refactor: Security upgrade @graphql-yoga/node from 2.6.0 to 2.13.5

[parseplatformorg]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	481/1000 Why? Recently disclosed, Has a fix available, CVSS 3.9	Permissive Cross-domain Policy with Untrusted Domains SNYK-JS-UNDICI-6252336	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @graphql-yoga/node

The new version differs by 181 commits.

• d6014fc chore(release): update monorepo packages versions (Enable logs #1502)
• c00dad3 Bump @ whatwg-node/fetch to get the latest fixes (Adds limit = 0 as a valid parameter for queries #1493)
• 58fb6e4 docs: fix typos (Apply credential stripping to all untransforms for _User #1498)
• 19eb2f9 Update file-uploads.mdx (WIP: Test case to repro #1488 #1501)
• 0884232 fix(deps): update all non-major dependencies (req.user undefined in a cloud function when called by another cloud function #1494)
• 7c31390 fix(deps): update envelop (Bug in saving new users via Cloud Code #1495)
• 378bb5d fix(deps): update all non-major dependencies (master) (PFPush.getSubscribedChannelsInBackgroundWithBlock not working from iOS client anymore. #1480)
• e52a83f docs: fix typos (Add test case for mongo password "^U7#V6W$NA$nE2bf" #1492)
• dc5c3f2 docs: added file upload example to save file in disk (iOS Push broken after upgrade to 2.2.6 #1477)
• febfc89 chore(deps): update all non-major dependencies (After migrating database to mLab, will webhooks on Parse.com still work? #1474)
• dbcc009 chore(deps): update all non-major dependencies (Unable to start parse-server #1463)
• 549f1fb fix(deps): update all non-major dependencies (Deploying cloud code for the first time #1453)
• 027fa34 Fix website workflows for other branches
• 452726f Ignore graphiql for now
• 45a0972 add videos (Push status nits #1462)
• 7d103ed chore(deps): update dependency @ types/react-dom to v18 (cannot find SimpleMailgunAdapter after upgrading 2.2.6 #1442)
• 8d64701 Replace cross-undici-fetch with @ whatwg-node/fetch
• cffdbc2 chore(deps): update dependency ioredis to v5.2.2 (Removing sessionToken and authData from _User objects included in a query #1450)
• 0398aca chore(deps): update actions/checkout action to v3 (Feature Request: Dashboard-Modifiable Parse Server Config #1431)
• 06991bf Fixed broken link to envelop plugins (Push with custom Installation query doesn't reach device #1439)
• b00affa chore(deps): update all non-major dependencies to v12.2.3 (Session lost when more than one client connects #1436)
• 707a355 chore: add b3 branch as renovate base branch (Prevents _User lock out when setting ACL on signup or afterwards #1429)
• a418519 chore(deps): update all non-major dependencies (Can't get APP_ID and MASTER_KEY since Parse no longer allow new signup #1430)
• 56fd31c fix(deps): update all non-major dependencies (Update .travis.yml #1428)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

[parse-github-assistant]

I will reformat the title to use the proper commit message syntax.

[parse-github-assistant]

Thanks for opening this pull request!

• ❌ Please link an issue that describes the reason for this pull request, otherwise your pull request will be closed. Make sure to write it as Closes: #123 in the PR description, so I can recognize it.