joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,074 Commits 2 Branches 18 Tags
0a8670dc22f861fd15e77c0a2be8ffcb79d66233
Commit Graph

1132 Commits

Author SHA1 Message Date
dependabot[bot]
0a8670dc22 refactor: Bump qs from 6.5.2 to 6.5.3 (#8348) 2022-12-07 16:31:54 +01:00
dependabot[bot]
536bb2f1ae refactor: Bump decode-uri-component from 0.2.0 to 0.2.2 (#8342) 2022-12-06 16:16:18 +01:00
semantic-release-bot
b458dcec91 chore(release): 6.0.0-alpha.12 [skip ci] 
# [6.0.0-alpha.12](https://github.com/parse-community/parse-server/compare/6.0.0-alpha.11...6.0.0-alpha.12) (2022-11-26)

### Features

* Upgrade Redis 3 to 4 for LiveQuery ([#8333](https://github.com/parse-community/parse-server/issues/8333)) ([b2761fb](b2761fb378))
 2022-11-26 16:47:14 +00:00
dependabot[bot]
40dd82ff19 refactor: Bump minimatch from 3.0.4 to 3.1.2 (#8336) 2022-11-26 00:57:07 +01:00
semantic-release-bot
e32cc7db93 chore(release): 6.0.0-alpha.11 [skip ci] 
# [6.0.0-alpha.11](https://github.com/parse-community/parse-server/compare/6.0.0-alpha.10...6.0.0-alpha.11) (2022-11-25)

### Bug Fixes

* Parse Server option `masterKeyIps` does not include localhost by default for IPv6 ([#8322](https://github.com/parse-community/parse-server/issues/8322)) ([ab82635](ab82635b0d))
 2022-11-25 22:21:11 +00:00
semantic-release-bot
c8d8e9fbad chore(release): 6.0.0-alpha.10 [skip ci] 
# [6.0.0-alpha.10](https://github.com/parse-community/parse-server/compare/6.0.0-alpha.9...6.0.0-alpha.10) (2022-11-19)

### Bug Fixes

* Cloud Code trigger `beforeSave` does not work with `Parse.Role` ([#8320](https://github.com/parse-community/parse-server/issues/8320)) ([f29d972](f29d9720e9))
 2022-11-19 02:29:35 +00:00
semantic-release-bot
dd45eb2a11 chore(release): 6.0.0-alpha.9 [skip ci] 
# [6.0.0-alpha.9](https://github.com/parse-community/parse-server/compare/6.0.0-alpha.8...6.0.0-alpha.9) (2022-11-16)

### Features

* Remove deprecation `DEPPS3`: Config option `enforcePrivateUsers` defaults to `true` ([#8283](https://github.com/parse-community/parse-server/issues/8283)) ([ed499e3](ed499e32a2))

### BREAKING CHANGES

* The Parse Server option `enforcePrivateUsers` is set to `true` by default; in previous releases this option defaults to `false`; this change improves the default security configuration of Parse Server (#8283) ([ed499e3](ed499e3))
 2022-11-16 22:01:42 +00:00
semantic-release-bot
6e66b20e28 chore(release): 6.0.0-alpha.8 [skip ci] 
# [6.0.0-alpha.8](https://github.com/parse-community/parse-server/compare/6.0.0-alpha.7...6.0.0-alpha.8) (2022-11-11)

### Features

* Restrict use of `masterKey` to localhost by default ([#8281](https://github.com/parse-community/parse-server/issues/8281)) ([6c16021](6c16021a1f))

