gnu-lorien / yorick

A character database compatible with By Night Studio's Mind's Eye Theatre Books
https://patron.undergroundtheater.org
GNU Affero General Public License v3.0
3 stars 4 forks source link

Bump parse-server from 2.2.21 to 3.6.0 #195

Closed dependabot[bot] closed 4 years ago

dependabot[bot] commented 4 years ago

Bumps parse-server from 2.2.21 to 3.6.0.

Release notes *Sourced from [parse-server's releases](https://github.com/parse-community/parse-server/releases).* > ## 3.6.0 > - SECURITY FIX: Address Security Advisory of a potential Enumeration Attack 73b0f9a, big thanks to Fabian - Strachanski for identifying the problem, creating a fix and following the vulnerability disclosure guidelines > - NEW: Added rest option: excludeKeys [#5737](https://github-redirect.dependabot.com/parse-community/parse-server/issues/5737), thanks to Raschid J.F. Rafeally > - FIX: LiveQuery create event with fields [#5790](https://github-redirect.dependabot.com/parse-community/parse-server/issues/5790), thanks to Diamond Lewis > - FIX: Generate sessionToken with linkWith [#5799](https://github-redirect.dependabot.com/parse-community/parse-server/issues/5799), thanks to Diamond Lewis > > ## 3.5.0 > - NEW: GraphQL Support [#5674](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5674) thanks to [Antonio Davi Macedo Coelho de Castro](https://github.com/davimacedo). Check out the [GraphQL Guide](https://github.com/parse-community/parse-server#graphql) > - NEW: Sign in with Apple [#5694](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5694) thanks to [Diamond Lewis](https://github.com/dplewis) > - NEW: AppSecret to Facebook Auth [#5695](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5695) thanks to [Diamond Lewis](https://github.com/dplewis) > - NEW: Postgres: Regex support foreign characters [#5598](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5598) thanks to [Jeff Gu Kang](https://github.com/JeffGuKang) > - FIX: Winston Logger string interpolation [#5729](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5729) thanks to [Diamond Lewis](https://github.com/dplewis) > > ## 3.4.4 > Fix: Commit changes that were intended to be in 3.4.3 > > ## 3.4.3 > Fix: Use changes in master to travis configuration to enable pushing to npm and gh_pages. See [diff](https://github.com/parse-community/parse-server/compare/3.4.2...3.4.3) for details. > > ## 3.4.2 > Fix: In my haste to get a [Security Fix](https://github.com/parse-community/parse-server/security/advisories/GHSA-2479-qvv7-47qq) out, I added [8709daf](https://github.com/parse-community/parse-server/commit/8709daf698ea69b59268cb66f0f7cee75b52daa5) to master instead of to 3.4.1. This commit fixes that. [Arthur Cinader](https://github.com/acinader) > > ## 3.4.1 > Security Release to address: [GHSA-2479-qvv7-47qq](https://github.com/parse-community/parse-server/security/advisories/GHSA-2479-qvv7-47qq) > > ## 3.4.0 > [Full Changelog](https://github.com/parse-community/parse-server/compare/3.3.0...3.4.0) > - NEW: Aggregate supports group by date fields [#5538](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5538) thanks to [Antonio Davi Macedo Coelho de Castro](https://github.com/davimacedo) > - NEW: API for Read Preferences [#3963](https://github-redirect.dependabot.com/parse-community/parse-server/pull/3963) thanks to [Antonio Davi Macedo Coelho de Castro](https://github.com/davimacedo) > - NEW: Add Redis options for LiveQuery [#5584](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5584) thanks to [Diamond Lewis](https://github.com/dplewis) > - NEW: Add Direct Access option for Server Config [#5550](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5550) thanks to [Diamond Lewis](https://github.com/dplewis) > - FIX: updating mixed array in Postgres [#5552](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5552) thanks to [Diamond Lewis](https://github.com/dplewis) > - FIX: notEqualTo GeoPoint Query in Postgres [#5549](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5549) thanks to [Diamond Lewis](https://github.com/dplewis) > - FIX: put the timestamp back in logs that was lost after Winston upgrade [#5571](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5571), thanks [Steven Rowe](https://github.com/mrowe009) and [Arthur Cinader](https://github.com/acinader) > - FIX: Validates permission before calling beforeSave [#5546](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5546) thanks to [Antonio Davi Macedo Coelho de Castro](https://github.com/davimacedo) > - FIX: Remove userSensitiveFields default value. [#5588](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5588) thanks to [William George](https://github.com/awgeorge) > - FIX: Decode Date JSON value in LiveQuery. [#5540](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5540) thanks to [ananfang](https://github.com/ananfang) > > > ## 