Bump parse-server from 4.3.0 to 4.5.0 #26

dependabot · 2020-12-28T16:35:02Z

Bumps parse-server from 4.3.0 to 4.5.0.

Release notes

4.5.0

Full Changelog

BREAKING CHANGES:

FIX: Consistent casing for afterLiveQueryEvent. The afterLiveQueryEvent was introduced in 4.4.0 with inconsistent casing for the event names, which was fixed in 4.5.0. #7023. Thanks to dblythy.

FIX: Properly handle serverURL and publicServerUrl in Batch requests. #7049. Thanks to Zach Goldberg.

IMPROVE: Prevent invalid column names (className and length). #7053. Thanks to Diamond Lewis.

IMPROVE: GraphQL: Remove viewer from logout mutation. #7029. Thanks to Antoine Cormouls.

IMPROVE: GraphQL: Optimize on Relation. #7044. Thanks to Antoine Cormouls.

NEW: Include sessionToken in onLiveQueryEvent. #7043. Thanks to dblythy.

FIX: Definitions for accountLockout and passwordPolicy. #7040. Thanks to dblythy.

FIX: Fix typo in server definitions for emailVerifyTokenReuseIfValid. #7037. Thanks to dblythy.

SECURITY FIX: LDAP auth stores password in plain text. See GHSA-4w46-w44m-3jq3 for more details about the vulnerability and da905a3 for the fix. Thanks to Fabian Strachanski.

NEW: Reuse tokens if they haven't expired. #7017. Thanks to dblythy.

NEW: Add LDAPS-support to LDAP-Authcontroller. #7014. Thanks to Fabian Strachanski.

FIX: (beforeSave/afterSave): Return value instead of Parse.Op for nested fields. #7005. Thanks to Diamond Lewis.

FIX: (beforeSave): Skip Sanitizing Database results. #7003. Thanks to Diamond Lewis.

FIX: Fix includeAll for querying a Pointer and Pointer array. #7002. Thanks to Corey Baker.

FIX: Add encryptionKey to src/options/index.js. #6999. Thanks to dblythy.

IMPROVE: Update PostgresStorageAdapter.js. #6989. Thanks to Vitaly Tomilov.

4.4.0

Full Changelog

IMPROVE: Update PostgresStorageAdapter.js. #6981. Thanks to Vitaly Tomilov

NEW: skipWithMasterKey on Built-In Validator. #6972. Thanks to dblythy.

NEW: Add fileKey rotation to GridFSBucketAdapter. #6768. Thanks to Corey Baker.

IMPROVE: Remove unused parameter in Cloud Function. #6969. Thanks to Diamond Lewis.

IMPROVE: Validation Handler Update. #6968. Thanks to dblythy.

FIX: (directAccess): Properly handle response status. #6966. Thanks to Diamond Lewis.

FIX: Remove hostnameMaxLen for Mongo URL. #6693. Thanks to markhoward02.

IMPROVE: Show a message if cloud functions are duplicated. #6963. Thanks to dblythy.

FIX: Pass request.query to afterFind. #6960. Thanks to dblythy.

SECURITY FIX: Patch session vulnerability over Live Query. See GHSA-2xm2-xj2q-qgpj for more details about the vulnerability and 78b59fb for the fix. Thanks to Antonio Davi Macedo Coelho de Castro.

IMPROVE: LiveQueryEvent Error Logging Improvements. #6951. Thanks to dblythy.

IMPROVE: Include stack in Cloud Code. #6958. Thanks to dblythy.

FIX: (jobs): Add Error Message to JobStatus Failure. #6954. Thanks to Diamond Lewis.

NEW: Create Cloud function afterLiveQueryEvent. #6859. Thanks to dblythy.

FIX: Update vkontakte API to the latest version. #6944. Thanks to Antonio Davi Macedo Coelho de Castro.

FIX: Use an empty object as default value of options for Google Sign in. #6844. Thanks to Kevin Kuang.

