joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,139 Commits 2 Branches 18 Tags
46e2760a46da8fb178dfc87a4e67eebd4a9bcdb2
Commit Graph

4139 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
semantic-release-bot
83fd16c1b9 chore(release): 5.2.5 [skip ci] 
## [5.2.5](https://github.com/parse-community/parse-server/compare/5.2.4...5.2.5) (2022-09-02)

### Bug Fixes

* brute force guessing of user sensitive data via search patterns; this fixes a security vulnerability in which internal and protected fields may be used as query constraints to guess the value of these fields and obtain sensitive data (GHSA-2m6g-crv8-p3c6) ([#8144](https://github.com/parse-community/parse-server/issues/8144)) ([e39d51b](e39d51bd32))
 2022-09-02 19:20:39 +00:00
Manuel
e39d51bd32 fix: brute force guessing of user sensitive data via search patterns; this fixes a security vulnerability in which internal and protected fields may be used as query constraints to guess the value of these fields and obtain sensitive data (GHSA-2m6g-crv8-p3c6) (#8144) 2022-09-02 21:13:18 +02:00
Snyk bot
5432082d82 refactor: upgrade @graphql-tools/merge from 8.3.2 to 8.3.3 (#8141) 2022-09-02 18:49:04 +02:00
Snyk bot
3de466ba9b refactor: upgrade @graphql-tools/schema from 8.5.1 to 9.0.0 (#8138) 2022-09-02 17:37:40 +02:00
Snyk bot
82eb4613d9 refactor: upgrade @graphql-tools/utils from 8.9.0 to 8.9.1 (#8140) 2022-08-31 19:19:10 +02:00
Snyk bot
276c32a0dd refactor: upgrade @graphql-tools/merge from 8.3.1 to 8.3.2 (#8139) 2022-08-31 13:24:47 +02:00
Snyk bot
4de1c9bdd5 refactor: upgrade @graphql-tools/schema from 8.5.0 to 8.5.1 (#8130) 2022-08-25 14:03:01 +02:00
Snyk bot
0287098ef5 refactor: upgrade @graphql-tools/merge from 8.3.0 to 8.3.1 (#8131) 2022-08-22 19:55:17 +02:00
Snyk bot
ef5d59d784 refactor: upgrade @graphql-tools/utils from 8.6.13 to 8.9.0 (#8129) 2022-08-19 12:42:11 +02:00
dependabot[bot]
1db432db51 refactor: bump semver-regex and husky (#8134) 2022-08-19 00:31:14 +02:00
dependabot[bot]
54649eca67 refactor: upgrade @actions/core from 1.2.6 to 1.9.1 (#8132) 2022-08-18 23:57:20 +02:00
dependabot[bot]
f693b55b1c refactor: upgrade undici from 5.8.0 to 5.9.1 (#8133) 2022-08-18 22:25:22 +02:00
Manuel
5c2d2c5193 refactor: upgrade ws from 8.8.0 to 8.8.1 (#8123) 2022-08-06 16:15:13 +02:00
semantic-release-bot
eef750aa3e chore(release): 5.3.0-alpha.21 [skip ci] 
# [5.3.0-alpha.21](https://github.com/parse-community/parse-server/compare/5.3.0-alpha.20...5.3.0-alpha.21) (2022-08-05)

### Bug Fixes

* internal indices for classes `_Idempotency` and `_Role` are not protected in defined schema ([#8121](https://github.com/parse-community/parse-server/issues/8121)) ([c16f529](c16f529f74))
 2022-08-05 09:34:45 +00:00
Antoine Cormouls
c16f529f74 fix: internal indices for classes _Idempotency and _Role are not protected in defined schema (#8121) 2022-08-05 11:25:02 +02:00
Snyk bot
3351ca7cec refactor: upgrade lru-cache from 7.10.2 to 7.12.0 (#8114) 2022-07-27 01:37:32 +02:00
Antonio Davi Macedo Coelho de Castro
2ea4e37a37 refactor: upgrade ldapjs from 2.3.2 to 2.3.3 (#8091) 2022-07-25 23:59:31 +02:00
Snyk bot
1246551be3 refactor: upgrade lru-cache from 7.10.1 to 7.10.2 (#8102) 2022-07-25 14:09:27 +02:00
semantic-release-bot
145008c7d1 chore(release): 5.3.0-alpha.20 [skip ci] 
# [5.3.0-alpha.20](https://github.com/parse-community/parse-server/compare/5.3.0-alpha.19...5.3.0-alpha.20) (2022-07-22)

