joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,071 Commits 2 Branches 18 Tags
0bb63d8cc129f5dcc1b5402f47ef42ebcfebedf7
Commit Graph

30 Commits

Author SHA1 Message Date
semantic-release-bot
ef77b993bf chore(release): 5.5.5 [skip ci] 
## [5.5.5](https://github.com/parse-community/parse-server/compare/5.5.4...5.5.5) (2023-09-04)

### Bug Fixes

* Parse Pointer allows to access internal Parse Server classes and circumvent `beforeFind` query trigger; fixes security vulnerability [GHSA-fcv6-fg5r-jm9q](https://github.com/parse-community/parse-server/security/advisories/GHSA-fcv6-fg5r-jm9q) ([6458ab0](6458ab072e))
 2023-09-04 12:28:42 +00:00
semantic-release-bot
62bb396ab4 chore(release): 5.5.4 [skip ci] 
## [5.5.4](https://github.com/parse-community/parse-server/compare/5.5.3...5.5.4) (2023-07-30)

### Bug Fixes

* Security upgrade semver from 7.5.1 to 7.5.2 ([#8704](https://github.com/parse-community/parse-server/issues/8704)) ([c7fa3b9](c7fa3b92a1))
 2023-07-30 22:01:35 +00:00
semantic-release-bot
9c0abe0120 chore(release): 5.5.3 [skip ci] 
## [5.5.3](https://github.com/parse-community/parse-server/compare/5.5.2...5.5.3) (2023-06-29)

### Bug Fixes

* Server does not start via CLI when `auth` option is set ([#8669](https://github.com/parse-community/parse-server/issues/8669)) ([601da1e](601da1ee3c))
 2023-06-29 20:06:24 +00:00
semantic-release-bot
e6374e791d chore(release): 5.5.2 [skip ci] 
## [5.5.2](https://github.com/parse-community/parse-server/compare/5.5.1...5.5.2) (2023-06-28)

### Bug Fixes

* Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-462x-c3jw-7vr6](https://github.com/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6) ([#8675](https://github.com/parse-community/parse-server/issues/8675)) ([5fad292](5fad2928fb))
 2023-06-28 21:06:50 +00:00
semantic-release-bot
c83b343aae chore(release): 5.5.1 [skip ci] 
## [5.5.1](https://github.com/parse-community/parse-server/compare/5.5.0...5.5.1) (2023-05-23)

### Bug Fixes

* Security upgrade @parse/push-adapter from 4.1.2 to 4.1.3 ([#8571](https://github.com/parse-community/parse-server/issues/8571)) ([8e83cac](8e83cac02d))
 2023-05-23 23:47:49 +00:00
semantic-release-bot
ac90cb8c35 chore(release): 5.5.0 [skip ci] 
# [5.5.0](https://github.com/parse-community/parse-server/compare/5.4.3...5.5.0) (2023-05-20)

### Features

* Add new Parse Server option `fileUpload.fileExtensions` to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern `^[^hH][^tT][^mM][^lL]?$`, which excludes HTML files; this fix is released as a patch version given the severity of this vulnerability, however, if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to `['.*']` ([#8537](https://github.com/parse-community/parse-server/issues/8537)) ([196e05f](196e05f047))
 2023-05-20 23:22:06 +00:00
semantic-release-bot
e9ae4351a1 chore(release): 5.4.3 [skip ci] 
## [5.4.3](https://github.com/parse-community/parse-server/compare/5.4.2...5.4.3) (2023-03-22)

### Bug Fixes

* Unable to create new role if `beforeSave` hook exists ([#8474](https://github.com/parse-community/parse-server/issues/8474)) ([4f0f0ec](4f0f0ec4bb))
 2023-03-22 20:30:02 +00:00
semantic-release-bot
b905137278 chore(release): 5.4.2 [skip ci] 
## [5.4.2](https://github.com/parse-community/parse-server/compare/5.4.1...5.4.2) (2023-02-16)

### Bug Fixes

* Security upgrade jsonwebtoken to 9.0.0 ([#8431](https://github.com/parse-community/parse-server/issues/8431)) ([2c19c2e](2c19c2e4d4))
 2023-02-16 19:00:29 +00:00
semantic-release-bot
30576f1091 chore(release): 5.4.1 [skip ci] 
## [5.4.1](https://github.com/parse-community/parse-server/compare/5.4.0...5.4.1) (2023-01-31)

### Bug Fixes

* The client IP address may be determined incorrectly in some cases; it is now required to set the Parse Server option `trustProxy` accordingly if Parse Server runs behind a proxy server, see the express framework's [trust proxy](https://expressjs.com/en/guide/behind-proxies.html) setting; this fixes a security vulnerability in which the Parse Server option `masterKeyIps` may be circumvented, see [GHSA-vm5r-c87r-pf6x](https://github.com/parse-community/parse-server/security/advisories/GHSA-vm5r-c87r-pf6x) ([#8369](https://github.com/parse-community/parse-server/issues/8369)) ([e016d81](e016d813e0))
 2023-01-31 03:57:58 +00:00
Manuel Trezza
38f64be596 ci: update auto-release for LTS 2022-11-19 12:31:43 +01:00
semantic-release-bot
9b34b0263b chore(release): 5.4.0 [skip ci] 
# [5.4.0](https://github.com/parse-community/parse-server/compare/5.3.3...5.4.0) (2022-11-19)

