Skip to content

Commit 3b18349

Browse files
authored
Merge pull request #14 from kiarza2543/snyk-fix-e662456fc2b33f0b14bff3dadbfd8e78
[Snyk] Security upgrade @graphql-yoga/node from 2.6.0 to 2.13.5
2 parents e093a8b + 20a875b commit 3b18349

File tree

12 files changed

+327
-144
lines changed

12 files changed

+327
-144
lines changed

changelogs/CHANGELOG_alpha.md

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,24 @@
1+
# [6.4.0-alpha.7](https://github.com/parse-community/parse-server/compare/6.4.0-alpha.6...6.4.0-alpha.7) (2023-10-25)
2+
3+
4+
### Features
5+
6+
* Add `$setOnInsert` operator to `Parse.Server.database.update` ([#8791](https://github.com/parse-community/parse-server/issues/8791)) ([f630a45](https://github.com/parse-community/parse-server/commit/f630a45aa5e87bc73a81fded061400c199b71a29))
7+
8+
# [6.4.0-alpha.6](https://github.com/parse-community/parse-server/compare/6.4.0-alpha.5...6.4.0-alpha.6) (2023-10-18)
9+
10+
11+
### Bug Fixes
12+
13+
* Security bump @babel/traverse from 7.20.5 to 7.23.2 ([#8777](https://github.com/parse-community/parse-server/issues/8777)) ([2d6b3d1](https://github.com/parse-community/parse-server/commit/2d6b3d18499179e99be116f25c0850d3f449509c))
14+
15+
# [6.4.0-alpha.5](https://github.com/parse-community/parse-server/compare/6.4.0-alpha.4...6.4.0-alpha.5) (2023-10-14)
16+
17+
18+
### Bug Fixes
19+
20+
* Context not passed to Cloud Code Trigger `beforeFind` when using `Parse.Query.include` ([#8765](https://github.com/parse-community/parse-server/issues/8765)) ([7d32d89](https://github.com/parse-community/parse-server/commit/7d32d8934f3ae7af7a7d8b9cc6a829c7d73973d3))
21+
122
# [6.4.0-alpha.4](https://github.com/parse-community/parse-server/compare/6.4.0-alpha.3...6.4.0-alpha.4) (2023-09-29)
223

324

package-lock.json

Lines changed: 152 additions & 138 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
{
22
"name": "parse-server",
3-
"version": "6.4.0-alpha.4",
3+
"version": "6.4.0-alpha.7",
44
"description": "An express module providing a Parse-compatible API server",
55
"main": "lib/index.js",
66
"repository": {
@@ -23,7 +23,7 @@
2323
"@graphql-tools/merge": "8.4.1",
2424
"@graphql-tools/schema": "9.0.4",
2525
"@graphql-tools/utils": "8.12.0",
26-
"@graphql-yoga/node": "2.6.0",
26+
"@graphql-yoga/node": "2.13.5",
2727
"@parse/fs-files-adapter": "1.2.2",
2828
"@parse/push-adapter": "4.2.0",
2929
"bcryptjs": "2.4.3",

spec/.eslintrc.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
"equal": true,
1616
"expectAsync": true,
1717
"notEqual": true,
18+
"it_id": true,
1819
"it_only_db": true,
1920
"it_only_mongodb_version": true,
2021
"it_only_postgres_version": true,

spec/CloudCode.spec.js

Lines changed: 25 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2510,6 +2510,31 @@ describe('beforeFind hooks', () => {
25102510
expect(res2.get('pointerFieldArray')[0].get('aField')).toBe('aFieldValue');
25112511
expect(spy).toHaveBeenCalledTimes(2);
25122512
});
2513+
2514+
it('should have access to context in include query in beforeFind hook', async () => {
2515+
let beforeFindTestObjectCalled = false;
2516+
let beforeFindTestObject2Called = false;
2517+
const obj1 = new Parse.Object('TestObject');
2518+
const obj2 = new Parse.Object('TestObject2');
2519+
obj2.set('aField', 'aFieldValue');
2520+
await obj2.save();
2521+
obj1.set('pointerField', obj2);
2522+
await obj1.save();
2523+
Parse.Cloud.beforeFind('TestObject', req => {
2524+
expect(req.context).toBeDefined();
2525+
expect(req.context.a).toEqual('a');
2526+
beforeFindTestObjectCalled = true;
2527+
});
2528+
Parse.Cloud.beforeFind('TestObject2', req => {
2529+
expect(req.context).toBeDefined();
2530+
expect(req.context.a).toEqual('a');
2531+
beforeFindTestObject2Called = true;
2532+
});
2533+
const query = new Parse.Query('TestObject');
2534+
await query.include('pointerField').find({ context: { a: 'a' } });
2535+
expect(beforeFindTestObjectCalled).toBeTrue();
2536+
expect(beforeFindTestObject2Called).toBeTrue();
2537+
});
25132538
});
25142539

25152540
describe('afterFind hooks', () => {

spec/MongoStorageAdapter.spec.js

Lines changed: 55 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -254,6 +254,61 @@ describe_only_db('mongo')('MongoStorageAdapter', () => {
254254
expect(obj.get('foo').test.date[0] instanceof Date).toBeTrue();
255255
});
256256

