[Snyk] Upgrade @prisma/client from 6.13.0 to 6.16.2 #39
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade @prisma/client from 6.13.0 to 6.16.2. See this package in npm: @prisma/client See this project in Snyk: https://app.snyk.io/org/sunwuyuan/project/7f95d725-ca6f-4cce-ab56-8b055b9f632f?utm_source=github&utm_medium=referral&page=upgrade-pr
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade @prisma/client from 6.13.0 to 6.16.2.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 149 versions ahead of your current version.
The recommended version was released a month ago.
Issues fixed by the recommended upgrade:
SNYK-JS-AXIOS-12613773
SNYK-JS-BRACEEXPANSION-9789073
SNYK-JS-BRACEEXPANSION-9789073
SNYK-JS-FORMDATA-10841150
SNYK-JS-MULTER-10773732
SNYK-JS-ONHEADERS-10773729
Release notes
Package name: @prisma/client
Today, we are issuing a 6.16.2 patch release.
Bug fixes
engineType = clientwith Prisma Postgres, but our validation rules permitted invalid combinations of Prisma Postgres URLs and driver adapters. This now produces a clear error message indicating Prisma Postgres URLs and driver adapters are mutually exclusive.unref()on NodeJS timers to prevent them from keeping the NodeJS event loop active. This change unintentionally affected non-NodeJS runtimes likeworkerd, where it has resulted in runtime errors. This behavior has been made conditional to prevent these runtime errors.Today, we are issuing a 6.16.1 patch release.
Bug fixes
driverAdaptersandqueryCompilerfeatures were stabilized, but leftover code in theprisma-client-tsgenerator required them to still be specified in edge runtimes. This has now been fixed, runtimes likeworkerdandvercel-edgeno longer require these preview features.Today, we are excited to share the
6.16.0stable release 🎉🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!
Prisma ORM
This section contains all the updates made in Prisma ORM v6.16.0.
Rust-free ORM and driver adapters are Generally Available
Eight months ago, we published our ORM manifesto with the first hint that we're going to remove the Rust-based query engine from Prisma ORM:
After a lot of hard work and feedback from the community, we're incredibly excited to share that the migration has been completed and you can now use Prisma ORM without its Rust engine in your production apps. 🎉 This is a major milestone in the history of Prisma ORM and comes with a lot of benefits:
… and overall a much better DX since you don't need to worry about the extra binary in your generated Prisma Client code any more.
While the Rust-free ORM will become the default in Prisma ORM v7 soon, for now you still need to opt-into using it:
generatorblock in your Prisma schema:queryCompileranddriverAdapterfeature flags from thepreviewFeaturesarray. And if you usedbinaryTargets, you can also get rid of these.pgfor PostgreSQL:PrismaClientusing thePrismaPgdriver adapter as follows:import { PrismaPg } from '@ prisma/adapter-pg'
const adapter = new PrismaPg({ connectionString: env.DATABASE_URL })
const prisma = new PrismaClient({ adapter })
// ... send queries using
prismalike before📚 To learn more and see instructions for all other supported databases, check out the documentation.
New ESM-first
prisma-clientgenerator is Generally AvailableAnother major milestone has been achieved in this release: The new, flexible and ESM-first
prisma-clientgenerator is ready for production too. Here's a quick overview of its main benefits:node_modules; generated code is fully under control by the developer// Required
provider = "prisma-client"
output = "../src/generated/prisma"
// Optional
engineType = "client"
runtime = "nodejs"
moduleFormat = "esm"
generatedFileExtension = "ts"
importFileExtension = "ts"
}
In addition to making it production-ready, we also made some changes to the
prisma-clientgenerator:Prisma.validator; you can use TypeScript nativesatisfieskeyword instead./generared/prisma/browserentrypoint for importing types in browser environmentsIf you want to try out the new generator with your favorite framework, check out one of our ready-to-run examples (e.g. for Next.js, Nuxt or React Router).
📚 Learn more in the docs.
Type check performance optimizations
Runtime performance is not the only performance category that matters. In fact, when it comes to DX, type checking performance is equally important: if your TypeScript types become too complex and the compiler needs to do too much work (e.g. inferring types), it may slow down your editor, lead to laggy auto-completion or prevent jump-to-definition from working.
We've worked with TypeScript expert David Blass to find ways for improving the type checking performance in Prisma ORM and created benchmarks comparing the type checking performance with Drizzle.