### BREAKING CHANGES

* This release restricts the use of `masterKey` to localhost by default; if you are using Parse Dashboard on a different server to connect to Parse Server you need to add the IP address of the server that hosts Parse Dashboard to this option (#8281) ([6c16021](6c16021))
 2022-11-11 02:27:01 +00:00
dblythy
6c16021a1f feat: Restrict use of masterKey to localhost by default (#8281) 
BREAKING CHANGE: This release restricts the use of `masterKey` to localhost by default; if you are using Parse Dashboard on a different server to connect to Parse Server you need to add the IP address of the server that hosts Parse Dashboard to this option (#8281)
 2022-11-11 03:24:48 +01:00
semantic-release-bot
7336afc562 chore(release): 6.0.0-alpha.7 [skip ci] 
# [6.0.0-alpha.7](https://github.com/parse-community/parse-server/compare/6.0.0-alpha.6...6.0.0-alpha.7) (2022-11-11)

### Features

* Upgrade Redis 3 to 4 ([#8293](https://github.com/parse-community/parse-server/issues/8293)) ([7d622f0](7d622f06a4))

### BREAKING CHANGES

* This release upgrades to Redis 4; if you are using the Redis cache adapter with Parse Server then this is a breaking change as the Redis client options have changed; see the [Redis migration guide](https://github.com/redis/node-redis/blob/redis%404.0.0/docs/v3-to-v4.md) for more details (#8293) ([7d622f0](7d622f0))
 2022-11-11 00:18:30 +00:00
dblythy
7d622f06a4 feat: Upgrade Redis 3 to 4 (#8293) 
BREAKING CHANGE: This release upgrades to Redis 4; if you are using the Redis cache adapter with Parse Server then this is a breaking change as the Redis client options have changed; see the [Redis migration guide](https://github.com/redis/node-redis/blob/redis%404.0.0/docs/v3-to-v4.md) for more details (#8293)
 2022-11-11 01:16:50 +01:00
semantic-release-bot
c8227cd140 chore(release): 6.0.0-alpha.6 [skip ci] 
# [6.0.0-alpha.6](https://github.com/parse-community/parse-server/compare/6.0.0-alpha.5...6.0.0-alpha.6) (2022-11-10)

### Features

* Remove support for MongoDB 4.0 ([#8292](https://github.com/parse-community/parse-server/issues/8292)) ([37245f6](37245f62ce))

### BREAKING CHANGES

* This release removes support for MongoDB 4.0; the new minimum supported MongoDB version is 4.2. which also removes support for the deprecated MongoDB MMAPv1 storage engine ([37245f6](37245f6))
 2022-11-10 22:34:03 +00:00
semantic-release-bot
ebea057e5b chore(release): 6.0.0-alpha.5 [skip ci] 
# [6.0.0-alpha.5](https://github.com/parse-community/parse-server/compare/6.0.0-alpha.4...6.0.0-alpha.5) (2022-11-10)

### Bug Fixes

* Throwing error in Cloud Code Triggers `afterLogin`, `afterLogout` crashes server ([#8280](https://github.com/parse-community/parse-server/issues/8280)) ([130d290](130d29074e))

### BREAKING CHANGES

* Throwing an error in Cloud Code Triggers `afterLogin`, `afterLogout` returns a rejected promise; in previous releases it crashed the server if you did not handle the error on the Node.js process level; consider adapting your code if your app currently handles these errors on the Node.js process level with `process.on('unhandledRejection', ...)` ([130d290](130d290))
 2022-11-10 21:02:40 +00:00
semantic-release-bot
9d3c1c6918 chore(release): 6.0.0-alpha.4 [skip ci] 
# [6.0.0-alpha.4](https://github.com/parse-community/parse-server/compare/6.0.0-alpha.3...6.0.0-alpha.4) (2022-11-10)

### Features

* Remove deprecation `DEPPS2`: Config option `directAccess` defaults to true ([#8284](https://github.com/parse-community/parse-server/issues/8284)) ([f535ee6](f535ee6ec2))