3.3.0 > [Full Changelog](https://github.com/parse-community/parse-server/compare/3.2.3...3.3.0) > - NEW: beforeLogin trigger with support for auth providers ([#5445](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5445)), thanks to [Omair Vaiyani](https://github.com/omairvaiyani) > - NEW: RFC 7662 compliant OAuth2 auth adapter ([#4910](https://github-redirect.dependabot.com/parse-community/parse-server/pull/4910)), thanks to [Müller Zsolt](https://github.com/zsmuller) > - FIX: cannot change password when maxPasswordHistory is 1 ([#5191](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5191)), thanks to [Tulsi Sapkota](https://github.com/Tolsee) > - FIX (Postgres): count being very slow on large Parse Classes' collections ([#5330](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5330)), thanks to [CoderickLamar](https://github.com/CoderickLamar) > - FIX: using per-key basis queue ([#5420](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5420)), thanks to [Georges Jamous](https://github.com/georgesjamous) > - FIX: issue on count with Geo constraints and mongo ([#5286](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5286)), thanks to [Julien Quéré](https://github.com/jlnquere) > > ## 3.2.3 > [Full Changelog](https://github.com/parse-community/parse-server/compare/3.2.2...3.2.3) > ... (truncated)
Changelog *Sourced from [parse-server's changelog](https://github.com/parse-community/parse-server/blob/master/CHANGELOG.md).* > ### 3.6.0 > [Full Changelog](https://github.com/parse-community/parse-server/compare/3.5.0...3.6.0) > > - SECURITY FIX: Address [Security Advisory](https://github.com/parse-community/parse-server/security/advisories/GHSA-8w3j-g983-8jh5) of a potential [Enumeration Attack](https://www.owasp.org/index.php/Testing_for_User_Enumeration_and_Guessable_User_Account_(OWASP-AT-002)#Description_of_the_Issue) [73b0f9a](https://github.com/parse-community/parse-server/commit/73b0f9a339b81f5d757725dc557955a7b670a3ec), big thanks to [Fabian Strachanski](https://github.com/fastrde) for identifying the problem, creating a fix and following the [vulnerability disclosure guidelines](https://github.com/parse-community/parse-server/blob/master/SECURITY.md#parse-community-vulnerability-disclosure-program) > - NEW: Added rest option: excludeKeys [#5737](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5737), thanks to [Raschid J.F. Rafeally](https://github.com/RaschidJFR) > - FIX: LiveQuery create event with fields [#5790](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5790), thanks to [Diamond Lewis](https://github.com/dplewis) > - FIX: Generate sessionToken with linkWith [#5799](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5799), thanks to [Diamond Lewis](https://github.com/dplewis) > > ### 3.5.0 > [Full Changelog](https://github.com/parse-community/parse-server/compare/3.4.4...3.5.0) > > - NEW: GraphQL Support [#5674](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5674), thanks to [Antonio Davi Macedo Coelho de Castro](https://github.com/davimacedo) > > [GraphQL Guide](https://github.com/parse-community/parse-server#graphql) > > - NEW: Sign in with Apple [#5694](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5694), thanks to [Diamond Lewis](https://github.com/dplewis) > - NEW: AppSecret to Facebook Auth [#5695](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5695), thanks to [Diamond Lewis](https://github.com/dplewis) > - NEW: Postgres: Regex support foreign characters [#5598](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5598), thanks to [Jeff Gu Kang](https://github.com/JeffGuKang) > - FIX: Winston Logger string interpolation [#5729](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5729), thanks to [Diamond Lewis](https://github.com/dplewis) > > ### 3.4.4 > [Full Changelog](https://github.com/parse-community/parse-server/compare/3.4.3...3.4.4) > > Fix: Commit changes > > ### 3.4.3 > [Full Changelog](https://github.com/parse-community/parse-server/compare/3.4.2...3.4.3) > > Fix: Use changes in master to travis configuration to enable pushing to npm and gh_pages. See diff for details. > > ### 3.4.2 > [Full Changelog](https://github.com/parse-community/parse-server/compare/3.4.1...3.4.2) > > Fix: In my haste to get a [Security Fix](https://github.com/parse-community/parse-server/security/advisories/GHSA-2479-qvv7-47qq) out, I added [8709daf](https://github.com/parse-community/parse-server/commit/8709daf698ea69b59268cb66f0f7cee75b52daa5) to master instead of to 3.4.1. This commit fixes that. [Arthur Cinader](https://github.com/acinader) > > ### 3.4.1 > [Full Changelog](https://github.com/parse-community/parse-server/compare/3.4.0...3.4.1) > > Security Fix: see Advisory: [GHSA-2479-qvv7-47q](https://github.com/parse-community/parse-server/security/advisories/GHSA-2479-qvv7-47qq) for