Skip to content

Commit

Permalink
build: Release (#9319)
Browse files Browse the repository at this point in the history
  • Loading branch information
mtrezza authored Oct 3, 2024
2 parents 1979de0 + 7298641 commit 388cd3e
Show file tree
Hide file tree
Showing 86 changed files with 4,147 additions and 3,866 deletions.
40 changes: 22 additions & 18 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ on:
paths-ignore:
- '**/**.md'
env:
NODE_VERSION: 20.12.0
NODE_VERSION: 22.4.1
PARSE_SERVER_TEST_TIMEOUT: 20000
jobs:
check-code-analysis:
Expand Down Expand Up @@ -143,35 +143,39 @@ jobs:
- name: MongoDB 4.2, ReplicaSet
MONGODB_VERSION: 4.2.25
MONGODB_TOPOLOGY: replset
NODE_VERSION: 20.12.0
NODE_VERSION: 22.4.1
- name: MongoDB 4.4, ReplicaSet
MONGODB_VERSION: 4.4.29
MONGODB_TOPOLOGY: replset
NODE_VERSION: 20.12.0
NODE_VERSION: 22.4.1
- name: MongoDB 5, ReplicaSet
MONGODB_VERSION: 5.0.26
MONGODB_TOPOLOGY: replset
NODE_VERSION: 20.12.0
NODE_VERSION: 22.4.1
- name: MongoDB 6, ReplicaSet
MONGODB_VERSION: 6.0.14
MONGODB_TOPOLOGY: replset
NODE_VERSION: 20.12.0
NODE_VERSION: 22.4.1
- name: MongoDB 7, ReplicaSet
MONGODB_VERSION: 7.0.8
MONGODB_TOPOLOGY: replset
NODE_VERSION: 20.12.0
NODE_VERSION: 22.4.1
- name: Redis Cache
PARSE_SERVER_TEST_CACHE: redis
MONGODB_VERSION: 7.0.8
MONGODB_TOPOLOGY: standalone
NODE_VERSION: 20.12.0
NODE_VERSION: 22.4.1
- name: Node 20
MONGODB_VERSION: 7.0.8
MONGODB_TOPOLOGY: standalone
NODE_VERSION: 20.15.1
- name: Node 18
MONGODB_VERSION: 7.0.8
MONGODB_TOPOLOGY: standalone
NODE_VERSION: 18.20.0
NODE_VERSION: 18.20.4
fail-fast: false
name: ${{ matrix.name }}
timeout-minutes: 15
timeout-minutes: 20
runs-on: ubuntu-latest
services:
redis:
Expand Down Expand Up @@ -217,28 +221,28 @@ jobs:
include:
- name: PostgreSQL 13, PostGIS 3.1
POSTGRES_IMAGE: postgis/postgis:13-3.1
NODE_VERSION: 20.12.0
NODE_VERSION: 22.4.1
- name: PostgreSQL 13, PostGIS 3.2
POSTGRES_IMAGE: postgis/postgis:13-3.2
NODE_VERSION: 20.12.0
NODE_VERSION: 22.4.1
- name: PostgreSQL 13, PostGIS 3.3
POSTGRES_IMAGE: postgis/postgis:13-3.3
NODE_VERSION: 20.12.0
NODE_VERSION: 22.4.1
- name: PostgreSQL 13, PostGIS 3.4
POSTGRES_IMAGE: postgis/postgis:13-3.4
NODE_VERSION: 20.12.0
NODE_VERSION: 22.4.1
- name: PostgreSQL 14, PostGIS 3.4
POSTGRES_IMAGE: postgis/postgis:14-3.4
NODE_VERSION: 20.12.0
NODE_VERSION: 22.4.1
- name: PostgreSQL 15, PostGIS 3.4
POSTGRES_IMAGE: postgis/postgis:15-3.4
NODE_VERSION: 20.12.0
NODE_VERSION: 22.4.1
- name: PostgreSQL 16, PostGIS 3.4
POSTGRES_IMAGE: postgis/postgis:15-3.4
NODE_VERSION: 20.12.0
POSTGRES_IMAGE: postgis/postgis:16-3.4
NODE_VERSION: 22.4.1
fail-fast: false
name: ${{ matrix.name }}
timeout-minutes: 15
timeout-minutes: 20
runs-on: ubuntu-latest
services:
redis:
Expand Down
3 changes: 1 addition & 2 deletions .nvmrc
Original file line number Diff line number Diff line change
@@ -1,2 +1 @@
10.14.2