### BREAKING CHANGES

* Config option `directAccess` defaults to true; set this to `false` in environments where multiple Parse Server instances run behind a load balancer and Parse requests within the current Node.js environment should be routed via the load balancer and distributed as HTTP requests among all instances via the `serverURL`. ([f535ee6](f535ee6))
 2022-11-10 19:33:14 +00:00
semantic-release-bot
2054a88f19 chore(release): 6.0.0-alpha.3 [skip ci] 
# [6.0.0-alpha.3](https://github.com/parse-community/parse-server/compare/6.0.0-alpha.2...6.0.0-alpha.3) (2022-11-10)

### Features

* Remove deprecation `DEPPS4`: Remove convenience method for http request `Parse.Cloud.httpRequest`  ([#8287](https://github.com/parse-community/parse-server/issues/8287)) ([2d79c08](2d79c0835b))

### BREAKING CHANGES

* The convenience method for HTTP requests `Parse.Cloud.httpRequest` is removed; use your preferred 3rd party library for making HTTP requests ([2d79c08](2d79c08))
 2022-11-10 17:30:57 +00:00
semantic-release-bot
739a3a9957 chore(release): 6.0.0-alpha.2 [skip ci] 
# [6.0.0-alpha.2](https://github.com/parse-community/parse-server/compare/6.0.0-alpha.1...6.0.0-alpha.2) (2022-11-10)

### Features

* Improve authentication adapter interface to support multi-factor authentication (MFA), authentication challenges, and provide a more powerful interface for writing custom authentication adapters ([#8156](https://github.com/parse-community/parse-server/issues/8156)) ([5bbf9ca](5bbf9cade9))
 2022-11-10 16:37:32 +00:00
semantic-release-bot
4eb5f28b04 chore(release): 6.0.0-alpha.1 [skip ci] 
# [6.0.0-alpha.1](https://github.com/parse-community/parse-server/compare/5.4.0-alpha.1...6.0.0-alpha.1) (2022-11-10)

### Bug Fixes

* Remove Node 12 and Node 17 support ([#8279](https://github.com/parse-community/parse-server/issues/8279)) ([2546cc8](2546cc8572))

### BREAKING CHANGES

* This release removes Node 12 and Node 17 support ([2546cc8](2546cc8))
 2022-11-10 15:37:25 +00:00
Parse Platform
a8cb2a4ef1 refactor: Upgrade pg-promise from 10.12.0 to 10.12.1 (#8299) 2022-11-08 15:35:46 +00:00
Snyk bot
81304be649 refactor: Upgrade jwks-rsa from 2.1.4 to 2.1.5 (#8278) 2022-11-03 02:29:13 +01:00
semantic-release-bot
963613ec3f chore(release): 5.4.0-alpha.1 [skip ci] 
# [5.4.0-alpha.1](https://github.com/parse-community/parse-server/compare/5.3.0...5.4.0-alpha.1) (2022-10-31)