details [8709daf](https://github.com/parse-community/parse-server/commit/8709daf698ea69b59268cb66f0f7cee75b52daa5). Big thanks to: [Benjamin Simonsson](https://github.com/BenniPlejd) for identifying the issue and promptly bringing it to the Parse Community's attention and also big thanks to the indefatigable [Diamond Lewis](https://github.com/dplewis) for crafting a failing test and then a solution within an hour of the report. > > ### 3.4.0 > [Full Changelog](https://github.com/parse-community/parse-server/compare/3.3.0...3.4.0) > - NEW: Aggregate supports group by date fields [#5538](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5538) thanks to [Antonio Davi Macedo Coelho de Castro](https://github.com/davimacedo) > - NEW: API for Read Preferences [#3963](https://github-redirect.dependabot.com/parse-community/parse-server/pull/3963) thanks to [Antonio Davi Macedo Coelho de Castro](https://github.com/davimacedo) > - NEW: Add Redis options for LiveQuery [#5584](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5584) thanks to [Diamond Lewis](https://github.com/dplewis) > - NEW: Add Direct Access option for Server Config [#5550](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5550) thanks to [Diamond Lewis](https://github.com/dplewis) > - FIX: updating mixed array in Postgres [#5552](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5552) thanks to [Diamond Lewis](https://github.com/dplewis) > - FIX: notEqualTo GeoPoint Query in Postgres [#5549](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5549), thanks to [Diamond Lewis](https://github.com/dplewis) > - FIX: put the timestamp back in logs that was lost after Winston upgrade [#5571](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5571), thanks to [Steven Rowe](https://github.com/mrowe009) and [Arthur Cinader](https://github.com/acinader) > - FIX: Validates permission before calling beforeSave [#5546](https://github-redirect.dependabot.com/parse-community/parse-server/pull/5546), thanks to [Antonio Davi Macedo Coelho de Castro](https://github.com/davimacedo) > ... (truncated)
Commits - [`26943de`](https://github.com/parse-community/parse-server/commit/26943de7785d5a3c2d4c8416bf7be9ea58521d98) Prepare 3.6.0 Release ([#5792](https://github-redirect.dependabot.com/parse-community/parse-server/issues/5792)) - [`2afaf00`](https://github.com/parse-community/parse-server/commit/2afaf00d1f60c998ccd7e24604add96dc9ca8dda) Bump lodash from 4.17.13 to 4.17.14 ([#5803](https://github-redirect.dependabot.com/parse-community/parse-server/issues/5803)) - [`b5b7181`](https://github.com/parse-community/parse-server/commit/b5b718196b45718502ba5bef46526887bf06e1d0) Bump lint-staged from 9.1.0 to 9.2.0 ([#5802](https://github-redirect.dependabot.com/parse-community/parse-server/issues/5802)) - [`5341b82`](https://github.com/parse-community/parse-server/commit/5341b8248f3f52b45296168d4b000ec30b6f0c96) Generate sessionToken with linkWith ([#5799](https://github-redirect.dependabot.com/parse-community/parse-server/issues/5799)) - [`9816285`](https://github.com/parse-community/parse-server/commit/981628520584b71608b3fff2aeb57db8b5ed3e1f) Added rest option: excludeKeys ([#5737](https://github-redirect.dependabot.com/parse-community/parse-server/issues/5737)) - [`378e70a`](https://github.com/parse-community/parse-server/commit/378e70afdc32fccb92bc4b38afbb6dcd83def36c) Fix [#5794](https://github-redirect.dependabot.com/parse-community/parse-server/issues/5794) ([#5797](https://github-redirect.dependabot.com/parse-community/parse-server/issues/5797)) - [`76ce9e1`](https://github.com/parse-community/parse-server/commit/76ce9e1a5cfc83bde1a747661733d2b992a96909) Run test that require db access ([#5796](https://github-redirect.dependabot.com/parse-community/parse-server/issues/5796)) - [`815b7c6`](https://github.com/parse-community/parse-server/commit/815b7c6e0514b6411c55a771a6cfbd92b9463489) Too much output! ([#5795](https://github-redirect.dependabot.com/parse-community/parse-server/issues/5795)) - [`af6c44e`](https://github.com/parse-community/parse-server/commit/af6c44eca43be24d93ed167722127c69d157edda) Handle LiveQuery create event with fields ([#5790](https://github-redirect.dependabot.com/parse-community/parse-server/issues/5790)) - [`08dbafe`](https://github.com/parse-community/parse-server/commit/08dbafe49a6007f361bad76a6a2bcb6b99be6cb7) Revert "Prepare for 3.6.0 Release" - Additional commits viewable in [compare view](https://github.com/parse-community/parse-server/compare/2.2.21...3.6.0)
Maintainer changes This version was pushed to npm by [acinader](https://www.npmjs.com/~acinader), a new releaser for parse-server since your current version.


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/gnu-lorien/yorick/network/alerts).
dependabot[bot] commented 4 years ago

Superseded by #196.