diff --git a/CHANGELOG.md b/CHANGELOG.md
index f8d03e579e..b4a49e8907 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,16 +1,20 @@
-## Parse Server Changelog
+# Parse Server Changelog
 
-### master
-[Full Changelog](https://github.com/parse-community/parse-server/compare/4.10.1...master)
+# 4.10.2
+[Full Changelog](https://github.com/parse-community/parse-server/compare/4.10.1...4.10.2)
 
-### 4.10.1
+## Fixes
+- Move graphql-tag from devDependencies to dependencies (Antonio Davi Macedo Coelho de Castro) [#7183](https://github.com/parse-community/parse-server/pull/7183)
+
+# 4.10.1
 [Full Changelog](https://github.com/parse-community/parse-server/compare/4.10.0...4.10.1)
 
+## Security Fixes
 - Updated to Parse JS SDK 3.3.0 and other security fixes (Manuel Trezza) [#7508](https://github.com/parse-community/parse-server/pull/7508)
 
 > ⚠️ This includes a security fix of the Parse JS SDK where `logIn` will default to `POST` instead of `GET` method. This may require changes in your deployment before you upgrade to this release, see the Parse JS SDK 3.0.0 [release notes](https://github.com/parse-community/Parse-SDK-JS/releases/tag/3.0.0).
 
-### 4.10.0
+# 4.10.0
 [Full Changelog](https://github.com/parse-community/parse-server/compare/4.5.2...4.10.0)
 
 *Versions >4.5.2 and <4.10.0 are skipped.*
@@ -26,16 +30,16 @@
 > 
 >**If you are using any of the affected versions, we urgently recommend to upgrade to version `4.10.0`.**
 
-### 4.5.2
+# 4.5.2
 [Full Changelog](https://github.com/parse-community/parse-server/compare/4.5.0...4.5.2)
 
-### Security Fixes
+## Security Fixes
 - SECURITY FIX: Fixes incorrect session property `authProvider: password` of anonymous users. When signing up an anonymous user, the session field `createdWith` indicates incorrectly that the session has been created using username and password with `authProvider: password`, instead of an anonymous sign-up with `authProvider: anonymous`. This fixes the issue by setting the correct `authProvider: anonymous` for future sign-ups of anonymous users. This fix does not fix incorrect `authProvider: password` for existing sessions of anonymous users. Consider this if your app logic depends on the `authProvider` field. (Corey Baker) [GHSA-23r4-5mxp-c7g5](https://github.com/parse-community/parse-server/security/advisories/GHSA-23r4-5mxp-c7g5)
 
-### 4.5.1
+# 4.5.1
 *This version was published by mistake and was deprecated.*
 
-### 4.5.0
+# 4.5.0
 [Full Changelog](https://github.com/parse-community/parse-server/compare/4.4.0...4.5.0)
 
 __BREAKING CHANGES:__
diff --git a/package-lock.json b/package-lock.json
index 5e89934492..334c9233c5 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "4.10.1",
+  "version": "4.10.2",
   "lockfileVersion": 1,
   "requires": true,
   "dependencies": {
@@ -7310,10 +7310,19 @@
       }
     },
     "graphql-tag": {
-      "version": "2.10.1",
-      "resolved": "https://registry.npmjs.org/graphql-tag/-/graphql-tag-2.10.1.tgz",
-      "integrity": "sha512-jApXqWBzNXQ8jYa/HLkZJaVw9jgwNqZkywa2zfFn16Iv1Zb7ELNHkJaXHR7Quvd5SIGsy6Ny7SUKATgnu05uEg==",
-      "dev": true
+      "version": "2.12.5",
+      "resolved": "https://registry.npmjs.org/graphql-tag/-/graphql-tag-2.12.5.tgz",
+      "integrity": "sha512-5xNhP4063d16Pz3HBtKprutsPrmHZi5IdUGOWRxA2B6VF7BIRGOHZ5WQvDmJXZuPcBg7rYwaFxvQYjqkSdR3TQ==",
+      "requires": {
+        "tslib": "^2.1.0"
+      },
+      "dependencies": {
+        "tslib": {
+          "version": "2.3.1",
+          "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.3.1.tgz",
+          "integrity": "sha512-77EbyPPpMz+FRFRuAFlWMtmgUWGe9UOG2Z25NqCwiIjRhOf5iKGuzSe5P2w1laq+FkRy4p+PCuVkJSGkzTEKVw=="
+        }
+      }
     },
     "graphql-tools": {
       "version": "4.0.8",
diff --git a/package.json b/package.json
index c7c0143d15..ff14d04135 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "parse-server",
-  "version": "4.10.1",
+  "version": "4.10.2",
   "description": "An express module providing a Parse-compatible API server",
   "main": "lib/index.js",
   "repository": {
@@ -38,6 +38,7 @@
     "graphql": "15.4.0",
     "graphql-list-fields": "2.0.2",
     "graphql-relay": "0.6.0",
+    "graphql-tag": "2.12.5",
     "graphql-upload": "11.0.0",
     "intersect": "1.0.1",
     "jsonwebtoken": "8.5.1",
@@ -81,7 +82,6 @@
     "eslint-plugin-flowtype": "5.1.3",
     "flow-bin": "0.119.1",
     "form-data": "3.0.0",
-    "graphql-tag": "2.10.1",
     "husky": "4.2.5",
     "jasmine": "3.5.0",
     "jsdoc": "3.6.7",