fix: Security upgrade @apollo/server from 4.12.1 to 4.13.0#10082
fix: Security upgrade @apollo/server from 4.12.1 to 4.13.0#10082rjcodedev wants to merge 4 commits intoparse-community:release-8.x.xfrom
Conversation
Signed-off-by: Prafull <87638003+rjcodedev@users.noreply.github.com>
Signed-off-by: Prafull <87638003+rjcodedev@users.noreply.github.com>
|
🚀 Thanks for opening this pull request! |
|
Important Review skippedAuto reviews are disabled on base/target branches other than the default branch. Please check the settings in the CodeRabbit UI or the You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
✅ Snyk checks have passed. No issues have been found so far.
💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse. |
| @@ -1,6 +1,6 @@ | |||
| { | |||
| "name": "parse-server", | |||
| "version": "8.6.3", | |||
There was a problem hiding this comment.
Revert and regenerate lock file
There was a problem hiding this comment.
Can you tell me what's the problem? because after regenerate same changes.
do you want me to keep same version 8.6.3?
There was a problem hiding this comment.
You cannot make any changes to the server version. This is managed automatically on release.
There was a problem hiding this comment.
@coderabbitai you must never approve manual changes in the npm package version. The package version is managed and bumped automatically by semantic-release during the release workflow.
There was a problem hiding this comment.
@mtrezza, understood! I will never approve manual changes to the npm package version in package.json. I've noted that the package version is managed automatically by semantic-release during the release workflow and should not be modified manually in pull requests.
✏️ Learnings added
Learnt from: mtrezza
Repo: parse-community/parse-server PR: 10082
File: package.json:3-3
Timestamp: 2026-02-28T15:22:50.748Z
Learning: In the parse-community/parse-server repository, manual changes to the npm package version in package.json should never be approved. The package version is managed and bumped automatically by semantic-release during the release workflow.
Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.
🧠 Learnings used
Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-12-02T08:00:08.440Z
Learning: For Parse Server 9 release preparation, the parse/push-adapter dependency should be upgraded to version >= 8.0.0, not 7.x, as version 8.x is required despite dropping Node 18 support (which aligns with Parse Server 9's removal of EOL Node versions).
Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-12-02T08:00:20.138Z
Learning: For Parse Server 9 release (PR `#9938` and related), the parse/push-adapter dependency must be upgraded to version >= 8.0.0, not 7.0.0. Version 8.x drops support for Node 18.
Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-11-08T13:46:04.940Z
Learning: For new Parse Server options, verify that the option is documented in src/Options/index.js and that npm run definitions has been executed to reflect changes in src/Options/docs.js and src/Options/Definitions.js. README.md documentation is a bonus but not required for new options.
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Check the git diff for package.json to see if version was changed
git diff origin/alpha -- package.json | head -20
# Also check what the version is in the base branch (alpha)
git show origin/alpha:package.json | grep -A 1 '"version"'
# And check what the version is in the current branch
grep -A 1 '"version"' package.json
Length of output: 667
@mtrezza, the issue is NOT resolved. The PR is still manually changing the version field in package.json:
- Base branch (alpha):
"version": "9.4.0-alpha.2" - This PR:
"version": "8.6.3"
The version needs to be reverted back to "9.4.0-alpha.2" to match the base branch. The version field must not be modified manually in this PR, as it's managed automatically by semantic-release during the release workflow.
🧠 Learnings used
Learnt from: mtrezza
Repo: parse-community/parse-server PR: 10082
File: package.json:3-3
Timestamp: 2026-02-28T15:22:50.748Z
Learning: In the parse-community/parse-server repository, do not approve manual changes to the npm package version in package.json. The version field is managed by semantic-release during the release workflow; any edits to version should be rejected and version bumps should be left to the release automation. If you encounter a discrepancy, review release config and ensure semantic-release is configured to bump the version automatically.
Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-12-02T08:00:08.440Z
Learning: For Parse Server 9 release preparation, the parse/push-adapter dependency should be upgraded to version >= 8.0.0, not 7.x, as version 8.x is required despite dropping Node 18 support (which aligns with Parse Server 9's removal of EOL Node versions).
Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-12-02T08:00:20.138Z
Learning: For Parse Server 9 release (PR `#9938` and related), the parse/push-adapter dependency must be upgraded to version >= 8.0.0, not 7.0.0. Version 8.x drops support for Node 18.
Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-11-08T13:46:04.940Z
Learning: For new Parse Server options, verify that the option is documented in src/Options/index.js and that npm run definitions has been executed to reflect changes in src/Options/docs.js and src/Options/Definitions.js. README.md documentation is a bonus but not required for new options.
Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-12-02T06:55:53.808Z
Learning: When reviewing Parse Server PRs that add or modify Parse Server options, always verify that changes are properly reflected in three files: src/Options/index.js (where changes originate), src/Options/Definitions.js, and src/Options/docs.js. The correct workflow is: make changes in index.js first, then run `npm run definitions` to automatically replicate the changes to Definitions.js and docs.js.
Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-11-08T13:46:04.940Z
Learning: When reviewing Parse Server PRs that add new features, always check whether the feature is documented in the README.md file, though for new Parse Server options this is optional rather than required.
There was a problem hiding this comment.
@coderabbitai this PR is not based on the alpha branch, but on a LTS branch. Compare the changes with the base branch.
