d05c))
-* empty file tags cause upload error for some providers ([#7300](https://github.com/parse-community/parse-server/issues/7300)) ([4d16702](https://github.com/parse-community/parse-server/commit/4d167026aebed38bf3a3b74599ab3771d1da3245))
-* **Logger:** Handle interpolating stdout ([#7114](https://github.com/parse-community/parse-server/issues/7114)) ([1ede078](https://github.com/parse-community/parse-server/commit/1ede078154213d3426cc492612ce41bdb1eda43b))
-* improve security by deprecating creating users with public access by default ([#7319](https://github.com/parse-community/parse-server/issues/7319)) ([484c2e8](https://github.com/parse-community/parse-server/commit/484c2e81cace608eb28508a0926b17b3ba9e6233))
-* package.json & package-lock.json to reduce vulnerabilities ([#7112](https://github.com/parse-community/parse-server/issues/7112)) ([7b8d8dd](https://github.com/parse-community/parse-server/commit/7b8d8ddbb0de583621a4d2ede95793c6516bc4c0))
-* package.json & package-lock.json to reduce vulnerabilities ([#7218](https://github.com/parse-community/parse-server/issues/7218)) ([0476832](https://github.com/parse-community/parse-server/commit/047683219daf7940590db1237f6826a038bdc41d))
-* package.json & package-lock.json to reduce vulnerabilities ([#7373](https://github.com/parse-community/parse-server/issues/7373)) ([b6843de](https://github.com/parse-community/parse-server/commit/b6843de904bf273bf664d94536defa39f91751b3))
-* package.json & package-lock.json to reduce vulnerabilities ([#7405](https://github.com/parse-community/parse-server/issues/7405)) ([d915bac](https://github.com/parse-community/parse-server/commit/d915bacee7c6ded60b303582d2a6b85d42dc3cf4))
-* package.json & package-lock.json to reduce vulnerabilities ([#7423](https://github.com/parse-community/parse-server/issues/7423)) ([bea4707](https://github.com/parse-community/parse-server/commit/bea4707783febc0fc6ea055835ffbc517cd2b067))
-* package.json & package-lock.json to reduce vulnerabilities ([#7509](https://github.com/parse-community/parse-server/issues/7509)) ([65c967a](https://github.com/parse-community/parse-server/commit/65c967a4c446aebb535cbbbcb0ceb38d45da7859))
-* Pass customObjectId in beforeSave ([#7167](https://github.com/parse-community/parse-server/issues/7167)) ([7224cde](https://github.com/parse-community/parse-server/commit/7224cde0232d79fea0f4b2d0bc2cb7641ec467d8)), closes [#6733](https://github.com/parse-community/parse-server/issues/6733)
-* **utils:** permutation helper ([#7355](https://github.com/parse-community/parse-server/issues/7355)) ([91be6bb](https://github.com/parse-community/parse-server/commit/91be6bb59a61c126b7a25431655064342464905c))
-* set objects in afterFind triggers ([#7311](https://github.com/parse-community/parse-server/issues/7311)) ([68a3a87](https://github.com/parse-community/parse-server/commit/68a3a875017d545253f0438c5d4c1c2b6c6c3b22))
-* setting a field to null does not delete it via GraphQL API ([#7649](https://github.com/parse-community/parse-server/issues/7649)) ([626fad2](https://github.com/parse-community/parse-server/commit/626fad2e71017dcc62196c487de5f908fa43000b))
-* upgrade @apollographql/graphql-playground-html from 1.6.26 to 1.6.27 ([#7274](https://github.com/parse-community/parse-server/issues/7274)) ([a05e9b1](https://github.com/parse-community/parse-server/commit/a05e9b1c0fee8ad917812637256faa1e0a1b40f6))
-* upgrade @apollographql/graphql-playground-html from 1.6.27 to 1.6.28 ([#7411](https://github.com/parse-community/parse-server/issues/7411)) ([c58bf57](https://github.com/parse-community/parse-server/commit/c58bf57f51ebc9df3a624fb3ecdacdf4647f1dea))
-* upgrade @apollographql/graphql-playground-html from 1.6.28 to 1.6.29 ([#7473](https://github.com/parse-community/parse-server/issues/7473)) ([39f7c83](https://github.com/parse-community/parse-server/commit/39f7c831e6493cff9cd64195b64e886fda4624f8))
-* upgrade @parse/simple-mailgun-adapter from 1.1.0 to 1.2.0 ([#7109](https://github.com/parse-community/parse-server/issues/7109)) ([8ff0d08](https://github.com/parse-community/parse-server/commit/8ff0d08dcf5a9ada931359df3e78543445312f15))
-* upgrade apollo-server-express from 2.19.0 to 2.19.1 ([#7122](https://github.com/parse-community/parse-server/issues/7122)) ([33bdd87](https://github.com/parse-community/parse-server/commit/33bdd8709266f17489c319e43b3f2a7d8ea27fd5))
-* upgrade apollo-server-express from 2.19.1 to 2.19.2 ([#7165](https://github.com/parse-community/parse-server/issues/7165)) ([4b6e9ff](https://github.com/parse-community/parse-server/commit/4b6e9ffc3d2c1969c285c94f7cf2cfc7af03227e))
-* upgrade apollo-server-express from 2.19.2 to 2.20.0 ([#7239](https://github.com/parse-community/parse-server/issues/7239)) ([d10e990](https://github.com/parse-community/parse-server/commit/d10e99007b70816707944060905cff7da5018eb0))
-* upgrade apollo-server-express from 2.21.0 to 2.21.1 ([#7308](https://github.com/parse-community/parse-server/issues/7308)) ([3dc4597](https://github.com/parse-community/parse-server/commit/3dc459746dbd4a2d245f2bde688cd087a5b74703))
-* upgrade apollo-server-express from 2.21.1 to 2.22.1 ([#7357](https://github.com/parse-community/parse-server/issues/7357)) ([25690ad](https://github.com/parse-community/parse-server/commit/25690ad515551bda33dd581789ffeb9a218c8033))
-* upgrade apollo-server-express from 2.22.1 to 2.22.2 ([#7362](https://github.com/parse-community/parse-server/issues/7362)) ([181fbf9](https://github.com/parse-community/parse-server/commit/181fbf9d46bee61b5c67a411b4a41c38d201cc73))
-* upgrade apollo-server-express from 2.22.2 to 2.23.0 ([#7380](https://github.com/parse-community/parse-server/issues/7380)) ([87476da](https://github.com/parse-community/parse-server/commit/87476da31e28e064fa7192998c67de9c31ac18a6))
-* upgrade apollo-server-express from 2.23.0 to 2.24.0 ([#7395](https://github.com/parse-community/parse-server/issues/7395)) ([ff5755b](https://github.com/parse-community/parse-server/commit/ff5755b05ac554a107a443a8870f4c2442b0a5f3))
-* upgrade apollo-server-express from 2.24.0 to 2.24.1 ([#7424](https://github.com/parse-community/parse-server/issues/7424)) ([bfdb6a9](https://github.com/parse-community/parse-server/commit/bfdb6a93e8c0d78524820b32abaff174776520f3))
-* upgrade apollo-server-express from 2.24.1 to 2.25.0 ([#7435](https://github.com/parse-community/parse-server/issues/7435)) ([4e5eba6](https://github.com/parse-community/parse-server/commit/4e5eba6c6c7bc6e643ac6477df15beea1ba60364))
-* upgrade apollo-server-express from 2.25.0 to 2.25.1 ([#7449](https://github.com/parse-community/parse-server/issues/7449)) ([682f1bf](https://github.com/parse-community/parse-server/commit/682f1bf14388e134fbd993e274f5738ec2e57e02))
-* upgrade apollo-server-express from 2.25.1 to 2.25.2 ([#7465](https://github.com/parse-community/parse-server/issues/7465)) ([1fe4708](https://github.com/parse-community/parse-server/commit/1fe47087a92c80e7ee8cc6e3e26b3a67f8df68ee))
-* upgrade follow-redirects from 1.13.0 to 1.13.1 ([#7106](https://github.com/parse-community/parse-server/issues/7106)) ([16b4aad](https://github.com/parse-community/parse-server/commit/16b4aadfe2b5b5b24e6e3bbe22c93a92f02c9eb3))
-* upgrade follow-redirects from 1.13.1 to 1.13.2 ([#7194](https://github.com/parse-community/parse-server/issues/7194)) ([738ba9f](https://github.com/parse-community/parse-server/commit/738ba9fc704a770bd1e2af23bca31ed7202f99cd))
-* upgrade follow-redirects from 1.13.2 to 1.13.3 ([#7285](https://github.com/parse-community/parse-server/issues/7285)) ([d144819](https://github.com/parse-community/parse-server/commit/d144819d21b59b11dc957346748ce3200349a6b7))
-* upgrade follow-redirects from 1.13.3 to 1.14.0 ([#7389](https://github.com/parse-community/parse-server/issues/7389)) ([38c01c6](https://github.com/parse-community/parse-server/commit/38c01c6bc32fe769c3a636e45b389e2a995c2ee6))
-* upgrade follow-redirects from 1.14.0 to 1.14.1 ([#7408](https://github.com/parse-community/parse-server/issues/7408)) ([8976ecc](https://github.com/parse-community/parse-server/commit/8976ecc4a9c91eeb1d0f3448eff7720b43c7747a))
-* upgrade graphql from 15.4.0 to 15.5.0 ([#7201](https://github.com/parse-community/parse-server/issues/7201)) ([5a09687](https://github.com/parse-community/parse-server/commit/5a0968721d6d04cdde86d3df569a77910bcae803))
-* upgrade graphql from 15.5.0 to 15.5.1 ([#7462](https://github.com/parse-community/parse-server/issues/7462)) ([bbd7ee7](https://github.com/parse-community/parse-server/commit/bbd7ee7313e19c43b15e16027439739590393dd1))
-* upgrade graphql from 15.5.1 to 15.5.2 ([#7587](https://github.com/parse-community/parse-server/issues/7587)) ([dee4d96](https://github.com/parse-community/parse-server/commit/dee4d9662749eb699891c8a3797fa0b0467c6355))
-* upgrade graphql from 15.5.2 to 15.5.3 ([#7596](https://github.com/parse-community/parse-server/issues/7596)) ([bcbc035](https://github.com/parse-community/parse-server/commit/bcbc035627c552a7940bec4ae210ca1522215246))
-* upgrade graphql from 15.5.3 to 15.6.0 ([#7612](https://github.com/parse-community/parse-server/issues/7612)) ([407ed6e](https://github.com/parse-community/parse-server/commit/407ed6ee36ea42d7eb525f42b1f3da6f41230504))
-* upgrade graphql-relay from 0.6.0 to 0.7.0 ([#7443](https://github.com/parse-community/parse-server/issues/7443)) ([770e36f](https://github.com/parse-community/parse-server/commit/770e36ff43c42e4ed3db73a30436079a0460a1f0))
-* upgrade graphql-relay from 0.7.0 to 0.8.0 ([#7467](https://github.com/parse-community/parse-server/issues/7467)) ([9923cd3](https://github.com/parse-community/parse-server/commit/9923cd3869ab80e70c5ca9765628ba0a28a6facc))
-* upgrade graphql-tag from 2.10.1 to 2.12.0 ([#7234](https://github.com/parse-community/parse-server/issues/7234)) ([add67fd](https://github.com/parse-community/parse-server/commit/add67fdd2284a58386f6afd35edeaa8534579e33))
-* upgrade graphql-tag from 2.12.0 to 2.12.1 ([#7282](https://github.com/parse-community/parse-server/issues/7282)) ([36de1db](https://github.com/parse-community/parse-server/commit/36de1db65dc3c2bbf8f8051ee1862a06ef41e7f9))
-* upgrade graphql-tag from 2.12.1 to 2.12.2 ([#7325](https://github.com/parse-community/parse-server/issues/7325)) ([50e5557](https://github.com/parse-community/parse-server/commit/50e55571fdaa1ac3ca43d215c4bc62136d684873))
-* upgrade graphql-tag from 2.12.2 to 2.12.4 ([#7396](https://github.com/parse-community/parse-server/issues/7396)) ([8099cb0](https://github.com/parse-community/parse-server/commit/8099cb05a48956b073f3e7d96c30b69292c06adc))
-* upgrade graphql-tag from 2.12.4 to 2.12.5 ([#7466](https://github.com/parse-community/parse-server/issues/7466)) ([2b3355c](https://github.com/parse-community/parse-server/commit/2b3355cb022724838499a5d83c0d532040953566))
-* upgrade jwks-rsa from 1.11.0 to 1.12.0 ([#7102](https://github.com/parse-community/parse-server/issues/7102)) ([029edbf](https://github.com/parse-community/parse-server/commit/029edbf706c4b1754afbb5ce69600a373b91cb9b))
-* upgrade jwks-rsa from 1.12.1 to 1.12.2 ([#7147](https://github.com/parse-community/parse-server/issues/7147)) ([bcb2b52](https://github.com/parse-community/parse-server/commit/bcb2b52f7a1322a780b95b77081827d6c8c25840))
-* upgrade jwks-rsa from 1.12.2 to 1.12.3 ([#7284](https://github.com/parse-community/parse-server/issues/7284)) ([a53d74c](https://github.com/parse-community/parse-server/commit/a53d74c13b86d43e1694132feddccce6ee2bede9))
-* upgrade ldapjs from 2.2.2 to 2.2.3 ([#7095](https://github.com/parse-community/parse-server/issues/7095)) ([fb465e5](https://github.com/parse-community/parse-server/commit/fb465e599e8768b9e229ec8689e033d7063e50b3))
-* upgrade ldapjs from 2.2.3 to 2.2.4 ([#7275](https://github.com/parse-community/parse-server/issues/7275)) ([35f0c55](https://github.com/parse-community/parse-server/commit/35f0c55e93dc0572049a85befbc80175620f7d29))
-* upgrade ldapjs from 2.2.4 to 2.3.0 ([#7436](https://github.com/parse-community/parse-server/issues/7436)) ([7df6c02](https://github.com/parse-community/parse-server/commit/7df6c020b18b8ea9d04b718fa4e070be800b9268))
-* upgrade ldapjs from 2.3.0 to 2.3.1 ([#7524](https://github.com/parse-community/parse-server/issues/7524)) ([dee5a13](https://github.com/parse-community/parse-server/commit/dee5a13a85336cdd9d3bcd938c4118fffe8b9670))
-* upgrade mime from 2.4.6 to 2.4.7 ([#7110](https://github.com/parse-community/parse-server/issues/7110)) ([fefcabe](https://github.com/parse-community/parse-server/commit/fefcabe858f3817dca337390c2198abbf12f9bdf))
-* upgrade mime from 2.4.7 to 2.5.0 ([#7166](https://github.com/parse-community/parse-server/issues/7166)) ([6097e82](https://github.com/parse-community/parse-server/commit/6097e82194772847954dc2c2b7559543cc7531cc))
-* upgrade mime from 2.5.0 to 2.5.2 ([#7261](https://github.com/parse-community/parse-server/issues/7261)) ([687f4b7](https://github.com/parse-community/parse-server/commit/687f4b7cf245ce578674a4cc0e0d276b23d5780d))
-* upgrade mongodb from 3.6.6 to 3.6.7 ([#7425](https://github.com/parse-community/parse-server/issues/7425)) ([61affe2](https://github.com/parse-community/parse-server/commit/61affe26293f7218e88878d027514d68975cfc8c))
-* upgrade mongodb from 3.6.7 to 3.6.8 ([#7430](https://github.com/parse-community/parse-server/issues/7430)) ([c36588e](https://github.com/parse-community/parse-server/commit/c36588e3c2d16fab3f38aecc77f0e827bda38f95))
-* upgrade mongodb from 3.6.8 to 3.6.9 ([#7445](https://github.com/parse-community/parse-server/issues/7445)) ([17cf1a4](https://github.com/parse-community/parse-server/commit/17cf1a46e557b502b132c415b922508e032209a9))
-* upgrade mongodb from 3.6.9 to 3.6.10 ([#7474](https://github.com/parse-community/parse-server/issues/7474)) ([45d29cc](https://github.com/parse-community/parse-server/commit/45d29cc58c373c9e1d489dbd7a750f2a0f6bc89b))
-* upgrade mustache from 4.1.0 to 4.2.0 ([#7358](https://github.com/parse-community/parse-server/issues/7358)) ([94b7b32](https://github.com/parse-community/parse-server/commit/94b7b320062579e788df6c9f72d7a786f98f7cc5))
-* upgrade parse from 3.1.0 to 3.2.0 ([#7378](https://github.com/parse-community/parse-server/issues/7378)) ([e9f54e2](https://github.com/parse-community/parse-server/commit/e9f54e2bddd8430864b1628ab077a0a3aae73e47))
-* upgrade pg-promise from 10.10.1 to 10.10.2 ([#7399](https://github.com/parse-community/parse-server/issues/7399)) ([d365f1f](https://github.com/parse-community/parse-server/commit/d365f1f7cb44cfdeac9931308ff25dcd9ba3d79b))
-* upgrade pg-promise from 10.10.2 to 10.11.0 ([#7510](https://github.com/parse-community/parse-server/issues/7510)) ([a967e79](https://github.com/parse-community/parse-server/commit/a967e7921961ea7a33ae9ff02555839cecf2b15f))
-* upgrade pg-promise from 10.8.1 to 10.8.6 ([#7118](https://github.com/parse-community/parse-server/issues/7118)) ([8851810](https://github.com/parse-community/parse-server/commit/8851810a85747456cd2f3e5d3876371306b8c23d))
-* upgrade pg-promise from 10.8.6 to 10.8.7 ([#7148](https://github.com/parse-community/parse-server/issues/7148)) ([231c669](https://github.com/parse-community/parse-server/commit/231c669133eea494f2db7f23fdff2e9d004c9e18))
-* upgrade pg-promise from 10.8.7 to 10.9.0 ([#7168](https://github.com/parse-community/parse-server/issues/7168)) ([fcacd4d](https://github.com/parse-community/parse-server/commit/fcacd4d24e34ff48367d2c68bb97743b8a20216c))
-* upgrade pg-promise from 10.9.0 to 10.9.1 ([#7170](https://github.com/parse-community/parse-server/issues/7170)) ([cca493b](https://github.com/parse-community/parse-server/commit/cca493b9fb33a4c34eaaf624ec4aedd18b11dca7))
-* upgrade pg-promise from 10.9.1 to 10.9.2 ([#7209](https://github.com/parse-community/parse-server/issues/7209)) ([c05102b](https://github.com/parse-community/parse-server/commit/c05102b90c925498459b45c755298cb482ac596c))
-* upgrade redis from 3.1.1 to 3.1.2 ([#7387](https://github.com/parse-community/parse-server/issues/7387)) ([f65bd22](https://github.com/parse-community/parse-server/commit/f65bd228fb3491ba217558ec288dd2ee60d0d37d))
-* upgrade semver from 7.3.2 to 7.3.4 ([#7092](https://github.com/parse-community/parse-server/issues/7092)) ([7e687b1](https://github.com/parse-community/parse-server/commit/7e687b1e943372d105ca359177824241af278534))
-* upgrade subscriptions-transport-ws from 0.9.19 to 0.10.0 ([#7450](https://github.com/parse-community/parse-server/issues/7450)) ([d36a53b](https://github.com/parse-community/parse-server/commit/d36a53b2bfade99942e3c9b827c9abb38d2de26b))
-* upgrade uuid from 8.3.1 to 8.3.2 ([#7101](https://github.com/parse-community/parse-server/issues/7101)) ([f17a063](https://github.com/parse-community/parse-server/commit/f17a063209b451da291918dac165e177f0bee6a0))
-* upgrade winston-daily-rotate-file from 4.5.0 to 4.5.1 ([#7309](https://github.com/parse-community/parse-server/issues/7309)) ([8643ae4](https://github.com/parse-community/parse-server/commit/8643ae438f1ea48c93d2860889568f9f3a5a62b8))
-* upgrade winston-daily-rotate-file from 4.5.1 to 4.5.2 ([#7376](https://github.com/parse-community/parse-server/issues/7376)) ([e143fb1](https://github.com/parse-community/parse-server/commit/e143fb1bf6a52bb21c483fbf72f74d2282cfbeee))
-* upgrade winston-daily-rotate-file from 4.5.2 to 4.5.3 ([#7398](https://github.com/parse-community/parse-server/issues/7398)) ([e9d8ed4](https://github.com/parse-community/parse-server/commit/e9d8ed4acb03160c8f6d669859fe57d8281937b4))
-* upgrade winston-daily-rotate-file from 4.5.3 to 4.5.4 ([#7402](https://github.com/parse-community/parse-server/issues/7402)) ([4f80a5f](https://github.com/parse-community/parse-server/commit/4f80a5f4afbc008d2f642ee0c581a25483240e9a))
-* upgrade winston-daily-rotate-file from 4.5.4 to 4.5.5 ([#7407](https://github.com/parse-community/parse-server/issues/7407)) ([5abbeeb](https://github.com/parse-community/parse-server/commit/5abbeeb8d11be810993c528b8458be894039a5fc))
-* upgrade ws from 7.4.0 to 7.4.1 ([#7098](https://github.com/parse-community/parse-server/issues/7098)) ([1068838](https://github.com/parse-community/parse-server/commit/106883809c96a758bb23ae6dd7fff7465fbd8f60))
-* upgrade ws from 7.4.1 to 7.4.2 ([#7132](https://github.com/parse-community/parse-server/issues/7132)) ([857d4ec](https://github.com/parse-community/parse-server/commit/857d4ecfd5a383d6debd849a1af1d45820aee0c0))
-* upgrade ws from 7.4.2 to 7.4.3 ([#7224](https://github.com/parse-community/parse-server/issues/7224)) ([ec8f784](https://github.com/parse-community/parse-server/commit/ec8f78424f0043fa74ef1f3a7baa96a3d1e95b59))
-* upgrade ws from 7.4.3 to 7.4.4 ([#7298](https://github.com/parse-community/parse-server/issues/7298)) ([a080e4c](https://github.com/parse-community/parse-server/commit/a080e4c766c33cc5b5c304bbdba69e93743f9db1))
-* upgrade ws from 7.4.4 to 7.4.5 ([#7381](https://github.com/parse-community/parse-server/issues/7381)) ([34f3dd9](https://github.com/parse-community/parse-server/commit/34f3dd9e7e1908b713355ddb235b1e5d02634663))
-* upgrade ws from 7.5.3 to 8.2.1 ([#7580](https://github.com/parse-community/parse-server/issues/7580)) ([c3da290](https://github.com/parse-community/parse-server/commit/c3da2908fabfa4f7f49c0f6d5b3d32de692dd388))
-* upgrade ws from 8.2.1 to 8.2.2 ([#7598](https://github.com/parse-community/parse-server/issues/7598)) ([20cb333](https://github.com/parse-community/parse-server/commit/20cb3333aba67fb89e4e2cda586c559bdb4a23ef))
-
-### Features
-
+### Notable Changes
+- Alphabetical ordered GraphQL API, improved GraphQL Schema cache system and fix GraphQL input reassign issue (Moumouls) [#7344](https://github.com/parse-community/parse-server/issues/7344)
+- Added Parse Server Security Check to report weak security settings (Manuel Trezza, dblythy) [#7247](https://github.com/parse-community/parse-server/issues/7247)
+- EXPERIMENTAL: Added new page router with placeholder rendering and localization of custom and feature pages such as password reset and email verification (Manuel Trezza) [#7128](https://github.com/parse-community/parse-server/pull/7128)
+- EXPERIMENTAL: Added custom routes to easily customize flows for password reset, email verification or build entirely new flows (Manuel Trezza) [#7231](https://github.com/parse-community/parse-server/pull/7231)
+- Added Deprecation Policy to govern the introduction of breaking changes in a phased pattern that is more predictable for developers (Manuel Trezza) [#7199](https://github.com/parse-community/parse-server/pull/7199)
+- Add REST API endpoint `/loginAs` to create session of any user with master key; allows to impersonate another user. (GormanFletcher) [#7406](https://github.com/parse-community/parse-server/pull/7406)
+- Add official support for MongoDB 5.0 (Manuel Trezza) [#7469](https://github.com/parse-community/parse-server/pull/7469)
+- Added Parse Server Configuration `enforcePrivateUsers`, which will remove public access by default on new Parse.Users (dblythy) [#7319](https://github.com/parse-community/parse-server/pull/7319)
 * add support for Postgres 14 ([#7644](https://github.com/parse-community/parse-server/issues/7644)) ([090350a](https://github.com/parse-community/parse-server/commit/090350a7a0fac945394ca1cb24b290316ef06aa7))
 * add user-defined schema and migrations ([#7418](https://github.com/parse-community/parse-server/issues/7418)) ([25d5c30](https://github.com/parse-community/parse-server/commit/25d5c30be2111be332eb779eb0697774a17da7af))
-* alphabetical graphql api, fix internal reassign, enhanced Graphql schema cache system ([#7344](https://github.com/parse-community/parse-server/issues/7344)) ([85ef721](https://github.com/parse-community/parse-server/commit/85ef7217b04e36395e46316004293e9c8ca67df9))
-* **LiveQuery:** Support $and, $nor, $containedBy, $geoWithin ([#7113](https://github.com/parse-community/parse-server/issues/7113)) ([93781b2](https://github.com/parse-community/parse-server/commit/93781b2195d8074032d2c4dfd77a56acf17dc9e1))
-* **AggregateRouter:** support native mongodb syntax in aggregation pipelines ([#7339](https://github.com/parse-community/parse-server/issues/7339)) ([8fddac3](https://github.com/parse-community/parse-server/commit/8fddac39bf866886c3b432219acc4d5e8169ddc0))
+* setting a field to null does not delete it via GraphQL API ([#7649](https://github.com/parse-community/parse-server/issues/7649)) ([626fad2](https://github.com/parse-community/parse-server/commit/626fad2e71017dcc62196c487de5f908fa43000b))
+* combined `and` query with relational query condition returns incorrect results ([#7593](https://github.com/parse-community/parse-server/issues/7593)) ([174886e](https://github.com/parse-community/parse-server/commit/174886e385e091c6bbd4a84891ef95f80b50d05c))
 