### Bug Fixes

* authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration `appIds` is set as a string (e.g. `abc`) instead of an array of strings (e.g. `["abc"]`) ([GHSA-r657-33vp-gp22](https://github.com/parse-community/parse-server/security/advisories/GHSA-r657-33vp-gp22)) [skip release] ([#8187](https://github.com/parse-community/parse-server/issues/8187)) ([8c8ec71](8c8ec71573))
* brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) ([#8146](https://github.com/parse-community/parse-server/issues/8146)) [skip release] ([4c0c7c7](4c0c7c77b7))
* certificate in Apple Game Center auth adapter not validated [skip release] ([#8058](https://github.com/parse-community/parse-server/issues/8058)) ([75af9a2](75af9a26cc))
* graphQL query ignores condition `equalTo` with value `false` ([#8032](https://github.com/parse-community/parse-server/issues/8032)) ([7f5a15d](7f5a15d5df))
* internal indices for classes `_Idempotency` and `_Role` are not protected in defined schema ([#8121](https://github.com/parse-community/parse-server/issues/8121)) ([c16f529](c16f529f74))
* invalid file request not properly handled [skip release] ([#8062](https://github.com/parse-community/parse-server/issues/8062)) ([4c9e956](4c9e95674a))
* liveQuery with `containedIn` not working when object field is an array ([#8128](https://github.com/parse-community/parse-server/issues/8128)) ([1d9605b](1d9605bc93))
* protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] ([#8076](https://github.com/parse-community/parse-server/issues/8076)) ([9fd4516](9fd4516cde))
* push notifications `badge` doesn't update with Installation beforeSave trigger ([#8162](https://github.com/parse-community/parse-server/issues/8162)) ([3c75c2b](3c75c2ba48))
* query aggregation pipeline cannot handle value of type `Date` when `directAccess: true` ([#8167](https://github.com/parse-community/parse-server/issues/8167)) ([e424137](e424137406))
* relation constraints in compound queries `Parse.Query.or`, `Parse.Query.and` not working ([#8203](https://github.com/parse-community/parse-server/issues/8203)) ([28f0d26](28f0d26677))
* security upgrade undici from 5.6.0 to 5.8.0 ([#8108](https://github.com/parse-community/parse-server/issues/8108)) ([4aa016b](4aa016b732))
* server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests ([GHSA-h423-w6qv-2wj3](https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3)) [skip release] ([#8238](https://github.com/parse-community/parse-server/issues/8238)) ([c03908f](c03908f74e))
* session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp)) [skip release] ([#8180](https://github.com/parse-community/parse-server/issues/8180)) ([37fed30](37fed3062c))
* sorting by non-existing value throws `INVALID_SERVER_ERROR` on Postgres ([#8157](https://github.com/parse-community/parse-server/issues/8157)) ([3b775a1](3b775a1fb8))
* updating object includes unchanged keys in client response for certain key types ([#8159](https://github.com/parse-community/parse-server/issues/8159)) ([37af1d7](37af1d78fc))

### Features

* add convenience access to Parse Server configuration in Cloud Code via `Parse.Server` ([#8244](https://github.com/parse-community/parse-server/issues/8244)) ([9f11115](9f111158ed))
* add option to change the default value of the `Parse.Query.limit()` constraint ([#8152](https://github.com/parse-community/parse-server/issues/8152)) ([0388956](0388956808))
* add support for MongoDB 6 ([#8242](https://github.com/parse-community/parse-server/issues/8242)) ([aba0081](aba0081ce1))
* add support for Postgres 15 ([#8215](https://github.com/parse-community/parse-server/issues/8215)) ([2feb6c4](2feb6c4608))
* liveQuery support for unsorted distance queries ([#8221](https://github.com/parse-community/parse-server/issues/8221)) ([0f763da](0f763da17d))
 2022-10-31 14:37:28 +00:00
Snyk bot
70ada3e522 refactor: upgrade express from 4.18.1 to 4.18.2 (#8265) 2022-10-31 15:29:32 +01:00
semantic-release-bot
0e30c76e39 chore(release): 5.4.0-beta.1 [skip ci] 
# [5.4.0-beta.1](https://github.com/parse-community/parse-server/compare/5.3.0...5.4.0-beta.1) (2022-10-29)