### Bug Fixes

* authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration `appIds` is set as a string (e.g. `abc`) instead of an array of strings (e.g. `["abc"]`) ([GHSA-r657-33vp-gp22](https://github.com/parse-community/parse-server/security/advisories/GHSA-r657-33vp-gp22)) [skip release] ([#8187](https://github.com/parse-community/parse-server/issues/8187)) ([8c8ec71](8c8ec71573))
* brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) ([#8146](https://github.com/parse-community/parse-server/issues/8146)) [skip release] ([4c0c7c7](4c0c7c77b7))
* certificate in Apple Game Center auth adapter not validated [skip release] ([#8058](https://github.com/parse-community/parse-server/issues/8058)) ([75af9a2](75af9a26cc))
* graphQL query ignores condition `equalTo` with value `false` ([#8032](https://github.com/parse-community/parse-server/issues/8032)) ([7f5a15d](7f5a15d5df))
* internal indices for classes `_Idempotency` and `_Role` are not protected in defined schema ([#8121](https://github.com/parse-community/parse-server/issues/8121)) ([c16f529](c16f529f74))
* invalid file request not properly handled [skip release] ([#8062](https://github.com/parse-community/parse-server/issues/8062)) ([4c9e956](4c9e95674a))
* liveQuery with `containedIn` not working when object field is an array ([#8128](https://github.com/parse-community/parse-server/issues/8128)) ([1d9605b](1d9605bc93))
* protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] ([#8076](https://github.com/parse-community/parse-server/issues/8076)) ([9fd4516](9fd4516cde))
* push notifications `badge` doesn't update with Installation beforeSave trigger ([#8162](https://github.com/parse-community/parse-server/issues/8162)) ([3c75c2b](3c75c2ba48))
* query aggregation pipeline cannot handle value of type `Date` when `directAccess: true` ([#8167](https://github.com/parse-community/parse-server/issues/8167)) ([e424137](e424137406))
* relation constraints in compound queries `Parse.Query.or`, `Parse.Query.and` not working ([#8203](https://github.com/parse-community/parse-server/issues/8203)) ([28f0d26](28f0d26677))
* security upgrade undici from 5.6.0 to 5.8.0 ([#8108](https://github.com/parse-community/parse-server/issues/8108)) ([4aa016b](4aa016b732))
* server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests ([GHSA-h423-w6qv-2wj3](https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3)) [skip release] ([#8238](https://github.com/parse-community/parse-server/issues/8238)) ([c03908f](c03908f74e))
* session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp)) [skip release] ([#8180](https://github.com/parse-community/parse-server/issues/8180)) ([37fed30](37fed3062c))
* sorting by non-existing value throws `INVALID_SERVER_ERROR` on Postgres ([#8157](https://github.com/parse-community/parse-server/issues/8157)) ([3b775a1](3b775a1fb8))
* updating object includes unchanged keys in client response for certain key types ([#8159](https://github.com/parse-community/parse-server/issues/8159)) ([37af1d7](37af1d78fc))

### Features

* add convenience access to Parse Server configuration in Cloud Code via `Parse.Server` ([#8244](https://github.com/parse-community/parse-server/issues/8244)) ([9f11115](9f111158ed))
* add option to change the default value of the `Parse.Query.limit()` constraint ([#8152](https://github.com/parse-community/parse-server/issues/8152)) ([0388956](0388956808))
* add support for MongoDB 6 ([#8242](https://github.com/parse-community/parse-server/issues/8242)) ([aba0081](aba0081ce1))
* add support for Postgres 15 ([#8215](https://github.com/parse-community/parse-server/issues/8215)) ([2feb6c4](2feb6c4608))
* liveQuery support for unsorted distance queries ([#8221](https://github.com/parse-community/parse-server/issues/8221)) ([0f763da](0f763da17d))
 2022-11-19 03:37:26 +00:00
semantic-release-bot
fd8a11bc27 chore(release): 5.3.3 [skip ci] 
## [5.3.3](https://github.com/parse-community/parse-server/compare/5.3.2...5.3.3) (2022-11-09)

### Bug Fixes

* Prototype pollution via Cloud Code Webhooks; fixes security vulnerability [GHSA-93vw-8fm5-p2jf](https://github.com/parse-community/parse-server/security/advisories/GHSA-93vw-8fm5-p2jf) ([#8305](https://github.com/parse-community/parse-server/issues/8305)) ([60c5a73](60c5a73d25))
 2022-11-09 20:56:00 +00:00
semantic-release-bot
3e983c41ff chore(release): 5.3.2 [skip ci] 
## [5.3.2](https://github.com/parse-community/parse-server/compare/5.3.1...5.3.2) (2022-11-09)

### Bug Fixes

* Parse Server option `requestKeywordDenylist` can be bypassed via Cloud Code Webhooks or Triggers; fixes security vulnerability [GHSA-xprv-wvh7-qqqx](https://github.com/parse-community/parse-server/security/advisories/GHSA-xprv-wvh7-qqqx) ([#8302](https://github.com/parse-community/parse-server/issues/8302)) ([6728da1](6728da1e35))
 2022-11-09 19:12:19 +00:00
semantic-release-bot
2458a8c58d chore(release): 5.3.1 [skip ci] 
## [5.3.1](https://github.com/parse-community/parse-server/compare/5.3.0...5.3.1) (2022-11-07)

### Bug Fixes

* Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-prm5-8g2m-24gg](https://github.com/parse-community/parse-server/security/advisories/GHSA-prm5-8g2m-24gg) ([#8295](https://github.com/parse-community/parse-server/issues/8295)) ([50eed3c](50eed3cffe))
 2022-11-07 22:10:47 +00:00
semantic-release-bot
12e174bcb6 chore(release): 5.3.0 [skip ci] 
# [5.3.0](https://github.com/parse-community/parse-server/compare/5.2.8...5.3.0) (2022-10-29)

