[Snyk] Upgrade @prisma/client from 6.13.0 to 6.17.0 #45
+1
−1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade @prisma/client from 6.13.0 to 6.17.0. See this package in npm: @prisma/client See this project in Snyk: https://app.snyk.io/org/sunwuyuan/project/7f95d725-ca6f-4cce-ab56-8b055b9f632f?utm_source=github&utm_medium=referral&page=upgrade-pr
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade @prisma/client from 6.13.0 to 6.17.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 210 versions ahead of your current version.
The recommended version was released 22 days ago.
Issues fixed by the recommended upgrade:
SNYK-JS-AXIOS-12613773
SNYK-JS-BRACEEXPANSION-9789073
SNYK-JS-BRACEEXPANSION-9789073
SNYK-JS-FORMDATA-10841150
SNYK-JS-MULTER-10773732
SNYK-JS-ONHEADERS-10773729
SNYK-JS-VALIDATOR-13395830
Release notes
Package name: @prisma/client
Today, we are excited to share the
6.17.0stable release 🎉🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!
Prisma ORM
Prisma ORM is the most popular ORM in the TypeScript ecosystem. Today's release brings a number of bug fixes and improvements to Prisma ORM.
Bug fixes and improvements
configobject to configure DefaultAzureCredential:import { PrismaClient } from '@ prisma/client'
const config = {
server: 'localhost',
port: 1433,
database: 'mydb',
authentication: {
type: 'azure-active-directory-default',
},
options: {
encrypt: true,
},
}
const adapter = new PrismaMssql(config)
const prisma = new PrismaClient({ adapter })
Learn more in this PR.
@ opentelemetry/instrumentationto be compatible with">=0.52.0 <1". Learn more in this PR.Prisma Postgres
Prisma Postgres is our fully managed Postgres service designed with the same philosophy of great DX that has guided Prisma for close to a decade. With this release we are introducing the following improvements:
New usage workspace metrics available in your Console Dashboard
The Dashboard in your Prisma Console account now displays new metrics about your Prisma Postgres usage:
Using Prisma Postgres with any tool is ready for production
Previously, the only way to connect to Prisma Postgres was using Prisma ORM. That combination is great because it gives you connection pooling, global caching and overall an amazing DX.
That being said, we understand that preferences vary and some developers prefer to use plain SQL or lower-level query builders in their applications. As of this release, these ways for connecting to Prisma Postgres are now officially generally available and can be used in your production apps!
You can connect using Drizzle, Kysely, TypeORM,
psql, or any other Postgres-compatible library, database migration tools like Atlas or interfaces like DBeaver, Postico, and more.📚 Learn more in the docs.
Enterprise support
Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.
With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.
Today, we are issuing a 6.16.3 patch release focused on bug fixes.
🛠 Fixes
Prisma Client (
prisma-clientgenerator): fixed missing JSON null type definitions (JsonNull,DbNull,AnyNull) in thebrowser.tsentrypoint. (#28186)Prisma Migrate: don't add the default schema (namespace) to the generated migrations unless it was specified explicitly in the schema file. This restores the pre-6.13.0 behaviour that was inadvertently changed with enabling multi-schema support by default. Users who rely on database schemas for multi-tenancy can now again use the same migration files for all of their schemas. (prisma/prisma-engines#5614)
Prisma Client: enabled negative
takewithfindFirstagain. (prisma/prisma-engines#5616 — contributed by @ jay-l-e-e)Prisma Accelerate: aligned the behaviour of the new Rust-free client with Query Engine to handle self-signed certificates consistently and ensure backward compatibility. (#28134)
@ prisma/adapter-mariadb: fixed error event listeners leak. (#28177 — contributed by @ Tiaansu)The fix introduces the missing types, but the singleton instances differ between the client and browser entrypoints of the generated client. This means that values like
Prisma.JsonNullimported from browser cannot yet be assigned to fields expected from the client entrypoint, and vice versa. This results in confusing TypeScript errors if you mix them. A follow-up improvement is planned to unify these utility types across entrypoints.Today, we are issuing a 6.16.2 patch release.
Bug fixes
engineType = clientwith Prisma Postgres, but our validation rules permitted invalid combinations of Prisma Postgres URLs and driver adapters. This now produces a clear error message indicating Prisma Postgres URLs and driver adapters are mutually exclusive.unref()on NodeJS timers to prevent them from keeping the NodeJS event loop active. This change unintentionally affected non-NodeJS runtimes likeworkerd, where it has resulted in runtime errors. This behavior has been made conditional to prevent these runtime errors.Today, we are issuing a 6.16.1 patch release.
Bug fixes
driverAdaptersandqueryCompilerfeatures were stabilized, but leftover code in theprisma-client-tsgenerator required them to still be specified in edge runtimes. This has now been fixed, runtimes likeworkerdandvercel-edgeno longer require these preview features.Today, we are excited to share the
6.16.0stable release 🎉🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!