### Bug Fixes

* authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration `appIds` is set as a string (e.g. `abc`) instead of an array of strings (e.g. `["abc"]`) ([GHSA-r657-33vp-gp22](https://github.com/parse-community/parse-server/security/advisories/GHSA-r657-33vp-gp22)) [skip release] ([#8187](https://github.com/parse-community/parse-server/issues/8187)) ([8c8ec71](8c8ec71573))
* brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) ([#8146](https://github.com/parse-community/parse-server/issues/8146)) [skip release] ([4c0c7c7](4c0c7c77b7))
* certificate in Apple Game Center auth adapter not validated [skip release] ([#8058](https://github.com/parse-community/parse-server/issues/8058)) ([75af9a2](75af9a26cc))
* graphQL query ignores condition `equalTo` with value `false` ([#8032](https://github.com/parse-community/parse-server/issues/8032)) ([7f5a15d](7f5a15d5df))
* internal indices for classes `_Idempotency` and `_Role` are not protected in defined schema ([#8121](https://github.com/parse-community/parse-server/issues/8121)) ([c16f529](c16f529f74))
* invalid file request not properly handled [skip release] ([#8062](https://github.com/parse-community/parse-server/issues/8062)) ([4c9e956](4c9e95674a))
* liveQuery with `containedIn` not working when object field is an array ([#8128](https://github.com/parse-community/parse-server/issues/8128)) ([1d9605b](1d9605bc93))
* protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] ([#8076](https://github.com/parse-community/parse-server/issues/8076)) ([9fd4516](9fd4516cde))
* push notifications `badge` doesn't update with Installation beforeSave trigger ([#8162](https://github.com/parse-community/parse-server/issues/8162)) ([3c75c2b](3c75c2ba48))
* query aggregation pipeline cannot handle value of type `Date` when `directAccess: true` ([#8167](https://github.com/parse-community/parse-server/issues/8167)) ([e424137](e424137406))
* relation constraints in compound queries `Parse.Query.or`, `Parse.Query.and` not working ([#8203](https://github.com/parse-community/parse-server/issues/8203)) ([28f0d26](28f0d26677))
* security upgrade undici from 5.6.0 to 5.8.0 ([#8108](https://github.com/parse-community/parse-server/issues/8108)) ([4aa016b](4aa016b732))
* server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests ([GHSA-h423-w6qv-2wj3](https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3)) [skip release] ([#8238](https://github.com/parse-community/parse-server/issues/8238)) ([c03908f](c03908f74e))
* session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp)) [skip release] ([#8180](https://github.com/parse-community/parse-server/issues/8180)) ([37fed30](37fed3062c))
* sorting by non-existing value throws `INVALID_SERVER_ERROR` on Postgres ([#8157](https://github.com/parse-community/parse-server/issues/8157)) ([3b775a1](3b775a1fb8))
* updating object includes unchanged keys in client response for certain key types ([#8159](https://github.com/parse-community/parse-server/issues/8159)) ([37af1d7](37af1d78fc))

### Features

* add convenience access to Parse Server configuration in Cloud Code via `Parse.Server` ([#8244](https://github.com/parse-community/parse-server/issues/8244)) ([9f11115](9f111158ed))
* add option to change the default value of the `Parse.Query.limit()` constraint ([#8152](https://github.com/parse-community/parse-server/issues/8152)) ([0388956](0388956808))
* add support for MongoDB 6 ([#8242](https://github.com/parse-community/parse-server/issues/8242)) ([aba0081](aba0081ce1))
* add support for Postgres 15 ([#8215](https://github.com/parse-community/parse-server/issues/8215)) ([2feb6c4](2feb6c4608))
* liveQuery support for unsorted distance queries ([#8221](https://github.com/parse-community/parse-server/issues/8221)) ([0f763da](0f763da17d))
 2022-10-29 20:01:12 +00:00
semantic-release-bot
9053e79151 chore(release): 5.3.0-alpha.32 [skip ci] 
# [5.3.0-alpha.32](https://github.com/parse-community/parse-server/compare/5.3.0-alpha.31...5.3.0-alpha.32) (2022-10-29)

### Features

* add convenience access to Parse Server configuration in Cloud Code via `Parse.Server` ([#8244](https://github.com/parse-community/parse-server/issues/8244)) ([9f11115](9f111158ed))
 2022-10-29 17:10:47 +00:00
Snyk bot
eab9cdd749 refactor: upgrade body-parser from 1.20.0 to 1.20.1 (#8262) 2022-10-29 17:39:56 +02:00
Parse Platform
4918665dd2 refactor: upgrade semver from 7.3.7 to 7.3.8 (#8261) 2022-10-27 14:04:09 +02:00
semantic-release-bot
b54af6b701 chore(release): 5.3.0-alpha.31 [skip ci] 
# [5.3.0-alpha.31](https://github.com/parse-community/parse-server/compare/5.3.0-alpha.30...5.3.0-alpha.31) (2022-10-24)