### Bug Fixes

* security upgrade undici from 5.6.0 to 5.8.0 ([#8108](https://github.com/parse-community/parse-server/issues/8108)) ([4aa016b](4aa016b732))
 2022-07-22 18:18:50 +00:00
dependabot[bot]
4aa016b732 fix: security upgrade undici from 5.6.0 to 5.8.0 (#8108) 2022-07-22 20:11:21 +02:00
Snyk bot
a96e15b3f7 refactor: upgrade @graphql-tools/merge from 8.2.15 to 8.3.0 (#8106) 2022-07-21 00:27:35 +02:00
Snyk bot
861fb211c7 refactor: upgrade @graphql-tools/schema from 8.3.14 to 8.5.0 (#8104) 2022-07-19 18:34:00 +02:00
Snyk bot
266011c5a5 refactor: upgrade winston from 3.7.2 to 3.8.0 (#8103) 2022-07-17 13:37:15 +02:00
dependabot[bot]
e93a0aab57 refactor: bump moment from 2.29.3 to 2.29.4 (#8101) 2022-07-15 22:39:48 +02:00
Snyk bot
24fe6dc939 refactor: upgrade @graphql-tools/merge from 8.2.14 to 8.2.15 (#8100) 2022-07-15 12:55:10 +02:00
dependabot[bot]
38ba9b4f47 refactor: bump undici from 5.2.0 to 5.6.0 (#8094) 2022-07-03 13:45:01 +02:00
semantic-release-bot
e3f634e740 chore(release): 5.3.0-alpha.19 [skip ci] 
# [5.3.0-alpha.19](https://github.com/parse-community/parse-server/compare/5.3.0-alpha.18...5.3.0-alpha.19) (2022-07-03)

### Bug Fixes

* certificate in Apple Game Center auth adapter not validated [skip release] ([#8058](https://github.com/parse-community/parse-server/issues/8058)) ([75af9a2](75af9a26cc))
* graphQL query ignores condition `equalTo` with value `false` ([#8032](https://github.com/parse-community/parse-server/issues/8032)) ([7f5a15d](7f5a15d5df))
* invalid file request not properly handled [skip release] ([#8062](https://github.com/parse-community/parse-server/issues/8062)) ([4c9e956](4c9e95674a))
* protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] ([#8076](https://github.com/parse-community/parse-server/issues/8076)) ([9fd4516](9fd4516cde))
 2022-07-03 10:30:00 +00:00
Jong Eun Lee
7f5a15d5df fix: graphQL query ignores condition equalTo with value false (#8032) 2022-07-03 12:13:10 +02:00
Diamond Lewis
6e68656629 refactor: upgrade @graphql-tools/merge from 8.2.13 to 8.2.14 (#8085) 2022-07-03 11:33:30 +02:00
Antonio Davi Macedo Coelho de Castro
0d16a64eea refactor: upgrade ws from 8.7.0 to 8.8.0 (#8092) 2022-07-02 11:36:03 +02:00
Diamond Lewis
abd8536f48 refactor: upgrade @graphql-tools/utils from 8.6.12 to 8.6.13 (#8086) 2022-06-30 23:50:12 +02:00
Diamond Lewis
65ce27440a refactor: upgrade @graphql-tools/schema from 8.3.13 to 8.3.14 (#8087) 2022-06-30 16:41:34 +02:00
Manuel
9fd4516cde fix: protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] (#8076) 2022-06-30 13:01:40 +02:00
Manuel
636d16e0f9 fix: protected fields exposed via LiveQuery (GHSA-crrq-vr9j-fxxh) [skip release] (#8075) 2022-06-30 12:53:31 +02:00
semantic-release-bot
e42be5c526 chore(release): 5.2.4 [skip ci] 
## [5.2.4](https://github.com/parse-community/parse-server/compare/5.2.3...5.2.4) (2022-06-30)