-
-### BREAKING CHANGES
-
-* To delete a field via the GraphQL API, the field value has to be set to `null`. Previously, setting a field value to `null` would save a null value in the database, which was not according to the [GraphQL specs](https://spec.graphql.org/June2018/#sec-Null-Value). To delete a file field use `file: null`, the previous way of using `file: { file: null }` has become obsolete. ([626fad2](626fad2))
+### Other Changes
+- Support native mongodb syntax in aggregation pipelines (Raschid JF Rafeally) [#7339](https://github.com/parse-community/parse-server/pull/7339)
+- Fix error when a not yet inserted job is updated (Antonio Davi Macedo Coelho de Castro) [#7196](https://github.com/parse-community/parse-server/pull/7196)
+- request.context for afterFind triggers (dblythy) [#7078](https://github.com/parse-community/parse-server/pull/7078)
+- Winston Logger interpolating stdout to console (dplewis) [#7114](https://github.com/parse-community/parse-server/pull/7114)
+- Added convenience method `Parse.Cloud.sendEmail(...)` to send email via email adapter in Cloud Code (dblythy) [#7089](https://github.com/parse-community/parse-server/pull/7089)
+- LiveQuery support for $and, $nor, $containedBy, $geoWithin, $geoIntersects queries (dplewis) [#7113](https://github.com/parse-community/parse-server/pull/7113)
+- Supporting patterns in LiveQuery server's config parameter `classNames` (Nes-si) [#7131](https://github.com/parse-community/parse-server/pull/7131)
+- Added `requireAnyUserRoles` and `requireAllUserRoles` for Parse Cloud validator (dblythy) [#7097](https://github.com/parse-community/parse-server/pull/7097)
+- Support Facebook Limited Login (miguel-s) [#7219](https://github.com/parse-community/parse-server/pull/7219)
+- Removed Stage name check on aggregate pipelines (BRETT71) [#7237](https://github.com/parse-community/parse-server/pull/7237)
+- Retry transactions on MongoDB when it fails due to transient error (Antonio Davi Macedo Coelho de Castro) [#7187](https://github.com/parse-community/parse-server/pull/7187)
+- Bump tests to use Mongo 4.4.4 (Antonio Davi Macedo Coelho de Castro) [#7184](https://github.com/parse-community/parse-server/pull/7184)
+- Added new account lockout policy option `accountLockout.unlockOnPasswordReset` to automatically unlock account on password reset (Manuel Trezza) [#7146](https://github.com/parse-community/parse-server/pull/7146)
+- Test Parse Server continuously against all recent MongoDB versions that have not reached their end-of-life support date, added MongoDB compatibility table to Parse Server docs (Manuel Trezza) [#7161](https://github.com/parse-community/parse-server/pull/7161)
+- Test Parse Server continuously against all recent Node.js versions that have not reached their end-of-life support date, added Node.js compatibility table to Parse Server docs (Manuel Trezza) [7161](https://github.com/parse-community/parse-server/pull/7177)
+- Throw error on invalid Cloud Function validation configuration (dblythy) [#7154](https://github.com/parse-community/parse-server/pull/7154)
+- Allow Cloud Validator `options` to be async (dblythy) [#7155](https://github.com/parse-community/parse-server/pull/7155)
+- Optimize queries on classes with pointer permissions (Pedro Diaz) [#7061](https://github.com/parse-community/parse-server/pull/7061)
+- Test Parse Server continuously against all relevant Postgres versions (minor versions), added Postgres compatibility table to Parse Server docs (Corey Baker) [#7176](https://github.com/parse-community/parse-server/pull/7176)
+- Randomize test suite (Diamond Lewis) [#7265](https://github.com/parse-community/parse-server/pull/7265)
+- LDAP: Properly unbind client on group search error (Diamond Lewis) [#7265](https://github.com/parse-community/parse-server/pull/7265)
+- Improve data consistency in Push and Job Status update (Diamond Lewis) [#7267](https://github.com/parse-community/parse-server/pull/7267)
+- Excluding keys that have trailing edges.node when performing GraphQL resolver (Chris Bland) [#7273](https://github.com/parse-community/parse-server/pull/7273)
+- Added centralized feature deprecation with standardized warning logs (Manuel Trezza) [#7303](https://github.com/parse-community/parse-server/pull/7303)
+- Use Node.js 15.13.0 in CI (Olle Jonsson) [#7312](https://github.com/parse-community/parse-server/pull/7312)
+- Fix file upload issue for S3 compatible storage (Linode, DigitalOcean) by avoiding empty tags property when creating a file (Ali Oguzhan Yildiz) [#7300](https://github.com/parse-community/parse-server/pull/7300)
+- Add building Docker image as CI check (Manuel Trezza) [#7332](https://github.com/parse-community/parse-server/pull/7332)
+- Add NPM package-lock version check to CI (Manuel Trezza) [#7333](https://github.com/parse-community/parse-server/pull/7333)
+- Fix incorrect LiveQuery events triggered for multiple subscriptions on the same class with different events [#7341](https://github.com/parse-community/parse-server/pull/7341)
+- Fix select and excludeKey queries to properly accept JSON string arrays. Also allow nested fields in exclude (Corey Baker) [#7242](https://github.com/parse-community/parse-server/pull/7242)
+- Fix LiveQuery server crash when using $all query operator on a missing object key (Jason Posthuma) [#7421](https://github.com/parse-community/parse-server/pull/7421)
+- Added runtime deprecation warnings (Manuel Trezza) [#7451](https://github.com/parse-community/parse-server/pull/7451)
+- Add ability to pass context of an object via a header, X-Parse-Cloud-Context, for Cloud Code triggers. The header addition allows client SDK's to add context without injecting _context in the body of JSON objects (Corey Baker) [#7437](https://github.com/parse-community/parse-server/pull/7437)
+- Add CI check to add changelog entry (Manuel Trezza) [#7512](https://github.com/parse-community/parse-server/pull/7512)
+- Refactor: uniform issue templates across repos (Manuel Trezza) [#7528](https://github.com/parse-community/parse-server/pull/7528)
+- ci: bump ci environment (Manuel Trezza) [#7539](https://github.com/parse-community/parse-server/pull/7539)
+- CI now pushes docker images to Docker Hub (Corey Baker) [#7548](https://github.com/parse-community/parse-server/pull/7548)
+- Allow afterFind and afterLiveQueryEvent to set unsaved pointers and keys (dblythy) [#7310](https://github.com/parse-community/parse-server/pull/7310)
+- Allow setting descending sort to full text queries (dblythy) [#7496](https://github.com/parse-community/parse-server/pull/7496)
+- Allow cloud string for ES modules (Daniel Blyth) [#7560](https://github.com/parse-community/parse-server/pull/7560)
+- docs: Introduce deprecation ID for reference in comments and online search (Manuel Trezza) [#7562](https://github.com/parse-community/parse-server/pull/7562)
+- refactor: deprecate `Parse.Cloud.httpRequest`; it is recommended to use a HTTP library instead. (Daniel Blyth) [#7595](https://github.com/parse-community/parse-server/pull/7595)
+- refactor: Modernize HTTPRequest tests (brandongregoryscott) [#7604](https://github.com/parse-community/parse-server/pull/7604)
+- Allow liveQuery on Session class (Daniel Blyth) [#7554](https://github.com/parse-community/parse-server/pull/7554)

