refactor: Security upgrade mongodb from 4.10.0 to 6.0.0

[parseplatformorg]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	823/1000 Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6	Server-side Request Forgery (SSRF) SNYK-JS-IP-6240864	Yes	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: mongodb

The new version differs by 250 commits.

• e57b738 chore(main): release 6.0.0 [skip-ci] (Added test for: #3711 #3762)
• e70826a docs: generate docs from latest main [skip-ci] (Some wordsmithing on test descriptions. #3744)
• df1b4f2 docs(NODE-5560): add v6 upgrade guide (Include user objectid in push payload #3844)
• 7bef363 feat(NODE-5584)!: adopt bson v6 and mongodb-client-encryption v6 (⚡ Release 2.4.1 #3845)
• 05d2725 fix(NODE-5592): withTransaction return type (How to push JSON Object in Array field of parse server #3846)
• 91152b9 chore(NODE-5581): pull in bson alpha.1 and mongodb-legacy main (Update mongodb to the latest version 🚀 #3843)
• ecb2e20 chore: fix alpha version guard
• ea2d60a refactor(NODE-5514): make FLE logic use async-await (Timeout in FileAdapter or Empty response from server when trying to upload a small size file #3830)
• a17b0af feat(NODE-5484)!: mark MongoError for internal use and remove Node14 cause assignment logic (Update pg-promise to the latest version 🚀 #3800)
• 33c86c9 feat(NODE-5566): add ability to provide CRL file via tlsCRLFile (Receive Parse.push.send using cloud function succeed but device not receiving push notification  #3834)
• 2323ca8 ci(NODE-5125): fix flaky case 14 prose test (Roles (ACL) not working properly #3833)
• a0955bd fix(NODE-5548): ensure that tlsCertificateKeyFile maps to cert and key (2.4.0 not published in npm #3819)
• bf00e32 docs(no-story): generate api docs for 5.8 release (I can get a base64 code for a image, how i can upload this image by base64 code #3832)
• 11682d0 docs(NODE-5532): fix docs for `types` and regenerate 5.7 docs (Fixes postgres flaky test #3822)
• a7ffdf5 ci(NODE-5446): revert bump dev dependencies (How to set userSensitiveFields from env. #3801) (Blog posts about parse-server running on google container engine #3829)
• 46e15e7 docs: fix cutoff sentence on CommandStartedEvent (Update body-parser to the latest version 🚀 #3827)
• 1c05b38 docs: generate 4.17.0 documentation (Update pg-promise to the latest version 🚀 #3826)
• 45f8fb9 chore(NODE-5544): fix duplicate PR highlights (Changelog 2.4.0 #3816)
• bd031fc feat(NODE-5396): add `mongodb-js/saslprep` as a required dependency (Update pg-promise to the latest version 🚀 #3815)
• fd9a467 chore(NODE-5446): bump dev dependencies (How to set userSensitiveFields from env. #3801)
• 6483276 docs(NODE-5540): Fix MDB University links in GH pages (Adds count class level permission #3814)
• 7955610 fix(NODE-4788)!: use implementer Writable methods for GridFSBucketWriteStream (Fix issue stuck sending #3808)
• 2fbb715 docs(NODE-5523): add component support matrix to readme (Activating Open Collective #3806)
• af47529 docs(NODE-5535): fix link to Transactions quickstart (Code maintenance, small refactors #3811)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Server-side Request Forgery (SSRF)

[parse-github-assistant]

I will reformat the title to use the proper commit message syntax.

[parse-github-assistant]

Thanks for opening this pull request!

• ❌ Please link an issue that describes the reason for this pull request, otherwise your pull request will be closed. Make sure to write it as Closes: #123 in the PR description, so I can recognize it.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (933e822) 94.32% compared to head (ef93637) 87.48%.

Additional details and impacted files

@@                Coverage Diff                @@
##           release-6.x.x    #8919      +/-   ##
=================================================
- Coverage          94.32%   87.48%   -6.84%     
=================================================
  Files                186      186              
  Lines              14827    14827              
=================================================
- Hits               13985    12972    -1013     
- Misses               842     1855    +1013     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.