### Bug Fixes

* relation constraints in compound queries `Parse.Query.or`, `Parse.Query.and` not working ([#8203](https://github.com/parse-community/parse-server/issues/8203)) ([28f0d26](28f0d26677))
 2022-10-24 10:54:30 +00:00
dependabot[bot]
fb503320c3 refactor: bump async from 3.2.1 to 3.2.4 (#8254) 2022-10-20 22:43:34 +02:00
Parse Platform
a0499521cc refactor: upgrade pg-monitor from 1.4.1 to 1.5.0 (#8248) 2022-10-20 22:03:20 +02:00
Parse Platform
b2491234e8 refactor: upgrade ws from 8.8.1 to 8.9.0 (#8247) 2022-10-19 10:04:34 +02:00
semantic-release-bot
3cde50f82a chore(release): 5.3.0-alpha.30 [skip ci] 
# [5.3.0-alpha.30](https://github.com/parse-community/parse-server/compare/5.3.0-alpha.29...5.3.0-alpha.30) (2022-10-17)

### Features

* add support for MongoDB 6 ([#8242](https://github.com/parse-community/parse-server/issues/8242)) ([aba0081](aba0081ce1))
 2022-10-17 17:29:15 +00:00
semantic-release-bot
c1a70fe820 chore(release): 5.3.0-alpha.29 [skip ci] 
# [5.3.0-alpha.29](https://github.com/parse-community/parse-server/compare/5.3.0-alpha.28...5.3.0-alpha.29) (2022-10-15)

### Bug Fixes

* server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests ([GHSA-h423-w6qv-2wj3](https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3)) [skip release] ([#8238](https://github.com/parse-community/parse-server/issues/8238)) ([c03908f](c03908f74e))

### Features

* add support for Postgres 15 ([#8215](https://github.com/parse-community/parse-server/issues/8215)) ([2feb6c4](2feb6c4608))
 2022-10-15 22:26:12 +00:00
Snyk bot
6d0bc1eff0 refactor: upgrade follow-redirects from 1.15.1 to 1.15.2 (#8233) 2022-10-15 17:12:27 +02:00
Snyk bot
89fad24bae refactor: upgrade mongodb from 4.9.1 to 4.10.0 (#8234) 2022-10-14 19:17:30 +02:00
semantic-release-bot
8c30c81da6 chore(release): 5.3.0-alpha.28 [skip ci] 
# [5.3.0-alpha.28](https://github.com/parse-community/parse-server/compare/5.3.0-alpha.27...5.3.0-alpha.28) (2022-10-11)

### Features

* liveQuery support for unsorted distance queries ([#8221](https://github.com/parse-community/parse-server/issues/8221)) ([0f763da](0f763da17d))
 2022-10-11 22:36:58 +00:00
Parse Platform
63d51fa6c8 refactor: upgrade @graphql-tools/merge from 8.3.5 to 8.3.6 (#8206) 2022-10-01 21:41:10 +02:00
Parse Platform
a0956b5496 refactor: upgrade @graphql-tools/schema from 9.0.3 to 9.0.4 (#8207) 2022-10-01 16:13:21 +02:00
Parse Platform
777b4a9961 refactor: upgrade @graphql-tools/utils from 8.11.0 to 8.12.0 (#8205) 2022-10-01 14:26:53 +02:00
semantic-release-bot
5376c3b145 chore(release): 5.3.0-alpha.27 [skip ci] 
# [5.3.0-alpha.27](https://github.com/parse-community/parse-server/compare/5.3.0-alpha.26...5.3.0-alpha.27) (2022-09-29)