Prisma ORM
This section contains all the updates made in Prisma ORM v6.16.0.
Rust-free ORM and driver adapters are Generally Available
Eight months ago, we published our ORM manifesto with the first hint that we're going to remove the Rust-based query engine from Prisma ORM:
After a lot of hard work and feedback from the community, we're incredibly excited to share that the migration has been completed and you can now use Prisma ORM without its Rust engine in your production apps. 🎉 This is a major milestone in the history of Prisma ORM and comes with a lot of benefits:
… and overall a much better DX since you don't need to worry about the extra binary in your generated Prisma Client code any more.
While the Rust-free ORM will become the default in Prisma ORM v7 soon, for now you still need to opt-into using it:
generatorblock in your Prisma schema:queryCompileranddriverAdapterfeature flags from thepreviewFeaturesarray. And if you usedbinaryTargets, you can also get rid of these.pgfor PostgreSQL:PrismaClientusing thePrismaPgdriver adapter as follows:import { PrismaPg } from '@ prisma/adapter-pg'
const adapter = new PrismaPg({ connectionString: env.DATABASE_URL })
const prisma = new PrismaClient({ adapter })
// ... send queries using
prismalike before📚 To learn more and see instructions for all other supported databases, check out the documentation.
New ESM-first
prisma-clientgenerator is Generally AvailableAnother major milestone has been achieved in this release: The new, flexible and ESM-first
prisma-clientgenerator is ready for production too. Here's a quick overview of its main benefits:node_modules; generated code is fully under control by the developer// Required
provider = "prisma-client"
output = "../src/generated/prisma"
// Optional
engineType = "client"
runtime = "nodejs"
moduleFormat = "esm"
generatedFileExtension = "ts"
importFileExtension = "ts"
}
In addition to making it production-ready, we also made some changes to the
prisma-clientgenerator:Prisma.validator; you can use TypeScript nativesatisfieskeyword instead./generared/prisma/browserentrypoint for importing types in browser environmentsIf you want to try out the new generator with your favorite framework, check out one of our ready-to-run examples (e.g. for Next.js, Nuxt or React Router).
📚 Learn more in the docs.
Type check performance optimizations
Runtime performance is not the only performance category that matters. In fact, when it comes to DX, type checking performance is equally important: if your TypeScript types become too complex and the compiler needs to do too much work (e.g. inferring types), it may slow down your editor, lead to laggy auto-completion or prevent jump-to-definition from working.
We've worked with TypeScript expert David Blass to find ways for improving the type checking performance in Prisma ORM and created benchmarks comparing the type checking performance with Drizzle.
You can read about the results here: Why Prisma ORM Checks Types Faster Than Drizzle
Deprecating the
postgresqlExtensionsPreview featureWe're deprecating the
postgresqlExtensionsPreview feature. Note that this doesn't mean that you can't use extensions with Prisma ORM any more. Instead of setting the Preview feature, you can install extensions manually with a customized migration via the--create-onlyflag:You can then install an extension with plain SQL in the newly created, empty migration file:
CREATE EXTENSION IF NOT EXISTS "pgcrypto";Prisma Postgres
Prisma Postgres is our fully managed Postgres service designed with the same philosophy of great DX that has guided Prisma for close to a decade. With this release we are introducing the following improvements:
Manage OAuth apps in Prisma Console
In Prisma Console, you can now manage all of the 3rd party applications that you've granted access to perform actions on behalf of yourself in your Prisma Console account. Find the 🧩 Integrations tab in the sidenav to see which applications currently have access.
Rust-free Prisma ORM with Prisma Accelerate and Prisma Postgres
With this release, the Rust-free Prisma ORM (Query Compiler) can now be used together with Prisma Postgres and also Prisma Accelerate. This means you can take advantage of connection pooling and caching while using the new TypeScript-based ORM architecture.
To enable it, update your Prisma schema:
We'd love for you to try this out and share your feedback as we prepare for General Availability. Please open an issue on GitHub if you encounter any problems or have suggestions.
Enterprise support
Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.
With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.
Today, we are excited to share the
6.15.0stable release 🎉🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!
Highlights
AI safety guardrails for destructive commands
Prisma ORM now includes built-in safety checks that protect against destructive commands when triggered by AI coding assistants. The CLI can recognize when it is being executed by popular AI agents such as Claude Code, Gemini CLI, Qwen Code, Cursor, Aider and Replit.
If a command like
prisma migrate reset --forceis attempted, Prisma ORM will prompt for explicit confirmation before proceeding.This feature ensures that irreversible operations which drop and recreate the database are not executed automatically by an AI tool. Prisma ORM is the first ORM to provide this level of protection, making it safer to use AI-assisted development while working with your databases.
📚 Learn more in the docs.
prisma-client: runtime improvements and schema flexibilityWe simplified Prisma ORM by making the runtime options for the Prisma Client more consistent and easier to understand. Previously there were several overlapping aliases which created confusion. With this release we simplified the inputs while keeping support for all the major environments you might be targeting.
