joe/kami-parse-server
Public Access
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Custom object ID allows to acquire role privileges ([GHSA-8xq9-g7ch-35hg](https://github.com/parse-community/parse-server/security/advisories/GHSA-8xq9-g7ch-35hg)) (#9318)

Browse Source
This commit is contained in:
Manuel
2024-10-03 21:28:41 +02:00
committed by GitHub
parent 12ce46db81
commit 1bfbccf9ee
5 changed files with 75 additions and 92 deletions
Download Patch File Download Diff File Expand all files Collapse all files

108
package-lock.json generated
View File

@@ -18,11 +18,11 @@
"@parse/fs-files-adapter": "2.0.1",
"@parse/push-adapter": "5.1.1",
"bcryptjs": "2.4.3",
"body-parser": "^1.20.3",
"body-parser": "1.20.3",
"commander": "10.0.1",
"cors": "2.8.5",
"deepcopy": "2.1.0",
"express": "^4.21.0",
"express": "4.21.0",
"express-rate-limit": "6.7.0",
"follow-redirects": "1.15.6",
"graphql": "16.8.1",
@@ -39,7 +39,7 @@
"mongodb": "4.10.0",
"mustache": "4.2.0",
"otpauth": "9.2.2",
"parse": "4.1.0",
"parse": "4.2.0",
"path-to-regexp": "6.2.1",
"pg-monitor": "2.0.0",
"pg-promise": "11.5.4",
@@ -3099,53 +3099,6 @@
"node": ">= 14"
}
},
"node_modules/@parse/push-adapter/node_modules/parse": {
"version": "4.2.0",
"resolved": "https://registry.npmjs.org/parse/-/parse-4.2.0.tgz",
"integrity": "sha512-K8bWs0wM2qRhkSr6N16j8OvsF6Uallrynqng9e+tzR3RdKuB09vaJh48qrf9MbiJ1Ya4JZI7AfEHYF+ywEKs7Q==",
"dependencies": {
"@babel/runtime-corejs3": "7.21.0",
"idb-keyval": "6.2.0",
"react-native-crypto-js": "1.0.0",
"uuid": "9.0.0",
"ws": "8.13.0",
"xmlhttprequest": "1.8.0"
},
"engines": {
"node": ">=14.21.0 <17 || >=18 <20"
},
"optionalDependencies": {
"crypto-js": "4.1.1"
}
},
"node_modules/@parse/push-adapter/node_modules/uuid": {
"version": "9.0.0",
"resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.0.tgz",
"integrity": "sha512-MXcSTerfPa4uqyzStbRoTgt5XIe3x5+42+q1sDuy3R5MDk66URdLMOZe5aPX/SQd+kuYAh0FdP/pO28IkQyTeg==",
"bin": {
"uuid": "dist/bin/uuid"
}
},
"node_modules/@parse/push-adapter/node_modules/ws": {
"version": "8.13.0",
"resolved": "https://registry.npmjs.org/ws/-/ws-8.13.0.tgz",
"integrity": "sha512-x9vcZYTrFPC7aSIbj7sRCYo7L/Xb8Iy+pW0ng0wt2vCJv7M9HOMy0UoN3rr+IFC7hb7vXoqS+P9ktyLLLhO+LA==",
"engines": {
"node": ">=10.0.0"
},
"peerDependencies": {
"bufferutil": "^4.0.1",
"utf-8-validate": ">=5.0.2"
},
"peerDependenciesMeta": {
"bufferutil": {
"optional": true
},
"utf-8-validate": {
"optional": true
}
}
},
"node_modules/@protobufjs/aspromise": {
"version": "1.1.2",
"resolved": "https://registry.npmjs.org/@protobufjs/aspromise/-/aspromise-1.1.2.tgz",
@@ -16946,15 +16899,15 @@
}
},
"node_modules/parse": {
"version": "4.1.0",
"resolved": "https://registry.npmjs.org/parse/-/parse-4.1.0.tgz",
"integrity": "sha512-s0Ti+nWrKWj9DlFcmkEE05fGwa/K5ycZSdqCz01F8YL7Hevqv4WLXAmYGOwzq5UJSZ005seKgb20KwVwLdy/Zg==",
"version": "4.2.0",
"resolved": "https://registry.npmjs.org/parse/-/parse-4.2.0.tgz",
