Replace the typed aggregate functions with simpler untyped ones #5864
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
`try_get_object()`` first checked if the object was valid, and if it wasn't returned exactly the value which `get_object()` would have returned anyway. `ObjList::try_get_object()` and `ObjList::get_object()` did not have consistent semantics between the classes implementing them (TableView's non-try asserted that the object was valid, Dictionary did not, and the other implementors can't have invalid objects) and no callers actually used the non-try version, so just remove try_get_object() and change get_object() to do what it did.
Results had some gross metaprogramming to deal with the aggregate functions on Table and TableView (e.g. `minimum_int()`) being a typed interface where each column type has a function with a different name, but what it actually wants is something like the Collection aggregate interface. This adopts the Collection interface (e.g `std::optional<Mixed> min()`, where `nullopt` indicates unsupported operation and `some(null)` indicates no rows) in Table, TableView and Query, and removes the old one. Along the way there turned out to be quite a bit of duplicated aggregatiom-related code which could be eliminated.
tgoyne
force-pushed
the
tg/aggregates
branch
2 times, most recently
from
b0147d1
to
347fe08
Compare
This makes it so that TableView's default constructor actually doesn't allocate any memory like the comment claimed, and is less weird than indicating "no query" via a Query with a null table.
tgoyne
force-pushed
the
tg/aggregates
branch
from
347fe08
to
000dcd9
Compare
ironage
approved these changes
Sep 16, 2022
| CHECK_APPROXIMATELY_EQUAL(sum1_f, res, 10 * epsilon); | ||
|
|
||
| // ... with conditions | ||
| double sum2_f = double(1.13f) + double(1.20f); | ||
| double sum2_d = 2.21 + 3.20; | ||
| Query q2 = t.where().between(col_float, 1.13f, 1.20f).not_equal(col_double, 2.22); | ||
| CHECK_APPROXIMATELY_EQUAL(sum2_f, q2.sum_float(col_float), 10 * epsilon); | ||
| CHECK_APPROXIMATELY_EQUAL(sum2_d, q2.sum_double(col_double), 10 * epsilon); | ||
| CHECK_APPROXIMATELY_EQUAL(sum2_f, q2.sum(col_float)->get_double(), 10 * epsilon); |
There was a problem hiding this comment.
It may be unintuitive for users of this API to know that the sum of a float column is a double. This is something that was baked into the return type previously, but now has to be known. I think the tradeoffs are still heavily in favour of this change overall, but this is the cost of using a Mixed type for everything.
There was a problem hiding this comment.
I don't like the sum of floats being a double for a few reasons, but I think in practice SDKs just switch on the Mixed's type anyway so returning any type in the Mixed probably just works out.
There was a problem hiding this comment.
If SDKs are dynamically switching on the Mixed's type that would be ideal actually since it leaves room for us to change the underlying type in the future in a less breaking way. I vaguely recall some desire to use Decimal128 for average/sum of float/double, but I think that was stalled because of some non-trivial tradeoffs.
| Decimal128 sum_mixed(ColKey column_key) const; | ||
| Mixed maximum_mixed(ColKey column_key, ObjKey* return_ndx = nullptr) const; | ||
| Mixed minimum_mixed(ColKey column_key, ObjKey* return_ndx = nullptr) const; | ||
| Decimal128 average_mixed(ColKey column_key, size_t* resultcount = nullptr) const; |
There was a problem hiding this comment.
SO nice to finally get rid of these!
cbush
pushed a commit
to mongodb/docs-realm
that referenced
this pull request
Dec 15, 2022
<h3>Snyk has created this PR to upgrade realm from 10.19.1 to 10.24.0.</h3> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/> - The recommended version is **19 versions** ahead of your current version. - The recommended version was released **a month ago**, on 2022-11-13. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Prototype Pollution<br/> [SNYK-JS-QS-3153490](https://snyk.io/vuln/SNYK-JS-QS-3153490) | **554/1000** <br/> **Why?** Proof of Concept exploit, Recently disclosed, CVSS 7.5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised. <details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>realm</b></summary> <ul> <li> <b>10.24.0</b> - <a href="https://snyk.io/redirect/github/realm/realm-js/releases/tag/v10.24.0">2022-11-13</a></br><h3>Enhancements</h3> <ul> <li>Flexible sync will now wait for the server to have sent all pending history after a bootstrap before marking a subscription as Complete. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5795" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5795/hovercard">realm/realm-core#5795</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Fix database corruption and encryption issues on apple platforms. (<a href="https://snyk.io/redirect/github/realm/realm-js/issues/5076" data-hovercard-type="issue" data-hovercard-url="/realm/realm-js/issues/5076/hovercard">#5076</a>, since v10.12.0)</li> <li>Sync bootstraps will not be applied in a single write transaction - they will be applied 1MB of changesets at a time. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5999" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5999/hovercard">realm/realm-core#5999</a>, since v10.19.0).</li> <li>Fix a race condition which could result in <code>operation cancelled</code> errors being delivered to <code>Realm#open</code> rather than the actual sync error which caused things to fail. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5968" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5968/hovercard">realm/realm-core#5968</a>, v1.0.0).</li> </ul> <h3>Compatibility</h3> <ul> <li>React Native >= v0.64.0</li> <li>Atlas App Services.</li> <li>Realm Studio v12.0.0.</li> <li>APIs are backwards compatible with all previous releases of Realm JavaScript in the 10.5.x series.</li> <li>File format: generates Realms with format v22 (reads and upgrades file format v5 or later for non-synced Realm, upgrades file format v10 or later for synced Realms).</li> </ul> <h3>Internal</h3> <ul> <li>Upgraded Realm Core from v12.11.0 to v12.12.0.</li> </ul> </li> <li> <b>10.23.0</b> - <a href="https://snyk.io/redirect/github/realm/realm-js/releases/tag/v10.23.0">2022-10-31</a></br><h3>Enhancements</h3> <ul> <li>Improve performance of client reset with automatic recovery and converting top-level tables into embedded tables. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5897" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5897/hovercard">realm/realm-core#5897</a>)</li> <li>If a sync client sends a message larger than 16 MB, the sync server will request a client reset. (<a href="https://snyk.io/redirect/github/realm/realm-core/issues/5209" data-hovercard-type="issue" data-hovercard-url="/realm/realm-core/issues/5209/hovercard">realm/realm-core#5209</a>)</li> <li>Add two new modes to client reset: <code>RecoverUnsyncedChanges</code> and <code>RecoverOrDiscardUnsyncedChanges</code>. The two modes will recover local/unsynced changes with changes from the server if possible. If not possible, <code>RecoverOrDiscardUnsyncedChanges</code> will remove the local Realm file and download a fresh file from the server. The mode <code>DiscardLocal</code> is duplicated as <code>DiscardUnsyncedChanges</code>, and <code>DiscardLocal</code> is be removed in a future version. (<a href="https://snyk.io/redirect/github/realm/realm-js/issues/4135" data-hovercard-type="issue" data-hovercard-url="/realm/realm-js/issues/4135/hovercard">#4135</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Fixed a use-after-free if the last external reference to an encrypted Realm was closed between when a client reset error was received and when the download of the new Realm began. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5949" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5949/hovercard">realm/realm-core#5949</a>, since v10.20.0)</li> <li>Opening an unencrypted file with an encryption key would sometimes report a misleading error message that indicated that the problem was something other than a decryption failure. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5915" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5915/hovercard">realm/realm-core#5915</a>, since v1.0.0)</li> <li>Fixed a rare deadlock which could occur when closing a synchronized Realm immediately after committing a write transaction when the sync worker thread has also just finished processing a changeset from the sync server. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5948" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5948/hovercard">realm/realm-core#5948</a>)</li> </ul> <h3>Compatibility</h3> <ul> <li>React Native >= v0.64.0</li> <li>Atlas App Services.</li> <li>Realm Studio v12.0.0.</li> <li>APIs are backwards compatible with all previous releases of Realm JavaScript in the 10.5.x series.</li> <li>File format: generates Realms with format v22 (reads and upgrades file format v5 or later for non-synced Realm, upgrades file format v10 or later for synced Realms).</li> </ul> <h3>Internal</h3> <ul> <li>Upgraded Realm Core from v12.9.0 to v12.11.0.</li> </ul> </li> <li> <b>10.22.0</b> - <a href="https://snyk.io/redirect/github/realm/realm-js/releases/tag/v10.22.0">2022-10-17</a></br><h3>Enhancements</h3> <ul> <li>Prioritize integration of local changes over remote changes. This shortens the time users may have to wait when committing local changes. Stop storing downloaded changesets in history. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5844" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5844/hovercard">realm/realm-core#5844</a>)</li> <li>Greatly improve the performance of sorting or distincting a Dictionary's keys or values. The most expensive operation is now performed O(log N) rather than O(N log N) times, and large Dictionaries can see upwards of 99% reduction in time to sort. (<a href="https://snyk.io/redirect/github/realm/realm-core/pulls/5166">realm/realm-core#5166</a>)</li> <li>Cut the runtime of aggregate operations on large dictionaries in half. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5864" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5864/hovercard">realm/realm-core#5864</a>)</li> <li>Improve performance of aggregate operations on collections of objects by 2x to 10x. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5864" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5864/hovercard">realm/realm-core#5864</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>If a case insensitive query searched for a string including an 4-byte UTF8 character, the program would crash. (<a href="https://snyk.io/redirect/github/realm/realm-core/issues/5825" data-hovercard-type="issue" data-hovercard-url="/realm/realm-core/issues/5825/hovercard">realm/realm-core#5825</a>, since v1.0.0)</li> <li><code>Realm#writeCopyTo()</code> doesn't support flexible sync, and an exception is thrown. (<a href="https://snyk.io/redirect/github/realm/realm-core/issues/5798" data-hovercard-type="issue" data-hovercard-url="/realm/realm-core/issues/5798/hovercard">realm/realm-core#5798</a>, since v10.10.0)</li> <li>Asymmetric object types/classes cannot be used with partition-based sync, and an exception is thrown. (<a href="https://snyk.io/redirect/github/realm/realm-core/issues/5691" data-hovercard-type="issue" data-hovercard-url="/realm/realm-core/issues/5691/hovercard">realm/realm-core#5691</a>, since v10.19.0)</li> <li>If you set a subscription on a link in flexible sync, the server would not know how to handle it. (<a href="https://snyk.io/redirect/github/realm/realm-core/issues/5409" data-hovercard-type="issue" data-hovercard-url="/realm/realm-core/issues/5409/hovercard">realm/realm-core#5409</a>, since v10.10.1)</li> <li>Fixed type declarations for aggregation methods (min, max, sum, avg) to reflect implementation. (<a href="https://snyk.io/redirect/github/realm/realm-js/issues/4994" data-hovercard-type="issue" data-hovercard-url="/realm/realm-js/issues/4994/hovercard">4994</a>, since v2.0.0)</li> </ul> <h3>Compatibility</h3> <ul> <li>React Native >= v0.64.0</li> <li>Atlas App Services.</li> <li>Realm Studio v12.0.0.</li> <li>APIs are backwards compatible with all previous releases of Realm JavaScript in the 10.5.x series.</li> <li>File format: generates Realms with format v22 (reads and upgrades file format v5 or later for non-synced Realm, upgrades file format v10 or later for synced Realms).</li> </ul> <h3>Internal</h3> <ul> <li>Upgraded Realm Core from v12.6.0 to v12.9.0. (<a href="https://snyk.io/redirect/github/realm/realm-js/issues/4932" data-hovercard-type="issue" data-hovercard-url="/realm/realm-js/issues/4932/hovercard">#4932</a> and <a href="https://snyk.io/redirect/github/realm/realm-js/issues/4983" data-hovercard-type="issue" data-hovercard-url="/realm/realm-js/issues/4983/hovercard">#4983</a></li> <li>Added ARM/Linux build guide.