joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
3,801 Commits 2 Branches 18 Tags
d609c727830a9062ecbc7eb2214fdff34d2143ac
Commit Graph

1198 Commits

Author SHA1 Message Date
Manuel
af4a0417a9 fix: authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter (GHSA-qf8x-vqjv-92gr) (#7962) 2022-05-01 02:28:16 +02:00
Manuel
0d6f9e951d fix: sensitive keyword detection may produce false positives (#7881) 2022-03-24 02:54:07 +01:00
dblythy
443a509905 feat: improved LiveQuery error logging with additional information (#7837) 2022-03-23 02:11:39 +01:00
Manuel Trezza
1593575a87 build: release 2022-03-18 15:17:12 +01:00
Manuel
e569f402b1 fix: security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) (#7844) 2022-03-12 14:47:23 +01:00
Manuel
971adb5438 fix: security vulnerability that allows remote code execution (GHSA-p6h4-93qp-jhcm) (#7843) 2022-03-12 13:49:57 +01:00
Antoine Cormouls
f88aa2a62a feat: upgrade to MongoDB Node.js driver 4.x for MongoDB 5.0 support (#7794) 
BREAKING CHANGE: The MongoDB GridStore adapter has been removed. By default, Parse Server already uses GridFS, so if you do not manually use the GridStore adapter, you can ignore this change.
 2022-02-06 18:30:36 +01:00
yog27ray
315290d161 feat: add Cloud Code context to ParseObject.fetch (#7779) 2022-01-25 12:40:22 +01:00
dependabot[bot]
9082351411 fix: bump node-fetch from 2.6.1 to 3.1.1 (#7782) 2022-01-22 14:31:45 +01:00
Manuel
3b92fa1ca9 fix: schema cache not cleared in some cases (#7771) 2022-01-13 03:04:49 +01:00
ThornWu
5af6e5dfaa fix: schema cache not cleared in some cases (#7678) 2022-01-13 02:03:33 +01:00
Corey
a5ffb95022 refactor: remove deprecated url.parse() method (#7751) 2022-01-06 15:26:00 +01:00
Corey
a43638f300 test: improve transaction tests to use async/await (#7759) 2022-01-04 00:49:43 +01:00
Corey
0c3feaaa17 feat: add Idempotency to Postgres (#7750) 2022-01-02 19:25:53 +01:00
Corey
7af5de4b98 test: improve PushController tests (#7760) 2022-01-02 15:51:49 +01:00
Corey
caf4a2341f feat: support postgresql protocol in database URI (#7757) 2022-01-02 15:25:43 +01:00
Corey
912edacb53 test: make GraphQL server test more reliable (#7758) 2022-01-02 14:59:00 +01:00
Corey
16b1b2a197 feat: support relativeTime query constraint on Postgres (#7747) 2022-01-02 01:10:54 +01:00
Ben Devore
6a6248b6cb fix: adding or modifying a nested property requires addField permissions (#7679) 2021-12-07 00:52:59 +01:00
Manuel
8ee0445c0a fix: unable to use objectId size higher than 19 on GraphQL API (#7722) 2021-11-27 13:36:49 +01:00
Antoine Cormouls
ed86c80772 fix: unable to use objectId size higher than 19 on GraphQL API (#7627) 2021-11-27 12:27:08 +01:00
Corey
c789f6c979 refactor: test moved to correct test group (#7717) 2021-11-25 19:16:46 +01:00
Marvin ROGER
45cc58c7e5 feat: add support for Node 16 (#7707) 
BREAKING CHANGE: Removes official Node 15 support which has reached it end-of-life date.
 2021-11-18 23:37:47 +01:00
Manuel
200d4ba9a5 revert: refactor: allow ES import for cloud string if package type is module (#7691) 
This reverts commit 0225340ccb.
 2021-11-10 16:49:47 +01:00
Manuel
b64640c570 revert: refactor: allow ES import for cloud string if package type is module 
This reverts commit 0225340ccb.
 2021-11-10 16:26:20 +01:00
Samuel Denis-D'Ortun
25d5c30be2 feat: add user-defined schema and migrations (#7418) 2021-11-01 14:28:49 +01:00
Corey
090350a7a0 feat: add support for Postgres 14 (#7644) 2021-10-31 20:49:03 +01:00
Frans Bouwmeester
28fa7167e8 test: port test changes from 4.x LTS branch; upgrade spec reporter from 6.0.0 to 7.0.0 (#7667) 2021-10-30 19:21:24 +02:00
Kingtous
174886e385 fix: combined and query with relational query condition returns incorrect results (#7593) 2021-10-29 19:03:50 +02:00
Antoine Cormouls
626fad2e71 fix: setting a field to null does not delete it via GraphQL API (#7649) 
BREAKING CHANGE: To delete a field via the GraphQL API, the field value has to be set to `null`. Previously, setting a field value to `null` would save a null value in the database, which was not according to the [GraphQL specs](https://spec.graphql.org/June2018/#sec-Null-Value). To delete a file field use `file: null`, the previous way of using `file: { file: null }` has become obsolete.
 2021-10-27 01:33:48 +02:00
dblythy
12eb6c823b refactor: replace hardcoded error codes with references (#7546) 2021-10-18 20:19:47 +02:00
Corey
b5fc0d59db ci: enable more tests on Postgres adapter (#7641) 2021-10-18 16:51:56 +02:00
Antoine Cormouls
85ef7217b0 feat: alphabetical graphql api, fix internal reassign, enhanced Graphql schema cache system (#7344) 2021-10-11 14:51:28 +02:00
dblythy
ab1dddd406 fix: add deprecation warning for Parse.Cloud.httpRequest (#7595) 2021-10-09 05:04:12 +02:00
dblythy
68a3a87501 fix: set objects in afterFind triggers (#7311) 2021-10-09 02:34:09 +02:00
Brandon Scott
197fcbda00 refactor: modernize HTTPRequest tests (#7604) 2021-10-08 22:44:40 +02:00
dblythy
caee281bc5 fix: allow LiveQuery on Parse.Session (#7554) 2021-10-08 17:24:33 +02:00
dblythy
484c2e81ca fix: improve security by deprecating creating users with public access by default (#7319) 2021-10-08 05:24:20 +02:00
dblythy
d90c1591ad test: fix failing tests after removal of session token (#7599) 2021-09-30 13:41:04 +02:00
dblythy
834ae366f9 Merge pull request from GHSA-7pr3-p5fm-8r9x 
* fix: strip sessionToken on _User LiveQuery

