search

parse-community / parse-server-push-adapter

A push notification adapter for Parse Server
https://parseplatform.org
MIT License
85 stars 100 forks source link

refactor: Security upgrade parse from 4.2.0 to 4.3.1 #230

Closed parseplatformorg closed 1 month ago

parseplatformorg commented 7 months ago

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

#### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - package.json - package-lock.json #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **644/1000**
**Why?** Has a fix available, CVSS 8.6 | Use of Weak Hash
[SNYK-JS-CRYPTOJS-6028119](https://snyk.io/vuln/SNYK-JS-CRYPTOJS-6028119) | No | No Known Exploit (*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: parse The new version differs by 81 commits.
  • 2f94e49 chore(release): 4.3.1 [skip ci]
  • 9449cc3 build: Release (#2052)
  • d2c7b28 release
  • 42adbe9 chore(release): 4.3.1-beta.1 [skip ci]
  • 5ac82dc build: Release (#2050)
  • 660ac6a release
  • e73c4f9 Merge branch 'release' into build-release
  • 5194c03 chore(release): 4.3.0 [skip ci]
  • 8981f78 build: Release (#2049)
  • f76dbd0 release
  • 96b676f refactor: Upgrade @ babel/runtime-corejs3 from 7.23.1 to 7.23.2 (#2046)
  • c7aacd2 chore(release): 4.3.0-alpha.6 [skip ci]
  • fd50b9d fix: Security upgrade browserify-sign from 4.2.1 to 4.2.2 (#2043)
  • c0309b8 chore(release): 4.3.0-alpha.5 [skip ci]
  • 681fbdf fix: Security upgrade crypto-js from 4.1.1 to 4.2.0 (#2042)
  • 2ce2158 refactor: Bump @ babel/traverse from 7.22.0 to 7.23.2 (#2041)
  • 28fb115 refactor: Upgrade @ babel/runtime-corejs3 from 7.22.15 to 7.23.1 (#2040)
  • 4cbe6d1 chore(release): 4.3.0-alpha.4 [skip ci]
  • 360981f fix: Error in web context when `window.indexedDB` API is available but protected (#2039)
  • 3bf55f6 refactor: Upgrade uuid from 9.0.0 to 9.0.1 (#2037)
  • 43f6218 chore(release): 4.3.0-alpha.3 [skip ci]
  • 4da3ebc fix: Connection failure in `Parse.Object.saveEventually` and `Parse.Object.destroyEventually` not handled on custom `Parse.Error.CONNECTION_FAILURE` message (#2032)
  • e36ddaf chore(release): 4.3.0-alpha.2 [skip ci]
  • dc91d0f fix: Docs fail with `Cannot find module 'taffydb'` (#2036)
See the full diff
Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/acinader/project/b0adf7a4-b021-4a61-8d76-16d0d77d4062?utm_source=github&utm_medium=referral&page=fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/acinader/project/b0adf7a4-b021-4a61-8d76-16d0d77d4062?utm_source=github&utm_medium=referral&page=fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"70f56894-0a0c-4cd1-bf88-e74d4c7bf677","prPublicId":"70f56894-0a0c-4cd1-bf88-e74d4c7bf677","dependencies":[{"name":"parse","from":"4.2.0","to":"4.3.1"}],"packageManager":"npm","projectPublicId":"b0adf7a4-b021-4a61-8d76-16d0d77d4062","projectUrl":"https://app.snyk.io/org/acinader/project/b0adf7a4-b021-4a61-8d76-16d0d77d4062?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-JS-CRYPTOJS-6028119"],"upgrade":["SNYK-JS-CRYPTOJS-6028119"],"isBreakingChange":false,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[644],"remediationStrategy":"vuln"}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Use of Weak Hash](https://learn.snyk.io/lesson/insecure-hash/?loc=fix-pr)
parse-github-assistant[bot] commented 7 months ago

I will reformat the title to use the proper commit message syntax.

parse-github-assistant[bot] commented 7 months ago

Thanks for opening this pull request!

codecov[bot] commented 7 months ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (5536102) 100.00% compared to head (fdadb7c) 100.00%.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## master #230 +/- ## ========================================= Coverage 100.00% 100.00% ========================================= Files 5 5 Lines 277 277 ========================================= Hits 277 277 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.