</li> </ul> </li> <li> <b>10.21.1</b> - 2022-09-15 </li> <li> <b>10.21.0</b> - 2022-09-12 </li> <li> <b>10.20.0</b> - 2022-08-23 </li> <li> <b>10.20.0-beta.5</b> - 2022-04-13 </li> <li> <b>10.20.0-beta.4</b> - 2022-04-11 </li> <li> <b>10.20.0-beta.3</b> - 2022-03-24 </li> <li> <b>10.20.0-beta.2</b> - 2022-02-14 </li> <li> <b>10.20.0-beta.1</b> - 2022-01-27 </li> <li> <b>10.20.0-beta.0</b> - 2022-01-06 </li> <li> <b>10.20.0-alpha.2</b> - 2021-11-25 </li> <li> <b>10.20.0-alpha.1</b> - 2021-09-22 </li> <li> <b>10.20.0-alpha.0</b> - 2021-09-02 </li> <li> <b>10.19.5</b> - 2022-07-06 </li> <li> <b>10.19.4</b> - 2022-07-05 </li> <li> <b>10.19.3</b> - 2022-06-27 </li> <li> <b>10.19.2</b> - 2022-06-20 </li> <li> <b>10.19.1</b> - 2022-06-07 </li> </ul> from <a href="https://snyk.io/redirect/github/realm/realm-js/releases">realm GitHub release notes</a> </details> </details> <details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>realm</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/28019f68f9991c1120ef98ad836ac37a7362449f">28019f6</a> [10.24.0] Bump version</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/8a716b1bd65dbe8e02b039e6ed16651351a52b0c">8a716b1</a> Upgrade to Realm Core v12.2.0 (#5108)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/f20fdb5b7f51d952e6641f25c44eb88d1af6f8fa">f20fdb5</a> [10.23.0] Bump version (#5044)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/fe4986fa0e3e93ea9edad3fc964ba1c408e0e365">fe4986f</a> Revert "[10.23.0] Bump version (#5042)" (#5043)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/79e958c79776adb3a94a2b71207b7c171956a905">79e958c</a> [10.23.0] Bump version (#5042)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/a54c953a786149e8cf56a5b829da846b7ed30c6a">a54c953</a> Client reset w/recovery (#4711)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/81c02868dd4ce7b3b6ee00cfceac14151e612a30">81c0286</a> Upgrade to Realm Core v12.11.0 (#5034)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/0b253fffe8a7bfb74dcc85507340615b7e9484e8">0b253ff</a> Upgrade to Realm Core v12.10.0 (#5031)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/5b4d9bd9e0473b6b07213747c50de552739608b5">5b4d9bd</a> Fixing prebuilds env (#4925)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/5d066041c6eb2967fdee7ab9e8180b5c8e7c5a22">5d06604</a> Update CHANGELOG.md</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/a56c9d84d3aad0a3a93dc6d8add30adbe783d536">a56c9d8</a> Mention the missing support of RHEL 7 (#5010)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/af024e096cc8e51480a57129120b596bc146f14c">af024e0</a> workflows: instructions for release process (#4868)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/55f0a0ba076d239d952b049d74e4e1993ddfe693">55f0a0b</a> Prepare for vNext (#5016)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/b4cefea6dfedcad65010a19cd62dee0bfeb3f451">b4cefea</a> [10.22.0] Bump version (#5014)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/73ff72e55fc4aa6598a742270d2d0d0f03ab6b1b">73ff72e</a> Reviewed changelog</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/c051c753b6c93442a1c21b2386013623fcabbbbc">c051c75</a> Update types for min, max, avg & sum (#4999)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/bf883945c5374c9744f94b3cfd97a95f9fa7964e">bf88394</a> Support importing values with the app importer (#5004)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/8e029d691dbed99a1169dc41bdb7e616b9dd61fd">8e029d6</a> Update index.d.ts (#4993)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/b3632f0289b174b8786503c4c082ef8da98db708">b3632f0</a> Upgrade to Realm Core v12.9.0 (#4985)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/dd501a19715dd7e83497d0417a9957993652dc2b">dd501a1</a> Expand App Importer (#4988)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/17683a31364cc9772496c767c031abeec5a29b92">17683a3</a> Realm react contribution guide (#4963)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/b9c03f4bb2190262d1a5ad0b8002424d6182b51d">b9c03f4</a> Upgrade Realm React dependencies (#4960)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/74f22dbc1c3824b0b0ce183e95b23cd9f70e18ca">74f22db</a> Merge pull request #4956 from realm/geragray-patch-1</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/44cbcd4391c1245ce617e2dbbd86157ac1d1dc5c">44cbcd4</a> Update README.md</li> </ul> <a href="https://snyk.io/redirect/github/realm/realm-js/compare/ee9175be715ce2fb6606ae928a729af2601096f1...28019f68f9991c1120ef98ad836ac37a7362449f">Compare</a> </details> </details> <hr/> **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJlZmQwYzNjYS1lMjQ0LTQyYTItYTMxOC04NzM2MDk4YjVmNmIiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImVmZDBjM2NhLWUyNDQtNDJhMi1hMzE4LTg3MzYwOThiNWY2YiJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/sandbox-2ba/project/50a1c3b6-8d4c-4587-a7ba-f8b958614441?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/sandbox-2ba/project/50a1c3b6-8d4c-4587-a7ba-f8b958614441/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/sandbox-2ba/project/50a1c3b6-8d4c-4587-a7ba-f8b958614441/settings/integration?pkg=realm&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades) <!--- (snyk:metadata:{"prId":"efd0c3ca-e244-42a2-a318-8736098b5f6b","prPublicId":"efd0c3ca-e244-42a2-a318-8736098b5f6b","dependencies":[{"name":"realm","from":"10.19.1","to":"10.24.0"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/sandbox-2ba/project/50a1c3b6-8d4c-4587-a7ba-f8b958614441?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"50a1c3b6-8d4c-4587-a7ba-f8b958614441","env":"prod","prType":"upgrade","vulns":["SNYK-JS-QS-3153490"],"issuesToFix":[{"issueId":"SNYK-JS-QS-3153490","severity":"high","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":554,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"7.5","score":375}]}],"upgrade":["SNYK-JS-QS-3153490"],"upgradeInfo":{"versionsDiff":19,"publishedDate":"2022-11-13T10:28:26.249Z"},"templateVariants":["priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[554]}) ---> Co-authored-by: snyk-bot <snyk-bot@snyk.io>
mohammadhunan-dev
pushed a commit
to mohammadhunan-dev/docs-realm
that referenced
this pull request
Dec 27, 2022