From 6962bfac65535bee244ace2db3ba55b20c409761 Mon Sep 17 00:00:00 2001
From: Manuel Trezza <5673677+mtrezza@users.noreply.github.com>
Date: Mon, 1 Nov 2021 17:25:20 +0100
Subject: [PATCH 03/19] docs: enable npm beta badge on README

---
 README.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index a25752cc..98840adb 100644
--- a/README.md
+++ b/README.md
@@ -12,8 +12,9 @@
 [![auto-release](https://img.shields.io/badge/%F0%9F%9A%80-auto--release-9e34eb.svg)](https://github.com/parse-community/parse-dashboard/releases)
 
 [![npm latest version](https://img.shields.io/npm/v/parse-server/latest.svg)](https://www.npmjs.com/package/parse-server)
+[![npm beta version](https://img.shields.io/npm/v/parse-server/beta.svg)](https://www.npmjs.com/package/parse-server)
 [![npm alpha version](https://img.shields.io/npm/v/parse-server/alpha.svg)](https://www.npmjs.com/package/parse-server)
-<!-- [![npm beta version](https://img.shields.io/npm/v/parse-server/beta.svg)](https://www.npmjs.com/package/parse-server) -->
+
 
 [![Backers on Open Collective](https://opencollective.com/parse-server/backers/badge.svg)][open-collective-link]
 [![Sponsors on Open Collective](https://opencollective.com/parse-server/sponsors/badge.svg)][open-collective-link]

From 200d4ba9a527016a65668738c7728696f443bd53 Mon Sep 17 00:00:00 2001
From: Manuel <5673677+mtrezza@users.noreply.github.com>
Date: Wed, 10 Nov 2021 16:49:47 +0100
Subject: [PATCH 04/19] revert: refactor: allow ES import for cloud string if
 package type is module (#7691)

This reverts commit 0225340ccbba2781e49689640ded606a8379dd45.
---
 .babelrc                          | 3 +--
 spec/CloudCode.spec.js            | 8 --------
 spec/cloud/cloudCodeModuleFile.js | 3 ---
 src/ParseServer.js                | 6 +-----
 4 files changed, 2 insertions(+), 18 deletions(-)
 delete mode 100644 spec/cloud/cloudCodeModuleFile.js

diff --git a/.babelrc b/.babelrc
index a199154b..9151969b 100644
--- a/.babelrc
+++ b/.babelrc
@@ -7,8 +7,7 @@
         ["@babel/preset-env", {
             "targets": {
                 "node": "12"
-            },
-            "exclude": ["proposal-dynamic-import"]
+            }
         }]
     ],
     "sourceMaps": "inline"
diff --git a/spec/CloudCode.spec.js b/spec/CloudCode.spec.js
index 17968c33..d5e61137 100644
--- a/spec/CloudCode.spec.js
+++ b/spec/CloudCode.spec.js
@@ -39,14 +39,6 @@ describe('Cloud Code', () => {
     });
   });
 