### Bug Fixes

* afterSave trigger removes pointer in Parse object ([#7913](https://github.com/parse-community/parse-server/issues/7913)) ([47d796e](47d796ea58))
* authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration `appIds` is set as a string (e.g. `abc`) instead of an array of strings (e.g. `["abc"]`) ([GHSA-r657-33vp-gp22](https://github.com/parse-community/parse-server/security/advisories/GHSA-r657-33vp-gp22)) [skip release] ([#8188](https://github.com/parse-community/parse-server/issues/8188)) ([1a2b1b9](1a2b1b9bc1))
* auto-release process may fail if optional back-merging task fails ([#8051](https://github.com/parse-community/parse-server/issues/8051)) ([cf925e7](cf925e75e8))
* brute force guessing of user sensitive data via search patterns (GHSA-2m6g-crv8-p3c6) ([#8145](https://github.com/parse-community/parse-server/issues/8145)) [skip release] ([f0db4ca](f0db4ca4a4))
* certificate in Apple Game Center auth adapter not validated [skip release] ([#8055](https://github.com/parse-community/parse-server/issues/8055)) ([4c2aa63](4c2aa63fd2))
* custom database options are not passed to MongoDB GridFS ([#7911](https://github.com/parse-community/parse-server/issues/7911)) ([b1e5565](b1e5565b22))
* depreciate allowClientClassCreation defaulting to true ([#7925](https://github.com/parse-community/parse-server/issues/7925)) ([38ed96a](38ed96ace5))
* errors in GraphQL do not show the original error but a general `Unexpected Error` ([#8045](https://github.com/parse-community/parse-server/issues/8045)) ([0d81887](0d818879c2))
* interrupted WebSocket connection not closed by LiveQuery server ([#8012](https://github.com/parse-community/parse-server/issues/8012)) ([2d5221e](2d5221e480))
* invalid file request not properly handled [skip release] ([#8061](https://github.com/parse-community/parse-server/issues/8061)) ([1a04a34](1a04a347cf))
* live query role cache does not clear when a user is added to a role ([#8026](https://github.com/parse-community/parse-server/issues/8026)) ([199dfc1](199dfc1722))
* peer dependency mismatch for GraphQL dependencies ([#7934](https://github.com/parse-community/parse-server/issues/7934)) ([0a6faa8](0a6faa81fa))
* protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] ([#8075](https://github.com/parse-community/parse-server/issues/8075)) ([636d16e](636d16e0f9))
* return correct response when revert is used in beforeSave ([#7839](https://github.com/parse-community/parse-server/issues/7839)) ([19900fc](19900fcdf8))
* security upgrade @parse/fs-files-adapter from 1.2.1 to 1.2.2 ([#7948](https://github.com/parse-community/parse-server/issues/7948)) ([3a70fda](3a70fda679))
* security upgrade moment from 2.29.1 to 2.29.2 ([#7931](https://github.com/parse-community/parse-server/issues/7931)) ([731c550](731c550714))
* security upgrade parse push adapter from 4.1.0 to 4.1.2 ([#7893](https://github.com/parse-community/parse-server/issues/7893)) ([93667b4](93667b4e84))
* server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests ([GHSA-h423-w6qv-2wj3](https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3)) [skip release] ([#8237](https://github.com/parse-community/parse-server/issues/8237)) ([4c1befa](4c1befabf2))
* session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp)) [skip release] ([#8181](https://github.com/parse-community/parse-server/issues/8181)) ([83cdc89](83cdc89be9))
* websocket connection of LiveQuery interrupts frequently ([#8048](https://github.com/parse-community/parse-server/issues/8048)) ([03caae1](03caae1e61))

### Features

* add MongoDB 5.1 compatibility ([#7682](https://github.com/parse-community/parse-server/issues/7682)) ([022a856](022a85619d))
* add MongoDB 5.2 support ([#7894](https://github.com/parse-community/parse-server/issues/7894)) ([5bfa716](5bfa7160d9))
* add support for Node 17 and 18 ([#7896](https://github.com/parse-community/parse-server/issues/7896)) ([3e9f292](3e9f292d84))
* align file trigger syntax with class trigger; use the new syntax `Parse.Cloud.beforeSave(Parse.File, (request) => {})`, the old syntax `Parse.Cloud.beforeSaveFile((request) => {})` has been deprecated ([#7966](https://github.com/parse-community/parse-server/issues/7966)) ([c6dcad8](c6dcad8d16))
* replace GraphQL Apollo with GraphQL Yoga ([#7967](https://github.com/parse-community/parse-server/issues/7967)) ([1aa2204](1aa2204aeb))
* selectively enable / disable default authentication adapters ([#7953](https://github.com/parse-community/parse-server/issues/7953)) ([c1e808f](c1e808f9e8))
* upgrade mongodb from 4.4.1 to 4.5.0 ([#7991](https://github.com/parse-community/parse-server/issues/7991)) ([e692b5d](e692b5dd82))

### Performance Improvements

* reduce database operations when using the constant parameter in Cloud Function validation ([#7892](https://github.com/parse-community/parse-server/issues/7892)) ([041197f](041197fb4c))
 2022-10-29 19:11:33 +00:00
semantic-release-bot
8011b2fdac chore(release): 5.2.8 [skip ci] 
## [5.2.8](https://github.com/parse-community/parse-server/compare/5.2.7...5.2.8) (2022-10-14)

### Bug Fixes

* server crashes when receiving file download request with invalid byte range; this fixes a security vulnerability that allows an attacker to impact the availability of the server instance; the fix improves parsing of the range parameter to properly handle invalid range requests ([GHSA-h423-w6qv-2wj3](https://github.com/parse-community/parse-server/security/advisories/GHSA-h423-w6qv-2wj3)) ([#8235](https://github.com/parse-community/parse-server/issues/8235)) ([066f296](066f29673a))
 2022-10-14 22:55:38 +00:00
semantic-release-bot
e6dc487963 chore(release): 5.2.7 [skip ci] 
## [5.2.7](https://github.com/parse-community/parse-server/compare/5.2.6...5.2.7) (2022-09-20)