<h3>Snyk has created this PR to upgrade realm from 10.19.1 to 10.24.0.</h3> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/> - The recommended version is **19 versions** ahead of your current version. - The recommended version was released **a month ago**, on 2022-11-13. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Prototype Pollution<br/> [SNYK-JS-QS-3153490](https://snyk.io/vuln/SNYK-JS-QS-3153490) | **554/1000** <br/> **Why?** Proof of Concept exploit, Recently disclosed, CVSS 7.5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised. <details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>realm</b></summary> <ul> <li> <b>10.24.0</b> - <a href="https://snyk.io/redirect/github/realm/realm-js/releases/tag/v10.24.0">2022-11-13</a></br><h3>Enhancements</h3> <ul> <li>Flexible sync will now wait for the server to have sent all pending history after a bootstrap before marking a subscription as Complete. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5795" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5795/hovercard">realm/realm-core#5795</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Fix database corruption and encryption issues on apple platforms. (<a href="https://snyk.io/redirect/github/realm/realm-js/issues/5076" data-hovercard-type="issue" data-hovercard-url="/realm/realm-js/issues/5076/hovercard">#5076</a>, since v10.12.0)</li> <li>Sync bootstraps will not be applied in a single write transaction - they will be applied 1MB of changesets at a time. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5999" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5999/hovercard">realm/realm-core#5999</a>, since v10.19.0).</li> <li>Fix a race condition which could result in <code>operation cancelled</code> errors being delivered to <code>Realm#open</code> rather than the actual sync error which caused things to fail. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5968" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5968/hovercard">realm/realm-core#5968</a>, v1.0.0).</li> </ul> <h3>Compatibility</h3> <ul> <li>React Native >= v0.64.0</li> <li>Atlas App Services.</li> <li>Realm Studio v12.0.0.</li> <li>APIs are backwards compatible with all previous releases of Realm JavaScript in the 10.5.x series.</li> <li>File format: generates Realms with format v22 (reads and upgrades file format v5 or later for non-synced Realm, upgrades file format v10 or later for synced Realms).</li> </ul> <h3>Internal</h3> <ul> <li>Upgraded Realm Core from v12.11.0 to v12.12.0.</li> </ul> </li> <li> <b>10.23.0</b> - <a href="https://snyk.io/redirect/github/realm/realm-js/releases/tag/v10.23.0">2022-10-31</a></br><h3>Enhancements</h3> <ul> <li>Improve performance of client reset with automatic recovery and converting top-level tables into embedded tables. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5897" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5897/hovercard">realm/realm-core#5897</a>)</li> <li>If a sync client sends a message larger than 16 MB, the sync server will request a client reset. (<a href="https://snyk.io/redirect/github/realm/realm-core/issues/5209" data-hovercard-type="issue" data-hovercard-url="/realm/realm-core/issues/5209/hovercard">realm/realm-core#5209</a>)</li> <li>Add two new modes to client reset: <code>RecoverUnsyncedChanges</code> and <code>RecoverOrDiscardUnsyncedChanges</code>. The two modes will recover local/unsynced changes with changes from the server if possible. If not possible, <code>RecoverOrDiscardUnsyncedChanges</code> will remove the local Realm file and download a fresh file from the server. The mode <code>DiscardLocal</code> is duplicated as <code>DiscardUnsyncedChanges</code>, and <code>DiscardLocal</code> is be removed in a future version. (<a href="https://snyk.io/redirect/github/realm/realm-js/issues/4135" data-hovercard-type="issue" data-hovercard-url="/realm/realm-js/issues/4135/hovercard">#4135</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Fixed a use-after-free if the last external reference to an encrypted Realm was closed between when a client reset error was received and when the download of the new Realm began. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5949" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5949/hovercard">realm/realm-core#5949</a>, since v10.20.0)</li> <li>Opening an unencrypted file with an encryption key would sometimes report a misleading error message that indicated that the problem was something other than a decryption failure. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5915" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5915/hovercard">realm/realm-core#5915</a>, since v1.0.0)</li> <li>Fixed a rare deadlock which could occur when closing a synchronized Realm immediately after committing a write transaction when the sync worker thread has also just finished processing a changeset from the sync server. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5948" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5948/hovercard">realm/realm-core#5948</a>)</li> </ul> <h3>Compatibility</h3> <ul> <li>React Native >= v0.64.0</li> <li>Atlas App Services.</li> <li>Realm Studio v12.0.0.</li> <li>APIs are backwards compatible with all previous releases of Realm JavaScript in the 10.5.x series.</li> <li>File format: generates Realms with format v22 (reads and upgrades file format v5 or later for non-synced Realm, upgrades file format v10 or later for synced Realms).</li> </ul> <h3>Internal</h3> <ul> <li>Upgraded Realm Core from v12.9.0 to v12.11.0.</li> </ul> </li> <li> <b>10.22.0</b> - <a href="https://snyk.io/redirect/github/realm/realm-js/releases/tag/v10.22.0">2022-10-17</a></br><h3>Enhancements</h3> <ul> <li>Prioritize integration of local changes over remote changes. This shortens the time users may have to wait when committing local changes. Stop storing downloaded changesets in history. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5844" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5844/hovercard">realm/realm-core#5844</a>)</li> <li>Greatly improve the performance of sorting or distincting a Dictionary's keys or values. The most expensive operation is now performed O(log N) rather than O(N log N) times, and large Dictionaries can see upwards of 99% reduction in time to sort. (<a href="https://snyk.io/redirect/github/realm/realm-core/pulls/5166">realm/realm-core#5166</a>)</li> <li>Cut the runtime of aggregate operations on large dictionaries in half. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5864" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5864/hovercard">realm/realm-core#5864</a>)</li> <li>Improve performance of aggregate operations on collections of objects by 2x to 10x. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5864" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5864/hovercard">realm/realm-core#5864</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>If a case insensitive query searched for a string including an 4-byte UTF8 character, the program would crash. (<a href="https://snyk.io/redirect/github/realm/realm-core/issues/5825" data-hovercard-type="issue" data-hovercard-url="/realm/realm-core/issues/5825/hovercard">realm/realm-core#5825</a>, since v1.0.0)</li> <li><code>Realm#writeCopyTo()</code> doesn't support flexible sync, and an exception is thrown. (<a href="https://snyk.io/redirect/github/realm/realm-core/issues/5798" data-hovercard-type="issue" data-hovercard-url="/realm/realm-core/issues/5798/hovercard">realm/realm-core#5798</a>, since v10.10.0)</li> <li>Asymmetric object types/classes cannot be used with partition-based sync, and an exception is thrown. (<a href="https://snyk.io/redirect/github/realm/realm-core/issues/5691" data-hovercard-type="issue" data-hovercard-url="/realm/realm-core/issues/5691/hovercard">realm/realm-core#5691</a>, since v10.19.0)</li> <li>If you set a subscription on a link in flexible sync, the server would not know how to handle it. (<a href="https://snyk.io/redirect/github/realm/realm-core/issues/5409" data-hovercard-type="issue" data-hovercard-url="/realm/realm-core/issues/5409/hovercard">realm/realm-core#5409</a>, since v10.10.1)</li> <li>Fixed type declarations for aggregation methods (min, max, sum, avg) to reflect implementation. (<a href="https://snyk.io/redirect/github/realm/realm-js/issues/4994" data-hovercard-type="issue" data-hovercard-url="/realm/realm-js/issues/4994/hovercard">4994</a>, since v2.0.0)</li> </ul> <h3>Compatibility</h3> <ul> <li>React Native >= v0.64.0</li> <li>Atlas App Services.</li> <li>Realm Studio v12.0.0.</li> <li>APIs are backwards compatible with all previous releases of Realm JavaScript in the 10.5.x series.</li> <li>File format: generates Realms with format v22 (reads and upgrades file format v5 or later for non-synced Realm, upgrades file format v10 or later for synced Realms).</li> </ul> <h3>Internal</h3> <ul> <li>Upgraded Realm Core from v12.6.0 to v12.9.0. (<a href="https://snyk.io/redirect/github/realm/realm-js/issues/4932" data-hovercard-type="issue" data-hovercard-url="/realm/realm-js/issues/4932/hovercard">#4932</a> and <a href="https://snyk.io/redirect/github/realm/realm-js/issues/4983" data-hovercard-type="issue" data-hovercard-url="/realm/realm-js/issues/4983/hovercard">#4983</a></li> <li>Added ARM/Linux build guide.</li> </ul> </li> <li> <b>10.21.1</b> - 2022-09-15 </li> <li> <b>10.21.0</b> - 2022-09-12 </li> <li> <b>10.20.0</b> - 2022-08-23 </li> <li> <b>10.20.0-beta.5</b> - 2022-04-13 </li> <li> <b>10.20.0-beta.4</b> - 2022-04-11 </li> <li> <b>10.20.0-beta.3</b> - 2022-03-24 </li> <li> <b>10.20.0-beta.2</b> - 2022-02-14 </li> <li> <b>10.20.0-beta.1</b> - 2022-01-27 </li> <li> <b>10.20.0-beta.0</b> - 2022-01-06 </li> <li> <b>10.20.0-alpha.2</b> - 2021-11-25 </li> <li> <b>10.20.0-alpha.1</b> - 2021-09-22 </li> <li> <b>10.20.0-alpha.0</b> - 2021-09-02 </li> <li> <b>10.19.5</b> - 2022-07-06 </li> <li> <b>10.19.4</b> - 2022-07-05 </li> <li> <b>10.19.3</b> - 2022-06-27 </li> <li> <b>10.19.2</b> - 2022-06-20 </li> <li> <b>10.19.1</b> - 2022-06-07 </li> </ul> from <a href="https://snyk.io/redirect/github/realm/realm-js/releases">realm GitHub release notes</a> </details> </details> <details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>realm</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/28019f68f9991c1120ef98ad836ac37a7362449f">28019f6</a> [10.24.0] Bump version</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/8a716b1bd65dbe8e02b039e6ed16651351a52b0c">8a716b1</a> Upgrade to Realm Core v12.2.0 (#5108)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/f20fdb5b7f51d952e6641f25c44eb88d1af6f8fa">f20fdb5</a> [10.23.0] Bump version (#5044)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/fe4986fa0e3e93ea9edad3fc964ba1c408e0e365">fe4986f</a> Revert "[10.23.0] Bump version (#5042)" (#5043)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/79e958c79776adb3a94a2b71207b7c171956a905">79e958c</a> [10.23.0] Bump version (#5042)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/a54c953a786149e8cf56a5b829da846b7ed30c6a">a54c953</a> Client reset w/recovery (#4711)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/81c02868dd4ce7b3b6ee00cfceac14151e612a30">81c0286</a> Upgrade to Realm Core v12.11.0 (#5034)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/0b253fffe8a7bfb74dcc85507340615b7e9484e8">0b253ff</a> Upgrade to Realm Core v12.10.0 (#5031)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/5b4d9bd9e0473b6b07213747c50de552739608b5">5b4d9bd</a> Fixing prebuilds env (#4925)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/5d066041c6eb2967fdee7ab9e8180b5c8e7c5a22">5d06604</a> Update CHANGELOG.md</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/a56c9d84d3aad0a3a93dc6d8add30adbe783d536">a56c9d8</a> Mention the missing support of RHEL 7 (#5010)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/af024e096cc8e51480a57129120b596bc146f14c">af024e0</a> workflows: instructions for release process (#4868)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/55f0a0ba076d239d952b049d74e4e1993ddfe693">55f0a0b</a> Prepare for vNext (#5016)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/b4cefea6dfedcad65010a19cd62dee0bfeb3f451">b4cefea</a> [10.22.0] Bump version (#5014)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/73ff72e55fc4aa6598a742270d2d0d0f03ab6b1b">73ff72e</a> Reviewed changelog</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/c051c753b6c93442a1c21b2386013623fcabbbbc">c051c75</a> Update types for min, max, avg & sum (#4999)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/bf883945c5374c9744f94b3cfd97a95f9fa7964e">bf88394</a> Support importing values with the app importer (#5004)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/8e029d691dbed99a1169dc41bdb7e616b9dd61fd">8e029d6</a> Update index.d.ts (#4993)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/b3632f0289b174b8786503c4c082ef8da98db708">b3632f0</a> Upgrade to Realm Core v12.9.0 (#4985)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/dd501a19715dd7e83497d0417a9957993652dc2b">dd501a1</a> Expand App Importer (#4988)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/17683a31364cc9772496c767c031abeec5a29b92">17683a3</a> Realm react contribution guide (#4963)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/b9c03f4bb2190262d1a5ad0b8002424d6182b51d">b9c03f4</a> Upgrade Realm React dependencies (#4960)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/74f22dbc1c3824b0b0ce183e95b23cd9f70e18ca">74f22db</a> Merge pull request #4956 from realm/geragray-patch-1</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/44cbcd4391c1245ce617e2dbbd86157ac1d1dc5c">44cbcd4</a> Update README.md</li> </ul> <a href="https://snyk.io/redirect/github/realm/realm-js/compare/ee9175be715ce2fb6606ae928a729af2601096f1...28019f68f9991c1120ef98ad836ac37a7362449f">Compare</a> </details> </details> <hr/> **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJlZmQwYzNjYS1lMjQ0LTQyYTItYTMxOC04NzM2MDk4YjVmNmIiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImVmZDBjM2NhLWUyNDQtNDJhMi1hMzE4LTg3MzYwOThiNWY2YiJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/sandbox-2ba/project/50a1c3b6-8d4c-4587-a7ba-f8b958614441?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/sandbox-2ba/project/50a1c3b6-8d4c-4587-a7ba-f8b958614441/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/sandbox-2ba/project/50a1c3b6-8d4c-4587-a7ba-f8b958614441/settings/integration?pkg=realm&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades) <!--- (snyk:metadata:{"prId":"efd0c3ca-e244-42a2-a318-8736098b5f6b","prPublicId":"efd0c3ca-e244-42a2-a318-8736098b5f6b","dependencies":[{"name":"realm","from":"10.19.1","to":"10.24.0"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/sandbox-2ba/project/50a1c3b6-8d4c-4587-a7ba-f8b958614441?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"50a1c3b6-8d4c-4587-a7ba-f8b958614441","env":"prod","prType":"upgrade","vulns":["SNYK-JS-QS-3153490"],"issuesToFix":[{"issueId":"SNYK-JS-QS-3153490","severity":"high","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":554,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"7.5","score":375}]}],"upgrade":["SNYK-JS-QS-3153490"],"upgradeInfo":{"versionsDiff":19,"publishedDate":"2022-11-13T10:28:26.249Z"},"templateVariants":["priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[554]}) ---> Co-authored-by: snyk-bot <snyk-bot@snyk.io>
mohammadhunan-dev
pushed a commit
to mongodb/docs-realm
that referenced
this pull request
Dec 27, 2022
<h3>Snyk has created this PR to upgrade realm from 10.19.1 to 10.24.0.</h3> :information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project. <hr/> - The recommended version is **19 versions** ahead of your current version. - The recommended version was released **a month ago**, on 2022-11-13. The recommended version fixes: Severity | Issue | PriorityScore (*) | Exploit Maturity | :-------------------------:|:-------------------------|-------------------------|:------------------------- <img src="https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png" width="20" height="20" title="high severity"/> | Prototype Pollution<br/> [SNYK-JS-QS-3153490](https://snyk.io/vuln/SNYK-JS-QS-3153490) | **554/1000** <br/> **Why?** Proof of Concept exploit, Recently disclosed, CVSS 7.5 | Proof of Concept (*) Note that the real score may have changed since the PR was raised. <details> <summary><b>Release notes</b></summary> <br/> <details> <summary>Package name: <b>realm</b></summary> <ul> <li> <b>10.24.0</b> - <a href="https://snyk.io/redirect/github/realm/realm-js/releases/tag/v10.24.0">2022-11-13</a></br><h3>Enhancements</h3> <ul> <li>Flexible sync will now wait for the server to have sent all pending history after a bootstrap before marking a subscription as Complete. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5795" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5795/hovercard">realm/realm-core#5795</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Fix database corruption and encryption issues on apple platforms. (<a href="https://snyk.io/redirect/github/realm/realm-js/issues/5076" data-hovercard-type="issue" data-hovercard-url="/realm/realm-js/issues/5076/hovercard">#5076</a>, since v10.12.0)</li> <li>Sync bootstraps will not be applied in a single write transaction - they will be applied 1MB of changesets at a time. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5999" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5999/hovercard">realm/realm-core#5999</a>, since v10.19.0).</li> <li>Fix a race condition which could result in <code>operation cancelled</code> errors being delivered to <code>Realm#open</code> rather than the actual sync error which caused things to fail. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5968" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5968/hovercard">realm/realm-core#5968</a>, v1.0.0).</li> </ul> <h3>Compatibility</h3> <ul> <li>React Native >= v0.64.0</li> <li>Atlas App Services.</li> <li>Realm Studio v12.0.0.</li> <li>APIs are backwards compatible with all previous releases of Realm JavaScript in the 10.5.x series.</li> <li>File format: generates Realms with format v22 (reads and upgrades file format v5 or later for non-synced Realm, upgrades file format v10 or later for synced Realms).</li> </ul> <h3>Internal</h3> <ul> <li>Upgraded Realm Core from v12.11.0 to v12.12.0.</li> </ul> </li> <li> <b>10.23.0</b> - <a href="https://snyk.io/redirect/github/realm/realm-js/releases/tag/v10.23.0">2022-10-31</a></br><h3>Enhancements</h3> <ul> <li>Improve performance of client reset with automatic recovery and converting top-level tables into embedded tables. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5897" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5897/hovercard">realm/realm-core#5897</a>)</li> <li>If a sync client sends a message larger than 16 MB, the sync server will request a client reset. (<a href="https://snyk.io/redirect/github/realm/realm-core/issues/5209" data-hovercard-type="issue" data-hovercard-url="/realm/realm-core/issues/5209/hovercard">realm/realm-core#5209</a>)</li> <li>Add two new modes to client reset: <code>RecoverUnsyncedChanges</code> and <code>RecoverOrDiscardUnsyncedChanges</code>. The two modes will recover local/unsynced changes with changes from the server if possible. If not possible, <code>RecoverOrDiscardUnsyncedChanges</code> will remove the local Realm file and download a fresh file from the server. The mode <code>DiscardLocal</code> is duplicated as <code>DiscardUnsyncedChanges</code>, and <code>DiscardLocal</code> is be removed in a future version. (<a href="https://snyk.io/redirect/github/realm/realm-js/issues/4135" data-hovercard-type="issue" data-hovercard-url="/realm/realm-js/issues/4135/hovercard">#4135</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>Fixed a use-after-free if the last external reference to an encrypted Realm was closed between when a client reset error was received and when the download of the new Realm began. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5949" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5949/hovercard">realm/realm-core#5949</a>, since v10.20.0)</li> <li>Opening an unencrypted file with an encryption key would sometimes report a misleading error message that indicated that the problem was something other than a decryption failure. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5915" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5915/hovercard">realm/realm-core#5915</a>, since v1.0.0)</li> <li>Fixed a rare deadlock which could occur when closing a synchronized Realm immediately after committing a write transaction when the sync worker thread has also just finished processing a changeset from the sync server. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5948" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5948/hovercard">realm/realm-core#5948</a>)</li> </ul> <h3>Compatibility</h3> <ul> <li>React Native >= v0.64.0</li> <li>Atlas App Services.</li> <li>Realm Studio v12.0.0.</li> <li>APIs are backwards compatible with all previous releases of Realm JavaScript in the 10.5.x series.</li> <li>File format: generates Realms with format v22 (reads and upgrades file format v5 or later for non-synced Realm, upgrades file format v10 or later for synced Realms).</li> </ul> <h3>Internal</h3> <ul> <li>Upgraded Realm Core from v12.9.0 to v12.11.0.</li> </ul> </li> <li> <b>10.22.0</b> - <a href="https://snyk.io/redirect/github/realm/realm-js/releases/tag/v10.22.0">2022-10-17</a></br><h3>Enhancements</h3> <ul> <li>Prioritize integration of local changes over remote changes. This shortens the time users may have to wait when committing local changes. Stop storing downloaded changesets in history. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5844" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5844/hovercard">realm/realm-core#5844</a>)</li> <li>Greatly improve the performance of sorting or distincting a Dictionary's keys or values. The most expensive operation is now performed O(log N) rather than O(N log N) times, and large Dictionaries can see upwards of 99% reduction in time to sort. (<a href="https://snyk.io/redirect/github/realm/realm-core/pulls/5166">realm/realm-core#5166</a>)</li> <li>Cut the runtime of aggregate operations on large dictionaries in half. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5864" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5864/hovercard">realm/realm-core#5864</a>)</li> <li>Improve performance of aggregate operations on collections of objects by 2x to 10x. (<a href="https://snyk.io/redirect/github/realm/realm-core/pull/5864" data-hovercard-type="pull_request" data-hovercard-url="/realm/realm-core/pull/5864/hovercard">realm/realm-core#5864</a>)</li> </ul> <h3>Fixed</h3> <ul> <li>If a case insensitive query searched for a string including an 4-byte UTF8 character, the program would crash. (<a href="https://snyk.io/redirect/github/realm/realm-core/issues/5825" data-hovercard-type="issue" data-hovercard-url="/realm/realm-core/issues/5825/hovercard">realm/realm-core#5825</a>, since v1.0.0)</li> <li><code>Realm#writeCopyTo()</code> doesn't support flexible sync, and an exception is thrown. (<a href="https://snyk.io/redirect/github/realm/realm-core/issues/5798" data-hovercard-type="issue" data-hovercard-url="/realm/realm-core/issues/5798/hovercard">realm/realm-core#5798</a>, since v10.10.0)</li> <li>Asymmetric object types/classes cannot be used with partition-based sync, and an exception is thrown. (<a href="https://snyk.io/redirect/github/realm/realm-core/issues/5691" data-hovercard-type="issue" data-hovercard-url="/realm/realm-core/issues/5691/hovercard">realm/realm-core#5691</a>, since v10.19.0)</li> <li>If you set a subscription on a link in flexible sync, the server would not know how to handle it. (<a href="https://snyk.io/redirect/github/realm/realm-core/issues/5409" data-hovercard-type="issue" data-hovercard-url="/realm/realm-core/issues/5409/hovercard">realm/realm-core#5409</a>, since v10.10.1)</li> <li>Fixed type declarations for aggregation methods (min, max, sum, avg) to reflect implementation. (<a href="https://snyk.io/redirect/github/realm/realm-js/issues/4994" data-hovercard-type="issue" data-hovercard-url="/realm/realm-js/issues/4994/hovercard">4994</a>, since v2.0.0)</li> </ul> <h3>Compatibility</h3> <ul> <li>React Native >= v0.64.0</li> <li>Atlas App Services.</li> <li>Realm Studio v12.0.0.</li> <li>APIs are backwards compatible with all previous releases of Realm JavaScript in the 10.5.x series.</li> <li>File format: generates Realms with format v22 (reads and upgrades file format v5 or later for non-synced Realm, upgrades file format v10 or later for synced Realms).</li> </ul> <h3>Internal</h3> <ul> <li>Upgraded Realm Core from v12.6.0 to v12.9.0. (<a href="https://snyk.io/redirect/github/realm/realm-js/issues/4932" data-hovercard-type="issue" data-hovercard-url="/realm/realm-js/issues/4932/hovercard">#4932</a> and <a href="https://snyk.io/redirect/github/realm/realm-js/issues/4983" data-hovercard-type="issue" data-hovercard-url="/realm/realm-js/issues/4983/hovercard">#4983</a></li> <li>Added ARM/Linux build guide.</li> </ul> </li> <li> <b>10.21.1</b> - 2022-09-15 </li> <li> <b>10.21.0</b> - 2022-09-12 </li> <li> <b>10.20.0</b> - 2022-08-23 </li> <li> <b>10.20.0-beta.5</b> - 2022-04-13 </li> <li> <b>10.20.0-beta.4</b> - 2022-04-11 </li> <li> <b>10.20.0-beta.3</b> - 2022-03-24 </li> <li> <b>10.20.0-beta.2</b> - 2022-02-14 </li> <li> <b>10.20.0-beta.1</b> - 2022-01-27 </li> <li> <b>10.20.0-beta.0</b> - 2022-01-06 </li> <li> <b>10.20.0-alpha.2</b> - 2021-11-25 </li> <li> <b>10.20.0-alpha.1</b> - 2021-09-22 </li> <li> <b>10.20.0-alpha.0</b> - 2021-09-02 </li> <li> <b>10.19.5</b> - 2022-07-06 </li> <li> <b>10.19.4</b> - 2022-07-05 </li> <li> <b>10.19.3</b> - 2022-06-27 </li> <li> <b>10.19.2</b> - 2022-06-20 </li> <li> <b>10.19.1</b> - 2022-06-07 </li> </ul> from <a href="https://snyk.io/redirect/github/realm/realm-js/releases">realm GitHub release notes</a> </details> </details> <details> <summary><b>Commit messages</b></summary> </br> <details> <summary>Package name: <b>realm</b></summary> <ul> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/28019f68f9991c1120ef98ad836ac37a7362449f">28019f6</a> [10.24.0] Bump version</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/8a716b1bd65dbe8e02b039e6ed16651351a52b0c">8a716b1</a> Upgrade to Realm Core v12.2.0 (#5108)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/f20fdb5b7f51d952e6641f25c44eb88d1af6f8fa">f20fdb5</a> [10.23.0] Bump version (#5044)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/fe4986fa0e3e93ea9edad3fc964ba1c408e0e365">fe4986f</a> Revert "[10.23.0] Bump version (#5042)" (#5043)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/79e958c79776adb3a94a2b71207b7c171956a905">79e958c</a> [10.23.0] Bump version (#5042)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/a54c953a786149e8cf56a5b829da846b7ed30c6a">a54c953</a> Client reset w/recovery (#4711)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/81c02868dd4ce7b3b6ee00cfceac14151e612a30">81c0286</a> Upgrade to Realm Core v12.11.0 (#5034)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/0b253fffe8a7bfb74dcc85507340615b7e9484e8">0b253ff</a> Upgrade to Realm Core v12.10.0 (#5031)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/5b4d9bd9e0473b6b07213747c50de552739608b5">5b4d9bd</a> Fixing prebuilds env (#4925)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/5d066041c6eb2967fdee7ab9e8180b5c8e7c5a22">5d06604</a> Update CHANGELOG.md</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/a56c9d84d3aad0a3a93dc6d8add30adbe783d536">a56c9d8</a> Mention the missing support of RHEL 7 (#5010)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/af024e096cc8e51480a57129120b596bc146f14c">af024e0</a> workflows: instructions for release process (#4868)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/55f0a0ba076d239d952b049d74e4e1993ddfe693">55f0a0b</a> Prepare for vNext (#5016)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/b4cefea6dfedcad65010a19cd62dee0bfeb3f451">b4cefea</a> [10.22.0] Bump version (#5014)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/73ff72e55fc4aa6598a742270d2d0d0f03ab6b1b">73ff72e</a> Reviewed changelog</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/c051c753b6c93442a1c21b2386013623fcabbbbc">c051c75</a> Update types for min, max, avg & sum (#4999)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/bf883945c5374c9744f94b3cfd97a95f9fa7964e">bf88394</a> Support importing values with the app importer (#5004)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/8e029d691dbed99a1169dc41bdb7e616b9dd61fd">8e029d6</a> Update index.d.ts (#4993)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/b3632f0289b174b8786503c4c082ef8da98db708">b3632f0</a> Upgrade to Realm Core v12.9.0 (#4985)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/dd501a19715dd7e83497d0417a9957993652dc2b">dd501a1</a> Expand App Importer (#4988)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/17683a31364cc9772496c767c031abeec5a29b92">17683a3</a> Realm react contribution guide (#4963)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/b9c03f4bb2190262d1a5ad0b8002424d6182b51d">b9c03f4</a> Upgrade Realm React dependencies (#4960)</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/74f22dbc1c3824b0b0ce183e95b23cd9f70e18ca">74f22db</a> Merge pull request #4956 from realm/geragray-patch-1</li> <li><a href="https://snyk.io/redirect/github/realm/realm-js/commit/44cbcd4391c1245ce617e2dbbd86157ac1d1dc5c">44cbcd4</a> Update README.md</li> </ul> <a href="https://snyk.io/redirect/github/realm/realm-js/compare/ee9175be715ce2fb6606ae928a729af2601096f1...28019f68f9991c1120ef98ad836ac37a7362449f">Compare</a> </details> </details> <hr/> **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiJlZmQwYzNjYS1lMjQ0LTQyYTItYTMxOC04NzM2MDk4YjVmNmIiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6ImVmZDBjM2NhLWUyNDQtNDJhMi1hMzE4LTg3MzYwOThiNWY2YiJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/sandbox-2ba/project/50a1c3b6-8d4c-4587-a7ba-f8b958614441?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/sandbox-2ba/project/50a1c3b6-8d4c-4587-a7ba-f8b958614441/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/sandbox-2ba/project/50a1c3b6-8d4c-4587-a7ba-f8b958614441/settings/integration?pkg=realm&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades) <!--- (snyk:metadata:{"prId":"efd0c3ca-e244-42a2-a318-8736098b5f6b","prPublicId":"efd0c3ca-e244-42a2-a318-8736098b5f6b","dependencies":[{"name":"realm","from":"10.19.1","to":"10.24.0"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/sandbox-2ba/project/50a1c3b6-8d4c-4587-a7ba-f8b958614441?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"50a1c3b6-8d4c-4587-a7ba-f8b958614441","env":"prod","prType":"upgrade","vulns":["SNYK-JS-QS-3153490"],"issuesToFix":[{"issueId":"SNYK-JS-QS-3153490","severity":"high","title":"Prototype Pollution","exploitMaturity":"proof-of-concept","priorityScore":554,"priorityScoreFactors":[{"type":"exploit","label":"Proof of Concept","score":107},{"type":"freshness","label":true,"score":71},{"type":"cvssScore","label":"7.5","score":375}]}],"upgrade":["SNYK-JS-QS-3153490"],"upgradeInfo":{"versionsDiff":19,"publishedDate":"2022-11-13T10:28:26.249Z"},"templateVariants":["priorityScore"],"hasFixes":true,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[554]}) ---> Co-authored-by: snyk-bot <snyk-bot@snyk.io>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
I was annoyed at having to update an error message in several different places and obviously the solution was to refactor everything to eliminate most of the duplication.
The API exposed by Table, Query and TableView for aggregate functions (e.g.
minimum_int()) was a very poor fit for what Results wanted, and some gross metaprogramming was needed to deal with this. The one exposed byListandSetwas a much better fit, so I made all of the types adopt that one. This is a breaking change for Realm Java, but it should be a very easy adjustment, and no other SDKs call these functions directly. There was also just generally a very large amount of duplicated code (ListandSethad code which could live inCollection,TableandQueryhad almost-identical code, andResultsandListduplicated some things).The old aggregate functions had explicitly unspecified return values when there were no matching rows, but some tests still checked for a specific value. The aggregate functions now return
Mixed()(i.e. null) if there are no matching values, and the tests have been adjusted to check for that. Other than that, all of the changes to tests are just non-functional syntax updates.I added some basic benchmarks to make sure this wasn't going to slow things down. Int list/set got slightly slower due to the aggregation being so fast that the small additional fixed costs are measurable, but the absolute numbers are very small. The others stayed the same or got faster, sometimes significantly. Collections of objects got faster due to it no longer building a temporary table.
Dictionaries being massively slower than the other collections is fixed by #5780, which brings "object dictionary" in line with "object list".