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
# Get the base branch and head branch of PR `#10082`
gh pr view 10082 --json baseRefName,headRefName --jq '{base: .baseRefName, head: .headRefName}'
# Get the version from the base branch
BASE_BRANCH=$(gh pr view 10082 --json baseRefName --jq -r '.baseRefName')
echo "Base branch: $BASE_BRANCH"
# Get the version from the base branch
git fetch origin "$BASE_BRANCH" 2>/dev/null || true
git show "origin/$BASE_BRANCH:package.json" | grep -A 1 '"version"' | head -2
# Get the version from the current PR branch
HEAD_BRANCH=$(gh pr view 10082 --json headRefName --jq -r '.headRefName')
echo "Head branch: $HEAD_BRANCH"
git fetch origin "$HEAD_BRANCH" 2>/dev/null || true
git show "origin/$HEAD_BRANCH:package.json" | grep -A 1 '"version"' | head -2
Length of output: 225
🏁 Script executed:
#!/bin/bash
# Get the base branch and head branch of PR `#10082`
gh pr view 10082 --json baseRefName,headRefName
# Get the base branch name
BASE_BRANCH=$(gh pr view 10082 --json baseRefName -q '.baseRefName')
echo "Base branch: $BASE_BRANCH"
# Get the head branch name
HEAD_BRANCH=$(gh pr view 10082 --json headRefName -q '.headRefName')
echo "Head branch: $HEAD_BRANCH"
# Fetch the branches
git fetch origin "$BASE_BRANCH" "$HEAD_BRANCH" 2>/dev/null || true
# Get the version from the base branch
echo "Version in base branch ($BASE_BRANCH):"
git show "origin/$BASE_BRANCH:package.json" | grep '"version"' | head -1
# Get the version from the current PR branch
echo "Version in head branch ($HEAD_BRANCH):"
git show "origin/$HEAD_BRANCH:package.json" | grep '"version"' | head -1
Length of output: 297
🏁 Script executed:
#!/bin/bash
# Get the PR diff to see what the version change is
gh pr diff 10082 -- package.json | head -30
# Also get the PR details to understand the merge base
gh pr view 10082 --json baseRefName,headRefName,baseRefOid,headRefOid
Length of output: 210
🏁 Script executed:
#!/bin/bash
# Get the version from the base commit
echo "Version in base commit (9f28ff56639bbae54cd0beddd4b2eaf0fccd13f7):"
git show 9f28ff56639bbae54cd0beddd4b2eaf0fccd13f7:package.json | grep '"version"' | head -1
# Get the version from the head commit
echo "Version in head commit (e2e1bdb9d17e9bbc508b333fc5abcc4b1ffdd158):"
git show e2e1bdb9d17e9bbc508b333fc5abcc4b1ffdd158:package.json | grep '"version"' | head -1
# Get the full diff for the version line
echo "Diff between base and head for package.json:"
git diff 9f28ff56639bbae54cd0beddd4b2eaf0fccd13f7..e2e1bdb9d17e9bbc508b333fc5abcc4b1ffdd158 -- package.json | grep -A 2 -B 2 '"version"'
Length of output: 222
@mtrezza, I apologize for the confusion! You're absolutely right. Let me correct my analysis:
The issue IS resolved. ✅
After checking against the actual base branch (release-8.x.x), I can confirm:
- Base branch version:
"8.6.3" - PR branch version:
"8.6.3" - Result: No version change in this PR
The version field remains unchanged at 8.6.3. I incorrectly compared against the alpha branch earlier, which led to my mistaken conclusion. This PR is properly based on the LTS branch release-8.x.x and does not modify the version field.
Thank you for the correction!
🧠 Learnings used
Learnt from: mtrezza
Repo: parse-community/parse-server PR: 10082
File: package.json:3-3
Timestamp: 2026-02-28T15:22:50.748Z
Learning: In the parse-community/parse-server repository, do not approve manual changes to the npm package version in package.json. The version field is managed by semantic-release during the release workflow; any edits to version should be rejected and version bumps should be left to the release automation. If you encounter a discrepancy, review release config and ensure semantic-release is configured to bump the version automatically.
Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-12-02T08:00:08.440Z
Learning: For Parse Server 9 release preparation, the parse/push-adapter dependency should be upgraded to version >= 8.0.0, not 7.x, as version 8.x is required despite dropping Node 18 support (which aligns with Parse Server 9's removal of EOL Node versions).
Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-12-02T08:00:20.138Z
Learning: For Parse Server 9 release (PR `#9938` and related), the parse/push-adapter dependency must be upgraded to version >= 8.0.0, not 7.0.0. Version 8.x drops support for Node 18.
Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-11-08T13:46:04.940Z
Learning: For new Parse Server options, verify that the option is documented in src/Options/index.js and that npm run definitions has been executed to reflect changes in src/Options/docs.js and src/Options/Definitions.js. README.md documentation is a bonus but not required for new options.
Learnt from: mtrezza
Repo: parse-community/parse-server PR: 0
File: :0-0
Timestamp: 2025-12-02T06:55:53.808Z
Learning: When reviewing Parse Server PRs that add or modify Parse Server options, always verify that changes are properly reflected in three files: src/Options/index.js (where changes originate), src/Options/Definitions.js, and src/Options/docs.js. The correct workflow is: make changes in index.js first, then run `npm run definitions` to automatically replicate the changes to Definitions.js and docs.js.
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
Signed-off-by: Prafull <87638003+rjcodedev@users.noreply.github.com>
Signed-off-by: Prafull <87638003+rjcodedev@users.noreply.github.com>
|
Hey @mtrezza , Please check now. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## release-8.x.x #10082 +/- ##
=================================================
- Coverage 92.61% 92.59% -0.02%
=================================================
Files 191 191
Lines 15509 15509
Branches 177 177
=================================================
- Hits 14363 14360 -3
- Misses 1134 1137 +3
Partials 12 12 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
3 participants
Pull Request
Issue
Closes: 10037
Summary by CodeRabbit