-  it('can load cloud code as a module', async () => {
-    process.env.npm_package_type = 'module';
-    await reconfigureServer({ cloud: './spec/cloud/cloudCodeModuleFile.js' });
-    const result = await Parse.Cloud.run('cloudCodeInFile');
-    expect(result).toEqual('It is possible to define cloud code in a file.');
-    delete process.env.npm_package_type;
-  });
-
   it('can create functions', done => {
     Parse.Cloud.define('hello', () => {
       return 'Hello world!';
diff --git a/spec/cloud/cloudCodeModuleFile.js b/spec/cloud/cloudCodeModuleFile.js
deleted file mode 100644
index a62b4fcc..00000000
--- a/spec/cloud/cloudCodeModuleFile.js
+++ /dev/null
@@ -1,3 +0,0 @@
-Parse.Cloud.define('cloudCodeInFile', () => {
-  return 'It is possible to define cloud code in a file.';
-});
diff --git a/src/ParseServer.js b/src/ParseServer.js
index dc2af9e7..e6b30d19 100644
--- a/src/ParseServer.js
+++ b/src/ParseServer.js
@@ -108,11 +108,7 @@ class ParseServer {
       if (typeof cloud === 'function') {
         cloud(Parse);
       } else if (typeof cloud === 'string') {
-        if (process.env.npm_package_type === 'module') {
-          import(path.resolve(process.cwd(), cloud));
-        } else {
-          require(path.resolve(process.cwd(), cloud));
-        }
+        require(path.resolve(process.cwd(), cloud));
       } else {
         throw "argument 'cloud' must either be a string or a function";
       }

From 32b719413944b2b8d6394a7d765874051781be8d Mon Sep 17 00:00:00 2001
From: semantic-release-bot <semantic-release-bot@martynus.net>
Date: Wed, 10 Nov 2021 15:50:43 +0000
Subject: [PATCH 05/19] chore(release): 5.0.0-beta.2 [skip ci]

# [5.0.0-beta.2](https://github.com/parse-community/parse-server/compare/5.0.0-beta.1...5.0.0-beta.2) (2021-11-10)

### Reverts

* refactor: allow ES import for cloud string if package type is module ([#7691](https://github.com/parse-community/parse-server/issues/7691)) ([200d4ba](https://github.com/parse-community/parse-server/commit/200d4ba9a527016a65668738c7728696f443bd53))
---
 changelogs/CHANGELOG_beta.md | 7 +++++++
 package-lock.json            | 2 +-
 package.json                 | 2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/changelogs/CHANGELOG_beta.md b/changelogs/CHANGELOG_beta.md
index e0a8bf2e..f3375d0c 100644
--- a/changelogs/CHANGELOG_beta.md
+++ b/changelogs/CHANGELOG_beta.md
@@ -1,3 +1,10 @@
+# [5.0.0-beta.2](https://github.com/parse-community/parse-server/compare/5.0.0-beta.1...5.0.0-beta.2) (2021-11-10)
+
+
+### Reverts
+
+* refactor: allow ES import for cloud string if package type is module ([#7691](https://github.com/parse-community/parse-server/issues/7691)) ([200d4ba](https://github.com/parse-community/parse-server/commit/200d4ba9a527016a65668738c7728696f443bd53))
+
 # [5.0.0-beta.1](https://github.com/parse-community/parse-server/compare/4.5.0...5.0.0-beta.1) (2021-11-01)
 
 ### BREAKING CHANGES
diff --git a/package-lock.json b/package-lock.json
index e65f70c3..72805c4d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "5.0.0-beta.1",
+  "version": "5.0.0-beta.2",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index beff1a38..d1c9505f 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "5.0.0-beta.1",
+  "version": "5.0.0-beta.2",
   "description": "An express module providing a Parse-compatible API server",
   "main": "lib/index.js",
   "repository": {

From 6a54dac24d9fb63a44f311b8d414f4aa64140f32 Mon Sep 17 00:00:00 2001
From: Manuel <5673677+mtrezza@users.noreply.github.com>
Date: Fri, 12 Nov 2021 19:10:17 +0100
Subject: [PATCH 06/19] fix: node engine range has no upper limit to exclude
 incompatible node versions (#7693)

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index d1c9505f..7bd7b651 100644
--- a/package.json
+++ b/package.json
@@ -135,7 +135,7 @@
     "madge:circular": "node_modules/.bin/madge ./src --circular"
   },
   "engines": {
-    "node": ">=12.20.0"
+    "node": ">=12.20.0 <16"
   },
   "bin": {
     "parse-server": "bin/parse-server"

From 2923833b253145bd12ab1f83ec340b6c9792e590 Mon Sep 17 00:00:00 2001
From: semantic-release-bot <semantic-release-bot@martynus.net>
Date: Fri, 12 Nov 2021 18:11:20 +0000
Subject: [PATCH 07/19] chore(release): 5.0.0-beta.3 [skip ci]

# [5.0.0-beta.3](https://github.com/parse-community/parse-server/compare/5.0.0-beta.2...5.0.0-beta.3) (2021-11-12)

### Bug Fixes

* node engine range has no upper limit to exclude incompatible node versions ([#7693](https://github.com/parse-community/parse-server/issues/7693)) ([6a54dac](https://github.com/parse-community/parse-server/commit/6a54dac24d9fb63a44f311b8d414f4aa64140f32))
---
 changelogs/CHANGELOG_beta.md | 7 +++++++
 package-lock.json            | 2 +-
 package.json                 | 2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/changelogs/CHANGELOG_beta.md b/changelogs/CHANGELOG_beta.md
index f3375d0c..856fc405 100644
--- a/changelogs/CHANGELOG_beta.md
+++ b/changelogs/CHANGELOG_beta.md
@@ -1,3 +1,10 @@
+# [5.0.0-beta.3](https://github.com/parse-community/parse-server/compare/5.0.0-beta.2...5.0.0-beta.3) (2021-11-12)
+
+
+### Bug Fixes
+
+* node engine range has no upper limit to exclude incompatible node versions ([#7693](https://github.com/parse-community/parse-server/issues/7693)) ([6a54dac](https://github.com/parse-community/parse-server/commit/6a54dac24d9fb63a44f311b8d414f4aa64140f32))
+
 # [5.0.0-beta.2](https://github.com/parse-community/parse-server/compare/5.0.0-beta.1...5.0.0-beta.2) (2021-11-10)
 
 
diff --git a/package-lock.json b/package-lock.json
index 72805c4d..59d9c47e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "5.0.0-beta.2",
+  "version": "5.0.0-beta.3",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index 7bd7b651..983f9290 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "5.0.0-beta.2",
+  "version": "5.0.0-beta.3",
   "description": "An express module providing a Parse-compatible API server",
   "main": "lib/index.js",
   "repository": {

From 8ee0445c0aeeb88dff2559b46ade408071d22143 Mon Sep 17 00:00:00 2001
From: Manuel <5673677+mtrezza@users.noreply.github.com>
Date: Sat, 27 Nov 2021 13:36:49 +0100
Subject: [PATCH 08/19] fix: unable to use objectId size higher than 19 on
 GraphQL API (#7722)

---
 package-lock.json                             |  6 ++--
 package.json                                  |  2 +-
 spec/ParseGraphQLServer.spec.js               | 29 +++++++++++++++----
 .../Postgres/PostgresStorageAdapter.js        |  8 ++++-
 4 files changed, 35 insertions(+), 10 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 59d9c47e..2c522b27 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -7496,9 +7496,9 @@
       "integrity": "sha512-9TSAwcVA3KWw7JWYep5NCk2aw3wl1ayLtbMpmG7l26vh1FZ+gZexNPP+XJfUFyJa71UU0zcKSgtgpsrsA3Xv9Q=="
     },
     "graphql-relay": {
-      "version": "0.9.0",
-      "resolved": "https://registry.npmjs.org/graphql-relay/-/graphql-relay-0.9.0.tgz",
-      "integrity": "sha512-yNJLCqcjz0XpzpmmckRJCSK8a2ZLwTurwrQ09UyGftONh52PbrGpK1UO4yspvj0c7pC+jkN4ZUqVXG3LRrWkXQ=="
+      "version": "0.7.0",
+      "resolved": "https://registry.npmjs.org/graphql-relay/-/graphql-relay-0.7.0.tgz",
+      "integrity": "sha512-P8eS3IbZRhbfbcfud1Q6VPrIru4hchkb15MuOij+WQo9r0chD5NBIxiVjuRE2iG2EMHxIOrZb8LnMe82+YdITA=="
     },
     "graphql-subscriptions": {
       "version": "1.2.1",
diff --git a/package.json b/package.json
index 983f9290..da8b5568 100644
--- a/package.json
+++ b/package.json
@@ -35,7 +35,7 @@
     "follow-redirects": "1.14.2",
     "graphql": "15.6.0",
     "graphql-list-fields": "2.0.2",
-    "graphql-relay": "0.9.0",
+    "graphql-relay": "0.7.0",
     "graphql-tag": "2.12.5",
     "graphql-upload": "11.0.0",
     "intersect": "1.0.1",
diff --git a/spec/ParseGraphQLServer.spec.js b/spec/ParseGraphQLServer.spec.js
index 52427efc..c197facb 100644
--- a/spec/ParseGraphQLServer.spec.js
+++ b/spec/ParseGraphQLServer.spec.js
@@ -2284,8 +2284,7 @@ describe('ParseGraphQLServer', () => {
             expect(nodeResult.data.node2.objectId).toBe(obj2.id);
             expect(nodeResult.data.node2.someField).toBe('some value 2');
           });
-          // TODO: (moumouls, davimacedo) Fix flaky test
-          xit('Id inputs should work either with global id or object id', async () => {
+          it('Id inputs should work either with global id or object id', async () => {
             try {
               await apolloClient.mutate({
                 mutation: gql`
@@ -2592,9 +2591,12 @@ describe('ParseGraphQLServer', () => {
                   .map(value => value.node.someField)
                   .sort()
               ).toEqual(['some value 22', 'some value 44']);
-              expect(
-                findSecondaryObjectsResult.data.secondaryObjects.edges[0].node.id
-              ).toBeLessThan(findSecondaryObjectsResult.data.secondaryObjects.edges[1].node.id);
+              // NOTE: Here @davimacedo tried to test RelayID order, but the test is wrong since
+              // "objectId1" < "objectId2" do not always keep the order when objectId is transformed
+              // to base64 by Relay
+              // "SecondaryObject:bBRgmzIRRM" < "SecondaryObject:nTMcuVbATY" true
+              // base64("SecondaryObject:bBRgmzIRRM"") < base64(""SecondaryObject:nTMcuVbATY"") false
+              // "U2Vjb25kYXJ5T2JqZWN0OmJCUmdteklSUk0=" < "U2Vjb25kYXJ5T2JqZWN0Om5UTWN1VmJBVFk=" false
               expect(
                 findSecondaryObjectsResult.data.secondaryObjects.edges[0].node.objectId
               ).toBeLessThan(
@@ -2760,6 +2762,23 @@ describe('ParseGraphQLServer', () => {
               handleError(e);
             }
           });
+          it('Id inputs should work either with global id or object id with objectId higher than 19', async () => {
+            await reconfigureServer({ objectIdSize: 20 });
+            const obj = new Parse.Object('SomeClass');
+            await obj.save({ name: 'aname', type: 'robot' });
+            const result = await apolloClient.query({
+              query: gql`
+                query getSomeClass($id: ID!) {
+                  someClass(id: $id) {
+                    objectId
+                    id
+                  }
+                }
+              `,
+              variables: { id: obj.id },
+            });
+            expect(result.data.someClass.objectId).toEqual(obj.id);
+          });
         });
       });
 
diff --git a/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js b/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js
index e6c2bdbb..f787d9f1 100644
--- a/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js
+++ b/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js
@@ -1807,7 +1807,13 @@ export class PostgresStorageAdapter implements StorageAdapter {
         if (key === 'ACL') {
           memo.push('_rperm');
           memo.push('_wperm');
-        } else if (key.length > 0) {
+        } else if (
+          key.length > 0 &&
+          // Remove selected field not referenced in the schema
+          // Relation is not a column in postgres
+          // $score is a Parse special field and is also not a column
+          ((schema.fields[key] && schema.fields[key].type !== 'Relation') || key === '$score')
+        ) {
           memo.push(key);
         }
         return memo;

From 66347dc44a372c1f1ca83f7e9aa50b8ad64f1104 Mon Sep 17 00:00:00 2001
From: semantic-release-bot <semantic-release-bot@martynus.net>
Date: Sat, 27 Nov 2021 12:37:38 +0000
Subject: [PATCH 09/19] chore(release): 5.0.0-beta.4 [skip ci]

