-
-
Notifications
You must be signed in to change notification settings - Fork 4.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Security upgrade parse from 3.2.0 to 3.3.0 #7464
Conversation
The following vulnerabilities are fixed with an upgrade: - https://snyk.io/vuln/SNYK-JS-WS-1296835
Currently fails with
in
Related to parse-community/Parse-SDK-JS@ffc523f; this is described in the PR as:
Solution is to adapt user test. |
Codecov Report
@@ Coverage Diff @@
## master #7464 +/- ##
==========================================
+ Coverage 93.92% 93.94% +0.01%
==========================================
Files 181 181
Lines 13251 13251
==========================================
+ Hits 12446 12448 +2
+ Misses 805 803 -2
Continue to review full report at Codecov.
|
* master: (55 commits) Accept context via header X-Parse-Cloud-Context (parse-community#7437) [Snyk] Upgrade ws from 7.4.6 to 7.5.3 (parse-community#7457) fix: upgrade @apollographql/graphql-playground-html from 1.6.28 to 1.6.29 (parse-community#7473) fix: upgrade @apollographql/graphql-playground-html from 1.6.27 to 1.6.28 (parse-community#7411) fix: upgrade graphql from 15.5.0 to 15.5.1 (parse-community#7462) [Snyk] Security upgrade parse from 3.2.0 to 3.3.0 (parse-community#7464) fix: upgrade apollo-server-express from 2.25.1 to 2.25.2 (parse-community#7465) fix: upgrade graphql-tag from 2.12.4 to 2.12.5 (parse-community#7466) fix: upgrade graphql-relay from 0.7.0 to 0.8.0 (parse-community#7467) Add MongoDB 5.0 support + bump CI env (parse-community#7469) changed twitter API endpoint for oauth test (parse-community#7472) add runtime deprecation warning (parse-community#7451) bumped node (parse-community#7452) fix: upgrade apollo-server-express from 2.25.0 to 2.25.1 (parse-community#7449) fix: upgrade subscriptions-transport-ws from 0.9.19 to 0.10.0 (parse-community#7450) fix: upgrade mongodb from 3.6.8 to 3.6.9 (parse-community#7445) fix: upgrade mongodb from 3.6.7 to 3.6.8 (parse-community#7430) fix: upgrade apollo-server-express from 2.24.1 to 2.25.0 (parse-community#7435) fix: upgrade ldapjs from 2.2.4 to 2.3.0 (parse-community#7436) fix: upgrade graphql-relay from 0.6.0 to 0.7.0 (parse-community#7443) ...
* bump parse 3.3.0 * Update CHANGELOG.md * update user test (PR #7464) * fix Twitter API oauth Error (PR #7370) * bumped dependencies * Revert "bumped dependencies" This reverts commit 97ad83d. * bump @parse/push-adapter 3.4.1 * bump jwks-rsa@1.12.3 * bump mongodb@3.6.11 * bump ws@7.5.3 * changed logging for circular obj (PR #7457) * Update CHANGELOG.md
🎉 This change has been released in version 5.0.0-beta.1 |
🎉 This change has been released in version 5.0.0 |
Squashed commits: [1306da7] Merge pull request from GHSA-23r4-5mxp-c7g5 [3a5c38d] revert to version 4.5.0 for testing [a3483d8] fix changelog skip 4.5.1 [3c42584] 4.5.2 [97b1dca] revert to version 4.5.0 for testing [f3133ac] Release 4.10.1 (parse-community#7508) * bump parse 3.3.0 * Update CHANGELOG.md * update user test (PR parse-community#7464) * fix Twitter API oauth Error (PR parse-community#7370) * bumped dependencies * Revert "bumped dependencies" This reverts commit 97ad83d. * bump @parse/push-adapter 3.4.1 * bump jwks-rsa@1.12.3 * bump mongodb@3.6.11 * bump ws@7.5.3 * changed logging for circular obj (PR parse-community#7457) * Update CHANGELOG.md [7e1da90] added changelog [0e3cae5] audit fix [f0d5232] bumped version [4ac4b7f] Merge pull request from GHSA-7pr3-p5fm-8r9x * fix: LQ deletes session token * add 4.10.4 * add changes [ef2ec21] ci: update docker image building (parse-community#7553) * docker * Update docker-publish.yml * Update docker-publish.yml [6ae5835] Merge pull request from GHSA-xqp8-w826-hh6x * Backport the advisory fix * Added a 4.10.3 section to CHANGELOG [0bfa6b7] Release 4.10.2 (parse-community#7513) * move graphql-tag from devDependencies to dependencies (parse-community#7183) * bump version * Update CHANGELOG.md [0be0b87] bump version
Squashed commits: [1306da7] Merge pull request from GHSA-23r4-5mxp-c7g5 [3a5c38d] revert to version 4.5.0 for testing [a3483d8] fix changelog skip 4.5.1 [3c42584] 4.5.2 [97b1dca] revert to version 4.5.0 for testing [f3133ac] Release 4.10.1 (parse-community#7508) * bump parse 3.3.0 * Update CHANGELOG.md * update user test (PR parse-community#7464) * fix Twitter API oauth Error (PR parse-community#7370) * bumped dependencies * Revert "bumped dependencies" This reverts commit 97ad83d. * bump @parse/push-adapter 3.4.1 * bump jwks-rsa@1.12.3 * bump mongodb@3.6.11 * bump ws@7.5.3 * changed logging for circular obj (PR parse-community#7457) * Update CHANGELOG.md [7e1da90] added changelog [0e3cae5] audit fix [f0d5232] bumped version [4ac4b7f] Merge pull request from GHSA-7pr3-p5fm-8r9x * fix: LQ deletes session token * add 4.10.4 * add changes [ef2ec21] ci: update docker image building (parse-community#7553) * docker * Update docker-publish.yml * Update docker-publish.yml [6ae5835] Merge pull request from GHSA-xqp8-w826-hh6x * Backport the advisory fix * Added a 4.10.3 section to CHANGELOG [0bfa6b7] Release 4.10.2 (parse-community#7513) * move graphql-tag from devDependencies to dependencies (parse-community#7183) * bump version * Update CHANGELOG.md [0be0b87] bump version
Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.
Changes included in this PR
Vulnerabilities that will be fixed
With an upgrade:
Why? Has a fix available, CVSS 5.3
SNYK-JS-WS-1296835
(*) Note that the real score may have changed since the PR was raised.
Commit messages
Package name: parse
The new version differs by 25 commits.See the full diff
Check the changes in this PR to ensure they won't cause issues with your project.
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.
For more information:
🧐 View latest project report
🛠 Adjust project settings
📚 Read more about Snyk's upgrade and patch logic