refactor: Security upgrade parse from 3.5.1 to 7.0.1

[parseplatformorg]

Snyk has created this PR to fix 2 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

• package.json
• package-lock.json

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Prototype Pollution SNYK-JS-PARSE-13053302	790
	Prototype Pollution SNYK-JS-PARSE-13551630	700

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Prototype Pollution

Summary by CodeRabbit

• Chores
  • Updated the parse library dependency to the latest version.

[parse-github-assistant]

I will reformat the title to use the proper commit message syntax.

[parse-github-assistant]

🚀 Thanks for opening this pull request!

[parseplatformorg]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated the "parse" runtime dependency in package.json from version 3.5.1 to 7.0.1. This represents a major version bump with no accompanying code modifications to the codebase itself.

Changes

Cohort / File(s)	Change Summary
Dependency Update package.json	Updated "parse" dependency version from 3.5.1 to 7.0.1

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Rationale: While the change itself is straightforward (single version bump in one file), the major version upgrade (3.5.1 → 7.0.1) warrants verification that the codebase remains compatible with the breaking changes typically introduced in major releases. Review should confirm no runtime errors and compatibility with existing parse library usage patterns in the code.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description Check	⚠️ Warning	The pull request description is a Snyk-generated summary and does not adhere to the repository’s required template: it is missing the new pull request checklist, a referenced issue with a Closes line, an Approach section, and TODOs for adding tests or documentation.	Please revise the description to follow the repository template by including the checklist items, linking the related issue with a Closes statement, outlining the Approach, and adding TODOs for tests and documentation before merging.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The pull request title clearly and concisely describes the primary change—upgrading the parse dependency for security from version 3.5.1 to 7.0.1—so reviewers can immediately understand the purpose of the PR.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch snyk-fix-ed5c170a772086fbc316612f06ef54d8

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 801274a and 083a1f3.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (1)

• package.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Docker linux/amd64

🔇 Additional comments (1)

package.json (1)

59-59: Parse 7.0.1 upgrade verified: build and tests pass.

The dependency update to Parse 7.0.1 has been validated. npm ci installed successfully, the webpack build completed without Parse-related errors (233 warnings are pre-existing Sass/deprecation issues), and 77 of 78 tests passed. The single test failure (dashboard e2e › can keep mount path on redirect) is due to a missing system library for browser automation, not Parse incompatibility.

Node version caution: Parse 7.0.1 officially supports Node 18, 19, 20, or 22, but the environment used Node 24.3.0. The dependency installed and executed without errors, though this mismatch warrants verification of Parse-specific features (cloud functions, data operations) through manual smoke testing before production deployment.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[uffizzi-cloud]

Uffizzi Ephemeral Environment deployment-65633

⌚ Updated Oct 16, 2025, 13:25 UTC

☁️ https://app.uffizzi.com/github.com/parse-community/parse-dashboard/pull/3003

📄 View Application Logs etc.

What is Uffizzi? Learn more