### Bug Fixes

* authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration `appIds` is set as a string (e.g. `abc`) instead of an array of strings (e.g. `["abc"]`) ([GHSA-r657-33vp-gp22](https://github.com/parse-community/parse-server/security/advisories/GHSA-r657-33vp-gp22)) [skip release] ([#8187](https://github.com/parse-community/parse-server/issues/8187)) ([8c8ec71](8c8ec71573))
* session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp)) [skip release] ([#8180](https://github.com/parse-community/parse-server/issues/8180)) ([37fed30](37fed3062c))

### Features

* add option to change the default value of the `Parse.Query.limit()` constraint ([#8152](https://github.com/parse-community/parse-server/issues/8152)) ([0388956](0388956808))
 2022-09-29 23:02:45 +00:00
Parse Platform
c9bd87e2f3 refactor: upgrade @graphql-tools/merge from 8.3.4 to 8.3.5 (#8199) 2022-09-28 02:04:47 +02:00
Parse Platform
c1dbd007c5 refactor: upgrade @graphql-tools/utils from 8.10.1 to 8.11.0 (#8198) 2022-09-28 00:06:25 +02:00
Parse Platform
9872051e3b refactor: upgrade @graphql-tools/schema from 9.0.2 to 9.0.3 (#8197) 2022-09-27 22:27:25 +02:00
Parse Platform
643d49199a refactor: upgrade uuid from 8.3.2 to 9.0.0 (#8200) 2022-09-27 13:01:54 +02:00
Snyk bot
e8242423e4 refactor: upgrade mongodb from 4.9.0 to 4.9.1 (#8190) 2022-09-22 11:27:47 +02:00
Snyk bot
004faf41e4 refactor: upgrade @graphql-tools/merge from 8.3.3 to 8.3.4 (#8175) 2022-09-19 22:07:14 +02:00
Snyk bot
bf7d5ba605 refactor: upgrade @graphql-tools/schema from 9.0.1 to 9.0.2 (#8176) 2022-09-19 20:07:26 +02:00
Snyk bot
6fb4d68f4c refactor: upgrade pg-promise from 10.11.1 to 10.12.0 (#8178) 2022-09-19 16:35:20 +02:00
Snyk bot
9fe16738b6 refactor: upgrade @graphql-tools/utils from 8.10.0 to 8.10.1 (#8177) 2022-09-19 15:45:00 +02:00
semantic-release-bot
b2fe087a02 chore(release): 5.3.0-alpha.26 [skip ci] 
# [5.3.0-alpha.26](https://github.com/parse-community/parse-server/compare/5.3.0-alpha.25...5.3.0-alpha.26) (2022-09-17)

### Bug Fixes

* sorting by non-existing value throws `INVALID_SERVER_ERROR` on Postgres ([#8157](https://github.com/parse-community/parse-server/issues/8157)) ([3b775a1](3b775a1fb8))
 2022-09-17 18:49:17 +00:00
semantic-release-bot
73e1763a63 chore(release): 5.3.0-alpha.25 [skip ci] 
# [5.3.0-alpha.25](https://github.com/parse-community/parse-server/compare/5.3.0-alpha.24...5.3.0-alpha.25) (2022-09-17)

### Bug Fixes

* updating object includes unchanged keys in client response for certain key types ([#8159](https://github.com/parse-community/parse-server/issues/8159)) ([37af1d7](37af1d78fc))
 2022-09-17 16:30:24 +00:00
semantic-release-bot
41e44302b4 chore(release): 5.3.0-alpha.24 [skip ci] 
# [5.3.0-alpha.24](https://github.com/parse-community/parse-server/compare/5.3.0-alpha.23...5.3.0-alpha.24) (2022-09-17)

### Bug Fixes

* query aggregation pipeline cannot handle value of type `Date` when `directAccess: true` ([#8167](https://github.com/parse-community/parse-server/issues/8167)) ([e424137](e424137406))
 2022-09-17 14:26:53 +00:00