# [5.0.0-beta.4](https://github.com/parse-community/parse-server/compare/5.0.0-beta.3...5.0.0-beta.4) (2021-11-27)

### Bug Fixes

* unable to use objectId size higher than 19 on GraphQL API ([#7722](https://github.com/parse-community/parse-server/issues/7722)) ([8ee0445](https://github.com/parse-community/parse-server/commit/8ee0445c0aeeb88dff2559b46ade408071d22143))
---
 changelogs/CHANGELOG_beta.md | 7 +++++++
 package-lock.json            | 2 +-
 package.json                 | 2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/changelogs/CHANGELOG_beta.md b/changelogs/CHANGELOG_beta.md
index 856fc405..1875f05b 100644
--- a/changelogs/CHANGELOG_beta.md
+++ b/changelogs/CHANGELOG_beta.md
@@ -1,3 +1,10 @@
+# [5.0.0-beta.4](https://github.com/parse-community/parse-server/compare/5.0.0-beta.3...5.0.0-beta.4) (2021-11-27)
+
+
+### Bug Fixes
+
+* unable to use objectId size higher than 19 on GraphQL API ([#7722](https://github.com/parse-community/parse-server/issues/7722)) ([8ee0445](https://github.com/parse-community/parse-server/commit/8ee0445c0aeeb88dff2559b46ade408071d22143))
+
 # [5.0.0-beta.3](https://github.com/parse-community/parse-server/compare/5.0.0-beta.2...5.0.0-beta.3) (2021-11-12)
 
 
diff --git a/package-lock.json b/package-lock.json
index 2c522b27..9ae492f7 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "5.0.0-beta.3",
+  "version": "5.0.0-beta.4",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index da8b5568..d80b19f9 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "5.0.0-beta.3",
+  "version": "5.0.0-beta.4",
   "description": "An express module providing a Parse-compatible API server",
   "main": "lib/index.js",
   "repository": {

From 3b92fa1ca9e8889127a32eba913d68309397ca2c Mon Sep 17 00:00:00 2001
From: Manuel <5673677+mtrezza@users.noreply.github.com>
Date: Thu, 13 Jan 2022 03:04:49 +0100
Subject: [PATCH 10/19] fix: schema cache not cleared in some cases (#7771)

---
 spec/schemas.spec.js         | 87 ++++++++++++++++++++++++++++++++++++
 src/Routers/SchemasRouter.js |  2 +-
 2 files changed, 88 insertions(+), 1 deletion(-)

diff --git a/spec/schemas.spec.js b/spec/schemas.spec.js
index 5180b36c..52c02811 100644
--- a/spec/schemas.spec.js
+++ b/spec/schemas.spec.js
@@ -5,6 +5,7 @@ const dd = require('deep-diff');
 const Config = require('../lib/Config');
 const request = require('../lib/request');
 const TestUtils = require('../lib/TestUtils');
+const SchemaController = require('../lib/Controllers/SchemaController').SchemaController;
 
 let config;
 
@@ -239,6 +240,52 @@ describe('schemas', () => {
       });
   });
 
+  it('ensure refresh cache after creating a class', async done => {
+    spyOn(SchemaController.prototype, 'reloadData').and.callFake(() => Promise.resolve());
+    await request({
+      url: 'http://localhost:8378/1/schemas',
+      method: 'POST',
+      headers: masterKeyHeaders,
+      json: true,
+      body: {
+        className: 'A',
+      },
+    });
+    const response = await request({
+      url: 'http://localhost:8378/1/schemas',
+      method: 'GET',
+      headers: masterKeyHeaders,
+      json: true,
+    });
+    const expected = {
+      results: [
+        userSchema,
+        roleSchema,
+        {
+          className: 'A',
+          fields: {
+            //Default fields
+            ACL: { type: 'ACL' },
+            createdAt: { type: 'Date' },
+            updatedAt: { type: 'Date' },
+            objectId: { type: 'String' },
+          },
+          classLevelPermissions: defaultClassLevelPermissions,
+        },
+      ],
+    };
+    expect(
+      response.data.results
+        .sort((s1, s2) => s1.className.localeCompare(s2.className))
+        .map(s => {
+          const withoutIndexes = Object.assign({}, s);
+          delete withoutIndexes.indexes;
+          return withoutIndexes;
+        })
+    ).toEqual(expected.results.sort((s1, s2) => s1.className.localeCompare(s2.className)));
+    done();
+  });
+
   it('responds with a single schema', done => {
     const obj = hasAllPODobject();
     obj.save().then(() => {
@@ -1507,6 +1554,46 @@ describe('schemas', () => {
     });
   });
 
+  it('ensure refresh cache after deleting a class', async done => {
+    config = Config.get('test');
+    spyOn(config.schemaCache, 'del').and.callFake(() => {});
+    spyOn(SchemaController.prototype, 'reloadData').and.callFake(() => Promise.resolve());
+    await request({
+      url: 'http://localhost:8378/1/schemas',
+      method: 'POST',
+      headers: masterKeyHeaders,
+      json: true,
+      body: {
+        className: 'A',
+      },
+    });
+    await request({
+      method: 'DELETE',
+      url: 'http://localhost:8378/1/schemas/A',
+      headers: masterKeyHeaders,
+      json: true,
+    });
+    const response = await request({
+      url: 'http://localhost:8378/1/schemas',
+      method: 'GET',
+      headers: masterKeyHeaders,
+      json: true,
+    });
+    const expected = {
+      results: [userSchema, roleSchema],
+    };
+    expect(
+      response.data.results
+        .sort((s1, s2) => s1.className.localeCompare(s2.className))
+        .map(s => {
+          const withoutIndexes = Object.assign({}, s);
+          delete withoutIndexes.indexes;
+          return withoutIndexes;
+        })
+    ).toEqual(expected.results.sort((s1, s2) => s1.className.localeCompare(s2.className)));
+    done();
+  });
+
   it('deletes collections including join tables', done => {
     const obj = new Parse.Object('MyClass');
     obj.set('data', 'data');
diff --git a/src/Routers/SchemasRouter.js b/src/Routers/SchemasRouter.js
index 54f73cea..1b72b93a 100644
--- a/src/Routers/SchemasRouter.js
+++ b/src/Routers/SchemasRouter.js
@@ -16,7 +16,7 @@ function classNameMismatchResponse(bodyClass, pathClass) {
 function getAllSchemas(req) {
   return req.config.database
     .loadSchema({ clearCache: true })
-    .then(schemaController => schemaController.getAllClasses(true))
+    .then(schemaController => schemaController.getAllClasses({ clearCache: true }))
     .then(schemas => ({ response: { results: schemas } }));
 }
 

From f90461e693aeb973d34b243a76e616095022039b Mon Sep 17 00:00:00 2001
From: semantic-release-bot <semantic-release-bot@martynus.net>
Date: Thu, 13 Jan 2022 02:06:03 +0000
Subject: [PATCH 11/19] chore(release): 5.0.0-beta.5 [skip ci]

# [5.0.0-beta.5](https://github.com/parse-community/parse-server/compare/5.0.0-beta.4...5.0.0-beta.5) (2022-01-13)

### Bug Fixes

* schema cache not cleared in some cases ([#7771](https://github.com/parse-community/parse-server/issues/7771)) ([3b92fa1](https://github.com/parse-community/parse-server/commit/3b92fa1ca9e8889127a32eba913d68309397ca2c))
---
 changelogs/CHANGELOG_beta.md | 7 +++++++
 package-lock.json            | 2 +-
 package.json                 | 2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/changelogs/CHANGELOG_beta.md b/changelogs/CHANGELOG_beta.md
index 1875f05b..0bba03a0 100644
--- a/changelogs/CHANGELOG_beta.md
+++ b/changelogs/CHANGELOG_beta.md
@@ -1,3 +1,10 @@
+# [5.0.0-beta.5](https://github.com/parse-community/parse-server/compare/5.0.0-beta.4...5.0.0-beta.5) (2022-01-13)
+
+
+### Bug Fixes
+
+* schema cache not cleared in some cases ([#7771](https://github.com/parse-community/parse-server/issues/7771)) ([3b92fa1](https://github.com/parse-community/parse-server/commit/3b92fa1ca9e8889127a32eba913d68309397ca2c))
+
 # [5.0.0-beta.4](https://github.com/parse-community/parse-server/compare/5.0.0-beta.3...5.0.0-beta.4) (2021-11-27)
 
 
diff --git a/package-lock.json b/package-lock.json
index 9ae492f7..8a2805fb 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "5.0.0-beta.4",
+  "version": "5.0.0-beta.5",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index d80b19f9..cd6ab3f6 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "5.0.0-beta.4",
+  "version": "5.0.0-beta.5",
   "description": "An express module providing a Parse-compatible API server",
   "main": "lib/index.js",
   "repository": {

From 4bd34b189bc9f5aa2e70b7e7c1a456e91b6de773 Mon Sep 17 00:00:00 2001
From: Snyk bot <snyk-bot@snyk.io>
Date: Thu, 13 Jan 2022 11:42:25 +0000
Subject: [PATCH 12/19] fix: security upgrade follow-redirects from 1.14.2 to
 1.14.7 (#7772)

---
 package-lock.json | 6 +++---
 package.json      | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 8a2805fb..ad6ce36f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -7070,9 +7070,9 @@
       "integrity": "sha512-GRnmB5gPyJpAhTQdSZTSp9uaPSvl09KoYcMQtsB9rQoOmzs9dH6ffeccH+Z+cv6P68Hu5bC6JjRh4Ah/mHSNRw=="
     },
     "follow-redirects": {
-      "version": "1.14.2",
-      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.2.tgz",
-      "integrity": "sha512-yLR6WaE2lbF0x4K2qE2p9PEXKLDjUjnR/xmjS3wHAYxtlsI9MLLBJUZirAHKzUZDGLxje7w/cXR49WOUo4rbsA=="
+      "version": "1.14.7",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.7.tgz",
+      "integrity": "sha512-+hbxoLbFMbRKDwohX8GkTataGqO6Jb7jGwpAlwgy2bIz25XtRm7KEzJM76R1WiNT5SwZkX4Y75SwBolkpmE7iQ=="
     },
     "for-each": {
       "version": "0.3.3",
diff --git a/package.json b/package.json
index cd6ab3f6..4a1a1cc1 100644
--- a/package.json
+++ b/package.json
@@ -32,7 +32,7 @@
     "cors": "2.8.5",
     "deepcopy": "2.1.0",
     "express": "4.17.1",
-    "follow-redirects": "1.14.2",
+    "follow-redirects": "1.14.7",
     "graphql": "15.6.0",
     "graphql-list-fields": "2.0.2",
     "graphql-relay": "0.7.0",

From be37266595c24c0edc1cd1d1a6e36b57f7d0319b Mon Sep 17 00:00:00 2001
From: semantic-release-bot <semantic-release-bot@martynus.net>
Date: Thu, 13 Jan 2022 11:43:30 +0000
Subject: [PATCH 13/19] chore(release): 5.0.0-beta.6 [skip ci]

# [5.0.0-beta.6](https://github.com/parse-community/parse-server/compare/5.0.0-beta.5...5.0.0-beta.6) (2022-01-13)

### Bug Fixes

* security upgrade follow-redirects from 1.14.2 to 1.14.7 ([#7772](https://github.com/parse-community/parse-server/issues/7772)) ([4bd34b1](https://github.com/parse-community/parse-server/commit/4bd34b189bc9f5aa2e70b7e7c1a456e91b6de773))
---
 changelogs/CHANGELOG_beta.md | 7 +++++++
 package-lock.json            | 2 +-
 package.json                 | 2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/changelogs/CHANGELOG_beta.md b/changelogs/CHANGELOG_beta.md
index 0bba03a0..e96c441c 100644
--- a/changelogs/CHANGELOG_beta.md
+++ b/changelogs/CHANGELOG_beta.md
@@ -1,3 +1,10 @@
+# [5.0.0-beta.6](https://github.com/parse-community/parse-server/compare/5.0.0-beta.5...5.0.0-beta.6) (2022-01-13)
+
+
+### Bug Fixes
+
+* security upgrade follow-redirects from 1.14.2 to 1.14.7 ([#7772](https://github.com/parse-community/parse-server/issues/7772)) ([4bd34b1](https://github.com/parse-community/parse-server/commit/4bd34b189bc9f5aa2e70b7e7c1a456e91b6de773))
+
 # [5.0.0-beta.5](https://github.com/parse-community/parse-server/compare/5.0.0-beta.4...5.0.0-beta.5) (2022-01-13)
 
 
diff --git a/package-lock.json b/package-lock.json
index ad6ce36f..1cd9d66b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "5.0.0-beta.5",
+  "version": "5.0.0-beta.6",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index 4a1a1cc1..3ea9cdc9 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "5.0.0-beta.5",
+  "version": "5.0.0-beta.6",
   "description": "An express module providing a Parse-compatible API server",
   "main": "lib/index.js",
   "repository": {

