chore(deps): bump parse-server from 4.5.0 to 6.0.0

[dependabot]

Bumps parse-server from 4.5.0 to 6.0.0.

Release notes

Sourced from parse-server's releases.

6.0.0

6.0.0 (2023-01-31)

Bug Fixes

• ParseServer.verifyServerUrl may fail if server response headers are missing; remove unnecessary logging (#8391) (1c37a7c)
• Cloud Code trigger beforeSave does not work with Parse.Role (#8320) (f29d972)
• ES6 modules do not await the import of Cloud Code files (#8368) (a7bd180)
• Nested objects are encoded incorrectly for MongoDB (#8209) (1412666)
• Parse Server option masterKeyIps does not include localhost by default for IPv6 (#8322) (ab82635)
• Rate limiter may reject requests that contain a session token (#8399) (c114dc8)
• Remove Node 12 and Node 17 support (#8279) (2546cc8)
• Schema without class level permissions may cause error (#8409) (aa2cd51)
• The client IP address may be determined incorrectly in some cases; this fixes a security vulnerability in which the Parse Server option masterKeyIps may be circumvented, see GHSA-vm5r-c87r-pf6x (#8372) (892040d)
• Throwing error in Cloud Code Triggers afterLogin, afterLogout crashes server (#8280) (130d290)

Features

• Access the internal scope of Parse Server using the new maintenanceKey; the internal scope contains unofficial and undocumented fields (prefixed with underscore _) which are used internally by Parse Server; you may want to manipulate these fields for out-of-band changes such as data migration or correction tasks; changes within the internal scope of Parse Server may happen at any time without notice or changelog entry, it is therefore recommended to look at the source code of Parse Server to understand the effects of manipulating internal fields before using the key; it is discouraged to use the maintenanceKey for routine operations in a production environment; see access scopes (#8212) (f3bcc93)
• Adapt verifyServerUrl for new asynchronous Parse Server start-up states (#8366) (ffa4974)
• Add ParseQuery.watch to trigger LiveQuery only on update of specific fields (#8028) (fc92faa)
• Add Node 19 support (#8363) (a4990dc)
• Add option to change the log level of the logs emitted by triggers (#8328) (8f3b694)
• Add request rate limiter based on IP address (#8174) (6c79f6a)
• Asynchronous initialization of Parse Server (#8232) (99fcf45)
• Improve authentication adapter interface to support multi-factor authentication (MFA), authentication challenges, and provide a more powerful interface for writing custom authentication adapters (#8156) (5bbf9ca)
• Reduce Docker image size by improving stages (#8359) (40810b4)
• Remove deprecation DEPPS1: Native MongoDB syntax in aggregation pipeline (#8362) (d0d30c4)
• Remove deprecation DEPPS2: Config option directAccess defaults to true (#8284) (f535ee6)
• Remove deprecation DEPPS3: Config option enforcePrivateUsers defaults to true (#8283) (ed499e3)
• Remove deprecation DEPPS4: Remove convenience method for http request Parse.Cloud.httpRequest (#8287) (2d79c08)
• Remove support for MongoDB 4.0 (#8292) (37245f6)
• Restrict use of masterKey to localhost by default (#8281) (6c16021)
• Upgrade Node Package Manager lock file package-lock.json to version 2 (#8285) (ee72467)
• Upgrade Redis 3 to 4 (#8293) (7d622f0)
• Upgrade Redis 3 to 4 for LiveQuery (#8333) (b2761fb)
• Upgrade to Parse JavaScript SDK 4 (#8332) (9092874)
• Write log entry when request with master key is rejected as outside of masterKeyIps (#8350) (e22b73d)

BREAKING CHANGES

• The Docker image does not contain the git dependency anymore; if you have been using git as a transitive dependency it now needs to be explicitly installed in your Docker file, for example with RUN apk --no-cache add git (#8359) (https://github.com/parse-community/parse-server/blob/HEAD/40810b4)
• Fields in the internal scope of Parse Server (prefixed with underscore _) are only returned using the new maintenanceKey; previously the masterKey allowed reading of internal fields; see access scopes for a comparison of the keys' access permissions (#8212) (https://github.com/parse-community/parse-server/blob/HEAD/f3bcc93)
• The method ParseServer.verifyServerUrl now returns a promise instead of a callback. (https://github.com/parse-community/parse-server/blob/HEAD/ffa4974)
• The MongoDB aggregation pipeline requires native MongoDB syntax instead of the custom Parse Server syntax; for example pipeline stage names require a leading dollar sign like $match and the MongoDB document ID is referenced using _id instead of objectId (#8362) (https://github.com/parse-community/parse-server/blob/HEAD/d0d30c4)
• The mechanism to determine the client IP address has been rewritten; to correctly determine the IP address it is now required to set the Parse Server option trustProxy accordingly if Parse Server runs behind a proxy server, see the express framework's trust proxy setting (#8372) (https://github.com/parse-community/parse-server/blob/HEAD/892040d)
• The Node Package Manager lock file package-lock.json is upgraded to version 2; while it is backwards with version 1 for the npm installer, consider this if you run any non-npm analysis tools that use the lock file (#8285) (https://github.com/parse-community/parse-server/blob/HEAD/ee72467)
• This release introduces the asynchronous initialization of Parse Server to prevent mounting Parse Server before being ready to receive request; it changes how Parse Server is imported, initialized and started; it also removes the callback serverStartComplete; see the Parse Server 6 migration guide for more details (#8232) (https://github.com/parse-community/parse-server/blob/HEAD/99fcf45)

... (truncated)

Commits

• f7eee19 chore(release): 6.0.0 [skip ci]
• c99adfa build: Release (#8415)
• 301459d chore(release): 6.0.0-beta.1 [skip ci]
• 7a0949c build: Release beta (#8414)
• 39a074f Merge branch 'beta' into build-release-beta
• ab181ad refactor: Upgrade to latest Parse JS SDK dependency (#8413)
• 9ed42d7 docs: Consolidate LICENSE and PATENTS clauses into Apache 2.0 (#8408)
• 8b97988 chore(release): 6.0.0-alpha.30 [skip ci]
• aa2cd51 fix: Schema without class level permissions may cause error (#8409)
• cf6966f docs: Update README LTS references (#8407)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by parseadmin, a new releaser for parse-server since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[nx-cloud]

☁️ Nx Cloud Report

We didn't find any information for the current pull request with the commit fed5ef4.
You might need to set the 'NX_BRANCH' environment variable in your CI pipeline.

Check the Nx Cloud Github Integration documentation for more information.

---

Sent with 💌 from NxCloud.