From 3e241532272c2bb484736eacf15f4a26e86dfa02 Mon Sep 17 00:00:00 2001
From: "harshitha.d" <harshitha.d@contentstack.com>
Date: Thu, 13 Feb 2025 17:57:53 +0530
Subject: [PATCH 1/5] fix: update release.yml actions to latest versions and
 update to node v22

---
 .github/workflows/release.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 171c6ac..159663d 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,10 +8,10 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
-      - uses: actions/setup-node@v1
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
         with:
-          node-version: "16.x"
+          node-version: "22.x"
       - run: npm install
 
       - name: get-package-details
@@ -28,7 +28,7 @@ jobs:
           tag_prefix: "v"
       - name: Create Release
         if: steps.update_tag.outputs.tagname
-        uses: actions/create-release@v1
+        uses: actions/create-release@v4
         id: create_release
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
@@ -40,7 +40,7 @@ jobs:
       - name: Upload Release Asset
         if: steps.update_tag.outputs.tagname
         id: upload-release-asset
-        uses: actions/upload-release-asset@v1
+        uses: actions/upload-release-asset@v4
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:

From 3f8aeab81d859be4edfd6e7b3cb9ab2b7dd6f62f Mon Sep 17 00:00:00 2001
From: "harshitha.d" <harshitha.d@contentstack.com>
Date: Mon, 17 Feb 2025 18:45:52 +0530
Subject: [PATCH 2/5] docs: update Node.js version in README and add integrity
 attributes to scripts in global.html (semgrep)

---
 README.md        | 2 +-
 docs/global.html | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 7133b2b..58fc899 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@ Contentstack is a headless CMS with an API-first approach. It is a CMS that deve
 
 ### Prerequisite
 
-- Nodejs, v8+
+- Nodejs, v20+
 - MongoDB, v3.6 or higher
 - You should have the data synced through [Contentstack DataSync](https://www.contentstack.com/docs/guide/synchronization/contentstack-datasync) 
 
diff --git a/docs/global.html b/docs/global.html
index 8543b16..5e7ccff 100644
--- a/docs/global.html
+++ b/docs/global.html
@@ -4,8 +4,8 @@
     <meta charset="utf-8">
     <title>JSDoc: Global</title>
 
-    <script src="https://cdn.jsdelivr.net/gh/google/code-prettify@master/loader/run_prettify.js"> </script>
-    <script src="scripts/prettify/lang-css.js"> </script>
+    <script src="https://cdn.jsdelivr.net/gh/google/code-prettify@master/loader/run_prettify.js" integrity="coVkbqHWSAomtcPWb3XtrGNqZkue+Eu9X7YxIgZbtmg=%" crossorigin="anonymous"> </script>
+    <script src="scripts/prettify/lang-css.js" integrity="m2rEgwM7AlcnFOtNN+4ZkYXEEAjrKz9GoAqw685qIMU=%" crossorigin="anonymous"> </script>
     <!--[if lt IE 9]>
       <script src="//html5shiv.googlecode.com/svn/trunk/html5.js" integrity="sha384-hDHlUtmnjnJimeAhT+DpLqjLdp8vFgSFHhZO1zq2EtqpwFsNM7H5cpSUYqT1Uh2E" crossorigin="anonymous"></script>
     <![endif]-->

From 54dcdef9b88f2202a6faf34339471a058a454c03 Mon Sep 17 00:00:00 2001
From: "harshitha.d" <harshitha.d@contentstack.com>
Date: Mon, 17 Feb 2025 21:28:05 +0530
Subject: [PATCH 3/5] feat: enhance query sanitization with schema validation
 for allowed keys

---
 src/stack.ts | 33 ++++++++++++++++++++++++++-------
 1 file changed, 26 insertions(+), 7 deletions(-)

diff --git a/src/stack.ts b/src/stack.ts
index 51d6eea..6b5ac07 100644
--- a/src/stack.ts
+++ b/src/stack.ts
@@ -2391,19 +2391,38 @@ export class Stack {
   }
 
   private sanitizeIQuery(query: IQuery): boolean {
+    const allowedKeys = {
+      _content_type_uid: 'string',
+      uid: 'string',
+      _version: {
+        $exists: 'boolean'
+      },
+      locale: 'string'
+    };
+
+    const validateObject = (obj: any, schema: any): boolean => {
+      for (const key in obj) {
+        if (!schema.hasOwnProperty(key)) {
+          return false;
+        }
+        if (typeof schema[key] === 'object') {
+          if (!validateObject(obj[key], schema[key])) {
+            return false;
+          }
+        } else if (typeof obj[key] !== schema[key]) {
+          return false;
+        }
+      }
+      return true;
+    };
     if (!query || typeof query !== 'object' || Array.isArray(query)) {
       return false;
     }
-    if (!query || !Array.isArray(query.$or)) {
+    if (!query.$or || !Array.isArray(query.$or)) {
       return false;
     }
     for (const item of query.$or) {
-      if (
-        typeof item._content_type_uid !== 'string' ||
-        typeof item.uid !== 'string' ||
-        (item._version && typeof item._version.$exists !== 'boolean') ||
-        (item.locale && typeof item.locale !== 'string')
-      ) {
+      if (!validateObject(item, allowedKeys)) {
         return false;
       }
     }