From 7029b274ca87bc8058617f29865d683dc3b351a1 Mon Sep 17 00:00:00 2001
From: Snyk bot <snyk-bot@snyk.io>
Date: Thu, 10 Feb 2022 13:11:08 +0200
Subject: [PATCH 14/19] fix: security upgrade follow-redirects from 1.14.7 to
 1.14.8 (#7802)

---
 package-lock.json | 6 +++---
 package.json      | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 1cd9d66b..64ed4e16 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -7070,9 +7070,9 @@
       "integrity": "sha512-GRnmB5gPyJpAhTQdSZTSp9uaPSvl09KoYcMQtsB9rQoOmzs9dH6ffeccH+Z+cv6P68Hu5bC6JjRh4Ah/mHSNRw=="
     },
     "follow-redirects": {
-      "version": "1.14.7",
-      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.7.tgz",
-      "integrity": "sha512-+hbxoLbFMbRKDwohX8GkTataGqO6Jb7jGwpAlwgy2bIz25XtRm7KEzJM76R1WiNT5SwZkX4Y75SwBolkpmE7iQ=="
+      "version": "1.14.8",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.8.tgz",
+      "integrity": "sha512-1x0S9UVJHsQprFcEC/qnNzBLcIxsjAV905f/UkQxbclCsoTWlacCNOpQa/anodLl2uaEKFhfWOvM2Qg77+15zA=="
     },
     "for-each": {
       "version": "0.3.3",
diff --git a/package.json b/package.json
index 3ea9cdc9..d663a6d5 100644
--- a/package.json
+++ b/package.json
@@ -32,7 +32,7 @@
     "cors": "2.8.5",
     "deepcopy": "2.1.0",
     "express": "4.17.1",
-    "follow-redirects": "1.14.7",
+    "follow-redirects": "1.14.8",
     "graphql": "15.6.0",
     "graphql-list-fields": "2.0.2",
     "graphql-relay": "0.7.0",

From a48015c3b0161b0e0d77279bec9c87c79d8875d7 Mon Sep 17 00:00:00 2001
From: semantic-release-bot <semantic-release-bot@martynus.net>
Date: Thu, 10 Feb 2022 11:12:15 +0000
Subject: [PATCH 15/19] chore(release): 5.0.0-beta.7 [skip ci]

# [5.0.0-beta.7](https://github.com/parse-community/parse-server/compare/5.0.0-beta.6...5.0.0-beta.7) (2022-02-10)

### Bug Fixes

* security upgrade follow-redirects from 1.14.7 to 1.14.8 ([#7802](https://github.com/parse-community/parse-server/issues/7802)) ([7029b27](https://github.com/parse-community/parse-server/commit/7029b274ca87bc8058617f29865d683dc3b351a1))
---
 changelogs/CHANGELOG_beta.md | 7 +++++++
 package-lock.json            | 2 +-
 package.json                 | 2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/changelogs/CHANGELOG_beta.md b/changelogs/CHANGELOG_beta.md
index e96c441c..f2f9f3e4 100644
--- a/changelogs/CHANGELOG_beta.md
+++ b/changelogs/CHANGELOG_beta.md
@@ -1,3 +1,10 @@
+# [5.0.0-beta.7](https://github.com/parse-community/parse-server/compare/5.0.0-beta.6...5.0.0-beta.7) (2022-02-10)
+
+
+### Bug Fixes
+
+* security upgrade follow-redirects from 1.14.7 to 1.14.8 ([#7802](https://github.com/parse-community/parse-server/issues/7802)) ([7029b27](https://github.com/parse-community/parse-server/commit/7029b274ca87bc8058617f29865d683dc3b351a1))
+
 # [5.0.0-beta.6](https://github.com/parse-community/parse-server/compare/5.0.0-beta.5...5.0.0-beta.6) (2022-01-13)
 
 
diff --git a/package-lock.json b/package-lock.json
index 64ed4e16..d95a0e9c 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "5.0.0-beta.6",
+  "version": "5.0.0-beta.7",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index d663a6d5..3b72466d 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "5.0.0-beta.6",
+  "version": "5.0.0-beta.7",
   "description": "An express module providing a Parse-compatible API server",
   "main": "lib/index.js",
   "repository": {

From 971adb54387b0ede31be05ca407d5f35b4575c83 Mon Sep 17 00:00:00 2001
From: Manuel <5673677+mtrezza@users.noreply.github.com>
Date: Sat, 12 Mar 2022 13:49:57 +0100
Subject: [PATCH 16/19] fix: security vulnerability that allows remote code
 execution (GHSA-p6h4-93qp-jhcm) (#7843)

---
 .madgerc                              |  10 +
 resources/buildConfigDefinitions.js   |  14 ++
 spec/vulnerabilities.spec.js          | 283 ++++++++++++++++++++++++++
 src/Config.js                         |  12 +-
 src/Controllers/DatabaseController.js |  98 +++++----
 src/Controllers/index.js              |   2 +-
 src/Options/Definitions.js            |  18 ++
 src/Options/docs.js                   |   1 +
 src/Options/index.js                  |   7 +
 src/RestWrite.js                      |  14 ++
 src/Utils.js                          |  26 +++
 11 files changed, 445 insertions(+), 40 deletions(-)
 create mode 100644 .madgerc
 create mode 100644 spec/vulnerabilities.spec.js

diff --git a/.madgerc b/.madgerc
new file mode 100644
index 00000000..4b9aa24b
--- /dev/null
+++ b/.madgerc
@@ -0,0 +1,10 @@
+{
+	"detectiveOptions": {
+		"ts": {
+			"skipTypeImports": true
+		},
+    "es6": {
+			"skipTypeImports": true
+		}
+	}
+}
diff --git a/resources/buildConfigDefinitions.js b/resources/buildConfigDefinitions.js
index 52ff3ac7..670aafad 100644
--- a/resources/buildConfigDefinitions.js
+++ b/resources/buildConfigDefinitions.js
@@ -172,6 +172,20 @@ function parseDefaultValue(elt, value, t) {
     literalValue = t.arrayExpression(array.map((value) => {
       if (typeof value == 'string') {
         return t.stringLiteral(value);
+      } else if (typeof value == 'number') {
+        return t.numericLiteral(value);
+      } else if (typeof value == 'object') {
+        const object = parsers.objectParser(value);
+        const props = Object.entries(object).map(([k, v]) => {
+          if (typeof v == 'string') {
+            return t.objectProperty(t.identifier(k), t.stringLiteral(v));
+          } else if (typeof v == 'number') {
+            return t.objectProperty(t.identifier(k), t.numericLiteral(v));
+          } else if (typeof v == 'boolean') {
+            return t.objectProperty(t.identifier(k), t.booleanLiteral(v));
+          }
+        });
+        return t.objectExpression(props);
       } else {
         throw new Error('Unable to parse array');
       }
diff --git a/spec/vulnerabilities.spec.js b/spec/vulnerabilities.spec.js
new file mode 100644
index 00000000..1255d643
--- /dev/null
+++ b/spec/vulnerabilities.spec.js
@@ -0,0 +1,283 @@
+const request = require('../lib/request');
+
+describe('Vulnerabilities', () => {
+  describe('Object prototype pollution', () => {
+    it('denies object prototype to be polluted with keyword "constructor"', async () => {
+      const headers = {
+        'Content-Type': 'application/json',
+        'X-Parse-Application-Id': 'test',
+        'X-Parse-REST-API-Key': 'rest',
+      };
+      const response = await request({
+        headers: headers,
+        method: 'POST',
+        url: 'http://localhost:8378/1/classes/PP',
+        body: JSON.stringify({
+          obj: {
+            constructor: {
+              prototype: {
+                dummy: 0,
+              },
+            },
+          },
+        }),
+      }).catch(e => e);
+      expect(response.status).toBe(400);
+      const text = JSON.parse(response.text);
+      expect(text.code).toBe(Parse.Error.INVALID_KEY_NAME);
+      expect(text.error).toBe('Prohibited keyword in request data: {"key":"constructor"}.');
+      expect(Object.prototype.dummy).toBeUndefined();
+    });
+
+    it('denies object prototype to be polluted with keypath string "constructor"', async () => {
+      const headers = {
+        'Content-Type': 'application/json',
+        'X-Parse-Application-Id': 'test',
+        'X-Parse-REST-API-Key': 'rest',
+      };
+      const objResponse = await request({
+        headers: headers,
+        method: 'POST',
+        url: 'http://localhost:8378/1/classes/PP',
+        body: JSON.stringify({
+          obj: {},
+        }),
+      }).catch(e => e);
+      const pollResponse = await request({
+        headers: headers,
+        method: 'PUT',
+        url: `http://localhost:8378/1/classes/PP/${objResponse.data.objectId}`,
+        body: JSON.stringify({
+          'obj.constructor.prototype.dummy': {
+            __op: 'Increment',
+            amount: 1,
+          },
+        }),
+      }).catch(e => e);
+      expect(Object.prototype.dummy).toBeUndefined();
+      expect(pollResponse.status).toBe(400);
+      const text = JSON.parse(pollResponse.text);
+      expect(text.code).toBe(Parse.Error.INVALID_KEY_NAME);
+      expect(text.error).toBe('Prohibited keyword in request data: {"key":"constructor"}.');
+      expect(Object.prototype.dummy).toBeUndefined();
+    });
+
+    it('denies object prototype to be polluted with keyword "__proto__"', async () => {
+      const headers = {
+        'Content-Type': 'application/json',
+        'X-Parse-Application-Id': 'test',
+        'X-Parse-REST-API-Key': 'rest',
+      };
+      const response = await request({
+        headers: headers,
+        method: 'POST',
+        url: 'http://localhost:8378/1/classes/PP',
+        body: JSON.stringify({ 'obj.__proto__.dummy': 0 }),
+      }).catch(e => e);
+      expect(response.status).toBe(400);
+      const text = JSON.parse(response.text);
+      expect(text.code).toBe(Parse.Error.INVALID_KEY_NAME);
+      expect(text.error).toBe('Prohibited keyword in request data: {"key":"__proto__"}.');
+      expect(Object.prototype.dummy).toBeUndefined();
+    });
+  });
+
+  describe('Request denylist', () => {
+    it('denies BSON type code data in write request by default', async () => {
+      const headers = {
+        'Content-Type': 'application/json',
+        'X-Parse-Application-Id': 'test',
+        'X-Parse-REST-API-Key': 'rest',
+      };
+      const params = {
+        headers: headers,
+        method: 'POST',
+        url: 'http://localhost:8378/1/classes/RCE',
+        body: JSON.stringify({
+          obj: {
+            _bsontype: 'Code',
+            code: 'delete Object.prototype.evalFunctions',
+          },
+        }),
+      };
+      const response = await request(params).catch(e => e);
+      expect(response.status).toBe(400);
+      const text = JSON.parse(response.text);
+      expect(text.code).toBe(Parse.Error.INVALID_KEY_NAME);
+      expect(text.error).toBe(
+        'Prohibited keyword in request data: {"key":"_bsontype","value":"Code"}.'
+      );
+    });
+
+    it('allows BSON type code data in write request with custom denylist', async () => {
+      await reconfigureServer({
+        requestKeywordDenylist: [],
+      });
+      const headers = {
+        'Content-Type': 'application/json',
+        'X-Parse-Application-Id': 'test',
+        'X-Parse-REST-API-Key': 'rest',
+      };
+      const params = {
+        headers: headers,
+        method: 'POST',
+        url: 'http://localhost:8378/1/classes/RCE',
+        body: JSON.stringify({
+          obj: {
+            _bsontype: 'Code',
+            code: 'delete Object.prototype.evalFunctions',
+          },
+        }),
+      };
+      const response = await request(params).catch(e => e);
+      expect(response.status).toBe(201);
+      const text = JSON.parse(response.text);
+      expect(text.objectId).toBeDefined();
+    });
+
+    it('denies write request with custom denylist of key/value', async () => {
+      await reconfigureServer({
+        requestKeywordDenylist: [{ key: 'a[K]ey', value: 'aValue[123]*' }],
+      });
+      const headers = {
+        'Content-Type': 'application/json',
+        'X-Parse-Application-Id': 'test',
+        'X-Parse-REST-API-Key': 'rest',
+      };
+      const params = {
+        headers: headers,
+        method: 'POST',
+        url: 'http://localhost:8378/1/classes/RCE',
+        body: JSON.stringify({
+          obj: {
+            aKey: 'aValue321',
+            code: 'delete Object.prototype.evalFunctions',
+          },
+        }),
+      };
+      const response = await request(params).catch(e => e);
+      expect(response.status).toBe(400);
+      const text = JSON.parse(response.text);
+      expect(text.code).toBe(Parse.Error.INVALID_KEY_NAME);
+      expect(text.error).toBe(
+        'Prohibited keyword in request data: {"key":"a[K]ey","value":"aValue[123]*"}.'
+      );
+    });
+
+    it('denies write request with custom denylist of nested key/value', async () => {
+      await reconfigureServer({
+        requestKeywordDenylist: [{ key: 'a[K]ey', value: 'aValue[123]*' }],
+      });
+      const headers = {
+        'Content-Type': 'application/json',
+        'X-Parse-Application-Id': 'test',
+        'X-Parse-REST-API-Key': 'rest',
+      };
+      const params = {
+        headers: headers,
+        method: 'POST',
+        url: 'http://localhost:8378/1/classes/RCE',
+        body: JSON.stringify({
+          obj: {
+            nested: {
+              aKey: 'aValue321',
+              code: 'delete Object.prototype.evalFunctions',
+            },
+          },
+        }),
+      };
+      const response = await request(params).catch(e => e);
+      expect(response.status).toBe(400);
+      const text = JSON.parse(response.text);
+      expect(text.code).toBe(Parse.Error.INVALID_KEY_NAME);
+      expect(text.error).toBe(
+        'Prohibited keyword in request data: {"key":"a[K]ey","value":"aValue[123]*"}.'
+      );
+    });
+
+    it('denies write request with custom denylist of key/value in array', async () => {
+      await reconfigureServer({
+        requestKeywordDenylist: [{ key: 'a[K]ey', value: 'aValue[123]*' }],
+      });
+      const headers = {
+        'Content-Type': 'application/json',
+        'X-Parse-Application-Id': 'test',
+        'X-Parse-REST-API-Key': 'rest',
+      };
+      const params = {
+        headers: headers,
+        method: 'POST',
+        url: 'http://localhost:8378/1/classes/RCE',
+        body: JSON.stringify({
+          obj: [
+            {
+              aKey: 'aValue321',
+              code: 'delete Object.prototype.evalFunctions',
+            },
+          ],
+        }),
+      };
+      const response = await request(params).catch(e => e);
+      expect(response.status).toBe(400);
+      const text = JSON.parse(response.text);
+      expect(text.code).toBe(Parse.Error.INVALID_KEY_NAME);
+      expect(text.error).toBe(
+        'Prohibited keyword in request data: {"key":"a[K]ey","value":"aValue[123]*"}.'
+      );
+    });
+
+    it('denies write request with custom denylist of key', async () => {
+      await reconfigureServer({
+        requestKeywordDenylist: [{ key: 'a[K]ey' }],
+      });
+      const headers = {
+        'Content-Type': 'application/json',
+        'X-Parse-Application-Id': 'test',
+        'X-Parse-REST-API-Key': 'rest',
+      };
+      const params = {
+        headers: headers,
+        method: 'POST',
+        url: 'http://localhost:8378/1/classes/RCE',
+        body: JSON.stringify({
+          obj: {
+            aKey: 'aValue321',
+            code: 'delete Object.prototype.evalFunctions',
+          },
+        }),
+      };
+      const response = await request(params).catch(e => e);
+      expect(response.status).toBe(400);
+      const text = JSON.parse(response.text);
+      expect(text.code).toBe(Parse.Error.INVALID_KEY_NAME);
+      expect(text.error).toBe('Prohibited keyword in request data: {"key":"a[K]ey"}.');
+    });
+
+    it('denies write request with custom denylist of value', async () => {
+      await reconfigureServer({
+        requestKeywordDenylist: [{ value: 'aValue[123]*' }],
+      });
+      const headers = {
+        'Content-Type': 'application/json',
+        'X-Parse-Application-Id': 'test',
+        'X-Parse-REST-API-Key': 'rest',
+      };
+      const params = {
+        headers: headers,
+        method: 'POST',
+        url: 'http://localhost:8378/1/classes/RCE',
+        body: JSON.stringify({
+          obj: {
+            aKey: 'aValue321',
+            code: 'delete Object.prototype.evalFunctions',
+          },
+        }),
+      };
+      const response = await request(params).catch(e => e);
+      expect(response.status).toBe(400);
+      const text = JSON.parse(response.text);
+      expect(text.code).toBe(Parse.Error.INVALID_KEY_NAME);
+      expect(text.error).toBe('Prohibited keyword in request data: {"value":"aValue[123]*"}.');
+    });
+  });
+});
diff --git a/src/Config.js b/src/Config.js
index 069b7e2a..04834d32 100644
--- a/src/Config.js
+++ b/src/Config.js
@@ -35,7 +35,7 @@ export class Config {
     config.applicationId = applicationId;
     Object.keys(cacheInfo).forEach(key => {
       if (key == 'databaseController') {
-        config.database = new DatabaseController(cacheInfo.databaseController.adapter);
+        config.database = new DatabaseController(cacheInfo.databaseController.adapter, config);
       } else {
         config[key] = cacheInfo[key];
       }
@@ -78,6 +78,7 @@ export class Config {
     security,
     enforcePrivateUsers,
     schema,
+    requestKeywordDenylist,
   }) {
     if (masterKey === readOnlyMasterKey) {
       throw new Error('masterKey and readOnlyMasterKey should be different');
@@ -116,6 +117,15 @@ export class Config {
     this.validateSecurityOptions(security);
     this.validateSchemaOptions(schema);
     this.validateEnforcePrivateUsers(enforcePrivateUsers);
+    this.validateRequestKeywordDenylist(requestKeywordDenylist);
+  }
+
+  static validateRequestKeywordDenylist(requestKeywordDenylist) {
+    if (requestKeywordDenylist === undefined) {
+      requestKeywordDenylist = requestKeywordDenylist.default;
+    } else if (!Array.isArray(requestKeywordDenylist)) {
+      throw 'Parse Server option requestKeywordDenylist must be an array.';
+    }
   }
 