### Bug Fixes

* authentication adapter app ID validation may be circumvented; this fixes a vulnerability that affects configurations which allow users to authenticate using the Parse Server authentication adapter for *Facebook* or *Spotify* and where the server-side authentication adapter configuration `appIds` is set as a string (e.g. `abc`) instead of an array of strings (e.g. `["abc"]`) ([GHSA-r657-33vp-gp22](https://github.com/parse-community/parse-server/security/advisories/GHSA-r657-33vp-gp22)) ([#8185](https://github.com/parse-community/parse-server/issues/8185)) ([ecf0814](ecf0814499))
 2022-09-20 20:43:51 +00:00
semantic-release-bot
7aac70cca6 chore(release): 5.2.6 [skip ci] 
## [5.2.6](https://github.com/parse-community/parse-server/compare/5.2.5...5.2.6) (2022-09-20)

### Bug Fixes

* session object properties can be updated by foreign user; this fixes a security vulnerability in which a foreign user can write to the session object of another user if the session object ID is known; the fix prevents writing to foreign session objects ([GHSA-6w4q-23cf-j9jp](https://github.com/parse-community/parse-server/security/advisories/GHSA-6w4q-23cf-j9jp)) ([#8182](https://github.com/parse-community/parse-server/issues/8182)) ([6d0b2f5](6d0b2f5346))
 2022-09-20 00:27:18 +00:00
semantic-release-bot
83fd16c1b9 chore(release): 5.2.5 [skip ci] 
## [5.2.5](https://github.com/parse-community/parse-server/compare/5.2.4...5.2.5) (2022-09-02)

### Bug Fixes

* brute force guessing of user sensitive data via search patterns; this fixes a security vulnerability in which internal and protected fields may be used as query constraints to guess the value of these fields and obtain sensitive data (GHSA-2m6g-crv8-p3c6) ([#8144](https://github.com/parse-community/parse-server/issues/8144)) ([e39d51b](e39d51bd32))
 2022-09-02 19:20:39 +00:00
semantic-release-bot
e42be5c526 chore(release): 5.2.4 [skip ci] 
## [5.2.4](https://github.com/parse-community/parse-server/compare/5.2.3...5.2.4) (2022-06-30)

### Bug Fixes

* protected fields exposed via LiveQuery; this removes protected fields from the client response; this may be a breaking change if your app is currently expecting to receive these protected fields ([GHSA-crrq-vr9j-fxxh](https://github.com/parse-community/parse-server/security/advisories/GHSA-crrq-vr9j-fxxh)) (https://github.com/parse-community/parse-server/pull/8074) ([#8073](https://github.com/parse-community/parse-server/issues/8073)) ([309f64c](309f64ced8))
 2022-06-30 10:46:12 +00:00
semantic-release-bot
eb2952fff7 chore(release): 5.2.3 [skip ci] 
## [5.2.3](https://github.com/parse-community/parse-server/compare/5.2.2...5.2.3) (2022-06-17)

### Bug Fixes

* invalid file request not properly handled; this fixes a security vulnerability in which an invalid file request can crash the server ([GHSA-xw6g-jjvf-wwf9](https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9)) ([#8060](https://github.com/parse-community/parse-server/issues/8060)) ([5be375d](5be375dec2))
 2022-06-17 23:40:39 +00:00
semantic-release-bot
ed0baa87af chore(release): 5.2.2 [skip ci] 
## [5.2.2](https://github.com/parse-community/parse-server/compare/5.2.1...5.2.2) (2022-06-17)

### Bug Fixes

* certificate in Apple Game Center auth adapter not validated; this fixes a security vulnerability in which authentication could be bypassed using a fake certificate; if you are using the Apple Gamer Center auth adapter it is your responsibility to keep its root certificate up-to-date and we advice you read the security advisory ([GHSA-rh9j-f5f8-rvgc](https://github.com/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc)) ([ba2b0a9](ba2b0a9cb9))
 2022-06-17 16:36:47 +00:00
semantic-release-bot
a8aef820af chore(release): 5.2.1 [skip ci] 
## [5.2.1](https://github.com/parse-community/parse-server/compare/5.2.0...5.2.1) (2022-05-01)

### Bug Fixes

* authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter (GHSA-qf8x-vqjv-92gr) ([#7962](https://github.com/parse-community/parse-server/issues/7962)) ([af4a041](af4a0417a9))
 2022-05-01 00:31:48 +00:00
semantic-release-bot
852bb4782a chore(release): 5.2.0 [skip ci] 
# [5.2.0](https://github.com/parse-community/parse-server/compare/5.1.1...5.2.0) (2022-03-24)

### Bug Fixes

* security bump minimist from 1.2.5 to 1.2.6 ([#7884](https://github.com/parse-community/parse-server/issues/7884)) ([c5cf282](c5cf282d11))
* sensitive keyword detection may produce false positives ([#7881](https://github.com/parse-community/parse-server/issues/7881)) ([0d6f9e9](0d6f9e951d))

### Features

* improved LiveQuery error logging with additional information ([#7837](https://github.com/parse-community/parse-server/issues/7837)) ([443a509](443a509905))
 2022-03-24 18:23:57 +00:00
semantic-release-bot
01096b360a chore(release): 5.1.1 [skip ci] 
## [5.1.1](https://github.com/parse-community/parse-server/compare/5.1.0...5.1.1) (2022-03-18)

### Reverts

* ci: temporarily disable breaking change detection ([#7861](https://github.com/parse-community/parse-server/issues/7861)) ([effed92](effed92cab))
 2022-03-18 15:14:57 +00:00
Manuel
9cdc6ca5b3 docs: update changelog (#7864) 2022-03-18 16:06:49 +01:00
semantic-release-bot
158a974c89 chore(release): 5.1.0 [skip ci] 
# [5.1.0](https://github.com/parse-community/parse-server/compare/5.0.0...5.1.0) (2022-03-18)