Changes include:
nodehas been removed, useruntime = "nodejs"insteaddeno-deployhas been removed, useruntime = "deno"insteadvercelhas been replaced by the newruntime = "vercel-edge"edge-lightis now just an alias forvercel-edgenodejs,deno, andbunnow share the same internal code path, while still keeping their separate input values for clarityThe updated list of supported runtimes is now:
nodejs,deno,bun,workerd(aliascloudflare),vercel-edge(aliasedge-light), andreact-native.In addition, we fixed an issue where running
prisma generatewould fail if your schema contained no models. This is now supported with the newprisma-clientgenerator, just like it already worked with the olderprisma-client-jsgenerator.For example, the following schema will now generate a client without errors:
provider = "prisma-client"
output = "../generated/client"
}
datasource db {
provider = "postgresql"
url = env("DATABASE_URL")
}
Running
prisma generatewith this schema will succeed and create the client in./generated/client.📚 Learn more in the docs.
Using Prisma ORM with Vercel Fluid
Fluid compute is a new compute model from Vercel that combines the flexibility of serverless with the stability of servers, making it ideal for dynamic workloads such as streaming data and AI APIs.
A common challenge in traditional serverless platforms is that when functions are suspended, database connection pools can’t close idle connections. This leads to leaked connections that stay open until the database times them out, which can exhaust the pool.
Vercel provides the
attachDatabasePoolutility to solve this problem. It ensures idle connections in the pool are properly released before a function is suspended, preventing connection leaks.You can use this utility together with Prisma’s driver adapters to safely manage database connections in Fluid Compute:
import { attachDatabasePool } from "@ vercel/functions";
import { PrismaPg } from "@ prisma/adapter-pg";
import { PrismaClient } from "./generated/prisma/client";
const pool = new Pool({ connectionString: process.env.POSTGRES_URL });
attachDatabasePool(pool);
const prisma = new PrismaClient({
adapter: new PrismaPg(pool),
});
📚 Learn more in the docs.
Other news
Prisma Postgres Management API is Generally Available
The Prisma Postgres Management API allows you to programmatically provision and manage Prisma Postgres instances. It’s the perfect way to spin up a database in your CI/CD workflow, see our GitHub Action examples for creating and deleting if you’re curious about this use case.
It also enables developers to offer databases to their own users! For example, did you know that Co.dev (YC23), a popular “low-code AI app builder” is using the Management API to provision Prisma Postgres instances to people building apps with their platform?
We’re excited to share that the Management API is now fully ready for production. With it moving into GA, we also added another piece of functionality where you can now create new projects without a default database.
We’re looking forward to see what you’re going to build with it!
📚 Learn more in the docs.
Prisma Postgres is now available on Pipedream
Prisma Postgres can now be used directly in your Pipedream workflows 🎉
With this integration, you can connect Prisma Postgres to over 2,800+ apps supported on Pipedream, enabling powerful automations and data workflows. For example, you can:
This makes it easier than ever to use Prisma Postgres in your automation pipelines, without needing to manage custom scripts or infrastructure.
📚 Learn more on the Pipedream integration page.
New
--jsonflag fornpx create-dbThe
npx create-dbcommand lets you spin up a temporary, production-ready Prisma Postgres database that you can later claim for continued use. With this release, you can now add the--jsonflag to return the database details in JSON format.This makes it straightforward to programmatically use the connection details, whether you are building custom APIs or integrating database provisioning into your workflows.
📚 Learn more in the docs.
Direct connections to Prisma Postgres are coming close to GA
Direct connections enable you to connect to your database using any ORM library or tool of your choice (e.g. Drizzle ORM, Kysely but also database GUIs like Postico or TablePlus).
In this release, we’ve improved the robustness of direct TCP connections and are close to bringing it to General Availability.
📚 Learn more in the docs.
Enterprise support
Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.
With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.
Today, we are excited to share the
6.14.0stable release 🎉🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!
Highlights
@ uniqueattributes for SQL views (Preview)Last release, we improved the robustness of SQL views defined in the Prisma schema. Views are virtual tables that don't allows for defining unique constraints, indexes or foreign keys in the underlying database.
However, as an application developer, it can be convenient to also define relationships involving views or paginate them using cursors. We've received this feedback from several people who had been using views in that way with Prisma ORM, so in this release we're re-introducing the
@ uniqueattribute for views. This attribute enables:findUniquequeries, cursor-based pagination & implicit ordering for viewsHere's an example schema using
@ uniqueand defining a relationship from a model to a view:id Int @ id @ default(autoincrement())
email String @ unique
posts Post[]
stats UserPostStats? @ relation(fields: [email], references: [userEmail])
}
model Post {
id Int @ id @ default(autoincrement())
title String
published Boolean @ default(false)
createdAt DateTime @ default(now())
authorId Int?
author User? @ relation(fields: [authorId], <span...