From 5831308dd9355bff6cb196c59cbb169ba7c34b34 Mon Sep 17 00:00:00 2001
From: "harshitha.d" <harshitha.d@contentstack.com>
Date: Tue, 18 Feb 2025 18:00:34 +0530
Subject: [PATCH 4/5] chore: bump version to 1.0.9 in package.json and
 package-lock.json

---
 package-lock.json | 4 ++--
 package.json      | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 71a2760..94b83e9 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "datasync-mongodb-sdk",
-  "version": "1.0.8",
+  "version": "1.0.9",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "datasync-mongodb-sdk",
-      "version": "1.0.8",
+      "version": "1.0.9",
       "license": "MIT",
       "dependencies": {
         "lodash": "^4.17.21",
diff --git a/package.json b/package.json
index 207d434..862fbab 100644
--- a/package.json
+++ b/package.json
@@ -1,7 +1,7 @@
 {
   "author": "Contentstack Ecosystem <ecosystem@contentstack.com>",
   "name": "datasync-mongodb-sdk",
-  "version": "1.0.8",
+  "version": "1.0.9",
   "description": "Mongodb query wrapper around contents synced via @contentstack/content-store-mongodb",
   "main": "dist/index.js",
   "scripts": {

From aa7d278c4952b21813d3c4717f2a2716f7b16484 Mon Sep 17 00:00:00 2001
From: "harshitha.d" <harshitha.d@contentstack.com>
Date: Tue, 18 Feb 2025 18:05:28 +0530
Subject: [PATCH 5/5] docs: add integrity attributes to linenumber.js script
 tags in HTML files

---
 docs/global.html       | 2 +-
 docs/global.html#Stack | 2 +-
 docs/index.html        | 2 +-
 docs/index.js.html     | 2 +-
 docs/stack.js.html     | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/docs/global.html b/docs/global.html
index 5e7ccff..30a0359 100644
--- a/docs/global.html
+++ b/docs/global.html
@@ -7515,6 +7515,6 @@ <h2><a href="index.html">Home</a></h2><h3>Classes</h3><ul><li><a href="global.ht
 </footer>
 
 <script> prettyPrint(); </script>
-<script src="scripts/linenumber.js"> </script>
+<script src="scripts/linenumber.js" integrity="gjKEaAtJoBN94tFHTJO/QMWm2iZN7DSXY/EAGrHzx30=%" crossorigin="anonymous"> </script>
 </body>
 </html>
\ No newline at end of file
diff --git a/docs/global.html#Stack b/docs/global.html#Stack
index 58fa59d..51210c9 100644
--- a/docs/global.html#Stack
+++ b/docs/global.html#Stack
@@ -1065,6 +1065,6 @@
 </footer>
 
 <script> prettyPrint(); </script>
-<script src="scripts/linenumber.js"> </script>
+<script src="scripts/linenumber.js" integrity="gjKEaAtJoBN94tFHTJO/QMWm2iZN7DSXY/EAGrHzx30=%" crossorigin="anonymous"> </script>
 </body>
 </html>
\ No newline at end of file
diff --git a/docs/index.html b/docs/index.html
index 3925bb7..98e16ff 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -286,6 +286,6 @@ <h2><a href="index.html">Home</a></h2><h3>Classes</h3><ul><li><a href="global.ht
 </footer>
 
 <script> prettyPrint(); </script>
-<script src="scripts/linenumber.js"> </script>
+<script src="scripts/linenumber.js" integrity="gjKEaAtJoBN94tFHTJO/QMWm2iZN7DSXY/EAGrHzx30=%" crossorigin="anonymous"> </script>
 </body>
 </html>
\ No newline at end of file
diff --git a/docs/index.js.html b/docs/index.js.html
index 0bba47f..34344cc 100644
--- a/docs/index.js.html
+++ b/docs/index.js.html
@@ -87,6 +87,6 @@ <h2><a href="index.html">Home</a></h2><h3>Classes</h3><ul><li><a href="global.ht
 </footer>
 
 <script> prettyPrint(); </script>
-<script src="scripts/linenumber.js"> </script>
+<script src="scripts/linenumber.js" integrity="gjKEaAtJoBN94tFHTJO/QMWm2iZN7DSXY/EAGrHzx30=%" crossorigin="anonymous"> </script>
 </body>
 </html>
diff --git a/docs/stack.js.html b/docs/stack.js.html
index 65dc036..58de4ea 100644
--- a/docs/stack.js.html
+++ b/docs/stack.js.html
@@ -2239,6 +2239,6 @@ <h2><a href="index.html">Home</a></h2><h3>Classes</h3><ul><li><a href="global.ht
 </footer>
 
 <script> prettyPrint(); </script>
-<script src="scripts/linenumber.js"> </script>
+<script src="scripts/linenumber.js" integrity="gjKEaAtJoBN94tFHTJO/QMWm2iZN7DSXY/EAGrHzx30=%" crossorigin="anonymous"> </script>
 </body>
 </html>