refactor: Bump parse-server from 9.6.1 to 9.7.0

[dependabot]

Bumps parse-server from 9.6.1 to 9.7.0.

Release notes

Sourced from parse-server's releases.

9.7.0

9.7.0 (2026-03-30)

Bug Fixes

• Auth data exposed via verify password endpoint (GHSA-wp76-gg32-8258) (#10323) (770be86)
• Batch login sub-request rate limit uses IP-based keying (#10349) (63c37c4)
• Cloud Code trigger context vulnerable to prototype pollution (#10352) (d5f5128)
• Cloud function validator bypass via prototype chain traversal (GHSA-vpj2-qq7w-5qq6) (#10342) (dc59e27)
• Duplicate session destruction can cause unhandled promise rejection (#10319) (92791c1)
• GraphQL API endpoint ignores CORS origin restriction (GHSA-q3p6-g7c4-829c) (#10334) (4dd0d3d)
• GraphQL complexity validator exponential fragment traversal DoS (GHSA-mfj6-6p54-m98c) (#10344) (f759bda)
• LiveQuery protected field leak via shared mutable state across concurrent subscribers (GHSA-m983-v2ff-wq65) (#10330) (776c71c)
• LiveQuery protected-field guard bypass via array-like logical operator value (GHSA-mmg8-87c5-jrc2) (#10350) (f63fd1a)
• Maintenance key blocked from querying protected fields (#10290) (7c8b213)
• MFA single-use token bypass via concurrent authData login requests (GHSA-w73w-g5xw-rwhf) (#10326) (e7efbeb)
• Missing error messages in Parse errors (#10304) (f128048)
• Postgres query on non-existent column throws internal server error (#10308) (c5c4325)
• Session field immutability bypass via falsy-value guard (GHSA-f6j3-w9v3-cq22) (#10347) (9080296)

Features

• Add protectedFieldsSaveResponseExempt option to strip protected fields from save responses (#10289) (4f7cb53)
• Add protectedFieldsTriggerExempt option to exempt Cloud Code triggers from protectedFields (#10288) (1610f98)
• Add support for partialFilterExpression in MongoDB storage adapter (#10346) (8dd7bf2)
• Extend storage adapter interface to optionally return matchedCount and modifiedCount from DatabaseController.update with many: true (#10353) (aea7596)

9.7.0-alpha.18

9.7.0-alpha.18 (2026-03-30)

Features

• Extend storage adapter interface to optionally return matchedCount and modifiedCount from DatabaseController.update with many: true (#10353) (aea7596)

9.7.0-alpha.17

9.7.0-alpha.17 (2026-03-29)

Bug Fixes

• Cloud Code trigger context vulnerable to prototype pollution (#10352) (d5f5128)

9.7.0-alpha.16

9.7.0-alpha.16 (2026-03-29)

Bug Fixes

... (truncated)

Commits

• 84ca533 chore(release): 9.7.0 [skip ci]
• 6d0bd1e build: Release (#10354)
• d01675b empty commit to trigger CI
• 99fc339 chore(release): 9.7.0-alpha.18 [skip ci]
• aea7596 feat: Extend storage adapter interface to optionally return matchedCount an...
• 6183d4b chore(release): 9.7.0-alpha.17 [skip ci]
• d5f5128 fix: Cloud Code trigger context vulnerable to prototype pollution (#10352)
• e573cfa chore(release): 9.7.0-alpha.16 [skip ci]
• f63fd1a fix: LiveQuery protected-field guard bypass via array-like logical operator v...
• f897d83 chore(release): 9.7.0-alpha.15 [skip ci]
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[parse-github-assistant]

I will reformat the title to use the proper commit message syntax.

[parseplatformorg]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

[parseplatformorg]

🎉 This change has been released in version 9.1.0-alpha.12

[parseplatformorg]

🎉 This change has been released in version 9.1.0