From 443a5099059538d379fe491793a5871fcbb4f377 Mon Sep 17 00:00:00 2001 From: dblythy Date: Wed, 23 Mar 2022 12:11:39 +1100 Subject: [PATCH 01/12] feat: improved LiveQuery error logging with additional information (#7837) --- spec/ParseLiveQuery.spec.js | 90 +++++++++++++++++++++++++++ src/LiveQuery/ParseLiveQueryServer.js | 45 ++++---------- 2 files changed, 103 insertions(+), 32 deletions(-) diff --git a/spec/ParseLiveQuery.spec.js b/spec/ParseLiveQuery.spec.js index b8b43f7a..d9b79bc5 100644 --- a/spec/ParseLiveQuery.spec.js +++ b/spec/ParseLiveQuery.spec.js @@ -319,6 +319,41 @@ describe('ParseLiveQuery', function () { await object.save(); }); + it('can log on afterLiveQueryEvent throw', async () => { + await reconfigureServer({ + liveQuery: { + classNames: ['TestObject'], + }, + startLiveQueryServer: true, + verbose: false, + silent: true, + }); + + const object = new TestObject(); + await object.save(); + + const logger = require('../lib/logger').logger; + spyOn(logger, 'error').and.callFake(() => {}); + + let session = undefined; + Parse.Cloud.afterLiveQueryEvent('TestObject', ({ sessionToken }) => { + session = sessionToken; + /* eslint-disable no-undef */ + foo.bar(); + /* eslint-enable no-undef */ + }); + + const query = new Parse.Query(TestObject); + query.equalTo('objectId', object.id); + const subscription = await query.subscribe(); + object.set({ foo: 'bar' }); + await object.save(); + await new Promise(resolve => subscription.on('error', resolve)); + expect(logger.error).toHaveBeenCalledWith( + `Failed running afterLiveQueryEvent on class TestObject for event update with session ${session} with:\n Error: {"message":"foo is not defined","code":141}` + ); + }); + it('can handle afterEvent sendEvent to false', async done => { await reconfigureServer({ liveQuery: { @@ -566,6 +601,33 @@ describe('ParseLiveQuery', function () { await query.subscribe(); }); + it('can log on beforeConnect throw', async () => { + await reconfigureServer({ + liveQuery: { + classNames: ['TestObject'], + }, + startLiveQueryServer: true, + verbose: false, + silent: true, + }); + + const logger = require('../lib/logger').logger; + spyOn(logger, 'error').and.callFake(() => {}); + let token = undefined; + Parse.Cloud.beforeConnect(({ sessionToken }) => { + token = sessionToken; + /* eslint-disable no-undef */ + foo.bar(); + /* eslint-enable no-undef */ + }); + new Parse.Query(TestObject).subscribe(); + await new Promise(resolve => Parse.LiveQuery.on('error', resolve)); + Parse.LiveQuery.removeAllListeners('error'); + expect(logger.error).toHaveBeenCalledWith( + `Failed running beforeConnect for session ${token} with:\n Error: {"message":"foo is not defined","code":141}` + ); + }); + it('can handle beforeSubscribe error', async done => { await reconfigureServer({ liveQuery: { @@ -594,6 +656,34 @@ describe('ParseLiveQuery', function () { }); }); + it('can log on beforeSubscribe error', async () => { + await reconfigureServer({ + liveQuery: { + classNames: ['TestObject'], + }, + startLiveQueryServer: true, + verbose: false, + silent: true, + }); + + const logger = require('../lib/logger').logger; + spyOn(logger, 'error').and.callFake(() => {}); + + Parse.Cloud.beforeSubscribe(TestObject, () => { + /* eslint-disable no-undef */ + foo.bar(); + /* eslint-enable no-undef */ + }); + + const query = new Parse.Query(TestObject); + const subscription = await query.subscribe(); + await new Promise(resolve => subscription.on('error', resolve)); + + expect(logger.error).toHaveBeenCalledWith( + `Failed running beforeSubscribe on TestObject for session undefined with:\n Error: {"message":"foo is not defined","code":141}` + ); + }); + it('can handle mutate beforeSubscribe query', async done => { await reconfigureServer({ liveQuery: { diff --git a/src/LiveQuery/ParseLiveQueryServer.js b/src/LiveQuery/ParseLiveQueryServer.js index d15a2bd7..fa05f237 100644 --- a/src/LiveQuery/ParseLiveQueryServer.js +++ b/src/LiveQuery/ParseLiveQueryServer.js @@ -10,7 +10,7 @@ import { ParsePubSub } from './ParsePubSub'; import SchemaController from '../Controllers/SchemaController'; import _ from 'lodash'; import { v4 as uuidv4 } from 'uuid'; -import { runLiveQueryEventHandlers, getTrigger, runTrigger, toJSONwithObjects } from '../triggers'; +import { runLiveQueryEventHandlers, getTrigger, runTrigger, resolveError, toJSONwithObjects } from '../triggers'; import { getAuthForSessionToken, Auth } from '../Auth'; import { getCacheController } from '../Controllers'; import LRU from 'lru-cache'; @@ -194,14 +194,9 @@ class ParseLiveQueryServer { delete deletedParseObject.authData; } client.pushDelete(requestId, deletedParseObject); - } catch (error) { - Client.pushError( - client.parseWebSocket, - error.code || Parse.Error.SCRIPT_FAILED, - error.message || error, - false, - requestId - ); + } catch (e) { + const error = resolveError(e); + Client.pushError(client.parseWebSocket, error.code, error.message, false, requestId); logger.error( `Failed running afterLiveQueryEvent on class ${className} for event ${res.event} with session ${res.sessionToken} with:\n Error: ` + JSON.stringify(error) @@ -358,14 +353,9 @@ class ParseLiveQueryServer { if (client[functionName]) { client[functionName](requestId, currentParseObject, originalParseObject); } - } catch (error) { - Client.pushError( - client.parseWebSocket, - error.code || Parse.Error.SCRIPT_FAILED, - error.message || error, - false, - requestId - ); + } catch (e) { + const error = resolveError(e); + Client.pushError(client.parseWebSocket, error.code, error.message, false, requestId); logger.error( `Failed running afterLiveQueryEvent on class ${className} for event ${res.event} with session ${res.sessionToken} with:\n Error: ` + JSON.stringify(error) @@ -681,13 +671,9 @@ class ParseLiveQueryServer { logger.info(`Create new client: ${parseWebsocket.clientId}`); client.pushConnect(); runLiveQueryEventHandlers(req); - } catch (error) { - Client.pushError( - parseWebsocket, - error.code || Parse.Error.SCRIPT_FAILED, - error.message || error, - false - ); + } catch (e) { + const error = resolveError(e); + Client.pushError(parseWebsocket, error.code, error.message, false); logger.error( `Failed running beforeConnect for session ${request.sessionToken} with:\n Error: ` + JSON.stringify(error) @@ -827,16 +813,11 @@ class ParseLiveQueryServer { installationId: client.installationId, }); } catch (e) { - Client.pushError( - parseWebsocket, - e.code || Parse.Error.SCRIPT_FAILED, - e.message || e, - false, - request.requestId - ); + const error = resolveError(e); + Client.pushError(parseWebsocket, error.code, error.message, false, request.requestId); logger.error( `Failed running beforeSubscribe on ${className} for session ${request.sessionToken} with:\n Error: ` + - JSON.stringify(e) + JSON.stringify(error) ); } } From 2b7f772a1baeaa0b4f95bbddaea43550618fdfe8 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 23 Mar 2022 01:12:46 +0000 Subject: [PATCH 02/12] chore(release): 5.2.0-alpha.1 [skip ci] # [5.2.0-alpha.1](https://github.com/parse-community/parse-server/compare/5.1.1...5.2.0-alpha.1) (2022-03-23) ### Features * improved LiveQuery error logging with additional information ([#7837](https://github.com/parse-community/parse-server/issues/7837)) ([443a509](https://github.com/parse-community/parse-server/commit/443a5099059538d379fe491793a5871fcbb4f377)) --- changelogs/CHANGELOG_alpha.md | 7 +++++++ package-lock.json | 2 +- package.json | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/changelogs/CHANGELOG_alpha.md