Error in .publish after .remove and .patch is not caught and exposes user data #1707
Description
I have this code:
app.service(service).publish(entity => {
return app.channel(`sessions/${entity.session_id}/admin`)
})In my case, entity was undefined, function threw an exception and feathers dumped bunch of data back to the client, including user with hashed password, socketId and other internal data. It also ignored global error hooks completely.
It also seems happenning only with patch and remove method. Doesn't happen with .create, that one passed through error hooks (which sanitizes the data).
Node: 12.0
Feathers: 4.3.11