### Bug Fixes

* adding or modifying a nested property requires addField permissions ([#7679](https://github.com/parse-community/parse-server/issues/7679)) ([6a6248b](6a6248b6cb))
* bump nanoid from 3.1.25 to 3.2.0 ([#7781](https://github.com/parse-community/parse-server/issues/7781)) ([f5f63bf](f5f63bfc64))
* bump node-fetch from 2.6.1 to 3.1.1 ([#7782](https://github.com/parse-community/parse-server/issues/7782)) ([9082351](9082351411))
* node engine compatibility did not include node 16 ([#7739](https://github.com/parse-community/parse-server/issues/7739)) ([ea7c014](ea7c01400f))
* node engine range has no upper limit to exclude incompatible node versions ([#7692](https://github.com/parse-community/parse-server/issues/7692)) ([573558d](573558d3ad))
* package.json & package-lock.json to reduce vulnerabilities ([#7823](https://github.com/parse-community/parse-server/issues/7823)) ([5ca2288](5ca2288823))
* schema cache not cleared in some cases ([#7678](https://github.com/parse-community/parse-server/issues/7678)) ([5af6e5d](5af6e5dfaa))
* security upgrade follow-redirects from 1.14.6 to 1.14.7 ([#7769](https://github.com/parse-community/parse-server/issues/7769)) ([8f5a861](8f5a8618cf))
* security upgrade follow-redirects from 1.14.7 to 1.14.8 ([#7801](https://github.com/parse-community/parse-server/issues/7801)) ([70088a9](70088a95a7))
* security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) ([#7844](https://github.com/parse-community/parse-server/issues/7844)) ([e569f40](e569f402b1))
* server crash using GraphQL due to missing @apollo/client peer dependency ([#7787](https://github.com/parse-community/parse-server/issues/7787)) ([08089d6](08089d6fcb))
* unable to use objectId size higher than 19 on GraphQL API ([#7627](https://github.com/parse-community/parse-server/issues/7627)) ([ed86c80](ed86c80772))
* upgrade mime from 2.5.2 to 3.0.0 ([#7725](https://github.com/parse-community/parse-server/issues/7725)) ([f5ef98b](f5ef98bde3))
* upgrade parse from 3.3.1 to 3.4.0 ([#7723](https://github.com/parse-community/parse-server/issues/7723)) ([d4c1f47](d4c1f47307))
* upgrade winston from 3.5.0 to 3.5.1 ([#7820](https://github.com/parse-community/parse-server/issues/7820)) ([4af253d](4af253d1f8))

### Features

* add Cloud Code context to `ParseObject.fetch` ([#7779](https://github.com/parse-community/parse-server/issues/7779)) ([315290d](315290d161))
* add Idempotency to Postgres ([#7750](https://github.com/parse-community/parse-server/issues/7750)) ([0c3feaa](0c3feaaa17))
* add support for Node 16 ([#7707](https://github.com/parse-community/parse-server/issues/7707)) ([45cc58c](45cc58c7e5))
* bump required node engine to >=12.22.10 ([#7846](https://github.com/parse-community/parse-server/issues/7846)) ([5ace99d](5ace99d542))
* support `postgresql` protocol in database URI ([#7757](https://github.com/parse-community/parse-server/issues/7757)) ([caf4a23](caf4a2341f))
* support relativeTime query constraint on Postgres ([#7747](https://github.com/parse-community/parse-server/issues/7747)) ([16b1b2a](16b1b2a197))
* upgrade to MongoDB Node.js driver 4.x for MongoDB 5.0 support ([#7794](https://github.com/parse-community/parse-server/issues/7794)) ([f88aa2a](f88aa2a62a))

### Reverts

* refactor: allow ES import for cloud string if package type is module ([b64640c](b64640c570))
* update node engine to 2.22.0 ([#7827](https://github.com/parse-community/parse-server/issues/7827)) ([f235412](f235412c1b))
 2022-03-18 14:48:03 +00:00
Manuel
79e00e1dee docs: update changelog (#7855) 2022-03-14 13:57:39 +01:00
semantic-release-bot
46c9a91627 chore(release): 5.0.0 [skip ci] 
# [5.0.0](https://github.com/parse-community/parse-server/compare/4.5.0...5.0.0) (2022-03-14)

