[Snyk] Upgrade @prisma/client from 5.10.2 to 5.16.0 #2
Conversation
Snyk has created this PR to upgrade @prisma/client from 5.10.2 to 5.16.0. See this package in npm: @prisma/client See this project in Snyk: https://app.snyk.io/org/eryn-muetzel/project/0c5924b1-f0dd-47b6-9de1-8c9fb6f5c7cb?utm_source=github&utm_medium=referral&page=upgrade-pr
|
Hi, I’m Jit, a friendly security platform designed to help developers build secure applications from day zero with an MVS (Minimal viable security) mindset. In case there are security findings, they will be communicated to you as a comment inside the PR. Hope you’ll enjoy using Jit. Questions? Comments? Want to learn more? Get in touch with us. |
Minder Vulnerability Report ✅Minder analyzed this PR and found no vulnerable dependencies.
|
1 similar comment
Minder Vulnerability Report ✅Minder analyzed this PR and found no vulnerable dependencies.
|
Dependency InformationMinder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile. 📦 Dependency: @nrwl/nx-darwin-arm64Trusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-darwin-x64Trusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-arm-gnueabihfTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-arm64-gnuTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-arm64-muslTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-x64-gnuTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-x64-muslTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-win32-arm64-msvcTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-win32-x64-msvcTrusty Score: 0Scoring details
📦 Dependency: json-schema-traverseTrusty Score: 4.8Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
|
|
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: npm/@prisma/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected] |
|
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an install script?Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
This PR was automatically created by Snyk using the credentials of a real user.
Snyk has created this PR to upgrade @prisma/client from 5.10.2 to 5.16.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 520 versions ahead of your current version.
The recommended version was released on 22 days ago.
Release notes
Package name: @prisma/client
🌟 Help us spread the word about Prisma by starring the repo or tweeting about the release. 🌟
Highlights
Omit model fields globally
With Prisma ORM 5.16.0 we’re more than happy to announce that we’re expanding the
omitApiPreview feature to also include the ability to omit fields globally.When the Preview feature is enabled, you’re able to define fields to omit when instantiating Prisma Client.
You’re also able to omit fields from multiple models and multiple fields from the same model
With both local and global
omit, you now have the flexibility to completely remove sensitive fields while also tailoring individual queries. If you need the ability to generally omit a field except in a specific query, you can also overwrite a global omit locallyomit: {
user: {
// password is omitted globally.
password: true,
},
},
});
const userWithPassword = await prisma.user.findUnique({
omit: { password: false }, // omit now false, so password is returned
where: { id: 1 },
});
Changes to
prismaSchemaFolderIn
5.15.0we released theprismaSchemaFolderPreview feature, allowing you to create multiple Prisma Schema files in aprisma/schemadirectory. We’ve gotten a lot of great feedback and are really excited with how the community has been using the feature.To continue improving our multi-file schema support, we have a few breaking changes to the
prismaSchemaFolderfeature:prismaSchemaFolderfeature, a path is now relative to the file it is defined in rather than relative to theprisma/schemafolder. This means that if you have a generator block in/project/prisma/schema/config/generator.prismawith anoutputof./foothe output will be resolved to/project/prisma/schema/config/foorather than/project/prisma/foo. The path to a SQLite file will be resolved in the same manner.prisma/schemaas well asprisma/schema.prisma. Our initial implementation looked for a.prismafile first and would ignore theschemafolder if it exists. This is now an error.Changes to
fullTextSearchIn order to improve our full-text search implementation we have made a breaking change to the
fullTextSearchPreview feature.Previously, when the feature was enabled we updated the
<Model>OrderByWithRelationInputTypeScript type with the<Model>OrderByWithRelationAndSearchRelevanceInputtype. However, we have noted that there are no cases where relational ordering is needed but search relevance is not. Thus, we have decided to remove the<Model>OrderByWithRelationAndSearchRelevanceInputnaming and only use the<Model>OrderByWithRelationInputnaming.Fixes and improvements
Prisma
Prisma has no exported member named OrderByWithRelationInput. Did you mean OrderByWithAggregationInput?prisma generate@ prisma/adapter-pgmodifies node-postgres global type parsersdb pullfails with[libs\user-facing-errors\src\quaint.rs:136:18] internal error: entered unreachable codeon invalid credentialsLanguage tools (e.g. VS Code)
Prisma Engines
Credits
Huge thanks to @ key-moon, @ pranayat, @ yubrot, @ skyzh, @ brian-dlee, @ mydea, @ nickcarnival, @ eruditmorina, @ nzakas, @ gutyerrez, @ avallete, @ ceddy4395, @ Kayoshi-dev, @ yehonatanz for helping!
Today, we are issuing the
5.15.1patch release.Fixes in Prisma Client
ConnectionError(Timed out during query execution.)during seedingConnectionError(Timed out during query execution.)error when usingPromise.allfor SQLitePromise.all()/ concurrentToday, we are excited to share the
5.15.0stable release 🎉🌟 Help us spread the word about Prisma by starring the repo or tweeting about the release. 🌟
Highlights
Multi-File Prisma Schema support
Prisma ORM 5.15.0 features support for multi-file Prisma Schema in Preview.
This closes a long standing issue and does so in a clean and easy to migrate way.