You can read about the results here: Why Prisma ORM Checks Types Faster Than Drizzle
Deprecating the
postgresqlExtensionsPreview featureWe're deprecating the
postgresqlExtensionsPreview feature. Note that this doesn't mean that you can't use extensions with Prisma ORM any more. Instead of setting the Preview feature, you can install extensions manually with a customized migration via the--create-onlyflag:You can then install an extension with plain SQL in the newly created, empty migration file:
CREATE EXTENSION IF NOT EXISTS "pgcrypto";Prisma Postgres
Prisma Postgres is our fully managed Postgres service designed with the same philosophy of great DX that has guided Prisma for close to a decade. With this release we are introducing the following improvements:
Manage OAuth apps in Prisma Console
In Prisma Console, you can now manage all of the 3rd party applications that you've granted access to perform actions on behalf of yourself in your Prisma Console account. Find the 🧩 Integrations tab in the sidenav to see which applications currently have access.
Rust-free Prisma ORM with Prisma Accelerate and Prisma Postgres
With this release, the Rust-free Prisma ORM (Query Compiler) can now be used together with Prisma Postgres and also Prisma Accelerate. This means you can take advantage of connection pooling and caching while using the new TypeScript-based ORM architecture.
To enable it, update your Prisma schema:
We'd love for you to try this out and share your feedback as we prepare for General Availability. Please open an issue on GitHub if you encounter any problems or have suggestions.
Enterprise support
Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.
With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.
Today, we are excited to share the
6.15.0stable release 🎉🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!
Highlights
AI safety guardrails for destructive commands
Prisma ORM now includes built-in safety checks that protect against destructive commands when triggered by AI coding assistants. The CLI can recognize when it is being executed by popular AI agents such as Claude Code, Gemini CLI, Qwen Code, Cursor, Aider and Replit.
If a command like
prisma migrate reset --forceis attempted, Prisma ORM will prompt for explicit confirmation before proceeding.This feature ensures that irreversible operations which drop and recreate the database are not executed automatically by an AI tool. Prisma ORM is the first ORM to provide this level of protection, making it safer to use AI-assisted development while working with your databases.
📚 Learn more in the docs.
prisma-client: runtime improvements and schema flexibilityWe simplified Prisma ORM by making the runtime options for the Prisma Client more consistent and easier to understand. Previously there were several overlapping aliases which created confusion. With this release we simplified the inputs while keeping support for all the major environments you might be targeting.
Changes include:
nodehas been removed, useruntime = "nodejs"insteaddeno-deployhas been removed, useruntime = "deno"insteadvercelhas been replaced by the newruntime = "vercel-edge"edge-lightis now just an alias forvercel-edgenodejs,deno, andbunnow share the same internal code path, while still keeping their separate input values for clarityThe updated list of supported runtimes is now:
nodejs,deno,bun,workerd(aliascloudflare),vercel-edge(aliasedge-light), andreact-native.In addition, we fixed an issue where running
prisma generatewould fail if your schema contained no models. This is now supported with the newprisma-clientgenerator, just like it already worked with the olderprisma-client-jsgenerator.For example, the following schema will now generate a client without errors:
provider = "prisma-client"
output = "../generated/client"
}
datasource db {
provider = "postgresql"
url = env("DATABASE_URL")
}
Running
prisma generatewith this schema will succeed and create the client in./generated/client.📚 Learn more in the docs.
Using Prisma ORM with Vercel Fluid
Fluid compute is a new compute model from Vercel that combines the flexibility of serverless with the stability of servers, making it ideal for dynamic workloads such as streaming data and AI APIs.
A common challenge in traditional serverless platforms is that when functions are suspended, database connection pools can’t close idle connections. This leads to leaked connections that stay open until the database times them out, which can exhaust the pool.
Vercel provides the
attachDatabasePoolutility to solve this problem. It ensures idle connections in the pool are properly released before a function is suspended, preventing connection leaks.You can use this utility together with Prisma’s driver adapters to safely manage database connections in Fluid Compute:
import { attachDatabasePool } from "@ vercel/functions";
import { PrismaPg } from "@ prisma/adapter-pg";
import { PrismaClient } from "./generated/prisma/client";
const pool = new Pool({ connectionString: process.env.POSTGRES_URL });
attachDatabasePool(pool);
const prisma = new PrismaClient({
adapter: new PrismaPg(pool),
});
📚 Learn more in the docs.
Other news
Prisma Postgres Management API is Generally Available
The Prisma Postgres Management API allows you to programmatically provision and manage Prisma Postgres instances. It’s the perfect way to spin up a database in your CI/CD workflow, see our GitHub Action examples for creating and deleting if you’re curious about this use case.
It also enables developers to offer databases to their own users! For example, did you know that Co.dev (YC23), a popular “low-code AI app builder” is using the Management API to provision Prisma Postgres instances to people building apps with their platform?
We’re excited to share that the Management API is now fully ready for production. With it moving into GA, we also added another piece of functionality where you can now create new projects without a default database.
We’re looking forward to see what you’re going to build with it!
📚 Learn more in the docs.
