From 181fbf9d46bee61b5c67a411b4a41c38d201cc73 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Wed, 21 Apr 2021 07:02:48 +0300 Subject: [PATCH 01/55] fix: upgrade apollo-server-express from 2.22.1 to 2.22.2 (#7362) Snyk has created this PR to upgrade apollo-server-express from 2.22.1 to 2.22.2. See this package in npm: https://www.npmjs.com/package/apollo-server-express See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 20 ++++++++++---------- package.json | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/package-lock.json b/package-lock.json index f582e63a01..da46046398 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2613,9 +2613,9 @@ "integrity": "sha512-lO5oTjgiC3vlVg2RKr3RiXIIQ5pGXBFxYGGUkKDhTud3jMIhs+gel8L8zsEjKaKxkjHhCQAA/bcEfYiKkGQIvA==" }, "apollo-server-express": { - "version": "2.22.1", - "resolved": "https://registry.npmjs.org/apollo-server-express/-/apollo-server-express-2.22.1.tgz", - "integrity": "sha512-yXquiXA61dfOGxkvu4GoR0325IK77mBxpTkhfvl38DqZ9gVCUrPxYGbfO2fTTifLALFENXv4tQO8WAHsMCT1Lg==", + "version": "2.22.2", + "resolved": "https://registry.npmjs.org/apollo-server-express/-/apollo-server-express-2.22.2.tgz", + "integrity": "sha512-MRiWF/oT6toUz909iq1I08vKfRxaqRMKS/v9kzyEXcnuudUCQ5WnxrjZEh/iMEfr7RHSQ4STjY7E/ZooPnueqA==", "requires": { "@apollographql/graphql-playground-html": "1.6.27", "@types/accepts": "^1.3.5", @@ -2624,7 +2624,7 @@ "@types/express": "4.17.11", "@types/express-serve-static-core": "4.17.19", "accepts": "^1.3.5", - "apollo-server-core": "^2.22.1", + "apollo-server-core": "^2.22.2", "apollo-server-types": "^0.7.0", "body-parser": "^1.18.3", "cors": "^2.8.4", @@ -4011,9 +4011,9 @@ "optional": true }, "core-js": { - "version": "3.10.1", - "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.10.1.tgz", - "integrity": "sha512-pwCxEXnj27XG47mu7SXAwhLP3L5CrlvCB91ANUkIz40P27kUcvNfSdvyZJ9CLHiVoKSp+TTChMQMSKQEH/IQxA==" + "version": "3.10.2", + "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.10.2.tgz", + "integrity": "sha512-W+2oVYeNghuBr3yTzZFQ5rfmjZtYB/Ubg87R5YOmlGrIb+Uw9f7qjUbhsj+/EkXhcV7eOD3jiM4+sgraX3FZUw==" }, "core-js-compat": { "version": "3.10.1", @@ -9631,9 +9631,9 @@ "integrity": "sha512-VOJmgmS+7wvXf8CjbQmimtCnEx3IAoLxI3fp2fbWehxrWBcAQFbk+vcwb6vzR0VZv/eNCJ/27j151ZTwqW/JeQ==" }, "object-inspect": { - "version": "1.9.0", - "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.9.0.tgz", - "integrity": "sha512-i3Bp9iTqwhaLZBxGkRfo5ZbE07BQRT7MGu8+nNgwW9ItGp1TzCTw2DLEoWwjClxBjOFI/hWljTAmYGCEwmtnOw==" + "version": "1.10.2", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.10.2.tgz", + "integrity": "sha512-gz58rdPpadwztRrPjZE9DZLOABUpTGdcANUgOwBFO1C+HZZhePoP83M65WGDmbpwFYJSWqavbl4SgDn4k8RYTA==" }, "object-keys": { "version": "1.1.1", diff --git a/package.json b/package.json index fcb03a139f..d12ec358d2 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "@graphql-tools/utils": "6.2.4", "@parse/fs-files-adapter": "1.2.0", "@parse/push-adapter": "3.4.0", - "apollo-server-express": "2.22.1", + "apollo-server-express": "2.22.2", "bcryptjs": "2.4.3", "body-parser": "1.19.0", "commander": "5.1.0", From 3638b0e791b97b7df02e8fae9b316ecc677c293c Mon Sep 17 00:00:00 2001 From: dblythy Date: Sun, 25 Apr 2021 22:50:45 +1000 Subject: [PATCH 02/55] Fix Twitter API Oauth Error (#7370) --- spec/OAuth1.spec.js | 22 +++++++++++++++------- 1 file changed, 15 insertions(+), 7 deletions(-) diff --git a/spec/OAuth1.spec.js b/spec/OAuth1.spec.js index 3234394c09..aa6e8ed0c5 100644 --- a/spec/OAuth1.spec.js +++ b/spec/OAuth1.spec.js @@ -87,13 +87,17 @@ describe('OAuth', function () { done(); } - it('Should fail a GET request', done => { + it('GET request for a resource that requires OAuth should fail with invalid credentials', done => { + /* + This endpoint has been chosen to make a request to an endpoint that requires OAuth which fails due to missing authentication. + Any other endpoint from the Twitter API that requires OAuth can be used instead in case the currently used endpoint deprecates. + */ const options = { host: 'api.twitter.com', - consumer_key: 'XXXXXXXXXXXXXXXXXXXXXXXXX', - consumer_secret: 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', + consumer_key: 'invalid_consumer_key', + consumer_secret: 'invalid_consumer_secret', }; - const path = '/1.1/help/configuration.json'; + const path = '/1.1/account/settings.json'; const params = { lang: 'en' }; const oauthClient = new OAuth(options); oauthClient.get(path, params).then(function (data) { @@ -101,11 +105,15 @@ describe('OAuth', function () { }); }); - it('Should fail a POST request', done => { + it('POST request for a resource that requires OAuth should fail with invalid credentials', done => { + /* + This endpoint has been chosen to make a request to an endpoint that requires OAuth which fails due to missing authentication. + Any other endpoint from the Twitter API that requires OAuth can be used instead in case the currently used endpoint deprecates. + */ const options = { host: 'api.twitter.com', - consumer_key: 'XXXXXXXXXXXXXXXXXXXXXXXXX', - consumer_secret: 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', + consumer_key: 'invalid_consumer_key', + consumer_secret: 'invalid_consumer_secret', }; const body = { lang: 'en', From f43b1221d858cf43cc11571f7e538682406a7e33 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Apr 2021 15:16:58 -0700 Subject: [PATCH 03/55] chore(deps): bump redis from 3.0.2 to 3.1.1 (#7375) Bumps [redis](https://github.com/NodeRedis/node-redis) from 3.0.2 to 3.1.1. - [Release notes](https://github.com/NodeRedis/node-redis/releases) - [Changelog](https://github.com/NodeRedis/node-redis/blob/master/CHANGELOG.md) - [Commits](https://github.com/NodeRedis/node-redis/compare/v3.0.2...v3.1.1) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 10 +++++----- package.json | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/package-lock.json b/package-lock.json index da46046398..e1b0688c69 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10635,12 +10635,12 @@ } }, "redis": { - "version": "3.0.2", - "resolved": "https://registry.npmjs.org/redis/-/redis-3.0.2.tgz", - "integrity": "sha512-PNhLCrjU6vKVuMOyFu7oSP296mwBkcE6lrAjruBYG5LgdSqtRBoVQIylrMyVZD/lkF24RSNNatzvYag6HRBHjQ==", + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/redis/-/redis-3.1.1.tgz", + "integrity": "sha512-QhkKhOuzhogR1NDJfBD34TQJz2ZJwDhhIC6ZmvpftlmfYShHHQXjjNspAJ+Z2HH5NwSBVYBVganbiZ8bgFMHjg==", "requires": { - "denque": "^1.4.1", - "redis-commands": "^1.5.0", + "denque": "^1.5.0", + "redis-commands": "^1.7.0", "redis-errors": "^1.2.0", "redis-parser": "^3.0.0" } diff --git a/package.json b/package.json index d12ec358d2..8038e7f85f 100644 --- a/package.json +++ b/package.json @@ -51,7 +51,7 @@ "pg-monitor": "1.4.1", "pg-promise": "10.9.2", "pluralize": "8.0.0", - "redis": "3.0.2", + "redis": "3.1.1", "semver": "7.3.4", "subscriptions-transport-ws": "0.9.18", "tv4": "1.3.0", From b6843de904bf273bf664d94536defa39f91751b3 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Wed, 28 Apr 2021 02:29:27 +0300 Subject: [PATCH 04/55] fix: package.json & package-lock.json to reduce vulnerabilities (#7373) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-REDIS-1255645 From e143fb1bf6a52bb21c483fbf72f74d2282cfbeee Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Wed, 28 Apr 2021 22:03:44 +0300 Subject: [PATCH 05/55] fix: upgrade winston-daily-rotate-file from 4.5.1 to 4.5.2 (#7376) Snyk has created this PR to upgrade winston-daily-rotate-file from 4.5.1 to 4.5.2. See this package in npm: https://www.npmjs.com/package/winston-daily-rotate-file See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 6 +++--- package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index e1b0688c69..bed6ad0f90 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12502,9 +12502,9 @@ } }, "winston-daily-rotate-file": { - "version": "4.5.1", - "resolved": "https://registry.npmjs.org/winston-daily-rotate-file/-/winston-daily-rotate-file-4.5.1.tgz", - "integrity": "sha512-Uv1KeBneTKFZ9R3J6SmI61vOoPEofxS+GZGEwYRPc7QFE1fpEz648eGWxLnOeo8CBrANwsd+GfK5DCd4Ab1xAQ==", + "version": "4.5.2", + "resolved": "https://registry.npmjs.org/winston-daily-rotate-file/-/winston-daily-rotate-file-4.5.2.tgz", + "integrity": "sha512-DpAz9djExzFGVGRIKCKzsjOQaIINbjOUJ8CRsZGz0SQOMMcO1kM7jqTdzQAM9CRTEksZV9bBw9TT0ddQBGxs9g==", "requires": { "file-stream-rotator": "^0.5.7", "object-hash": "^2.0.1", diff --git a/package.json b/package.json index 8038e7f85f..6a06b5299d 100644 --- a/package.json +++ b/package.json @@ -57,7 +57,7 @@ "tv4": "1.3.0", "uuid": "8.3.2", "winston": "3.3.3", - "winston-daily-rotate-file": "4.5.1", + "winston-daily-rotate-file": "4.5.2", "ws": "7.4.4" }, "devDependencies": { From 755c49404d06e5d46e46c823eac2cfc793ff5a44 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Thu, 29 Apr 2021 20:10:15 +0300 Subject: [PATCH 06/55] [Snyk] Upgrade pg-promise from 10.9.2 to 10.10.1 (#7286) * fix: upgrade pg-promise from 10.9.2 to 10.9.3 Snyk has created this PR to upgrade pg-promise from 10.9.2 to 10.9.3. See this package in npm: https://www.npmjs.com/package/pg-promise See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr * bump pg-promise to 10.10.1 * fix add field if not exists * lint Co-authored-by: Diamond Lewis --- package-lock.json | 24 +++++++++---------- package.json | 2 +- .../Postgres/PostgresStorageAdapter.js | 11 ++++----- 3 files changed, 17 insertions(+), 20 deletions(-) diff --git a/package-lock.json b/package-lock.json index bed6ad0f90..0558f7e660 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10131,9 +10131,9 @@ } }, "pg-connection-string": { - "version": "2.4.0", - "resolved": "https://registry.npmjs.org/pg-connection-string/-/pg-connection-string-2.4.0.tgz", - "integrity": "sha512-3iBXuv7XKvxeMrIgym7njT+HlZkwZqqGX4Bu9cci8xHZNT+Um1gWKqCsAzcC0d95rcKMU5WBg6YRUcHyV0HZKQ==" + "version": "2.5.0", + "resolved": "https://registry.npmjs.org/pg-connection-string/-/pg-connection-string-2.5.0.tgz", + "integrity": "sha512-r5o/V/ORTA6TmUnyWZR9nCj1klXCO2CEKNRlVuJptZe85QuhFayC7WeMic7ndayT5IRIR0S0xFxFi2ousartlQ==" }, "pg-int8": { "version": "1.0.1", @@ -10154,14 +10154,14 @@ } }, "pg-pool": { - "version": "3.2.2", - "resolved": "https://registry.npmjs.org/pg-pool/-/pg-pool-3.2.2.tgz", - "integrity": "sha512-ORJoFxAlmmros8igi608iVEbQNNZlp89diFVx6yV5v+ehmpMY9sK6QgpmgoXbmkNaBAx8cOOZh9g80kJv1ooyA==" + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/pg-pool/-/pg-pool-3.3.0.tgz", + "integrity": "sha512-0O5huCql8/D6PIRFAlmccjphLYWC+JIzvUhSzXSpGaf+tjTZc4nn+Lr7mLXBbFJfvwbP0ywDv73EiaBsxn7zdg==" }, "pg-promise": { - "version": "10.9.2", - "resolved": "https://registry.npmjs.org/pg-promise/-/pg-promise-10.9.2.tgz", - "integrity": "sha512-ewelfzZeSPe5sbgd5ylB6edVXqoD8AH/fqZj4wPLL0242vXtkFY3JuUqt3mfvTruOqZHhoINpoXTfmC9UXbZ7A==", + "version": "10.10.1", + "resolved": "https://registry.npmjs.org/pg-promise/-/pg-promise-10.10.1.tgz", + "integrity": "sha512-sopmuOr2PrUNh3XI0Y15ssmjcwhZnGHyGYwuDDmWFnBydq7lvrhTMBI3hefAp3YMx07+HSXfSpJse9z5vC4bsw==", "requires": { "assert-options": "0.7.0", "pg": "8.5.1", @@ -10170,9 +10170,9 @@ } }, "pg-protocol": { - "version": "1.4.0", - "resolved": "https://registry.npmjs.org/pg-protocol/-/pg-protocol-1.4.0.tgz", - "integrity": "sha512-El+aXWcwG/8wuFICMQjM5ZSAm6OWiJicFdNYo+VY3QP+8vI4SvLIWVe51PppTzMhikUJR+PsyIFKqfdXPz/yxA==" + "version": "1.5.0", + "resolved": "https://registry.npmjs.org/pg-protocol/-/pg-protocol-1.5.0.tgz", + "integrity": "sha512-muRttij7H8TqRNu/DxrAJQITO4Ac7RmX3Klyr/9mJEOBeIpgnF8f9jAfRz5d3XwQZl5qBjF9gLsUtMPJE0vezQ==" }, "pg-types": { "version": "2.2.0", diff --git a/package.json b/package.json index 6a06b5299d..570da75218 100644 --- a/package.json +++ b/package.json @@ -49,7 +49,7 @@ "mustache": "4.2.0", "parse": "3.1.0", "pg-monitor": "1.4.1", - "pg-promise": "10.9.2", + "pg-promise": "10.10.1", "pluralize": "8.0.0", "redis": "3.1.1", "semver": "7.3.4", diff --git a/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js b/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js index b653ab4806..5d0e211ab4 100644 --- a/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js +++ b/src/Adapters/Storage/Postgres/PostgresStorageAdapter.js @@ -1056,7 +1056,7 @@ export class PostgresStorageAdapter implements StorageAdapter { conn = conn || this._client; const self = this; - await conn.tx('schema-upgrade', async t => { + await conn.task('schema-upgrade', async t => { const columns = await t.map( 'SELECT column_name FROM information_schema.columns WHERE table_name = $', { className }, @@ -1064,20 +1064,17 @@ export class PostgresStorageAdapter implements StorageAdapter { ); const newColumns = Object.keys(schema.fields) .filter(item => columns.indexOf(item) === -1) - .map(fieldName => - self.addFieldIfNotExists(className, fieldName, schema.fields[fieldName], t) - ); + .map(fieldName => self.addFieldIfNotExists(className, fieldName, schema.fields[fieldName])); await t.batch(newColumns); }); } - async addFieldIfNotExists(className: string, fieldName: string, type: any, conn: any) { + async addFieldIfNotExists(className: string, fieldName: string, type: any) { // TODO: Must be revised for invalid logic... debug('addFieldIfNotExists'); - conn = conn || this._client; const self = this; - await conn.tx('add-field-if-not-exists', async t => { + await this._client.tx('add-field-if-not-exists', async t => { if (type.type !== 'Relation') { try { await t.none( From e9f54e2bddd8430864b1628ab077a0a3aae73e47 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Sat, 1 May 2021 18:37:17 +0300 Subject: [PATCH 07/55] fix: upgrade parse from 3.1.0 to 3.2.0 (#7378) Snyk has created this PR to upgrade parse from 3.1.0 to 3.2.0. See this package in npm: https://www.npmjs.com/package/parse See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 39 +++++++++++++-------------------------- package.json | 2 +- 2 files changed, 14 insertions(+), 27 deletions(-) diff --git a/package-lock.json b/package-lock.json index 0558f7e660..337e95eea5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6892,9 +6892,9 @@ } }, "idb-keyval": { - "version": "5.0.2", - "resolved": "https://registry.npmjs.org/idb-keyval/-/idb-keyval-5.0.2.tgz", - "integrity": "sha512-1DYjY/nX2U9pkTkwFoAmKcK1ZWmkNgO32Oon9tp/9+HURizxUQ4fZRxMJZs093SldP7q6dotVj03kIkiqOILyA==" + "version": "5.0.4", + "resolved": "https://registry.npmjs.org/idb-keyval/-/idb-keyval-5.0.4.tgz", + "integrity": "sha512-qS0kplHuadZujoE90ze0NUkhW0/Fbfib7d+mYNMXNEn45NSh2NWY3fBewoX4GZUsKkGHBgc8JiAwMx0zrfL3LQ==" }, "ieee754": { "version": "1.2.1", @@ -9981,32 +9981,24 @@ } }, "parse": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/parse/-/parse-3.1.0.tgz", - "integrity": "sha512-oUDTiH2F9sRX1a+jvLTb/sJMBea6wIv3dUK/mTDJHw1lOA+r008B6ybjYCfqPu4/2CrSt1Hfe4mJNoa4Ic4dyg==", + "version": "3.2.0", + "resolved": "https://registry.npmjs.org/parse/-/parse-3.2.0.tgz", + "integrity": "sha512-yncA9l0LneOzzBFACVjdPNpWuNGQ/LhXGEO/qj6vYAyJpwWabNf7Eq2ucMAWzALb13KDRoAiTlb2cH3Nt/S9gw==", "requires": { - "@babel/runtime": "7.12.5", - "@babel/runtime-corejs3": "7.12.5", + "@babel/runtime": "7.13.10", + "@babel/runtime-corejs3": "7.13.10", "crypto-js": "4.0.0", - "idb-keyval": "5.0.2", + "idb-keyval": "5.0.4", "react-native-crypto-js": "1.0.0", "uuid": "3.4.0", - "ws": "7.4.3", + "ws": "7.4.4", "xmlhttprequest": "1.8.0" }, "dependencies": { - "@babel/runtime": { - "version": "7.12.5", - "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.12.5.tgz", - "integrity": "sha512-plcc+hbExy3McchJCEQG3knOsuh3HH+Prx1P6cLIkET/0dLuQDEnrT+s27Axgc9bqfsmNUNHfscgMUdBpC9xfg==", - "requires": { - "regenerator-runtime": "^0.13.4" - } - }, "@babel/runtime-corejs3": { - "version": "7.12.5", - "resolved": "https://registry.npmjs.org/@babel/runtime-corejs3/-/runtime-corejs3-7.12.5.tgz", - "integrity": "sha512-roGr54CsTmNPPzZoCP1AmDXuBoNao7tnSA83TXTwt+UK5QVyh1DIJnrgYRPWKCF2flqZQXwa7Yr8v7VmLzF0YQ==", + "version": "7.13.10", + "resolved": "https://registry.npmjs.org/@babel/runtime-corejs3/-/runtime-corejs3-7.13.10.tgz", + "integrity": "sha512-x/XYVQ1h684pp1mJwOV4CyvqZXqbc8CMsMGUnAbuc82ZCdv1U63w5RSUzgDSXQHG5Rps/kiksH6g2D5BuaKyXg==", "requires": { "core-js-pure": "^3.0.0", "regenerator-runtime": "^0.13.4" @@ -10016,11 +10008,6 @@ "version": "3.4.0", "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz", "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==" - }, - "ws": { - "version": "7.4.3", - "resolved": "https://registry.npmjs.org/ws/-/ws-7.4.3.tgz", - "integrity": "sha512-hr6vCR76GsossIRsr8OLR9acVVm1jyfEWvhbNjtgPOrfvAlKzvyeg/P6r8RuDjRyrcQoPQT7K0DGEPc7Ae6jzA==" } } }, diff --git a/package.json b/package.json index 570da75218..f90933e2ca 100644 --- a/package.json +++ b/package.json @@ -47,7 +47,7 @@ "mime": "2.5.2", "mongodb": "3.6.6", "mustache": "4.2.0", - "parse": "3.1.0", + "parse": "3.2.0", "pg-monitor": "1.4.1", "pg-promise": "10.10.1", "pluralize": "8.0.0", From 51e08009f8d286eb8cbd2a7b288746323366d99c Mon Sep 17 00:00:00 2001 From: dblythy Date: Sun, 2 May 2021 19:23:46 +1000 Subject: [PATCH 08/55] Fix: properly pass req.user to liveQuery triggers (#7296) --- spec/ParseLiveQuery.spec.js | 63 +++++++++++++++++++++++++++ src/LiveQuery/ParseLiveQueryServer.js | 42 ++++++++++++++---- 2 files changed, 97 insertions(+), 8 deletions(-) diff --git a/spec/ParseLiveQuery.spec.js b/spec/ParseLiveQuery.spec.js index 43e91e03bb..65d1836c5f 100644 --- a/spec/ParseLiveQuery.spec.js +++ b/spec/ParseLiveQuery.spec.js @@ -645,6 +645,69 @@ describe('ParseLiveQuery', function () { await object.save(); }); + it('LiveQuery with ACL', async () => { + await reconfigureServer({ + liveQuery: { + classNames: ['Chat'], + }, + startLiveQueryServer: true, + verbose: false, + silent: true, + }); + const user = new Parse.User(); + user.setUsername('username'); + user.setPassword('password'); + await user.signUp(); + + const calls = { + beforeConnect(req) { + expect(req.event).toBe('connect'); + expect(req.clients).toBe(0); + expect(req.subscriptions).toBe(0); + expect(req.useMasterKey).toBe(false); + expect(req.installationId).toBeDefined(); + expect(req.client).toBeDefined(); + }, + beforeSubscribe(req) { + expect(req.op).toBe('subscribe'); + expect(req.requestId).toBe(1); + expect(req.query).toBeDefined(); + expect(req.user).toBeDefined(); + }, + afterLiveQueryEvent(req) { + expect(req.user).toBeDefined(); + expect(req.object.get('foo')).toBe('bar'); + }, + create(object) { + expect(object.get('foo')).toBe('bar'); + }, + delete(object) { + expect(object.get('foo')).toBe('bar'); + }, + }; + for (const key in calls) { + spyOn(calls, key).and.callThrough(); + } + Parse.Cloud.beforeConnect(calls.beforeConnect); + Parse.Cloud.beforeSubscribe('Chat', calls.beforeSubscribe); + Parse.Cloud.afterLiveQueryEvent('Chat', calls.afterLiveQueryEvent); + + const chatQuery = new Parse.Query('Chat'); + const subscription = await chatQuery.subscribe(); + subscription.on('create', calls.create); + subscription.on('delete', calls.delete); + const object = new Parse.Object('Chat'); + const acl = new Parse.ACL(user); + object.setACL(acl); + object.set({ foo: 'bar' }); + await object.save(); + await object.destroy(); + await new Promise(resolve => setTimeout(resolve, 200)); + for (const key in calls) { + expect(calls[key]).toHaveBeenCalled(); + } + }); + it('handle invalid websocket payload length', async done => { await reconfigureServer({ liveQuery: { diff --git a/src/LiveQuery/ParseLiveQueryServer.js b/src/LiveQuery/ParseLiveQueryServer.js index d60615d5b5..5a44ae5c8b 100644 --- a/src/LiveQuery/ParseLiveQueryServer.js +++ b/src/LiveQuery/ParseLiveQueryServer.js @@ -170,8 +170,10 @@ class ParseLiveQueryServer { }; const trigger = getTrigger(className, 'afterEvent', Parse.applicationId); if (trigger) { - const auth = await this.getAuthForSessionToken(res.sessionToken); - res.user = auth.user; + const auth = await this.getAuthFromClient(client, requestId); + if (auth && auth.user) { + res.user = auth.user; + } if (res.object) { res.object = Parse.Object.fromJSON(res.object); } @@ -317,8 +319,10 @@ class ParseLiveQueryServer { if (res.original) { res.original = Parse.Object.fromJSON(res.original); } - const auth = await this.getAuthForSessionToken(res.sessionToken); - res.user = auth.user; + const auth = await this.getAuthFromClient(client, requestId); + if (auth && auth.user) { + res.user = auth.user; + } await runTrigger(trigger, `afterEvent.${className}`, res, auth); } if (!res.sendEvent) { @@ -579,6 +583,24 @@ class ParseLiveQueryServer { }); } + async getAuthFromClient(client: any, requestId: number, sessionToken: string) { + const getSessionFromClient = () => { + const subscriptionInfo = client.getSubscriptionInfo(requestId); + if (typeof subscriptionInfo === 'undefined') { + return client.sessionToken; + } + return subscriptionInfo.sessionToken || client.sessionToken; + }; + if (!sessionToken) { + sessionToken = getSessionFromClient(); + } + if (!sessionToken) { + return; + } + const { auth } = await this.getAuthForSessionToken(sessionToken); + return auth; + } + async _matchesACL(acl: any, client: any, requestId: number): Promise { // Return true directly if ACL isn't present, ACL is public read, or client has master key if (!acl || acl.getPublicReadAccess() || client.hasMasterKey) { @@ -631,8 +653,10 @@ class ParseLiveQueryServer { }; const trigger = getTrigger('@Connect', 'beforeConnect', Parse.applicationId); if (trigger) { - const auth = await this.getAuthForSessionToken(req.sessionToken); - req.user = auth.user; + const auth = await this.getAuthFromClient(client, request.requestId, req.sessionToken); + if (auth && auth.user) { + req.user = auth.user; + } await runTrigger(trigger, `beforeConnect.@Connect`, req, auth); } parseWebsocket.clientId = clientId; @@ -690,8 +714,10 @@ class ParseLiveQueryServer { try { const trigger = getTrigger(className, 'beforeSubscribe', Parse.applicationId); if (trigger) { - const auth = await this.getAuthForSessionToken(request.sessionToken); - request.user = auth.user; + const auth = await this.getAuthFromClient(client, request.requestId, request.sessionToken); + if (auth && auth.user) { + request.user = auth.user; + } const parseQuery = new Parse.Query(className); parseQuery.withJSON(request.query); From 87476da31e28e064fa7192998c67de9c31ac18a6 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Wed, 12 May 2021 19:57:40 +0300 Subject: [PATCH 09/55] fix: upgrade apollo-server-express from 2.22.2 to 2.23.0 (#7380) Snyk has created this PR to upgrade apollo-server-express from 2.22.2 to 2.23.0. See this package in npm: https://www.npmjs.com/package/apollo-server-express See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 265 +++++++++++++++++++++++++++++----------------- package.json | 2 +- 2 files changed, 166 insertions(+), 101 deletions(-) diff --git a/package-lock.json b/package-lock.json index 337e95eea5..6ccb441842 100644 --- a/package-lock.json +++ b/package-lock.json @@ -68,9 +68,9 @@ } }, "@apollo/protobufjs": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/@apollo/protobufjs/-/protobufjs-1.0.5.tgz", - "integrity": "sha512-ZtyaBH1icCgqwIGb3zrtopV2D5Q8yxibkJzlaViM08eOhTQc7rACdYu0pfORFfhllvdMZ3aq69vifYHszY4gNA==", + "version": "1.2.2", + "resolved": "https://registry.npmjs.org/@apollo/protobufjs/-/protobufjs-1.2.2.tgz", + "integrity": "sha512-vF+zxhPiLtkwxONs6YanSt1EpwpGilThpneExUN5K3tCymuxNnVq2yojTvnpRjv2QfsEIt/n7ozPIIzBLwGIDQ==", "requires": { "@protobufjs/aspromise": "^1.1.2", "@protobufjs/base64": "^1.1.2", @@ -88,18 +88,18 @@ }, "dependencies": { "@types/node": { - "version": "10.17.58", - "resolved": "https://registry.npmjs.org/@types/node/-/node-10.17.58.tgz", - "integrity": "sha512-Dn5RBxLohjdHFj17dVVw3rtrZAeXeWg+LQfvxDIW/fdPkSiuQk7h3frKMYtsQhtIW42wkErDcy9UMVxhGW4O7w==" + "version": "10.17.59", + "resolved": "https://registry.npmjs.org/@types/node/-/node-10.17.59.tgz", + "integrity": "sha512-7Uc8IRrL8yZz5ti45RaFxpbU8TxlzdC3HvxV+hOWo1EyLsuKv/w7y0n+TwZzwL3vdx3oZ2k3ubxPq131hNtXyg==" } } }, "@apollographql/apollo-tools": { - "version": "0.4.9", - "resolved": "https://registry.npmjs.org/@apollographql/apollo-tools/-/apollo-tools-0.4.9.tgz", - "integrity": "sha512-M50pk8oo3CGTu4waGOklIX3YtTZoPfWG9K/G9WB8NpyQGA1OwYTiBFv94XqUtKElTDoFwoMXpMQd3Wy5dINvxA==", + "version": "0.5.0", + "resolved": "https://registry.npmjs.org/@apollographql/apollo-tools/-/apollo-tools-0.5.0.tgz", + "integrity": "sha512-7IOZHVaKjBq44StXFJEITl4rxgZCsZFSWogAvIErKR9DYV20rt9bJ2mY5lCn+zghfGrweykjLb9g4TDxLg750w==", "requires": { - "apollo-env": "^0.6.6" + "apollo-env": "^0.10.0" } }, "@apollographql/graphql-playground-html": { @@ -1453,9 +1453,9 @@ } }, "@josephg/resolvable": { - "version": "1.0.0", - "resolved": "https://registry.npmjs.org/@josephg/resolvable/-/resolvable-1.0.0.tgz", - "integrity": "sha512-OfTtjoqB2doov5aTJxkyAMK8dXoo7CjCUQSYUEtiY34jbWduOGV7+168tmCT8COMsUEd5DMSFg/0iAOPCBTNAQ==" + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/@josephg/resolvable/-/resolvable-1.0.1.tgz", + "integrity": "sha512-CtzORUwWTTOTqfVtHaKRJ0I1kNQd1bpn3sUh8I3nJDVY+5/M/Oe1DnEWzPQvqq/xPIIkzzzIP7mfCoAjFRvDhg==" }, "@napi-rs/triples": { "version": "1.0.2", @@ -1812,12 +1812,9 @@ } }, "@types/cors": { - "version": "2.8.8", - "resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.8.tgz", - "integrity": "sha512-fO3gf3DxU2Trcbr75O7obVndW/X5k8rJNZkLXlQWStTHhP71PkRqjwPIEI0yMnJdg9R9OasjU+Bsr+Hr1xy/0w==", - "requires": { - "@types/express": "*" - } + "version": "2.8.10", + "resolved": "https://registry.npmjs.org/@types/cors/-/cors-2.8.10.tgz", + "integrity": "sha512-C7srjHiVG3Ey1nR6d511dtDkCEjxuN9W1HWAEjGq8kpcwmNM6JJkpC0xvabM7BXTG2wDq8Eu33iH9aQKa7IvLQ==" }, "@types/express": { "version": "4.17.7", @@ -1959,9 +1956,9 @@ "integrity": "sha512-XYmBiy+ohOR4Lh5jE379fV2IU+6Jn4g5qASinhitfyO71b/sCo6MKsMLF5tc7Zf2CE8hViVQyYSobJNke8OvUw==" }, "@types/node-fetch": { - "version": "2.5.7", - "resolved": "https://registry.npmjs.org/@types/node-fetch/-/node-fetch-2.5.7.tgz", - "integrity": "sha512-o2WVNf5UhWRkxlf6eq+jMZDu7kjgpgJfl4xVNlvryc95O/6F2ld8ztKX+qu+Rjyet93WAWm5LjeX9H5FGkODvw==", + "version": "2.5.10", + "resolved": "https://registry.npmjs.org/@types/node-fetch/-/node-fetch-2.5.10.tgz", + "integrity": "sha512-IpkX0AasN44hgEad0gEF/V6EgR5n69VEqPEgnmoM8GsIGro3PowbWs4tR6IhxUTyPLpOn+fiGG6nrQhcmoCuIQ==", "requires": { "@types/node": "*", "form-data": "^3.0.0" @@ -2002,9 +1999,9 @@ } }, "@types/ws": { - "version": "7.4.1", - "resolved": "https://registry.npmjs.org/@types/ws/-/ws-7.4.1.tgz", - "integrity": "sha512-ISCK1iFnR+jYv7+jLNX0wDqesZ/5RAeY3wUx6QaphmocphU61h+b+PHjS18TF4WIPTu/MMzxIq2PHr32o2TS5Q==", + "version": "7.4.2", + "resolved": "https://registry.npmjs.org/@types/ws/-/ws-7.4.2.tgz", + "integrity": "sha512-PbeN0Eydl7LQl4OIav29YmkO2LxbVuz3nZD/kb19lOS+wLgIkRbWMNmU/QQR7ABpOJ7D7xDOU8co7iohObewrw==", "requires": { "@types/node": "*" } @@ -2340,12 +2337,12 @@ } }, "apollo-cache-control": { - "version": "0.12.0", - "resolved": "https://registry.npmjs.org/apollo-cache-control/-/apollo-cache-control-0.12.0.tgz", - "integrity": "sha512-kClF5rfAm159Nboul1LxA+l58Tjz0M8L1GUknEMpZt0UHhILLAn3BfcG3ToX4TbNoR9M57kKMUcbPWLdy3Up7w==", + "version": "0.13.0", + "resolved": "https://registry.npmjs.org/apollo-cache-control/-/apollo-cache-control-0.13.0.tgz", + "integrity": "sha512-ImUXwVc/8K9QA3mQiKbKw8bOS4lMNL4DoP4hldIx+gwna8dgh3gBChgxW5guMOhcvH/55ximS7ZNWUglFmQY4Q==", "requires": { - "apollo-server-env": "^3.0.0", - "apollo-server-plugin-base": "^0.11.0" + "apollo-server-env": "^3.1.0", + "apollo-server-plugin-base": "^0.12.0" } }, "apollo-cache-inmemory": { @@ -2419,32 +2416,40 @@ } }, "apollo-datasource": { - "version": "0.8.0", - "resolved": "https://registry.npmjs.org/apollo-datasource/-/apollo-datasource-0.8.0.tgz", - "integrity": "sha512-gXgsGVLuejLc138z/2jUjPAzadDQxWbcLJyBgaQsg5BaXJNkv5uW/NjiSPk00cK51hyZrb0Xx8a+L+wPk2qIBA==", + "version": "0.9.0", + "resolved": "https://registry.npmjs.org/apollo-datasource/-/apollo-datasource-0.9.0.tgz", + "integrity": "sha512-y8H99NExU1Sk4TvcaUxTdzfq2SZo6uSj5dyh75XSQvbpH6gdAXIW9MaBcvlNC7n0cVPsidHmOcHOWxJ/pTXGjA==", "requires": { - "apollo-server-caching": "^0.6.0", - "apollo-server-env": "^3.0.0" + "apollo-server-caching": "^0.7.0", + "apollo-server-env": "^3.1.0" } }, "apollo-env": { - "version": "0.6.6", - "resolved": "https://registry.npmjs.org/apollo-env/-/apollo-env-0.6.6.tgz", - "integrity": "sha512-hXI9PjJtzmD34XviBU+4sPMOxnifYrHVmxpjykqI/dUD2G3yTiuRaiQqwRwB2RCdwC1Ug/jBfoQ/NHDTnnjndQ==", + "version": "0.10.0", + "resolved": "https://registry.npmjs.org/apollo-env/-/apollo-env-0.10.0.tgz", + "integrity": "sha512-7Geot+eyOl4jzPi9beiszeDmEEVZOVT11LSlkQluF5eaCNaIvld+xklZxITZGI/Wr+PQX380YJgQt1ndR2GtOg==", "requires": { - "@types/node-fetch": "2.5.7", + "@types/node-fetch": "^2.5.10", "core-js": "^3.0.1", - "node-fetch": "^2.2.0", + "node-fetch": "^2.6.1", "sha.js": "^2.4.11" } }, "apollo-graphql": { - "version": "0.6.1", - "resolved": "https://registry.npmjs.org/apollo-graphql/-/apollo-graphql-0.6.1.tgz", - "integrity": "sha512-ZRXAV+k+hboCVS+FW86FW/QgnDR7gm/xMUwJPGXEbV53OLGuQQdIT0NCYK7AzzVkCfsbb7NJ3mmEclkZY9uuxQ==", + "version": "0.9.2", + "resolved": "https://registry.npmjs.org/apollo-graphql/-/apollo-graphql-0.9.2.tgz", + "integrity": "sha512-+c/vqC2LPq3e5kO7MfBxDDiljzLog/THZr9Pd46HVaKAhHUxFL0rJEbT17VhjdOoZGWFWLYG7x9hiN6EQD1xZQ==", "requires": { - "apollo-env": "^0.6.6", - "lodash.sortby": "^4.7.0" + "core-js-pure": "^3.10.2", + "lodash.sortby": "^4.7.0", + "sha.js": "^2.4.11" + }, + "dependencies": { + "core-js-pure": { + "version": "3.11.3", + "resolved": "https://registry.npmjs.org/core-js-pure/-/core-js-pure-3.11.3.tgz", + "integrity": "sha512-1c18Ef3sZh3l6R0I5ciNVxAfXxlQDW/6IoCayUvut4UipK3Ut682iuzhlEaHb4RITkLrzevUB+q/TEVbOA0p6g==" + } } }, "apollo-link": { @@ -2522,17 +2527,17 @@ } }, "apollo-reporting-protobuf": { - "version": "0.6.2", - "resolved": "https://registry.npmjs.org/apollo-reporting-protobuf/-/apollo-reporting-protobuf-0.6.2.tgz", - "integrity": "sha512-WJTJxLM+MRHNUxt1RTl4zD0HrLdH44F2mDzMweBj1yHL0kSt8I1WwoiF/wiGVSpnG48LZrBegCaOJeuVbJTbtw==", + "version": "0.7.0", + "resolved": "https://registry.npmjs.org/apollo-reporting-protobuf/-/apollo-reporting-protobuf-0.7.0.tgz", + "integrity": "sha512-PC+zDqPPJcseemqmvUEqFiDi45pz6UaPWt6czgmrrbcQ+9VWp6IEkm08V5xBKk7V1WGUw19YwiJ7kqXpcgVNyw==", "requires": { - "@apollo/protobufjs": "^1.0.3" + "@apollo/protobufjs": "1.2.2" } }, "apollo-server-caching": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/apollo-server-caching/-/apollo-server-caching-0.6.0.tgz", - "integrity": "sha512-SfjKaccrhRzUQ8TAke9FrYppp4pZV3Rp8KCs+4Ox3kGtbco68acRPJkiYYtSVc4idR8XNAUOOVfAEZVNHdZQKQ==", + "version": "0.7.0", + "resolved": "https://registry.npmjs.org/apollo-server-caching/-/apollo-server-caching-0.7.0.tgz", + "integrity": "sha512-MsVCuf/2FxuTFVhGLK13B+TZH9tBd2qkyoXKKILIiGcZ5CDUEBO14vIV63aNkMkS1xxvK2U4wBcuuNj/VH2Mkw==", "requires": { "lru-cache": "^6.0.0" }, @@ -2548,28 +2553,28 @@ } }, "apollo-server-core": { - "version": "2.23.0", - "resolved": "https://registry.npmjs.org/apollo-server-core/-/apollo-server-core-2.23.0.tgz", - "integrity": "sha512-3/a4LPgRADc8CdT/nRh7W0CAqQv3Q4DJvakWQgKqGSqDEb/0u4IBynYjlQKuPBi4wwKdeK2Hb1wiQLl+zu4StQ==", + "version": "2.24.0", + "resolved": "https://registry.npmjs.org/apollo-server-core/-/apollo-server-core-2.24.0.tgz", + "integrity": "sha512-uW7gykPzhin9fLgSvciN8tX7098mHnUM79W3+fWfK5J415JidIqW9O+JhYmEPo6BCgosu0cKSdYe7NB+FP4lFQ==", "requires": { - "@apollographql/apollo-tools": "^0.4.3", + "@apollographql/apollo-tools": "^0.5.0", "@apollographql/graphql-playground-html": "1.6.27", "@apollographql/graphql-upload-8-fork": "^8.1.3", "@josephg/resolvable": "^1.0.0", "@types/ws": "^7.0.0", - "apollo-cache-control": "^0.12.0", - "apollo-datasource": "^0.8.0", - "apollo-graphql": "^0.6.0", - "apollo-reporting-protobuf": "^0.6.2", - "apollo-server-caching": "^0.6.0", - "apollo-server-env": "^3.0.0", + "apollo-cache-control": "^0.13.0", + "apollo-datasource": "^0.9.0", + "apollo-graphql": "^0.9.0", + "apollo-reporting-protobuf": "^0.7.0", + "apollo-server-caching": "^0.7.0", + "apollo-server-env": "^3.1.0", "apollo-server-errors": "^2.5.0", - "apollo-server-plugin-base": "^0.11.0", - "apollo-server-types": "^0.7.0", - "apollo-tracing": "^0.13.0", + "apollo-server-plugin-base": "^0.12.0", + "apollo-server-types": "^0.8.0", + "apollo-tracing": "^0.14.0", "async-retry": "^1.2.1", "fast-json-stable-stringify": "^2.0.0", - "graphql-extensions": "^0.13.0", + "graphql-extensions": "^0.14.0", "graphql-tag": "^2.11.0", "graphql-tools": "^4.0.8", "loglevel": "^1.6.7", @@ -2580,6 +2585,16 @@ "ws": "^6.0.0" }, "dependencies": { + "apollo-server-types": { + "version": "0.8.0", + "resolved": "https://registry.npmjs.org/apollo-server-types/-/apollo-server-types-0.8.0.tgz", + "integrity": "sha512-adHJnHbRV2kWUY0VQY1M2KpSdGfm+4mX4w+2lROPExqOnkyTI7CGfpJCdEwYMKrIn3aH8HIcOH0SnpWRet6TNw==", + "requires": { + "apollo-reporting-protobuf": "^0.7.0", + "apollo-server-caching": "^0.7.0", + "apollo-server-env": "^3.1.0" + } + }, "lru-cache": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", @@ -2599,11 +2614,11 @@ } }, "apollo-server-env": { - "version": "3.0.0", - "resolved": "https://registry.npmjs.org/apollo-server-env/-/apollo-server-env-3.0.0.tgz", - "integrity": "sha512-tPSN+VttnPsoQAl/SBVUpGbLA97MXG990XIwq6YUnJyAixrrsjW1xYG7RlaOqetxm80y5mBZKLrRDiiSsW/vog==", + "version": "3.1.0", + "resolved": "https://registry.npmjs.org/apollo-server-env/-/apollo-server-env-3.1.0.tgz", + "integrity": "sha512-iGdZgEOAuVop3vb0F2J3+kaBVi4caMoxefHosxmgzAbbSpvWehB8Y1QiSyyMeouYC38XNVk5wnZl+jdGSsWsIQ==", "requires": { - "node-fetch": "^2.1.2", + "node-fetch": "^2.6.1", "util.promisify": "^1.0.0" } }, @@ -2613,21 +2628,21 @@ "integrity": "sha512-lO5oTjgiC3vlVg2RKr3RiXIIQ5pGXBFxYGGUkKDhTud3jMIhs+gel8L8zsEjKaKxkjHhCQAA/bcEfYiKkGQIvA==" }, "apollo-server-express": { - "version": "2.22.2", - "resolved": "https://registry.npmjs.org/apollo-server-express/-/apollo-server-express-2.22.2.tgz", - "integrity": "sha512-MRiWF/oT6toUz909iq1I08vKfRxaqRMKS/v9kzyEXcnuudUCQ5WnxrjZEh/iMEfr7RHSQ4STjY7E/ZooPnueqA==", + "version": "2.23.0", + "resolved": "https://registry.npmjs.org/apollo-server-express/-/apollo-server-express-2.23.0.tgz", + "integrity": "sha512-tzil7c51ODH0rT1Bc5VMksdWzHrYGavdLtnDz4M0ePiTm18Gc81HD7X/4DPczorerEpfwwkf2YlADtPQfRSxlw==", "requires": { "@apollographql/graphql-playground-html": "1.6.27", "@types/accepts": "^1.3.5", "@types/body-parser": "1.19.0", - "@types/cors": "2.8.8", + "@types/cors": "2.8.10", "@types/express": "4.17.11", "@types/express-serve-static-core": "4.17.19", "accepts": "^1.3.5", - "apollo-server-core": "^2.22.2", + "apollo-server-core": "^2.23.0", "apollo-server-types": "^0.7.0", "body-parser": "^1.18.3", - "cors": "^2.8.4", + "cors": "^2.8.5", "express": "^4.17.1", "graphql-subscriptions": "^1.0.0", "graphql-tools": "^4.0.8", @@ -2660,11 +2675,23 @@ } }, "apollo-server-plugin-base": { - "version": "0.11.0", - "resolved": "https://registry.npmjs.org/apollo-server-plugin-base/-/apollo-server-plugin-base-0.11.0.tgz", - "integrity": "sha512-Du68x0XCyQ6EWlgoL9Z+1s8fJfXgY131QbKP7ao617StQPzwB0aGCwxBDfcMt1A75VXf4TkvV1rdUH5YeJFlhQ==", + "version": "0.12.0", + "resolved": "https://registry.npmjs.org/apollo-server-plugin-base/-/apollo-server-plugin-base-0.12.0.tgz", + "integrity": "sha512-jnNIztYz34ImE7off0t9LwseGCR/J0H1wlbiBGvdXvQY+ZiMfVF2oF8KdSAPxG2vT6scvWP4GFS/FsZcOyP1Xw==", "requires": { - "apollo-server-types": "^0.7.0" + "apollo-server-types": "^0.8.0" + }, + "dependencies": { + "apollo-server-types": { + "version": "0.8.0", + "resolved": "https://registry.npmjs.org/apollo-server-types/-/apollo-server-types-0.8.0.tgz", + "integrity": "sha512-adHJnHbRV2kWUY0VQY1M2KpSdGfm+4mX4w+2lROPExqOnkyTI7CGfpJCdEwYMKrIn3aH8HIcOH0SnpWRet6TNw==", + "requires": { + "apollo-reporting-protobuf": "^0.7.0", + "apollo-server-caching": "^0.7.0", + "apollo-server-env": "^3.1.0" + } + } } }, "apollo-server-types": { @@ -2675,15 +2702,41 @@ "apollo-reporting-protobuf": "^0.6.2", "apollo-server-caching": "^0.6.0", "apollo-server-env": "^3.0.0" + }, + "dependencies": { + "apollo-reporting-protobuf": { + "version": "0.6.2", + "resolved": "https://registry.npmjs.org/apollo-reporting-protobuf/-/apollo-reporting-protobuf-0.6.2.tgz", + "integrity": "sha512-WJTJxLM+MRHNUxt1RTl4zD0HrLdH44F2mDzMweBj1yHL0kSt8I1WwoiF/wiGVSpnG48LZrBegCaOJeuVbJTbtw==", + "requires": { + "@apollo/protobufjs": "^1.0.3" + } + }, + "apollo-server-caching": { + "version": "0.6.0", + "resolved": "https://registry.npmjs.org/apollo-server-caching/-/apollo-server-caching-0.6.0.tgz", + "integrity": "sha512-SfjKaccrhRzUQ8TAke9FrYppp4pZV3Rp8KCs+4Ox3kGtbco68acRPJkiYYtSVc4idR8XNAUOOVfAEZVNHdZQKQ==", + "requires": { + "lru-cache": "^6.0.0" + } + }, + "lru-cache": { + "version": "6.0.0", + "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", + "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", + "requires": { + "yallist": "^4.0.0" + } + } } }, "apollo-tracing": { - "version": "0.13.0", - "resolved": "https://registry.npmjs.org/apollo-tracing/-/apollo-tracing-0.13.0.tgz", - "integrity": "sha512-28z4T+XfLQ6t696usU0nTFDxVN8BfF3o74d2p/zsT4eu1OuoyoDOEmVJqdInmVRpyTJK0tDEOjkIuDJJHZftog==", + "version": "0.14.0", + "resolved": "https://registry.npmjs.org/apollo-tracing/-/apollo-tracing-0.14.0.tgz", + "integrity": "sha512-KH4mOoicZ2CQkEYVuNP9avJth59LwNqku3fKZ4S0UYE1RfxzIoLLsEyuY8MuJEgNdtKKfkX5G5Kn5Rp4LCJ4RQ==", "requires": { - "apollo-server-env": "^3.0.0", - "apollo-server-plugin-base": "^0.11.0" + "apollo-server-env": "^3.1.0", + "apollo-server-plugin-base": "^0.12.0" } }, "apollo-upload-client": { @@ -4011,9 +4064,9 @@ "optional": true }, "core-js": { - "version": "3.10.2", - "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.10.2.tgz", - "integrity": "sha512-W+2oVYeNghuBr3yTzZFQ5rfmjZtYB/Ubg87R5YOmlGrIb+Uw9f7qjUbhsj+/EkXhcV7eOD3jiM4+sgraX3FZUw==" + "version": "3.11.3", + "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.11.3.tgz", + "integrity": "sha512-DFEW9BllWw781Op5KdYGtXfj3s9Cmykzt16bY6elaVuqXHCUwF/5pv0H3IJ7/I3BGjK7OeU+GrjD1ChCkBJPuA==" }, "core-js-compat": { "version": "3.10.1", @@ -6465,13 +6518,25 @@ "integrity": "sha512-OmaM7y0kaK31NKG31q4YbD2beNYa6jBBKtMFT6gLYJljHLJr42IqJ8KX08u3Li/0ifzTU5HjmoOOrwa5BRLeDA==" }, "graphql-extensions": { - "version": "0.13.0", - "resolved": "https://registry.npmjs.org/graphql-extensions/-/graphql-extensions-0.13.0.tgz", - "integrity": "sha512-Bb7E97nvfX4gtrIdZ/i5YFlqOd6MGzrw8ED+t4wQVraYje6NQ+8P8MHMOV2WZLfbW8zsNTx8NdnnlbsdH5siag==", + "version": "0.14.0", + "resolved": "https://registry.npmjs.org/graphql-extensions/-/graphql-extensions-0.14.0.tgz", + "integrity": "sha512-DFtD8G+6rSj/Xhtb0IPh4A/sB/qcSEm9MTS221ESCx+axrsME92wGEsr7ihVjn1/tEEIy+9V5lUQOH/dHkCb0A==", "requires": { - "@apollographql/apollo-tools": "^0.4.3", - "apollo-server-env": "^3.0.0", - "apollo-server-types": "^0.7.0" + "@apollographql/apollo-tools": "^0.5.0", + "apollo-server-env": "^3.1.0", + "apollo-server-types": "^0.8.0" + }, + "dependencies": { + "apollo-server-types": { + "version": "0.8.0", + "resolved": "https://registry.npmjs.org/apollo-server-types/-/apollo-server-types-0.8.0.tgz", + "integrity": "sha512-adHJnHbRV2kWUY0VQY1M2KpSdGfm+4mX4w+2lROPExqOnkyTI7CGfpJCdEwYMKrIn3aH8HIcOH0SnpWRet6TNw==", + "requires": { + "apollo-reporting-protobuf": "^0.7.0", + "apollo-server-caching": "^0.7.0", + "apollo-server-env": "^3.1.0" + } + } } }, "graphql-list-fields": { @@ -7108,9 +7173,9 @@ "integrity": "sha512-eVRqCvVlZbuw3GrM63ovNSNAeA1K16kaR/LRY/92w0zxQ5/1YzwblUX652i4Xs9RwAGjW9d9y6X88t8OaAJfWQ==" }, "is-bigint": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/is-bigint/-/is-bigint-1.0.1.tgz", - "integrity": "sha512-J0ELF4yHFxHy0cmSxZuheDOz2luOdVvqjwmEcj8H/L1JHeuEDSDbeRP+Dk9kFVk5RTFzbucJ2Kb9F7ixY2QaCg==" + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/is-bigint/-/is-bigint-1.0.2.tgz", + "integrity": "sha512-0JV5+SOCQkIdzjBK9buARcV804Ddu7A0Qet6sHi3FimE9ne6m4BGQZfRn+NZiXbBk4F4XmHfDZIipLj9pX8dSA==" }, "is-binary-path": { "version": "1.0.1", @@ -7174,9 +7239,9 @@ } }, "is-date-object": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.2.tgz", - "integrity": "sha512-USlDT524woQ08aoZFzh3/Z6ch9Y/EWXEHQ/AaRN0SkKq4t2Jw2R2339tSXmwuVoY7LLlBCbOIlx2myP/L5zk0g==" + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.3.tgz", + "integrity": "sha512-tDpEUInNcy2Yw3lNSepK3Wdw1RnXLcIVienz6Ou631Acl15cJyRWK4dgA1vCmOEgIbtOV0W7MHg+AR2Gdg1NXQ==" }, "is-descriptor": { "version": "0.1.6", diff --git a/package.json b/package.json index f90933e2ca..6338e7688b 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "@graphql-tools/utils": "6.2.4", "@parse/fs-files-adapter": "1.2.0", "@parse/push-adapter": "3.4.0", - "apollo-server-express": "2.22.2", + "apollo-server-express": "2.23.0", "bcryptjs": "2.4.3", "body-parser": "1.19.0", "commander": "5.1.0", From 34f3dd9e7e1908b713355ddb235b1e5d02634663 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Wed, 12 May 2021 19:58:47 +0300 Subject: [PATCH 10/55] fix: upgrade ws from 7.4.4 to 7.4.5 (#7381) Snyk has created this PR to upgrade ws from 7.4.4 to 7.4.5. See this package in npm: https://www.npmjs.com/package/ws See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 11 ++++++++--- package.json | 2 +- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 6ccb441842..2594fe1d01 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10073,6 +10073,11 @@ "version": "3.4.0", "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz", "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==" + }, + "ws": { + "version": "7.4.4", + "resolved": "https://registry.npmjs.org/ws/-/ws-7.4.4.tgz", + "integrity": "sha512-Qm8k8ojNQIMx7S+Zp8u/uHOx7Qazv3Yv4q68MiWWWOJhiwG5W3x7iqmRtJo8xxrciZUY4vRxUTJCKuRnF28ZZw==" } } }, @@ -12675,9 +12680,9 @@ } }, "ws": { - "version": "7.4.4", - "resolved": "https://registry.npmjs.org/ws/-/ws-7.4.4.tgz", - "integrity": "sha512-Qm8k8ojNQIMx7S+Zp8u/uHOx7Qazv3Yv4q68MiWWWOJhiwG5W3x7iqmRtJo8xxrciZUY4vRxUTJCKuRnF28ZZw==" + "version": "7.4.5", + "resolved": "https://registry.npmjs.org/ws/-/ws-7.4.5.tgz", + "integrity": "sha512-xzyu3hFvomRfXKH8vOFMU3OguG6oOvhXMo3xsGy3xWExqaM2dxBbVxuD99O7m3ZUFMvvscsZDqxfgMaRr/Nr1g==" }, "xmlcreate": { "version": "2.0.3", diff --git a/package.json b/package.json index 6338e7688b..5395916522 100644 --- a/package.json +++ b/package.json @@ -58,7 +58,7 @@ "uuid": "8.3.2", "winston": "3.3.3", "winston-daily-rotate-file": "4.5.2", - "ws": "7.4.4" + "ws": "7.4.5" }, "devDependencies": { "@actions/core": "1.2.6", From bdf73a0151fcc40d0053fbce681943f5f1ffe5f0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 May 2021 12:05:36 -0500 Subject: [PATCH 11/55] chore(deps): bump postcss from 8.2.9 to 8.2.15 (#7383) Bumps [postcss](https://github.com/postcss/postcss) from 8.2.9 to 8.2.15. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss/compare/8.2.9...8.2.15) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/package-lock.json b/package-lock.json index 2594fe1d01..2a81292068 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9406,12 +9406,6 @@ "dev": true, "optional": true }, - "nanoid": { - "version": "3.1.22", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.1.22.tgz", - "integrity": "sha512-/2ZUaJX2ANuLtTvqTlgqBQNJoQO398KyJgZloL0PZkC0dpysjncRUPsFe3DUPzz/y3h+u7C46np8RMuvF3jsSQ==", - "dev": true - }, "nanomatch": { "version": "1.2.13", "resolved": "https://registry.npmjs.org/nanomatch/-/nanomatch-1.2.13.tgz", @@ -10309,16 +10303,22 @@ "optional": true }, "postcss": { - "version": "8.2.9", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.2.9.tgz", - "integrity": "sha512-b+TmuIL4jGtCHtoLi+G/PisuIl9avxs8IZMSmlABRwNz5RLUUACrC+ws81dcomz1nRezm5YPdXiMEzBEKgYn+Q==", + "version": "8.2.15", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.2.15.tgz", + "integrity": "sha512-2zO3b26eJD/8rb106Qu2o7Qgg52ND5HPjcyQiK2B98O388h43A448LCslC0dI2P97wCAQRJsFvwTRcXxTKds+Q==", "dev": true, "requires": { "colorette": "^1.2.2", - "nanoid": "^3.1.22", + "nanoid": "^3.1.23", "source-map": "^0.6.1" }, "dependencies": { + "nanoid": { + "version": "3.1.23", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.1.23.tgz", + "integrity": "sha512-FiB0kzdP0FFVGDKlRLEQ1BgDzU87dy5NnzjeW9YZNt+/c3+q82EQDUwniSAUxp/F0gFNI1ZhKU1FqYsMuqZVnw==", + "dev": true + }, "source-map": { "version": "0.6.1", "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz", From f65bd228fb3491ba217558ec288dd2ee60d0d37d Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Fri, 14 May 2021 19:40:31 +0300 Subject: [PATCH 12/55] fix: upgrade redis from 3.1.1 to 3.1.2 (#7387) Snyk has created this PR to upgrade redis from 3.1.1 to 3.1.2. See this package in npm: https://www.npmjs.com/package/redis See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 6 +++--- package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 2a81292068..03c36fe2ba 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10692,9 +10692,9 @@ } }, "redis": { - "version": "3.1.1", - "resolved": "https://registry.npmjs.org/redis/-/redis-3.1.1.tgz", - "integrity": "sha512-QhkKhOuzhogR1NDJfBD34TQJz2ZJwDhhIC6ZmvpftlmfYShHHQXjjNspAJ+Z2HH5NwSBVYBVganbiZ8bgFMHjg==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/redis/-/redis-3.1.2.tgz", + "integrity": "sha512-grn5KoZLr/qrRQVwoSkmzdbw6pwF+/rwODtrOr6vuBRiR/f3rjSTGupbF90Zpqm2oenix8Do6RV7pYEkGwlKkw==", "requires": { "denque": "^1.5.0", "redis-commands": "^1.7.0", diff --git a/package.json b/package.json index 5395916522..d087c3ff3a 100644 --- a/package.json +++ b/package.json @@ -51,7 +51,7 @@ "pg-monitor": "1.4.1", "pg-promise": "10.10.1", "pluralize": "8.0.0", - "redis": "3.1.1", + "redis": "3.1.2", "semver": "7.3.4", "subscriptions-transport-ws": "0.9.18", "tv4": "1.3.0", From 38c01c6bc32fe769c3a636e45b389e2a995c2ee6 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Tue, 18 May 2021 01:17:52 +0300 Subject: [PATCH 13/55] fix: upgrade follow-redirects from 1.13.3 to 1.14.0 (#7389) Snyk has created this PR to upgrade follow-redirects from 1.13.3 to 1.14.0. See this package in npm: https://www.npmjs.com/package/follow-redirects See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 6 +++--- package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 03c36fe2ba..08f1a37d86 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6152,9 +6152,9 @@ "integrity": "sha512-GRnmB5gPyJpAhTQdSZTSp9uaPSvl09KoYcMQtsB9rQoOmzs9dH6ffeccH+Z+cv6P68Hu5bC6JjRh4Ah/mHSNRw==" }, "follow-redirects": { - "version": "1.13.3", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.13.3.tgz", - "integrity": "sha512-DUgl6+HDzB0iEptNQEXLx/KhTmDb8tZUHSeLqpnjpknR70H0nC2t9N73BK6fN4hOvJ84pKlIQVQ4k5FFlBedKA==" + "version": "1.14.0", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.0.tgz", + "integrity": "sha512-0vRwd7RKQBTt+mgu87mtYeofLFZpTas2S9zY+jIeuLJMNvudIgF52nr19q40HOwH5RrhWIPuj9puybzSJiRrVg==" }, "for-each": { "version": "0.3.3", diff --git a/package.json b/package.json index d087c3ff3a..634099c425 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,7 @@ "cors": "2.8.5", "deepcopy": "2.1.0", "express": "4.17.1", - "follow-redirects": "1.13.3", + "follow-redirects": "1.14.0", "graphql": "15.5.0", "graphql-list-fields": "2.0.2", "graphql-relay": "0.6.0", From e9d8ed4acb03160c8f6d669859fe57d8281937b4 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Mon, 24 May 2021 10:26:35 +0300 Subject: [PATCH 14/55] fix: upgrade winston-daily-rotate-file from 4.5.2 to 4.5.3 (#7398) Snyk has created this PR to upgrade winston-daily-rotate-file from 4.5.2 to 4.5.3. See this package in npm: https://www.npmjs.com/package/winston-daily-rotate-file See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 19 +++++++++++++++---- package.json | 2 +- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 08f1a37d86..d7e27b5187 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12559,14 +12559,25 @@ } }, "winston-daily-rotate-file": { - "version": "4.5.2", - "resolved": "https://registry.npmjs.org/winston-daily-rotate-file/-/winston-daily-rotate-file-4.5.2.tgz", - "integrity": "sha512-DpAz9djExzFGVGRIKCKzsjOQaIINbjOUJ8CRsZGz0SQOMMcO1kM7jqTdzQAM9CRTEksZV9bBw9TT0ddQBGxs9g==", + "version": "4.5.3", + "resolved": "https://registry.npmjs.org/winston-daily-rotate-file/-/winston-daily-rotate-file-4.5.3.tgz", + "integrity": "sha512-/V0wWnxK6RviPIKJ4ZNgBxj2BMHWHMvaBpUsY4wietLsdmoUS77w+XXtAZ2ed44FxaD3n3K8XE2r0J6527uHkw==", "requires": { "file-stream-rotator": "^0.5.7", "object-hash": "^2.0.1", "triple-beam": "^1.3.0", - "winston-transport": "^4.4.0" + "winston-transport": "github:winstonjs/winston-transport#868d657" + }, + "dependencies": { + "winston-transport": { + "version": "github:winstonjs/winston-transport#868d6577956f82ee0b021b119a4de938c61645f7", + "from": "github:winstonjs/winston-transport#868d657", + "requires": { + "logform": "^2.2.0", + "readable-stream": "^2.3.7", + "triple-beam": "^1.2.0" + } + } } }, "winston-transport": { diff --git a/package.json b/package.json index 634099c425..52c025c792 100644 --- a/package.json +++ b/package.json @@ -57,7 +57,7 @@ "tv4": "1.3.0", "uuid": "8.3.2", "winston": "3.3.3", - "winston-daily-rotate-file": "4.5.2", + "winston-daily-rotate-file": "4.5.3", "ws": "7.4.5" }, "devDependencies": { From ff5755b05ac554a107a443a8870f4c2442b0a5f3 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Mon, 24 May 2021 19:26:47 +0300 Subject: [PATCH 15/55] fix: upgrade apollo-server-express from 2.23.0 to 2.24.0 (#7395) Snyk has created this PR to upgrade apollo-server-express from 2.23.0 to 2.24.0. See this package in npm: https://www.npmjs.com/package/apollo-server-express See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 160 +++++++++++++++------------------------------- package.json | 2 +- 2 files changed, 51 insertions(+), 111 deletions(-) diff --git a/package-lock.json b/package-lock.json index d7e27b5187..4b50f44e0e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -88,9 +88,9 @@ }, "dependencies": { "@types/node": { - "version": "10.17.59", - "resolved": "https://registry.npmjs.org/@types/node/-/node-10.17.59.tgz", - "integrity": "sha512-7Uc8IRrL8yZz5ti45RaFxpbU8TxlzdC3HvxV+hOWo1EyLsuKv/w7y0n+TwZzwL3vdx3oZ2k3ubxPq131hNtXyg==" + "version": "10.17.60", + "resolved": "https://registry.npmjs.org/@types/node/-/node-10.17.60.tgz", + "integrity": "sha512-F0KIgDJfy2nA3zMLmWGKxcH2ZVEtCZXHHdOQs2gSaQ27+lNeEfGxzkIw90aXswATX7AZ33tahPbzy6KAfUreVw==" } } }, @@ -1999,9 +1999,9 @@ } }, "@types/ws": { - "version": "7.4.2", - "resolved": "https://registry.npmjs.org/@types/ws/-/ws-7.4.2.tgz", - "integrity": "sha512-PbeN0Eydl7LQl4OIav29YmkO2LxbVuz3nZD/kb19lOS+wLgIkRbWMNmU/QQR7ABpOJ7D7xDOU8co7iohObewrw==", + "version": "7.4.4", + "resolved": "https://registry.npmjs.org/@types/ws/-/ws-7.4.4.tgz", + "integrity": "sha512-d/7W23JAXPodQNbOZNXvl2K+bqAQrCMwlh/nuQsPSQk6Fq0opHoPrUw43aHsvSbIiQPr8Of2hkFbnz1XBFVyZQ==", "requires": { "@types/node": "*" } @@ -2446,9 +2446,9 @@ }, "dependencies": { "core-js-pure": { - "version": "3.11.3", - "resolved": "https://registry.npmjs.org/core-js-pure/-/core-js-pure-3.11.3.tgz", - "integrity": "sha512-1c18Ef3sZh3l6R0I5ciNVxAfXxlQDW/6IoCayUvut4UipK3Ut682iuzhlEaHb4RITkLrzevUB+q/TEVbOA0p6g==" + "version": "3.12.1", + "resolved": "https://registry.npmjs.org/core-js-pure/-/core-js-pure-3.12.1.tgz", + "integrity": "sha512-1cch+qads4JnDSWsvc7d6nzlKAippwjUlf6vykkTLW53VSV+NkE6muGBToAjEA8pG90cSfcud3JgVmW2ds5TaQ==" } } }, @@ -2553,9 +2553,9 @@ } }, "apollo-server-core": { - "version": "2.24.0", - "resolved": "https://registry.npmjs.org/apollo-server-core/-/apollo-server-core-2.24.0.tgz", - "integrity": "sha512-uW7gykPzhin9fLgSvciN8tX7098mHnUM79W3+fWfK5J415JidIqW9O+JhYmEPo6BCgosu0cKSdYe7NB+FP4lFQ==", + "version": "2.24.1", + "resolved": "https://registry.npmjs.org/apollo-server-core/-/apollo-server-core-2.24.1.tgz", + "integrity": "sha512-+T7G2EsC5N/AVo0QJo13r1kFgJk0HTK55YlXbnpJl6qRUF8yKLXMittvIfTWge0uLQGzFzVRhDZ7AQMt/E1TGA==", "requires": { "@apollographql/apollo-tools": "^0.5.0", "@apollographql/graphql-playground-html": "1.6.27", @@ -2585,16 +2585,6 @@ "ws": "^6.0.0" }, "dependencies": { - "apollo-server-types": { - "version": "0.8.0", - "resolved": "https://registry.npmjs.org/apollo-server-types/-/apollo-server-types-0.8.0.tgz", - "integrity": "sha512-adHJnHbRV2kWUY0VQY1M2KpSdGfm+4mX4w+2lROPExqOnkyTI7CGfpJCdEwYMKrIn3aH8HIcOH0SnpWRet6TNw==", - "requires": { - "apollo-reporting-protobuf": "^0.7.0", - "apollo-server-caching": "^0.7.0", - "apollo-server-env": "^3.1.0" - } - }, "lru-cache": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", @@ -2628,9 +2618,9 @@ "integrity": "sha512-lO5oTjgiC3vlVg2RKr3RiXIIQ5pGXBFxYGGUkKDhTud3jMIhs+gel8L8zsEjKaKxkjHhCQAA/bcEfYiKkGQIvA==" }, "apollo-server-express": { - "version": "2.23.0", - "resolved": "https://registry.npmjs.org/apollo-server-express/-/apollo-server-express-2.23.0.tgz", - "integrity": "sha512-tzil7c51ODH0rT1Bc5VMksdWzHrYGavdLtnDz4M0ePiTm18Gc81HD7X/4DPczorerEpfwwkf2YlADtPQfRSxlw==", + "version": "2.24.0", + "resolved": "https://registry.npmjs.org/apollo-server-express/-/apollo-server-express-2.24.0.tgz", + "integrity": "sha512-wVoD53azxqVZt/i4yAm6cDDCXpbzr0AJpzOdNXVFW/KivInWEMF5ekCc80uMOawPeu78U7Skoc20akyvZKc+YA==", "requires": { "@apollographql/graphql-playground-html": "1.6.27", "@types/accepts": "^1.3.5", @@ -2639,8 +2629,8 @@ "@types/express": "4.17.11", "@types/express-serve-static-core": "4.17.19", "accepts": "^1.3.5", - "apollo-server-core": "^2.23.0", - "apollo-server-types": "^0.7.0", + "apollo-server-core": "^2.24.0", + "apollo-server-types": "^0.8.0", "body-parser": "^1.18.3", "cors": "^2.8.5", "express": "^4.17.1", @@ -2680,54 +2670,16 @@ "integrity": "sha512-jnNIztYz34ImE7off0t9LwseGCR/J0H1wlbiBGvdXvQY+ZiMfVF2oF8KdSAPxG2vT6scvWP4GFS/FsZcOyP1Xw==", "requires": { "apollo-server-types": "^0.8.0" - }, - "dependencies": { - "apollo-server-types": { - "version": "0.8.0", - "resolved": "https://registry.npmjs.org/apollo-server-types/-/apollo-server-types-0.8.0.tgz", - "integrity": "sha512-adHJnHbRV2kWUY0VQY1M2KpSdGfm+4mX4w+2lROPExqOnkyTI7CGfpJCdEwYMKrIn3aH8HIcOH0SnpWRet6TNw==", - "requires": { - "apollo-reporting-protobuf": "^0.7.0", - "apollo-server-caching": "^0.7.0", - "apollo-server-env": "^3.1.0" - } - } } }, "apollo-server-types": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/apollo-server-types/-/apollo-server-types-0.7.0.tgz", - "integrity": "sha512-pJ6ri2N4xJ+e2PUUPHeCNpMDzHUagJyn0DDZGQmXDz6aoMlSd4B2KUvK81hHyHkw3wHk9clgcpfM9hKqbfZweA==", + "version": "0.8.0", + "resolved": "https://registry.npmjs.org/apollo-server-types/-/apollo-server-types-0.8.0.tgz", + "integrity": "sha512-adHJnHbRV2kWUY0VQY1M2KpSdGfm+4mX4w+2lROPExqOnkyTI7CGfpJCdEwYMKrIn3aH8HIcOH0SnpWRet6TNw==", "requires": { - "apollo-reporting-protobuf": "^0.6.2", - "apollo-server-caching": "^0.6.0", - "apollo-server-env": "^3.0.0" - }, - "dependencies": { - "apollo-reporting-protobuf": { - "version": "0.6.2", - "resolved": "https://registry.npmjs.org/apollo-reporting-protobuf/-/apollo-reporting-protobuf-0.6.2.tgz", - "integrity": "sha512-WJTJxLM+MRHNUxt1RTl4zD0HrLdH44F2mDzMweBj1yHL0kSt8I1WwoiF/wiGVSpnG48LZrBegCaOJeuVbJTbtw==", - "requires": { - "@apollo/protobufjs": "^1.0.3" - } - }, - "apollo-server-caching": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/apollo-server-caching/-/apollo-server-caching-0.6.0.tgz", - "integrity": "sha512-SfjKaccrhRzUQ8TAke9FrYppp4pZV3Rp8KCs+4Ox3kGtbco68acRPJkiYYtSVc4idR8XNAUOOVfAEZVNHdZQKQ==", - "requires": { - "lru-cache": "^6.0.0" - } - }, - "lru-cache": { - "version": "6.0.0", - "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", - "integrity": "sha512-Jo6dJ04CmSjuznwJSS3pUeWmd/H0ffTlkXXgwZi+eq1UCmqQwCh+eLsYOYCwY991i2Fah4h1BEMCx4qThGbsiA==", - "requires": { - "yallist": "^4.0.0" - } - } + "apollo-reporting-protobuf": "^0.7.0", + "apollo-server-caching": "^0.7.0", + "apollo-server-env": "^3.1.0" } }, "apollo-tracing": { @@ -4064,9 +4016,9 @@ "optional": true }, "core-js": { - "version": "3.11.3", - "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.11.3.tgz", - "integrity": "sha512-DFEW9BllWw781Op5KdYGtXfj3s9Cmykzt16bY6elaVuqXHCUwF/5pv0H3IJ7/I3BGjK7OeU+GrjD1ChCkBJPuA==" + "version": "3.12.1", + "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.12.1.tgz", + "integrity": "sha512-Ne9DKPHTObRuB09Dru5AjwKjY4cJHVGu+y5f7coGn1E9Grkc3p2iBwE9AI/nJzsE29mQF7oq+mhYYRqOMFN1Bw==" }, "core-js-compat": { "version": "3.10.1", @@ -6525,18 +6477,6 @@ "@apollographql/apollo-tools": "^0.5.0", "apollo-server-env": "^3.1.0", "apollo-server-types": "^0.8.0" - }, - "dependencies": { - "apollo-server-types": { - "version": "0.8.0", - "resolved": "https://registry.npmjs.org/apollo-server-types/-/apollo-server-types-0.8.0.tgz", - "integrity": "sha512-adHJnHbRV2kWUY0VQY1M2KpSdGfm+4mX4w+2lROPExqOnkyTI7CGfpJCdEwYMKrIn3aH8HIcOH0SnpWRet6TNw==", - "requires": { - "apollo-reporting-protobuf": "^0.7.0", - "apollo-server-caching": "^0.7.0", - "apollo-server-env": "^3.1.0" - } - } } }, "graphql-list-fields": { @@ -7188,11 +7128,11 @@ } }, "is-boolean-object": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-boolean-object/-/is-boolean-object-1.1.0.tgz", - "integrity": "sha512-a7Uprx8UtD+HWdyYwnD1+ExtTgqQtD2k/1yJgtXP6wnMm8byhkoTZRl+95LLThpzNZJ5aEvi46cdH+ayMFRwmA==", + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/is-boolean-object/-/is-boolean-object-1.1.1.tgz", + "integrity": "sha512-bXdQWkECBUIAcCkeH1unwJLIpZYaa5VvuygSyS/c2lf719mTKZDU5UdDRlpd01UjADgmW8RfqaP+mRaVPdr/Ng==", "requires": { - "call-bind": "^1.0.0" + "call-bind": "^1.0.2" } }, "is-buffer": { @@ -7239,9 +7179,9 @@ } }, "is-date-object": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.3.tgz", - "integrity": "sha512-tDpEUInNcy2Yw3lNSepK3Wdw1RnXLcIVienz6Ou631Acl15cJyRWK4dgA1vCmOEgIbtOV0W7MHg+AR2Gdg1NXQ==" + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.4.tgz", + "integrity": "sha512-/b4ZVsG7Z5XVtIxs/h9W8nvfLgSAyKYdtGWQLbqy6jA1icmgjf8WCoTKgeS4wy5tYaPePouzFMANbnj94c2Z+A==" }, "is-descriptor": { "version": "0.1.6", @@ -7361,9 +7301,9 @@ } }, "is-number-object": { - "version": "1.0.4", - "resolved": "https://registry.npmjs.org/is-number-object/-/is-number-object-1.0.4.tgz", - "integrity": "sha512-zohwelOAur+5uXtk8O3GPQ1eAcu4ZX3UwxQhUlfFFMNpUd83gXgjbhJh6HmB6LUNV/ieOLQuDwJO3dWJosUeMw==" + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/is-number-object/-/is-number-object-1.0.5.tgz", + "integrity": "sha512-RU0lI/n95pMoUKu9v1BZP5MBcZuNSVJkMkAG2dJqC4z2GlkGUNeH68SuHuBKBD/XFe+LHZ+f9BKkLET60Niedw==" }, "is-obj": { "version": "1.0.1", @@ -7408,12 +7348,12 @@ "integrity": "sha512-hvpoI6korhJMnej285dSg6nu1+e6uxs7zG3BYAm5byqDsgJNWwxzM6z6iZiAgQR4TJ30JmBTOwqZUw3WlyH3AQ==" }, "is-regex": { - "version": "1.1.2", - "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.1.2.tgz", - "integrity": "sha512-axvdhb5pdhEVThqJzYXwMlVuZwC+FF2DpcOhTS+y/8jVq4trxyPgfcwIxIKiyeuLlSQYKkmUaPQJ8ZE4yNKXDg==", + "version": "1.1.3", + "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.1.3.tgz", + "integrity": "sha512-qSVXFz28HM7y+IWX6vLCsexdlvzT1PJNFSBuaQLQ5o0IEw8UDYW6/2+eCMVyIsbM8CNLX2a/QWmSpyxYEHY7CQ==", "requires": { "call-bind": "^1.0.2", - "has-symbols": "^1.0.1" + "has-symbols": "^1.0.2" } }, "is-regexp": { @@ -7440,16 +7380,16 @@ "integrity": "sha512-XCoy+WlUr7d1+Z8GgSuXmpuUFC9fOhRXglJMx+dwLKTkL44Cjd4W1Z5P+BQZpr+cR93aGP4S/s7Ftw6Nd/kiEw==" }, "is-string": { - "version": "1.0.5", - "resolved": "https://registry.npmjs.org/is-string/-/is-string-1.0.5.tgz", - "integrity": "sha512-buY6VNRjhQMiF1qWDouloZlQbRhDPCebwxSjxMjxgemYT46YMd2NR0/H+fBhEfWX4A/w9TBJ+ol+okqJKFE6vQ==" + "version": "1.0.6", + "resolved": "https://registry.npmjs.org/is-string/-/is-string-1.0.6.tgz", + "integrity": "sha512-2gdzbKUuqtQ3lYNrUTQYoClPhm7oQu4UdpSZMp1/DGgkHBT8E2Z1l0yMdb6D4zNAxwDiMv8MdulKROJGNl0Q0w==" }, "is-symbol": { - "version": "1.0.3", - "resolved": "https://registry.npmjs.org/is-symbol/-/is-symbol-1.0.3.tgz", - "integrity": "sha512-OwijhaRSgqvhm/0ZdAcXNZt9lYdKFpcRDT5ULUuYXPoT794UNOdU+gpT6Rzo7b4V2HUl/op6GqY894AZwv9faQ==", + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/is-symbol/-/is-symbol-1.0.4.tgz", + "integrity": "sha512-C/CPBqKWnvdcxqIARxyOh4v1UUEOCHpgDa0WYgpKDFMszcrPcffg5uhwSgPCLD2WWxmq6isisz87tzT01tuGhg==", "requires": { - "has-symbols": "^1.0.1" + "has-symbols": "^1.0.2" } }, "is-typedarray": { @@ -9690,9 +9630,9 @@ "integrity": "sha512-VOJmgmS+7wvXf8CjbQmimtCnEx3IAoLxI3fp2fbWehxrWBcAQFbk+vcwb6vzR0VZv/eNCJ/27j151ZTwqW/JeQ==" }, "object-inspect": { - "version": "1.10.2", - "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.10.2.tgz", - "integrity": "sha512-gz58rdPpadwztRrPjZE9DZLOABUpTGdcANUgOwBFO1C+HZZhePoP83M65WGDmbpwFYJSWqavbl4SgDn4k8RYTA==" + "version": "1.10.3", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.10.3.tgz", + "integrity": "sha512-e5mCJlSH7poANfC8z8S9s9S2IN5/4Zb3aZ33f5s8YqoazCFzNLloLU8r5VCG+G7WoqLvAAZoVMcy3tp/3X0Plw==" }, "object-keys": { "version": "1.1.1", diff --git a/package.json b/package.json index 52c025c792..ace18cc1ef 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "@graphql-tools/utils": "6.2.4", "@parse/fs-files-adapter": "1.2.0", "@parse/push-adapter": "3.4.0", - "apollo-server-express": "2.23.0", + "apollo-server-express": "2.24.0", "bcryptjs": "2.4.3", "body-parser": "1.19.0", "commander": "5.1.0", From 581f822cbadd37afd47163f0cac08ae27032f9fe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 May 2021 14:40:34 -0700 Subject: [PATCH 16/55] chore(deps): bump browserslist from 4.16.3 to 4.16.6 (#7400) Bumps [browserslist](https://github.com/browserslist/browserslist) from 4.16.3 to 4.16.6. - [Release notes](https://github.com/browserslist/browserslist/releases) - [Changelog](https://github.com/browserslist/browserslist/blob/main/CHANGELOG.md) - [Commits](https://github.com/browserslist/browserslist/compare/4.16.3...4.16.6) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 40 +++++++++++++++++++++------------------- 1 file changed, 21 insertions(+), 19 deletions(-) diff --git a/package-lock.json b/package-lock.json index 4b50f44e0e..62f718ec31 100644 --- a/package-lock.json +++ b/package-lock.json @@ -3185,16 +3185,30 @@ } }, "browserslist": { - "version": "4.16.3", - "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.16.3.tgz", - "integrity": "sha512-vIyhWmIkULaq04Gt93txdh+j02yX/JzlyhLYbV3YQCn/zvES3JnY7TifHHvvr1w5hTDluNKMkV05cs4vy8Q7sw==", + "version": "4.16.6", + "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.16.6.tgz", + "integrity": "sha512-Wspk/PqO+4W9qp5iUTJsa1B/QrYn1keNCcEP5OvP7WBwT4KaDly0uONYmC6Xa3Z5IqnUgS0KcgLYu1l74x0ZXQ==", "dev": true, "requires": { - "caniuse-lite": "^1.0.30001181", - "colorette": "^1.2.1", - "electron-to-chromium": "^1.3.649", + "caniuse-lite": "^1.0.30001219", + "colorette": "^1.2.2", + "electron-to-chromium": "^1.3.723", "escalade": "^3.1.1", - "node-releases": "^1.1.70" + "node-releases": "^1.1.71" + }, + "dependencies": { + "caniuse-lite": { + "version": "1.0.30001228", + "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001228.tgz", + "integrity": "sha512-QQmLOGJ3DEgokHbMSA8cj2a+geXqmnpyOFT0lhQV6P3/YOJvGDEwoedcwxEQ30gJIwIIunHIicunJ2rzK5gB2A==", + "dev": true + }, + "electron-to-chromium": { + "version": "1.3.736", + "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.736.tgz", + "integrity": "sha512-DY8dA7gR51MSo66DqitEQoUMQ0Z+A2DSXFi7tK304bdTVqczCAfUuyQw6Wdg8hIoo5zIxkU1L24RQtUce1Ioig==", + "dev": true + } } }, "bson": { @@ -3380,12 +3394,6 @@ "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==", "dev": true }, - "caniuse-lite": { - "version": "1.0.30001208", - "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001208.tgz", - "integrity": "sha512-OE5UE4+nBOro8Dyvv0lfx+SRtfVIOM9uhKqFmJeUbGriqhhStgp1A0OyBpgy3OUF8AhYCT+PVwPC1gMl2ZcQMA==", - "dev": true - }, "caseless": { "version": "0.12.0", "resolved": "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz", @@ -4925,12 +4933,6 @@ "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0=" }, - "electron-to-chromium": { - "version": "1.3.711", - "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.3.711.tgz", - "integrity": "sha512-XbklBVCDiUeho0PZQCjC25Ha6uBwqqJeyDhPLwLwfWRAo4x+FZFsmu1pPPkXT+B4MQMQoQULfyaMltDopfeiHQ==", - "dev": true - }, "elegant-spinner": { "version": "2.0.0", "resolved": "https://registry.npmjs.org/elegant-spinner/-/elegant-spinner-2.0.0.tgz", From d365f1f7cb44cfdeac9931308ff25dcd9ba3d79b Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Tue, 25 May 2021 00:43:59 +0300 Subject: [PATCH 17/55] fix: upgrade pg-promise from 10.10.1 to 10.10.2 (#7399) Snyk has created this PR to upgrade pg-promise from 10.10.1 to 10.10.2. See this package in npm: https://www.npmjs.com/package/pg-promise See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 20 ++++++++++---------- package.json | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/package-lock.json b/package-lock.json index 62f718ec31..81b9dc16b3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -10110,15 +10110,15 @@ "integrity": "sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns=" }, "pg": { - "version": "8.5.1", - "resolved": "https://registry.npmjs.org/pg/-/pg-8.5.1.tgz", - "integrity": "sha512-9wm3yX9lCfjvA98ybCyw2pADUivyNWT/yIP4ZcDVpMN0og70BUWYEGXPCTAQdGTAqnytfRADb7NERrY1qxhIqw==", + "version": "8.6.0", + "resolved": "https://registry.npmjs.org/pg/-/pg-8.6.0.tgz", + "integrity": "sha512-qNS9u61lqljTDFvmk/N66EeGq3n6Ujzj0FFyNMGQr6XuEv4tgNTXvJQTfJdcvGit5p5/DWPu+wj920hAJFI+QQ==", "requires": { "buffer-writer": "2.0.0", "packet-reader": "1.0.0", - "pg-connection-string": "^2.4.0", - "pg-pool": "^3.2.2", - "pg-protocol": "^1.4.0", + "pg-connection-string": "^2.5.0", + "pg-pool": "^3.3.0", + "pg-protocol": "^1.5.0", "pg-types": "^2.1.0", "pgpass": "1.x" } @@ -10152,12 +10152,12 @@ "integrity": "sha512-0O5huCql8/D6PIRFAlmccjphLYWC+JIzvUhSzXSpGaf+tjTZc4nn+Lr7mLXBbFJfvwbP0ywDv73EiaBsxn7zdg==" }, "pg-promise": { - "version": "10.10.1", - "resolved": "https://registry.npmjs.org/pg-promise/-/pg-promise-10.10.1.tgz", - "integrity": "sha512-sopmuOr2PrUNh3XI0Y15ssmjcwhZnGHyGYwuDDmWFnBydq7lvrhTMBI3hefAp3YMx07+HSXfSpJse9z5vC4bsw==", + "version": "10.10.2", + "resolved": "https://registry.npmjs.org/pg-promise/-/pg-promise-10.10.2.tgz", + "integrity": "sha512-ezc5Jn2DdtYpNoDjo7v9TVQFXBEGR+tnseot8IsZ3/B4XD/CnIjyUPMfizDdbXWNO66hN8p2m8nNrcrJ8uhM/g==", "requires": { "assert-options": "0.7.0", - "pg": "8.5.1", + "pg": "8.6.0", "pg-minify": "1.6.2", "spex": "3.2.0" } diff --git a/package.json b/package.json index ace18cc1ef..d618412124 100644 --- a/package.json +++ b/package.json @@ -49,7 +49,7 @@ "mustache": "4.2.0", "parse": "3.2.0", "pg-monitor": "1.4.1", - "pg-promise": "10.10.1", + "pg-promise": "10.10.2", "pluralize": "8.0.0", "redis": "3.1.2", "semver": "7.3.4", From 8099cb05a48956b073f3e7d96c30b69292c06adc Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Tue, 25 May 2021 07:18:16 +0300 Subject: [PATCH 18/55] fix: upgrade graphql-tag from 2.12.2 to 2.12.4 (#7396) Snyk has created this PR to upgrade graphql-tag from 2.12.2 to 2.12.4. See this package in npm: https://www.npmjs.com/package/graphql-tag See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 81b9dc16b3..af13184e5e 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6510,17 +6510,17 @@ } }, "graphql-tag": { - "version": "2.12.2", - "resolved": "https://registry.npmjs.org/graphql-tag/-/graphql-tag-2.12.2.tgz", - "integrity": "sha512-7N3cvsNBl8g+FHsnt9j10aqLt1G0QPf+HCe3fbOeTUNbf7xxtUHz6wpEvk5uVIKWtO2cikoXWuI6JGqt1gEURw==", + "version": "2.12.4", + "resolved": "https://registry.npmjs.org/graphql-tag/-/graphql-tag-2.12.4.tgz", + "integrity": "sha512-VV1U4O+9x99EkNpNmCUV5RZwq6MnK4+pGbRYWG+lA/m3uo7TSqJF81OkcOP148gFP6fzdl7JWYBrwWVTS9jXww==", "requires": { - "tslib": "^1.14.1" + "tslib": "^2.1.0" }, "dependencies": { "tslib": { - "version": "1.14.1", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.14.1.tgz", - "integrity": "sha512-Xni35NKzjgMrwevysHTCArtLDpPvye8zV/0E4EyYn43P7/7qvQwPh9BGkHewbMulVntbigmcT7rdX3BNo9wRJg==" + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.2.0.tgz", + "integrity": "sha512-gS9GVHRU+RGn5KQM2rllAlR3dU6m7AcpJKdtH8gFvQiC4Otgk98XnmMU+nZenHt/+VhnBPWwgrJsyrdcw6i23w==" } } }, diff --git a/package.json b/package.json index d618412124..e874f3cde1 100644 --- a/package.json +++ b/package.json @@ -36,7 +36,7 @@ "graphql": "15.5.0", "graphql-list-fields": "2.0.2", "graphql-relay": "0.6.0", - "graphql-tag": "2.12.2", + "graphql-tag": "2.12.4", "graphql-upload": "11.0.0", "intersect": "1.0.1", "jsonwebtoken": "8.5.1", From 5e7c9d2e1ad9e9935480544d9b881dccd9ccfa1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Kartal=20Kaan=20Bozdo=C4=9Fan?= Date: Wed, 26 May 2021 01:33:40 +0300 Subject: [PATCH 19/55] Fixed a bug affecting updates to nested pointers (#7392) * Fixed a bug affecting updates to nested pointers Also created unit tests * Marked the regression test for #7391 as pending for postgre The issue is not fixed yet Use cont instead of var --- spec/ParseAPI.spec.js | 22 ++++++++++++++++++++ src/Adapters/Storage/Mongo/MongoTransform.js | 17 +++++++++++---- 2 files changed, 35 insertions(+), 4 deletions(-) diff --git a/spec/ParseAPI.spec.js b/spec/ParseAPI.spec.js index 76143e0580..98f462c787 100644 --- a/spec/ParseAPI.spec.js +++ b/spec/ParseAPI.spec.js @@ -646,6 +646,28 @@ describe('miscellaneous', function () { }); }); + it_only_db('mongo')('pointer reassign on nested fields is working properly (#7391)', async () => { + const obj = new Parse.Object('GameScore'); // This object will include nested pointers + const ptr1 = new Parse.Object('GameScore'); + await ptr1.save(); // Obtain a unique id + const ptr2 = new Parse.Object('GameScore'); + await ptr2.save(); // Obtain a unique id + obj.set('data', { ptr: ptr1 }); + await obj.save(); + + obj.set('data.ptr', ptr2); + await obj.save(); + + const obj2 = await new Parse.Query('GameScore').get(obj.id); + expect(obj2.get('data').ptr.id).toBe(ptr2.id); + + const query = new Parse.Query('GameScore'); + query.equalTo('data.ptr', ptr2); + const res = await query.find(); + expect(res.length).toBe(1); + expect(res[0].get('data').ptr.id).toBe(ptr2.id); + }); + it('test afterSave get full object on create and update', function (done) { let triggerTime = 0; // Register a mock beforeSave hook diff --git a/src/Adapters/Storage/Mongo/MongoTransform.js b/src/Adapters/Storage/Mongo/MongoTransform.js index c591522479..5578077778 100644 --- a/src/Adapters/Storage/Mongo/MongoTransform.js +++ b/src/Adapters/Storage/Mongo/MongoTransform.js @@ -99,7 +99,10 @@ const transformKeyValueForUpdate = (className, restKey, restValue, parseFormatSc if ( (parseFormatSchema.fields[key] && parseFormatSchema.fields[key].type === 'Pointer') || - (!parseFormatSchema.fields[key] && restValue && restValue.__type == 'Pointer') + (!key.includes('.') && + !parseFormatSchema.fields[key] && + restValue && + restValue.__type == 'Pointer') // Do not use the _p_ prefix for pointers inside nested documents ) { key = '_p_' + key; } @@ -305,7 +308,10 @@ function transformQueryKeyValue(className, key, value, schema, count = false) { schema && schema.fields[key] && schema.fields[key].type === 'Pointer'; const field = schema && schema.fields[key]; - if (expectedTypeIsPointer || (!schema && value && value.__type === 'Pointer')) { + if ( + expectedTypeIsPointer || + (!schema && !key.includes('.') && value && value.__type === 'Pointer') + ) { key = '_p_' + key; } @@ -326,8 +332,11 @@ function transformQueryKeyValue(className, key, value, schema, count = false) { } // Handle atomic values - if (transformTopLevelAtom(value) !== CannotTransform) { - return { key, value: transformTopLevelAtom(value) }; + const transformRes = key.includes('.') + ? transformInteriorAtom(value) + : transformTopLevelAtom(value); + if (transformRes !== CannotTransform) { + return { key, value: transformRes }; } else { throw new Parse.Error( Parse.Error.INVALID_JSON, From 4f80a5f4afbc008d2f642ee0c581a25483240e9a Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Wed, 26 May 2021 01:40:31 +0300 Subject: [PATCH 20/55] fix: upgrade winston-daily-rotate-file from 4.5.3 to 4.5.4 (#7402) Snyk has created this PR to upgrade winston-daily-rotate-file from 4.5.3 to 4.5.4. See this package in npm: https://www.npmjs.com/package/winston-daily-rotate-file See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 12 ++++++------ package.json | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/package-lock.json b/package-lock.json index af13184e5e..8beb6a0a50 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12501,19 +12501,19 @@ } }, "winston-daily-rotate-file": { - "version": "4.5.3", - "resolved": "https://registry.npmjs.org/winston-daily-rotate-file/-/winston-daily-rotate-file-4.5.3.tgz", - "integrity": "sha512-/V0wWnxK6RviPIKJ4ZNgBxj2BMHWHMvaBpUsY4wietLsdmoUS77w+XXtAZ2ed44FxaD3n3K8XE2r0J6527uHkw==", + "version": "4.5.4", + "resolved": "https://registry.npmjs.org/winston-daily-rotate-file/-/winston-daily-rotate-file-4.5.4.tgz", + "integrity": "sha512-jq7Y2kjonNipXBtsuJOhu4UadKELwfogzHcV6WtrPf6io2YJN/mH7NC0ZWMuIQ4ZEeUm3L2QlV0Fk+o4YwS5Sw==", "requires": { "file-stream-rotator": "^0.5.7", "object-hash": "^2.0.1", "triple-beam": "^1.3.0", - "winston-transport": "github:winstonjs/winston-transport#868d657" + "winston-transport": "https://github.com/winstonjs/winston-transport/archive/868d6577956f82ee0b021b119a4de938c61645f7.tar.gz" }, "dependencies": { "winston-transport": { - "version": "github:winstonjs/winston-transport#868d6577956f82ee0b021b119a4de938c61645f7", - "from": "github:winstonjs/winston-transport#868d657", + "version": "https://github.com/winstonjs/winston-transport/archive/868d6577956f82ee0b021b119a4de938c61645f7.tar.gz", + "integrity": "sha512-VvPC8ef3s6OX+dJJROxGwwZ66qjlfv75n0+alCXYoVPxMMSJAHlH0GpOcHj+jcWF65Es3SLgBf/7p5XsrIfVeg==", "requires": { "logform": "^2.2.0", "readable-stream": "^2.3.7", diff --git a/package.json b/package.json index e874f3cde1..1ce2e095a0 100644 --- a/package.json +++ b/package.json @@ -57,7 +57,7 @@ "tv4": "1.3.0", "uuid": "8.3.2", "winston": "3.3.3", - "winston-daily-rotate-file": "4.5.3", + "winston-daily-rotate-file": "4.5.4", "ws": "7.4.5" }, "devDependencies": { From 4253feed7d096f49523618384454149947a47818 Mon Sep 17 00:00:00 2001 From: Tom Fox <13188249+TomWFox@users.noreply.github.com> Date: Thu, 27 May 2021 01:54:11 +0100 Subject: [PATCH 21/55] fix links (#7403) --- CHANGELOG.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1b6e132ee3..6f0f1bcfce 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -95,11 +95,11 @@ ___ - Removed [parse-server-simple-mailgun-adapter](https://github.com/parse-community/parse-server-simple-mailgun-adapter) dependency; to continue using the adapter it has to be explicitly installed (Manuel Trezza) [#7321](https://github.com/parse-community/parse-server/pull/7321) - Remove support for MongoDB 3.6 which has reached its End-of-Life date and PostgreSQL 10 (Manuel Trezza) [#7315](https://github.com/parse-community/parse-server/pull/7315) - Remove support for Node 10 which has reached its End-of-Life date (Manuel Trezza) [#7314](https://github.com/parse-community/parse-server/pull/7314) -- Remove S3 Files Adapter from Parse Server, instead install separately as `@parse/s3-files-adapter` (Manuel Trezza) [#?](https://github.com/parse-community/parse-server/pull/?) +- Remove S3 Files Adapter from Parse Server, instead install separately as `@parse/s3-files-adapter` (Manuel Trezza) [#7324](https://github.com/parse-community/parse-server/pull/7324) ### Notable Changes - Added Parse Server Security Check to report weak security settings (Manuel Trezza, dblythy) [#7247](https://github.com/parse-community/parse-server/issues/7247) -- EXPERIMENTAL: Added new page router with placeholder rendering and localization of custom and feature pages such as password reset and email verification (Manuel Trezza) [#6891](https://github.com/parse-community/parse-server/issues/6891) -- EXPERIMENTAL: Added custom routes to easily customize flows for password reset, email verification or build entirely new flows (Manuel Trezza) [#7231](https://github.com/parse-community/parse-server/issues/7231) +- EXPERIMENTAL: Added new page router with placeholder rendering and localization of custom and feature pages such as password reset and email verification (Manuel Trezza) [#7128](https://github.com/parse-community/parse-server/pull/7128) +- EXPERIMENTAL: Added custom routes to easily customize flows for password reset, email verification or build entirely new flows (Manuel Trezza) [#7231](https://github.com/parse-community/parse-server/pull/7231) - Added Deprecation Policy to govern the introduction of braking changes in a phased pattern that is more predictable for developers (Manuel Trezza) [#7199](https://github.com/parse-community/parse-server/pull/7199) ### Other Changes - Fix error when a not yet inserted job is updated (Antonio Davi Macedo Coelho de Castro) [#7196](https://github.com/parse-community/parse-server/pull/7196) From d915bacee7c6ded60b303582d2a6b85d42dc3cf4 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Fri, 28 May 2021 02:50:50 +0300 Subject: [PATCH 22/55] fix: package.json & package-lock.json to reduce vulnerabilities (#7405) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-WS-1296835 --- package-lock.json | 6 +++--- package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 8beb6a0a50..7ddd824b32 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12633,9 +12633,9 @@ } }, "ws": { - "version": "7.4.5", - "resolved": "https://registry.npmjs.org/ws/-/ws-7.4.5.tgz", - "integrity": "sha512-xzyu3hFvomRfXKH8vOFMU3OguG6oOvhXMo3xsGy3xWExqaM2dxBbVxuD99O7m3ZUFMvvscsZDqxfgMaRr/Nr1g==" + "version": "7.4.6", + "resolved": "https://registry.npmjs.org/ws/-/ws-7.4.6.tgz", + "integrity": "sha512-YmhHDO4MzaDLB+M9ym/mDA5z0naX8j7SIlT8f8z+I0VtzsRbekxEutHSme7NPS2qE8StCYQNUnfWdXta/Yu85A==" }, "xmlcreate": { "version": "2.0.3", diff --git a/package.json b/package.json index 1ce2e095a0..82d722994d 100644 --- a/package.json +++ b/package.json @@ -58,7 +58,7 @@ "uuid": "8.3.2", "winston": "3.3.3", "winston-daily-rotate-file": "4.5.4", - "ws": "7.4.5" + "ws": "7.4.6" }, "devDependencies": { "@actions/core": "1.2.6", From 8976ecc4a9c91eeb1d0f3448eff7720b43c7747a Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Mon, 31 May 2021 08:25:27 +0300 Subject: [PATCH 23/55] fix: upgrade follow-redirects from 1.14.0 to 1.14.1 (#7408) Snyk has created this PR to upgrade follow-redirects from 1.14.0 to 1.14.1. See this package in npm: https://www.npmjs.com/package/follow-redirects See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 6 +++--- package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 7ddd824b32..3be9c7b167 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6106,9 +6106,9 @@ "integrity": "sha512-GRnmB5gPyJpAhTQdSZTSp9uaPSvl09KoYcMQtsB9rQoOmzs9dH6ffeccH+Z+cv6P68Hu5bC6JjRh4Ah/mHSNRw==" }, "follow-redirects": { - "version": "1.14.0", - "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.0.tgz", - "integrity": "sha512-0vRwd7RKQBTt+mgu87mtYeofLFZpTas2S9zY+jIeuLJMNvudIgF52nr19q40HOwH5RrhWIPuj9puybzSJiRrVg==" + "version": "1.14.1", + "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.14.1.tgz", + "integrity": "sha512-HWqDgT7ZEkqRzBvc2s64vSZ/hfOceEol3ac/7tKwzuvEyWx3/4UegXh5oBOIotkGsObyk3xznnSRVADBgWSQVg==" }, "for-each": { "version": "0.3.3", diff --git a/package.json b/package.json index 82d722994d..1fba4adc97 100644 --- a/package.json +++ b/package.json @@ -32,7 +32,7 @@ "cors": "2.8.5", "deepcopy": "2.1.0", "express": "4.17.1", - "follow-redirects": "1.14.0", + "follow-redirects": "1.14.1", "graphql": "15.5.0", "graphql-list-fields": "2.0.2", "graphql-relay": "0.6.0", From 5abbeeb8d11be810993c528b8458be894039a5fc Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Mon, 31 May 2021 18:36:52 +0300 Subject: [PATCH 24/55] fix: upgrade winston-daily-rotate-file from 4.5.4 to 4.5.5 (#7407) Snyk has created this PR to upgrade winston-daily-rotate-file from 4.5.4 to 4.5.5. See this package in npm: https://www.npmjs.com/package/winston-daily-rotate-file See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 25 +++++++------------------ package.json | 2 +- 2 files changed, 8 insertions(+), 19 deletions(-) diff --git a/package-lock.json b/package-lock.json index 3be9c7b167..3501e0bc5c 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9627,9 +9627,9 @@ } }, "object-hash": { - "version": "2.1.1", - "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.1.1.tgz", - "integrity": "sha512-VOJmgmS+7wvXf8CjbQmimtCnEx3IAoLxI3fp2fbWehxrWBcAQFbk+vcwb6vzR0VZv/eNCJ/27j151ZTwqW/JeQ==" + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-2.2.0.tgz", + "integrity": "sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw==" }, "object-inspect": { "version": "1.10.3", @@ -12501,25 +12501,14 @@ } }, "winston-daily-rotate-file": { - "version": "4.5.4", - "resolved": "https://registry.npmjs.org/winston-daily-rotate-file/-/winston-daily-rotate-file-4.5.4.tgz", - "integrity": "sha512-jq7Y2kjonNipXBtsuJOhu4UadKELwfogzHcV6WtrPf6io2YJN/mH7NC0ZWMuIQ4ZEeUm3L2QlV0Fk+o4YwS5Sw==", + "version": "4.5.5", + "resolved": "https://registry.npmjs.org/winston-daily-rotate-file/-/winston-daily-rotate-file-4.5.5.tgz", + "integrity": "sha512-ds0WahIjiDhKCiMXmY799pDBW+58ByqIBtUcsqr4oDoXrAI3Zn+hbgFdUxzMfqA93OG0mPLYVMiotqTgE/WeWQ==", "requires": { "file-stream-rotator": "^0.5.7", "object-hash": "^2.0.1", "triple-beam": "^1.3.0", - "winston-transport": "https://github.com/winstonjs/winston-transport/archive/868d6577956f82ee0b021b119a4de938c61645f7.tar.gz" - }, - "dependencies": { - "winston-transport": { - "version": "https://github.com/winstonjs/winston-transport/archive/868d6577956f82ee0b021b119a4de938c61645f7.tar.gz", - "integrity": "sha512-VvPC8ef3s6OX+dJJROxGwwZ66qjlfv75n0+alCXYoVPxMMSJAHlH0GpOcHj+jcWF65Es3SLgBf/7p5XsrIfVeg==", - "requires": { - "logform": "^2.2.0", - "readable-stream": "^2.3.7", - "triple-beam": "^1.2.0" - } - } + "winston-transport": "^4.4.0" } }, "winston-transport": { diff --git a/package.json b/package.json index 1fba4adc97..11adde75a4 100644 --- a/package.json +++ b/package.json @@ -57,7 +57,7 @@ "tv4": "1.3.0", "uuid": "8.3.2", "winston": "3.3.3", - "winston-daily-rotate-file": "4.5.4", + "winston-daily-rotate-file": "4.5.5", "ws": "7.4.6" }, "devDependencies": { From 6d13aeae2c8820365cc1df68aeb5c2649785b152 Mon Sep 17 00:00:00 2001 From: Corey Date: Thu, 3 Jun 2021 15:54:44 -0400 Subject: [PATCH 25/55] Fix select exclude queries (#7242) * fix keys and excludeKeys to work with JSON array strings * make excludeKeys test more robust * add changelog * add select([]) functionality to fix) * update changelog * update keys * add exclude test * add select REST test and exclude JS SDK test * add more tests * add additional exclude test * improved select test for testing JSON string array in REST * improved exclude test for testing JSON string array in REST * check for parse keys * make include look like keys and excludeKeys * nit * Exclude nexted child fields * add updates and show failing testcases * working * add more tests * even more test cases * use await for added tests * lint * Add suggestions --- CHANGELOG.md | 2 + spec/ParseQuery.spec.js | 622 ++++++++++++++++++++++++++++++----- src/RestQuery.js | 34 +- src/Routers/ClassesRouter.js | 20 +- 4 files changed, 581 insertions(+), 97 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6f0f1bcfce..f3df1a02a7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -131,6 +131,8 @@ ___ - Add building Docker image as CI check (Manuel Trezza) [#7332](https://github.com/parse-community/parse-server/pull/7332) - Add NPM package-lock version check to CI (Manuel Trezza) [#7333](https://github.com/parse-community/parse-server/pull/7333) - Fix incorrect LiveQuery events triggered for multiple subscriptions on the same class with different events [#7341](https://github.com/parse-community/parse-server/pull/7341) +- Fix select and excludeKey queries to properly accept JSON string arrays. Also allow nested fields in exclude (Corey Baker) [#7242](https://github.com/parse-community/parse-server/pull/7242) + ___ ## 4.5.0 [Full Changelog](https://github.com/parse-community/parse-server/compare/4.4.0...4.5.0) diff --git a/spec/ParseQuery.spec.js b/spec/ParseQuery.spec.js index 9825fc2d95..e196280a5c 100644 --- a/spec/ParseQuery.spec.js +++ b/spec/ParseQuery.spec.js @@ -3133,78 +3133,394 @@ describe('Parse.Query testing', () => { ); }); - it('select keys query', function (done) { - const obj = new TestObject({ foo: 'baz', bar: 1 }); + it('select keys query JS SDK', async () => { + const obj = new TestObject({ foo: 'baz', bar: 1, qux: 2 }); + await obj.save(); + obj._clearServerData(); + const query1 = new Parse.Query(TestObject); + query1.select('foo'); + const result1 = await query1.first(); + ok(result1.id, 'expected object id to be set'); + ok(result1.createdAt, 'expected object createdAt to be set'); + ok(result1.updatedAt, 'expected object updatedAt to be set'); + ok(!result1.dirty(), 'expected result not to be dirty'); + strictEqual(result1.get('foo'), 'baz'); + strictEqual(result1.get('bar'), undefined, "expected 'bar' field to be unset"); + strictEqual(result1.get('qux'), undefined, "expected 'qux' field to be unset"); + + const result2 = await result1.fetch(); + strictEqual(result2.get('foo'), 'baz'); + strictEqual(result2.get('bar'), 1); + strictEqual(result2.get('qux'), 2); + + obj._clearServerData(); + const query2 = new Parse.Query(TestObject); + query2.select(); + const result3 = await query2.first(); + ok(result3.id, 'expected object id to be set'); + ok(result3.createdAt, 'expected object createdAt to be set'); + ok(result3.updatedAt, 'expected object updatedAt to be set'); + ok(!result3.dirty(), 'expected result not to be dirty'); + strictEqual(result3.get('foo'), undefined, "expected 'foo' field to be unset"); + strictEqual(result3.get('bar'), undefined, "expected 'bar' field to be unset"); + strictEqual(result3.get('qux'), undefined, "expected 'qux' field to be unset"); + + obj._clearServerData(); + const query3 = new Parse.Query(TestObject); + query3.select([]); + const result4 = await query3.first(); + ok(result4.id, 'expected object id to be set'); + ok(result4.createdAt, 'expected object createdAt to be set'); + ok(result4.updatedAt, 'expected object updatedAt to be set'); + ok(!result4.dirty(), 'expected result not to be dirty'); + strictEqual(result4.get('foo'), undefined, "expected 'foo' field to be unset"); + strictEqual(result4.get('bar'), undefined, "expected 'bar' field to be unset"); + strictEqual(result4.get('qux'), undefined, "expected 'qux' field to be unset"); + + obj._clearServerData(); + const query4 = new Parse.Query(TestObject); + query4.select(['foo']); + const result5 = await query4.first(); + ok(result5.id, 'expected object id to be set'); + ok(result5.createdAt, 'expected object createdAt to be set'); + ok(result5.updatedAt, 'expected object updatedAt to be set'); + ok(!result5.dirty(), 'expected result not to be dirty'); + strictEqual(result5.get('foo'), 'baz'); + strictEqual(result5.get('bar'), undefined, "expected 'bar' field to be unset"); + strictEqual(result5.get('qux'), undefined, "expected 'qux' field to be unset"); + + obj._clearServerData(); + const query5 = new Parse.Query(TestObject); + query5.select(['foo', 'bar']); + const result6 = await query5.first(); + ok(result6.id, 'expected object id to be set'); + ok(!result6.dirty(), 'expected result not to be dirty'); + strictEqual(result6.get('foo'), 'baz'); + strictEqual(result6.get('bar'), 1); + strictEqual(result6.get('qux'), undefined, "expected 'qux' field to be unset"); + + obj._clearServerData(); + const query6 = new Parse.Query(TestObject); + query6.select(['foo', 'bar', 'qux']); + const result7 = await query6.first(); + ok(result7.id, 'expected object id to be set'); + ok(!result7.dirty(), 'expected result not to be dirty'); + strictEqual(result7.get('foo'), 'baz'); + strictEqual(result7.get('bar'), 1); + strictEqual(result7.get('qux'), 2); + + obj._clearServerData(); + const query7 = new Parse.Query(TestObject); + query7.select('foo', 'bar'); + const result8 = await query7.first(); + ok(result8.id, 'expected object id to be set'); + ok(!result8.dirty(), 'expected result not to be dirty'); + strictEqual(result8.get('foo'), 'baz'); + strictEqual(result8.get('bar'), 1); + strictEqual(result8.get('qux'), undefined, "expected 'qux' field to be unset"); + + obj._clearServerData(); + const query8 = new Parse.Query(TestObject); + query8.select('foo', 'bar', 'qux'); + const result9 = await query8.first(); + ok(result9.id, 'expected object id to be set'); + ok(!result9.dirty(), 'expected result not to be dirty'); + strictEqual(result9.get('foo'), 'baz'); + strictEqual(result9.get('bar'), 1); + strictEqual(result9.get('qux'), 2); + }); + + it('select keys (arrays)', async () => { + const obj = new TestObject({ foo: 'baz', bar: 1, hello: 'world' }); + await obj.save(); - obj - .save() - .then(function () { - obj._clearServerData(); - const query = new Parse.Query(TestObject); - query.select('foo'); - return query.first(); - }) - .then(function (result) { - ok(result.id, 'expected object id to be set'); - ok(result.createdAt, 'expected object createdAt to be set'); - ok(result.updatedAt, 'expected object updatedAt to be set'); - ok(!result.dirty(), 'expected result not to be dirty'); - strictEqual(result.get('foo'), 'baz'); - strictEqual(result.get('bar'), undefined, "expected 'bar' field to be unset"); - return result.fetch(); - }) - .then(function (result) { - strictEqual(result.get('foo'), 'baz'); - strictEqual(result.get('bar'), 1); - }) - .then(function () { - obj._clearServerData(); - const query = new Parse.Query(TestObject); - query.select([]); - return query.first(); - }) - .then(function (result) { - ok(result.id, 'expected object id to be set'); - ok(!result.dirty(), 'expected result not to be dirty'); - strictEqual(result.get('foo'), undefined, "expected 'foo' field to be unset"); - strictEqual(result.get('bar'), undefined, "expected 'bar' field to be unset"); - }) - .then(function () { - obj._clearServerData(); - const query = new Parse.Query(TestObject); - query.select(['foo', 'bar']); - return query.first(); - }) - .then(function (result) { - ok(result.id, 'expected object id to be set'); - ok(!result.dirty(), 'expected result not to be dirty'); - strictEqual(result.get('foo'), 'baz'); - strictEqual(result.get('bar'), 1); - }) - .then(function () { - obj._clearServerData(); - const query = new Parse.Query(TestObject); - query.select('foo', 'bar'); - return query.first(); - }) - .then(function (result) { - ok(result.id, 'expected object id to be set'); - ok(!result.dirty(), 'expected result not to be dirty'); - strictEqual(result.get('foo'), 'baz'); - strictEqual(result.get('bar'), 1); - }) - .then( - function () { - done(); - }, - function (err) { - ok(false, 'other error: ' + JSON.stringify(err)); - done(); - } - ); + const response = await request({ + url: Parse.serverURL + '/classes/TestObject', + qs: { + keys: 'hello', + where: JSON.stringify({ objectId: obj.id }), + }, + headers: masterKeyHeaders, + }); + expect(response.data.results[0].foo).toBeUndefined(); + expect(response.data.results[0].bar).toBeUndefined(); + expect(response.data.results[0].hello).toBe('world'); + + const response2 = await request({ + url: Parse.serverURL + '/classes/TestObject', + qs: { + keys: ['foo', 'hello'], + where: JSON.stringify({ objectId: obj.id }), + }, + headers: masterKeyHeaders, + }); + expect(response2.data.results[0].foo).toBe('baz'); + expect(response2.data.results[0].bar).toBeUndefined(); + expect(response2.data.results[0].hello).toBe('world'); + + const response3 = await request({ + url: Parse.serverURL + '/classes/TestObject', + qs: { + keys: ['foo', 'bar', 'hello'], + where: JSON.stringify({ objectId: obj.id }), + }, + headers: masterKeyHeaders, + }); + expect(response3.data.results[0].foo).toBe('baz'); + expect(response3.data.results[0].bar).toBe(1); + expect(response3.data.results[0].hello).toBe('world'); + + const response4 = await request({ + url: Parse.serverURL + '/classes/TestObject', + qs: { + keys: [''], + where: JSON.stringify({ objectId: obj.id }), + }, + headers: masterKeyHeaders, + }); + ok(response4.data.results[0].objectId, 'expected objectId to be set'); + ok(response4.data.results[0].createdAt, 'expected object createdAt to be set'); + ok(response4.data.results[0].updatedAt, 'expected object updatedAt to be set'); + expect(response4.data.results[0].foo).toBeUndefined(); + expect(response4.data.results[0].bar).toBeUndefined(); + expect(response4.data.results[0].hello).toBeUndefined(); + + const response5 = await request({ + url: Parse.serverURL + '/classes/TestObject', + qs: { + keys: [], + where: JSON.stringify({ objectId: obj.id }), + }, + headers: masterKeyHeaders, + }); + ok(response5.data.results[0].objectId, 'expected objectId to be set'); + ok(response5.data.results[0].createdAt, 'expected object createdAt to be set'); + ok(response5.data.results[0].updatedAt, 'expected object updatedAt to be set'); + expect(response5.data.results[0].foo).toBe('baz'); + expect(response5.data.results[0].bar).toBe(1); + expect(response5.data.results[0].hello).toBe('world'); + }); + + it('select keys (strings)', async () => { + const obj = new TestObject({ foo: 'baz', bar: 1, hello: 'world' }); + await obj.save(); + + const response = await request({ + url: Parse.serverURL + '/classes/TestObject', + qs: { + keys: '', + where: JSON.stringify({ objectId: obj.id }), + }, + headers: masterKeyHeaders, + }); + ok(response.data.results[0].objectId, 'expected objectId to be set'); + ok(response.data.results[0].createdAt, 'expected object createdAt to be set'); + ok(response.data.results[0].updatedAt, 'expected object updatedAt to be set'); + expect(response.data.results[0].foo).toBeUndefined(); + expect(response.data.results[0].bar).toBeUndefined(); + expect(response.data.results[0].hello).toBeUndefined(); + + const response2 = await request({ + url: Parse.serverURL + '/classes/TestObject', + qs: { + keys: '["foo", "hello"]', + where: JSON.stringify({ objectId: obj.id }), + }, + headers: masterKeyHeaders, + }); + ok(response2.data.results[0].objectId, 'expected objectId to be set'); + ok(response2.data.results[0].createdAt, 'expected object createdAt to be set'); + ok(response2.data.results[0].updatedAt, 'expected object updatedAt to be set'); + expect(response2.data.results[0].foo).toBe('baz'); + expect(response2.data.results[0].bar).toBeUndefined(); + expect(response2.data.results[0].hello).toBe('world'); + + const response3 = await request({ + url: Parse.serverURL + '/classes/TestObject', + qs: { + keys: '["foo", "bar", "hello"]', + where: JSON.stringify({ objectId: obj.id }), + }, + headers: masterKeyHeaders, + }); + ok(response3.data.results[0].objectId, 'expected objectId to be set'); + ok(response3.data.results[0].createdAt, 'expected object createdAt to be set'); + ok(response3.data.results[0].updatedAt, 'expected object updatedAt to be set'); + expect(response3.data.results[0].foo).toBe('baz'); + expect(response3.data.results[0].bar).toBe(1); + expect(response3.data.results[0].hello).toBe('world'); }); - it('exclude keys', async () => { + it('exclude keys query JS SDK', async () => { + const obj = new TestObject({ foo: 'baz', bar: 1, qux: 2 }); + + await obj.save(); + obj._clearServerData(); + const query1 = new Parse.Query(TestObject); + query1.exclude('foo'); + const result1 = await query1.first(); + ok(result1.id, 'expected object id to be set'); + ok(result1.createdAt, 'expected object createdAt to be set'); + ok(result1.updatedAt, 'expected object updatedAt to be set'); + ok(!result1.dirty(), 'expected result not to be dirty'); + strictEqual(result1.get('foo'), undefined, "expected 'bar' field to be unset"); + strictEqual(result1.get('bar'), 1); + strictEqual(result1.get('qux'), 2); + + const result2 = await result1.fetch(); + strictEqual(result2.get('foo'), 'baz'); + strictEqual(result2.get('bar'), 1); + strictEqual(result2.get('qux'), 2); + + obj._clearServerData(); + const query2 = new Parse.Query(TestObject); + query2.exclude(); + const result3 = await query2.first(); + ok(result3.id, 'expected object id to be set'); + ok(result3.createdAt, 'expected object createdAt to be set'); + ok(result3.updatedAt, 'expected object updatedAt to be set'); + ok(!result3.dirty(), 'expected result not to be dirty'); + strictEqual(result3.get('foo'), 'baz'); + strictEqual(result3.get('bar'), 1); + strictEqual(result3.get('qux'), 2); + + obj._clearServerData(); + const query3 = new Parse.Query(TestObject); + query3.exclude([]); + const result4 = await query3.first(); + ok(result4.id, 'expected object id to be set'); + ok(result4.createdAt, 'expected object createdAt to be set'); + ok(result4.updatedAt, 'expected object updatedAt to be set'); + ok(!result4.dirty(), 'expected result not to be dirty'); + strictEqual(result4.get('foo'), 'baz'); + strictEqual(result4.get('bar'), 1); + strictEqual(result4.get('qux'), 2); + + obj._clearServerData(); + const query4 = new Parse.Query(TestObject); + query4.exclude(['foo']); + const result5 = await query4.first(); + ok(result5.id, 'expected object id to be set'); + ok(result5.createdAt, 'expected object createdAt to be set'); + ok(result5.updatedAt, 'expected object updatedAt to be set'); + ok(!result5.dirty(), 'expected result not to be dirty'); + strictEqual(result5.get('foo'), undefined, "expected 'bar' field to be unset"); + strictEqual(result5.get('bar'), 1); + strictEqual(result5.get('qux'), 2); + + obj._clearServerData(); + const query5 = new Parse.Query(TestObject); + query5.exclude(['foo', 'bar']); + const result6 = await query5.first(); + ok(result6.id, 'expected object id to be set'); + ok(!result6.dirty(), 'expected result not to be dirty'); + strictEqual(result6.get('foo'), undefined, "expected 'bar' field to be unset"); + strictEqual(result6.get('bar'), undefined, "expected 'bar' field to be unset"); + strictEqual(result6.get('qux'), 2); + + obj._clearServerData(); + const query6 = new Parse.Query(TestObject); + query6.exclude(['foo', 'bar', 'qux']); + const result7 = await query6.first(); + ok(result7.id, 'expected object id to be set'); + ok(!result7.dirty(), 'expected result not to be dirty'); + strictEqual(result7.get('foo'), undefined, "expected 'bar' field to be unset"); + strictEqual(result7.get('bar'), undefined, "expected 'bar' field to be unset"); + strictEqual(result7.get('qux'), undefined, "expected 'bar' field to be unset"); + + obj._clearServerData(); + const query7 = new Parse.Query(TestObject); + query7.exclude('foo'); + const result8 = await query7.first(); + ok(result8.id, 'expected object id to be set'); + ok(!result8.dirty(), 'expected result not to be dirty'); + strictEqual(result8.get('foo'), undefined, "expected 'bar' field to be unset"); + strictEqual(result8.get('bar'), 1); + strictEqual(result8.get('qux'), 2); + + obj._clearServerData(); + const query8 = new Parse.Query(TestObject); + query8.exclude('foo', 'bar'); + const result9 = await query8.first(); + ok(result9.id, 'expected object id to be set'); + ok(!result9.dirty(), 'expected result not to be dirty'); + strictEqual(result9.get('foo'), undefined, "expected 'bar' field to be unset"); + strictEqual(result9.get('bar'), undefined, "expected 'bar' field to be unset"); + strictEqual(result9.get('qux'), 2); + + obj._clearServerData(); + const query9 = new Parse.Query(TestObject); + query9.exclude('foo', 'bar', 'qux'); + const result10 = await query9.first(); + ok(result10.id, 'expected object id to be set'); + ok(!result10.dirty(), 'expected result not to be dirty'); + strictEqual(result10.get('foo'), undefined, "expected 'bar' field to be unset"); + strictEqual(result10.get('bar'), undefined, "expected 'bar' field to be unset"); + strictEqual(result10.get('qux'), undefined, "expected 'bar' field to be unset"); + }); + + it('exclude keys (arrays)', async () => { + const obj = new TestObject({ foo: 'baz', hello: 'world' }); + await obj.save(); + + const response = await request({ + url: Parse.serverURL + '/classes/TestObject', + qs: { + excludeKeys: ['foo'], + where: JSON.stringify({ objectId: obj.id }), + }, + headers: masterKeyHeaders, + }); + ok(response.data.results[0].objectId, 'expected objectId to be set'); + ok(response.data.results[0].createdAt, 'expected object createdAt to be set'); + ok(response.data.results[0].updatedAt, 'expected object updatedAt to be set'); + expect(response.data.results[0].foo).toBeUndefined(); + expect(response.data.results[0].hello).toBe('world'); + + const response2 = await request({ + url: Parse.serverURL + '/classes/TestObject', + qs: { + excludeKeys: ['foo', 'hello'], + where: JSON.stringify({ objectId: obj.id }), + }, + headers: masterKeyHeaders, + }); + ok(response2.data.results[0].objectId, 'expected objectId to be set'); + ok(response2.data.results[0].createdAt, 'expected object createdAt to be set'); + ok(response2.data.results[0].updatedAt, 'expected object updatedAt to be set'); + expect(response2.data.results[0].foo).toBeUndefined(); + expect(response2.data.results[0].hello).toBeUndefined(); + + const response3 = await request({ + url: Parse.serverURL + '/classes/TestObject', + qs: { + excludeKeys: [], + where: JSON.stringify({ objectId: obj.id }), + }, + headers: masterKeyHeaders, + }); + ok(response3.data.results[0].objectId, 'expected objectId to be set'); + ok(response3.data.results[0].createdAt, 'expected object createdAt to be set'); + ok(response3.data.results[0].updatedAt, 'expected object updatedAt to be set'); + expect(response3.data.results[0].foo).toBe('baz'); + expect(response3.data.results[0].hello).toBe('world'); + + const response4 = await request({ + url: Parse.serverURL + '/classes/TestObject', + qs: { + excludeKeys: [''], + where: JSON.stringify({ objectId: obj.id }), + }, + headers: masterKeyHeaders, + }); + ok(response4.data.results[0].objectId, 'expected objectId to be set'); + ok(response4.data.results[0].createdAt, 'expected object createdAt to be set'); + ok(response4.data.results[0].updatedAt, 'expected object updatedAt to be set'); + expect(response4.data.results[0].foo).toBe('baz'); + expect(response4.data.results[0].hello).toBe('world'); + }); + + it('exclude keys (strings)', async () => { const obj = new TestObject({ foo: 'baz', hello: 'world' }); await obj.save(); @@ -3216,8 +3532,53 @@ describe('Parse.Query testing', () => { }, headers: masterKeyHeaders, }); + ok(response.data.results[0].objectId, 'expected objectId to be set'); + ok(response.data.results[0].createdAt, 'expected object createdAt to be set'); + ok(response.data.results[0].updatedAt, 'expected object updatedAt to be set'); expect(response.data.results[0].foo).toBeUndefined(); expect(response.data.results[0].hello).toBe('world'); + + const response2 = await request({ + url: Parse.serverURL + '/classes/TestObject', + qs: { + excludeKeys: '', + where: JSON.stringify({ objectId: obj.id }), + }, + headers: masterKeyHeaders, + }); + ok(response2.data.results[0].objectId, 'expected objectId to be set'); + ok(response2.data.results[0].createdAt, 'expected object createdAt to be set'); + ok(response2.data.results[0].updatedAt, 'expected object updatedAt to be set'); + expect(response2.data.results[0].foo).toBe('baz'); + expect(response2.data.results[0].hello).toBe('world'); + + const response3 = await request({ + url: Parse.serverURL + '/classes/TestObject', + qs: { + excludeKeys: '["hello"]', + where: JSON.stringify({ objectId: obj.id }), + }, + headers: masterKeyHeaders, + }); + ok(response3.data.results[0].objectId, 'expected objectId to be set'); + ok(response3.data.results[0].createdAt, 'expected object createdAt to be set'); + ok(response3.data.results[0].updatedAt, 'expected object updatedAt to be set'); + expect(response3.data.results[0].foo).toBe('baz'); + expect(response3.data.results[0].hello).toBeUndefined(); + + const response4 = await request({ + url: Parse.serverURL + '/classes/TestObject', + qs: { + excludeKeys: '["foo", "hello"]', + where: JSON.stringify({ objectId: obj.id }), + }, + headers: masterKeyHeaders, + }); + ok(response4.data.results[0].objectId, 'expected objectId to be set'); + ok(response4.data.results[0].createdAt, 'expected object createdAt to be set'); + ok(response4.data.results[0].updatedAt, 'expected object updatedAt to be set'); + expect(response4.data.results[0].foo).toBeUndefined(); + expect(response4.data.results[0].hello).toBeUndefined(); }); it('exclude keys with select same key', async () => { @@ -3844,7 +4205,6 @@ describe('Parse.Query testing', () => { }) .then(function (savedFoobar) { const foobarQuery = new Parse.Query('Foobar'); - foobarQuery.include('barBaz'); foobarQuery.select(['fizz', 'barBaz.key']); foobarQuery.get(savedFoobar.id).then(function (foobarObj) { equal(foobarObj.get('fizz'), 'buzz'); @@ -3882,8 +4242,6 @@ describe('Parse.Query testing', () => { }) .then(function (savedFoobar) { const foobarQuery = new Parse.Query('Foobar'); - foobarQuery.include('barBaz'); - foobarQuery.include('barBaz.bazoo'); foobarQuery.select(['fizz', 'barBaz.key', 'barBaz.bazoo.some']); foobarQuery.get(savedFoobar.id).then(function (foobarObj) { equal(foobarObj.get('fizz'), 'buzz'); @@ -3901,6 +4259,65 @@ describe('Parse.Query testing', () => { }); }); + it('exclude nested keys', async () => { + const Foobar = new Parse.Object('Foobar'); + const BarBaz = new Parse.Object('Barbaz'); + BarBaz.set('key', 'value'); + BarBaz.set('otherKey', 'value'); + await BarBaz.save(); + + Foobar.set('foo', 'bar'); + Foobar.set('fizz', 'buzz'); + Foobar.set('barBaz', BarBaz); + const savedFoobar = await Foobar.save(); + + const foobarQuery = new Parse.Query('Foobar'); + foobarQuery.exclude(['foo', 'barBaz.otherKey']); + const foobarObj = await foobarQuery.get(savedFoobar.id); + equal(foobarObj.get('fizz'), 'buzz'); + equal(foobarObj.get('foo'), undefined); + if (foobarObj.has('barBaz')) { + equal(foobarObj.get('barBaz').get('key'), 'value'); + equal(foobarObj.get('barBaz').get('otherKey'), undefined); + } else { + fail('barBaz should be set'); + } + }); + + it('exclude nested keys 2 level', async () => { + const Foobar = new Parse.Object('Foobar'); + const BarBaz = new Parse.Object('Barbaz'); + const Bazoo = new Parse.Object('Bazoo'); + + Bazoo.set('some', 'thing'); + Bazoo.set('otherSome', 'value'); + await Bazoo.save(); + + BarBaz.set('key', 'value'); + BarBaz.set('otherKey', 'value'); + BarBaz.set('bazoo', Bazoo); + await BarBaz.save(); + + Foobar.set('foo', 'bar'); + Foobar.set('fizz', 'buzz'); + Foobar.set('barBaz', BarBaz); + const savedFoobar = await Foobar.save(); + + const foobarQuery = new Parse.Query('Foobar'); + foobarQuery.exclude(['foo', 'barBaz.otherKey', 'barBaz.bazoo.otherSome']); + const foobarObj = await foobarQuery.get(savedFoobar.id); + equal(foobarObj.get('fizz'), 'buzz'); + equal(foobarObj.get('foo'), undefined); + if (foobarObj.has('barBaz')) { + equal(foobarObj.get('barBaz').get('key'), 'value'); + equal(foobarObj.get('barBaz').get('otherKey'), undefined); + equal(foobarObj.get('barBaz').get('bazoo').get('some'), 'thing'); + equal(foobarObj.get('barBaz').get('bazoo').get('otherSome'), undefined); + } else { + fail('barBaz should be set'); + } + }); + it('include with *', async () => { const child1 = new TestObject({ foo: 'bar', name: 'ac' }); const child2 = new TestObject({ foo: 'baz', name: 'flo' }); @@ -3925,6 +4342,30 @@ describe('Parse.Query testing', () => { equal(result.child3.name, 'mo'); }); + it('include with ["*"]', async () => { + const child1 = new TestObject({ foo: 'bar', name: 'ac' }); + const child2 = new TestObject({ foo: 'baz', name: 'flo' }); + const child3 = new TestObject({ foo: 'bad', name: 'mo' }); + const parent = new Container({ child1, child2, child3 }); + await Parse.Object.saveAll([parent, child1, child2, child3]); + const options = Object.assign({}, masterKeyOptions, { + qs: { + where: JSON.stringify({ objectId: parent.id }), + include: '["*"]', + }, + }); + const resp = await request( + Object.assign({ url: Parse.serverURL + '/classes/Container' }, options) + ); + const result = resp.data.results[0]; + equal(result.child1.foo, 'bar'); + equal(result.child2.foo, 'baz'); + equal(result.child3.foo, 'bad'); + equal(result.child1.name, 'ac'); + equal(result.child2.name, 'flo'); + equal(result.child3.name, 'mo'); + }); + it('include with * overrides', async () => { const child1 = new TestObject({ foo: 'bar', name: 'ac' }); const child2 = new TestObject({ foo: 'baz', name: 'flo' }); @@ -3949,6 +4390,30 @@ describe('Parse.Query testing', () => { equal(result.child3.name, 'mo'); }); + it('include with ["*"] overrides', async () => { + const child1 = new TestObject({ foo: 'bar', name: 'ac' }); + const child2 = new TestObject({ foo: 'baz', name: 'flo' }); + const child3 = new TestObject({ foo: 'bad', name: 'mo' }); + const parent = new Container({ child1, child2, child3 }); + await Parse.Object.saveAll([parent, child1, child2, child3]); + const options = Object.assign({}, masterKeyOptions, { + qs: { + where: JSON.stringify({ objectId: parent.id }), + include: '["child2","*"]', + }, + }); + const resp = await request( + Object.assign({ url: Parse.serverURL + '/classes/Container' }, options) + ); + const result = resp.data.results[0]; + equal(result.child1.foo, 'bar'); + equal(result.child2.foo, 'baz'); + equal(result.child3.foo, 'bad'); + equal(result.child1.name, 'ac'); + equal(result.child2.name, 'flo'); + equal(result.child3.name, 'mo'); + }); + it('includeAll', done => { const child1 = new TestObject({ foo: 'bar', name: 'ac' }); const child2 = new TestObject({ foo: 'baz', name: 'flo' }); @@ -4720,19 +5185,6 @@ describe('Parse.Query testing', () => { equal(results[0].get('array').length, 105); }); - it('exclude keys (sdk query)', async done => { - const obj = new TestObject({ foo: 'baz', hello: 'world' }); - await obj.save(); - - const query = new Parse.Query('TestObject'); - query.exclude('foo'); - - const object = await query.get(obj.id); - expect(object.get('foo')).toBeUndefined(); - expect(object.get('hello')).toBe('world'); - done(); - }); - xit('todo: exclude keys with select key (sdk query get)', async done => { // there is some problem with js sdk caching diff --git a/src/RestQuery.js b/src/RestQuery.js index 99025af464..6039084e38 100644 --- a/src/RestQuery.js +++ b/src/RestQuery.js @@ -38,7 +38,6 @@ function RestQuery( this.response = null; this.findOptions = {}; this.context = context || {}; - if (!this.auth.isMaster) { if (this.className == '_Session') { if (!this.auth.user) { @@ -69,11 +68,22 @@ function RestQuery( // For example, passing an arg of include=foo.bar,foo.baz could lead to // this.include = [['foo'], ['foo', 'baz'], ['foo', 'bar']] this.include = []; + let keysForInclude = ''; // If we have keys, we probably want to force some includes (n-1 level) // See issue: https://github.com/parse-community/parse-server/issues/3185 if (Object.prototype.hasOwnProperty.call(restOptions, 'keys')) { - const keysForInclude = restOptions.keys + keysForInclude = restOptions.keys; + } + + // If we have keys, we probably want to force some includes (n-1 level) + // in order to exclude specific keys. + if (Object.prototype.hasOwnProperty.call(restOptions, 'excludeKeys')) { + keysForInclude += ',' + restOptions.excludeKeys; + } + + if (keysForInclude.length > 0) { + keysForInclude = keysForInclude .split(',') .filter(key => { // At least 2 components @@ -846,6 +856,26 @@ function includePath(config, auth, response, path, restOptions = {}) { } } + if (restOptions.excludeKeys) { + const excludeKeys = new Set(restOptions.excludeKeys.split(',')); + const excludeKeySet = Array.from(excludeKeys).reduce((set, key) => { + const keyPath = key.split('.'); + let i = 0; + for (i; i < path.length; i++) { + if (path[i] != keyPath[i]) { + return set; + } + } + if (i == (keyPath.length - 1)) { + set.add(keyPath[i]); + } + return set; + }, new Set()); + if (excludeKeySet.size > 0) { + includeRestOptions.excludeKeys = Array.from(excludeKeySet).join(','); + } + } + if (restOptions.includeReadPreference) { includeRestOptions.readPreference = restOptions.includeReadPreference; includeRestOptions.includeReadPreference = restOptions.includeReadPreference; diff --git a/src/Routers/ClassesRouter.js b/src/Routers/ClassesRouter.js index d1fc13bc02..6788d93e5f 100644 --- a/src/Routers/ClassesRouter.js +++ b/src/Routers/ClassesRouter.js @@ -57,14 +57,14 @@ export class ClassesRouter extends PromiseRouter { } } - if (typeof body.keys === 'string') { - options.keys = body.keys; + if (body.keys != null) { + options.keys = String(body.keys); } - if (body.include) { + if (body.include != null) { options.include = String(body.include); } - if (typeof body.excludeKeys == 'string') { - options.excludeKeys = body.excludeKeys; + if (body.excludeKeys != null) { + options.excludeKeys = String(body.excludeKeys); } if (typeof body.readPreference === 'string') { options.readPreference = body.readPreference; @@ -187,13 +187,13 @@ export class ClassesRouter extends PromiseRouter { if (body.count) { options.count = true; } - if (typeof body.keys == 'string') { - options.keys = body.keys; + if (body.keys != null) { + options.keys = String(body.keys); } - if (typeof body.excludeKeys == 'string') { - options.excludeKeys = body.excludeKeys; + if (body.excludeKeys != null) { + options.excludeKeys = String(body.excludeKeys); } - if (body.include) { + if (body.include != null) { options.include = String(body.include); } if (body.includeAll) { From 754c127d968ad84f3002636179ffbb34d4323b4e Mon Sep 17 00:00:00 2001 From: Manuel <5673677+mtrezza@users.noreply.github.com> Date: Thu, 3 Jun 2021 22:39:46 +0200 Subject: [PATCH 26/55] bump ci env (#7415) * bumped node version * bumped mongodb --- .github/workflows/ci.yml | 22 +++++++++++----------- README.md | 6 +++--- package.json | 12 ++++++------ 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5804224477..465fe45708 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,7 +7,7 @@ on: branches: - '**' env: - NODE_VERSION: 14.16.1 + NODE_VERSION: 14.17.0 PARSE_SERVER_TEST_TIMEOUT: 20000 jobs: check-ci: @@ -94,38 +94,38 @@ jobs: matrix: include: - name: MongoDB 4.4, ReplicaSet, WiredTiger - MONGODB_VERSION: 4.4.4 + MONGODB_VERSION: 4.4.6 MONGODB_TOPOLOGY: replicaset MONGODB_STORAGE_ENGINE: wiredTiger - NODE_VERSION: 14.16.1 + NODE_VERSION: 14.17.0 - name: MongoDB 4.2, ReplicaSet, WiredTiger - MONGODB_VERSION: 4.2.13 + MONGODB_VERSION: 4.2.14 MONGODB_TOPOLOGY: replicaset MONGODB_STORAGE_ENGINE: wiredTiger - NODE_VERSION: 14.16.1 + NODE_VERSION: 14.17.0 - name: MongoDB 4.0, ReplicaSet, WiredTiger MONGODB_VERSION: 4.0.23 MONGODB_TOPOLOGY: replicaset MONGODB_STORAGE_ENGINE: wiredTiger - NODE_VERSION: 14.16.1 + NODE_VERSION: 14.17.0 - name: MongoDB 4.0, Standalone, MMAPv1 MONGODB_VERSION: 4.0.23 MONGODB_TOPOLOGY: standalone MONGODB_STORAGE_ENGINE: mmapv1 - NODE_VERSION: 14.16.1 + NODE_VERSION: 14.17.0 - name: Redis Cache PARSE_SERVER_TEST_CACHE: redis - MONGODB_VERSION: 4.4.4 + MONGODB_VERSION: 4.4.6 MONGODB_TOPOLOGY: standalone MONGODB_STORAGE_ENGINE: wiredTiger - NODE_VERSION: 14.16.1 + NODE_VERSION: 14.17.0 - name: Node 12 - MONGODB_VERSION: 4.4.4 + MONGODB_VERSION: 4.4.6 MONGODB_TOPOLOGY: standalone MONGODB_STORAGE_ENGINE: wiredTiger NODE_VERSION: 12.22.1 - name: Node 15 - MONGODB_VERSION: 4.4.4 + MONGODB_VERSION: 4.4.6 MONGODB_TOPOLOGY: standalone MONGODB_STORAGE_ENGINE: wiredTiger NODE_VERSION: 15.14.0 diff --git a/README.md b/README.md index d52ea5c869..b5f7826653 100644 --- a/README.md +++ b/README.md @@ -115,7 +115,7 @@ Parse Server is continuously tested with the most recent releases of Node.js to | Version | Latest Version | End-of-Life Date | Compatibility | |------------|----------------|------------------|--------------------| | Node.js 12 | 12.22.1 | April 2022 | ✅ Fully compatible | -| Node.js 14 | 14.16.1 | April 2023 | ✅ Fully compatible | +| Node.js 14 | 14.17.0 | April 2023 | ✅ Fully compatible | | Node.js 15 | 15.14.0 | June 2021 | ✅ Fully compatible | #### MongoDB @@ -124,8 +124,8 @@ Parse Server is continuously tested with the most recent releases of MongoDB to | Version | Latest Version | End-of-Life Date | Compatibility | |-------------|----------------|------------------|--------------------| | MongoDB 4.0 | 4.0.23 | January 2022 | ✅ Fully compatible | -| MongoDB 4.2 | 4.2.13 | TBD | ✅ Fully compatible | -| MongoDB 4.4 | 4.4.4 | TBD | ✅ Fully compatible | +| MongoDB 4.2 | 4.2.14 | TBD | ✅ Fully compatible | +| MongoDB 4.4 | 4.4.6 | TBD | ✅ Fully compatible | #### PostgreSQL Parse Server is continuously tested with the most recent releases of PostgreSQL and PostGIS to ensure compatibility, using [PostGIS docker images](https://registry.hub.docker.com/r/postgis/postgis/tags?page=1&ordering=last_updated). We follow the [PostgreSQL support schedule](https://www.postgresql.org/support/versioning) and [PostGIS support schedule](https://www.postgis.net/eol_policy/) and only test against versions that are officially supported and have not reached their end-of-life date. Due to the extensive PostgreSQL support duration of 5 years, Parse Server drops support if a version is older than 3.5 years and a newer version has been available for at least 2.5 years. diff --git a/package.json b/package.json index 11adde75a4..49499c8bb9 100644 --- a/package.json +++ b/package.json @@ -112,14 +112,14 @@ "test:mongodb:testonly": "cross-env MONGODB_VERSION=${MONGODB_VERSION:=$npm_config_dbversion} MONGODB_TOPOLOGY=${MONGODB_TOPOLOGY:=standalone} MONGODB_STORAGE_ENGINE=${MONGODB_STORAGE_ENGINE:=wiredTiger} TESTING=1 jasmine", "test:mongodb": "npm run test:mongodb:runnerstart --dbversion=$npm_config_dbversion && npm run test:mongodb:testonly --dbversion=$npm_config_dbversion", "test:mongodb:4.0.23": "npm run test:mongodb --dbversion=4.0.23", - "test:mongodb:4.2.13": "npm run test:mongodb --dbversion=4.2.13", - "test:mongodb:4.4.4": "npm run test:mongodb --dbversion=4.4.4", + "test:mongodb:4.2.14": "npm run test:mongodb --dbversion=4.2.14", + "test:mongodb:4.4.6": "npm run test:mongodb --dbversion=4.4.6", "posttest:mongodb": "mongodb-runner stop", - "pretest": "cross-env MONGODB_VERSION=${MONGODB_VERSION:=4.4.4} MONGODB_TOPOLOGY=${MONGODB_TOPOLOGY:=standalone} MONGODB_STORAGE_ENGINE=${MONGODB_STORAGE_ENGINE:=wiredTiger} mongodb-runner start", - "testonly": "cross-env MONGODB_VERSION=${MONGODB_VERSION:=4.4.4} MONGODB_TOPOLOGY=${MONGODB_TOPOLOGY:=standalone} MONGODB_STORAGE_ENGINE=${MONGODB_STORAGE_ENGINE:=wiredTiger} TESTING=1 