To get started:
prismaSchemaFolderPreview feature by including it in thepreviewFeaturesfield of yourgenerator.provider = "postgresql"
url = env("DATABASE_URL")
}
generator client {
provider = "prisma-client-js"
previewFeatures = ["prismaSchemaFolder"]
}
schemasubdirectory under yourprismadirectory.schema.prismainto this directory.You are now set up with a multi-file Prisma Schema! Add as many or as few
.prismafiles to the newprisma/schemadirectory.When running commands where a Prisma Schema file is expected to be provided, you can now define a Prisma Schema directory. This includes Prisma CLI commands that use the
--schemaoption as well as defining schema viapackage.jsonOur tooling has also been updated to handle multiple Prisma Schema files. This includes our Visual Studio Code extension and tools like database introspection, which will deposit new models in a
introspected.prismafile. Existing models will be updated in the file they are found.To learn more, please refer to our official documentation and announcement blog post. If you try out
prismaSchemaFolder, please let us know!Interesting Bug Fixes
Fix for PostgreSQL prepared statement caching for raw queries
This release fixes a nasty bug with the caching of prepared statements in raw Prisma Client queries that affected PostgreSQL when you ran the same SQL statement with differently typed paramters. This should not fail any more.
Fix for SQL Server introspection of (deprecated)
CREATE DEFAULTOur Introspection logic crashed on encountering certain multi-line
CREATE DEFAULT, a deprecated way to define defaults in SQL Server. As many SQL Server users are working with established databases, this happened frequently enough that we now explicitly ignore these defaults instead of crashing.Fix for Cloudflare D1’s lower parameter limit
Cloudflare’s D1 has a lower parameter limit than local SQLite, which caused bigger queries to fail. We adapted that limit to the D1 default for
@ prisma/adapter-d1, which will avoid such failures.Fix for Cloudflare D1’s different
PRAGMAsupportOur generated migration SQL for SQLite did not always work for Cloudflare D1, because of differences in the supported pragmas. We adapted the SQL to work in both local SQLite and Cloudflare D1.
Fixes and improvements
Prisma Migrate
Result::unwrap()on anErrvalue: "Couldn't parse default value:create default [dbo].[member_notification_cancel_flags] as 0\r\n"Result::unwrap()on anErrvalue: "Couldn't parse default value:create default d_password as 'D,73'"DEFAULTsResult::unwrap()on anErrvalue: "Couldn't parse default value:\r\ncreate default D_BIT_OFF\r\nas 0\r\n"Result::unwrap()on anErrvalue: "Couldn't parse default value in SQL ServerError: [libs\sql-schema-describer\src\mssql.rs:336:30] calledResult::unwrap()on anErrvalue: "Couldn't parse default value: [...]Result::unwrap()on anErrvalue: "Couldn't parse default value:\r\ncreate default [va_nulla] as 0\r\n"db pullcan't parse script setting default valuePrisma Client
22P03. Message:db error: ERROR: incorrect binary data format in bind parameter 1incorrect binary data format in bind parameter 1incorrect binary data format in bind parameter x)_countleads to errorwarn(prisma-client) This is the 10th instance of Prisma Client being started.warning in Edge (and potentially) other envs)incorrect binary data format in bind parameter 6Inconsistent column data: Unexpected conversion failure from Number to BigInterror when using@prisma/adapter-pgIntswitched to beingInt32for MongoDBLanguage tools (e.g. VS Code)
Generatecodelens fails on WindowsCredits
Huge thanks to @ pranayat, @ yubrot, and @ skyzh for helping!
Today, we are excited to share the
5.14.0stable release 🎉🌟 Help us spread the word about Prisma by starring the repo ☝️ or posting on X about the release. 🌟
Highlights
Share your feedback about Prisma ORM
We want to know how you like working with Prisma ORM in your projects! Please take our 2min survey and let us know what you like or where we can improve 🙏
createManyAndReturn()We’re happy to announce the availability of a new, top-level Prisma Client query:
createManyAndReturn(). It works similarly tocreateMany()but uses aRETURNINGclause in the SQL query to retrieve the records that were just created.Here’s an example of creating multiple posts and then immediately returning those posts.
const posts = prisma.post.createManyAndReturn({
data: postBodies
});
return posts
Additionally,
createManyAndReturn()supports the same options asfindMany(), such as the ability to return only specific fields.const postTitles = prisma.post.createManyAndReturn({
data: postBodies,
select: {
title: true,
},
});
return postTitles
Full documentation for this feature can be found in the Prisma Client API Reference.
Note: Because
createManyAndReturn()uses theRETURNINGclause, it is only supported by PostgreSQL, CockroachDB, and SQLite databases. At this time,relationLoadStrategy: joinis not supported increateManyAndReturn()queries.MongoDB performance improvements
Previously, Prisma ORM suffered from performance issues when using the
inoperator or when including related models in queries against a MongoDB database. These queries were translated by the Prisma query engine in such a way that indexes were skipped and collection scans were used, leading to slower queries especially on large datasets.With 5.14.0, Prisma ORM now rewrites queries to use a combination of
$orand$eqoperators, leading to dramatic performance increases for queries that includeinoperators or relation loading.Fixes and improvements
Prisma Client
createMany()should return the created recordstakeon many-to-one relationshipincludefor relationsfindMany()query execution withinincludequery slowonDelete: SetNullprisma init --with-model@ opentelemetry/*dependenciesThe required connected records were not found.when using indicesPrisma Migrate
dbgenerated()still breaking forUnsupported()typesshadowDatabaseUrlis identical tourl(ordirectUrl)PRAGMA foreign_key_check;Language tools (e.g. VS Code)
Company news
Prisma Changelog
Curious about all things Prisma? Be sure to check out the Prisma Changelog for updates across Prisma's products, including ORM, Accelerate, and Pulse!
New product announcement: Prisma Optimize
With this release, we are excited to introduce a new Prisma product. We’re calling it “Optimize” because that’s what it does! Let your favorite ORM also help you debug the performance of your application.
Check out our announcement blog post for more details, including a demo video.
Credits
Huge thanks to @ pranayat, @ yubrot, @ skyzh, @ anuraaga, @ gutyerrez, @ avallete, @ ceddy4395, @ Kayoshi-dev for helping!