Skip to content

[Snyk] Security upgrade parse-server from 2.2.25 to 2.7.1 #47

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade parse-server from 2.2.25 to 2.7.1 #47

wants to merge 1 commit into from

Conversation

@digitake
Copy link
Owner

@digitake digitake commented Feb 12, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 823/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6		 Server-side Request Forgery (SSRF)
SNYK-JS-IP-6240864		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: parse-server The new version differs by 250 commits.
  • 1f22ee3 ⚡ Release 2.7.1
  • ca542c3 Fix test name to match what's tested
  • 1876d3f Add doesNotMatchKeyInQuery case...
  • 4ceff38 added test for dot-notation in matchesKeyInQuery
  • 741f869 Allows to use dot-notation to match against a complex structure when using matchesKeyInQuery
  • 9d1d851 pg-promise refactoring (#4401)
  • 9eed81e Remove nsp check from Travis YML (#4403)
  • e2d3367 Makes all scripts cross platforms (#4383)
  • 6102648 ⚡ Release 2.7.0 (#4385)
  • dd55bbe Fix eslint errors on Windows (#4364)
  • 4bccf96 Add Indexes to Schema API (#4240)
  • 6a15107 Bump nodejs version to 6+ (#4272)
  • ea57c52 let travis build against 3.x
  • 219ad72 Fixes sessionTokens being overridden in 'find' (#4332)
  • 2b9397a Update contributing.md (#4368)
  • 4f56ec6 fix(package): update commander to version 2.12.1 (#4382)
  • cc48e54 fix(package): update commander to version 2.12.0 (#4371)
  • c021539 fix(package): update ws to version 3.3.2 (#4367)
  • 49d0a65 chore(package): update uws to version 9.14.0 (#4366)
  • 7944e2b Remove hidden properties from aggregate responses (#4351)
  • 37ceae0 fix(package): update pg-promise to version 7.3.2 (#4362)
  • 8bf6abf Patch handleShutdown feature (#4361)
  • de73f37 Scoped packages (#4354)
  • e1d04cd Adds Table of Contents to README (#4357)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)

@snyk-bot
fix: package.json to reduce vulnerabilities
e13a8bc 
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-IP-6240864
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@digitake @snyk-bot