[Snyk] Security upgrade parse-server from 2.3.2 to 4.10.14

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • appengine/parse-server/package.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	626/1000 Why? Recently disclosed, Has a fix available, CVSS 6.8	Information Exposure SNYK-JS-PARSESERVER-3018916	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: parse-server

The new version differs by 250 commits.

• e29f7c0 chore(release): 4.10.14 [skip ci]
• 634c44a fix: brute force guessing of user sensitive data via search patterns; this fixes a security vulnerability in which internal and protected fields may be used as query constraints to guess the value of these fields and obtain sensitive data (GHSA-2m6g-crv8-p3c6) (#8143)
• 4748e9b chore(release): 4.10.13 [skip ci]
• 054f3e6 fix: protected fields exposed via LiveQuery; this removes protected fields from the client response; this may be a breaking change if your app is currently expecting to receive these protected fields ([GHSA-crrq-vr9j-fxxh](https://snyk.io/redirect/github/parse-community/parse-server/security/advisories/GHSA-crrq-vr9j-fxxh)) (#8074)
• 6286d2e chore(release): 4.10.12 [skip ci]
• 5f42322 fix: invalid file request not properly handled; this fixes a security vulnerability in which an invalid file request can crash the server ([GHSA-xw6g-jjvf-wwf9](https://snyk.io/redirect/github/parse-community/parse-server/security/advisories/GHSA-xw6g-jjvf-wwf9)) (#8059)
• ad680bd chore(release): 4.10.11 [skip ci]
• 145838d fix: certificate in Apple Game Center auth adapter not validated; this fixes a security vulnerability in which authentication could be bypassed using a fake certificate; if you are using the Apple Gamer Center auth adapter it is your responsibility to keep its root certificate up-to-date and we advice you read the security advisory ([GHSA-rh9j-f5f8-rvgc](https://snyk.io/redirect/github/parse-community/parse-server/security/advisories/GHSA-rh9j-f5f8-rvgc))
• 8580a52 fix CI timeout
• 53afafa Update gcenter.js
• c411c48 Create game_center.pem
• 07786c1 fix adapter
• b00b041 chore(release): 4.10.10 [skip ci]
• 1930a64 fix: authentication bypass and denial of service (DoS) vulnerabilities in Apple Game Center auth adapter (GHSA-qf8x-vqjv-92gr) (#7963)
• cd354b7 chore(release): 4.10.9 [skip ci]
• 3d80ee5 fix: security upgrade @ parse/push-adapter from 3.4.1 to 4.1.2 (#7897)
• bf88869 chore(release): 4.10.8 [skip ci]
• d347613 fix: sensitive keyword detection may produce false positives (#7883)
• 02f88f4 docs: add details to changelog (#7842)
• 7c84477 chore(release): 4.10.7 [skip ci]
• 886bfd7 fix: security vulnerability that allows remote code execution (ghsa p6h4 93qp jhcm) (#7841)
• 318c203 ci: fix changelog file path (#7835)
• 6f25ea9 ci: add manual docker release workflow (#7809)
• cd41626 chore(release): 4.10.6 [skip ci]

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.