* delete authData

* add changelog

* Update package.json

* Update CHANGELOG.md

* add changes

* Update ParseLiveQuery.spec.js

Co-authored-by: Manuel <5673677+mtrezza@users.noreply.github.com>
 2021-09-30 04:52:12 +02:00
dblythy
8ed94421e6 fix: add support for descending sorting of full text search (#7496) 2021-09-15 16:15:08 +02:00
dblythy
0225340ccb refactor: allow ES import for cloud string if package type is module (#7560) 
* allow module import for Parse Cloud

* Update .babelrc

* catch esm error

* Update ParseServer.js

* add tests

* Update CHANGELOG.md

* Update CloudCode.spec.js

Co-authored-by: Manuel <5673677+mtrezza@users.noreply.github.com>
 2021-09-14 14:10:37 +02:00
Manuel
24188a39a7 refactor: remove restricted session field (#7543) 
* add issue bot for prs

* Update CHANGELOG.md

* Update issue-bot.yml

* remove session restriction artifacts

* Update CHANGELOG.md

* Update CHANGELOG.md
 2021-09-04 03:03:46 +02:00
Antonio Davi Macedo Coelho de Castro
308668c894 Merge pull request from GHSA-xqp8-w826-hh6x 
* Added a test case that triggers the query parameter crash

* rest.js: validate the explain parameter to keep the nodejs driver from throwing an uncatchable exception and crashing the server (see https://jira.mongodb.org/browse/NODE-3463)
RestQuery.js: Check whether explain mode is enabled not by "!== true", but by the "!" operator. explain can have string values.
Added tests that validate correct behaviour on different explain values

* Refactor the new tests

* Simplify the new tests
Also do a sanity check on the explain results

* Test refactor

* Exclude queryPlannerExtended as it is not supported by the testing environment
  Simplifies the tests

* Restrict the changes to mongodb
  Moved the verification of the explain value from rest.js to MongoStorageAdapter.js
  Also restricted the relevant unit tests to mongodb

* Added changelog entry

* reformat changelog entry

* Update CHANGELOG.md

Co-authored-by: Kartal Kaan Bozdoğan <kartalkaanbozdogan@gmail.com>
Co-authored-by: Manuel <5673677+mtrezza@users.noreply.github.com>
 2021-09-02 12:46:48 +02:00
Antonio Davi Macedo Coelho de Castro
fc0fef5922 Merge pull request from GHSA-23r4-5mxp-c7g5 (#7497) 
* Merge pull request from GHSA-23r4-5mxp-c7g5

* add anonymous login security fix

* add changelog entry

* update changelog

* Update package.json (#7498)

* Update package-lock.json (#7499)

Co-authored-by: Corey <coreyearleon@icloud.com>
 2021-08-18 19:03:54 +02:00
Raschid J.F. Rafeally
8fddac39bf feat(AggregateRouter): support native mongodb syntax in aggregation pipelines (#7339) 2021-08-12 19:14:04 +02:00
Corey
c8e822b958 Accept context via header X-Parse-Cloud-Context (#7437) 
* failing testcase

* add header

* switch to X-Parse-Cloud-Context header

* add back blank line that lint removed

* test replacing context header with body context. Add support for setting body with json string

* add back blank line

* cover error when _context body is wrong

* Update middlewares.js

* revert accidental status change

* make sure context always decodes to an object else throw error

* improve context object check

Co-authored-by: Antonio Davi Macedo Coelho de Castro <adavimacedo@gmail.com>
 2021-07-25 21:17:03 -07:00
Snyk bot
a95ad89736 [Snyk] Security upgrade parse from 3.2.0 to 3.3.0 (#7464) 
* fix: package.json & package-lock.json to reduce vulnerabilities

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-WS-1296835

* update user test

Co-authored-by: Manuel Trezza <5673677+mtrezza@users.noreply.github.com>
 2021-07-23 18:04:03 +02:00
Manuel
250008d379 changed twitter API endpoint for oauth test (#7472) 2021-07-23 12:46:26 +02:00
Manuel
1594afec64 add runtime deprecation warning (#7451) 2021-07-12 20:14:35 +02:00