Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Snyk] Security upgrade parse-server from 2.2.17 to 3.1.0 #44

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[Snyk] Security upgrade parse-server from 2.2.17 to 3.1.0 #44

wants to merge 1 commit into from

Conversation

hegemon70
Copy link
Owner

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • integration/package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
critical severity 858/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 9.3		 Authentication Bypass
SNYK-JS-HAWK-6969142		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: parse-server The new version differs by 250 commits.
  • c692f07 ⚡ Release 3.1.0 (#5127)
  • 4b7037a Fix intense CPU usage when sessionToken is invalid in liveQuery (#5126)
  • 318a784 Update bcrypt to the latest version 🚀 (#5128)
  • 7c81290 Live query CLP (#4387)
  • 17bd5c3 Add changelog for two already merged pr's
  • 07220b3 Update eslint-plugin-flowtype to the latest version 🚀 (#5121)
  • 0685a0e Update flow-bin to the latest version 🚀 (#5118)
  • 5fba636 fix typo
  • f9e108c nit
  • a0de2bc Move logic out of User and Classes controllers
  • b3b4461 pr comments:
  • 6ebce18 Expire password reset tokens if user's email changes.
  • 152ff41 fix the expectation on the failing test.
  • 34b51f7 Add failing test to show
  • 317682d Typos
  • 8dff708 Update semver to the latest version 🚀 (#5117)
  • 635f54b Update mongodb to the latest version 🚀 (#5115)
  • 2ce3c9c Update mongodb to the latest version 🚀 (#5112)
  • 645ddaf Update commander to the latest version 🚀 (#5108)
  • 5373cb7 Update follow-redirects to the latest version 🚀 (#5111)
  • 2f0e581 Update pg-promise to the latest version 🚀 (#5110)
  • f1bc55b Reduces number of calls to injectDefaultSchema (#5107)
  • 7fe4030 Return success on sendPasswordResetEmail even if email not found.
  • 7a01fa0 Update ws to the latest version 🚀 (#5101)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Note: This is a default PR template raised by Snyk. Find out more about how you can customise Snyk PRs in our documentation.

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Authentication Bypass

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hegemon70 @snyk-bot