"integrity": "sha512-K8bWs0wM2qRhkSr6N16j8OvsF6Uallrynqng9e+tzR3RdKuB09vaJh48qrf9MbiJ1Ya4JZI7AfEHYF+ywEKs7Q==",
"dependencies": {
"@babel/runtime-corejs3": "7.21.0",
"idb-keyval": "6.2.0",
"react-native-crypto-js": "1.0.0",
"uuid": "9.0.0",
"ws": "8.12.0",
"ws": "8.13.0",
"xmlhttprequest": "1.8.0"
},
"engines": {
@@ -17000,9 +16953,9 @@
}
},
"node_modules/parse/node_modules/ws": {
"version": "8.12.0",
"resolved": "https://registry.npmjs.org/ws/-/ws-8.12.0.tgz",
"integrity": "sha512-kU62emKIdKVeEIOIKVegvqpXMSTAMLJozpHZaJNDYqBjzlSYXQGviYwN1osDLJ9av68qHd4a2oSjd7yD4pacig==",
"version": "8.13.0",
"resolved": "https://registry.npmjs.org/ws/-/ws-8.13.0.tgz",
"integrity": "sha512-x9vcZYTrFPC7aSIbj7sRCYo7L/Xb8Iy+pW0ng0wt2vCJv7M9HOMy0UoN3rr+IFC7hb7vXoqS+P9ktyLLLhO+LA==",
"engines": {
"node": ">=10.0.0"
},
@@ -23970,33 +23923,6 @@
"firebase-admin": "12.0.0",
"npmlog": "7.0.1",
"parse": "4.2.0"
},
"dependencies": {
"parse": {
"version": "4.2.0",
"resolved": "https://registry.npmjs.org/parse/-/parse-4.2.0.tgz",
"integrity": "sha512-K8bWs0wM2qRhkSr6N16j8OvsF6Uallrynqng9e+tzR3RdKuB09vaJh48qrf9MbiJ1Ya4JZI7AfEHYF+ywEKs7Q==",
"requires": {
"@babel/runtime-corejs3": "7.21.0",
"crypto-js": "4.1.1",
"idb-keyval": "6.2.0",
"react-native-crypto-js": "1.0.0",
"uuid": "9.0.0",
"ws": "8.13.0",
"xmlhttprequest": "1.8.0"
}
},
"uuid": {
"version": "9.0.0",
"resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.0.tgz",
"integrity": "sha512-MXcSTerfPa4uqyzStbRoTgt5XIe3x5+42+q1sDuy3R5MDk66URdLMOZe5aPX/SQd+kuYAh0FdP/pO28IkQyTeg=="
},
"ws": {
"version": "8.13.0",
"resolved": "https://registry.npmjs.org/ws/-/ws-8.13.0.tgz",
"integrity": "sha512-x9vcZYTrFPC7aSIbj7sRCYo7L/Xb8Iy+pW0ng0wt2vCJv7M9HOMy0UoN3rr+IFC7hb7vXoqS+P9ktyLLLhO+LA==",
"requires": {}
}
}
},
"@protobufjs/aspromise": {
@@ -34573,16 +34499,16 @@
}
},
"parse": {
"version": "4.1.0",
"resolved": "https://registry.npmjs.org/parse/-/parse-4.1.0.tgz",
"integrity": "sha512-s0Ti+nWrKWj9DlFcmkEE05fGwa/K5ycZSdqCz01F8YL7Hevqv4WLXAmYGOwzq5UJSZ005seKgb20KwVwLdy/Zg==",
"version": "4.2.0",
"resolved": "https://registry.npmjs.org/parse/-/parse-4.2.0.tgz",
"integrity": "sha512-K8bWs0wM2qRhkSr6N16j8OvsF6Uallrynqng9e+tzR3RdKuB09vaJh48qrf9MbiJ1Ya4JZI7AfEHYF+ywEKs7Q==",
"requires": {
"@babel/runtime-corejs3": "7.21.0",
"crypto-js": "4.1.1",
"idb-keyval": "6.2.0",
"react-native-crypto-js": "1.0.0",
"uuid": "9.0.0",
"ws": "8.12.0",
"ws": "8.13.0",
"xmlhttprequest": "1.8.0"
},
"dependencies": {
@@ -34592,9 +34518,9 @@
"integrity": "sha512-MXcSTerfPa4uqyzStbRoTgt5XIe3x5+42+q1sDuy3R5MDk66URdLMOZe5aPX/SQd+kuYAh0FdP/pO28IkQyTeg=="
},
"ws": {
"version": "8.12.0",
"resolved": "https://registry.npmjs.org/ws/-/ws-8.12.0.tgz",
"integrity": "sha512-kU62emKIdKVeEIOIKVegvqpXMSTAMLJozpHZaJNDYqBjzlSYXQGviYwN1osDLJ9av68qHd4a2oSjd7yD4pacig==",
"version": "8.13.0",
"resolved": "https://registry.npmjs.org/ws/-/ws-8.13.0.tgz",
"integrity": "sha512-x9vcZYTrFPC7aSIbj7sRCYo7L/Xb8Iy+pW0ng0wt2vCJv7M9HOMy0UoN3rr+IFC7hb7vXoqS+P9ktyLLLhO+LA==",
"requires": {}
}
}