b/changelogs/CHANGELOG_alpha.md index 0f800988..9b1be881 100644 --- a/changelogs/CHANGELOG_alpha.md +++ b/changelogs/CHANGELOG_alpha.md @@ -1,3 +1,10 @@ +# [5.2.0-alpha.1](https://github.com/parse-community/parse-server/compare/5.1.1...5.2.0-alpha.1) (2022-03-23) + + +### Features + +* improved LiveQuery error logging with additional information ([#7837](https://github.com/parse-community/parse-server/issues/7837)) ([443a509](https://github.com/parse-community/parse-server/commit/443a5099059538d379fe491793a5871fcbb4f377)) + # [5.0.0-alpha.29](https://github.com/parse-community/parse-server/compare/5.0.0-alpha.28...5.0.0-alpha.29) (2022-03-12) diff --git a/package-lock.json b/package-lock.json index 7b33778b..e836efee 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "parse-server", - "version": "5.1.1", + "version": "5.2.0-alpha.1", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 95a86994..0fc7408c 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "parse-server", - "version": "5.1.1", + "version": "5.2.0-alpha.1", "description": "An express module providing a Parse-compatible API server", "main": "lib/index.js", "repository": { From 765cfd02dcd791ec1d98bd4a6e36a037a0791b57 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Wed, 23 Mar 2022 01:22:38 +0000 Subject: [PATCH 04/12] chore(release): 5.2.0-beta.1 [skip ci] # [5.2.0-beta.1](https://github.com/parse-community/parse-server/compare/5.1.1...5.2.0-beta.1) (2022-03-23) ### Features * improved LiveQuery error logging with additional information ([#7837](https://github.com/parse-community/parse-server/issues/7837)) ([443a509](https://github.com/parse-community/parse-server/commit/443a5099059538d379fe491793a5871fcbb4f377)) --- changelogs/CHANGELOG_beta.md | 7 +++++++ package-lock.json | 2 +- package.json | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/changelogs/CHANGELOG_beta.md b/changelogs/CHANGELOG_beta.md index 4c6b49cc..98bb3308 100644 --- a/changelogs/CHANGELOG_beta.md +++ b/changelogs/CHANGELOG_beta.md @@ -1,3 +1,10 @@ +# [5.2.0-beta.1](https://github.com/parse-community/parse-server/compare/5.1.1...5.2.0-beta.1) (2022-03-23) + + +### Features + +* improved LiveQuery error logging with additional information ([#7837](https://github.com/parse-community/parse-server/issues/7837)) ([443a509](https://github.com/parse-community/parse-server/commit/443a5099059538d379fe491793a5871fcbb4f377)) + # [5.0.0-beta.10](https://github.com/parse-community/parse-server/compare/5.0.0-beta.9...5.0.0-beta.10) (2022-03-15) diff --git a/package-lock.json b/package-lock.json index e836efee..5bb676b9 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "parse-server", - "version": "5.2.0-alpha.1", + "version": "5.2.0-beta.1", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 0fc7408c..18808b2a 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "parse-server", - "version": "5.2.0-alpha.1", + "version": "5.2.0-beta.1", "description": "An express module providing a Parse-compatible API server", "main": "lib/index.js", "repository": { From 0d6f9e951d9e186e95e96d8869066ce7022bad02 Mon Sep 17 00:00:00 2001 From: Manuel <5673677+mtrezza@users.noreply.github.com> Date: Thu, 24 Mar 2022 02:54:07 +0100 Subject: [PATCH 05/12] fix: sensitive keyword detection may produce false positives (#7881) --- spec/vulnerabilities.spec.js | 14 ++++++++++++++ src/Controllers/DatabaseController.js | 5 +++-- src/Utils.js | 6 +++--- 3 files changed, 20 insertions(+), 5 deletions(-) diff --git a/spec/vulnerabilities.spec.js b/spec/vulnerabilities.spec.js index 1255d643..02a4ff54 100644 --- a/spec/vulnerabilities.spec.js +++ b/spec/vulnerabilities.spec.js @@ -280,4 +280,18 @@ describe('Vulnerabilities', () => { expect(text.error).toBe('Prohibited