[Snyk] Security upgrade parse-server from 4.4.0 to 6.5.10

[hopetambala]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	601/1000 Why? Recently disclosed, Has a fix available, CVSS 6.3	Cross-site Scripting (XSS) SNYK-JS-COOKIE-8163060	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: parse-server

The new version differs by 250 commits.

• 1c2b448 chore(release): 6.5.10 [skip ci]
• 97627ee fix: Security upgrade express from 4.21.0 to 4.21.1 (#9339)
• 144781a chore(release): 6.5.9 [skip ci]
• 1bfbccf fix: Custom object ID allows to acquire role privileges ([GHSA-8xq9-g7ch-35hg](https://snyk.io/redirect/github/parse-community/parse-server/security/advisories/GHSA-8xq9-g7ch-35hg)) (#9318)
• 12ce46d chore(release): 6.5.8 [skip ci]
• d5290d4 fix: Various vulnerabilities related to cross-site scripting (#9310)
• 52729fd chore(release): 6.5.7 [skip ci]
• f332d54 fix: SQL injection when using Parse Server with PostgreSQL; fixes security vulnerability [GHSA-c2hr-cqg6-8j6r](https://snyk.io/redirect/github/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r) (#9168)
• 3012ff7 refactor: Security upgrade ws from 8.16.0 to 8.17.1 (#9157)
• 0d5e01c test: Disable OAuth 1 tests with Twitter API (#9162)
• 09ead54 chore(release): 6.5.6 [skip ci]
• 0e92f76 fix: Facebook Limited Login not workind due to incorrect domain in JWT validation (#9120)
• acea93c refactor: Upgrade graphql-relay from 0.10.0 to 0.10.1 (#9096)
• 490898e refactor: Upgrade @ babel/eslint-parser from 7.23.3 to 7.24.1 (#9091)
• 63db281 refactor: Upgrade winston from 3.11.0 to 3.12.0 (#9054)
• 72ba762 refactor: Upgrade express from 4.18.2 to 4.18.3 (#9042)
• eba0da4 refactor: Upgrade @ babel/eslint-parser from 7.21.8 to 7.23.3 (#8868)
• dc53521 ci: Fix auto-release (#9035)
• 9dc0235 chore(release): 6.5.5 [skip ci]
• 5ae6d6a fix: Server crashes on invalid Cloud Function or Cloud Job name; fixes security vulnerability [GHSA-6hh7-46r2-vf29](https://snyk.io/redirect/github/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29) (#9023)
• 3773203 chore(release): 6.5.4 [skip ci]
• 8ff444d fix: Server crashes when receiving an array of `Parse.Pointer` in the request body (#9012)
• 9cb44c0 chore(release): 6.5.3 [skip ci]
• 09b6a95 ci: Fix auto-release (#9021)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Cross-site Scripting (XSS)