20.15.0
21 changes: 18 additions & 3 deletions CONTRIBUTING.md
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
- [Reverting](#reverting)
- [Security Vulnerability](#security-vulnerability)
- [Local Testing](#local-testing)
- [Environment](#environment)
- [Merging](#merging-1)
- [Releasing](#releasing)
- [General Considerations](#general-considerations)
Expand Down Expand Up @@ -499,19 +500,33 @@ If the commit reverts a previous commit, use the prefix `revert:`, followed by t
#### Local Testing
Fixes for securify vulnerabilities are developed in private forks with a closed audience, inaccessible to the public. A current GitHub limitation does not allow to run CI tests on pull requests in private forks. Whether a pull requests fully passes all CI tests can only be determined by publishing the fix as a public pull request and running the CI. This means the fix and implicitly information about the vulnerabilty are made accessible to the public. This increases the risk that a vulnerability fix is published, but then cannot be merged immediately due to a CI issue. To mitigate that risk, before publishing a vulnerability fix, the following tests needs to be run locally and pass:
Fixes for security vulnerabilities are developed in private forks with a closed audience, inaccessible to the public. A current GitHub limitation does not allow to run CI tests on pull requests in private forks. Whether a pull requests fully passes all CI tests can only be determined by publishing the fix as a public pull request and running the CI. This means the fix and implicitly information about the vulnerability are made accessible to the public. This increases the risk that a vulnerability fix is published, but then cannot be merged immediately due to a CI issue. To mitigate that risk, before publishing a vulnerability fix, the following tests needs to be run locally and pass:
- `npm run test` (MongoDB)
- `npm run test` (Postgres)
- `npm run madge:circular` (circular dependencies)
- `npm run lint` (Lint)
- `npm run definitions` (Parse Server options definitions)
#### Environment
A reported vulnerability may have already been fixed since it was reported, either due to a targeted fix or as side-effect of other code changed. To verify that a vulnerability exists, tests need to be run in an environment that uses the latest commit of the development branch of Parse Server.
> [!NOTE]
> Do not use the latest alpha version for testing as it may be behind the latest commit of the development branch.
Vulnerability test must only be conducted in environments for which the tester can ensure that no unauthorized 3rd party has potentially access to. This is to ensure a vulnerability stays confidential and is not exposed prematurely to the public.
You must not test a vulnerability using any 3rd party APIs that provide Parse Server as a hosted service (SaaS) as this may expose the vulnerability to an unauthorized 3rd party and the effects of the vulnerability may cause issues on the provider's side.
> [!CAUTION]
> Utilizing a vulnerability in a third-party service, even for testing or development purposes, can result in legal repercussions. You are solely accountable for any damage arising from such actions and agree to indemnify Parse Platform against any liabilities or claims resulting from your actions.
#### Merging
A current GitHub limitation does not allow to customize the commit message when merging pull requests of a private fork that was created to fix a security vulnerabilty. Our release automation framework demands a specific commit message syntax which therefore cannot be met. This prohibits to follow the process that GitHub suggest, which is to merge a pull request from a private fork directly to a public branch. Instead, after [local testing](#local-testing), a public pull request needs to be created with the code fix copied over from the private pull request.
A current GitHub limitation does not allow to customize the commit message when merging pull requests of a private fork that was created to fix a security vulnerability. Our release automation framework demands a specific commit message syntax which therefore cannot be met. This prohibits to follow the process that GitHub suggest, which is to merge a pull request from a private fork directly to a public branch. Instead, after [local testing](#local-testing), a public pull request needs to be created with the code fix copied over from the private pull request.
This creates a risk that a vulnerability is indirectly disclosed by publishing a pull request with the fix, but the fix cannot be merged due to a CI issue. To mitigate that risk, the pull request title and description should be kept marginal or generic, not hiting to a vulnerabilty or giving any details about the vulnerabilty, until the pull request has been successfully merged.
This creates a risk that a vulnerability is indirectly disclosed by publishing a pull request with the fix, but the fix cannot be merged due to a CI issue. To mitigate that risk, the pull request title and description should be kept marginal or generic, not hinting to a vulnerability or giving any details about the vulnerability, until the pull request has been successfully merged.
## Releasing
Expand Down
35 changes: 19 additions & 16 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,14 @@