### Bug Fixes

* protected fields exposed via LiveQuery; this removes protected fields from the client response; this may be a breaking change if your app is currently expecting to receive these protected fields ([GHSA-crrq-vr9j-fxxh](https://github.com/parse-community/parse-server/security/advisories/GHSA-crrq-vr9j-fxxh)) (https://github.com/parse-community/parse-server/pull/8074) ([#8073](https://github.com/parse-community/parse-server/issues/8073)) ([309f64c](309f64ced8))
 2022-06-30 10:46:12 +00:00
Manuel
309f64ced8 fix: protected fields exposed via LiveQuery; this removes protected fields from the client response; this may be a breaking change if your app is currently expecting to receive these protected fields ([GHSA-crrq-vr9j-fxxh](https://github.com/parse-community/parse-server/security/advisories/GHSA-crrq-vr9j-fxxh)) (https://github.com/parse-community/parse-server/pull/8074) (#8073) 2022-06-30 12:26:39 +02:00
Diamond Lewis
e8eb546c90 refactor: upgrade jwks-rsa from 2.1.3 to 2.1.4 (#8088) 2022-06-30 11:28:33 +02:00
Manuel
0fd600cf24 docs: add template and issue link requirements (#8080) 2022-06-28 11:18:02 +02:00
Manuel
35cd6910de docs: add LTS explanation and open vulnerabilities to README (#8077) 2022-06-28 10:19:48 +02:00
Manuel
7844442840 docs: add missing heading to commit message section (#8079) 2022-06-28 10:03:40 +02:00
Antonio Davi Macedo Coelho de Castro
42c9543189 refactor: upgrade winston-daily-rotate-file from 4.6.1 to 4.7.1 (#8066) 2022-06-22 22:14:03 +02:00
Snyk bot
86832b9b95 refactor: upgrade follow-redirects from 1.15.0 to 1.15.1 (#8063) 2022-06-19 15:48:12 +02:00
Snyk bot
e26beb1f5c refactor: upgrade ws from 8.6.0 to 8.7.0 (#8064) 2022-06-19 10:12:20 +02:00
Manuel
4c9e95674a fix: invalid file request not properly handled [skip release] (#8062) 2022-06-18 02:38:04 +02:00
Manuel
1a04a347cf fix: invalid file request not properly handled [skip release] (#8061) 2022-06-18 02:15:08 +02:00
semantic-release-bot
eb2952fff7 chore(release): 5.2.3 [skip ci] 
## [5.2.3](https://github.com/parse-community/parse-server/compare/5.2.2...5.2.3) (2022-06-17)

### Bug Fixes

* invalid file request not properly handled; this fixes a security vulnerability in which an invalid file request can crash the server ([GHSA-xw6g-jjvf-wwf9](https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9)) ([#8060](https://github.com/parse-community/parse-server/issues/8060)) ([5be375d](5be375dec2))
 2022-06-17 23:40:39 +00:00
Manuel
5be375dec2 fix: invalid file request not properly handled; this fixes a security vulnerability in which an invalid file request can crash the server ([GHSA-xw6g-jjvf-wwf9](https://github.com/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9)) (#8060) 2022-06-18 01:33:19 +02:00
Manuel
75af9a26cc fix: certificate in Apple Game Center auth adapter not validated [skip release] (#8058) 2022-06-17 20:22:35 +02:00
Manuel
4c2aa63fd2 fix: certificate in Apple Game Center auth adapter not validated [skip release] (#8055) 2022-06-17 19:32:30 +02:00
Manuel
4a1039679c docs: add release instructions (#8056) 2022-06-17 19:31:49 +02:00