[Snyk] Security upgrade parse from 3.2.0 to 3.3.0

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	479/1000 Why? Has a fix available, CVSS 5.3	Regular Expression Denial of Service (ReDoS) SNYK-JS-WS-1296835	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: parse

The new version differs by 25 commits.

• 2e7a406 Release v3.3.0 (WIP: Huge performance improvement on roles queries #1383)
• 720b954 fix: upgrade ws from 7.4.6 to 7.5.0 (Files in dashboard /files instead of /parse/files #1382)
• 886f17d Fix react native build (self-hosted parse-server is slow on AWS #1381)
• 53768db fix: upgrade @ babel/runtime-corejs3 from 7.14.5 to 7.14.6 (Changelog and update to 2.2.6 #1379)
• ea9179f fix: upgrade @ babel/runtime from 7.14.5 to 7.14.6 (PUT request causes server to stop responding and memory use increases when user is a part of many Roles #1380)
• 0bd120e fix: upgrade @ babel/runtime from 7.14.0 to 7.14.5 (Removing all records doesn't affect DB snapshot #1376)
• af8b9c3 fix: upgrade @ babel/runtime-corejs3 from 7.14.0 to 7.14.5 (Cannot get back the full object from the relational field after saving an object #1377)
• e4e2425 fix: upgrade idb-keyval from 5.0.5 to 5.0.6 (Disables find on installation from clients #1374)
• 005321f fix: package.json & package-lock.json to reduce vulnerabilities (how to enable parse server logs #1370)
• 0985f59 build(deps): bump browserslist from 4.16.4 to 4.16.6 (Upgrading GCM to v4 #1369)
• 9349e81 fix: upgrade @ babel/runtime-corejs3 from 7.13.17 to 7.14.0 (Auth._loadRoles should not query the same role twice. #1366)
• eca6399 fix: upgrade @ babel/runtime from 7.13.17 to 7.14.0 (Removes only master on travis #1367)
• ffc523f Improve support for nested keys (Changelog and update to 2.2.5 #1364)
• 86c05ad fix: upgrade @ babel/runtime-corejs3 from 7.13.16 to 7.13.17 (Adds travis configuration to deploy NPM on new version tags #1361)
• b6a10a4 fix: upgrade @ babel/runtime from 7.13.16 to 7.13.17 (Delete Handler in FilesRouter not being called on delete of Class #1360)
• c84cda7 fix: upgrade @ babel/runtime-corejs3 from 7.13.10 to 7.13.16 (remove optional adapters from default dependencies  #1359)
• 7445f65 fix: upgrade @ babel/runtime from 7.13.10 to 7.13.16 (I am unable to use json format to start parse-server #1358)
• f92e78f fix: upgrade ws from 7.4.4 to 7.4.5 (🚧 Inject the default schemas properties when loading it #1357)
• e6f15fd [bug] Fix weapp uuid error. (Parse is Bandwidth throttling non migrated apps from April 28th - But how do I add jobs & cloudcode to my migrated db? #1356)
• 66878f2 fix: upgrade idb-keyval from 5.0.4 to 5.0.5 (default _SCHEMA for _User don't hold password #1355)
• 7512f53 fix EventEmitter undefined on React Native 0.64 (Adds console transport when testing with VERBOSE=1 #1351)
• d71eb33 doc improvement (equalTo and notEqualTo don't work on relations #1349)
• 16b45fd add npm lock file version check (Issue in the Migration process : "No reachable servers" #1345)
• 52cd8d4 Added an error code indicating a field with an invalid value (How to adjust password reset link? #1342)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[mtrezza]

Currently fails with

1) Parse.User testing user updates
  - Expected 5 to equal 6.

in

equal(Object.keys(user.attributes).length, 6);

Related to parse-community/Parse-SDK-JS@ffc523f; this is described in the PR as:

• Modified an existing test
  ParseUser.get('password') used to return undefined, now password is not an attribute

Solution is to adapt user test.

[codecov]

Codecov Report

Merging #7464 (ed1a7c9) into master (1fe4708) will increase coverage by 0.01%.
The diff coverage is n/a.

❗ Current head ed1a7c9 differs from pull request most recent head a434bd1. Consider uploading reports for the commit a434bd1 to get more accurate results

@@            Coverage Diff             @@
##           master    #7464      +/-   ##
==========================================
+ Coverage   93.92%   93.94%   +0.01%     
==========================================
  Files         181      181              
  Lines       13251    13251              
==========================================
+ Hits        12446    12448       +2     
+ Misses        805      803       -2     

Impacted Files	Coverage Δ
src/batch.js	91.37% <0.00%> (-1.73%)	⬇️
src/Adapters/Files/GridFSBucketAdapter.js	79.50% <0.00%> (-0.82%)	⬇️
src/RestWrite.js	93.92% <0.00%> (ø)
src/Adapters/Storage/Mongo/MongoStorageAdapter.js	93.02% <0.00%> (+0.65%)	⬆️
src/ParseServerRESTController.js	98.50% <0.00%> (+1.49%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1fe4708...a434bd1. Read the comment docs.

[parseplatformorg]

🎉 This change has been released in version 5.0.0-beta.1

[parseplatformorg]

🎉 This change has been released in version 5.0.0