aforemny / bullet-journal

Bullet journal implementation in Elm.
5 stars 1 forks source link

Bump parse-server from 2.8.2 to 4.10.14 #26

Closed dependabot[bot] closed 1 year ago

dependabot[bot] commented 1 year ago

Bumps parse-server from 2.8.2 to 4.10.14.

Release notes

Sourced from parse-server's releases.

4.10.14

4.10.14 (2022-09-02)

Bug Fixes

  • brute force guessing of user sensitive data via search patterns; this fixes a security vulnerability in which internal and protected fields may be used as query constraints to guess the value of these fields and obtain sensitive data (GHSA-2m6g-crv8-p3c6) (#8143) (634c44a)

4.10.13

4.10.13 (2022-06-30)

Bug Fixes

  • protected fields exposed via LiveQuery; this removes protected fields from the client response; this may be a breaking change if your app is currently expecting to receive these protected fields (GHSA-crrq-vr9j-fxxh) (#8074) (054f3e6)

4.10.12

4.10.12 (2022-06-17)

Bug Fixes

  • invalid file request not properly handled; this fixes a security vulnerability in which an invalid file request can crash the server (GHSA-xw6g-jjvf-wwf9) (#8059) (5f42322)

4.10.11

4.10.11 (2022-06-17)

Bug Fixes

  • certificate in Apple Game Center auth adapter not validated; this fixes a security vulnerability in which authentication could be bypassed using a fake certificate; if you are using the Apple Game Center auth adapter it is your responsibility to keep its root certificate up-to-date and we advice you read the security advisory (GHSA-rh9j-f5f8-rvgc) (145838d)

4.10.10

4.10.10 (2022-05-01)

Bug Fixes

  • authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter (GHSA-qf8x-vqjv-92gr) (#7963) (1930a64)

4.10.9

4.10.9 (2022-03-28)

Bug Fixes

  • security upgrade @​parse/push-adapter from 3.4.1 to 4.1.2 (#7897) (3d80ee5)

... (truncated)

Changelog

Sourced from parse-server's changelog.

4.10.14 (2022-09-02)

Bug Fixes

  • brute force guessing of user sensitive data via search patterns; this fixes a security vulnerability in which internal and protected fields may be used as query constraints to guess the value of these fields and obtain sensitive data (GHSA-2m6g-crv8-p3c6) (#8143) (634c44a)

4.10.13 (2022-06-30)

Bug Fixes

  • protected fields exposed via LiveQuery; this removes protected fields from the client response; this may be a breaking change if your app is currently expecting to receive these protected fields (GHSA-crrq-vr9j-fxxh) (#8074) (054f3e6)

4.10.12 (2022-06-17)

Bug Fixes

  • invalid file request not properly handled; this fixes a security vulnerability in which an invalid file request can crash the server (GHSA-xw6g-jjvf-wwf9) (#8059) (5f42322)

4.10.11 (2022-06-17)

Bug Fixes

  • certificate in Apple Game Center auth adapter not validated; this fixes a security vulnerability in which authentication could be bypassed using a fake certificate; if you are using the Apple Gamer Center auth adapter it is your responsibility to keep its root certificate up-to-date and we advice you read the security advisory (GHSA-rh9j-f5f8-rvgc) (145838d)

4.10.10 (2022-05-01)

Bug Fixes

  • authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter (GHSA-qf8x-vqjv-92gr) (#7963) (1930a64)

4.10.9 (2022-03-28)

Bug Fixes

  • security upgrade @​parse/push-adapter from 3.4.1 to 4.1.2 (#7897) (3d80ee5)

4.10.8 (2022-03-24)

Bug Fixes

  • sensitive keyword detection may produce false positives (#7883) (d347613)

4.10.7 (2022-03-11)

... (truncated)

Commits
  • e29f7c0 chore(release): 4.10.14 [skip ci]
  • 634c44a fix: brute force guessing of user sensitive data via search patterns; this fi...
  • 4748e9b chore(release): 4.10.13 [skip ci]
  • 054f3e6 fix: protected fields exposed via LiveQuery; this removes protected fields fr...
  • 6286d2e chore(release): 4.10.12 [skip ci]
  • 5f42322 fix: invalid file request not properly handled; this fixes a security vulnera...
  • ad680bd chore(release): 4.10.11 [skip ci]
  • 145838d fix: certificate in Apple Game Center auth adapter not validated; this fixes ...
  • 8580a52 fix CI timeout
  • 53afafa Update gcenter.js
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by parseadmin, a new releaser for parse-server since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/aforemny/bullet-journal/network/alerts).
dependabot[bot] commented 1 year ago

Superseded by #27.