[Snyk] Security upgrade parse-server from 2.2.25 to 6.5.5

[kiarza2543]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	786/1000 Why? Recently disclosed, Has a fix available, CVSS 10	SQL Injection SNYK-JS-PARSESERVER-6356272	Yes	No Known Exploit
	736/1000 Why? Recently disclosed, Has a fix available, CVSS 9	Improper Input Validation SNYK-JS-PARSESERVER-6467606	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: parse-server

The new version differs by 250 commits.

• 9dc0235 chore(release): 6.5.5 [skip ci]
• 5ae6d6a fix: Server crashes on invalid Cloud Function or Cloud Job name; fixes security vulnerability [GHSA-6hh7-46r2-vf29](https://snyk.io/redirect/github/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29) (#9023)
• 3773203 chore(release): 6.5.4 [skip ci]
• 8ff444d fix: Server crashes when receiving an array of `Parse.Pointer` in the request body (#9012)
• 9cb44c0 chore(release): 6.5.3 [skip ci]
• 09b6a95 ci: Fix auto-release (#9021)
• 422958e fix: Security upgrade follow-redirects from 1.15.5 to 1.15.6 (#9019)
• b8535b3 ci: Fix LTS releases are published as pre-releases (#8989)
• 9282bc5 ci: Fix failing Docker release by removing arm/v6 and arm/v7 support (#8977)
• 47184f0 refactor: Upgrade graphql-list-fields from 2.0.2 to 2.0.4 (#8973)
• d53c1f3 refactor: Upgrade winston-daily-rotate-file from 4.7.1 to 5.0.0 (#8974)
• d3ec2e2 chore(release): 6.5.2 [skip ci]
• 0fa0aab fix: Security upgrade @ parse/push-adapter from 5.1.0 to 5.1.1 (#8975)
• 46761d3 chore(release): 6.5.1 [skip ci]
• bba24dd fix: Security upgrade @ parse/push-adapter from 5.0.2 to 5.1.0 (#8972)
• 30258be docs: Remove incorrect change log entries (#8963)
• 5f9a27f chore(release): 6.5.0 [skip ci]
• 297faae ci: Fix incorrect release branch config (#8962)
• a6e6549 fix: Improve PostgreSQL injection detection; fixes security vulnerability [GHSA-6927-3vr9-fxf2](https://snyk.io/redirect/github/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2) which affects Parse Server deployments using a Postgres database (#8960)
• 244e343 refactor: Upgrade redis from 4.6.12 to 4.6.13 (#8955)
• 33c648d refactor: Upgrade uuid from 9.0.0 to 9.0.1 (#8943)
• 4524c35 refactor: Upgrade follow-redirects from 1.15.2 to 1.15.5 (#8931)
• 70e0cb3 refactor: Upgrade jwks-rsa from 2.1.5 to 3.1.0 (#8932)
• 519dee9 refactor: Upgrade winston from 3.8.2 to 3.11.0 (#8933)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 SQL Injection
🦉 Improper Input Validation