Skip to content

fix: Security upgrade parse from 3.5.1 to 7.0.1 #3003

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 22, 2025
Merged

fix: Security upgrade parse from 3.5.1 to 7.0.1 #3003

merged 1 commit into from
Oct 22, 2025

Conversation

@parseplatformorg
Copy link
Contributor

@parseplatformorg parseplatformorg commented Oct 16, 2025
edited by coderabbitai bot
Loading

snyk-top-banner

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • package.json
  • package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Prototype Pollution
SNYK-JS-PARSE-13053302		   790  
high severity Prototype Pollution
SNYK-JS-PARSE-13551630		   700  

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • Max score is 1000. Note that the real score may have changed since the PR was raised.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

Summary by CodeRabbit

  • Chores
    • Updated the parse library dependency to the latest version.

@parse-github-assistant
Copy link

I will reformat the title to use the proper commit message syntax.

@parse-github-assistant parse-github-assistant bot changed the title [Snyk] Security upgrade parse from 3.5.1 to 7.0.1 refactor: Security upgrade parse from 3.5.1 to 7.0.1 Oct 16, 2025
@parse-github-assistant
Copy link

parse-github-assistant bot commented Oct 16, 2025
edited
Loading

🚀 Thanks for opening this pull request!

@parseplatformorg
Copy link
Contributor Author

Snyk checks have passed. No issues have been found so far.

Status Scanner Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

@coderabbitai
Copy link

coderabbitai bot commented Oct 16, 2025
edited
Loading

📝 Walkthrough

Walkthrough

Updated the "parse" runtime dependency in package.json from version 3.5.1 to 7.0.1. This represents a major version bump with no accompanying code modifications to the codebase itself.

Changes

Cohort / File(s) Change Summary
Dependency Update
package.json		 Updated "parse" dependency version from 3.5.1 to 7.0.1

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Rationale: While the change itself is straightforward (single version bump in one file), the major version upgrade (3.5.1 → 7.0.1) warrants verification that the codebase remains compatible with the breaking changes typically introduced in major releases. Review should confirm no runtime errors and compatibility with existing parse library usage patterns in the code.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Description Check ⚠️ Warning The pull request description is a Snyk-generated summary and does not adhere to the repository’s required template: it is missing the new pull request checklist, a referenced issue with a Closes line, an Approach section, and TODOs for adding tests or documentation. Please revise the description to follow the repository template by including the checklist items, linking the related issue with a Closes statement, outlining the Approach, and adding TODOs for tests and documentation before merging.
✅ Passed checks (2 passed)
Check name Status Explanation
Docstring Coverage ✅ Passed No functions found in the changes. Docstring coverage check skipped.
Title Check ✅ Passed The pull request title "fix: Security upgrade parse from 3.5.1 to 7.0.1" directly and specifically describes the main change in the changeset. It clearly identifies the package being updated (parse), the versions involved (3.5.1 to 7.0.1), and the nature of the change (a security upgrade/fix). The title is concise and uses descriptive language that avoids vague terms; a teammate scanning the commit history would immediately understand this is a security-related dependency update. The title effectively summarizes the primary change without including noise or unnecessary details.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch snyk-fix-ed5c170a772086fbc316612f06ef54d8

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@uffizzi-cloud
Copy link

uffizzi-cloud bot commented Oct 16, 2025

Uffizzi Ephemeral Environment deployment-65633

⌚ Updated Oct 16, 2025, 13:25 UTC

☁️ https://app.uffizzi.com/github.com/parse-community/parse-dashboard/pull/3003

📄 View Application Logs etc.

What is Uffizzi? Learn more

@mtrezza mtrezza changed the title refactor: Security upgrade parse from 3.5.1 to 7.0.1 fix: Security upgrade parse from 3.5.1 to 7.0.1 Oct 22, 2025
@mtrezza mtrezza merged commit 5123fbf into alpha Oct 22, 2025
11 checks passed
@mtrezza mtrezza deleted the snyk-fix-ed5c170a772086fbc316612f06ef54d8 branch October 22, 2025 12:24
parseplatformorg pushed a commit that referenced this pull request Oct 22, 2025
@semantic-release-bot
chore(release): 7.6.0-alpha.12 [skip ci]
98069a8 
# [7.6.0-alpha.12](7.6.0-alpha.11...7.6.0-alpha.12) (2025-10-22)

### Bug Fixes

* Security upgrade parse from 3.5.1 to 7.0.1 ([#3003](#3003)) ([5123fbf](5123fbf))
@parseplatformorg
Copy link
Contributor Author

🎉 This change has been released in version 7.6.0-alpha.12

@parseplatformorg parseplatformorg added the state:released-alpha Released as alpha version label Oct 22, 2025
This was referenced Oct 25, 2025
Closed
Merged
@coderabbitai coderabbitai bot mentioned this pull request Oct 25, 2025
Merged
2 tasks
parseplatformorg pushed a commit that referenced this pull request Nov 1, 2025
@semantic-release-bot
chore(release): 8.0.0 [skip ci]
5eda26c 
# [8.0.0](7.5.0...8.0.0) (2025-11-01)

### Bug Fixes

* Add missing major version increase of dashboard release ([#3005](#3005)) ([5debb4d](5debb4d))
* Cannot connect to server with error invalid header name ([#3006](#3006)) ([ea4ec07](ea4ec07))
* Currently displayed view reloads when editing and saving a different view ([#3002](#3002)) ([794a35a](794a35a))
* Dashboard config objects stored on server with public read / write access ([#2997](#2997)) ([31a4639](31a4639))
* ESC key does not cancel editing in data browser cell ([#3001](#3001)) ([d1d7241](d1d7241))
* Filter text field in data browser partly looses focus when hitting enter key to apply filter ([#2992](#2992)) ([e3085b9](e3085b9))
* Filter text field in data browser partly looses focus when selecting in drop-down element by hitting enter key to apply filter ([#2993](#2993)) ([f4c17c7](f4c17c7))
* Info panel briefly shows cached media content from previously selected cell when using pre-fetch ([#3008](#3008)) ([dd6a85e](dd6a85e))
* Missing alert when changing data browser browser data while rows are selected ([#2994](#2994)) ([6cabaa3](6cabaa3))
* Security upgrade parse from 3.5.1 to 7.0.1 ([#3003](#3003)) ([5123fbf](5123fbf))
* Security upgrade passport from 0.5.3 to 0.6.0 ([#3000](#3000)) ([fbb5e6d](fbb5e6d))
* Session management issue that causes malformed redirect URLs ([#3011](#3011)) ([1649dd3](1649dd3))
* Storing view on server creates view key with hashed view name instead of UUID ([#2995](#2995)) ([7cb65f3](7cb65f3))
* Switching between browser tabs can cause illegible text color for config parameter value field ([#3010](#3010)) ([77c5c67](77c5c67))
* View table data may be retained when switching between views ([#2996](#2996)) ([ddc91c9](ddc91c9))

### Features

* Add `matches regex` filter to data browser replacing limited `string contains string` filter ([#2991](#2991)) ([64a9f71](64a9f71))
* Add info panel options `prefetchImage`, `prefetchVideo`, `prefetchAudio` to pre-fetch media content in the info panel ([#3009](#3009)) ([6796c9e](6796c9e))
* Add Parse Server version compatibility detection ([#3004](#3004)) ([9a7a60f](9a7a60f))

### Performance Improvements

* Storing, deleting, modifying view in server storage now only affects the specific view instead of updating all views ([#2998](#2998)) ([48cea3c](48cea3c))

### BREAKING CHANGES

* This increases the required minimum version to Parse Server 7. ([5debb4d](5debb4d))
@parseplatformorg
Copy link
Contributor Author

🎉 This change has been released in version 8.0.0

@parseplatformorg parseplatformorg added the state:released Released as stable version label Nov 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] approved these changes

Assignees

No one assigned

Labels

state:released Released as stable version state:released-alpha Released as alpha version

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@parseplatformorg @mtrezza @snyk-bot