Prisma Postgres is now available on Pipedream
Prisma Postgres can now be used directly in your Pipedream workflows 🎉
With this integration, you can connect Prisma Postgres to over 2,800+ apps supported on Pipedream, enabling powerful automations and data workflows. For example, you can:
This makes it easier than ever to use Prisma Postgres in your automation pipelines, without needing to manage custom scripts or infrastructure.
📚 Learn more on the Pipedream integration page.
New
--jsonflag fornpx create-dbThe
npx create-dbcommand lets you spin up a temporary, production-ready Prisma Postgres database that you can later claim for continued use. With this release, you can now add the--jsonflag to return the database details in JSON format.This makes it straightforward to programmatically use the connection details, whether you are building custom APIs or integrating database provisioning into your workflows.
📚 Learn more in the docs.
Direct connections to Prisma Postgres are coming close to GA
Direct connections enable you to connect to your database using any ORM library or tool of your choice (e.g. Drizzle ORM, Kysely but also database GUIs like Postico or TablePlus).
In this release, we’ve improved the robustness of direct TCP connections and are close to bringing it to General Availability.
📚 Learn more in the docs.
Enterprise support
Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.
With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.
Today, we are excited to share the
6.14.0stable release 🎉🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!
Highlights
@ uniqueattributes for SQL views (Preview)Last release, we improved the robustness of SQL views defined in the Prisma schema. Views are virtual tables that don't allows for defining unique constraints, indexes or foreign keys in the underlying database.
However, as an application developer, it can be convenient to also define relationships involving views or paginate them using cursors. We've received this feedback from several people who had been using views in that way with Prisma ORM, so in this release we're re-introducing the
@ uniqueattribute for views. This attribute enables:findUniquequeries, cursor-based pagination & implicit ordering for viewsHere's an example schema using
@ uniqueand defining a relationship from a model to a view:id Int @ id @ default(autoincrement())
email String @ unique
posts Post[]
stats UserPostStats? @ relation(fields: [email], references: [userEmail])
}
model Post {
id Int @ id @ default(autoincrement())
title String
published Boolean @ default(false)
createdAt DateTime @ default(now())
authorId Int?
author User? @ relation(fields: [authorId], references: [id])
}
view UserPostStats {
userEmail String @ unique
totalPosts BigInt?
publishedPosts BigInt?
unpublishedPosts BigInt?
latestPostDate DateTime? @ db.Timestamp(6)
user User?
}
Expand to view the SQL code for this view
You can now query this view and its relationship using
include:📚 Learn more in the docs.
Various fixes & stability improvements
prisma-clientgenerator and thequeryCompilerPreview feature (aka “Prisma Client without Rust engines”). Both will become the default in the upcoming Prisma 7 release and we're working hard on bringing these features into General Availability. You can try them out with your favorite stack with our ready-to-run examples.prisma.$usemethod), which was deprecated since v4.16.0. Use Prisma Client extensions instead.metricsPreview feature (which will be removed in Prisma 7)Improved type performance
In this release, we also addressed some type performance issues that led to slower editors and lagging auto-complete. If you're curious about the details, you can check the description and changes in this PR.
Other news
Increased robustness of Management API (Early Access)
We recently released an API for programmatically managing Prisma Postgres instances that's perfect for CI/CD workflows and scripting.
In this release, we made it more robust and are bringing it closer to its General Availability release.
Revoke OAuth tokens in Prisma Console
If you use OAuth to authorize third-party applications to act on your behalf in the Prisma Console, you can now revoke any app's access at any time. The Prisma Console shows a list of your authorized (connected) apps, and you can easily remove one to immediately block further access.
ICYMI
Last release was huge, so just in case you missed it, here's the TLDR of what we put out last time:
prisma.config.ts) is Generally Available – Native way to configure schema paths, migrations, seeds, and more; no need forearlyAccessflag anymore.@@ schema.pgvector,pg_search,pg_stat_statements,citext,pg_trgm,fuzzystrmatch, andunaccent. If you don't see the extension you need, you can request it here. Extensions only work on new instances, if you want to use any of them on your existing instance, reach out to us.npx create-db– Instantly spin up a new Postgres database—no authentication required.Today, we are excited to share the
6.13.0stable release 🎉🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!
Highlights
In this ORM release, we’re moving the Prisma Config file and the multi-schema feature into General Availability. This means these features now are fully production-ready and we’re looking forward to seeing what you are going to build with them!
Additionally, support for SQL views is getting an important update to further stabilize its API.
Configuring Prisma via Prisma Config is now Generally Available
The
prisma.config.tsfile is Prisma ORM’s native way to provide configuration options for your project. It currently lets you specify:seedcommand to populate your database based on some executable scriptHere’s an example Prisma Config file that specified custom locations for various project assets in and a seed script inside a
dbdirectory:import { defineConfig } from "prisma/config";
export default defineConfig({
schema: path.join("db", "schema.prisma"),
migrations: {
path: path.join("db"<sp...