Skip to content

chore(deps): bump parse-server from 4.5.0 to 5.0.0 #366

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

chore(deps): bump parse-server from 4.5.0 to 5.0.0 #366

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 15, 2022

Bumps parse-server from 4.5.0 to 5.0.0.

Release notes

Sourced from parse-server's releases.

5.0.0

5.0.0 (2022-03-14)

BREAKING CHANGES

  • Improved schema caching through database real-time hooks. Reduces DB queries, decreases Parse Query execution time and fixes a potential schema memory leak. If multiple Parse Server instances connect to the same DB (for example behind a load balancer), set the Parse Server Option databaseOptions.enableSchemaHooks: true to enable this feature and keep the schema in sync across all instances. Failing to do so will cause a schema change to not propagate to other instances and re-syncing will only happen when these instances restart. The options enableSingleSchemaCache and schemaCacheTTL have been removed. To use this feature with MongoDB, a replica set cluster with change stream support is required. (Diamond Lewis, SebC) #7214
  • Fix security vulnerability that allows remote code execution; as part of the fix a new security feature scans for sensitive keywords in request data to prevent JavaScript prototype pollution. If such a keyword is found, the request is rejected with HTTP response code 400 and Parse Error 105 (INVALID_KEY_NAME). By default these keywords are: {_bsontype: "Code"}, constructor, __proto__. If you are using any of these keywords in your request data, you can override the default keywords by setting the new Parse Server option requestKeywordDenylist to [] and specify your own keywords as needed. (GHSA-p6h4-93qp-jhcm) (#7843) (971adb5)
  • Added file upload restriction. File upload is now only allowed for authenticated users by default for improved security. To allow file upload also for Anonymous Users or Public, set the fileUpload parameter in the Parse Server Options (dblythy, Manuel Trezza) #7071
  • Removed parse-server-simple-mailgun-adapter dependency; to continue using the adapter it has to be explicitly installed (Manuel Trezza) #7321
  • Remove support for MongoDB 3.6 which has reached its End-of-Life date and PostgreSQL 10 (Manuel Trezza) #7315
  • Remove support for Node 10 which has reached its End-of-Life date (Manuel Trezza) #7314
  • Bump required Node engine to >=12.22.10 (#7848) (23a3488)
  • Remove S3 Files Adapter from Parse Server, instead install separately as @parse/s3-files-adapter (Manuel Trezza) #7324
  • Remove Session field restricted; the field was a code artifact from a feature that never existed in Open Source Parse Server; if you have been using this field for custom purposes, consider that for new Parse Server installations the field does not exist anymore in the schema, and for existing installations the field default value false will not be set anymore when creating a new session (Manuel Trezza) #7543
  • To delete a field via the GraphQL API, the field value has to be set to null. Previously, setting a field value to null would save a null value in the database, which was not according to the GraphQL specs. To delete a file field use file: null, the previous way of using file: { file: null } has become obsolete. (https://github.com/parse-community/parse-server/blob/HEAD/626fad2)

Notable Changes

  • Alphabetical ordered GraphQL API, improved GraphQL Schema cache system and fix GraphQL input reassign issue (Moumouls) #7344
  • Added Parse Server Security Check to report weak security settings (Manuel Trezza, dblythy) #7247
  • EXPERIMENTAL: Added new page router with placeholder rendering and localization of custom and feature pages such as password reset and email verification (Manuel Trezza) #7128
  • EXPERIMENTAL: Added custom routes to easily customize flows for password reset, email verification or build entirely new flows (Manuel Trezza) #7231
  • Added Deprecation Policy to govern the introduction of breaking changes in a phased pattern that is more predictable for developers (Manuel Trezza) #7199
  • Add REST API endpoint /loginAs to create session of any user with master key; allows to impersonate another user. (GormanFletcher) #7406
  • Add official support for MongoDB 5.0 (Manuel Trezza) #7469
  • Added Parse Server Configuration enforcePrivateUsers, which will remove public access by default on new Parse.Users (dblythy) #7319
  • add support for Postgres 14 (#7644) (090350a)
  • add user-defined schema and migrations (#7418) (25d5c30)
  • setting a field to null does not delete it via GraphQL API (#7649) (626fad2)
  • combined and query with relational query condition returns incorrect results (#7593) (174886e)
  • node engine range has no upper limit to exclude incompatible node versions (#7693) (6a54dac)
  • unable to use objectId size higher than 19 on GraphQL API (#7722) (8ee0445)
  • schema cache not cleared in some cases (#7771) (3b92fa1)