### Bug Fixes

* add deprecation warning for `Parse.Cloud.httpRequest` ([#7595](https://github.com/parse-community/parse-server/issues/7595)) ([ab1dddd](ab1dddd406))
* add support for descending sorting of full text search ([#7496](https://github.com/parse-community/parse-server/issues/7496)) ([8ed9442](8ed94421e6))
* allow LiveQuery on Parse.Session ([#7554](https://github.com/parse-community/parse-server/issues/7554)) ([caee281](caee281bc5))
* combined `and` query with relational query condition returns incorrect results ([#7593](https://github.com/parse-community/parse-server/issues/7593)) ([174886e](174886e385))
* empty file tags cause upload error for some providers ([#7300](https://github.com/parse-community/parse-server/issues/7300)) ([4d16702](4d167026ae))
* **Logger:** Handle interpolating stdout ([#7114](https://github.com/parse-community/parse-server/issues/7114)) ([1ede078](1ede078154))
* improve security by deprecating creating users with public access by default ([#7319](https://github.com/parse-community/parse-server/issues/7319)) ([484c2e8](484c2e81ca))
* node engine range has no upper limit to exclude incompatible node versions ([#7693](https://github.com/parse-community/parse-server/issues/7693)) ([6a54dac](6a54dac24d))
* package.json & package-lock.json to reduce vulnerabilities ([#7112](https://github.com/parse-community/parse-server/issues/7112)) ([7b8d8dd](7b8d8ddbb0))
* package.json & package-lock.json to reduce vulnerabilities ([#7218](https://github.com/parse-community/parse-server/issues/7218)) ([0476832](047683219d))
* package.json & package-lock.json to reduce vulnerabilities ([#7373](https://github.com/parse-community/parse-server/issues/7373)) ([b6843de](b6843de904))
* package.json & package-lock.json to reduce vulnerabilities ([#7405](https://github.com/parse-community/parse-server/issues/7405)) ([d915bac](d915bacee7))
* package.json & package-lock.json to reduce vulnerabilities ([#7423](https://github.com/parse-community/parse-server/issues/7423)) ([bea4707](bea4707783))
* package.json & package-lock.json to reduce vulnerabilities ([#7509](https://github.com/parse-community/parse-server/issues/7509)) ([65c967a](65c967a4c4))
* Pass customObjectId in beforeSave ([#7167](https://github.com/parse-community/parse-server/issues/7167)) ([7224cde](7224cde023)), closes [#6733](https://github.com/parse-community/parse-server/issues/6733)
* **utils:** permutation helper ([#7355](https://github.com/parse-community/parse-server/issues/7355)) ([91be6bb](91be6bb59a))
* schema cache not cleared in some cases ([#7771](https://github.com/parse-community/parse-server/issues/7771)) ([3b92fa1](3b92fa1ca9))
* security upgrade follow-redirects from 1.14.2 to 1.14.7 ([#7772](https://github.com/parse-community/parse-server/issues/7772)) ([4bd34b1](4bd34b189b))
* security upgrade follow-redirects from 1.14.7 to 1.14.8 ([#7802](https://github.com/parse-community/parse-server/issues/7802)) ([7029b27](7029b274ca))
* security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) ([#7843](https://github.com/parse-community/parse-server/issues/7843)) ([971adb5](971adb5438))
* set objects in afterFind triggers ([#7311](https://github.com/parse-community/parse-server/issues/7311)) ([68a3a87](68a3a87501))
* setting a field to null does not delete it via GraphQL API ([#7649](https://github.com/parse-community/parse-server/issues/7649)) ([626fad2](626fad2e71))
* unable to use objectId size higher than 19 on GraphQL API ([#7722](https://github.com/parse-community/parse-server/issues/7722)) ([8ee0445](8ee0445c0a))
* upgrade @apollographql/graphql-playground-html from 1.6.26 to 1.6.27 ([#7274](https://github.com/parse-community/parse-server/issues/7274)) ([a05e9b1](a05e9b1c0f))
* upgrade @apollographql/graphql-playground-html from 1.6.27 to 1.6.28 ([#7411](https://github.com/parse-community/parse-server/issues/7411)) ([c58bf57](c58bf57f51))
* upgrade @apollographql/graphql-playground-html from 1.6.28 to 1.6.29 ([#7473](https://github.com/parse-community/parse-server/issues/7473)) ([39f7c83](39f7c831e6))
* upgrade @parse/simple-mailgun-adapter from 1.1.0 to 1.2.0 ([#7109](https://github.com/parse-community/parse-server/issues/7109)) ([8ff0d08](8ff0d08dcf))
* upgrade apollo-server-express from 2.19.0 to 2.19.1 ([#7122](https://github.com/parse-community/parse-server/issues/7122)) ([33bdd87](33bdd87092))
* upgrade apollo-server-express from 2.19.1 to 2.19.2 ([#7165](https://github.com/parse-community/parse-server/issues/7165)) ([4b6e9ff](4b6e9ffc3d))
* upgrade apollo-server-express from 2.19.2 to 2.20.0 ([#7239](https://github.com/parse-community/parse-server/issues/7239)) ([d10e990](d10e99007b))
* upgrade apollo-server-express from 2.21.0 to 2.21.1 ([#7308](https://github.com/parse-community/parse-server/issues/7308)) ([3dc4597](3dc459746d))
* upgrade apollo-server-express from 2.21.1 to 2.22.1 ([#7357](https://github.com/parse-community/parse-server/issues/7357)) ([25690ad](25690ad515))
* upgrade apollo-server-express from 2.22.1 to 2.22.2 ([#7362](https://github.com/parse-community/parse-server/issues/7362)) ([181fbf9](181fbf9d46))
* upgrade apollo-server-express from 2.22.2 to 2.23.0 ([#7380](https://github.com/parse-community/parse-server/issues/7380)) ([87476da](87476da31e))
* upgrade apollo-server-express from 2.23.0 to 2.24.0 ([#7395](https://github.com/parse-community/parse-server/issues/7395)) ([ff5755b](ff5755b05a))
* upgrade apollo-server-express from 2.24.0 to 2.24.1 ([#7424](https://github.com/parse-community/parse-server/issues/7424)) ([bfdb6a9](bfdb6a93e8))
* upgrade apollo-server-express from 2.24.1 to 2.25.0 ([#7435](https://github.com/parse-community/parse-server/issues/7435)) ([4e5eba6](4e5eba6c6c))
* upgrade apollo-server-express from 2.25.0 to 2.25.1 ([#7449](https://github.com/parse-community/parse-server/issues/7449)) ([682f1bf](682f1bf143))
* upgrade apollo-server-express from 2.25.1 to 2.25.2 ([#7465](https://github.com/parse-community/parse-server/issues/7465)) ([1fe4708](1fe47087a9))
* upgrade follow-redirects from 1.13.0 to 1.13.1 ([#7106](https://github.com/parse-community/parse-server/issues/7106)) ([16b4aad](16b4aadfe2))
* upgrade follow-redirects from 1.13.1 to 1.13.2 ([#7194](https://github.com/parse-community/parse-server/issues/7194)) ([738ba9f](738ba9fc70))
* upgrade follow-redirects from 1.13.2 to 1.13.3 ([#7285](https://github.com/parse-community/parse-server/issues/7285)) ([d144819](d144819d21))
* upgrade follow-redirects from 1.13.3 to 1.14.0 ([#7389](https://github.com/parse-community/parse-server/issues/7389)) ([38c01c6](38c01c6bc3))
* upgrade follow-redirects from 1.14.0 to 1.14.1 ([#7408](https://github.com/parse-community/parse-server/issues/7408)) ([8976ecc](8976ecc4a9))
* upgrade graphql from 15.4.0 to 15.5.0 ([#7201](https://github.com/parse-community/parse-server/issues/7201)) ([5a09687](5a0968721d))