FIX: Postgres: prepend className to unique indexes. #6741. Thanks to Corey Baker.

FIX: GraphQL: Transform input types also on user mutations. #6934. Thanks to Antoine Cormouls.

FIX: Set objectId into query for Email Validation. #6930. Thanks to Danaru.

FIX: GraphQL: Optimize queries, fixes some null returns (on object), fix stitched GraphQLUpload. #6709. Thanks to Antoine Cormouls.

FIX: Do not throw error if user provide a pointer like index onMongo. #6923. Thanks to Antoine Cormouls.

FIX: Hotfix instagram api. #6922. Thanks to Tim.

FIX: (directAccess/cloud-code): Pass installationId with LogIn. #6903. Thanks to Diamond Lewis.

FIX: Fix bcrypt binary incompatibility. #6891. Thanks to Manuel Trezza.

NEW: Keycloak auth adapter. #6376. Thanks to Rhuan.

IMPROVE: Changed incorrect key name in apple auth adapter tests. #6861. Thanks to Manuel Trezza.

... (truncated)

Changelog

Sourced from parse-server's changelog.

4.5.0

Full Changelog

BREAKING CHANGES:

FIX: Consistent casing for afterLiveQueryEvent. The afterLiveQueryEvent was introduced in 4.4.0 with inconsistent casing for the event names, which was fixed in 4.5.0. #7023. Thanks to dblythy.

FIX: Properly handle serverURL and publicServerUrl in Batch requests. #7049. Thanks to Zach Goldberg.

IMPROVE: Prevent invalid column names (className and length). #7053. Thanks to Diamond Lewis.

IMPROVE: GraphQL: Remove viewer from logout mutation. #7029. Thanks to Antoine Cormouls.

IMPROVE: GraphQL: Optimize on Relation. #7044. Thanks to Antoine Cormouls.

NEW: Include sessionToken in onLiveQueryEvent. #7043. Thanks to dblythy.

FIX: Definitions for accountLockout and passwordPolicy. #7040. Thanks to dblythy.

FIX: Fix typo in server definitions for emailVerifyTokenReuseIfValid. #7037. Thanks to dblythy.

SECURITY FIX: LDAP auth stores password in plain text. See GHSA-4w46-w44m-3jq3 for more details about the vulnerability and da905a3 for the fix. Thanks to Fabian Strachanski.

NEW: Reuse tokens if they haven't expired. #7017. Thanks to dblythy.

NEW: Add LDAPS-support to LDAP-Authcontroller. #7014. Thanks to Fabian Strachanski.

FIX: (beforeSave/afterSave): Return value instead of Parse.Op for nested fields. #7005. Thanks to Diamond Lewis.

FIX: (beforeSave): Skip Sanitizing Database results. #7003. Thanks to Diamond Lewis.

FIX: Fix includeAll for querying a Pointer and Pointer array. #7002. Thanks to Corey Baker.

FIX: Add encryptionKey to src/options/index.js. #6999. Thanks to dblythy.

IMPROVE: Update PostgresStorageAdapter.js. #6989. Thanks to Vitaly Tomilov.

4.4.0

Full Changelog

IMPROVE: Update PostgresStorageAdapter.js. #6981. Thanks to Vitaly Tomilov

NEW: skipWithMasterKey on Built-In Validator. #6972. Thanks to dblythy.

NEW: Add fileKey rotation to GridFSBucketAdapter. #6768. Thanks to Corey Baker.

IMPROVE: Remove unused parameter in Cloud Function. #6969. Thanks to Diamond Lewis.

IMPROVE: Validation Handler Update. #6968. Thanks to dblythy.

FIX: (directAccess): Properly handle response status. #6966. Thanks to Diamond Lewis.

FIX: Remove hostnameMaxLen for Mongo URL. #6693. Thanks to markhoward02.

IMPROVE: Show a message if cloud functions are duplicated. #6963. Thanks to dblythy.

FIX: Pass request.query to afterFind. #6960. Thanks to dblythy.