Other Changes

  • Support native mongodb syntax in aggregation pipelines (Raschid JF Rafeally) #7339
  • Fix error when a not yet inserted job is updated (Antonio Davi Macedo Coelho de Castro) #7196
  • request.context for afterFind triggers (dblythy) #7078
  • Winston Logger interpolating stdout to console (dplewis) #7114
  • Added convenience method Parse.Cloud.sendEmail(...) to send email via email adapter in Cloud Code (dblythy) #7089
  • LiveQuery support for $and, $nor, $containedBy, $geoWithin, $geoIntersects queries (dplewis) #7113
  • Supporting patterns in LiveQuery server's config parameter classNames (Nes-si) #7131
  • Added requireAnyUserRoles and requireAllUserRoles for Parse Cloud validator (dblythy) #7097
  • Support Facebook Limited Login (miguel-s) #7219
  • Removed Stage name check on aggregate pipelines (BRETT71) #7237
  • Retry transactions on MongoDB when it fails due to transient error (Antonio Davi Macedo Coelho de Castro) #7187
  • Bump tests to use Mongo 4.4.4 (Antonio Davi Macedo Coelho de Castro) #7184
  • Added new account lockout policy option accountLockout.unlockOnPasswordReset to automatically unlock account on password reset (Manuel Trezza) #7146
  • Test Parse Server continuously against all recent MongoDB versions that have not reached their end-of-life support date, added MongoDB compatibility table to Parse Server docs (Manuel Trezza) #7161
  • Test Parse Server continuously against all recent Node.js versions that have not reached their end-of-life support date, added Node.js compatibility table to Parse Server docs (Manuel Trezza) 7161
  • Throw error on invalid Cloud Function validation configuration (dblythy) #7154

... (truncated)

Commits
  • 46c9a91 chore(release): 5.0.0 [skip ci]
  • 33dcf6d build: release 5.0
  • b2a2a7e Merge branch 'release' into build-release
  • 50072bd ci: add branch name change (#7853)
  • f5ef2e9 chore(release): 5.0.0-beta.9 [skip ci]
  • 23a3488 feat: bump required node engine to >=12.22.10 (#7848)
  • d35cd47 chore(release): 5.0.0-beta.8 [skip ci]
  • 971adb5 fix: security vulnerability that allows remote code execution (GHSA-p6h4-93qp...
  • a48015c chore(release): 5.0.0-beta.7 [skip ci]
  • 7029b27 fix: security upgrade follow-redirects from 1.14.7 to 1.14.8 (#7802)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by parseadmin, a new releaser for parse-server since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
chore(deps): bump parse-server from 4.5.0 to 5.0.0
af9b7a5 
Bumps [parse-server](https://github.com/parse-community/parse-server) from 4.5.0 to 5.0.0.
- [Release notes](https://github.com/parse-community/parse-server/releases)
- [Changelog](https://github.com/parse-community/parse-server/blob/alpha/CHANGELOG.md)
- [Commits](parse-community/parse-server@4.5.0...5.0.0)

---
updated-dependencies:
- dependency-name: parse-server
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Mar 15, 2022
@dependabot dependabot bot requested a review from jcguarinpenaranda March 15, 2022 10:10
@dependabot dependabot bot mentioned this pull request Mar 15, 2022
Closed
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 21, 2022

Superseded by #367.

@dependabot dependabot bot closed this Mar 21, 2022
@dependabot dependabot bot deleted the dependabot/npm_and_yarn/parse-server-5.0.0 branch March 21, 2022 10:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jcguarinpenaranda jcguarinpenaranda Awaiting requested review from jcguarinpenaranda

Assignees

@jcguarinpenaranda jcguarinpenaranda

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jcguarinpenaranda