   static validateEnforcePrivateUsers(enforcePrivateUsers) {
diff --git a/src/Controllers/DatabaseController.js b/src/Controllers/DatabaseController.js
index 20d5c4ba..333956d1 100644
--- a/src/Controllers/DatabaseController.js
+++ b/src/Controllers/DatabaseController.js
@@ -16,6 +16,7 @@ import { StorageAdapter } from '../Adapters/Storage/StorageAdapter';
 import MongoStorageAdapter from '../Adapters/Storage/Mongo/MongoStorageAdapter';
 import SchemaCache from '../Adapters/Cache/SchemaCache';
 import type { LoadSchemaOptions } from './types';
+import type { ParseServerOptions } from '../Options';
 import type { QueryOptions, FullQueryOptions } from '../Adapters/Storage/StorageAdapter';
 
 function addWriteACL(query, acl) {
@@ -257,41 +258,6 @@ const isSpecialUpdateKey = key => {
   return specialKeysForUpdate.indexOf(key) >= 0;
 };
 
-function expandResultOnKeyPath(object, key, value) {
-  if (key.indexOf('.') < 0) {
-    object[key] = value[key];
-    return object;
-  }
-  const path = key.split('.');
-  const firstKey = path[0];
-  const nextPath = path.slice(1).join('.');
-  object[firstKey] = expandResultOnKeyPath(object[firstKey] || {}, nextPath, value[firstKey]);
-  delete object[key];
-  return object;
-}
-
-function sanitizeDatabaseResult(originalObject, result): Promise<any> {
-  const response = {};
-  if (!result) {
-    return Promise.resolve(response);
-  }
-  Object.keys(originalObject).forEach(key => {
-    const keyUpdate = originalObject[key];
-    // determine if that was an op
-    if (
-      keyUpdate &&
-      typeof keyUpdate === 'object' &&
-      keyUpdate.__op &&
-      ['Add', 'AddUnique', 'Remove', 'Increment'].indexOf(keyUpdate.__op) > -1
-    ) {
-      // only valid ops that produce an actionable result
-      // the op may have happend on a keypath
-      expandResultOnKeyPath(response, key, result);
-    }
-  });
-  return Promise.resolve(response);
-}
-
 function joinTableName(className, key) {
   return `_Join:${key}:${className}`;
 }
@@ -397,14 +363,16 @@ class DatabaseController {
   schemaCache: any;
   schemaPromise: ?Promise<SchemaController.SchemaController>;
   _transactionalSession: ?any;
+  options: ParseServerOptions;
 
-  constructor(adapter: StorageAdapter) {
+  constructor(adapter: StorageAdapter, options: ParseServerOptions) {
     this.adapter = adapter;
     // We don't want a mutable this.schema, because then you could have
     // one request that uses different schemas for different parts of
     // it. Instead, use loadSchema to get a schema.
     this.schemaPromise = null;
     this._transactionalSession = null;
+    this.options = options;
   }
 
   collectionExists(className: string): Promise<boolean> {
@@ -643,7 +611,7 @@ class DatabaseController {
           if (skipSanitization) {
             return Promise.resolve(result);
           }
-          return sanitizeDatabaseResult(originalUpdate, result);
+          return this._sanitizeDatabaseResult(originalUpdate, result);
         });
     });
   }
@@ -870,7 +838,7 @@ class DatabaseController {
               object,
               relationUpdates
             ).then(() => {
-              return sanitizeDatabaseResult(originalObject, result.ops[0]);
+              return this._sanitizeDatabaseResult(originalObject, result.ops[0]);
             });
           });
       });
@@ -1771,6 +1739,60 @@ class DatabaseController {
     await this.adapter.updateSchemaWithIndexes();
   }
 
+  _expandResultOnKeyPath(object: any, key: string, value: any): any {
+    if (key.indexOf('.') < 0) {
+      object[key] = value[key];
+      return object;
+    }
+    const path = key.split('.');
+    const firstKey = path[0];
+    const nextPath = path.slice(1).join('.');
+
+    // Scan request data for denied keywords
+    if (this.options && this.options.requestKeywordDenylist) {
+      // Scan request data for denied keywords
+      for (const keyword of this.options.requestKeywordDenylist) {
+        const isMatch = (a, b) => (typeof a === 'string' && new RegExp(a).test(b)) || a === b;
+        if (isMatch(firstKey, keyword.key)) {
+          throw new Parse.Error(
+            Parse.Error.INVALID_KEY_NAME,
+            `Prohibited keyword in request data: ${JSON.stringify(keyword)}.`
+          );
+        }
+      }
+    }
+
+    object[firstKey] = this._expandResultOnKeyPath(
+      object[firstKey] || {},
+      nextPath,
+      value[firstKey]
+    );
+    delete object[key];
+    return object;
+  }
+
+  _sanitizeDatabaseResult(originalObject: any, result: any): Promise<any> {
+    const response = {};
+    if (!result) {
+      return Promise.resolve(response);
+    }
+    Object.keys(originalObject).forEach(key => {
+      const keyUpdate = originalObject[key];
+      // determine if that was an op
+      if (
+        keyUpdate &&
+        typeof keyUpdate === 'object' &&
+        keyUpdate.__op &&
+        ['Add', 'AddUnique', 'Remove', 'Increment'].indexOf(keyUpdate.__op) > -1
+      ) {
+        // only valid ops that produce an actionable result
+        // the op may have happened on a keypath
+        this._expandResultOnKeyPath(response, key, result);
+      }
+    });
+    return Promise.resolve(response);
+  }
+
   static _validateQuery: any => void;
 }
 
diff --git a/src/Controllers/index.js b/src/Controllers/index.js
index 89dc79c2..b4f9e9a3 100644
--- a/src/Controllers/index.js
+++ b/src/Controllers/index.js
@@ -157,7 +157,7 @@ export function getDatabaseController(options: ParseServerOptions): DatabaseCont
   } else {
     databaseAdapter = loadAdapter(databaseAdapter);
   }
-  return new DatabaseController(databaseAdapter);
+  return new DatabaseController(databaseAdapter, options);
 }
 
