[Snyk] Fix for 4 vulnerabilities

[parseplatformorg]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	671/1000 Why? Recently disclosed, Has a fix available, CVSS 7.7	Improper Input Validation SNYK-JS-JSONWEBTOKEN-3180020	Yes	No Known Exploit
	611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5	Improper Authentication SNYK-JS-JSONWEBTOKEN-3180022	Yes	No Known Exploit
	611/1000 Why? Recently disclosed, Has a fix available, CVSS 6.5	Improper Restriction of Security Token Assignment SNYK-JS-JSONWEBTOKEN-3180024	Yes	No Known Exploit
	526/1000 Why? Recently disclosed, Has a fix available, CVSS 4.8	Use of a Broken or Risky Cryptographic Algorithm SNYK-JS-JSONWEBTOKEN-3180026	Yes	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: jsonwebtoken

The new version differs by 17 commits.

• e1fa9dc Merge pull request from GHSA-8cf7-32gw-wr33
• 5eaedbf chore(ci): remove github test actions job (Fix for related query on non-existing column #861)
• cd4163e chore(ci): configure Github Actions jobs for Tests & Security Scanning ([Babel] Allowing trailing comma. #856)
• ecdf6cc fix!: Prevent accidental use of insecure key sizes & misconfiguration of secrets (Wrongly generate _Session when login by Facebook #852)
• 8345030 fix(sign&verify)!: Remove default `none` support from `sign` and `verify` methods, and require it to be explicitly configured (request.user is undefined after v2.1.4 #851)
• 7e6a86b Upload OpsLevel YAML (Request: Can we have beforeCreate and afterCreate triggers? #849)
• 74d5719 docs: update references vercel/ms references (Update OneSignalPushAdapter.js [More Parameters Added for Android] #770)
• d71e383 docs: document "invalid token" error
• 3765003 docs: fix spelling in README.md: Peak -> Peek (Pointers leading to empty objects will stop the queries and show results #754)
• a46097e docs: make decode impossible to discover before verify
• 15a1bc4 refactor: make decode non-enumerable
• 5f10bf9 docs: add jwtid to options of jwt.verify (when sending push notification for android, I got MismatchSenderId error #704)
• 88cb9df Replace tilde-indexOf with includes (Uncaught internal server error. Incorrect arguments undefined #647)
• a6235fa Adds not to README on decoded payload validation (Query constraint on other query throws "improper usage of $inQuery" #646)
• 5ed1f06 docs: fix tiny style change in readme (object not found for update #597 #622)
• 9fb90ca style: add missing semicolon (Error initializing Parse in iOS client code. #641)
• a9e38b8 ci: use circleci (Wrong format of user object saved in MongoDB after pasing thru beforeSave #589)

See the full diff

Package name: jwks-rsa

The new version differs by 12 commits.

• 1e3ba06 Removes babel (Cloud code validation #226)
• 9c4fddf Update README.md
• 914dd42 V2 Release (Adds standalone parse server #225)
• 06217d7 fix: missing export (Adds proper http request to match parse original implementation #217)
• 8dc9698 Update cov path (Adding validation functions to Cloud Functions #224)
• b66e83f Simplify request wrapper (Saving anonymous users results in account already exists error #218)
• 2408cac Add alg to SigningKey types (Schema mismatch for _Session.expiresAt #220)
• 596e944 Merge pull request Implment GET /parse/schemas #221 from auth0/fix-package-lock
• 9148f51 jfrog -> npmjs
• 589dde8 Pinning Node Engine Versions (Migration already in progress. Error #212)
• dab5112 Release 1.12.2 (How to implement file upload with parse server #213)
• 61d4343 full JWK/JWS support (Add Mongo 2.6.11 to Travis-CI. #205)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Use of a Broken or Risky Cryptographic Algorithm

[parse-github-assistant]

Thanks for opening this pull request!

• ❌ Please edit your post and use the provided template when creating a new pull request. This helps everyone to understand your post better and asks for essential information to quicker review the pull request.