[Snyk] Fix for 4 vulnerabilities

[hopetambala]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	534/1000 Why? Has a fix available, CVSS 6.4	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	Yes	No Known Exploit
	539/1000 Why? Has a fix available, CVSS 6.5	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	Yes	No Known Exploit
	554/1000 Why? Has a fix available, CVSS 6.8	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	Yes	No Known Exploit
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-SEMVER-3247795	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: parse-dashboard

The new version differs by 172 commits.

• 2a90ae6 chore(release): 5.3.0 [skip ci]
• 6ec8f9c build: Release (#2510)
• daba564 release
• 77d039a chore(release): 5.3.0-beta.1 [skip ci]
• b1a87dc build: Release (#2499)
• c60bbf2 release
• bd67056 Merge branch 'beta' into build-alpha
• 5b85740 chore(release): 5.2.0 [skip ci]
• e077c19 build: Release (#2498)
• 9d553fb release
• 7ec5461 chore(release): 5.2.0-alpha.28 [skip ci]
• 103b9c6 feat: Add security checks page (#2491)
• 3e696f8 refactor: Security upgrade semver from 7.3.7 to 7.5.2 (#2493)
• 8e46203 refactor: Add lint and prettier (#2492)
• 47b8ca2 chore(release): 5.2.0-alpha.27 [skip ci]
• 5bbb94e fix: Adding a file when adding a new row in the data browser doesn't show filename (#2471)
• e45d7bf chore(release): 5.2.0-alpha.26 [skip ci]
• 8df4e4d fix: File extension is hidden in file field when editing object in modal dialog in data browser (#2472)
• a3af032 chore(release): 5.2.0-alpha.25 [skip ci]
• 8c28d24 fix: Incorrect highlight maker position in class list in data browser (#2490)
• 842d84a chore(release): 5.2.0-alpha.24 [skip ci]
• 64d3913 feat: Add support for confirmation dialog before script execution in data browser (#2481)
• 359ebdc chore(release): 5.2.0-alpha.23 [skip ci]
• e98d653 feat: Add parameter `selectedField` to script payload to determine which object field was selected when script was invoked (#2483)

See the full diff

Package name: parse-server

The new version differs by 250 commits.

• 5b1bb59 chore(release): 6.4.0 [skip ci]
• 2612a38 build: Release (#8809)
• c6355cd release
• 90aac62 Merge branch 'release' into build-release
• ea57a77 refactor: Server crash when uploading file without extension; fixes security vulnerability [GHSA-792q-q67h-w579](https://snyk.io/redirect/github/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579) (#8780)
• b0c012e chore(release): 6.3.1 [skip ci]
• fd86278 fix: Server crash when uploading file without extension; fixes security vulnerability [GHSA-792q-q67h-w579](https://snyk.io/redirect/github/parse-community/parse-server/security/advisories/GHSA-792q-q67h-w579) (#8781)
• 0593985 chore(release): 6.4.0-beta.1 [skip ci]
• f5e20f9 build: Release (#8749)
• 9c6cdf4 release
• 4baeae4 Merge branch 'beta' into build
• 3602ecb chore(release): 6.3.0 [skip ci]
• 7f89399 build: Release (#8748)
• 88a9106 release
• 391c7a0 Merge branch 'release' into build
• 6ea65f2 chore(release): 6.3.0-alpha.9 [skip ci]
• 45a3ed0 perf: Improve performance of recursive pointer iterations (#8741)
• 977edea test: Add tests for `isGet` parameter in Cloud Code trigger `beforeFind` (#8738)
• 739ffbe refactor: Parse Pointer allows to access internal Parse Server classes and circumvent `beforeFind` query trigger (#8734)
• 5954f0f refactor: Parse Pointer allows to access internal Parse Server classes and circumvent `beforeFind` query trigger (#8735)
• d141b82 chore(release): 6.2.2 [skip ci]
• be4c7e2 fix: Parse Pointer allows to access internal Parse Server classes and circumvent `beforeFind` query trigger; fixes security vulnerability [GHSA-fcv6-fg5r-jm9q](https://snyk.io/redirect/github/parse-community/parse-server/security/advisories/GHSA-fcv6-fg5r-jm9q)
• 877eede chore(release): 6.3.0-alpha.8 [skip ci]
• 2b3d4e5 fix: Redis 4 does not reconnect after unhandled error (#8706)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Improper Authentication
🦉 Use of a Broken or Risky Cryptographic Algorithm
🦉 Regular Expression Denial of Service (ReDoS)