257+
it('upserts with $setOnInsert', async () => {
258+
const uuid = require('uuid');
259+
const uuid1 = uuid.v4();
260+
const uuid2 = uuid.v4();
261+
const schema = {
262+
className: 'MyClass',
263+
fields: {
264+
x: { type: 'Number' },
265+
count: { type: 'Number' },
266+
},
267+
classLevelPermissions: {},
268+
};
269+
270+
const myClassSchema = new Parse.Schema(schema.className);
271+
myClassSchema.setCLP(schema.classLevelPermissions);
272+
await myClassSchema.save();
273+
274+
const query = {
275+
x: 1,
276+
};
277+
const update = {
278+
objectId: {
279+
__op: 'SetOnInsert',
280+
amount: uuid1,
281+
},
282+
count: {
283+
__op: 'Increment',
284+
amount: 1,
285+
},
286+
};
287+
await Parse.Server.database.update(
288+
'MyClass',
289+
query,
290+
update,
291+
{ upsert: true },
292+
);
293+
update.objectId.amount = uuid2;
294+
await Parse.Server.database.update(
295+
'MyClass',
296+
query,
297+
update,
298+
{ upsert: true },
299+
);
300+
301+
const res = await Parse.Server.database.find(
302+
schema.className,
303+
{},
304+
{},
305+
);
306+
expect(res.length).toBe(1);
307+
expect(res[0].objectId).toBe(uuid1);
308+
expect(res[0].count).toBe(2);
309+
expect(res[0].x).toBe(1);
310+
});
311+
257312
it('handles updating a single object with array, object date', done => {
258313
const adapter = new MongoStorageAdapter({ uri: databaseURI });
259314

spec/ParseFile.spec.js

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1432,6 +1432,34 @@ describe('Parse.File testing', () => {
14321432
}
14331433
});
14341434

1435+
it('allows file without extension', async () => {
1436+
await reconfigureServer({
1437+
fileUpload: {
1438+
enableForPublic: true,
1439+
fileExtensions: ['^[^hH][^tT][^mM][^lL]?$'],
1440+
},
1441+
});
1442+
const headers = {
1443+
'X-Parse-Application-Id': 'test',
1444+
'X-Parse-REST-API-Key': 'rest',
1445+
};
1446+
1447+
const values = ['filenamewithoutextension'];
1448+
1449+
for (const value of values) {
1450+
await expectAsync(
1451+
request({
1452+
method: 'POST',
1453+
headers: headers,
1454+
url: `http://localhost:8378/1/files/${value}`,
1455+
body: '<html></html>\n',
1456+
}).catch(e => {
1457+
throw new Error(e.data.error);
1458+
})
1459+
).toBeResolved();
1460+
}
1461+
});
1462+
14351463
it('works with array', async () => {
14361464
await reconfigureServer({
14371465
fileUpload: {

spec/helper.js

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -428,6 +428,29 @@ global.it_exclude_dbs = excluded => {
428428
}
429429
};
430430

431+
let testExclusionList = [];
432+
try {
433+
// Fetch test exclusion list
434+
testExclusionList = require('./testExclusionList.json');
435+
console.log(`Using test exclusion list with ${testExclusionList.length} entries`);
436+
} catch(error) {
437+
if(error.code !== 'MODULE_NOT_FOUND') {
438+
throw error;
439+
}
440+
}
441+
442+
// Disable test if its UUID is found in testExclusionList
443+
global.it_id = (id, func) => {
444+
if (testExclusionList.includes(id)) {
445+
return xit;
446+
} else {
447+
if(func === undefined)
448+
return it;
449+
else
450+
return func;
451+
}
452+
};
453+
431454
global.it_only_db = db => {
432455
if (
433456
process.env.PARSE_SERVER_TEST_DB === db ||

src/Adapters/Storage/Mongo/MongoTransform.js

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -986,6 +986,13 @@ function transformUpdateOperator({ __op, amount, objects }, flatten) {
986986
return { __op: '$inc', arg: amount };
987987
}
988988

989+
case 'SetOnInsert':
990+
if (flatten) {
991+
return amount;
992+
} else {
993+
return { __op: '$setOnInsert', arg: amount };
994+
}
995+
989996
case 'Add':
990997
case 'AddUnique':
991998
if (!(objects instanceof Array)) {

src/Controllers/DatabaseController.js

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -279,6 +279,9 @@ const flattenUpdateOperatorsForCreate = object => {
279279
}
280280
object[key] = object[key].amount;
281281
break;
282+
case 'SetOnInsert':
283+
object[key] = object[key].amount;
284+
break;
282285
case 'Add':
283286
if (!(object[key].objects instanceof Array)) {
284287
throw new Parse.Error(Parse.Error.INVALID_JSON, 'objects to add must be an array');
@@ -1817,7 +1820,7 @@ class DatabaseController {
18171820
keyUpdate &&
18181821
typeof keyUpdate === 'object' &&
18191822
keyUpdate.__op &&
1820-
['Add', 'AddUnique', 'Remove', 'Increment'].indexOf(keyUpdate.__op) > -1
1823+
['Add', 'AddUnique', 'Remove', 'Increment', 'SetOnInsert'].indexOf(keyUpdate.__op) > -1
18211824
) {
18221825
// only valid ops that produce an actionable result
18231826
// the op may have happened on a keypath

0 commit comments

Comments
 (0)