[Snyk] Security upgrade @parse/push-adapter from 3.4.0 to 4.1.2

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Open Redirect SNYK-JS-NODEFORGE-2330875	Yes	Proof of Concept
	529/1000 Why? Has a fix available, CVSS 6.3	Prototype Pollution SNYK-JS-NODEFORGE-2331908	Yes	No Known Exploit
	566/1000 Why? Recently disclosed, Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430337	Yes	No Known Exploit
	651/1000 Why? Recently disclosed, Has a fix available, CVSS 7.3	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430339	Yes	No Known Exploit
	566/1000 Why? Recently disclosed, Has a fix available, CVSS 5.6	Improper Verification of Cryptographic Signature SNYK-JS-NODEFORGE-2430341	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @parse/push-adapter

The new version differs by 31 commits.

• 552813c chore(release): 4.1.2 [skip ci]
• 7257c9a fix: security bump node-apn 5.1.0 to 5.1.3 (error: unauthorized parse-community/parse-server#207)
• 7a13880 chore(release): 4.1.1 [skip ci]
• 3b41a4e fix: security bump node-fetch from 2.6.6 to 2.6.7 (Can't download a file that doesn't exist on the server or locally parse-community/parse-server#206)
• 81ae499 refactor: upgrade parse from 3.3.0 to 3.4.0 (got "Internal server Error" when trying to query for _User  parse-community/parse-server#202)
• 0c9f2d7 ci: fix code coverage (Zombied parse.com migration, manual migration option parse-community/parse-server#201)
• 79a7ee9 chore(release): 4.1.0 [skip ci]
• 6a04533 ci: add missing node token
• 97d87a9 ci: add missing node token
• 025d113 ci: enable npm publish
• efb3d9b Revert "chore(release): 4.1.0 [skip ci]"
• ff6249e chore(release): 4.1.0 [skip ci]
• 13f23a2 ci: disable auto-release dry-run
• 7155d44 ci: add auto release (Add npm badge to README. parse-community/parse-server#199)
• e0541ec feat: add support for APNS `interruption-level` and `target-content-id` (infrastructure for service providers implementation  parse-community/parse-server#197)
• b6d1d4f docs: fix typo in changelog
• 91e28d1 docs: fix typo in changelog
• cdddb6b docs: add 4.0.0 release notes
• 9c2c05f fix: bump node-apns to 5.0 (Add push parameter checking and query installation parse-community/parse-server#198)
• 8870248 Release v3.4.1 (Updated user tests, added /logout parse-community/parse-server#193)
• b1b4f1a Bump path-parse from 1.0.6 to 1.0.7 (Run custom query directly from MongoDB but return results through parse-server parse-community/parse-server#192)
• 86ca966 fix: package.json & package-lock.json to reduce vulnerabilities (Added MailAdapter and support for Mailgun API parse-community/parse-server#191)
• 044b44d Bump hosted-git-info from 2.8.4 to 2.8.9 (Add .idea folder to ignore list. parse-community/parse-server#190)
• 95605d5 Bump lodash from 4.17.19 to 4.17.21 (Add istanbul for code coverage parse-community/parse-server#189)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Open Redirect
🦉 Prototype Pollution