 export function getHooksController(
diff --git a/src/Options/Definitions.js b/src/Options/Definitions.js
index e2cbd179..1edd704b 100644
--- a/src/Options/Definitions.js
+++ b/src/Options/Definitions.js
@@ -350,6 +350,24 @@ module.exports.ParseServerOptions = {
     env: 'PARSE_SERVER_READ_ONLY_MASTER_KEY',
     help: 'Read-only key, which has the same capabilities as MasterKey without writes',
   },
+  requestKeywordDenylist: {
+    env: 'PARSE_SERVER_REQUEST_KEYWORD_DENYLIST',
+    help:
+      'An array of keys and values that are prohibited in database read and write requests to prevent potential security vulnerabilities. It is possible to specify only a key (`{"key":"..."}`), only a value (`{"value":"..."}`) or a key-value pair (`{"key":"...","value":"..."}`). The specification can use the following types: `boolean`, `numeric` or `string`, where `string` will be interpreted as a regex notation. Request data is deep-scanned for matching definitions to detect also any nested occurrences. Defaults are patterns that are likely to be used in malicious requests. Setting this option will override the default patterns.',
+    action: parsers.arrayParser,
+    default: [
+      {
+        key: '_bsontype',
+        value: 'Code',
+      },
+      {
+        key: 'constructor',
+      },
+      {
+        key: '__proto__',
+      },
+    ],
+  },
   restAPIKey: {
     env: 'PARSE_SERVER_REST_API_KEY',
     help: 'Key for REST calls',
diff --git a/src/Options/docs.js b/src/Options/docs.js
index c6b2e1ab..fc0ff3b7 100644
--- a/src/Options/docs.js
+++ b/src/Options/docs.js
@@ -64,6 +64,7 @@
  * @property {String} publicServerURL Public URL to your parse server with http:// or https://.
  * @property {Any} push Configuration for push, as stringified JSON. See http://docs.parseplatform.org/parse-server/guide/#push-notifications
  * @property {String} readOnlyMasterKey Read-only key, which has the same capabilities as MasterKey without writes
+ * @property {RequestKeywordDenylist[]} requestKeywordDenylist An array of keys and values that are prohibited in database read and write requests to prevent potential security vulnerabilities. It is possible to specify only a key (`{"key":"..."}`), only a value (`{"value":"..."}`) or a key-value pair (`{"key":"...","value":"..."}`). The specification can use the following types: `boolean`, `numeric` or `string`, where `string` will be interpreted as a regex notation. Request data is deep-scanned for matching definitions to detect also any nested occurrences. Defaults are patterns that are likely to be used in malicious requests. Setting this option will override the default patterns.
  * @property {String} restAPIKey Key for REST calls
  * @property {Boolean} revokeSessionOnPasswordReset When a user changes their password, either through the reset password email or while logged in, all sessions are revoked if this is true. Set to false if you don't want to revoke sessions.
  * @property {Boolean} scheduledPush Configuration for push scheduling, defaults to false.
diff --git a/src/Options/index.js b/src/Options/index.js
index 31b9e10d..3482d88c 100644
--- a/src/Options/index.js
+++ b/src/Options/index.js
@@ -14,6 +14,10 @@ type Adapter<T> = string | any | T;
 type NumberOrBoolean = number | boolean;
 type NumberOrString = number | string;
 type ProtectedFields = any;
+type RequestKeywordDenylist = {
+  key: string | any,
+  value: any,
+};
 
 export interface ParseServerOptions {
   /* Your Parse Application ID
@@ -252,6 +256,9 @@ export interface ParseServerOptions {
   /* Set to true if new users should be created without public read and write access.
   :DEFAULT: false */
   enforcePrivateUsers: ?boolean;
+  /* An array of keys and values that are prohibited in database read and write requests to prevent potential security vulnerabilities. It is possible to specify only a key (`{"key":"..."}`), only a value (`{"value":"..."}`) or a key-value pair (`{"key":"...","value":"..."}`). The specification can use the following types: `boolean`, `numeric` or `string`, where `string` will be interpreted as a regex notation. Request data is deep-scanned for matching definitions to detect also any nested occurrences. Defaults are patterns that are likely to be used in malicious requests. Setting this option will override the default patterns.
+  :DEFAULT: [{"key":"_bsontype","value":"Code"},{"key":"constructor"},{"key":"__proto__"}] */
+  requestKeywordDenylist: ?(RequestKeywordDenylist[]);
 }
 
 export interface SecurityOptions {
diff --git a/src/RestWrite.js b/src/RestWrite.js
index a651cf9c..8b728731 100644
--- a/src/RestWrite.js
+++ b/src/RestWrite.js
@@ -6,6 +6,7 @@ var SchemaController = require('./Controllers/SchemaController');
 var deepcopy = require('deepcopy');
 
 const Auth = require('./Auth');
+const Utils = require('./Utils');
 var cryptoUtils = require('./cryptoUtils');
 var passwordCrypto = require('./password');
 var Parse = require('parse/node');
@@ -61,6 +62,19 @@ function RestWrite(config, auth, className, query, data, originalData, clientSDK
     }
   }
 
+  if (this.config.requestKeywordDenylist) {
+    // Scan request data for denied keywords
+    for (const keyword of this.config.requestKeywordDenylist) {
+      const match = Utils.objectContainsKeyValue(data, keyword.key, keyword.value);
+      if (match) {
+        throw new Parse.Error(
+          Parse.Error.INVALID_KEY_NAME,
+          `Prohibited keyword in request data: ${JSON.stringify(keyword)}.`
+        );
+      }
+    }
+  }
+
   // When the operation is complete, this.response may have several
   // fields.
   // response: the actual data to be returned
diff --git a/src/Utils.js b/src/Utils.js
index e78d7ddd..30d0c1e1 100644
--- a/src/Utils.js
+++ b/src/Utils.js
@@ -200,6 +200,32 @@ class Utils {
       }
     }
   }
+
+  /**
+   * Deep-scans an object for a matching key/value definition.
+   * @param {Object} obj The object to scan.
+   * @param {String | undefined} key The key to match, or undefined if only the value should be matched.
+   * @param {any | undefined} value The value to match, or undefined if only the key should be matched.
+   * @returns {Boolean} True if a match was found, false otherwise.
+   */
+  static objectContainsKeyValue(obj, key, value) {
+    const isMatch = (a, b) => (typeof a === 'string' && new RegExp(a).test(b)) || a === b;
+    const isKeyMatch = k => isMatch(key, k);
+    const isValueMatch = v => isMatch(value, v);
+    for (const [k, v] of Object.entries(obj)) {
+      if (key !== undefined && value === undefined && isKeyMatch(k)) {
+        return true;
+      } else if (key === undefined && value !== undefined && isValueMatch(v)) {
+        return true;
+      } else if (key !== undefined && value !== undefined && isKeyMatch(k) && isValueMatch(v)) {
+        return true;
+      }
+      if (['[object Object]', '[object Array]'].includes(Object.prototype.toString.call(v))) {
+        return Utils.objectContainsKeyValue(v, key, value);
+      }
+    }
+    return false;
+  }
 }
 
 module.exports = Utils;

From d35cd47c0882a8dece0abf9b26fd56c7aa004e5e Mon Sep 17 00:00:00 2001
From: semantic-release-bot <semantic-release-bot@martynus.net>
Date: Sat, 12 Mar 2022 12:50:48 +0000
Subject: [PATCH 17/19] chore(release): 5.0.0-beta.8 [skip ci]

# [5.0.0-beta.8](https://github.com/parse-community/parse-server/compare/5.0.0-beta.7...5.0.0-beta.8) (2022-03-12)

### Bug Fixes

* security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) ([#7843](https://github.com/parse-community/parse-server/issues/7843)) ([971adb5](https://github.com/parse-community/parse-server/commit/971adb54387b0ede31be05ca407d5f35b4575c83))
---
 changelogs/CHANGELOG_beta.md | 7 +++++++
 package-lock.json            | 2 +-
 package.json                 | 2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/changelogs/CHANGELOG_beta.md b/changelogs/CHANGELOG_beta.md
index f2f9f3e4..84949dca 100644
--- a/changelogs/CHANGELOG_beta.md
+++ b/changelogs/CHANGELOG_beta.md
@@ -1,3 +1,10 @@
+# [5.0.0-beta.8](https://github.com/parse-community/parse-server/compare/5.0.0-beta.7...5.0.0-beta.8) (2022-03-12)
+
+
+### Bug Fixes
+
+* security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) ([#7843](https://github.com/parse-community/parse-server/issues/7843)) ([971adb5](https://github.com/parse-community/parse-server/commit/971adb54387b0ede31be05ca407d5f35b4575c83))
+
 # [5.0.0-beta.7](https://github.com/parse-community/parse-server/compare/5.0.0-beta.6...5.0.0-beta.7) (2022-02-10)
 
 
diff --git a/package-lock.json b/package-lock.json
index d95a0e9c..980235d3 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "5.0.0-beta.7",
+  "version": "5.0.0-beta.8",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index 3b72466d..fc3ffe48 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "5.0.0-beta.7",
+  "version": "5.0.0-beta.8",
   "description": "An express module providing a Parse-compatible API server",
   "main": "lib/index.js",
   "repository": {

From 23a3488f15511fafbe0e1d7ff0ef8355f9cb0215 Mon Sep 17 00:00:00 2001
From: Manuel <5673677+mtrezza@users.noreply.github.com>
Date: Sat, 12 Mar 2022 16:15:45 +0100
Subject: [PATCH 18/19] feat: bump required node engine to >=12.22.10 (#7848)

BREAKING CHANGE: This requires Node.js version >=12.22.10.
---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index fc3ffe48..9a40d5a7 100644
--- a/package.json
+++ b/package.json
@@ -135,7 +135,7 @@
     "madge:circular": "node_modules/.bin/madge ./src --circular"
   },
   "engines": {
-    "node": ">=12.20.0 <16"
+    "node": ">=12.22.10 <16"
   },
   "bin": {
     "parse-server": "bin/parse-server"

From f5ef2e916287ce9aa86bca1b8bf2e585cabe3309 Mon Sep 17 00:00:00 2001
From: semantic-release-bot <semantic-release-bot@martynus.net>
Date: Sat, 12 Mar 2022 15:17:00 +0000
Subject: [PATCH 19/19] chore(release): 5.0.0-beta.9 [skip ci]

# [5.0.0-beta.9](https://github.com/parse-community/parse-server/compare/5.0.0-beta.8...5.0.0-beta.9) (2022-03-12)

### Features

* bump required node engine to >=12.22.10 ([#7848](https://github.com/parse-community/parse-server/issues/7848)) ([23a3488](https://github.com/parse-community/parse-server/commit/23a3488f15511fafbe0e1d7ff0ef8355f9cb0215))

### BREAKING CHANGES

* This requires Node.js version >=12.22.10. ([23a3488](23a3488))
---
 changelogs/CHANGELOG_beta.md | 12 ++++++++++++
 package-lock.json            |  2 +-
 package.json                 |  2 +-
 3 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/changelogs/CHANGELOG_beta.md b/changelogs/CHANGELOG_beta.md
index 84949dca..c49b9a22 100644
--- a/changelogs/CHANGELOG_beta.md
+++ b/changelogs/CHANGELOG_beta.md
@@ -1,3 +1,15 @@
+# [5.0.0-beta.9](https://github.com/parse-community/parse-server/compare/5.0.0-beta.8...5.0.0-beta.9) (2022-03-12)
+
+
+### Features
+
+* bump required node engine to >=12.22.10 ([#7848](https://github.com/parse-community/parse-server/issues/7848)) ([23a3488](https://github.com/parse-community/parse-server/commit/23a3488f15511fafbe0e1d7ff0ef8355f9cb0215))
+
+
+### BREAKING CHANGES
+
+* This requires Node.js version >=12.22.10. ([23a3488](23a3488))
+
 # [5.0.0-beta.8](https://github.com/parse-community/parse-server/compare/5.0.0-beta.7...5.0.0-beta.8) (2022-03-12)
 
 
diff --git a/package-lock.json b/package-lock.json
index 980235d3..d6796d96 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "5.0.0-beta.8",
+  "version": "5.0.0-beta.9",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
diff --git a/package.json b/package.json
index 9a40d5a7..44708e96 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "5.0.0-beta.8",
+  "version": "5.0.0-beta.9",
   "description": "An express module providing a Parse-compatible API server",
   "main": "lib/index.js",
   "repository": {