[Snyk] Security upgrade parse-server from 2.2.17 to 5.5.6

[hegemon70]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • integration/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	661/1000 Why? Recently disclosed, Has a fix available, CVSS 7.5	Uncontrolled Resource Consumption ('Resource Exhaustion') SNYK-JS-PARSESERVER-6028117	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: parse-server

The new version differs by 250 commits.

• ff4639a chore(release): 5.5.6 [skip ci]
• 686a9f2 fix: Server crash when uploading file without extension; fixes security vulnerability [GHSA-792q-q67h-w579](https://snyk.io/redirect/github/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579) (#8782)
• 0bb63d8 refactor: Security upgrade graphql from 16.6.0 to 16.8.1 (#8757)
• ef77b99 chore(release): 5.5.5 [skip ci]
• 6458ab0 fix: Parse Pointer allows to access internal Parse Server classes and circumvent `beforeFind` query trigger; fixes security vulnerability [GHSA-fcv6-fg5r-jm9q](https://snyk.io/redirect/github/parse-community/parse-server/security/advisories/GHSA-fcv6-fg5r-jm9q)
• 62bb396 chore(release): 5.5.4 [skip ci]
• c7fa3b9 fix: Security upgrade semver from 7.5.1 to 7.5.2 (#8704)
• 9c0abe0 chore(release): 5.5.3 [skip ci]
• 601da1e fix: Server does not start via CLI when `auth` option is set (#8669)
• e6374e7 chore(release): 5.5.2 [skip ci]
• 5fad292 fix: Remote code execution via MongoDB BSON parser through prototype pollution; fixes security vulnerability [GHSA-462x-c3jw-7vr6](https://snyk.io/redirect/github/parse-community/parse-server/security/advisories/GHSA-462x-c3jw-7vr6) (#8675)
• a036071 refactor: Upgrade semver from 7.3.8 to 7.5.1 (#8606)
• f5c6b3e refactor: Upgrade body-parser from 1.20.1 to 1.20.2 (#8607)
• 733dc29 refactor: Upgrade winston from 3.8.1 to 3.8.2 (#8609)
• e13f7bb refactor: Upgrade express from 4.18.1 to 4.18.2 (#8600)
• 81d51f3 refactor: Upgrade ws from 8.9.0 to 8.13.0 (#8567)
• c83b343 chore(release): 5.5.1 [skip ci]
• 8e83cac fix: Security upgrade @ parse/push-adapter from 4.1.2 to 4.1.3 (#8571)
• d8bff57 refactor: Upgrade @ graphql-tools/merge from 8.3.17 to 8.4.1 (#8555)
• c0a9ff8 ci: Fix outdated ubuntu version (#8540)
• ac90cb8 chore(release): 5.5.0 [skip ci]
• 196e05f feat: Add new Parse Server option `fileUpload.fileExtensions` to restrict file upload by file extension; this fixes a security vulnerability in which a phishing attack could be performed using an uploaded HTML file; by default the new option only allows file extensions matching the regex pattern `^[^hH][^tT][^mM][^lL]?$`, which excludes HTML files; this fix is released as a patch version given the severity of this vulnerability, however, if your app currently depends on uploading files with HTML file extensions then this may be a breaking change and you could allow HTML file upload by setting the option to `['.*']` (#8537)
• e9ae435 chore(release): 5.4.3 [skip ci]
• 4f0f0ec fix: Unable to create new role if `beforeSave` hook exists (#8474)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Uncontrolled Resource Consumption ('Resource Exhaustion')