---

[![Build Status](https://github.com/parse-community/parse-server/workflows/ci/badge.svg?branch=alpha)](https://github.com/parse-community/parse-server/actions?query=workflow%3Aci+branch%3Aalpha)
[![Build Status](https://github.com/parse-community/parse-server/workflows/ci/badge.svg?branch=beta)](https://github.com/parse-community/parse-server/actions?query=workflow%3Aci+branch%3Abeta)
[![Build Status](https://github.com/parse-community/parse-server/workflows/ci/badge.svg?branch=release)](https://github.com/parse-community/parse-server/actions?query=workflow%3Aci+branch%3Arelease)
[![Build Status](https://github.com/parse-community/parse-server/actions/workflows/ci.yml/badge.svg?branch=alpha)](https://github.com/parse-community/parse-server/actions/workflows/ci.yml?query=workflow%3Aci+branch%3Aalpha)
[![Build Status](https://github.com/parse-community/parse-server/actions/workflows/ci.yml/badge.svg?branch=beta)](https://github.com/parse-community/parse-server/actions/workflows/ci.yml?query=workflow%3Aci+branch%3Abeta)
[![Build Status](https://github.com/parse-community/parse-server/actions/workflows/ci.yml/badge.svg?branch=release)](https://github.com/parse-community/parse-server/actions/workflows/ci.yml?query=workflow%3Aci+branch%3Arelease)
[![Snyk Badge](https://snyk.io/test/github/parse-community/parse-server/badge.svg)](https://snyk.io/test/github/parse-community/parse-server)
[![Coverage](https://codecov.io/github/parse-community/parse-server/branch/alpha/graph/badge.svg)](https://app.codecov.io/github/parse-community/parse-server/tree/alpha)
[![auto-release](https://img.shields.io/badge/%F0%9F%9A%80-auto--release-9e34eb.svg)](https://github.com/parse-community/parse-dashboard/releases)

[![Node Version](https://img.shields.io/badge/nodejs-18,_20-green.svg?logo=node.js&style=flat)](https://nodejs.org)
[![Node Version](https://img.shields.io/badge/nodejs-18,_20,_22-green.svg?logo=node.js&style=flat)](https://nodejs.org)
[![MongoDB Version](https://img.shields.io/badge/mongodb-4.2,_4.4,_5,_6,_7-green.svg?logo=mongodb&style=flat)](https://www.mongodb.com)
[![Postgres Version](https://img.shields.io/badge/postgresql-13,_14,_15,_16-green.svg?logo=postgresql&style=flat)](https://www.postgresql.org)

Expand Down Expand Up @@ -129,20 +129,21 @@ Parse Server is continuously tested with the most recent releases of Node.js to

| Version | Latest Version | End-of-Life | Compatible |
|------------|----------------|-------------|------------|
| Node.js 18 | 18.20.0 | April 2025 | ✅ Yes |
| Node.js 20 | 20.12.0 | April 2026 | ✅ Yes |
| Node.js 18 | 18.20.4 | April 2025 | ✅ Yes |
| Node.js 20 | 20.15.1 | April 2026 | ✅ Yes |
| Node.js 22 | 22.4.1 | April 2027 | ✅ Yes |

#### MongoDB

Parse Server is continuously tested with the most recent releases of MongoDB to ensure compatibility. We follow the [MongoDB support schedule](https://www.mongodb.com/support-policy) and [MongoDB lifecycle schedule](https://www.mongodb.com/support-policy/lifecycles) and only test against versions that are officially supported and have not reached their end-of-life date. MongoDB "rapid releases" are ignored as these are considered pre-releases of the next major version.