SECURITY FIX: Patch session vulnerability over Live Query. See GHSA-2xm2-xj2q-qgpj for more details about the vulnerability and 78b59fb for the fix. Thanks to Antonio Davi Macedo Coelho de Castro.

IMPROVE: LiveQueryEvent Error Logging Improvements. #6951. Thanks to dblythy.

IMPROVE: Include stack in Cloud Code. #6958. Thanks to dblythy.

FIX: (jobs): Add Error Message to JobStatus Failure. #6954. Thanks to Diamond Lewis.

NEW: Create Cloud function afterLiveQueryEvent. #6859. Thanks to dblythy.

FIX: Update vkontakte API to the latest version. #6944. Thanks to Antonio Davi Macedo Coelho de Castro.

FIX: Use an empty object as default value of options for Google Sign in. #6844. Thanks to Kevin Kuang.

FIX: Postgres: prepend className to unique indexes. #6741. Thanks to Corey Baker.

FIX: GraphQL: Transform input types also on user mutations. #6934. Thanks to Antoine Cormouls.

FIX: Set objectId into query for Email Validation. #6930. Thanks to Danaru.

FIX: GraphQL: Optimize queries, fixes some null returns (on object), fix stitched GraphQLUpload. #6709. Thanks to Antoine Cormouls.

FIX: Do not throw error if user provide a pointer like index onMongo. #6923. Thanks to Antoine Cormouls.

FIX: Hotfix instagram api. #6922. Thanks to Tim.

FIX: (directAccess/cloud-code): Pass installationId with LogIn. #6903. Thanks to Diamond Lewis.

FIX: Fix bcrypt binary incompatibility. #6891. Thanks to Manuel Trezza.

NEW: Keycloak auth adapter. #6376. Thanks to Rhuan.

IMPROVE: Changed incorrect key name in apple auth adapter tests. #6861. Thanks to Manuel Trezza.

... (truncated)

Commits

3c00bcd Release 4.5.0 (#7070)
033a0bd Fix Prettier (#7066)
d494857 Update parse to 2.19.0 (#7060)
43d9af8 chore(deps): bump ini from 1.3.5 to 1.3.7 (#7057)
d20b03c [Snyk] Upgrade mongodb from 3.6.2 to 3.6.3 (#7026)
4267e9b fix: upgrade ldapjs from 2.2.1 to 2.2.2 (#7056)
abdfe61 Properly handle serverURL and publicServerUrl in Batch requests #6980 (#7049)
ca1b782 Prevent invalid column names (className and length) (#7053)
b398894 Remove viewer from logout (#7029)
88e958a Prettier some files + opti object relation (#7044)
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [parse-server](https://github.com/parse-community/parse-server) from 4.3.0 to 4.5.0. - [Release notes](https://github.com/parse-community/parse-server/releases) - [Changelog](https://github.com/parse-community/parse-server/blob/master/CHANGELOG.md) - [Commits](parse-community/parse-server@4.3.0...4.5.0) Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2021-08-23T19:46:03Z

Superseded by #36.

dependabot bot added the dependencies Pull requests that update a dependency file label Dec 28, 2020

dependabot bot closed this Aug 23, 2021

dependabot bot deleted the dependabot/npm_and_yarn/parse-server-4.5.0 branch August 23, 2021 19:46

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump parse-server from 4.3.0 to 4.5.0 #26

Bump parse-server from 4.3.0 to 4.5.0 #26

Uh oh!

dependabot bot commented on behalf of github Dec 28, 2020

Uh oh!

dependabot bot commented on behalf of github Aug 23, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Bump parse-server from 4.3.0 to 4.5.0 #26

Bump parse-server from 4.3.0 to 4.5.0 #26

Uh oh!

Conversation

dependabot bot commented on behalf of github Dec 28, 2020

4.5.0

4.4.0

4.5.0

4.4.0

Uh oh!

dependabot bot commented on behalf of github Aug 23, 2021

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant