[Snyk] Security upgrade parse-server from 2.2.17 to 5.4.1

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • integration/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	721/1000 Why? Recently disclosed, Has a fix available, CVSS 8.7	Authentication Bypass SNYK-JS-PARSESERVER-3261242	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: parse-server

The new version differs by 250 commits.

• 30576f1 chore(release): 5.4.1 [skip ci]
• e016d81 fix: The client IP address may be determined incorrectly in some cases; it is now required to set the Parse Server option `trustProxy` accordingly if Parse Server runs behind a proxy server, see the express framework's [trust proxy](https://expressjs.com/en/guide/behind-proxies.html) setting; this fixes a security vulnerability in which the Parse Server option `masterKeyIps` may be circumvented, see [GHSA-vm5r-c87r-pf6x](https://snyk.io/redirect/github/parse-community/parse-server/security/advisories/GHSA-vm5r-c87r-pf6x) (#8369)
• c8bc200 ci: Add LTS branches to CI workflow
• 09d04b0 ci: update auto-release workflow
• 38f64be ci: update auto-release for LTS
• 9b34b02 chore(release): 5.4.0 [skip ci]
• e373f09 build: Release (#8324)
• a9a9772 Merge branch 'release' into beta
• 735669a refactor: Prototype pollution via Cloud Code Webhooks; fixes security vulnerability [GHSA-93vw-8fm5-p2jf](https://snyk.io/redirect/github/parse-community/parse-server/security/advisories/GHSA-93vw-8fm5-p2jf) (#8307)
• fd8a11b chore(release): 5.3.3 [skip ci]
• 60c5a73 fix: Prototype pollution via Cloud Code Webhooks; fixes security vulnerability [GHSA-93vw-8fm5-p2jf](https://snyk.io/redirect/github/parse-community/parse-server/security/advisories/GHSA-93vw-8fm5-p2jf) (#8305)
• 3e983c4 chore(release): 5.3.2 [skip ci]
• d9c3c02 refactor: Parse Server option `requestKeywordDenylist` can be bypassed via Cloud Code Webhooks or Triggers; fixes security vulnerability [GHSA-xprv-wvh7-qqqx](https://snyk.io/redirect/github/parse-community/parse-server/security/advisories/GHSA-xprv-wvh7-qqqx) (#8303)
• 6728da1 fix: Parse Server option `requestKeywordDenylist` can be bypassed via Cloud Code Webhooks or Triggers; fixes security vulnerability [GHSA-xprv-wvh7-qqqx](https://snyk.io/redirect/github/parse-community/parse-server/security/advisories/GHSA-xprv-wvh7-qqqx) (#8302)
• 46dbecd refactor: Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-prm5-8g2m-24gg](https://snyk.io/redirect/github/parse-community/parse-server/security/advisories/GHSA-prm5-8g2m-24gg) (#8298)
• 2458a8c chore(release): 5.3.1 [skip ci]
• 50eed3c fix: Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-prm5-8g2m-24gg](https://snyk.io/redirect/github/parse-community/parse-server/security/advisories/GHSA-prm5-8g2m-24gg) (#8295)
• 0e30c76 chore(release): 5.4.0-beta.1 [skip ci]
• 1d277db build: beta release (#8264)
• 5e9d494 Merge branch 'beta' into build-beta
• 12e174b chore(release): 5.3.0 [skip ci]
• 2549540 build: release (#8263)
• 50409aa Merge branch 'release' into build-release
• 9053e79 chore(release): 5.3.0-alpha.32 [skip ci]

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.