* upgrade graphql from 15.5.0 to 15.5.1 ([#7462](https://github.com/parse-community/parse-server/issues/7462)) ([bbd7ee7](bbd7ee7313))
* upgrade graphql from 15.5.1 to 15.5.2 ([#7587](https://github.com/parse-community/parse-server/issues/7587)) ([dee4d96](dee4d96627))
* upgrade graphql from 15.5.2 to 15.5.3 ([#7596](https://github.com/parse-community/parse-server/issues/7596)) ([bcbc035](bcbc035627))
* upgrade graphql from 15.5.3 to 15.6.0 ([#7612](https://github.com/parse-community/parse-server/issues/7612)) ([407ed6e](407ed6ee36))
* upgrade graphql-relay from 0.6.0 to 0.7.0 ([#7443](https://github.com/parse-community/parse-server/issues/7443)) ([770e36f](770e36ff43))
* upgrade graphql-relay from 0.7.0 to 0.8.0 ([#7467](https://github.com/parse-community/parse-server/issues/7467)) ([9923cd3](9923cd3869))
* upgrade graphql-tag from 2.10.1 to 2.12.0 ([#7234](https://github.com/parse-community/parse-server/issues/7234)) ([add67fd](add67fdd22))
* upgrade graphql-tag from 2.12.0 to 2.12.1 ([#7282](https://github.com/parse-community/parse-server/issues/7282)) ([36de1db](36de1db65d))
* upgrade graphql-tag from 2.12.1 to 2.12.2 ([#7325](https://github.com/parse-community/parse-server/issues/7325)) ([50e5557](50e55571fd))
* upgrade graphql-tag from 2.12.2 to 2.12.4 ([#7396](https://github.com/parse-community/parse-server/issues/7396)) ([8099cb0](8099cb05a4))
* upgrade graphql-tag from 2.12.4 to 2.12.5 ([#7466](https://github.com/parse-community/parse-server/issues/7466)) ([2b3355c](2b3355cb02))
* upgrade jwks-rsa from 1.11.0 to 1.12.0 ([#7102](https://github.com/parse-community/parse-server/issues/7102)) ([029edbf](029edbf706))
* upgrade jwks-rsa from 1.12.1 to 1.12.2 ([#7147](https://github.com/parse-community/parse-server/issues/7147)) ([bcb2b52](bcb2b52f7a))
* upgrade jwks-rsa from 1.12.2 to 1.12.3 ([#7284](https://github.com/parse-community/parse-server/issues/7284)) ([a53d74c](a53d74c13b))
* upgrade ldapjs from 2.2.2 to 2.2.3 ([#7095](https://github.com/parse-community/parse-server/issues/7095)) ([fb465e5](fb465e599e))
* upgrade ldapjs from 2.2.3 to 2.2.4 ([#7275](https://github.com/parse-community/parse-server/issues/7275)) ([35f0c55](35f0c55e93))
* upgrade ldapjs from 2.2.4 to 2.3.0 ([#7436](https://github.com/parse-community/parse-server/issues/7436)) ([7df6c02](7df6c020b1))
* upgrade ldapjs from 2.3.0 to 2.3.1 ([#7524](https://github.com/parse-community/parse-server/issues/7524)) ([dee5a13](dee5a13a85))
* upgrade mime from 2.4.6 to 2.4.7 ([#7110](https://github.com/parse-community/parse-server/issues/7110)) ([fefcabe](fefcabe858))
* upgrade mime from 2.4.7 to 2.5.0 ([#7166](https://github.com/parse-community/parse-server/issues/7166)) ([6097e82](6097e82194))
* upgrade mime from 2.5.0 to 2.5.2 ([#7261](https://github.com/parse-community/parse-server/issues/7261)) ([687f4b7](687f4b7cf2))
* upgrade mongodb from 3.6.6 to 3.6.7 ([#7425](https://github.com/parse-community/parse-server/issues/7425)) ([61affe2](61affe2629))
* upgrade mongodb from 3.6.7 to 3.6.8 ([#7430](https://github.com/parse-community/parse-server/issues/7430)) ([c36588e](c36588e3c2))
* upgrade mongodb from 3.6.8 to 3.6.9 ([#7445](https://github.com/parse-community/parse-server/issues/7445)) ([17cf1a4](17cf1a46e5))
* upgrade mongodb from 3.6.9 to 3.6.10 ([#7474](https://github.com/parse-community/parse-server/issues/7474)) ([45d29cc](45d29cc58c))
* upgrade mustache from 4.1.0 to 4.2.0 ([#7358](https://github.com/parse-community/parse-server/issues/7358)) ([94b7b32](94b7b32006))
* upgrade parse from 3.1.0 to 3.2.0 ([#7378](https://github.com/parse-community/parse-server/issues/7378)) ([e9f54e2](e9f54e2bdd))
* upgrade pg-promise from 10.10.1 to 10.10.2 ([#7399](https://github.com/parse-community/parse-server/issues/7399)) ([d365f1f](d365f1f7cb))
* upgrade pg-promise from 10.10.2 to 10.11.0 ([#7510](https://github.com/parse-community/parse-server/issues/7510)) ([a967e79](a967e79219))
* upgrade pg-promise from 10.8.1 to 10.8.6 ([#7118](https://github.com/parse-community/parse-server/issues/7118)) ([8851810](8851810a85))
* upgrade pg-promise from 10.8.6 to 10.8.7 ([#7148](https://github.com/parse-community/parse-server/issues/7148)) ([231c669](231c669133))
* upgrade pg-promise from 10.8.7 to 10.9.0 ([#7168](https://github.com/parse-community/parse-server/issues/7168)) ([fcacd4d](fcacd4d24e))
* upgrade pg-promise from 10.9.0 to 10.9.1 ([#7170](https://github.com/parse-community/parse-server/issues/7170)) ([cca493b](cca493b9fb))
* upgrade pg-promise from 10.9.1 to 10.9.2 ([#7209](https://github.com/parse-community/parse-server/issues/7209)) ([c05102b](c05102b90c))
* upgrade redis from 3.1.1 to 3.1.2 ([#7387](https://github.com/parse-community/parse-server/issues/7387)) ([f65bd22](f65bd228fb))
* upgrade semver from 7.3.2 to 7.3.4 ([#7092](https://github.com/parse-community/parse-server/issues/7092)) ([7e687b1](7e687b1e94))
* upgrade subscriptions-transport-ws from 0.9.19 to 0.10.0 ([#7450](https://github.com/parse-community/parse-server/issues/7450)) ([d36a53b](d36a53b2bf))
* upgrade uuid from 8.3.1 to 8.3.2 ([#7101](https://github.com/parse-community/parse-server/issues/7101)) ([f17a063](f17a063209))
* upgrade winston-daily-rotate-file from 4.5.0 to 4.5.1 ([#7309](https://github.com/parse-community/parse-server/issues/7309)) ([8643ae4](8643ae438f))
* upgrade winston-daily-rotate-file from 4.5.1 to 4.5.2 ([#7376](https://github.com/parse-community/parse-server/issues/7376)) ([e143fb1](e143fb1bf6))
* upgrade winston-daily-rotate-file from 4.5.2 to 4.5.3 ([#7398](https://github.com/parse-community/parse-server/issues/7398)) ([e9d8ed4](e9d8ed4acb))
* upgrade winston-daily-rotate-file from 4.5.3 to 4.5.4 ([#7402](https://github.com/parse-community/parse-server/issues/7402)) ([4f80a5f](4f80a5f4af))
* upgrade winston-daily-rotate-file from 4.5.4 to 4.5.5 ([#7407](https://github.com/parse-community/parse-server/issues/7407)) ([5abbeeb](5abbeeb8d1))
* upgrade ws from 7.4.0 to 7.4.1 ([#7098](https://github.com/parse-community/parse-server/issues/7098)) ([1068838](106883809c))
* upgrade ws from 7.4.1 to 7.4.2 ([#7132](https://github.com/parse-community/parse-server/issues/7132)) ([857d4ec](857d4ecfd5))
* upgrade ws from 7.4.2 to 7.4.3 ([#7224](https://github.com/parse-community/parse-server/issues/7224)) ([ec8f784](ec8f78424f))
* upgrade ws from 7.4.3 to 7.4.4 ([#7298](https://github.com/parse-community/parse-server/issues/7298)) ([a080e4c](a080e4c766))
* upgrade ws from 7.4.4 to 7.4.5 ([#7381](https://github.com/parse-community/parse-server/issues/7381)) ([34f3dd9](34f3dd9e7e))
* upgrade ws from 7.5.3 to 8.2.1 ([#7580](https://github.com/parse-community/parse-server/issues/7580)) ([c3da290](c3da2908fa))
* upgrade ws from 8.2.1 to 8.2.2 ([#7598](https://github.com/parse-community/parse-server/issues/7598)) ([20cb333](20cb3333ab))

