Merge pull request #50 from contentstack/development

DX | Release | 24-02-2025

Author: cs-raj

.github/workflows/release.yml

@@ -8,10 +8,10 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v1
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
-          node-version: "16.x"
+          node-version: "22.x"
       - run: npm install
 
       - name: get-package-details
@@ -28,7 +28,7 @@ jobs:
           tag_prefix: "v"
       - name: Create Release
         if: steps.update_tag.outputs.tagname
-        uses: actions/create-release@v1
+        uses: actions/create-release@v4
         id: create_release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
@@ -40,7 +40,7 @@ jobs:
       - name: Upload Release Asset
         if: steps.update_tag.outputs.tagname
         id: upload-release-asset
-        uses: actions/upload-release-asset@v1
+        uses: actions/upload-release-asset@v4
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

README.md

@@ -8,7 +8,7 @@ Contentstack is a headless CMS with an API-first approach. It is a CMS that deve
 
 ### Prerequisite
 
-- Nodejs, v8+
+- Nodejs, v20+
 - MongoDB, v3.6 or higher
 - You should have the data synced through [Contentstack DataSync](https://www.contentstack.com/docs/guide/synchronization/contentstack-datasync) 
 

docs/global.html

@@ -4,8 +4,8 @@
     <meta charset="utf-8">
     <title>JSDoc: Global</title>
 
-    <script src="https://cdn.jsdelivr.net/gh/google/code-prettify@master/loader/run_prettify.js"> </script>
-    <script src="scripts/prettify/lang-css.js"> </script>
+    <script src="https://cdn.jsdelivr.net/gh/google/code-prettify@master/loader/run_prettify.js" integrity="coVkbqHWSAomtcPWb3XtrGNqZkue+Eu9X7YxIgZbtmg=%" crossorigin="anonymous"> </script>
+    <script src="scripts/prettify/lang-css.js" integrity="m2rEgwM7AlcnFOtNN+4ZkYXEEAjrKz9GoAqw685qIMU=%" crossorigin="anonymous"> </script>
     <!--[if lt IE 9]>
       <script src="//html5shiv.googlecode.com/svn/trunk/html5.js" integrity="sha384-hDHlUtmnjnJimeAhT+DpLqjLdp8vFgSFHhZO1zq2EtqpwFsNM7H5cpSUYqT1Uh2E" crossorigin="anonymous"></script>
     <![endif]-->
@@ -7515,6 +7515,6 @@ <h2><a href="index.html">Home</a></h2><h3>Classes</h3><ul><li><a href="global.ht
 </footer>
 
 <script> prettyPrint(); </script>
-<script src="scripts/linenumber.js"> </script>
+<script src="scripts/linenumber.js" integrity="gjKEaAtJoBN94tFHTJO/QMWm2iZN7DSXY/EAGrHzx30=%" crossorigin="anonymous"> </script>
 </body>
 </html>

docs/global.html#Stack

@@ -1065,6 +1065,6 @@
 </footer>
 
 <script> prettyPrint(); </script>
-<script src="scripts/linenumber.js"> </script>
+<script src="scripts/linenumber.js" integrity="gjKEaAtJoBN94tFHTJO/QMWm2iZN7DSXY/EAGrHzx30=%" crossorigin="anonymous"> </script>
 </body>
 </html>

docs/index.html

@@ -286,6 +286,6 @@ <h2><a href="index.html">Home</a></h2><h3>Classes</h3><ul><li><a href="global.ht
 </footer>
 
 <script> prettyPrint(); </script>
-<script src="scripts/linenumber.js"> </script>
+<script src="scripts/linenumber.js" integrity="gjKEaAtJoBN94tFHTJO/QMWm2iZN7DSXY/EAGrHzx30=%" crossorigin="anonymous"> </script>
 </body>
 </html>

docs/index.js.html

@@ -87,6 +87,6 @@ <h2><a href="index.html">Home</a></h2><h3>Classes</h3><ul><li><a href="global.ht
 </footer>
 
 <script> prettyPrint(); </script>
-<script src="scripts/linenumber.js"> </script>
+<script src="scripts/linenumber.js" integrity="gjKEaAtJoBN94tFHTJO/QMWm2iZN7DSXY/EAGrHzx30=%" crossorigin="anonymous"> </script>
 </body>
 </html>

docs/stack.js.html

@@ -2239,6 +2239,6 @@ <h2><a href="index.html">Home</a></h2><h3>Classes</h3><ul><li><a href="global.ht
 </footer>
 
 <script> prettyPrint(); </script>
-<script src="scripts/linenumber.js"> </script>
+<script src="scripts/linenumber.js" integrity="gjKEaAtJoBN94tFHTJO/QMWm2iZN7DSXY/EAGrHzx30=%" crossorigin="anonymous"> </script>
 </body>
 </html>

package-lock.json

@@ -1,7 +1,7 @@
 {
   "author": "Contentstack Ecosystem <[email protected]>",
   "name": "datasync-mongodb-sdk",
-  "version": "1.0.8",
+  "version": "1.0.9",
   "description": "Mongodb query wrapper around contents synced via @contentstack/content-store-mongodb",
   "main": "dist/index.js",
   "scripts": {

package.json

@@ -2391,19 +2391,38 @@ export class Stack {
   }
 
   private sanitizeIQuery(query: IQuery): boolean {
+    const allowedKeys = {
+      _content_type_uid: 'string',
+      uid: 'string',
+      _version: {
+        $exists: 'boolean'
+      },
+      locale: 'string'
+    };
+
+    const validateObject = (obj: any, schema: any): boolean => {
+      for (const key in obj) {
+        if (!schema.hasOwnProperty(key)) {
+          return false;
+        }
+        if (typeof schema[key] === 'object') {
+          if (!validateObject(obj[key], schema[key])) {
+            return false;
+          }
+        } else if (typeof obj[key] !== schema[key]) {
+          return false;
+        }
+      }
+      return true;
+    };
     if (!query || typeof query !== 'object' || Array.isArray(query)) {
       return false;
     }
-    if (!query || !Array.isArray(query.$or)) {
+    if (!query.$or || !Array.isArray(query.$or)) {
       return false;
     }
     for (const item of query.$or) {
-      if (
-        typeof item._content_type_uid !== 'string' ||
-        typeof item.uid !== 'string' ||
-        (item._version && typeof item._version.$exists !== 'boolean') ||
-        (item.locale && typeof item.locale !== 'string')
-      ) {
+      if (!validateObject(item, allowedKeys)) {
         return false;
       }
     }