keyword in request data: {"value":"aValue[123]*"}.'); }); }); + + describe('Ignore non-matches', () => { + it('ignores write request that contains only fraction of denied keyword', async () => { + await reconfigureServer({ + requestKeywordDenylist: [{ key: 'abc' }], + }); + // Initially saving an object executes the keyword detection in RestWrite.js + const obj = new TestObject({ a: { b: { c: 0 } } }); + await expectAsync(obj.save()).toBeResolved(); + // Modifying a nested key executes the keyword detection in DatabaseController.js + obj.increment('a.b.c'); + await expectAsync(obj.save()).toBeResolved(); + }); + }); }); diff --git a/src/Controllers/DatabaseController.js b/src/Controllers/DatabaseController.js index a4368424..3e69b1f5 100644 --- a/src/Controllers/DatabaseController.js +++ b/src/Controllers/DatabaseController.js @@ -11,6 +11,7 @@ import intersect from 'intersect'; // @flow-disable-next import deepcopy from 'deepcopy'; import logger from '../logger'; +import Utils from '../Utils'; import * as SchemaController from './SchemaController'; import { StorageAdapter } from '../Adapters/Storage/StorageAdapter'; import MongoStorageAdapter from '../Adapters/Storage/Mongo/MongoStorageAdapter'; @@ -1763,8 +1764,8 @@ class DatabaseController { if (this.options && this.options.requestKeywordDenylist) { // Scan request data for denied keywords for (const keyword of this.options.requestKeywordDenylist) { - const isMatch = (a, b) => (typeof a === 'string' && new RegExp(a).test(b)) || a === b; - if (isMatch(firstKey, keyword.key)) { + const match = Utils.objectContainsKeyValue({ firstKey: undefined }, keyword.key, undefined); + if (match) { throw new Parse.Error( Parse.Error.INVALID_KEY_NAME, `Prohibited keyword in request data: ${JSON.stringify(keyword)}.` diff --git a/src/Utils.js b/src/Utils.js index 399939a1..d5a255a5 100644 --- a/src/Utils.js +++ b/src/Utils.js @@ -341,9 +341,9 @@ class Utils { * @returns {Boolean} True if a match was found, false otherwise. */ static objectContainsKeyValue(obj, key, value) { - const isMatch = (a, b) => (typeof a === 'string' && new RegExp(a).test(b)) || a === b; - const isKeyMatch = k => isMatch(key, k); - const isValueMatch = v => isMatch(value, v); + const isMatch = (a, b) => (typeof a === 'string' && new RegExp(b).test(a)) || a === b; + const isKeyMatch = k => isMatch(k, key); + const isValueMatch = v => isMatch(v, value); for (const [k, v] of Object.entries(obj)) { if (key !== undefined && value === undefined && isKeyMatch(k)) { return true; From 892c6f94d50b6dced8a5e1948e058dc7b095c914 Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 24 Mar 2022 01:55:04 +0000 Subject: [PATCH 06/12] chore(release): 5.2.0-alpha.2 [skip ci] # [5.2.0-alpha.2](https://github.com/parse-community/parse-server/compare/5.2.0-alpha.1...5.2.0-alpha.2) (2022-03-24) ### Bug Fixes * sensitive keyword detection may produce false positives ([#7881](https://github.com/parse-community/parse-server/issues/7881)) ([0d6f9e9](https://github.com/parse-community/parse-server/commit/0d6f9e951d9e186e95e96d8869066ce7022bad02)) --- changelogs/CHANGELOG_alpha.md | 7 +++++++ package-lock.json | 2 +- package.json | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/changelogs/CHANGELOG_alpha.md b/changelogs/CHANGELOG_alpha.md index 9b1be881..c9a5b758 100644 --- a/changelogs/CHANGELOG_alpha.md +++ b/changelogs/CHANGELOG_alpha.md @@ -1,3 +1,10 @@ +# [5.2.0-alpha.2](https://github.com/parse-community/parse-server/compare/5.2.0-alpha.1...5.2.0-alpha.2) (2022-03-24) + + +### Bug Fixes + +* sensitive keyword detection may produce false positives ([#7881](https://github.com/parse-community/parse-server/issues/7881)) ([0d6f9e9](https://github.com/parse-community/parse-server/commit/0d6f9e951d9e186e95e96d8869066ce7022bad02)) + # [5.2.0-alpha.1](https://github.com/parse-community/parse-server/compare/5.1.1...5.2.0-alpha.1) (2022-03-23) diff --git a/package-lock.json b/package-lock.json index 5bb676b9..affbdd1e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "parse-server", - "version": "5.2.0-beta.1", + "version": "5.2.0-alpha.2", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 18808b2a..9c4288ad 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "parse-server", - "version": "5.2.0-beta.1", + "version": "5.2.0-alpha.2", "description": "An express module providing a Parse-compatible API server", "main": "lib/index.js", "repository": { From e2333ba2628ba2ea1651196a2386391c49073dc0 Mon Sep 17 00:00:00 2001 From: Manuel <5673677+mtrezza@users.noreply.github.com> Date: Thu, 24 Mar 2022 03:33:31 +0100 Subject: [PATCH 07/12] docs: add release instructions to contribution guide (#7885) --- CONTRIBUTING.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 3e075254..8278ed91 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -24,6 +24,8 @@ - [Merging](#merging) - [Breaking Change](#breaking-change-1) - [Reverting](#reverting) +- [Releasing](#releasing) + - [General Considerations](#general-considerations) - [Major Release / Long-Term-Support](#major-release--long-term-support) - [Versioning](#versioning) - [Code of Conduct](#code-of-conduct) @@ -379,6 +381,12 @@ If the commit reverts a previous commit, use the prefix `revert:`, followed by t This reverts commit 1234567890abcdef. ``` +## Releasing + +### General Considerations + +- The `package-lock.json` file has to be deleted and recreated by npm from scratch in regular intervals using the `npm i` command. It is not enough to only update the file via automated security pull requests (e.g. dependabot, snyk), that can create inconsistencies between sub-devependencies of a dependency and increase the chances of vulnerabilities. The file should be recreated once every release cycle which is usually monthly. + ### Major Release / Long-Term-Support Long-Term-Support (LTS) is provided for the previous Parse Server major version. For example, Parse Server 4.x will receive security updates until Parse Server 5.x is superseded by Parse Server 6.x and becomes the new LTS version. While the current major version is published on branch `release`, a LTS version is published on branch `release-#.x.x`, for example `release-4.x.x` for the Parse Server 4.x LTS branch. From c5cf282d11ffdc023764f8e7539a2bd6bc246fe1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 24 Mar 2022 14:41:04 +0100 Subject: [PATCH 08/12] fix: security bump minimist from 1.2.5 to 1.2.6 (#7884) --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index affbdd1e..cd9622cd 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10329,9 +10329,9 @@ } }, "minimist": { - "version": "1.2.5", - "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.5.tgz", - "integrity": "sha512-FM9nNUYrRBAELZQT3xeZQ7fmMOBg6nWNmJKTcgsJeaLstP/UODVpGsr5OhXhhXg6f+qtJ8uiZ+PUxkDWcgIXLw==", + "version": "1.2.6", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz", + "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==", "dev": true }, "minimist-options": { From bc07a3ff3ac3bfd1e711376f0b64512a5530517d Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 24 Mar 2022 13:42:07 +0000 Subject: [PATCH 09/12] chore(release): 5.2.0-alpha.3 [skip ci] # [5.2.0-alpha.3](https://github.com/parse-community/parse-server/compare/5.2.0-alpha.2...5.2.0-alpha.3) (2022-03-24) ### Bug Fixes * security bump minimist from 1.2.5 to 1.2.6 ([#7884](https://github.com/parse-community/parse-server/issues/7884)) ([c5cf282](https://github.com/parse-community/parse-server/commit/c5cf282d11ffdc023764f8e7539a2bd6bc246fe1)) --- changelogs/CHANGELOG_alpha.md | 7 +++++++ package-lock.json | 2 +- package.json | 2 +- 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/changelogs/CHANGELOG_alpha.md b/changelogs/CHANGELOG_alpha.md index c9a5b758..6938ec3c 100644 --- a/changelogs/CHANGELOG_alpha.md +++ b/changelogs/CHANGELOG_alpha.md @@ -1,3 +1,10 @@ +# [5.2.0-alpha.3](https://github.com/parse-community/parse-server/compare/5.2.0-alpha.2...5.2.0-alpha.3) (2022-03-24) + + +### Bug Fixes + +* security bump minimist from 1.2.5 to 1.2.6 ([#7884](https://github.com/parse-community/parse-server/issues/7884)) ([c5cf282](https://github.com/parse-community/parse-server/commit/c5cf282d11ffdc023764f8e7539a2bd6bc246fe1)) + # [5.2.0-alpha.2](https://github.com/parse-community/parse-server/compare/5.2.0-alpha.1...5.2.0-alpha.2) (2022-03-24) diff --git a/package-lock.json b/package-lock.json index cd9622cd..62ff41ae 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "parse-server", - "version": "5.2.0-alpha.2", + "version": "5.2.0-alpha.3", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index 9c4288ad..a4399411 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "parse-server", - "version": "5.2.0-alpha.2", + "version": "5.2.0-alpha.3", "description": "An express module providing a Parse-compatible API server", "main": "lib/index.js", "repository": { From 2aeae76d80d251c7b728c50d9d3535a4f2e455ff Mon Sep 17 00:00:00 2001 From: semantic-release-bot Date: Thu, 24 Mar 2022 18:13:50 +0000 Subject: [PATCH 11/12] chore(release): 5.2.0-beta.2 [skip ci] # [5.2.0-beta.2](https://github.com/parse-community/parse-server/compare/5.2.0-beta.1...5.2.0-beta.2) (2022-03-24) ### Bug Fixes * security bump minimist from 1.2.5 to 1.2.6 ([#7884](https://github.com/parse-community/parse-server/issues/7884)) ([c5cf282](https://github.com/parse-community/parse-server/commit/c5cf282d11ffdc023764f8e7539a2bd6bc246fe1)) * sensitive keyword detection may produce false positives ([#7881](https://github.com/parse-community/parse-server/issues/7881)) ([0d6f9e9](https://github.com/parse-community/parse-server/commit/0d6f9e951d9e186e95e96d8869066ce7022bad02)) --- changelogs/CHANGELOG_beta.md | 8 ++++++++ package-lock.json | 2 +- package.json | 2 +- 3 files changed, 10 insertions(+), 2 deletions(-) diff --git a/changelogs/CHANGELOG_beta.md b/changelogs/CHANGELOG_beta.md index 98bb3308..20540c07 100644 --- a/changelogs/CHANGELOG_beta.md +++ b/changelogs/CHANGELOG_beta.md @@ -1,3 +1,11 @@ +# [5.2.0-beta.2](https://github.com/parse-community/parse-server/compare/5.2.0-beta.1...5.2.0-beta.2) (2022-03-24) + + +### Bug Fixes + +* security bump minimist from 1.2.5 to 1.2.6 ([#7884](https://github.com/parse-community/parse-server/issues/7884)) ([c5cf282](https://github.com/parse-community/parse-server/commit/c5cf282d11ffdc023764f8e7539a2bd6bc246fe1)) +* sensitive keyword detection may produce false positives ([#7881](https://github.com/parse-community/parse-server/issues/7881)) ([0d6f9e9](https://github.com/parse-community/parse-server/commit/0d6f9e951d9e186e95e96d8869066ce7022bad02)) + # [5.2.0-beta.1](https://github.com/parse-community/parse-server/compare/5.1.1...5.2.0-beta.1) (2022-03-23) diff --git a/package-lock.json b/package-lock.json index 62ff41ae..8af50aa2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,6 +1,6 @@ { "name": "parse-server", - "version": "5.2.0-alpha.3", + "version": "5.2.0-beta.2", "lockfileVersion": 1, "requires": true, "dependencies": { diff --git a/package.json b/package.json index a4399411..4b6d7a91 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "parse-server", - "version": "5.2.0-alpha.3", + "version": "5.2.0-beta.2", "description": "An express module providing a Parse-compatible API server", "main": "lib/index.js", "repository": {