### Features

* add support for Postgres 14 ([#7644](https://github.com/parse-community/parse-server/issues/7644)) ([090350a](090350a7a0))
* add user-defined schema and migrations ([#7418](https://github.com/parse-community/parse-server/issues/7418)) ([25d5c30](25d5c30be2))
* alphabetical graphql api, fix internal reassign, enhanced Graphql schema cache system ([#7344](https://github.com/parse-community/parse-server/issues/7344)) ([85ef721](85ef7217b0))
* bump required node engine to >=12.22.10 ([#7848](https://github.com/parse-community/parse-server/issues/7848)) ([23a3488](23a3488f15))
* **LiveQuery:** Support $and, $nor, $containedBy, $geoWithin ([#7113](https://github.com/parse-community/parse-server/issues/7113)) ([93781b2](93781b2195))
* **AggregateRouter:** support native mongodb syntax in aggregation pipelines ([#7339](https://github.com/parse-community/parse-server/issues/7339)) ([8fddac3](8fddac39bf))

### Reverts

* refactor: allow ES import for cloud string if package type is module ([#7691](https://github.com/parse-community/parse-server/issues/7691)) ([200d4ba](200d4ba9a5))

### BREAKING CHANGES

* This requires Node.js version >=12.22.10. ([23a3488](23a3488))
* To delete a field via the GraphQL API, the field value has to be set to `null`. Previously, setting a field value to `null` would save a null value in the database, which was not according to the [GraphQL specs](https://spec.graphql.org/June2018/#sec-Null-Value). To delete a file field use `file: null`, the previous way of using `file: { file: null }` has become obsolete. ([626fad2](626fad2))
 2022-03-14 12:43:23 +00:00
Manuel
d3e914280d ci: add release automation (#7656) 2021-10-27 02:53:46 +02:00