fix: security upgrade follow-redirects from 1.13.0 to 1.14.7

[snyk-bot]

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	658/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 5.3	Information Exposure SNYK-JS-FOLLOWREDIRECTS-2332181	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: follow-redirects

The new version differs by 40 commits.

• 2ede36d Release version 1.14.7 of the npm package.
• 8b347cb Drop Cookie header across domains.
• 6f5029a Release version 1.14.6 of the npm package.
• af706be Ignore null headers.
• d01ab7a Release version 1.14.5 of the npm package.
• 40052ea Make compatible with Node 17.
• 86f7572 Fix: clear internal timer on request abort to avoid leakage
• 2e1eaf0 Keep Authorization header on subdomain redirects.
• 2ad9e82 Carry over Host header on relative redirects (Added req.auth.user to parse cloud functions #172)
• 77e2a58 Release version 1.14.4 of the npm package.
• eb6e76f Fix another self mention.
• f26c6c6 Release version 1.14.3 of the npm package.
• 3f1b2f5 Fix timeout clearing.
• 422890d Release version 1.14.2 of the npm package.
• af63a04 Update package-lock.json version.
• 21ba514 fix: address jest testing issue (fixes Cloud Jobs Guidance #153)
• 1b45be4 Remove CI on 6.0.
• 889b0eb Release version 1.14.1 of the npm package.
• ffa0a85 Update dependencies.
• 8c6667f Do not remove all listeners on abort.
• bbe5769 Release version 1.14.0 of the npm package.
• cdd921f Fix socket leak.
• 403aa2b Update y18n.
• e9c1a5d Test on Node 16.

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

[parse-github-assistant]

I will reformat the title to use the proper commit message syntax.

[codecov]

Codecov Report

❗ No coverage uploaded for pull request base (release-4.x.x@65c13fe). Click here to learn what that means.
The diff coverage is n/a.

@@               Coverage Diff                @@
##             release-4.x.x    #7773   +/-   ##
================================================
  Coverage                 ?   84.11%           
================================================
  Files                    ?      169           
  Lines                    ?    12442           
  Branches                 ?        0           
================================================
  Hits                     ?    10465           
  Misses                   ?     1977           
  Partials                 ?        0           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 65c13fe...2286e44. Read the comment docs.

[parse-github-assistant]

Thanks for opening this pull request!

• ❌ Please edit your post and use the provided template when creating a new pull request. This helps everyone to understand your post better and asks for essential information to quicker review the pull request.

[mtrezza]

Before merging this, auto release needs to be configured for the 4.x LTS branch, so that a release is triggered.

[phillycheeze]

Are there plans to push a new release to the 4.x branch with the fix?

[mtrezza]

We are currently focused on Parse Server v5 release, which will also include this fix.

[mtrezza]

Auto-release has been added to the 4.x LTS branch, so this can be merged if tests pass.

[mtrezza]

Closing in favor of #7803.