[Snyk] Security upgrade @graphql-yoga/node from 2.6.0 to 2.13.5

[skmezanul]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	CRLF Injection SNYK-JS-UNDICI-2953389	No	Proof of Concept
	506/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 3.7	Information Exposure SNYK-JS-UNDICI-2957529	No	Proof of Concept
	484/1000 Why? Has a fix available, CVSS 5.4	CRLF Injection SNYK-JS-UNDICI-2980276	No	No Known Exploit
	534/1000 Why? Has a fix available, CVSS 6.4	Server-side Request Forgery (SSRF) SNYK-JS-UNDICI-2980286	No	No Known Exploit
	551/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 4.6	CRLF Injection SNYK-JS-UNDICI-3323844	No	Proof of Concept
	696/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 7.5	Regular Expression Denial of Service (ReDoS) SNYK-JS-UNDICI-3323845	No	Proof of Concept
	409/1000 Why? Has a fix available, CVSS 3.9	Information Exposure SNYK-JS-UNDICI-5962466	No	No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages

Package name: @graphql-yoga/node

The new version differs by 181 commits.

• d6014fc chore(release): update monorepo packages versions (Enable logs parse-community/parse-server#1502)
• c00dad3 Bump @ whatwg-node/fetch to get the latest fixes (Adds limit = 0 as a valid parameter for queries parse-community/parse-server#1493)
• 58fb6e4 docs: fix typos (Apply credential stripping to all untransforms for _User parse-community/parse-server#1498)
• 19eb2f9 Update file-uploads.mdx (WIP: Test case to repro #1488 parse-community/parse-server#1501)
• 0884232 fix(deps): update all non-major dependencies (req.user undefined in a cloud function when called by another cloud function parse-community/parse-server#1494)
• 7c31390 fix(deps): update envelop (Bug in saving new users via Cloud Code parse-community/parse-server#1495)
• 378bb5d fix(deps): update all non-major dependencies (master) (PFPush.getSubscribedChannelsInBackgroundWithBlock not working from iOS client anymore. parse-community/parse-server#1480)
• e52a83f docs: fix typos (Add test case for mongo password "^U7#V6W$NA$nE2bf" parse-community/parse-server#1492)
• dc5c3f2 docs: added file upload example to save file in disk (iOS Push broken after upgrade to 2.2.6 parse-community/parse-server#1477)
• febfc89 chore(deps): update all non-major dependencies (After migrating database to mLab, will webhooks on Parse.com still work? parse-community/parse-server#1474)
• dbcc009 chore(deps): update all non-major dependencies (Unable to start parse-server parse-community/parse-server#1463)
• 549f1fb fix(deps): update all non-major dependencies (Deploying cloud code for the first time parse-community/parse-server#1453)
• 027fa34 Fix website workflows for other branches
• 452726f Ignore graphiql for now
• 45a0972 add videos (Push status nits parse-community/parse-server#1462)
• 7d103ed chore(deps): update dependency @ types/react-dom to v18 (cannot find SimpleMailgunAdapter after upgrading 2.2.6 parse-community/parse-server#1442)
• 8d64701 Replace cross-undici-fetch with @ whatwg-node/fetch
• cffdbc2 chore(deps): update dependency ioredis to v5.2.2 (Removing sessionToken and authData from _User objects included in a query parse-community/parse-server#1450)
• 0398aca chore(deps): update actions/checkout action to v3 (Feature Request: Dashboard-Modifiable Parse Server Config parse-community/parse-server#1431)
• 06991bf Fixed broken link to envelop plugins (Push with custom Installation query doesn't reach device parse-community/parse-server#1439)
• b00affa chore(deps): update all non-major dependencies to v12.2.3 (Session lost when more than one client connects parse-community/parse-server#1436)
• 707a355 chore: add b3 branch as renovate base branch (Prevents _User lock out when setting ACL on signup or afterwards parse-community/parse-server#1429)
• a418519 chore(deps): update all non-major dependencies (Can't get APP_ID and MASTER_KEY since Parse no longer allow new signup parse-community/parse-server#1430)
• 56fd31c fix(deps): update all non-major dependencies (Update .travis.yml parse-community/parse-server#1428)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 CRLF Injection
🦉 Server-side Request Forgery (SSRF)
🦉 Regular Expression Denial of Service (ReDoS)

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

❗ No coverage uploaded for pull request base (master@656bca6). Click here to learn what that means.

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff            @@
##             master      #18   +/-   ##
=========================================
  Coverage          ?   94.03%           
=========================================
  Files             ?      182           
  Lines             ?    14438           
  Branches          ?        0           
=========================================
  Hits              ?    13577           
  Misses            ?      861           
  Partials          ?        0           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.