jasmine", + "pretest": "cross-env MONGODB_VERSION=${MONGODB_VERSION:=4.4.6} MONGODB_TOPOLOGY=${MONGODB_TOPOLOGY:=standalone} MONGODB_STORAGE_ENGINE=${MONGODB_STORAGE_ENGINE:=wiredTiger} mongodb-runner start", + "testonly": "cross-env MONGODB_VERSION=${MONGODB_VERSION:=4.4.6} MONGODB_TOPOLOGY=${MONGODB_TOPOLOGY:=standalone} MONGODB_STORAGE_ENGINE=${MONGODB_STORAGE_ENGINE:=wiredTiger} TESTING=1 jasmine", "test": "npm run testonly", - "posttest": "cross-env MONGODB_VERSION=${MONGODB_VERSION:=4.4.4} MONGODB_TOPOLOGY=${MONGODB_TOPOLOGY:=standalone} MONGODB_STORAGE_ENGINE=${MONGODB_STORAGE_ENGINE:=wiredTiger} mongodb-runner stop", - "coverage": "cross-env MONGODB_VERSION=${MONGODB_VERSION:=4.4.4} MONGODB_TOPOLOGY=${MONGODB_TOPOLOGY:=standalone} MONGODB_STORAGE_ENGINE=${MONGODB_STORAGE_ENGINE:=wiredTiger} TESTING=1 nyc jasmine", + "posttest": "cross-env MONGODB_VERSION=${MONGODB_VERSION:=4.4.6} MONGODB_TOPOLOGY=${MONGODB_TOPOLOGY:=standalone} MONGODB_STORAGE_ENGINE=${MONGODB_STORAGE_ENGINE:=wiredTiger} mongodb-runner stop", + "coverage": "cross-env MONGODB_VERSION=${MONGODB_VERSION:=4.4.6} MONGODB_TOPOLOGY=${MONGODB_TOPOLOGY:=standalone} MONGODB_STORAGE_ENGINE=${MONGODB_STORAGE_ENGINE:=wiredTiger} TESTING=1 nyc jasmine", "start": "node ./bin/parse-server", "prettier": "prettier --write '{src,spec}/{**/*,*}.js'", "prepare": "npm run build", From 129f7bfa9b7a3252b2d75524f441e81b7c37231c Mon Sep 17 00:00:00 2001 From: GormanFletcher <78770467+GormanFletcher@users.noreply.github.com> Date: Fri, 4 Jun 2021 19:55:00 -0400 Subject: [PATCH 27/55] Add support for master key clients to create user sessions (#7406) * 6641: Implement support for user impersonation: master key clients can log in as any user, without access to the user's credentials, and without presuming the user already has a session * reworded changelog * rebuilt package lock * fit test * using lodash flatMap * bump to node 12 for postgres test * revert test fit * add node version to postgres CI * revert package-lock Co-authored-by: gormanfletcher Co-authored-by: Manuel <5673677+mtrezza@users.noreply.github.com> --- .github/workflows/ci.yml | 9 ++- CHANGELOG.md | 2 + package.json | 2 +- spec/ParseUser.spec.js | 128 +++++++++++++++++++++++++++++++++++++ spec/SecurityCheck.spec.js | 60 +++++++++-------- src/Routers/UsersRouter.js | 91 ++++++++++++++++++++++---- 6 files changed, 249 insertions(+), 43 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 465fe45708..3b312c54c5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -170,12 +170,16 @@ jobs: include: - name: PostgreSQL 11, PostGIS 3.0 POSTGRES_IMAGE: postgis/postgis:11-3.0 + NODE_VERSION: 14.17.0 - name: PostgreSQL 11, PostGIS 3.1 POSTGRES_IMAGE: postgis/postgis:11-3.1 + NODE_VERSION: 14.17.0 - name: PostgreSQL 12, PostGIS 3.1 POSTGRES_IMAGE: postgis/postgis:12-3.1 + NODE_VERSION: 14.17.0 - name: PostgreSQL 13, PostGIS 3.1 POSTGRES_IMAGE: postgis/postgis:13-3.1 + NODE_VERSION: 14.17.0 fail-fast: false name: ${{ matrix.name }} timeout-minutes: 15 @@ -199,12 +203,13 @@ jobs: env: PARSE_SERVER_TEST_DB: postgres PARSE_SERVER_TEST_DATABASE_URI: postgres://postgres:postgres@localhost:5432/parse_server_postgres_adapter_test_database + NODE_VERSION: ${{ matrix.NODE_VERSION }} steps: - uses: actions/checkout@v2 - - name: Use Node.js 10 + - name: Use Node.js ${{ matrix.NODE_VERSION }} uses: actions/setup-node@v1 with: - node-version: 10 + node-version: ${{ matrix.NODE_VERSION }} - name: Cache Node.js modules uses: actions/cache@v2 with: diff --git a/CHANGELOG.md b/CHANGELOG.md index f3df1a02a7..0bd81b3fe8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -101,6 +101,8 @@ ___ - EXPERIMENTAL: Added new page router with placeholder rendering and localization of custom and feature pages such as password reset and email verification (Manuel Trezza) [#7128](https://github.com/parse-community/parse-server/pull/7128) - EXPERIMENTAL: Added custom routes to easily customize flows for password reset, email verification or build entirely new flows (Manuel Trezza) [#7231](https://github.com/parse-community/parse-server/pull/7231) - Added Deprecation Policy to govern the introduction of braking changes in a phased pattern that is more predictable for developers (Manuel Trezza) [#7199](https://github.com/parse-community/parse-server/pull/7199) +- Add REST API endpoint `/loginAs` to create session of any user with master key; allows to impersonate another user. (GormanFletcher) [#7406](https://github.com/parse-community/parse-server/pull/7406) + ### Other Changes - Fix error when a not yet inserted job is updated (Antonio Davi Macedo Coelho de Castro) [#7196](https://github.com/parse-community/parse-server/pull/7196) - request.context for afterFind triggers (dblythy) [#7078](https://github.com/parse-community/parse-server/pull/7078) diff --git a/package.json b/package.json index 49499c8bb9..80ae8cec27 100644 --- a/package.json +++ b/package.json @@ -91,8 +91,8 @@ "jsdoc-babel": "0.5.0", "lint-staged": "10.2.3", "madge": "4.0.2", - "mock-mail-adapter": "file:spec/dependencies/mock-mail-adapter", "mock-files-adapter": "file:spec/dependencies/mock-files-adapter", + "mock-mail-adapter": "file:spec/dependencies/mock-mail-adapter", "mongodb-runner": "4.8.1", "mongodb-version-list": "1.0.0", "node-fetch": "2.6.1", diff --git a/spec/ParseUser.spec.js b/spec/ParseUser.spec.js index 91aeb4920a..bee6f2a279 100644 --- a/spec/ParseUser.spec.js +++ b/spec/ParseUser.spec.js @@ -4032,3 +4032,131 @@ describe('Security Advisory GHSA-8w3j-g983-8jh5', function () { expect(user.get('authData')).toEqual({ custom: { id: 'linkedID' } }); }); }); + +describe('login as other user', () => { + it('allows creating a session for another user with the master key', async done => { + await Parse.User.signUp('some_user', 'some_password'); + const userId = Parse.User.current().id; + await Parse.User.logOut(); + + try { + const response = await request({ + method: 'POST', + url: 'http://localhost:8378/1/loginAs', + headers: { + 'X-Parse-Application-Id': Parse.applicationId, + 'X-Parse-REST-API-Key': 'rest', + 'X-Parse-Master-Key': 'test', + }, + body: { + userId, + }, + }); + + expect(response.data.sessionToken).toBeDefined(); + } catch (err) { + fail(`no request should fail: ${JSON.stringify(err)}`); + done(); + } + + const sessionsQuery = new Parse.Query(Parse.Session); + const sessionsAfterRequest = await sessionsQuery.find({ useMasterKey: true }); + expect(sessionsAfterRequest.length).toBe(1); + + done(); + }); + + it('rejects creating a session for another user if the user does not exist', async done => { + try { + await request({ + method: 'POST', + url: 'http://localhost:8378/1/loginAs', + headers: { + 'X-Parse-Application-Id': Parse.applicationId, + 'X-Parse-REST-API-Key': 'rest', + 'X-Parse-Master-Key': 'test', + }, + body: { + userId: 'bogus-user', + }, + }); + + fail('Request should fail without a valid user ID'); + done(); + } catch (err) { + expect(err.data.code).toBe(Parse.Error.OBJECT_NOT_FOUND); + expect(err.data.error).toBe('user not found'); + } + + const sessionsQuery = new Parse.Query(Parse.Session); + const sessionsAfterRequest = await sessionsQuery.find({ useMasterKey: true }); + expect(sessionsAfterRequest.length).toBe(0); + + done(); + }); + + it('rejects creating a session for another user with invalid parameters', async done => { + const invalidUserIds = [undefined, null, '']; + + for (const invalidUserId of invalidUserIds) { + try { + await request({ + method: 'POST', + url: 'http://localhost:8378/1/loginAs', + headers: { + 'X-Parse-Application-Id': Parse.applicationId, + 'X-Parse-REST-API-Key': 'rest', + 'X-Parse-Master-Key': 'test', + }, + body: { + userId: invalidUserId, + }, + }); + + fail('Request should fail without a valid user ID'); + done(); + } catch (err) { + expect(err.data.code).toBe(Parse.Error.INVALID_VALUE); + expect(err.data.error).toBe('userId must not be empty, null, or undefined'); + } + + const sessionsQuery = new Parse.Query(Parse.Session); + const sessionsAfterRequest = await sessionsQuery.find({ useMasterKey: true }); + expect(sessionsAfterRequest.length).toBe(0); + } + + done(); + }); + + it('rejects creating a session for another user without the master key', async done => { + await Parse.User.signUp('some_user', 'some_password'); + const userId = Parse.User.current().id; + await Parse.User.logOut(); + + try { + await request({ + method: 'POST', + url: 'http://localhost:8378/1/loginAs', + headers: { + 'X-Parse-Application-Id': Parse.applicationId, + 'X-Parse-REST-API-Key': 'rest', + }, + body: { + userId, + }, + }); + + fail('Request should fail without the master key'); + done(); + } catch (err) { + expect(err.data.code).toBe(Parse.Error.OPERATION_FORBIDDEN); + expect(err.data.error).toBe('master key is required'); + } + + const sessionsQuery = new Parse.Query(Parse.Session); + const sessionsAfterRequest = await sessionsQuery.find({ useMasterKey: true }); + expect(sessionsAfterRequest.length).toBe(0); + + done(); + }); +}); diff --git a/spec/SecurityCheck.spec.js b/spec/SecurityCheck.spec.js index 5f79ca2bbd..647ed909c0 100644 --- a/spec/SecurityCheck.spec.js +++ b/spec/SecurityCheck.spec.js @@ -23,14 +23,20 @@ describe('Security Check', () => { await reconfigureServer(config); } - const securityRequest = (options) => request(Object.assign({ - url: securityUrl, - headers: { - 'X-Parse-Master-Key': Parse.masterKey, - 'X-Parse-Application-Id': Parse.applicationId, - }, - followRedirects: false, - }, options)).catch(e => e); + const securityRequest = options => + request( + Object.assign( + { + url: securityUrl, + headers: { + 'X-Parse-Master-Key': Parse.masterKey, + 'X-Parse-Application-Id': Parse.applicationId, + }, + followRedirects: false, + }, + options + ) + ).catch(e => e); beforeEach(async () => { groupName = 'Example Group Name'; @@ -41,7 +47,7 @@ describe('Security Check', () => { solution: 'TestSolution', check: () => { return true; - } + }, }); checkFail = new Check({ group: 'TestGroup', @@ -50,14 +56,14 @@ describe('Security Check', () => { solution: 'TestSolution', check: () => { throw 'Fail'; - } + }, }); Group = class Group extends CheckGroup { setName() { return groupName; } setChecks() { - return [ checkSuccess, checkFail ]; + return [checkSuccess, checkFail]; } }; config = { @@ -154,7 +160,7 @@ describe('Security Check', () => { title: 'string', warning: 'string', solution: 'string', - check: () => {} + check: () => {}, }, { group: 'string', @@ -203,7 +209,9 @@ describe('Security Check', () => { title: 'string', warning: 'string', solution: 'string', - check: () => { throw 'error' }, + check: () => { + throw 'error'; + }, }); expect(check._checkState == CheckState.none); check.run(); @@ -277,7 +285,7 @@ describe('Security Check', () => { }); it('runs all checks of all groups', async () => { - const checkGroups = [ Group, Group ]; + const checkGroups = [Group, Group]; const runner = new CheckRunner({ checkGroups }); const report = await runner.run(); expect(report.report.groups[0].checks[0].state).toBe(CheckState.success); @@ -287,27 +295,27 @@ describe('Security Check', () => { }); it('reports correct default syntax version 1.0.0', async () => { - const checkGroups = [ Group ]; + const checkGroups = [Group]; const runner = new CheckRunner({ checkGroups, enableCheckLog: true }); const report = await runner.run(); expect(report).toEqual({ report: { - version: "1.0.0", - state: "fail", + version: '1.0.0', + state: 'fail', groups: [ { - name: "Example Group Name", - state: "fail", + name: 'Example Group Name', + state: 'fail', checks: [ { - title: "TestTitleSuccess", - state: "success", + title: 'TestTitleSuccess', + state: 'success', }, { - title: "TestTitleFail", - state: "fail", - warning: "TestWarning", - solution: "TestSolution", + title: 'TestTitleFail', + state: 'fail', + warning: 'TestWarning', + solution: 'TestSolution', }, ], }, @@ -319,7 +327,7 @@ describe('Security Check', () => { it('logs report', async () => { const logger = require('../lib/logger').logger; const logSpy = spyOn(logger, 'warn').and.callThrough(); - const checkGroups = [ Group ]; + const checkGroups = [Group]; const runner = new CheckRunner({ checkGroups, enableCheckLog: true }); const report = await runner.run(); const titles = report.report.groups.flatMap(group => group.checks.map(check => check.title)); diff --git a/src/Routers/UsersRouter.js b/src/Routers/UsersRouter.js index 05dda035f4..cdce6a1348 100644 --- a/src/Routers/UsersRouter.js +++ b/src/Routers/UsersRouter.js @@ -31,6 +31,28 @@ export class UsersRouter extends ClassesRouter { } } + /** + * After retrieving a user directly from the database, we need to remove the + * password from the object (for security), and fix an issue some SDKs have + * with null values + */ + _sanitizeAuthData(user) { + delete user.password; + + // Sometimes the authData still has null on that keys + // https://github.com/parse-community/parse-server/issues/935 + if (user.authData) { + Object.keys(user.authData).forEach(provider => { + if (user.authData[provider] === null) { + delete user.authData[provider]; + } + }); + if (Object.keys(user.authData).length == 0) { + delete user.authData; + } + } + } + /** * Validates a password request in login and verifyPassword * @param {Object} req The request @@ -117,20 +139,7 @@ export class UsersRouter extends ClassesRouter { throw new Parse.Error(Parse.Error.EMAIL_NOT_FOUND, 'User email is not verified.'); } - delete user.password; - - // Sometimes the authData still has null on that keys - // https://github.com/parse-community/parse-server/issues/935 - if (user.authData) { - Object.keys(user.authData).forEach(provider => { - if (user.authData[provider] === null) { - delete user.authData[provider]; - } - }); - if (Object.keys(user.authData).length == 0) { - delete user.authData; - } - } + this._sanitizeAuthData(user); return resolve(user); }) @@ -244,6 +253,57 @@ export class UsersRouter extends ClassesRouter { return { response: user }; } + /** + * This allows master-key clients to create user sessions without access to + * user credentials. This enables systems that can authenticate access another + * way (API key, app administrators) to act on a user's behalf. + * + * We create a new session rather than looking for an existing session; we + * want this to work in situations where the user is logged out on all + * devices, since this can be used by automated systems acting on the user's + * behalf. + * + * For the moment, we're omitting event hooks and lockout checks, since + * immediate use cases suggest /loginAs could be used for semantically + * different reasons from /login + */ + async handleLogInAs(req) { + if (!req.auth.isMaster) { + throw new Parse.Error(Parse.Error.OPERATION_FORBIDDEN, 'master key is required'); + } + + const userId = req.body.userId || req.query.userId; + if (!userId) { + throw new Parse.Error( + Parse.Error.INVALID_VALUE, + 'userId must not be empty, null, or undefined' + ); + } + + const queryResults = await req.config.database.find('_User', { objectId: userId }); + const user = queryResults[0]; + if (!user) { + throw new Parse.Error(Parse.Error.OBJECT_NOT_FOUND, 'user not found'); + } + + this._sanitizeAuthData(user); + + const { sessionData, createSession } = RestWrite.createSession(req.config, { + userId, + createdWith: { + action: 'login', + authProvider: 'masterkey', + }, + installationId: req.info.installationId, + }); + + user.sessionToken = sessionData.sessionToken; + + await createSession(); + + return { response: user }; + } + handleVerifyPassword(req) { return this._authenticateUserFromRequest(req) .then(user => { @@ -418,6 +478,9 @@ export class UsersRouter extends ClassesRouter { this.route('POST', '/login', req => { return this.handleLogIn(req); }); + this.route('POST', '/loginAs', req => { + return this.handleLogInAs(req); + }); this.route('POST', '/logout', req => { return this.handleLogOut(req); }); From bea4707783febc0fc6ea055835ffbc517cd2b067 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Fri, 11 Jun 2021 00:56:37 +0300 Subject: [PATCH 28/55] fix: package.json & package-lock.json to reduce vulnerabilities (#7423) The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-WS-1296835 --- package-lock.json | 16 ++++------------ package.json | 2 +- 2 files changed, 5 insertions(+), 13 deletions(-) diff --git a/package-lock.json b/package-lock.json index 3501e0bc5c..7c95516f5d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -11719,29 +11719,21 @@ } }, "subscriptions-transport-ws": { - "version": "0.9.18", - "resolved": "https://registry.npmjs.org/subscriptions-transport-ws/-/subscriptions-transport-ws-0.9.18.tgz", - "integrity": "sha512-tztzcBTNoEbuErsVQpTN2xUNN/efAZXyCyL5m3x4t6SKrEiTL2N8SaKWBFWM4u56pL79ULif3zjyeq+oV+nOaA==", + "version": "0.9.19", + "resolved": "https://registry.npmjs.org/subscriptions-transport-ws/-/subscriptions-transport-ws-0.9.19.tgz", + "integrity": "sha512-dxdemxFFB0ppCLg10FTtRqH/31FNRL1y1BQv8209MK5I4CwALb7iihQg+7p65lFcIl8MHatINWBLOqpgU4Kyyw==", "requires": { "backo2": "^1.0.2", "eventemitter3": "^3.1.0", "iterall": "^1.2.1", "symbol-observable": "^1.0.4", - "ws": "^5.2.0" + "ws": "^5.2.0 || ^6.0.0 || ^7.0.0" }, "dependencies": { "symbol-observable": { "version": "1.2.0", "resolved": "https://registry.npmjs.org/symbol-observable/-/symbol-observable-1.2.0.tgz", "integrity": "sha512-e900nM8RRtGhlV36KGEU9k65K3mPb1WV70OdjfxlG2EAuM1noi/E/BaW/uMhL7bPEssK8QV57vN3esixjUvcXQ==" - }, - "ws": { - "version": "5.2.2", - "resolved": "https://registry.npmjs.org/ws/-/ws-5.2.2.tgz", - "integrity": "sha512-jaHFD6PFv6UgoIVda6qZllptQsMlDEJkTQcybzzXDYM1XO9Y8em691FGMPmM46WGyLU4z9KMgQN+qrux/nhlHA==", - "requires": { - "async-limiter": "~1.0.0" - } } } }, diff --git a/package.json b/package.json index 80ae8cec27..7a4c806db4 100644 --- a/package.json +++ b/package.json @@ -53,7 +53,7 @@ "pluralize": "8.0.0", "redis": "3.1.2", "semver": "7.3.4", - "subscriptions-transport-ws": "0.9.18", + "subscriptions-transport-ws": "0.9.19", "tv4": "1.3.0", "uuid": "8.3.2", "winston": "3.3.3", From 61affe26293f7218e88878d027514d68975cfc8c Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Fri, 11 Jun 2021 00:59:16 +0300 Subject: [PATCH 29/55] fix: upgrade mongodb from 3.6.6 to 3.6.7 (#7425) Snyk has created this PR to upgrade mongodb from 3.6.6 to 3.6.7. See this package in npm: https://www.npmjs.com/package/mongodb See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 14 +++++++------- package.json | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/package-lock.json b/package-lock.json index 7c95516f5d..c741a04b59 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9058,14 +9058,14 @@ "integrity": "sha512-kHmoybcPV8Sqy59DwNDY3Jefr64lK/by/da0ViFcuA4DH0vQg5Q6Ze5VimxkfQNSC+Mls/Kx53s7TjP1RhFEDQ==" }, "mongodb": { - "version": "3.6.6", - "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-3.6.6.tgz", - "integrity": "sha512-WlirMiuV1UPbej5JeCMqE93JRfZ/ZzqE7nJTwP85XzjAF4rRSeq2bGCb1cjfoHLOF06+HxADaPGqT0g3SbVT1w==", + "version": "3.6.7", + "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-3.6.7.tgz", + "integrity": "sha512-VXW2bWz47LhAEw0qs8Mk2zRgQwgbXH16KAwQFtylBu0zXO8rkQmA8ncsYbmICaVutZeINRlXYXG3MDIz90NM3g==", "requires": { "bl": "^2.2.1", "bson": "^1.1.4", "denque": "^1.4.1", - "optional-require": "^1.0.2", + "optional-require": "^1.0.3", "safe-buffer": "^5.1.2", "saslprep": "^1.0.0" } @@ -9754,9 +9754,9 @@ } }, "optional-require": { - "version": "1.0.2", - "resolved": "https://registry.npmjs.org/optional-require/-/optional-require-1.0.2.tgz", - "integrity": "sha512-HZubVd6IfHsbnpdNF/ICaSAzBUEW1TievpkjY3tB4Jnk8L7+pJ3conPzUt3Mn/6OZx9uzTDOHYPGA8/AxYHBOg==" + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/optional-require/-/optional-require-1.0.3.tgz", + "integrity": "sha512-RV2Zp2MY2aeYK5G+B/Sps8lW5NHAzE5QClbFP15j+PWmP+T9PxlJXBOOLoSAdgwFvS4t0aMR4vpedMkbHfh0nA==" }, "optionator": { "version": "0.8.3", diff --git a/package.json b/package.json index 7a4c806db4..12b008f806 100644 --- a/package.json +++ b/package.json @@ -45,7 +45,7 @@ "lodash": "4.17.21", "lru-cache": "5.1.1", "mime": "2.5.2", - "mongodb": "3.6.6", + "mongodb": "3.6.7", "mustache": "4.2.0", "parse": "3.2.0", "pg-monitor": "1.4.1", From bfdb6a93e8c0d78524820b32abaff174776520f3 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Fri, 11 Jun 2021 01:00:00 +0300 Subject: [PATCH 30/55] fix: upgrade apollo-server-express from 2.24.0 to 2.24.1 (#7424) Snyk has created this PR to upgrade apollo-server-express from 2.24.0 to 2.24.1. See this package in npm: https://www.npmjs.com/package/apollo-server-express See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 198 ++++++++++++++++++++++++++-------------------- package.json | 2 +- 2 files changed, 112 insertions(+), 88 deletions(-) diff --git a/package-lock.json b/package-lock.json index c741a04b59..d0f01ce7d3 100644 --- a/package-lock.json +++ b/package-lock.json @@ -95,12 +95,9 @@ } }, "@apollographql/apollo-tools": { - "version": "0.5.0", - "resolved": "https://registry.npmjs.org/@apollographql/apollo-tools/-/apollo-tools-0.5.0.tgz", - "integrity": "sha512-7IOZHVaKjBq44StXFJEITl4rxgZCsZFSWogAvIErKR9DYV20rt9bJ2mY5lCn+zghfGrweykjLb9g4TDxLg750w==", - "requires": { - "apollo-env": "^0.10.0" - } + "version": "0.5.1", + "resolved": "https://registry.npmjs.org/@apollographql/apollo-tools/-/apollo-tools-0.5.1.tgz", + "integrity": "sha512-ZII+/xUFfb9ezDU2gad114+zScxVFMVlZ91f8fGApMzlS1kkqoyLnC4AJaQ1Ya/X+b63I20B4Gd+eCL8QuB4sA==" }, "@apollographql/graphql-playground-html": { "version": "1.6.27", @@ -1918,9 +1915,9 @@ } }, "@types/koa": { - "version": "2.13.1", - "resolved": "https://registry.npmjs.org/@types/koa/-/koa-2.13.1.tgz", - "integrity": "sha512-Qbno7FWom9nNqu0yHZ6A0+RWt4mrYBhw3wpBAQ3+IuzGcLlfeYkzZrnMq5wsxulN2np8M4KKeUpTodsOsSad5Q==", + "version": "2.13.3", + "resolved": "https://registry.npmjs.org/@types/koa/-/koa-2.13.3.tgz", + "integrity": "sha512-TaujBV+Dhe/FvmSMZJtCFBms+bqQacgUebk/M2C2tq8iGmHE/DDf4DcW2Hc7NqusVZmy5xzrWOjtdPKNP+fTfw==", "requires": { "@types/accepts": "*", "@types/content-disposition": "*", @@ -1955,15 +1952,6 @@ "resolved": "https://registry.npmjs.org/@types/node/-/node-14.14.37.tgz", "integrity": "sha512-XYmBiy+ohOR4Lh5jE379fV2IU+6Jn4g5qASinhitfyO71b/sCo6MKsMLF5tc7Zf2CE8hViVQyYSobJNke8OvUw==" }, - "@types/node-fetch": { - "version": "2.5.10", - "resolved": "https://registry.npmjs.org/@types/node-fetch/-/node-fetch-2.5.10.tgz", - "integrity": "sha512-IpkX0AasN44hgEad0gEF/V6EgR5n69VEqPEgnmoM8GsIGro3PowbWs4tR6IhxUTyPLpOn+fiGG6nrQhcmoCuIQ==", - "requires": { - "@types/node": "*", - "form-data": "^3.0.0" - } - }, "@types/parse-json": { "version": "4.0.0", "resolved": "https://registry.npmjs.org/@types/parse-json/-/parse-json-4.0.0.tgz", @@ -2337,12 +2325,12 @@ } }, "apollo-cache-control": { - "version": "0.13.0", - "resolved": "https://registry.npmjs.org/apollo-cache-control/-/apollo-cache-control-0.13.0.tgz", - "integrity": "sha512-ImUXwVc/8K9QA3mQiKbKw8bOS4lMNL4DoP4hldIx+gwna8dgh3gBChgxW5guMOhcvH/55ximS7ZNWUglFmQY4Q==", + "version": "0.14.0", + "resolved": "https://registry.npmjs.org/apollo-cache-control/-/apollo-cache-control-0.14.0.tgz", + "integrity": "sha512-qN4BCq90egQrgNnTRMUHikLZZAprf3gbm8rC5Vwmc6ZdLolQ7bFsa769Hqi6Tq/lS31KLsXBLTOsRbfPHph12w==", "requires": { "apollo-server-env": "^3.1.0", - "apollo-server-plugin-base": "^0.12.0" + "apollo-server-plugin-base": "^0.13.0" } }, "apollo-cache-inmemory": { @@ -2424,21 +2412,10 @@ "apollo-server-env": "^3.1.0" } }, - "apollo-env": { - "version": "0.10.0", - "resolved": "https://registry.npmjs.org/apollo-env/-/apollo-env-0.10.0.tgz", - "integrity": "sha512-7Geot+eyOl4jzPi9beiszeDmEEVZOVT11LSlkQluF5eaCNaIvld+xklZxITZGI/Wr+PQX380YJgQt1ndR2GtOg==", - "requires": { - "@types/node-fetch": "^2.5.10", - "core-js": "^3.0.1", - "node-fetch": "^2.6.1", - "sha.js": "^2.4.11" - } - }, "apollo-graphql": { - "version": "0.9.2", - "resolved": "https://registry.npmjs.org/apollo-graphql/-/apollo-graphql-0.9.2.tgz", - "integrity": "sha512-+c/vqC2LPq3e5kO7MfBxDDiljzLog/THZr9Pd46HVaKAhHUxFL0rJEbT17VhjdOoZGWFWLYG7x9hiN6EQD1xZQ==", + "version": "0.9.3", + "resolved": "https://registry.npmjs.org/apollo-graphql/-/apollo-graphql-0.9.3.tgz", + "integrity": "sha512-rcAl2E841Iko4kSzj4Pt3PRBitmyq1MvoEmpl04TQSpGnoVgl1E/ZXuLBYxMTSnEAm7umn2IsoY+c6Ll9U/10A==", "requires": { "core-js-pure": "^3.10.2", "lodash.sortby": "^4.7.0", @@ -2446,9 +2423,9 @@ }, "dependencies": { "core-js-pure": { - "version": "3.12.1", - "resolved": "https://registry.npmjs.org/core-js-pure/-/core-js-pure-3.12.1.tgz", - "integrity": "sha512-1cch+qads4JnDSWsvc7d6nzlKAippwjUlf6vykkTLW53VSV+NkE6muGBToAjEA8pG90cSfcud3JgVmW2ds5TaQ==" + "version": "3.14.0", + "resolved": "https://registry.npmjs.org/core-js-pure/-/core-js-pure-3.14.0.tgz", + "integrity": "sha512-YVh+LN2FgNU0odThzm61BsdkwrbrchumFq3oztnE9vTKC4KS2fvnPmcx8t6jnqAyOTCTF4ZSiuK8Qhh7SNcL4g==" } } }, @@ -2527,9 +2504,9 @@ } }, "apollo-reporting-protobuf": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/apollo-reporting-protobuf/-/apollo-reporting-protobuf-0.7.0.tgz", - "integrity": "sha512-PC+zDqPPJcseemqmvUEqFiDi45pz6UaPWt6czgmrrbcQ+9VWp6IEkm08V5xBKk7V1WGUw19YwiJ7kqXpcgVNyw==", + "version": "0.8.0", + "resolved": "https://registry.npmjs.org/apollo-reporting-protobuf/-/apollo-reporting-protobuf-0.8.0.tgz", + "integrity": "sha512-B3XmnkH6Y458iV6OsA7AhfwvTgeZnFq9nPVjbxmLKnvfkEl8hYADtz724uPa0WeBiD7DSFcnLtqg9yGmCkBohg==", "requires": { "@apollo/protobufjs": "1.2.2" } @@ -2553,38 +2530,47 @@ } }, "apollo-server-core": { - "version": "2.24.1", - "resolved": "https://registry.npmjs.org/apollo-server-core/-/apollo-server-core-2.24.1.tgz", - "integrity": "sha512-+T7G2EsC5N/AVo0QJo13r1kFgJk0HTK55YlXbnpJl6qRUF8yKLXMittvIfTWge0uLQGzFzVRhDZ7AQMt/E1TGA==", + "version": "2.25.1", + "resolved": "https://registry.npmjs.org/apollo-server-core/-/apollo-server-core-2.25.1.tgz", + "integrity": "sha512-10gVjvGv3uPfy7gUFQhgNhb66RorD1qX6yF4bTawm4S6JstkGrWYFJN5/48o7Mte+tATpXzAGiWu0l4wsYA/mA==", "requires": { "@apollographql/apollo-tools": "^0.5.0", "@apollographql/graphql-playground-html": "1.6.27", "@apollographql/graphql-upload-8-fork": "^8.1.3", "@josephg/resolvable": "^1.0.0", "@types/ws": "^7.0.0", - "apollo-cache-control": "^0.13.0", + "apollo-cache-control": "^0.14.0", "apollo-datasource": "^0.9.0", "apollo-graphql": "^0.9.0", - "apollo-reporting-protobuf": "^0.7.0", + "apollo-reporting-protobuf": "^0.8.0", "apollo-server-caching": "^0.7.0", "apollo-server-env": "^3.1.0", "apollo-server-errors": "^2.5.0", - "apollo-server-plugin-base": "^0.12.0", - "apollo-server-types": "^0.8.0", - "apollo-tracing": "^0.14.0", + "apollo-server-plugin-base": "^0.13.0", + "apollo-server-types": "^0.9.0", + "apollo-tracing": "^0.15.0", "async-retry": "^1.2.1", "fast-json-stable-stringify": "^2.0.0", - "graphql-extensions": "^0.14.0", + "graphql-extensions": "^0.15.0", "graphql-tag": "^2.11.0", "graphql-tools": "^4.0.8", "loglevel": "^1.6.7", "lru-cache": "^6.0.0", "sha.js": "^2.4.11", - "subscriptions-transport-ws": "^0.9.11", - "uuid": "^8.0.0", - "ws": "^6.0.0" + "subscriptions-transport-ws": "^0.9.19", + "uuid": "^8.0.0" }, "dependencies": { + "apollo-server-types": { + "version": "0.9.0", + "resolved": "https://registry.npmjs.org/apollo-server-types/-/apollo-server-types-0.9.0.tgz", + "integrity": "sha512-qk9tg4Imwpk732JJHBkhW0jzfG0nFsLqK2DY6UhvJf7jLnRePYsPxWfPiNkxni27pLE2tiNlCwoDFSeWqpZyBg==", + "requires": { + "apollo-reporting-protobuf": "^0.8.0", + "apollo-server-caching": "^0.7.0", + "apollo-server-env": "^3.1.0" + } + }, "lru-cache": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", @@ -2593,13 +2579,22 @@ "yallist": "^4.0.0" } }, - "ws": { - "version": "6.2.1", - "resolved": "https://registry.npmjs.org/ws/-/ws-6.2.1.tgz", - "integrity": "sha512-GIyAXC2cB7LjvpgMt9EKS2ldqr0MTrORaleiOno6TweZ6r3TKtoFQWay/2PceJ3RuBasOHzXNn5Lrw1X0bEjqA==", + "subscriptions-transport-ws": { + "version": "0.9.19", + "resolved": "https://registry.npmjs.org/subscriptions-transport-ws/-/subscriptions-transport-ws-0.9.19.tgz", + "integrity": "sha512-dxdemxFFB0ppCLg10FTtRqH/31FNRL1y1BQv8209MK5I4CwALb7iihQg+7p65lFcIl8MHatINWBLOqpgU4Kyyw==", "requires": { - "async-limiter": "~1.0.0" + "backo2": "^1.0.2", + "eventemitter3": "^3.1.0", + "iterall": "^1.2.1", + "symbol-observable": "^1.0.4", + "ws": "^5.2.0 || ^6.0.0 || ^7.0.0" } + }, + "symbol-observable": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/symbol-observable/-/symbol-observable-1.2.0.tgz", + "integrity": "sha512-e900nM8RRtGhlV36KGEU9k65K3mPb1WV70OdjfxlG2EAuM1noi/E/BaW/uMhL7bPEssK8QV57vN3esixjUvcXQ==" } } }, @@ -2618,9 +2613,9 @@ "integrity": "sha512-lO5oTjgiC3vlVg2RKr3RiXIIQ5pGXBFxYGGUkKDhTud3jMIhs+gel8L8zsEjKaKxkjHhCQAA/bcEfYiKkGQIvA==" }, "apollo-server-express": { - "version": "2.24.0", - "resolved": "https://registry.npmjs.org/apollo-server-express/-/apollo-server-express-2.24.0.tgz", - "integrity": "sha512-wVoD53azxqVZt/i4yAm6cDDCXpbzr0AJpzOdNXVFW/KivInWEMF5ekCc80uMOawPeu78U7Skoc20akyvZKc+YA==", + "version": "2.24.1", + "resolved": "https://registry.npmjs.org/apollo-server-express/-/apollo-server-express-2.24.1.tgz", + "integrity": "sha512-waBGJYG6Ht86RHMcTQLjy3YNeccg5IONe10qdm/kGbQVMXoE6KJB2VuNy/akRDPRvS6+tEt4v0XFSi7qQa4iXQ==", "requires": { "@apollographql/graphql-playground-html": "1.6.27", "@types/accepts": "^1.3.5", @@ -2629,7 +2624,7 @@ "@types/express": "4.17.11", "@types/express-serve-static-core": "4.17.19", "accepts": "^1.3.5", - "apollo-server-core": "^2.24.0", + "apollo-server-core": "^2.24.1", "apollo-server-types": "^0.8.0", "body-parser": "^1.18.3", "cors": "^2.8.5", @@ -2665,11 +2660,23 @@ } }, "apollo-server-plugin-base": { - "version": "0.12.0", - "resolved": "https://registry.npmjs.org/apollo-server-plugin-base/-/apollo-server-plugin-base-0.12.0.tgz", - "integrity": "sha512-jnNIztYz34ImE7off0t9LwseGCR/J0H1wlbiBGvdXvQY+ZiMfVF2oF8KdSAPxG2vT6scvWP4GFS/FsZcOyP1Xw==", + "version": "0.13.0", + "resolved": "https://registry.npmjs.org/apollo-server-plugin-base/-/apollo-server-plugin-base-0.13.0.tgz", + "integrity": "sha512-L3TMmq2YE6BU6I4Tmgygmd0W55L+6XfD9137k+cWEBFu50vRY4Re+d+fL5WuPkk5xSPKd/PIaqzidu5V/zz8Kg==", "requires": { - "apollo-server-types": "^0.8.0" + "apollo-server-types": "^0.9.0" + }, + "dependencies": { + "apollo-server-types": { + "version": "0.9.0", + "resolved": "https://registry.npmjs.org/apollo-server-types/-/apollo-server-types-0.9.0.tgz", + "integrity": "sha512-qk9tg4Imwpk732JJHBkhW0jzfG0nFsLqK2DY6UhvJf7jLnRePYsPxWfPiNkxni27pLE2tiNlCwoDFSeWqpZyBg==", + "requires": { + "apollo-reporting-protobuf": "^0.8.0", + "apollo-server-caching": "^0.7.0", + "apollo-server-env": "^3.1.0" + } + } } }, "apollo-server-types": { @@ -2680,15 +2687,25 @@ "apollo-reporting-protobuf": "^0.7.0", "apollo-server-caching": "^0.7.0", "apollo-server-env": "^3.1.0" + }, + "dependencies": { + "apollo-reporting-protobuf": { + "version": "0.7.0", + "resolved": "https://registry.npmjs.org/apollo-reporting-protobuf/-/apollo-reporting-protobuf-0.7.0.tgz", + "integrity": "sha512-PC+zDqPPJcseemqmvUEqFiDi45pz6UaPWt6czgmrrbcQ+9VWp6IEkm08V5xBKk7V1WGUw19YwiJ7kqXpcgVNyw==", + "requires": { + "@apollo/protobufjs": "1.2.2" + } + } } }, "apollo-tracing": { - "version": "0.14.0", - "resolved": "https://registry.npmjs.org/apollo-tracing/-/apollo-tracing-0.14.0.tgz", - "integrity": "sha512-KH4mOoicZ2CQkEYVuNP9avJth59LwNqku3fKZ4S0UYE1RfxzIoLLsEyuY8MuJEgNdtKKfkX5G5Kn5Rp4LCJ4RQ==", + "version": "0.15.0", + "resolved": "https://registry.npmjs.org/apollo-tracing/-/apollo-tracing-0.15.0.tgz", + "integrity": "sha512-UP0fztFvaZPHDhIB/J+qGuy6hWO4If069MGC98qVs0I8FICIGu4/8ykpX3X3K6RtaQ56EDAWKykCxFv4ScxMeA==", "requires": { "apollo-server-env": "^3.1.0", - "apollo-server-plugin-base": "^0.12.0" + "apollo-server-plugin-base": "^0.13.0" } }, "apollo-upload-client": { @@ -4023,11 +4040,6 @@ "dev": true, "optional": true }, - "core-js": { - "version": "3.12.1", - "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.12.1.tgz", - "integrity": "sha512-Ne9DKPHTObRuB09Dru5AjwKjY4cJHVGu+y5f7coGn1E9Grkc3p2iBwE9AI/nJzsE29mQF7oq+mhYYRqOMFN1Bw==" - }, "core-js-compat": { "version": "3.10.1", "resolved": "https://registry.npmjs.org/core-js-compat/-/core-js-compat-3.10.1.tgz", @@ -5007,9 +5019,9 @@ } }, "es-abstract": { - "version": "1.18.0", - "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.18.0.tgz", - "integrity": "sha512-LJzK7MrQa8TS0ja2w3YNLzUgJCGPdPOV1yVvezjNnS89D+VR08+Szt2mz3YB2Dck/+w5tfIq/RoUAFqJJGM2yw==", + "version": "1.18.3", + "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.18.3.tgz", + "integrity": "sha512-nQIr12dxV7SSxE6r6f1l3DtAeEYdsGpps13dR0TwJg1S8gyp4ZPgy3FZcHBgbiQqnoqSTb+oC+kO4UQ0C/J8vw==", "requires": { "call-bind": "^1.0.2", "es-to-primitive": "^1.2.1", @@ -5019,14 +5031,14 @@ "has-symbols": "^1.0.2", "is-callable": "^1.2.3", "is-negative-zero": "^2.0.1", - "is-regex": "^1.1.2", - "is-string": "^1.0.5", - "object-inspect": "^1.9.0", + "is-regex": "^1.1.3", + "is-string": "^1.0.6", + "object-inspect": "^1.10.3", "object-keys": "^1.1.1", "object.assign": "^4.1.2", "string.prototype.trimend": "^1.0.4", "string.prototype.trimstart": "^1.0.4", - "unbox-primitive": "^1.0.0" + "unbox-primitive": "^1.0.1" } }, "es-to-primitive": { @@ -6472,13 +6484,25 @@ "integrity": "sha512-OmaM7y0kaK31NKG31q4YbD2beNYa6jBBKtMFT6gLYJljHLJr42IqJ8KX08u3Li/0ifzTU5HjmoOOrwa5BRLeDA==" }, "graphql-extensions": { - "version": "0.14.0", - "resolved": "https://registry.npmjs.org/graphql-extensions/-/graphql-extensions-0.14.0.tgz", - "integrity": "sha512-DFtD8G+6rSj/Xhtb0IPh4A/sB/qcSEm9MTS221ESCx+axrsME92wGEsr7ihVjn1/tEEIy+9V5lUQOH/dHkCb0A==", + "version": "0.15.0", + "resolved": "https://registry.npmjs.org/graphql-extensions/-/graphql-extensions-0.15.0.tgz", + "integrity": "sha512-bVddVO8YFJPwuACn+3pgmrEg6I8iBuYLuwvxiE+lcQQ7POotVZxm2rgGw0PvVYmWWf3DT7nTVDZ5ROh/ALp8mA==", "requires": { "@apollographql/apollo-tools": "^0.5.0", "apollo-server-env": "^3.1.0", - "apollo-server-types": "^0.8.0" + "apollo-server-types": "^0.9.0" + }, + "dependencies": { + "apollo-server-types": { + "version": "0.9.0", + "resolved": "https://registry.npmjs.org/apollo-server-types/-/apollo-server-types-0.9.0.tgz", + "integrity": "sha512-qk9tg4Imwpk732JJHBkhW0jzfG0nFsLqK2DY6UhvJf7jLnRePYsPxWfPiNkxni27pLE2tiNlCwoDFSeWqpZyBg==", + "requires": { + "apollo-reporting-protobuf": "^0.8.0", + "apollo-server-caching": "^0.7.0", + "apollo-server-env": "^3.1.0" + } + } } }, "graphql-list-fields": { diff --git a/package.json b/package.json index 12b008f806..ead7133374 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "@graphql-tools/utils": "6.2.4", "@parse/fs-files-adapter": "1.2.0", "@parse/push-adapter": "3.4.0", - "apollo-server-express": "2.24.0", + "apollo-server-express": "2.24.1", "bcryptjs": "2.4.3", "body-parser": "1.19.0", "commander": "5.1.0", From 0638e5e697c8ee2e75b7f42ac46c7385f1a3c483 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 10 Jun 2021 15:21:20 -0700 Subject: [PATCH 31/55] chore(deps): bump normalize-url from 4.5.0 to 4.5.1 (#7428) Bumps [normalize-url](https://github.com/sindresorhus/normalize-url) from 4.5.0 to 4.5.1. - [Release notes](https://github.com/sindresorhus/normalize-url/releases) - [Commits](https://github.com/sindresorhus/normalize-url/commits) --- updated-dependencies: - dependency-name: normalize-url dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index d0f01ce7d3..d2d672128a 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9473,9 +9473,9 @@ "dev": true }, "normalize-url": { - "version": "4.5.0", - "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-4.5.0.tgz", - "integrity": "sha512-2s47yzUxdexf1OhyRi4Em83iQk0aPvwTddtFz4hnSSw9dCEsLEGf6SwIO8ss/19S9iBb5sJaOuTvTGDeZI00BQ==", + "version": "4.5.1", + "resolved": "https://registry.npmjs.org/normalize-url/-/normalize-url-4.5.1.tgz", + "integrity": "sha512-9UZCFRHQdNrfTpGg8+1INIg93B6zE0aXMVFkw1WFwvO4SlZywU6aLg5Of0Ap/PgcbSw4LNxvMWXMeugwMCX0AA==", "dev": true }, "npm-conf": { From f6a41729a7a3adc6bd5310cefb3458835b4abb58 Mon Sep 17 00:00:00 2001 From: Manuel <5673677+mtrezza@users.noreply.github.com> Date: Fri, 11 Jun 2021 02:36:20 +0200 Subject: [PATCH 32/55] bump mongo (#7429) --- .github/workflows/ci.yml | 4 ++-- README.md | 2 +- package.json | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3b312c54c5..ad22983efc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -104,12 +104,12 @@ jobs: MONGODB_STORAGE_ENGINE: wiredTiger NODE_VERSION: 14.17.0 - name: MongoDB 4.0, ReplicaSet, WiredTiger - MONGODB_VERSION: 4.0.23 + MONGODB_VERSION: 4.0.25 MONGODB_TOPOLOGY: replicaset MONGODB_STORAGE_ENGINE: wiredTiger NODE_VERSION: 14.17.0 - name: MongoDB 4.0, Standalone, MMAPv1 - MONGODB_VERSION: 4.0.23 + MONGODB_VERSION: 4.0.25 MONGODB_TOPOLOGY: standalone MONGODB_STORAGE_ENGINE: mmapv1 NODE_VERSION: 14.17.0 diff --git a/README.md b/README.md index b5f7826653..e4a8b6e269 100644 --- a/README.md +++ b/README.md @@ -123,7 +123,7 @@ Parse Server is continuously tested with the most recent releases of MongoDB to | Version | Latest Version | End-of-Life Date | Compatibility | |-------------|----------------|------------------|--------------------| -| MongoDB 4.0 | 4.0.23 | January 2022 | ✅ Fully compatible | +| MongoDB 4.0 | 4.0.25 | January 2022 | ✅ Fully compatible | | MongoDB 4.2 | 4.2.14 | TBD | ✅ Fully compatible | | MongoDB 4.4 | 4.4.6 | TBD | ✅ Fully compatible | diff --git a/package.json b/package.json index ead7133374..7bc2e0e2f2 100644 --- a/package.json +++ b/package.json @@ -111,7 +111,7 @@ "test:mongodb:runnerstart": "cross-env MONGODB_VERSION=${MONGODB_VERSION:=$npm_config_dbversion} MONGODB_TOPOLOGY=${MONGODB_TOPOLOGY:=standalone} MONGODB_STORAGE_ENGINE=${MONGODB_STORAGE_ENGINE:=wiredTiger} mongodb-runner start", "test:mongodb:testonly": "cross-env MONGODB_VERSION=${MONGODB_VERSION:=$npm_config_dbversion} MONGODB_TOPOLOGY=${MONGODB_TOPOLOGY:=standalone} MONGODB_STORAGE_ENGINE=${MONGODB_STORAGE_ENGINE:=wiredTiger} TESTING=1 jasmine", "test:mongodb": "npm run test:mongodb:runnerstart --dbversion=$npm_config_dbversion && npm run test:mongodb:testonly --dbversion=$npm_config_dbversion", - "test:mongodb:4.0.23": "npm run test:mongodb --dbversion=4.0.23", + "test:mongodb:4.0.25": "npm run test:mongodb --dbversion=4.0.25", "test:mongodb:4.2.14": "npm run test:mongodb --dbversion=4.2.14", "test:mongodb:4.4.6": "npm run test:mongodb --dbversion=4.4.6", "posttest:mongodb": "mongodb-runner stop", From 10695194b21a3ae2d34f88704a50a5ac0890202c Mon Sep 17 00:00:00 2001 From: Olle Jonsson Date: Tue, 15 Jun 2021 13:25:04 +0200 Subject: [PATCH 33/55] CHANGELOG: typo fix braking->breaking [ci skip] (#7432) --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0bd81b3fe8..9fb0b32bac 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -100,7 +100,7 @@ ___ - Added Parse Server Security Check to report weak security settings (Manuel Trezza, dblythy) [#7247](https://github.com/parse-community/parse-server/issues/7247) - EXPERIMENTAL: Added new page router with placeholder rendering and localization of custom and feature pages such as password reset and email verification (Manuel Trezza) [#7128](https://github.com/parse-community/parse-server/pull/7128) - EXPERIMENTAL: Added custom routes to easily customize flows for password reset, email verification or build entirely new flows (Manuel Trezza) [#7231](https://github.com/parse-community/parse-server/pull/7231) -- Added Deprecation Policy to govern the introduction of braking changes in a phased pattern that is more predictable for developers (Manuel Trezza) [#7199](https://github.com/parse-community/parse-server/pull/7199) +- Added Deprecation Policy to govern the introduction of breaking changes in a phased pattern that is more predictable for developers (Manuel Trezza) [#7199](https://github.com/parse-community/parse-server/pull/7199) - Add REST API endpoint `/loginAs` to create session of any user with master key; allows to impersonate another user. (GormanFletcher) [#7406](https://github.com/parse-community/parse-server/pull/7406) ### Other Changes From 3a2afda91134d2a89b4f24c07fe5cb154c7fe6e7 Mon Sep 17 00:00:00 2001 From: Manuel <5673677+mtrezza@users.noreply.github.com> Date: Sun, 20 Jun 2021 19:31:32 +0200 Subject: [PATCH 34/55] bump node version (#7441) --- .github/workflows/ci.yml | 20 ++++++++++---------- README.md | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ad22983efc..5250aea05d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,7 +7,7 @@ on: branches: - '**' env: - NODE_VERSION: 14.17.0 + NODE_VERSION: 14.17.1 PARSE_SERVER_TEST_TIMEOUT: 20000 jobs: check-ci: @@ -97,28 +97,28 @@ jobs: MONGODB_VERSION: 4.4.6 MONGODB_TOPOLOGY: replicaset MONGODB_STORAGE_ENGINE: wiredTiger - NODE_VERSION: 14.17.0 + NODE_VERSION: 14.17.1 - name: MongoDB 4.2, ReplicaSet, WiredTiger MONGODB_VERSION: 4.2.14 MONGODB_TOPOLOGY: replicaset MONGODB_STORAGE_ENGINE: wiredTiger - NODE_VERSION: 14.17.0 + NODE_VERSION: 14.17.1 - name: MongoDB 4.0, ReplicaSet, WiredTiger MONGODB_VERSION: 4.0.25 MONGODB_TOPOLOGY: replicaset MONGODB_STORAGE_ENGINE: wiredTiger - NODE_VERSION: 14.17.0 + NODE_VERSION: 14.17.1 - name: MongoDB 4.0, Standalone, MMAPv1 MONGODB_VERSION: 4.0.25 MONGODB_TOPOLOGY: standalone MONGODB_STORAGE_ENGINE: mmapv1 - NODE_VERSION: 14.17.0 + NODE_VERSION: 14.17.1 - name: Redis Cache PARSE_SERVER_TEST_CACHE: redis MONGODB_VERSION: 4.4.6 MONGODB_TOPOLOGY: standalone MONGODB_STORAGE_ENGINE: wiredTiger - NODE_VERSION: 14.17.0 + NODE_VERSION: 14.17.1 - name: Node 12 MONGODB_VERSION: 4.4.6 MONGODB_TOPOLOGY: standalone @@ -170,16 +170,16 @@ jobs: include: - name: PostgreSQL 11, PostGIS 3.0 POSTGRES_IMAGE: postgis/postgis:11-3.0 - NODE_VERSION: 14.17.0 + NODE_VERSION: 14.17.1 - name: PostgreSQL 11, PostGIS 3.1 POSTGRES_IMAGE: postgis/postgis:11-3.1 - NODE_VERSION: 14.17.0 + NODE_VERSION: 14.17.1 - name: PostgreSQL 12, PostGIS 3.1 POSTGRES_IMAGE: postgis/postgis:12-3.1 - NODE_VERSION: 14.17.0 + NODE_VERSION: 14.17.1 - name: PostgreSQL 13, PostGIS 3.1 POSTGRES_IMAGE: postgis/postgis:13-3.1 - NODE_VERSION: 14.17.0 + NODE_VERSION: 14.17.1 fail-fast: false name: ${{ matrix.name }} timeout-minutes: 15 diff --git a/README.md b/README.md index e4a8b6e269..15dfaec113 100644 --- a/README.md +++ b/README.md @@ -115,7 +115,7 @@ Parse Server is continuously tested with the most recent releases of Node.js to | Version | Latest Version | End-of-Life Date | Compatibility | |------------|----------------|------------------|--------------------| | Node.js 12 | 12.22.1 | April 2022 | ✅ Fully compatible | -| Node.js 14 | 14.17.0 | April 2023 | ✅ Fully compatible | +| Node.js 14 | 14.17.1 | April 2023 | ✅ Fully compatible | | Node.js 15 | 15.14.0 | June 2021 | ✅ Fully compatible | #### MongoDB From d8dc524c08036b2f326730e1ed214ed7a76141cb Mon Sep 17 00:00:00 2001 From: Jason Posthuma Date: Tue, 22 Jun 2021 01:11:15 +0200 Subject: [PATCH 35/55] Add check for property (#7421) * Add check for property * updated changelog * Fixed logic returning false positive * Added test case * update change log --- CHANGELOG.md | 1 + spec/QueryTools.spec.js | 10 ++++++++++ src/LiveQuery/QueryTools.js | 3 +++ 3 files changed, 14 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9fb0b32bac..ca20a427af 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -134,6 +134,7 @@ ___ - Add NPM package-lock version check to CI (Manuel Trezza) [#7333](https://github.com/parse-community/parse-server/pull/7333) - Fix incorrect LiveQuery events triggered for multiple subscriptions on the same class with different events [#7341](https://github.com/parse-community/parse-server/pull/7341) - Fix select and excludeKey queries to properly accept JSON string arrays. Also allow nested fields in exclude (Corey Baker) [#7242](https://github.com/parse-community/parse-server/pull/7242) +- Fix LiveQuery server crash when using $all query operator on a missing object key (Jason Posthuma) [#7421](https://github.com/parse-community/parse-server/pull/7421) ___ ## 4.5.0 diff --git a/spec/QueryTools.spec.js b/spec/QueryTools.spec.js index de4772a61c..7e09078dad 100644 --- a/spec/QueryTools.spec.js +++ b/spec/QueryTools.spec.js @@ -313,6 +313,16 @@ describe('matchesQuery', function () { expect(matchesQuery(player, orQuery)).toBe(true); }); + it('does not match $all query when value is missing', () => { + const player = { + id: new Id('Player', 'P1'), + name: 'Player 1', + score: 12, + }; + const q = { missing: { $all: [1, 2, 3] } }; + expect(matchesQuery(player, q)).toBe(false); + }); + it('matches an $and query', () => { const player = { id: new Id('Player', 'P1'), diff --git a/src/LiveQuery/QueryTools.js b/src/LiveQuery/QueryTools.js index 735788218b..905919ef61 100644 --- a/src/LiveQuery/QueryTools.js +++ b/src/LiveQuery/QueryTools.js @@ -253,6 +253,9 @@ function matchesKeyConstraints(object, key, constraints) { } break; case '$all': + if (!object[key]) { + return false; + } for (i = 0; i < compareTo.length; i++) { if (object[key].indexOf(compareTo[i]) < 0) { return false; From 770e36ff43c42e4ed3db73a30436079a0460a1f0 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Thu, 24 Jun 2021 08:24:26 +0300 Subject: [PATCH 36/55] fix: upgrade graphql-relay from 0.6.0 to 0.7.0 (#7443) Snyk has created this PR to upgrade graphql-relay from 0.6.0 to 0.7.0. See this package in npm: https://www.npmjs.com/package/graphql-relay See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 21 +++------------------ package.json | 2 +- 2 files changed, 4 insertions(+), 19 deletions(-) diff --git a/package-lock.json b/package-lock.json index d2d672128a..7284dfeebf 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2884,11 +2884,6 @@ "dev": true, "optional": true }, - "async-limiter": { - "version": "1.0.1", - "resolved": "https://registry.npmjs.org/async-limiter/-/async-limiter-1.0.1.tgz", - "integrity": "sha512-csOlWGAcRFJaI6m+F2WKdnMKr4HhdhFVBk0H/QbJFMCr+uO2kwohwXQPxw/9OCxp05r5ghVBFSyioixx3gfkNQ==" - }, "async-retry": { "version": "1.3.1", "resolved": "https://registry.npmjs.org/async-retry/-/async-retry-1.3.1.tgz", @@ -6511,19 +6506,9 @@ "integrity": "sha512-9TSAwcVA3KWw7JWYep5NCk2aw3wl1ayLtbMpmG7l26vh1FZ+gZexNPP+XJfUFyJa71UU0zcKSgtgpsrsA3Xv9Q==" }, "graphql-relay": { - "version": "0.6.0", - "resolved": "https://registry.npmjs.org/graphql-relay/-/graphql-relay-0.6.0.tgz", - "integrity": "sha512-OVDi6C9/qOT542Q3KxZdXja3NrDvqzbihn1B44PH8P/c5s0Q90RyQwT6guhGqXqbYEH6zbeLJWjQqiYvcg2vVw==", - "requires": { - "prettier": "^1.16.0" - }, - "dependencies": { - "prettier": { - "version": "1.19.1", - "resolved": "https://registry.npmjs.org/prettier/-/prettier-1.19.1.tgz", - "integrity": "sha512-s7PoyDv/II1ObgQunCbB9PdLmUcBZcnWOcxDh7O0N/UwDEsHyqkW+Qh28jW+mVuCdx7gLB0BotYI1Y6uI9iyew==" - } - } + "version": "0.7.0", + "resolved": "https://registry.npmjs.org/graphql-relay/-/graphql-relay-0.7.0.tgz", + "integrity": "sha512-P8eS3IbZRhbfbcfud1Q6VPrIru4hchkb15MuOij+WQo9r0chD5NBIxiVjuRE2iG2EMHxIOrZb8LnMe82+YdITA==" }, "graphql-subscriptions": { "version": "1.2.1", diff --git a/package.json b/package.json index 7bc2e0e2f2..6993f67c58 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,7 @@ "follow-redirects": "1.14.1", "graphql": "15.5.0", "graphql-list-fields": "2.0.2", - "graphql-relay": "0.6.0", + "graphql-relay": "0.7.0", "graphql-tag": "2.12.4", "graphql-upload": "11.0.0", "intersect": "1.0.1", From 7df6c020b18b8ea9d04b718fa4e070be800b9268 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Thu, 24 Jun 2021 08:30:11 +0300 Subject: [PATCH 37/55] fix: upgrade ldapjs from 2.2.4 to 2.3.0 (#7436) Snyk has created this PR to upgrade ldapjs from 2.2.4 to 2.3.0. See this package in npm: https://www.npmjs.com/package/ldapjs See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 6 +++--- package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 7284dfeebf..34e22450c2 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8024,9 +8024,9 @@ } }, "ldapjs": { - "version": "2.2.4", - "resolved": "https://registry.npmjs.org/ldapjs/-/ldapjs-2.2.4.tgz", - "integrity": "sha512-OoeAXPNPPt4D6qva2/p6rkCIHknyYFd42Vp8JhSazBs9BbkEBmoajzj2F0ElD3vR+yAuzIVCjqh1W4uR8dfn0A==", + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/ldapjs/-/ldapjs-2.3.0.tgz", + "integrity": "sha512-3Rbm3CS7vzTccpP1QnzKCEPok60L/b3BFlWU8r93P5oadCAaqCWEH9Td08crPnw4Ti20W8y0+ZKtFFNzxVu4kA==", "requires": { "abstract-logging": "^2.0.0", "asn1": "^0.2.4", diff --git a/package.json b/package.json index 6993f67c58..85d00ba18c 100644 --- a/package.json +++ b/package.json @@ -41,7 +41,7 @@ "intersect": "1.0.1", "jsonwebtoken": "8.5.1", "jwks-rsa": "1.12.3", - "ldapjs": "2.2.4", + "ldapjs": "2.3.0", "lodash": "4.17.21", "lru-cache": "5.1.1", "mime": "2.5.2", From 4e5eba6c6c7bc6e643ac6477df15beea1ba60364 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Thu, 24 Jun 2021 08:30:36 +0300 Subject: [PATCH 38/55] fix: upgrade apollo-server-express from 2.24.1 to 2.25.0 (#7435) Snyk has created this PR to upgrade apollo-server-express from 2.24.1 to 2.25.0. See this package in npm: https://www.npmjs.com/package/apollo-server-express See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 85 +++++++---------------------------------------- package.json | 2 +- 2 files changed, 13 insertions(+), 74 deletions(-) diff --git a/package-lock.json b/package-lock.json index 34e22450c2..dca3601cb5 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1987,9 +1987,9 @@ } }, "@types/ws": { - "version": "7.4.4", - "resolved": "https://registry.npmjs.org/@types/ws/-/ws-7.4.4.tgz", - "integrity": "sha512-d/7W23JAXPodQNbOZNXvl2K+bqAQrCMwlh/nuQsPSQk6Fq0opHoPrUw43aHsvSbIiQPr8Of2hkFbnz1XBFVyZQ==", + "version": "7.4.5", + "resolved": "https://registry.npmjs.org/@types/ws/-/ws-7.4.5.tgz", + "integrity": "sha512-8mbDgtc8xpxDDem5Gwj76stBDJX35KQ3YBoayxlqUQcL5BZUthiqP/VQ4PQnLHqM4PmlbyO74t98eJpURO+gPA==", "requires": { "@types/node": "*" } @@ -2561,16 +2561,6 @@ "uuid": "^8.0.0" }, "dependencies": { - "apollo-server-types": { - "version": "0.9.0", - "resolved": "https://registry.npmjs.org/apollo-server-types/-/apollo-server-types-0.9.0.tgz", - "integrity": "sha512-qk9tg4Imwpk732JJHBkhW0jzfG0nFsLqK2DY6UhvJf7jLnRePYsPxWfPiNkxni27pLE2tiNlCwoDFSeWqpZyBg==", - "requires": { - "apollo-reporting-protobuf": "^0.8.0", - "apollo-server-caching": "^0.7.0", - "apollo-server-env": "^3.1.0" - } - }, "lru-cache": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", @@ -2578,23 +2568,6 @@ "requires": { "yallist": "^4.0.0" } - }, - "subscriptions-transport-ws": { - "version": "0.9.19", - "resolved": "https://registry.npmjs.org/subscriptions-transport-ws/-/subscriptions-transport-ws-0.9.19.tgz", - "integrity": "sha512-dxdemxFFB0ppCLg10FTtRqH/31FNRL1y1BQv8209MK5I4CwALb7iihQg+7p65lFcIl8MHatINWBLOqpgU4Kyyw==", - "requires": { - "backo2": "^1.0.2", - "eventemitter3": "^3.1.0", - "iterall": "^1.2.1", - "symbol-observable": "^1.0.4", - "ws": "^5.2.0 || ^6.0.0 || ^7.0.0" - } - }, - "symbol-observable": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/symbol-observable/-/symbol-observable-1.2.0.tgz", - "integrity": "sha512-e900nM8RRtGhlV36KGEU9k65K3mPb1WV70OdjfxlG2EAuM1noi/E/BaW/uMhL7bPEssK8QV57vN3esixjUvcXQ==" } } }, @@ -2613,9 +2586,9 @@ "integrity": "sha512-lO5oTjgiC3vlVg2RKr3RiXIIQ5pGXBFxYGGUkKDhTud3jMIhs+gel8L8zsEjKaKxkjHhCQAA/bcEfYiKkGQIvA==" }, "apollo-server-express": { - "version": "2.24.1", - "resolved": "https://registry.npmjs.org/apollo-server-express/-/apollo-server-express-2.24.1.tgz", - "integrity": "sha512-waBGJYG6Ht86RHMcTQLjy3YNeccg5IONe10qdm/kGbQVMXoE6KJB2VuNy/akRDPRvS6+tEt4v0XFSi7qQa4iXQ==", + "version": "2.25.0", + "resolved": "https://registry.npmjs.org/apollo-server-express/-/apollo-server-express-2.25.0.tgz", + "integrity": "sha512-FCTisD+VB1LCcTjjhKvQZ/dkly83KVlioFMgcPjW1X/kzCznRT3aQoVn9bQHlzQr7NnpwFseb4Rhd2KKD4wKEA==", "requires": { "@apollographql/graphql-playground-html": "1.6.27", "@types/accepts": "^1.3.5", @@ -2624,8 +2597,8 @@ "@types/express": "4.17.11", "@types/express-serve-static-core": "4.17.19", "accepts": "^1.3.5", - "apollo-server-core": "^2.24.1", - "apollo-server-types": "^0.8.0", + "apollo-server-core": "^2.25.0", + "apollo-server-types": "^0.9.0", "body-parser": "^1.18.3", "cors": "^2.8.5", "express": "^4.17.1", @@ -2665,38 +2638,16 @@ "integrity": "sha512-L3TMmq2YE6BU6I4Tmgygmd0W55L+6XfD9137k+cWEBFu50vRY4Re+d+fL5WuPkk5xSPKd/PIaqzidu5V/zz8Kg==", "requires": { "apollo-server-types": "^0.9.0" - }, - "dependencies": { - "apollo-server-types": { - "version": "0.9.0", - "resolved": "https://registry.npmjs.org/apollo-server-types/-/apollo-server-types-0.9.0.tgz", - "integrity": "sha512-qk9tg4Imwpk732JJHBkhW0jzfG0nFsLqK2DY6UhvJf7jLnRePYsPxWfPiNkxni27pLE2tiNlCwoDFSeWqpZyBg==", - "requires": { - "apollo-reporting-protobuf": "^0.8.0", - "apollo-server-caching": "^0.7.0", - "apollo-server-env": "^3.1.0" - } - } } }, "apollo-server-types": { - "version": "0.8.0", - "resolved": "https://registry.npmjs.org/apollo-server-types/-/apollo-server-types-0.8.0.tgz", - "integrity": "sha512-adHJnHbRV2kWUY0VQY1M2KpSdGfm+4mX4w+2lROPExqOnkyTI7CGfpJCdEwYMKrIn3aH8HIcOH0SnpWRet6TNw==", + "version": "0.9.0", + "resolved": "https://registry.npmjs.org/apollo-server-types/-/apollo-server-types-0.9.0.tgz", + "integrity": "sha512-qk9tg4Imwpk732JJHBkhW0jzfG0nFsLqK2DY6UhvJf7jLnRePYsPxWfPiNkxni27pLE2tiNlCwoDFSeWqpZyBg==", "requires": { - "apollo-reporting-protobuf": "^0.7.0", + "apollo-reporting-protobuf": "^0.8.0", "apollo-server-caching": "^0.7.0", "apollo-server-env": "^3.1.0" - }, - "dependencies": { - "apollo-reporting-protobuf": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/apollo-reporting-protobuf/-/apollo-reporting-protobuf-0.7.0.tgz", - "integrity": "sha512-PC+zDqPPJcseemqmvUEqFiDi45pz6UaPWt6czgmrrbcQ+9VWp6IEkm08V5xBKk7V1WGUw19YwiJ7kqXpcgVNyw==", - "requires": { - "@apollo/protobufjs": "1.2.2" - } - } } }, "apollo-tracing": { @@ -6486,18 +6437,6 @@ "@apollographql/apollo-tools": "^0.5.0", "apollo-server-env": "^3.1.0", "apollo-server-types": "^0.9.0" - }, - "dependencies": { - "apollo-server-types": { - "version": "0.9.0", - "resolved": "https://registry.npmjs.org/apollo-server-types/-/apollo-server-types-0.9.0.tgz", - "integrity": "sha512-qk9tg4Imwpk732JJHBkhW0jzfG0nFsLqK2DY6UhvJf7jLnRePYsPxWfPiNkxni27pLE2tiNlCwoDFSeWqpZyBg==", - "requires": { - "apollo-reporting-protobuf": "^0.8.0", - "apollo-server-caching": "^0.7.0", - "apollo-server-env": "^3.1.0" - } - } } }, "graphql-list-fields": { diff --git a/package.json b/package.json index 85d00ba18c..c1231893f6 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "@graphql-tools/utils": "6.2.4", "@parse/fs-files-adapter": "1.2.0", "@parse/push-adapter": "3.4.0", - "apollo-server-express": "2.24.1", + "apollo-server-express": "2.25.0", "bcryptjs": "2.4.3", "body-parser": "1.19.0", "commander": "5.1.0", From c36588e3c2d16fab3f38aecc77f0e827bda38f95 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Thu, 24 Jun 2021 08:38:05 +0300 Subject: [PATCH 39/55] fix: upgrade mongodb from 3.6.7 to 3.6.8 (#7430) Snyk has created this PR to upgrade mongodb from 3.6.7 to 3.6.8. See this package in npm: https://www.npmjs.com/package/mongodb See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 6 +++--- package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index dca3601cb5..fc9bb96187 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9006,9 +9006,9 @@ "integrity": "sha512-kHmoybcPV8Sqy59DwNDY3Jefr64lK/by/da0ViFcuA4DH0vQg5Q6Ze5VimxkfQNSC+Mls/Kx53s7TjP1RhFEDQ==" }, "mongodb": { - "version": "3.6.7", - "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-3.6.7.tgz", - "integrity": "sha512-VXW2bWz47LhAEw0qs8Mk2zRgQwgbXH16KAwQFtylBu0zXO8rkQmA8ncsYbmICaVutZeINRlXYXG3MDIz90NM3g==", + "version": "3.6.8", + "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-3.6.8.tgz", + "integrity": "sha512-sDjJvI73WjON1vapcbyBD3Ao9/VN3TKYY8/QX9EPbs22KaCSrQ5rXo5ZZd44tWJ3wl3FlnrFZ+KyUtNH6+1ZPQ==", "requires": { "bl": "^2.2.1", "bson": "^1.1.4", diff --git a/package.json b/package.json index c1231893f6..697cc2477e 100644 --- a/package.json +++ b/package.json @@ -45,7 +45,7 @@ "lodash": "4.17.21", "lru-cache": "5.1.1", "mime": "2.5.2", - "mongodb": "3.6.7", + "mongodb": "3.6.8", "mustache": "4.2.0", "parse": "3.2.0", "pg-monitor": "1.4.1", From 17cf1a46e557b502b132c415b922508e032209a9 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Mon, 28 Jun 2021 08:00:47 +0300 Subject: [PATCH 40/55] fix: upgrade mongodb from 3.6.8 to 3.6.9 (#7445) Snyk has created this PR to upgrade mongodb from 3.6.8 to 3.6.9. See this package in npm: https://www.npmjs.com/package/mongodb See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 6 +++--- package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index fc9bb96187..e3a3ba384d 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9006,9 +9006,9 @@ "integrity": "sha512-kHmoybcPV8Sqy59DwNDY3Jefr64lK/by/da0ViFcuA4DH0vQg5Q6Ze5VimxkfQNSC+Mls/Kx53s7TjP1RhFEDQ==" }, "mongodb": { - "version": "3.6.8", - "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-3.6.8.tgz", - "integrity": "sha512-sDjJvI73WjON1vapcbyBD3Ao9/VN3TKYY8/QX9EPbs22KaCSrQ5rXo5ZZd44tWJ3wl3FlnrFZ+KyUtNH6+1ZPQ==", + "version": "3.6.9", + "resolved": "https://registry.npmjs.org/mongodb/-/mongodb-3.6.9.tgz", + "integrity": "sha512-1nSCKgSunzn/CXwgOWgbPHUWOO5OfERcuOWISmqd610jn0s8BU9K4879iJVabqgpPPbA6hO7rG48eq+fGED3Mg==", "requires": { "bl": "^2.2.1", "bson": "^1.1.4", diff --git a/package.json b/package.json index 697cc2477e..8dd4768459 100644 --- a/package.json +++ b/package.json @@ -45,7 +45,7 @@ "lodash": "4.17.21", "lru-cache": "5.1.1", "mime": "2.5.2", - "mongodb": "3.6.8", + "mongodb": "3.6.9", "mustache": "4.2.0", "parse": "3.2.0", "pg-monitor": "1.4.1", From d36a53b2bfade99942e3c9b827c9abb38d2de26b Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Thu, 1 Jul 2021 01:26:16 +0300 Subject: [PATCH 41/55] fix: upgrade subscriptions-transport-ws from 0.9.19 to 0.10.0 (#7450) Snyk has created this PR to upgrade subscriptions-transport-ws from 0.9.19 to 0.10.0. See this package in npm: https://www.npmjs.com/package/subscriptions-transport-ws See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 40 +++++++++++++++++++++++++++++++++++++--- package.json | 2 +- 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index e3a3ba384d..3568dc3fda 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2568,6 +2568,23 @@ "requires": { "yallist": "^4.0.0" } + }, + "subscriptions-transport-ws": { + "version": "0.9.19", + "resolved": "https://registry.npmjs.org/subscriptions-transport-ws/-/subscriptions-transport-ws-0.9.19.tgz", + "integrity": "sha512-dxdemxFFB0ppCLg10FTtRqH/31FNRL1y1BQv8209MK5I4CwALb7iihQg+7p65lFcIl8MHatINWBLOqpgU4Kyyw==", + "requires": { + "backo2": "^1.0.2", + "eventemitter3": "^3.1.0", + "iterall": "^1.2.1", + "symbol-observable": "^1.0.4", + "ws": "^5.2.0 || ^6.0.0 || ^7.0.0" + } + }, + "symbol-observable": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/symbol-observable/-/symbol-observable-1.2.0.tgz", + "integrity": "sha512-e900nM8RRtGhlV36KGEU9k65K3mPb1WV70OdjfxlG2EAuM1noi/E/BaW/uMhL7bPEssK8QV57vN3esixjUvcXQ==" } } }, @@ -2629,6 +2646,23 @@ "@types/qs": "*", "@types/range-parser": "*" } + }, + "subscriptions-transport-ws": { + "version": "0.9.19", + "resolved": "https://registry.npmjs.org/subscriptions-transport-ws/-/subscriptions-transport-ws-0.9.19.tgz", + "integrity": "sha512-dxdemxFFB0ppCLg10FTtRqH/31FNRL1y1BQv8209MK5I4CwALb7iihQg+7p65lFcIl8MHatINWBLOqpgU4Kyyw==", + "requires": { + "backo2": "^1.0.2", + "eventemitter3": "^3.1.0", + "iterall": "^1.2.1", + "symbol-observable": "^1.0.4", + "ws": "^5.2.0 || ^6.0.0 || ^7.0.0" + } + }, + "symbol-observable": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/symbol-observable/-/symbol-observable-1.2.0.tgz", + "integrity": "sha512-e900nM8RRtGhlV36KGEU9k65K3mPb1WV70OdjfxlG2EAuM1noi/E/BaW/uMhL7bPEssK8QV57vN3esixjUvcXQ==" } } }, @@ -11667,9 +11701,9 @@ } }, "subscriptions-transport-ws": { - "version": "0.9.19", - "resolved": "https://registry.npmjs.org/subscriptions-transport-ws/-/subscriptions-transport-ws-0.9.19.tgz", - "integrity": "sha512-dxdemxFFB0ppCLg10FTtRqH/31FNRL1y1BQv8209MK5I4CwALb7iihQg+7p65lFcIl8MHatINWBLOqpgU4Kyyw==", + "version": "0.10.0", + "resolved": "https://registry.npmjs.org/subscriptions-transport-ws/-/subscriptions-transport-ws-0.10.0.tgz", + "integrity": "sha512-k28LhLn3abJ1mowFW+LP4QGggE0e3hrk55zXbMHyAeZkCUYtC0owepiwqMD3zX8DglQVaxnhE760pESrNSEzpg==", "requires": { "backo2": "^1.0.2", "eventemitter3": "^3.1.0", diff --git a/package.json b/package.json index 8dd4768459..05d2ab1c4a 100644 --- a/package.json +++ b/package.json @@ -53,7 +53,7 @@ "pluralize": "8.0.0", "redis": "3.1.2", "semver": "7.3.4", - "subscriptions-transport-ws": "0.9.19", + "subscriptions-transport-ws": "0.10.0", "tv4": "1.3.0", "uuid": "8.3.2", "winston": "3.3.3", From 682f1bf14388e134fbd993e274f5738ec2e57e02 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Thu, 1 Jul 2021 01:29:54 +0300 Subject: [PATCH 42/55] fix: upgrade apollo-server-express from 2.25.0 to 2.25.1 (#7449) Snyk has created this PR to upgrade apollo-server-express from 2.25.0 to 2.25.1. See this package in npm: https://www.npmjs.com/package/apollo-server-express See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 22 +++++++++++----------- package.json | 2 +- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/package-lock.json b/package-lock.json index 3568dc3fda..536bfb9218 100644 --- a/package-lock.json +++ b/package-lock.json @@ -2423,9 +2423,9 @@ }, "dependencies": { "core-js-pure": { - "version": "3.14.0", - "resolved": "https://registry.npmjs.org/core-js-pure/-/core-js-pure-3.14.0.tgz", - "integrity": "sha512-YVh+LN2FgNU0odThzm61BsdkwrbrchumFq3oztnE9vTKC4KS2fvnPmcx8t6jnqAyOTCTF4ZSiuK8Qhh7SNcL4g==" + "version": "3.15.2", + "resolved": "https://registry.npmjs.org/core-js-pure/-/core-js-pure-3.15.2.tgz", + "integrity": "sha512-D42L7RYh1J2grW8ttxoY1+17Y4wXZeKe7uyplAI3FkNQyI5OgBIAjUfFiTPfL1rs0qLpxaabITNbjKl1Sp82tA==" } } }, @@ -2530,9 +2530,9 @@ } }, "apollo-server-core": { - "version": "2.25.1", - "resolved": "https://registry.npmjs.org/apollo-server-core/-/apollo-server-core-2.25.1.tgz", - "integrity": "sha512-10gVjvGv3uPfy7gUFQhgNhb66RorD1qX6yF4bTawm4S6JstkGrWYFJN5/48o7Mte+tATpXzAGiWu0l4wsYA/mA==", + "version": "2.25.2", + "resolved": "https://registry.npmjs.org/apollo-server-core/-/apollo-server-core-2.25.2.tgz", + "integrity": "sha512-lrohEjde2TmmDTO7FlOs8x5QQbAS0Sd3/t0TaK2TWaodfzi92QAvIsq321Mol6p6oEqmjm8POIDHW1EuJd7XMA==", "requires": { "@apollographql/apollo-tools": "^0.5.0", "@apollographql/graphql-playground-html": "1.6.27", @@ -2603,9 +2603,9 @@ "integrity": "sha512-lO5oTjgiC3vlVg2RKr3RiXIIQ5pGXBFxYGGUkKDhTud3jMIhs+gel8L8zsEjKaKxkjHhCQAA/bcEfYiKkGQIvA==" }, "apollo-server-express": { - "version": "2.25.0", - "resolved": "https://registry.npmjs.org/apollo-server-express/-/apollo-server-express-2.25.0.tgz", - "integrity": "sha512-FCTisD+VB1LCcTjjhKvQZ/dkly83KVlioFMgcPjW1X/kzCznRT3aQoVn9bQHlzQr7NnpwFseb4Rhd2KKD4wKEA==", + "version": "2.25.1", + "resolved": "https://registry.npmjs.org/apollo-server-express/-/apollo-server-express-2.25.1.tgz", + "integrity": "sha512-9idHkV3umcIDdq/NIQEC2D6zZ0QtaMRVCbeRcDgm9uWWiX3ulK5ICdHbNBu5UHXkDmKjfZiGaCWBZti0MsRQAg==", "requires": { "@apollographql/graphql-playground-html": "1.6.27", "@types/accepts": "^1.3.5", @@ -2614,7 +2614,7 @@ "@types/express": "4.17.11", "@types/express-serve-static-core": "4.17.19", "accepts": "^1.3.5", - "apollo-server-core": "^2.25.0", + "apollo-server-core": "^2.25.1", "apollo-server-types": "^0.9.0", "body-parser": "^1.18.3", "cors": "^2.8.5", @@ -2622,7 +2622,7 @@ "graphql-subscriptions": "^1.0.0", "graphql-tools": "^4.0.8", "parseurl": "^1.3.2", - "subscriptions-transport-ws": "^0.9.16", + "subscriptions-transport-ws": "^0.9.19", "type-is": "^1.6.16" }, "dependencies": { diff --git a/package.json b/package.json index 05d2ab1c4a..a9f5bfed5e 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "@graphql-tools/utils": "6.2.4", "@parse/fs-files-adapter": "1.2.0", "@parse/push-adapter": "3.4.0", - "apollo-server-express": "2.25.0", + "apollo-server-express": "2.25.1", "bcryptjs": "2.4.3", "body-parser": "1.19.0", "commander": "5.1.0", From 05882bc3ecdce8831c46ba584fee6baea573fa96 Mon Sep 17 00:00:00 2001 From: Manuel <5673677+mtrezza@users.noreply.github.com> Date: Sat, 3 Jul 2021 15:20:23 +0200 Subject: [PATCH 43/55] bumped node (#7452) --- .github/workflows/ci.yml | 22 +++++++++++----------- README.md | 4 ++-- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5250aea05d..4d1aa01e59 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,7 +7,7 @@ on: branches: - '**' env: - NODE_VERSION: 14.17.1 + NODE_VERSION: 14.17.2 PARSE_SERVER_TEST_TIMEOUT: 20000 jobs: check-ci: @@ -97,33 +97,33 @@ jobs: MONGODB_VERSION: 4.4.6 MONGODB_TOPOLOGY: replicaset MONGODB_STORAGE_ENGINE: wiredTiger - NODE_VERSION: 14.17.1 + NODE_VERSION: 14.17.2 - name: MongoDB 4.2, ReplicaSet, WiredTiger MONGODB_VERSION: 4.2.14 MONGODB_TOPOLOGY: replicaset MONGODB_STORAGE_ENGINE: wiredTiger - NODE_VERSION: 14.17.1 + NODE_VERSION: 14.17.2 - name: MongoDB 4.0, ReplicaSet, WiredTiger MONGODB_VERSION: 4.0.25 MONGODB_TOPOLOGY: replicaset MONGODB_STORAGE_ENGINE: wiredTiger - NODE_VERSION: 14.17.1 + NODE_VERSION: 14.17.2 - name: MongoDB 4.0, Standalone, MMAPv1 MONGODB_VERSION: 4.0.25 MONGODB_TOPOLOGY: standalone MONGODB_STORAGE_ENGINE: mmapv1 - NODE_VERSION: 14.17.1 + NODE_VERSION: 14.17.2 - name: Redis Cache PARSE_SERVER_TEST_CACHE: redis MONGODB_VERSION: 4.4.6 MONGODB_TOPOLOGY: standalone MONGODB_STORAGE_ENGINE: wiredTiger - NODE_VERSION: 14.17.1 + NODE_VERSION: 14.17.2 - name: Node 12 MONGODB_VERSION: 4.4.6 MONGODB_TOPOLOGY: standalone MONGODB_STORAGE_ENGINE: wiredTiger - NODE_VERSION: 12.22.1 + NODE_VERSION: 12.22.2 - name: Node 15 MONGODB_VERSION: 4.4.6 MONGODB_TOPOLOGY: standalone @@ -170,16 +170,16 @@ jobs: include: - name: PostgreSQL 11, PostGIS 3.0 POSTGRES_IMAGE: postgis/postgis:11-3.0 - NODE_VERSION: 14.17.1 + NODE_VERSION: 14.17.2 - name: PostgreSQL 11, PostGIS 3.1 POSTGRES_IMAGE: postgis/postgis:11-3.1 - NODE_VERSION: 14.17.1 + NODE_VERSION: 14.17.2 - name: PostgreSQL 12, PostGIS 3.1 POSTGRES_IMAGE: postgis/postgis:12-3.1 - NODE_VERSION: 14.17.1 + NODE_VERSION: 14.17.2 - name: PostgreSQL 13, PostGIS 3.1 POSTGRES_IMAGE: postgis/postgis:13-3.1 - NODE_VERSION: 14.17.1 + NODE_VERSION: 14.17.2 fail-fast: false name: ${{ matrix.name }} timeout-minutes: 15 diff --git a/README.md b/README.md index 15dfaec113..335516cde8 100644 --- a/README.md +++ b/README.md @@ -114,8 +114,8 @@ Parse Server is continuously tested with the most recent releases of Node.js to | Version | Latest Version | End-of-Life Date | Compatibility | |------------|----------------|------------------|--------------------| -| Node.js 12 | 12.22.1 | April 2022 | ✅ Fully compatible | -| Node.js 14 | 14.17.1 | April 2023 | ✅ Fully compatible | +| Node.js 12 | 12.22.2 | April 2022 | ✅ Fully compatible | +| Node.js 14 | 14.17.2 | April 2023 | ✅ Fully compatible | | Node.js 15 | 15.14.0 | June 2021 | ✅ Fully compatible | #### MongoDB From 1594afec6421bea31e732dff9b21eb099898bc3a Mon Sep 17 00:00:00 2001 From: Manuel <5673677+mtrezza@users.noreply.github.com> Date: Mon, 12 Jul 2021 20:14:35 +0200 Subject: [PATCH 44/55] add runtime deprecation warning (#7451) --- CHANGELOG.md | 2 +- CONTRIBUTING.md | 4 ++- spec/Deprecator.spec.js | 18 ++++++++++--- src/Deprecator/Deprecator.js | 50 ++++++++++++++++++++++++++++++++++-- 4 files changed, 67 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ca20a427af..86b5081bbb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -135,7 +135,7 @@ ___ - Fix incorrect LiveQuery events triggered for multiple subscriptions on the same class with different events [#7341](https://github.com/parse-community/parse-server/pull/7341) - Fix select and excludeKey queries to properly accept JSON string arrays. Also allow nested fields in exclude (Corey Baker) [#7242](https://github.com/parse-community/parse-server/pull/7242) - Fix LiveQuery server crash when using $all query operator on a missing object key (Jason Posthuma) [#7421](https://github.com/parse-community/parse-server/pull/7421) - +- Added runtime deprecation warnings (Manuel Trezza) [#7451](https://github.com/parse-community/parse-server/pull/7451) ___ ## 4.5.0 [Full Changelog](https://github.com/parse-community/parse-server/compare/4.4.0...4.5.0) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index a761f91955..201aeecf6f 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -182,7 +182,9 @@ If you change or remove an existing feature that would lead to a breaking change - Use a default value that falls back to existing behavior. - Add a deprecation definition in `Deprecator/Deprecations.js` that will output a deprecation warning log message on Parse Server launch, for example: > DeprecationWarning: The Parse Server option 'example' will be removed in a future release. - + +For deprecations that can only be determined ad-hoc during runtime, for example Parse Query syntax deprecations, use the `Deprecator.logRuntimeDeprecation()` method. + Deprecations become breaking changes after notifying developers through deprecation warnings for at least one entire previous major release. For example: - `4.5.0` is the current version - `4.6.0` adds a new optional feature and a deprecation warning for the existing feature diff --git a/spec/Deprecator.spec.js b/spec/Deprecator.spec.js index 7e0e28df3d..3af5d10c31 100644 --- a/spec/Deprecator.spec.js +++ b/spec/Deprecator.spec.js @@ -21,16 +21,28 @@ describe('Deprecator', () => { const logSpy = spyOn(logger, 'warn').and.callFake(() => {}); await reconfigureServer(); - expect(logSpy.calls.all()[0].args[0]).toContain(deprecations[0].optionKey); - expect(logSpy.calls.all()[0].args[0]).toContain(deprecations[0].changeNewDefault); + expect(logSpy.calls.all()[0].args[0]).toEqual( + `DeprecationWarning: The Parse Server option '${deprecations[0].optionKey}' default will change to '${deprecations[0].changeNewDefault}' in a future version.` + ); }); it('does not log deprecation for new default if option is set manually', async () => { deprecations = [{ optionKey: 'exampleKey', changeNewDefault: 'exampleNewDefault' }]; spyOn(Deprecator, '_getDeprecations').and.callFake(() => deprecations); - const logSpy = spyOn(Deprecator, '_log').and.callFake(() => {}); + const logSpy = spyOn(Deprecator, '_logOption').and.callFake(() => {}); await reconfigureServer({ [deprecations[0].optionKey]: 'manuallySet' }); expect(logSpy).not.toHaveBeenCalled(); }); + + it('logs runtime deprecation', async () => { + const logger = require('../lib/logger').logger; + const logSpy = spyOn(logger, 'warn').and.callFake(() => {}); + const options = { usage: 'Doing this', solution: 'Do that instead.' }; + + Deprecator.logRuntimeDeprecation(options); + expect(logSpy.calls.all()[0].args[0]).toEqual( + `DeprecationWarning: ${options.usage} is deprecated and will be removed in a future version. ${options.solution}` + ); + }); }); diff --git a/src/Deprecator/Deprecator.js b/src/Deprecator/Deprecator.js index 5ab0bb43ee..27033c946d 100644 --- a/src/Deprecator/Deprecator.js +++ b/src/Deprecator/Deprecator.js @@ -22,11 +22,41 @@ class Deprecator { // If default will change, only throw a warning if option is not set if (changeNewDefault != null && options[optionKey] == null) { - Deprecator._log({ optionKey, changeNewDefault, solution }); + Deprecator._logOption({ optionKey, changeNewDefault, solution }); } } } + /** + * Logs a deprecation warning for a parameter that can only be determined dynamically + * during runtime. + * + * Note: Do not use this to log deprecations of Parse Server options, but add such + * deprecations to `Deprecations.js` instead. See the contribution docs for more + * details. + * + * For consistency, the deprecation warning is composed of the following parts: + * + * > DeprecationWarning: `usage` is deprecated and will be removed in a future version. + * `solution`. + * + * - `usage`: The deprecated usage. + * - `solution`: The instruction to resolve this deprecation warning. + * + * For example: + * > DeprecationWarning: `Prefixing field names with dollar sign ($) in aggregation query` + * is deprecated and will be removed in a future version. `Reference field names without + * dollar sign prefix.` + * + * @param {Object} options The deprecation options. + * @param {String} options.usage The usage that is deprecated. + * @param {String} [options.solution] The instruction to resolve this deprecation warning. + * Optional. It is recommended to add an instruction for the convenience of the developer. + */ + static logRuntimeDeprecation(options) { + Deprecator._logGeneric(options); + } + /** * Returns the deprecation definitions. * @returns {Array} The deprecations. @@ -35,8 +65,24 @@ class Deprecator { return Deprecations; } + /** + * Logs a generic deprecation warning. + * + * @param {Object} options The deprecation options. + * @param {String} options.usage The usage that is deprecated. + * @param {String} [options.solution] The instruction to resolve this deprecation warning. + * Optional. It is recommended to add an instruction for the convenience of the developer. + */ + static _logGeneric({ usage, solution }) { + // Compose message + let output = `DeprecationWarning: ${usage} is deprecated and will be removed in a future version.`; + output += solution ? ` ${solution}` : ''; + logger.warn(output); + } + /** * Logs a deprecation warning for a Parse Server option. + * * @param {String} optionKey The option key incl. its path, e.g. `security.enableCheck`. * @param {String} envKey The environment key, e.g. `PARSE_SERVER_SECURITY`. * @param {String} changeNewKey Set the new key name if the current key will be replaced, @@ -48,7 +94,7 @@ class Deprecator { * automatically added to the message. It should only contain the instruction on how * to resolve this warning. */ - static _log({ optionKey, envKey, changeNewKey, changeNewDefault, solution }) { + static _logOption({ optionKey, envKey, changeNewKey, changeNewDefault, solution }) { const type = optionKey ? 'option' : 'environment key'; const key = optionKey ? optionKey : envKey; const keyAction = From 250008d37917621e9f7be63e429f221328871443 Mon Sep 17 00:00:00 2001 From: Manuel <5673677+mtrezza@users.noreply.github.com> Date: Fri, 23 Jul 2021 12:46:26 +0200 Subject: [PATCH 45/55] changed twitter API endpoint for oauth test (#7472) --- spec/OAuth1.spec.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/spec/OAuth1.spec.js b/spec/OAuth1.spec.js index aa6e8ed0c5..21ae7d9517 100644 --- a/spec/OAuth1.spec.js +++ b/spec/OAuth1.spec.js @@ -97,7 +97,7 @@ describe('OAuth', function () { consumer_key: 'invalid_consumer_key', consumer_secret: 'invalid_consumer_secret', }; - const path = '/1.1/account/settings.json'; + const path = '/1.1/favorites/list.json'; const params = { lang: 'en' }; const oauthClient = new OAuth(options); oauthClient.get(path, params).then(function (data) { From 470382253d207b2992a331f75315acd492a322e0 Mon Sep 17 00:00:00 2001 From: Manuel <5673677+mtrezza@users.noreply.github.com> Date: Fri, 23 Jul 2021 14:25:11 +0200 Subject: [PATCH 46/55] Add MongoDB 5.0 support + bump CI env (#7469) * bump CI env * more bump * more bump * added mongodb 5.0 * added compatibility table entry * added changelog entry * added mongodb 5.0 to badge --- .github/workflows/ci.yml | 37 +++++++++++++++++++++---------------- CHANGELOG.md | 1 + README.md | 13 +++++++------ package.json | 12 ++++++------ resources/ci/ciCheck.js | 3 +-- 5 files changed, 36 insertions(+), 30 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4d1aa01e59..f592346946 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -7,7 +7,7 @@ on: branches: - '**' env: - NODE_VERSION: 14.17.2 + NODE_VERSION: 14.17.3 PARSE_SERVER_TEST_TIMEOUT: 20000 jobs: check-ci: @@ -93,39 +93,44 @@ jobs: strategy: matrix: include: + - name: MongoDB 5.0, ReplicaSet, WiredTiger + MONGODB_VERSION: 5.0.1 + MONGODB_TOPOLOGY: replicaset + MONGODB_STORAGE_ENGINE: wiredTiger + NODE_VERSION: 14.17.3 - name: MongoDB 4.4, ReplicaSet, WiredTiger - MONGODB_VERSION: 4.4.6 + MONGODB_VERSION: 4.4.7 MONGODB_TOPOLOGY: replicaset MONGODB_STORAGE_ENGINE: wiredTiger - NODE_VERSION: 14.17.2 + NODE_VERSION: 14.17.3 - name: MongoDB 4.2, ReplicaSet, WiredTiger - MONGODB_VERSION: 4.2.14 + MONGODB_VERSION: 4.2.15 MONGODB_TOPOLOGY: replicaset MONGODB_STORAGE_ENGINE: wiredTiger - NODE_VERSION: 14.17.2 + NODE_VERSION: 14.17.3 - name: MongoDB 4.0, ReplicaSet, WiredTiger MONGODB_VERSION: 4.0.25 MONGODB_TOPOLOGY: replicaset MONGODB_STORAGE_ENGINE: wiredTiger - NODE_VERSION: 14.17.2 + NODE_VERSION: 14.17.3 - name: MongoDB 4.0, Standalone, MMAPv1 MONGODB_VERSION: 4.0.25 MONGODB_TOPOLOGY: standalone MONGODB_STORAGE_ENGINE: mmapv1 - NODE_VERSION: 14.17.2 + NODE_VERSION: 14.17.3 - name: Redis Cache PARSE_SERVER_TEST_CACHE: redis - MONGODB_VERSION: 4.4.6 + MONGODB_VERSION: 4.4.7 MONGODB_TOPOLOGY: standalone MONGODB_STORAGE_ENGINE: wiredTiger - NODE_VERSION: 14.17.2 + NODE_VERSION: 14.17.3 - name: Node 12 - MONGODB_VERSION: 4.4.6 + MONGODB_VERSION: 4.4.7 MONGODB_TOPOLOGY: standalone MONGODB_STORAGE_ENGINE: wiredTiger - NODE_VERSION: 12.22.2 + NODE_VERSION: 12.22.3 - name: Node 15 - MONGODB_VERSION: 4.4.6 + MONGODB_VERSION: 4.4.7 MONGODB_TOPOLOGY: standalone MONGODB_STORAGE_ENGINE: wiredTiger NODE_VERSION: 15.14.0 @@ -170,16 +175,16 @@ jobs: include: - name: PostgreSQL 11, PostGIS 3.0 POSTGRES_IMAGE: postgis/postgis:11-3.0 - NODE_VERSION: 14.17.2 + NODE_VERSION: 14.17.3 - name: PostgreSQL 11, PostGIS 3.1 POSTGRES_IMAGE: postgis/postgis:11-3.1 - NODE_VERSION: 14.17.2 + NODE_VERSION: 14.17.3 - name: PostgreSQL 12, PostGIS 3.1 POSTGRES_IMAGE: postgis/postgis:12-3.1 - NODE_VERSION: 14.17.2 + NODE_VERSION: 14.17.3 - name: PostgreSQL 13, PostGIS 3.1 POSTGRES_IMAGE: postgis/postgis:13-3.1 - NODE_VERSION: 14.17.2 + NODE_VERSION: 14.17.3 fail-fast: false name: ${{ matrix.name }} timeout-minutes: 15 diff --git a/CHANGELOG.md b/CHANGELOG.md index 86b5081bbb..37ccc74bdc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -102,6 +102,7 @@ ___ - EXPERIMENTAL: Added custom routes to easily customize flows for password reset, email verification or build entirely new flows (Manuel Trezza) [#7231](https://github.com/parse-community/parse-server/pull/7231) - Added Deprecation Policy to govern the introduction of breaking changes in a phased pattern that is more predictable for developers (Manuel Trezza) [#7199](https://github.com/parse-community/parse-server/pull/7199) - Add REST API endpoint `/loginAs` to create session of any user with master key; allows to impersonate another user. (GormanFletcher) [#7406](https://github.com/parse-community/parse-server/pull/7406) +- Add official support for MongoDB 5.0 (Manuel Trezza) [#7469](https://github.com/parse-community/parse-server/pull/7469) ### Other Changes - Fix error when a not yet inserted job is updated (Antonio Davi Macedo Coelho de Castro) [#7196](https://github.com/parse-community/parse-server/pull/7196) diff --git a/README.md b/README.md index 335516cde8..5bc343eef9 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ Join the conversation Snyk badge Node.js 12,14,15 - MongoDB 4.0,4.2,4.4 + MongoDB 4.0,4.2,4.4,5.0 PostgreSQL 11,12,13

@@ -114,8 +114,8 @@ Parse Server is continuously tested with the most recent releases of Node.js to | Version | Latest Version | End-of-Life Date | Compatibility | |------------|----------------|------------------|--------------------| -| Node.js 12 | 12.22.2 | April 2022 | ✅ Fully compatible | -| Node.js 14 | 14.17.2 | April 2023 | ✅ Fully compatible | +| Node.js 12 | 12.22.3 | April 2022 | ✅ Fully compatible | +| Node.js 14 | 14.17.3 | April 2023 | ✅ Fully compatible | | Node.js 15 | 15.14.0 | June 2021 | ✅ Fully compatible | #### MongoDB @@ -123,9 +123,10 @@ Parse Server is continuously tested with the most recent releases of MongoDB to | Version | Latest Version | End-of-Life Date | Compatibility | |-------------|----------------|------------------|--------------------| -| MongoDB 4.0 | 4.0.25 | January 2022 | ✅ Fully compatible | -| MongoDB 4.2 | 4.2.14 | TBD | ✅ Fully compatible | -| MongoDB 4.4 | 4.4.6 | TBD | ✅ Fully compatible | +| MongoDB 4.0 | 4.0.25 | April 2022 | ✅ Fully compatible | +| MongoDB 4.2 | 4.2.15 | TBD | ✅ Fully compatible | +| MongoDB 4.4 | 4.4.7 | TBD | ✅ Fully compatible | +| MongoDB 5.0 | 5.0.1 | January 2024 | ✅ Fully compatible | #### PostgreSQL Parse Server is continuously tested with the most recent releases of PostgreSQL and PostGIS to ensure compatibility, using [PostGIS docker images](https://registry.hub.docker.com/r/postgis/postgis/tags?page=1&ordering=last_updated). We follow the [PostgreSQL support schedule](https://www.postgresql.org/support/versioning) and [PostGIS support schedule](https://www.postgis.net/eol_policy/) and only test against versions that are officially supported and have not reached their end-of-life date. Due to the extensive PostgreSQL support duration of 5 years, Parse Server drops support if a version is older than 3.5 years and a newer version has been available for at least 2.5 years. diff --git a/package.json b/package.json index a9f5bfed5e..95f31b4881 100644 --- a/package.json +++ b/package.json @@ -112,14 +112,14 @@ "test:mongodb:testonly": "cross-env MONGODB_VERSION=${MONGODB_VERSION:=$npm_config_dbversion} MONGODB_TOPOLOGY=${MONGODB_TOPOLOGY:=standalone} MONGODB_STORAGE_ENGINE=${MONGODB_STORAGE_ENGINE:=wiredTiger} TESTING=1 jasmine", "test:mongodb": "npm run test:mongodb:runnerstart --dbversion=$npm_config_dbversion && npm run test:mongodb:testonly --dbversion=$npm_config_dbversion", "test:mongodb:4.0.25": "npm run test:mongodb --dbversion=4.0.25", - "test:mongodb:4.2.14": "npm run test:mongodb --dbversion=4.2.14", - "test:mongodb:4.4.6": "npm run test:mongodb --dbversion=4.4.6", + "test:mongodb:4.2.15": "npm run test:mongodb --dbversion=4.2.15", + "test:mongodb:4.4.7": "npm run test:mongodb --dbversion=4.4.7", "posttest:mongodb": "mongodb-runner stop", - "pretest": "cross-env MONGODB_VERSION=${MONGODB_VERSION:=4.4.6} MONGODB_TOPOLOGY=${MONGODB_TOPOLOGY:=standalone} MONGODB_STORAGE_ENGINE=${MONGODB_STORAGE_ENGINE:=wiredTiger} mongodb-runner start", - "testonly": "cross-env MONGODB_VERSION=${MONGODB_VERSION:=4.4.6} MONGODB_TOPOLOGY=${MONGODB_TOPOLOGY:=standalone} MONGODB_STORAGE_ENGINE=${MONGODB_STORAGE_ENGINE:=wiredTiger} TESTING=1 jasmine", + "pretest": "cross-env MONGODB_VERSION=${MONGODB_VERSION:=4.4.7} MONGODB_TOPOLOGY=${MONGODB_TOPOLOGY:=standalone} MONGODB_STORAGE_ENGINE=${MONGODB_STORAGE_ENGINE:=wiredTiger} mongodb-runner start", + "testonly": "cross-env MONGODB_VERSION=${MONGODB_VERSION:=4.4.7} MONGODB_TOPOLOGY=${MONGODB_TOPOLOGY:=standalone} MONGODB_STORAGE_ENGINE=${MONGODB_STORAGE_ENGINE:=wiredTiger} TESTING=1 jasmine", "test": "npm run testonly", - "posttest": "cross-env MONGODB_VERSION=${MONGODB_VERSION:=4.4.6} MONGODB_TOPOLOGY=${MONGODB_TOPOLOGY:=standalone} MONGODB_STORAGE_ENGINE=${MONGODB_STORAGE_ENGINE:=wiredTiger} mongodb-runner stop", - "coverage": "cross-env MONGODB_VERSION=${MONGODB_VERSION:=4.4.6} MONGODB_TOPOLOGY=${MONGODB_TOPOLOGY:=standalone} MONGODB_STORAGE_ENGINE=${MONGODB_STORAGE_ENGINE:=wiredTiger} TESTING=1 nyc jasmine", + "posttest": "cross-env MONGODB_VERSION=${MONGODB_VERSION:=4.4.7} MONGODB_TOPOLOGY=${MONGODB_TOPOLOGY:=standalone} MONGODB_STORAGE_ENGINE=${MONGODB_STORAGE_ENGINE:=wiredTiger} mongodb-runner stop", + "coverage": "cross-env MONGODB_VERSION=${MONGODB_VERSION:=4.4.7} MONGODB_TOPOLOGY=${MONGODB_TOPOLOGY:=standalone} MONGODB_STORAGE_ENGINE=${MONGODB_STORAGE_ENGINE:=wiredTiger} TESTING=1 nyc jasmine", "start": "node ./bin/parse-server", "prettier": "prettier --write '{src,spec}/{**/*,*}.js'", "prepare": "npm run build", diff --git a/resources/ci/ciCheck.js b/resources/ci/ciCheck.js index e48e55edcd..e1d968be19 100644 --- a/resources/ci/ciCheck.js +++ b/resources/ci/ciCheck.js @@ -38,8 +38,7 @@ async function checkMongoDbVersions() { '~4.3.0', // Development release according to MongoDB support '~4.7.0', // Development release according to MongoDB support - '4.4.5', // Temporarily disabled because not yet available for download via mongodb-runner - '4.0.24', // Temporarily disabled because not yet available for download via mongodb-runner + '4.0.26', // Temporarily disabled because not yet available for download via mongodb-runner ], }).check(); } From 9923cd3869ab80e70c5ca9765628ba0a28a6facc Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Fri, 23 Jul 2021 16:05:31 +0300 Subject: [PATCH 47/55] fix: upgrade graphql-relay from 0.7.0 to 0.8.0 (#7467) Snyk has created this PR to upgrade graphql-relay from 0.7.0 to 0.8.0. See this package in npm: https://www.npmjs.com/package/graphql-relay See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr Co-authored-by: Manuel Trezza <5673677+mtrezza@users.noreply.github.com> --- package-lock.json | 6 +++--- package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 536bfb9218..b1188d2c91 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6479,9 +6479,9 @@ "integrity": "sha512-9TSAwcVA3KWw7JWYep5NCk2aw3wl1ayLtbMpmG7l26vh1FZ+gZexNPP+XJfUFyJa71UU0zcKSgtgpsrsA3Xv9Q==" }, "graphql-relay": { - "version": "0.7.0", - "resolved": "https://registry.npmjs.org/graphql-relay/-/graphql-relay-0.7.0.tgz", - "integrity": "sha512-P8eS3IbZRhbfbcfud1Q6VPrIru4hchkb15MuOij+WQo9r0chD5NBIxiVjuRE2iG2EMHxIOrZb8LnMe82+YdITA==" + "version": "0.8.0", + "resolved": "https://registry.npmjs.org/graphql-relay/-/graphql-relay-0.8.0.tgz", + "integrity": "sha512-NU7CkwNxPzkqpBgv76Cgycrc3wmWVA2K5Sxm9DHSSLLuQTpaSRAUsX1sf2gITf+XQpkccsv56/z0LojXTyQbUw==" }, "graphql-subscriptions": { "version": "1.2.1", diff --git a/package.json b/package.json index 95f31b4881..5a0d40214c 100644 --- a/package.json +++ b/package.json @@ -35,7 +35,7 @@ "follow-redirects": "1.14.1", "graphql": "15.5.0", "graphql-list-fields": "2.0.2", - "graphql-relay": "0.7.0", + "graphql-relay": "0.8.0", "graphql-tag": "2.12.4", "graphql-upload": "11.0.0", "intersect": "1.0.1", From 2b3355cb022724838499a5d83c0d532040953566 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Fri, 23 Jul 2021 16:47:36 +0300 Subject: [PATCH 48/55] fix: upgrade graphql-tag from 2.12.4 to 2.12.5 (#7466) Snyk has created this PR to upgrade graphql-tag from 2.12.4 to 2.12.5. See this package in npm: https://www.npmjs.com/package/graphql-tag See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr Co-authored-by: Manuel Trezza <5673677+mtrezza@users.noreply.github.com> --- package-lock.json | 12 ++++++------ package.json | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/package-lock.json b/package-lock.json index b1188d2c91..d29d97e68b 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6492,17 +6492,17 @@ } }, "graphql-tag": { - "version": "2.12.4", - "resolved": "https://registry.npmjs.org/graphql-tag/-/graphql-tag-2.12.4.tgz", - "integrity": "sha512-VV1U4O+9x99EkNpNmCUV5RZwq6MnK4+pGbRYWG+lA/m3uo7TSqJF81OkcOP148gFP6fzdl7JWYBrwWVTS9jXww==", + "version": "2.12.5", + "resolved": "https://registry.npmjs.org/graphql-tag/-/graphql-tag-2.12.5.tgz", + "integrity": "sha512-5xNhP4063d16Pz3HBtKprutsPrmHZi5IdUGOWRxA2B6VF7BIRGOHZ5WQvDmJXZuPcBg7rYwaFxvQYjqkSdR3TQ==", "requires": { "tslib": "^2.1.0" }, "dependencies": { "tslib": { - "version": "2.2.0", - "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.2.0.tgz", - "integrity": "sha512-gS9GVHRU+RGn5KQM2rllAlR3dU6m7AcpJKdtH8gFvQiC4Otgk98XnmMU+nZenHt/+VhnBPWwgrJsyrdcw6i23w==" + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.0.tgz", + "integrity": "sha512-N82ooyxVNm6h1riLCoyS9e3fuJ3AMG2zIZs2Gd1ATcSFjSA23Q0fzjjZeh0jbJvWVDZ0cJT8yaNNaaXHzueNjg==" } } }, diff --git a/package.json b/package.json index 5a0d40214c..d2eaf3df1c 100644 --- a/package.json +++ b/package.json @@ -36,7 +36,7 @@ "graphql": "15.5.0", "graphql-list-fields": "2.0.2", "graphql-relay": "0.8.0", - "graphql-tag": "2.12.4", + "graphql-tag": "2.12.5", "graphql-upload": "11.0.0", "intersect": "1.0.1", "jsonwebtoken": "8.5.1", From 1fe47087a92c80e7ee8cc6e3e26b3a67f8df68ee Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Fri, 23 Jul 2021 18:13:50 +0300 Subject: [PATCH 49/55] fix: upgrade apollo-server-express from 2.25.1 to 2.25.2 (#7465) Snyk has created this PR to upgrade apollo-server-express from 2.25.1 to 2.25.2. See this package in npm: https://www.npmjs.com/package/apollo-server-express See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr Co-authored-by: Manuel Trezza <5673677+mtrezza@users.noreply.github.com> --- package-lock.json | 60 +++++++++++++++++++++++------------------------ package.json | 2 +- 2 files changed, 31 insertions(+), 31 deletions(-) diff --git a/package-lock.json b/package-lock.json index d29d97e68b..d9eff9a6f8 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1793,14 +1793,14 @@ } }, "@types/content-disposition": { - "version": "0.5.3", - "resolved": "https://registry.npmjs.org/@types/content-disposition/-/content-disposition-0.5.3.tgz", - "integrity": "sha512-P1bffQfhD3O4LW0ioENXUhZ9OIa0Zn+P7M+pWgkCKaT53wVLSq0mrKksCID/FGHpFhRSxRGhgrQmfhRuzwtKdg==" + "version": "0.5.4", + "resolved": "https://registry.npmjs.org/@types/content-disposition/-/content-disposition-0.5.4.tgz", + "integrity": "sha512-0mPF08jn9zYI0n0Q/Pnz7C4kThdSt+6LD4amsrYDDpgBfrVWa3TcCOxKX1zkGgYniGagRv8heN2cbh+CAn+uuQ==" }, "@types/cookies": { - "version": "0.7.6", - "resolved": "https://registry.npmjs.org/@types/cookies/-/cookies-0.7.6.tgz", - "integrity": "sha512-FK4U5Qyn7/Sc5ih233OuHO0qAkOpEcD/eG6584yEiLKizTFRny86qHLe/rej3HFQrkBuUjF4whFliAdODbVN/w==", + "version": "0.7.7", + "resolved": "https://registry.npmjs.org/@types/cookies/-/cookies-0.7.7.tgz", + "integrity": "sha512-h7BcvPUogWbKCzBR2lY4oqaZbO3jXZksexYJVFvkrFeLgbZjQkU4x8pRq6eg2MHXQhY0McQdqmmsxRWlVAHooA==", "requires": { "@types/connect": "*", "@types/express": "*", @@ -1871,9 +1871,9 @@ "dev": true }, "@types/http-errors": { - "version": "1.8.0", - "resolved": "https://registry.npmjs.org/@types/http-errors/-/http-errors-1.8.0.tgz", - "integrity": "sha512-2aoSC4UUbHDj2uCsCxcG/vRMXey/m17bC7UwitVm5hn22nI8O8Y9iDpA76Orc+DWkQ4zZrOKEshCqR/jSuXAHA==" + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/@types/http-errors/-/http-errors-1.8.1.tgz", + "integrity": "sha512-e+2rjEwK6KDaNOm5Aa9wNGgyS9oSZU/4pfSMMPYNOfjvFI0WVXm29+ITRFr6aKDvvKo7uU1jV68MW4ScsfDi7Q==" }, "@types/istanbul-lib-coverage": { "version": "2.0.3", @@ -1915,9 +1915,9 @@ } }, "@types/koa": { - "version": "2.13.3", - "resolved": "https://registry.npmjs.org/@types/koa/-/koa-2.13.3.tgz", - "integrity": "sha512-TaujBV+Dhe/FvmSMZJtCFBms+bqQacgUebk/M2C2tq8iGmHE/DDf4DcW2Hc7NqusVZmy5xzrWOjtdPKNP+fTfw==", + "version": "2.13.4", + "resolved": "https://registry.npmjs.org/@types/koa/-/koa-2.13.4.tgz", + "integrity": "sha512-dfHYMfU+z/vKtQB7NUrthdAEiSvnLebvBjwHtfFmpZmB7em2N3WVQdHgnFq+xvyVgxW5jKDmjWfLD3lw4g4uTw==", "requires": { "@types/accepts": "*", "@types/content-disposition": "*", @@ -1987,9 +1987,9 @@ } }, "@types/ws": { - "version": "7.4.5", - "resolved": "https://registry.npmjs.org/@types/ws/-/ws-7.4.5.tgz", - "integrity": "sha512-8mbDgtc8xpxDDem5Gwj76stBDJX35KQ3YBoayxlqUQcL5BZUthiqP/VQ4PQnLHqM4PmlbyO74t98eJpURO+gPA==", + "version": "7.4.6", + "resolved": "https://registry.npmjs.org/@types/ws/-/ws-7.4.6.tgz", + "integrity": "sha512-ijZ1vzRawI7QoWnTNL8KpHixd2b2XVb9I9HAqI3triPsh1EC0xH0Eg6w2O3TKbDCgiNNlJqfrof6j4T2I+l9vw==", "requires": { "@types/node": "*" } @@ -2603,18 +2603,18 @@ "integrity": "sha512-lO5oTjgiC3vlVg2RKr3RiXIIQ5pGXBFxYGGUkKDhTud3jMIhs+gel8L8zsEjKaKxkjHhCQAA/bcEfYiKkGQIvA==" }, "apollo-server-express": { - "version": "2.25.1", - "resolved": "https://registry.npmjs.org/apollo-server-express/-/apollo-server-express-2.25.1.tgz", - "integrity": "sha512-9idHkV3umcIDdq/NIQEC2D6zZ0QtaMRVCbeRcDgm9uWWiX3ulK5ICdHbNBu5UHXkDmKjfZiGaCWBZti0MsRQAg==", + "version": "2.25.2", + "resolved": "https://registry.npmjs.org/apollo-server-express/-/apollo-server-express-2.25.2.tgz", + "integrity": "sha512-A2gF2e85vvDugPlajbhr0A14cDFDIGX0mteNOJ8P3Z3cIM0D4hwrWxJidI+SzobefDIyIHu1dynFedJVhV0euQ==", "requires": { "@apollographql/graphql-playground-html": "1.6.27", "@types/accepts": "^1.3.5", "@types/body-parser": "1.19.0", "@types/cors": "2.8.10", - "@types/express": "4.17.11", - "@types/express-serve-static-core": "4.17.19", + "@types/express": "^4.17.12", + "@types/express-serve-static-core": "^4.17.21", "accepts": "^1.3.5", - "apollo-server-core": "^2.25.1", + "apollo-server-core": "^2.25.2", "apollo-server-types": "^0.9.0", "body-parser": "^1.18.3", "cors": "^2.8.5", @@ -2627,9 +2627,9 @@ }, "dependencies": { "@types/express": { - "version": "4.17.11", - "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.11.tgz", - "integrity": "sha512-no+R6rW60JEc59977wIxreQVsIEOAYwgCqldrA/vkpCnbD7MqTefO97lmoBe4WE0F156bC4uLSP1XHDOySnChg==", + "version": "4.17.13", + "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.13.tgz", + "integrity": "sha512-6bSZTPaTIACxn48l50SR+axgrqm6qXFIxrdAKaG6PaJk3+zuUr35hBlgT7vOmJcum+OEaIBLtHV/qloEAFITeA==", "requires": { "@types/body-parser": "*", "@types/express-serve-static-core": "^4.17.18", @@ -2638,9 +2638,9 @@ } }, "@types/express-serve-static-core": { - "version": "4.17.19", - "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.19.tgz", - "integrity": "sha512-DJOSHzX7pCiSElWaGR8kCprwibCB/3yW6vcT8VG3P0SJjnv19gnWG/AZMfM60Xj/YJIp/YCaDHyvzsFVeniARA==", + "version": "4.17.24", + "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-4.17.24.tgz", + "integrity": "sha512-3UJuW+Qxhzwjq3xhwXm2onQcFHn76frIYVbTu+kn24LFxI+dEhdfISDFovPB8VpEgW8oQCTpRuCe+0zJxB7NEA==", "requires": { "@types/node": "*", "@types/qs": "*", @@ -9614,9 +9614,9 @@ "integrity": "sha512-gScRMn0bS5fH+IuwyIFgnh9zBdo4DV+6GhygmWM9HyNJSgS0hScp1f5vjtm7oIIOiT9trXrShAkLFSc2IqKNgw==" }, "object-inspect": { - "version": "1.10.3", - "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.10.3.tgz", - "integrity": "sha512-e5mCJlSH7poANfC8z8S9s9S2IN5/4Zb3aZ33f5s8YqoazCFzNLloLU8r5VCG+G7WoqLvAAZoVMcy3tp/3X0Plw==" + "version": "1.11.0", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.11.0.tgz", + "integrity": "sha512-jp7ikS6Sd3GxQfZJPyH3cjcbJF6GZPClgdV+EFygjFLQ5FmW/dRUnTd9PQ9k0JhoNDabWFbpF1yCdSWCC6gexg==" }, "object-keys": { "version": "1.1.1", diff --git a/package.json b/package.json index d2eaf3df1c..bb014c0c84 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,7 @@ "@graphql-tools/utils": "6.2.4", "@parse/fs-files-adapter": "1.2.0", "@parse/push-adapter": "3.4.0", - "apollo-server-express": "2.25.1", + "apollo-server-express": "2.25.2", "bcryptjs": "2.4.3", "body-parser": "1.19.0", "commander": "5.1.0", From a95ad89736771014e2421044039038ca8c60829b Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Fri, 23 Jul 2021 19:04:03 +0300 Subject: [PATCH 50/55] [Snyk] Security upgrade parse from 3.2.0 to 3.3.0 (#7464) * fix: package.json & package-lock.json to reduce vulnerabilities The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-WS-1296835 * update user test Co-authored-by: Manuel Trezza <5673677+mtrezza@users.noreply.github.com> --- package-lock.json | 47 +++++++++++++++++++++++++++--------------- package.json | 2 +- spec/ParseUser.spec.js | 2 +- 3 files changed, 32 insertions(+), 19 deletions(-) diff --git a/package-lock.json b/package-lock.json index d9eff9a6f8..dceedf4773 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6881,9 +6881,9 @@ } }, "idb-keyval": { - "version": "5.0.4", - "resolved": "https://registry.npmjs.org/idb-keyval/-/idb-keyval-5.0.4.tgz", - "integrity": "sha512-qS0kplHuadZujoE90ze0NUkhW0/Fbfib7d+mYNMXNEn45NSh2NWY3fBewoX4GZUsKkGHBgc8JiAwMx0zrfL3LQ==" + "version": "5.0.6", + "resolved": "https://registry.npmjs.org/idb-keyval/-/idb-keyval-5.0.6.tgz", + "integrity": "sha512-6lJuVbwyo82mKSH6Wq2eHkt9LcbwHAelMIcMe0tP4p20Pod7tTxq9zf0ge2n/YDfMOpDryerfmmYyuQiaFaKOg==" }, "ieee754": { "version": "1.2.1", @@ -9964,38 +9964,51 @@ } }, "parse": { - "version": "3.2.0", - "resolved": "https://registry.npmjs.org/parse/-/parse-3.2.0.tgz", - "integrity": "sha512-yncA9l0LneOzzBFACVjdPNpWuNGQ/LhXGEO/qj6vYAyJpwWabNf7Eq2ucMAWzALb13KDRoAiTlb2cH3Nt/S9gw==", + "version": "3.3.0", + "resolved": "https://registry.npmjs.org/parse/-/parse-3.3.0.tgz", + "integrity": "sha512-SQkTDupU7JQBJpYFIpO8TlQjUtjboUdkXaak57pjoC1ZVbhaiNyLsdYbrlM0B+sNYhlvcMh7zwZW48u10+zm0A==", "requires": { - "@babel/runtime": "7.13.10", - "@babel/runtime-corejs3": "7.13.10", + "@babel/runtime": "7.14.6", + "@babel/runtime-corejs3": "7.14.6", "crypto-js": "4.0.0", - "idb-keyval": "5.0.4", + "idb-keyval": "5.0.6", "react-native-crypto-js": "1.0.0", "uuid": "3.4.0", - "ws": "7.4.4", + "ws": "7.5.0", "xmlhttprequest": "1.8.0" }, "dependencies": { + "@babel/runtime": { + "version": "7.14.6", + "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.14.6.tgz", + "integrity": "sha512-/PCB2uJ7oM44tz8YhC4Z/6PeOKXp4K588f+5M3clr1M4zbqztlo0XEfJ2LEzj/FgwfgGcIdl8n7YYjTCI0BYwg==", + "requires": { + "regenerator-runtime": "^0.13.4" + } + }, "@babel/runtime-corejs3": { - "version": "7.13.10", - "resolved": "https://registry.npmjs.org/@babel/runtime-corejs3/-/runtime-corejs3-7.13.10.tgz", - "integrity": "sha512-x/XYVQ1h684pp1mJwOV4CyvqZXqbc8CMsMGUnAbuc82ZCdv1U63w5RSUzgDSXQHG5Rps/kiksH6g2D5BuaKyXg==", + "version": "7.14.6", + "resolved": "https://registry.npmjs.org/@babel/runtime-corejs3/-/runtime-corejs3-7.14.6.tgz", + "integrity": "sha512-Xl8SPYtdjcMoCsIM4teyVRg7jIcgl8F2kRtoCcXuHzXswt9UxZCS6BzRo8fcnCuP6u2XtPgvyonmEPF57Kxo9Q==", "requires": { - "core-js-pure": "^3.0.0", + "core-js-pure": "^3.14.0", "regenerator-runtime": "^0.13.4" } }, + "core-js-pure": { + "version": "3.15.2", + "resolved": "https://registry.npmjs.org/core-js-pure/-/core-js-pure-3.15.2.tgz", + "integrity": "sha512-D42L7RYh1J2grW8ttxoY1+17Y4wXZeKe7uyplAI3FkNQyI5OgBIAjUfFiTPfL1rs0qLpxaabITNbjKl1Sp82tA==" + }, "uuid": { "version": "3.4.0", "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz", "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==" }, "ws": { - "version": "7.4.4", - "resolved": "https://registry.npmjs.org/ws/-/ws-7.4.4.tgz", - "integrity": "sha512-Qm8k8ojNQIMx7S+Zp8u/uHOx7Qazv3Yv4q68MiWWWOJhiwG5W3x7iqmRtJo8xxrciZUY4vRxUTJCKuRnF28ZZw==" + "version": "7.5.0", + "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.0.tgz", + "integrity": "sha512-6ezXvzOZupqKj4jUqbQ9tXuJNo+BR2gU8fFRk3XCP3e0G6WT414u5ELe6Y0vtp7kmSJ3F7YWObSNr1ESsgi4vw==" } } }, diff --git a/package.json b/package.json index bb014c0c84..9a206f9c8a 100644 --- a/package.json +++ b/package.json @@ -47,7 +47,7 @@ "mime": "2.5.2", "mongodb": "3.6.9", "mustache": "4.2.0", - "parse": "3.2.0", + "parse": "3.3.0", "pg-monitor": "1.4.1", "pg-promise": "10.10.2", "pluralize": "8.0.0", diff --git a/spec/ParseUser.spec.js b/spec/ParseUser.spec.js index bee6f2a279..d5612a343c 100644 --- a/spec/ParseUser.spec.js +++ b/spec/ParseUser.spec.js @@ -793,7 +793,7 @@ describe('Parse.User testing', () => { user.set('username', 'test'); await user.save(); - equal(Object.keys(user.attributes).length, 6); + equal(Object.keys(user.attributes).length, 5); ok(user.attributes['username']); ok(user.attributes['email']); await user.destroy(); From bbd7ee7313e19c43b15e16027439739590393dd1 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Fri, 23 Jul 2021 21:13:26 +0300 Subject: [PATCH 51/55] fix: upgrade graphql from 15.5.0 to 15.5.1 (#7462) Snyk has created this PR to upgrade graphql from 15.5.0 to 15.5.1. See this package in npm: https://www.npmjs.com/package/graphql See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr Co-authored-by: Manuel Trezza <5673677+mtrezza@users.noreply.github.com> --- package-lock.json | 6 +++--- package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index dceedf4773..ddc7fdca23 100644 --- a/package-lock.json +++ b/package-lock.json @@ -6459,9 +6459,9 @@ "dev": true }, "graphql": { - "version": "15.5.0", - "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.5.0.tgz", - "integrity": "sha512-OmaM7y0kaK31NKG31q4YbD2beNYa6jBBKtMFT6gLYJljHLJr42IqJ8KX08u3Li/0ifzTU5HjmoOOrwa5BRLeDA==" + "version": "15.5.1", + "resolved": "https://registry.npmjs.org/graphql/-/graphql-15.5.1.tgz", + "integrity": "sha512-FeTRX67T3LoE3LWAxxOlW2K3Bz+rMYAC18rRguK4wgXaTZMiJwSUwDmPFo3UadAKbzirKIg5Qy+sNJXbpPRnQw==" }, "graphql-extensions": { "version": "0.15.0", diff --git a/package.json b/package.json index 9a206f9c8a..78d759c1ef 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ "deepcopy": "2.1.0", "express": "4.17.1", "follow-redirects": "1.14.1", - "graphql": "15.5.0", + "graphql": "15.5.1", "graphql-list-fields": "2.0.2", "graphql-relay": "0.8.0", "graphql-tag": "2.12.5", From c58bf57f51ebc9df3a624fb3ecdacdf4647f1dea Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Fri, 23 Jul 2021 23:45:54 +0300 Subject: [PATCH 52/55] fix: upgrade @apollographql/graphql-playground-html from 1.6.27 to 1.6.28 (#7411) Snyk has created this PR to upgrade @apollographql/graphql-playground-html from 1.6.27 to 1.6.28. See this package in npm: https://www.npmjs.com/package/@apollographql/graphql-playground-html See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr Co-authored-by: Manuel Trezza <5673677+mtrezza@users.noreply.github.com> --- package-lock.json | 28 ++++++++++++++++++++++------ package.json | 2 +- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/package-lock.json b/package-lock.json index ddc7fdca23..d9c14f5afa 100644 --- a/package-lock.json +++ b/package-lock.json @@ -100,9 +100,9 @@ "integrity": "sha512-ZII+/xUFfb9ezDU2gad114+zScxVFMVlZ91f8fGApMzlS1kkqoyLnC4AJaQ1Ya/X+b63I20B4Gd+eCL8QuB4sA==" }, "@apollographql/graphql-playground-html": { - "version": "1.6.27", - "resolved": "https://registry.npmjs.org/@apollographql/graphql-playground-html/-/graphql-playground-html-1.6.27.tgz", - "integrity": "sha512-tea2LweZvn6y6xFV11K0KC8ETjmm52mQrW+ezgB2O/aTQf8JGyFmMcRPFgUaQZeHbWdm8iisDC6EjOKsXu0nfw==", + "version": "1.6.28", + "resolved": "https://registry.npmjs.org/@apollographql/graphql-playground-html/-/graphql-playground-html-1.6.28.tgz", + "integrity": "sha512-0goOBx/VApTeqRwsZ7Wr6PA8ukv9CPdwoMMyGB6WsDKm5yIkiY1t1R/HOHD8MiUIhPnyqwBQUFDFa1VgUNmx1Q==", "requires": { "xss": "^1.0.8" } @@ -2561,6 +2561,14 @@ "uuid": "^8.0.0" }, "dependencies": { + "@apollographql/graphql-playground-html": { + "version": "1.6.27", + "resolved": "https://registry.npmjs.org/@apollographql/graphql-playground-html/-/graphql-playground-html-1.6.27.tgz", + "integrity": "sha512-tea2LweZvn6y6xFV11K0KC8ETjmm52mQrW+ezgB2O/aTQf8JGyFmMcRPFgUaQZeHbWdm8iisDC6EjOKsXu0nfw==", + "requires": { + "xss": "^1.0.8" + } + }, "lru-cache": { "version": "6.0.0", "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-6.0.0.tgz", @@ -2626,6 +2634,14 @@ "type-is": "^1.6.16" }, "dependencies": { + "@apollographql/graphql-playground-html": { + "version": "1.6.27", + "resolved": "https://registry.npmjs.org/@apollographql/graphql-playground-html/-/graphql-playground-html-1.6.27.tgz", + "integrity": "sha512-tea2LweZvn6y6xFV11K0KC8ETjmm52mQrW+ezgB2O/aTQf8JGyFmMcRPFgUaQZeHbWdm8iisDC6EjOKsXu0nfw==", + "requires": { + "xss": "^1.0.8" + } + }, "@types/express": { "version": "4.17.13", "resolved": "https://registry.npmjs.org/@types/express/-/express-4.17.13.tgz", @@ -12625,9 +12641,9 @@ "integrity": "sha1-Z/4HXFwk/vOfnWX197f+dRcZaPw=" }, "xss": { - "version": "1.0.8", - "resolved": "https://registry.npmjs.org/xss/-/xss-1.0.8.tgz", - "integrity": "sha512-3MgPdaXV8rfQ/pNn16Eio6VXYPTkqwa0vc7GkiymmY/DqR1SE/7VPAAVZz1GJsJFrllMYO3RHfEaiUGjab6TNw==", + "version": "1.0.9", + "resolved": "https://registry.npmjs.org/xss/-/xss-1.0.9.tgz", + "integrity": "sha512-2t7FahYnGJys6DpHLhajusId7R0Pm2yTmuL0GV9+mV0ZlaLSnb2toBmppATfg5sWIhZQGlsTLoecSzya+l4EAQ==", "requires": { "commander": "^2.20.3", "cssfilter": "0.0.10" diff --git a/package.json b/package.json index 78d759c1ef..f80ae3d4a3 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,7 @@ ], "license": "BSD-3-Clause", "dependencies": { - "@apollographql/graphql-playground-html": "1.6.27", + "@apollographql/graphql-playground-html": "1.6.28", "@graphql-tools/links": "6.2.5", "@graphql-tools/stitch": "6.2.4", "@graphql-tools/utils": "6.2.4", From 39f7c831e6493cff9cd64195b64e886fda4624f8 Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Sat, 24 Jul 2021 13:42:57 +0300 Subject: [PATCH 53/55] fix: upgrade @apollographql/graphql-playground-html from 1.6.28 to 1.6.29 (#7473) Snyk has created this PR to upgrade @apollographql/graphql-playground-html from 1.6.28 to 1.6.29. See this package in npm: https://www.npmjs.com/package/@apollographql/graphql-playground-html See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr --- package-lock.json | 6 +++--- package.json | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index d9c14f5afa..398c7d29e4 100644 --- a/package-lock.json +++ b/package-lock.json @@ -100,9 +100,9 @@ "integrity": "sha512-ZII+/xUFfb9ezDU2gad114+zScxVFMVlZ91f8fGApMzlS1kkqoyLnC4AJaQ1Ya/X+b63I20B4Gd+eCL8QuB4sA==" }, "@apollographql/graphql-playground-html": { - "version": "1.6.28", - "resolved": "https://registry.npmjs.org/@apollographql/graphql-playground-html/-/graphql-playground-html-1.6.28.tgz", - "integrity": "sha512-0goOBx/VApTeqRwsZ7Wr6PA8ukv9CPdwoMMyGB6WsDKm5yIkiY1t1R/HOHD8MiUIhPnyqwBQUFDFa1VgUNmx1Q==", + "version": "1.6.29", + "resolved": "https://registry.npmjs.org/@apollographql/graphql-playground-html/-/graphql-playground-html-1.6.29.tgz", + "integrity": "sha512-xCcXpoz52rI4ksJSdOCxeOCn2DLocxwHf9dVT/Q90Pte1LX+LY+91SFtJF3KXVHH8kEin+g1KKCQPKBjZJfWNA==", "requires": { "xss": "^1.0.8" } diff --git a/package.json b/package.json index f80ae3d4a3..10c5a024a8 100644 --- a/package.json +++ b/package.json @@ -19,7 +19,7 @@ ], "license": "BSD-3-Clause", "dependencies": { - "@apollographql/graphql-playground-html": "1.6.28", + "@apollographql/graphql-playground-html": "1.6.29", "@graphql-tools/links": "6.2.5", "@graphql-tools/stitch": "6.2.4", "@graphql-tools/utils": "6.2.4", From c3b71ba5b6f7ee962649afc0b58df80af1fc01cd Mon Sep 17 00:00:00 2001 From: Snyk bot Date: Sun, 25 Jul 2021 02:54:28 +0300 Subject: [PATCH 54/55] [Snyk] Upgrade ws from 7.4.6 to 7.5.3 (#7457) * fix: upgrade ws from 7.4.6 to 7.5.0 Snyk has created this PR to upgrade ws from 7.4.6 to 7.5.0. See this package in npm: https://www.npmjs.com/package/ws See this project in Snyk: https://app.snyk.io/org/acinader/project/8c1a9edb-c8f5-4dc1-b221-4d6030a323eb?utm_source=github&utm_medium=upgrade-pr * changed logging for circular obj * upgraded to ws 7.5.3 Co-authored-by: Manuel Trezza <5673677+mtrezza@users.noreply.github.com> --- package-lock.json | 6 +++--- package.json | 2 +- src/LiveQuery/ParseWebSocketServer.js | 3 ++- 3 files changed, 6 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index 398c7d29e4..d907851cdd 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12625,9 +12625,9 @@ } }, "ws": { - "version": "7.4.6", - "resolved": "https://registry.npmjs.org/ws/-/ws-7.4.6.tgz", - "integrity": "sha512-YmhHDO4MzaDLB+M9ym/mDA5z0naX8j7SIlT8f8z+I0VtzsRbekxEutHSme7NPS2qE8StCYQNUnfWdXta/Yu85A==" + "version": "7.5.3", + "resolved": "https://registry.npmjs.org/ws/-/ws-7.5.3.tgz", + "integrity": "sha512-kQ/dHIzuLrS6Je9+uv81ueZomEwH0qVYstcAQ4/Z93K8zeko9gtAbttJWzoC5ukqXY1PpoouV3+VSOqEAFt5wg==" }, "xmlcreate": { "version": "2.0.3", diff --git a/package.json b/package.json index 10c5a024a8..bb2ba350f2 100644 --- a/package.json +++ b/package.json @@ -58,7 +58,7 @@ "uuid": "8.3.2", "winston": "3.3.3", "winston-daily-rotate-file": "4.5.5", - "ws": "7.4.6" + "ws": "7.5.3" }, "devDependencies": { "@actions/core": "1.2.6", diff --git a/src/LiveQuery/ParseWebSocketServer.js b/src/LiveQuery/ParseWebSocketServer.js index 606056fc2e..fa521080ed 100644 --- a/src/LiveQuery/ParseWebSocketServer.js +++ b/src/LiveQuery/ParseWebSocketServer.js @@ -2,6 +2,7 @@ import { loadAdapter } from '../Adapters/AdapterLoader'; import { WSAdapter } from '../Adapters/WebSocketServer/WSAdapter'; import logger from '../logger'; import events from 'events'; +import { inspect } from 'util'; export class ParseWebSocketServer { server: Object; @@ -15,7 +16,7 @@ export class ParseWebSocketServer { wss.onConnection = ws => { ws.on('error', error => { logger.error(error.message); - logger.error(JSON.stringify(ws)); + logger.error(inspect(ws, false)); }); onConnect(new ParseWebSocket(ws)); // Send ping to client periodically From c8e822b95872c122bc75a88c7e5a30d52212f091 Mon Sep 17 00:00:00 2001 From: Corey Date: Mon, 26 Jul 2021 00:17:03 -0400 Subject: [PATCH 55/55] Accept context via header X-Parse-Cloud-Context (#7437) * failing testcase * add header * switch to X-Parse-Cloud-Context header * add back blank line that lint removed * test replacing context header with body context. Add support for setting body with json string * add back blank line * cover error when _context body is wrong * Update middlewares.js * revert accidental status change * make sure context always decodes to an object else throw error * improve context object check Co-authored-by: Antonio Davi Macedo Coelho de Castro --- CHANGELOG.md | 2 + spec/CloudCode.spec.js | 215 +++++++++++++++++++++++++++++++++++++++++ src/middlewares.js | 33 ++++++- 3 files changed, 247 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 37ccc74bdc..9c6be5a0e5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -137,6 +137,8 @@ ___ - Fix select and excludeKey queries to properly accept JSON string arrays. Also allow nested fields in exclude (Corey Baker) [#7242](https://github.com/parse-community/parse-server/pull/7242) - Fix LiveQuery server crash when using $all query operator on a missing object key (Jason Posthuma) [#7421](https://github.com/parse-community/parse-server/pull/7421) - Added runtime deprecation warnings (Manuel Trezza) [#7451](https://github.com/parse-community/parse-server/pull/7451) +- Add ability to pass context of an object via a header, X-Parse-Cloud-Context, for Cloud Code triggers. The header addition allows client SDK's to add context without injecting _context in the body of JSON objects (Corey Baker) [#7437](https://github.com/parse-community/parse-server/pull/7437) + ___ ## 4.5.0 [Full Changelog](https://github.com/parse-community/parse-server/compare/4.4.0...4.5.0) diff --git a/spec/CloudCode.spec.js b/spec/CloudCode.spec.js index c53a284273..86a7627427 100644 --- a/spec/CloudCode.spec.js +++ b/spec/CloudCode.spec.js @@ -2519,6 +2519,201 @@ describe('afterFind hooks', () => { }); }); + it('should throw error if context header is malformed', async () => { + let calledBefore = false; + let calledAfter = false; + Parse.Cloud.beforeSave('TestObject', () => { + calledBefore = true; + }); + Parse.Cloud.afterSave('TestObject', () => { + calledAfter = true; + }); + const req = request({ + method: 'POST', + url: 'http://localhost:8378/1/classes/TestObject', + headers: { + 'X-Parse-Application-Id': 'test', + 'X-Parse-REST-API-Key': 'rest', + 'X-Parse-Cloud-Context': 'key', + }, + body: { + foo: 'bar', + }, + }); + try { + await req; + fail('Should have thrown error'); + } catch (e) { + expect(e).toBeDefined(); + expect(e.data.code).toEqual(Parse.Error.INVALID_JSON); + } + expect(calledBefore).toBe(false); + expect(calledAfter).toBe(false); + }); + + it('should throw error if context header is string "1"', async () => { + let calledBefore = false; + let calledAfter = false; + Parse.Cloud.beforeSave('TestObject', () => { + calledBefore = true; + }); + Parse.Cloud.afterSave('TestObject', () => { + calledAfter = true; + }); + const req = request({ + method: 'POST', + url: 'http://localhost:8378/1/classes/TestObject', + headers: { + 'X-Parse-Application-Id': 'test', + 'X-Parse-REST-API-Key': 'rest', + 'X-Parse-Cloud-Context': '1', + }, + body: { + foo: 'bar', + }, + }); + try { + await req; + fail('Should have thrown error'); + } catch (e) { + expect(e).toBeDefined(); + expect(e.data.code).toEqual(Parse.Error.INVALID_JSON); + } + expect(calledBefore).toBe(false); + expect(calledAfter).toBe(false); + }); + + it('should expose context in beforeSave/afterSave via header', async () => { + let calledBefore = false; + let calledAfter = false; + Parse.Cloud.beforeSave('TestObject', req => { + expect(req.object.get('foo')).toEqual('bar'); + expect(req.context.otherKey).toBe(1); + expect(req.context.key).toBe('value'); + calledBefore = true; + }); + Parse.Cloud.afterSave('TestObject', req => { + expect(req.object.get('foo')).toEqual('bar'); + expect(req.context.otherKey).toBe(1); + expect(req.context.key).toBe('value'); + calledAfter = true; + }); + const req = request({ + method: 'POST', + url: 'http://localhost:8378/1/classes/TestObject', + headers: { + 'X-Parse-Application-Id': 'test', + 'X-Parse-REST-API-Key': 'rest', + 'X-Parse-Cloud-Context': '{"key":"value","otherKey":1}', + }, + body: { + foo: 'bar', + }, + }); + await req; + expect(calledBefore).toBe(true); + expect(calledAfter).toBe(true); + }); + + it('should override header context with body context in beforeSave/afterSave', async () => { + let calledBefore = false; + let calledAfter = false; + Parse.Cloud.beforeSave('TestObject', req => { + expect(req.object.get('foo')).toEqual('bar'); + expect(req.context.otherKey).toBe(10); + expect(req.context.key).toBe('hello'); + calledBefore = true; + }); + Parse.Cloud.afterSave('TestObject', req => { + expect(req.object.get('foo')).toEqual('bar'); + expect(req.context.otherKey).toBe(10); + expect(req.context.key).toBe('hello'); + calledAfter = true; + }); + const req = request({ + method: 'POST', + url: 'http://localhost:8378/1/classes/TestObject', + headers: { + 'X-Parse-REST-API-Key': 'rest', + 'X-Parse-Cloud-Context': '{"key":"value","otherKey":1}', + }, + body: { + foo: 'bar', + _ApplicationId: 'test', + _context: '{"key":"hello","otherKey":10}', + }, + }); + await req; + expect(calledBefore).toBe(true); + expect(calledAfter).toBe(true); + }); + + it('should throw error if context body is malformed', async () => { + let calledBefore = false; + let calledAfter = false; + Parse.Cloud.beforeSave('TestObject', () => { + calledBefore = true; + }); + Parse.Cloud.afterSave('TestObject', () => { + calledAfter = true; + }); + const req = request({ + method: 'POST', + url: 'http://localhost:8378/1/classes/TestObject', + headers: { + 'X-Parse-REST-API-Key': 'rest', + 'X-Parse-Cloud-Context': '{"key":"value","otherKey":1}', + }, + body: { + foo: 'bar', + _ApplicationId: 'test', + _context: 'key', + }, + }); + try { + await req; + fail('Should have thrown error'); + } catch (e) { + expect(e).toBeDefined(); + expect(e.data.code).toEqual(Parse.Error.INVALID_JSON); + } + expect(calledBefore).toBe(false); + expect(calledAfter).toBe(false); + }); + + it('should throw error if context body is string "true"', async () => { + let calledBefore = false; + let calledAfter = false; + Parse.Cloud.beforeSave('TestObject', () => { + calledBefore = true; + }); + Parse.Cloud.afterSave('TestObject', () => { + calledAfter = true; + }); + const req = request({ + method: 'POST', + url: 'http://localhost:8378/1/classes/TestObject', + headers: { + 'X-Parse-REST-API-Key': 'rest', + 'X-Parse-Cloud-Context': '{"key":"value","otherKey":1}', + }, + body: { + foo: 'bar', + _ApplicationId: 'test', + _context: 'true', + }, + }); + try { + await req; + fail('Should have thrown error'); + } catch (e) { + expect(e).toBeDefined(); + expect(e.data.code).toEqual(Parse.Error.INVALID_JSON); + } + expect(calledBefore).toBe(false); + expect(calledAfter).toBe(false); + }); + it('should expose context in before and afterSave', async () => { let calledBefore = false; let calledAfter = false; @@ -2804,6 +2999,26 @@ describe('afterLogin hook', () => { done(); }); + it('context options should override _context object property when saving a new object', async () => { + Parse.Cloud.beforeSave('TestObject', req => { + expect(req.context.a).toEqual('a'); + expect(req.context.hello).not.toBeDefined(); + expect(req._context).not.toBeDefined(); + expect(req.object._context).not.toBeDefined(); + expect(req.object.context).not.toBeDefined(); + }); + Parse.Cloud.afterSave('TestObject', req => { + expect(req.context.a).toEqual('a'); + expect(req.context.hello).not.toBeDefined(); + expect(req._context).not.toBeDefined(); + expect(req.object._context).not.toBeDefined(); + expect(req.object.context).not.toBeDefined(); + }); + const obj = new TestObject(); + obj.set('_context', { hello: 'world' }); + await obj.save(null, { context: { a: 'a' } }); + }); + it('should have access to context when saving a new object', async () => { Parse.Cloud.beforeSave('TestObject', req => { expect(req.context.a).toEqual('a'); diff --git a/src/middlewares.js b/src/middlewares.js index 1c0a372031..88de107264 100644 --- a/src/middlewares.js +++ b/src/middlewares.js @@ -25,6 +25,17 @@ const getMountForRequest = function (req) { export function handleParseHeaders(req, res, next) { var mount = getMountForRequest(req); + let context = {}; + if (req.get('X-Parse-Cloud-Context') != null) { + try { + context = JSON.parse(req.get('X-Parse-Cloud-Context')); + if (Object.prototype.toString.call(context) !== '[object Object]') { + throw 'Context is not an object'; + } + } catch (e) { + return malformedContext(req, res); + } + } var info = { appId: req.get('X-Parse-Application-Id'), sessionToken: req.get('X-Parse-Session-Token'), @@ -35,7 +46,7 @@ export function handleParseHeaders(req, res, next) { dotNetKey: req.get('X-Parse-Windows-Key'), restAPIKey: req.get('X-Parse-REST-API-Key'), clientVersion: req.get('X-Parse-Client-Version'), - context: {}, + context: context, }; var basicAuth = httpAuth(req); @@ -105,8 +116,19 @@ export function handleParseHeaders(req, res, next) { info.masterKey = req.body._MasterKey; delete req.body._MasterKey; } - if (req.body._context && req.body._context instanceof Object) { - info.context = req.body._context; + if (req.body._context) { + if (req.body._context instanceof Object) { + info.context = req.body._context; + } else { + try { + info.context = JSON.parse(req.body._context); + if (Object.prototype.toString.call(info.context) !== '[object Object]') { + throw 'Context is not an object'; + } + } catch (e) { + return malformedContext(req, res); + } + } delete req.body._context; } if (req.body._ContentType) { @@ -454,3 +476,8 @@ function invalidRequest(req, res) { res.status(403); res.end('{"error":"unauthorized"}'); } + +function malformedContext(req, res) { + res.status(400); + res.json({ code: Parse.Error.INVALID_JSON, error: 'Invalid object for context.' }); +}