refactor: Bump parse-server from 9.6.1 to 9.7.0

[mtrezza]

Changes

• Bumps parse-server from 9.6.1 to 9.7.0 in devDependencies
• Includes 14 bug fixes (7 security advisories) and 4 new features
• No API changes that affect parse-dashboard

Changelog

See parse-server 9.7.0 release notes

Notable changes:

• Security: Auth data exposure fix, session field immutability bypass fix, LiveQuery protected field leak fixes, GraphQL CORS and complexity DoS fixes, MFA token bypass fix, Cloud Code validator bypass fix, prototype pollution fix
• Features: protectedFieldsSaveResponseExempt option, protectedFieldsTriggerExempt option, partialFilterExpression support, DatabaseController.update matchedCount/modifiedCount
• Bug fixes: Postgres query error handling, maintenance key protected fields, duplicate session destruction, missing error messages, batch login rate limit keying

Code Changes Required

None. All changes are internal to parse-server and do not affect the parse-dashboard API surface.

Closes #3286

Summary by CodeRabbit

• Chores
  • Updated parse-server to version 9.7.0 and refreshed its dependency tree to the latest compatible versions.

[parse-github-assistant]

🚀 Thanks for opening this pull request! We appreciate your effort in improving the project. Please let us know once your pull request is ready for review.

Tip

• Keep pull requests small. Large PRs will be rejected. Break complex features into smaller, incremental PRs.
• Use Test Driven Development. Write failing tests before implementing functionality. Ensure tests pass.
• Group code into logical blocks. Add a short comment before each block to explain its purpose.
• We offer conceptual guidance. Coding is up to you. PRs must be merge-ready for human review.
• Our review focuses on concept, not quality. PRs with code issues will be rejected. Use an AI agent.
• Human review time is precious. Avoid review ping-pong. Inspect and test your AI-generated code.

Note

Please respond to review comments from AI agents just like you would to comments from a human reviewer. Let the reviewer resolve their own comments, unless they have reviewed and accepted your commit, or agreed with your explanation for why the feedback was incorrect.

Caution

Pull requests must be written using an AI agent with human supervision. Pull requests written entirely by a human will likely be rejected, because of lower code quality, higher review effort and the higher risk of introducing bugs. Please note that AI review comments on this pull request alone do not satisfy this requirement.

[parseplatformorg]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: e4af7e4b-bed8-47dc-91f2-cf7b6187be29

📥 Commits

Reviewing files that changed from the base of the PR and between 848989c and 9eb87cf.

📒 Files selected for processing (2)

• package-lock.json
• package.json

---

📝 Walkthrough

Walkthrough

This PR updates the parse-server development dependency from version 9.6.1 to 9.7.0, with corresponding updates to the lockfile that include cascading dependency version bumps for @apollo/server, express-rate-limit, graphql, redis, and related packages.

Changes

Cohort / File(s)	Summary
Dependency version bump package.json	Updated parse-server devDependency from 9.6.1 to 9.7.0.
Lockfile resolution updates package-lock.json	Updated parse-server and cascading dependencies including @apollo/server (5.4.0 → 5.5.0), express-rate-limit (8.2.1 → 8.3.0), graphql (16.11.0 → 16.13.2), redis (5.10.0 → 5.11.0), lru-cache (10.4.0 → 11.2.7), and others. Reorganized path-to-regexp entries in the dependency tree.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• refactor: Bump parse-server from 9.2.0 to 9.6.1 #3275: Related prior dependency bump of parse-server from an earlier version to 9.6.1, with this PR continuing the upgrade chain to 9.7.0.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change: updating parse-server from 9.6.1 to 9.7.0. It is concise, specific, and directly reflects the primary objective of the pull request.
Description check	✅ Passed	The description is comprehensive and covers the key aspects: what changed, why (bug fixes and features), and the impact on parse-dashboard. However, it partially deviates from the template by omitting the 'Issue' and 'Tasks' sections.
Linked Issues check	✅ Passed	The PR successfully addresses the main requirement from #3286: updating parse-server from 9.6.1 to 9.7.0 in package.json and lockfile. The description includes the changelog reference, and states no API changes affect parse-dashboard.
Out of Scope Changes check	✅ Passed	All changes are directly in scope: only parse-server version bumps in package.json and package-lock.json with corresponding dependency tree updates. No unrelated changes or code modifications detected.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 Checkov (3.2.510)

package.json

2026-03-30 21:44:40,568 [MainThread ] [ERROR] Template file not found: package.json
2026-03-30 21:44:40,579 [MainThread ] [ERROR] Template file not found: package.json
2026-03-30 21:44:40,585 [MainThread ] [ERROR] Template file not found: package.json
2026-03-30 21:44:40,677 [MainThread ] [WARNI] Secret scanning: could not process file package.json
2026-03-30 21:44:40,673 [MainThread ] [ERROR] Failed to invoke function /usr/local/lib/python3.11/dist-packages/checkov/common/runners/object_runner. with package.json
Traceback (most recent call last):
File "/usr/local/lib/python3.11/dist-packages/checkov/common/parallelizer/parallel_runner.py", line 88, in func_wrapper
result = original_func(item)
^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/dist-packages/checkov/common/runners/object_runner.py", line 74, in
results = parallel_runner.run_function(lambda f: (f, self._parse_file(f)), files_to_load)

... [truncated 2547 characters] ...

ck__)
FileNotFoundError: [Errno 2] No such file or directory: 'package.json'
2026-03-30 21:44:40,714 [MainThread ] [ERROR] Exception traceback:
Traceback (most recent call last):
File "/usr/local/lib/python3.11/dist-packages/checkov/main.py", line 647, in run
self.scan_reports = runner_registry.run(
^^^^^^^^^^^^^^^^^^^^
File "/usr/local/lib/python3.11/dist-packages/checkov/common/runners/runner_registry.py", line 177, in run
for result in parallel_runner_results:
File "/usr/local/lib/python3.11/dist-packages/checkov/common/parallelizer/parallel_runner.py", line 118, in _run_function_multiprocess_fork
raise v.internal_exception.with_traceback(v.internal_exception.traceback)
FileNotFoundError: [Errno 2] No such file or directory: 'package.json'

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[parseplatformorg]

🎉 This change has been released in version 9.1.0-alpha.12

[parseplatformorg]

🎉 This change has been released in version 9.1.0