| Version | Latest Version | End-of-Life | Compatible |
| ----------- | -------------- | ------------- | ---------- |
| MongoDB 4.2 | 4.2.25 | April 2023 | ✅ Yes |
| MongoDB 4.4 | 4.4.29 | February 2024 | ✅ Yes |
| MongoDB 5 | 5.0.26 | October 2024 | ✅ Yes |
| MongoDB 6 | 6.0.14 | July 2025 | ✅ Yes |
| MongoDB 7 | 7.0.8 | TDB | ✅ Yes |
|-------------|----------------|---------------|------------|
| MongoDB 4.2 | 4.2.25 | April 2023 | ✅ Yes |
| MongoDB 4.4 | 4.4.29 | February 2024 | ✅ Yes |
| MongoDB 5 | 5.0.26 | October 2024 | ✅ Yes |
| MongoDB 6 | 6.0.14 | July 2025 | ✅ Yes |
| MongoDB 7 | 7.0.8 | TDB | ✅ Yes |

#### PostgreSQL

Expand Down Expand Up @@ -275,6 +276,7 @@ We have provided a basic [Node.js application](https://github.com/parse-communit
* [Back4app](https://www.back4app.com/docs/get-started/welcome)
* [Glitch](https://glitch.com/edit/#!/parse-server)
* [Flynn](https://flynn.io/blog/parse-apps-on-flynn)
* [Elestio](https://elest.io/open-source/parse)

### Parse Server + Express

Expand Down Expand Up @@ -305,7 +307,7 @@ app.listen(1337, function() {
});
```

For a full list of available options, run `parse-server --help` or take a look at [Parse Server Configurations](http://parseplatform.org/parse-server/api/master/ParseServerOptions.html).
For a full list of available options, run `parse-server --help` or take a look at [Parse Server Configurations][server-options].

## Parse Server Health

Expand All @@ -332,7 +334,7 @@ The response looks like this:

Parse Server can be configured using the following options. You may pass these as parameters when running a standalone `parse-server`, or by loading a configuration file in JSON format using `parse-server path/to/configuration.json`. If you're using Parse Server on Express, you may also pass these to the `ParseServer` object as options.

For the full list of available options, run `parse-server --help` or take a look at [Parse Server Configurations](http://parseplatform.org/parse-server/api/master/ParseServerOptions.html).
For the full list of available options, run `parse-server --help` or take a look at [Parse Server Configurations][server-options].

## Basic Options

Expand Down Expand Up @@ -366,7 +368,7 @@ The client keys used with Parse are no longer necessary with Parse Server. If yo

## Email Verification and Password Reset

Verifying user email addresses and enabling password reset via email requires an email adapter. There are many email adapters provided and maintained by the community. The following is an example configuration with an example email adapter. See the [Parse Server Options](https://parseplatform.org/parse-server/api/master/ParseServerOptions.html) for more details and a full list of available options.
Verifying user email addresses and enabling password reset via email requires an email adapter. There are many email adapters provided and maintained by the community. The following is an example configuration with an example email adapter. See the [Parse Server Options][server-options] for more details and a full list of available options.

```js
const server = ParseServer({
Expand Down Expand Up @@ -406,7 +408,7 @@ Email adapters contributed by the community:

## Password and Account Policy

Set a password and account policy that meets your security requirements. The following is an example configuration. See the [Parse Server Options](https://parseplatform.org/parse-server/api/master/ParseServerOptions.html) for more details and a full list of available options.
Set a password and account policy that meets your security requirements. The following is an example configuration. See the [Parse Server Options][server-options] for more details and a full list of available options.

```js
const server = ParseServer({
Expand Down Expand Up @@ -1206,3 +1208,4 @@ Support us with a monthly donation and help us continue our activities. [Become
[log_release]: https://github.com/parse-community/parse-server/blob/release/changelogs/CHANGELOG_release.md
[log_beta]: https://github.com/parse-community/parse-server/blob/beta/changelogs/CHANGELOG_beta.md
[log_alpha]: https://github.com/parse-community/parse-server/blob/alpha/changelogs/CHANGELOG_alpha.md
[server-options] http://parseplatform.org/parse-server/api/release/ParseServerOptions.html
63 changes: 63 additions & 0 deletions changelogs/CHANGELOG_alpha.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,66 @@
# [7.3.0-alpha.9](https://github.com/parse-community/parse-server/compare/7.3.0-alpha.8...7.3.0-alpha.9) (2024-10-03)


### Bug Fixes

* Custom object ID allows to acquire role privileges ([GHSA-8xq9-g7ch-35hg](https://github.com/parse-community/parse-server/security/advisories/GHSA-8xq9-g7ch-35hg)) ([#9317](https://github.com/parse-community/parse-server/issues/9317)) ([13ee52f](https://github.com/parse-community/parse-server/commit/13ee52f0d19ef3a3524b3d79aea100e587eb3cfc))

# [7.3.0-alpha.8](https://github.com/parse-community/parse-server/compare/7.3.0-alpha.7...7.3.0-alpha.8) (2024-09-25)


### Bug Fixes

* Security upgrade path-to-regexp from 6.2.1 to 6.3.0 ([#9314](https://github.com/parse-community/parse-server/issues/9314)) ([8b7fe69](https://github.com/parse-community/parse-server/commit/8b7fe699c1c376ecd8cc1c97cce8e704ee41f28a))

# [7.3.0-alpha.7](https://github.com/parse-community/parse-server/compare/7.3.0-alpha.6...7.3.0-alpha.7) (2024-08-27)


### Features

* Add support for asynchronous invocation of `FilesAdapter.getFileLocation` ([#9271](https://github.com/parse-community/parse-server/issues/9271)) ([1a2da40](https://github.com/parse-community/parse-server/commit/1a2da4055abe831b3017172fb75e16d7a8093873))

# [7.3.0-alpha.6](https://github.com/parse-community/parse-server/compare/7.3.0-alpha.5...7.3.0-alpha.6) (2024-07-20)


### Features

* Add Cloud Code triggers `Parse.Cloud.beforeSave` and `Parse.Cloud.afterSave` for Parse Config ([#9232](https://github.com/parse-community/parse-server/issues/9232)) ([90a1e4a](https://github.com/parse-community/parse-server/commit/90a1e4a200423d644efb3f0ba2fba4b99f5cf954))

# [7.3.0-alpha.5](https://github.com/parse-community/parse-server/compare/7.3.0-alpha.4...7.3.0-alpha.5) (2024-07-18)


### Bug Fixes

* Parse Server option `maxLogFiles` doesn't recognize day duration literals such as `1d` to mean 1 day ([#9215](https://github.com/parse-community/parse-server/issues/9215)) ([0319cee](https://github.com/parse-community/parse-server/commit/0319cee2dbf65e90bad377af1ed14ea25c595bf5))

# [7.3.0-alpha.4](https://github.com/parse-community/parse-server/compare/7.3.0-alpha.3...7.3.0-alpha.4) (2024-07-18)


### Features

* Add atomic operations for Cloud Config parameters ([#9219](https://github.com/parse-community/parse-server/issues/9219)) ([35cadf9](https://github.com/parse-community/parse-server/commit/35cadf9b8324879fb7309ba5d7ea46f2c722d614))

# [7.3.0-alpha.3](https://github.com/parse-community/parse-server/compare/7.3.0-alpha.2...7.3.0-alpha.3) (2024-07-17)


### Bug Fixes

* Parse Server installation fails due to post install script incorrectly parsing required min. Node version ([#9216](https://github.com/parse-community/parse-server/issues/9216)) ([0fa82a5](https://github.com/parse-community/parse-server/commit/0fa82a54fe38ec14e8054339285d3db71a8624c8))

# [7.3.0-alpha.2](https://github.com/parse-community/parse-server/compare/7.3.0-alpha.1...7.3.0-alpha.2) (2024-07-17)


### Bug Fixes

* Parse Server `databaseOptions` nested keys incorrectly identified as invalid ([#9213](https://github.com/parse-community/parse-server/issues/9213)) ([77206d8](https://github.com/parse-community/parse-server/commit/77206d804443cfc1618c24f8961bd677de9920c0))

# [7.3.0-alpha.1](https://github.com/parse-community/parse-server/compare/7.2.0...7.3.0-alpha.1) (2024-07-09)


### Features

* Add Node 22 support ([#9187](https://github.com/parse-community/parse-server/issues/9187)) ([7778471](https://github.com/parse-community/parse-server/commit/7778471999c7e42236ce404229660d80ecc2acd6))

# [7.1.0-alpha.16](https://github.com/parse-community/parse-server/compare/7.1.0-alpha.15...7.1.0-alpha.16) (2024-07-08)


Expand Down
Loading

0 comments on commit 388cd3e

Please sign in to comment.