Skip to content

chore(deps): update all non-major dependencies #69

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

chore(deps): update all non-major dependencies #69

wants to merge 2 commits into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 3, 2025
edited
Loading

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package Change Age Confidence
@prisma/client (source) ^6.15.0 -> ^6.16.1 age confidence
@types/node (source) ^24.3.0 -> ^24.5.0 age confidence
assemblyscript (source) ^0.28.5 -> ^0.28.8 age confidence
automd ^0.4.0 -> ^0.4.2 age confidence
eslint (source) ^9.34.0 -> ^9.35.0 age confidence
magic-string ^0.30.18 -> ^0.30.19 age confidence
miniflare (source) ^4.20250823.1 -> ^4.20250906.2 age confidence
pnpm (source) 10.15.1 -> 10.16.1 age confidence
rollup (source) ^4.50.0 -> ^4.50.2 age confidence
vite (source) ^7.1.4 -> ^7.1.5 age confidence

Release Notes

prisma/prisma (@​prisma/client)

v6.16.1

Compare Source

Today, we are issuing a 6.16.1 patch release.

Bug fixes
  • In Prisma ORM 6.16.0, the driverAdapters and queryCompiler features were stabilized, but leftover code in the prisma-client-ts generator required them to still be specified in edge runtimes. This has now been fixed, runtimes like workerd and vercel-edge no longer require these preview features.

v6.16.0

Compare Source

Today, we are excited to share the 6.16.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Prisma ORM

This section contains all the updates made in Prisma ORM v6.16.0.

Rust-free ORM and driver adapters are Generally Available

Eight months ago, we published our ORM manifesto with the first hint that we're going to remove the Rust-based query engine from Prisma ORM:

We're addressing this by migrating Prisma's core logic from Rust to TypeScript and redesigning the ORM to make customization and extension easier.

After a lot of hard work and feedback from the community, we're incredibly excited to share that the migration has been completed and you can now use Prisma ORM without its Rust engine in your production apps. 🎉 This is a major milestone in the history of Prisma ORM and comes with a lot of benefits:

  • Reduced bundle size by ~90%
  • Faster queries (check out our latest benchmarks)
  • Lower CPU footprint
  • Less deployment complexity
  • Easier to make open-source contributions

… and overall a much better DX since you don't need to worry about the extra binary in your generated Prisma Client code any more.

While the Rust-free ORM will become the default in Prisma ORM v7 soon, for now you still need to opt-into using it:

  1. Configure the generator block in your Prisma schema: 
    generator client {
  provider   = "prisma-client" // (or "prisma-client-js") 
  output     = "../src/generated/prisma"
  engineType = "client"
}
    Note: If you tried the Rust-free ORM before, you can now also drop the queryCompiler and driverAdapter feature flags from the previewFeatures array. And if you used binaryTargets, you can also get rid of these.
  2. Install the driver adapter for your database, e.g. to use pg for PostgreSQL: 
    npm install @​prisma/adapter-pg
  3. Finally, you can instantiate PrismaClient using the PrismaPg driver adapter as follows: 
    import { PrismaClient } from './generated/prisma'
import { PrismaPg } from '@​prisma/adapter-pg'

const adapter = new PrismaPg({ connectionString: env.DATABASE_URL })
const prisma = new PrismaClient({ adapter })

// ... send queries using `prisma` like before

📚 To learn more and see instructions for all other supported databases, check out the documentation.

The Rust-free version of Prisma ORM has been thoroughly tested with the prisma-client generator (see below), not with prisma-client-js. Use the old generator at your discretion.

New ESM-first prisma-client generator is Generally Available

Another major milestone has been achieved in this release: The new, flexible and ESM-first prisma-client generator is ready for production too. Here's a quick overview of its main benefits:

  • No more magic generation into node_modules; generated code is fully under control by the developer
  • ESM-compatible by default
  • Flexible configuration for specific runtimes (Node.js, Deno, Bun, Cloudflare, …)
generator client {
  // Required
  provider = "prisma-client"
  output   = "../src/generated/prisma"

  // Optional
  engineType             = "client"
  runtime                = "nodejs"
  moduleFormat           = "esm"
  generatedFileExtension = "ts"
  importFileExtension    = "ts"
}

In addition to making it production-ready, we also made some changes to the prisma-client generator:

  • removed Prisma.validator; you can use TypeScript native satisfies keyword instead
  • created a new ./generared/prisma/browser entrypoint for importing types in browser environments

If you want to try out the new generator with your favorite framework, check out one of our ready-to-run examples (e.g. for Next.js, Nuxt or React Router).

📚 Learn more in the docs.

Type check performance optimizations

Runtime performance is not the only performance category that matters. In fact, when it comes to DX, type checking performance is equally important: if your TypeScript types become too complex and the compiler needs to do too much work (e.g. inferring types), it may slow down your editor, lead to laggy auto-completion or prevent jump-to-definition from working.

We've worked with TypeScript expert David Blass to find ways for improving the type checking performance in Prisma ORM and created benchmarks comparing the type checking performance with Drizzle.

You can read about the results here: Why Prisma ORM Checks Types Faster Than Drizzle

Deprecating the postgresqlExtensions Preview feature

We're deprecating the postgresqlExtensions Preview feature. Note that this doesn't mean that you can't use extensions with Prisma ORM any more. Instead of setting the Preview feature, you can install extensions manually with a customized migration via the --create-only flag:

npx prisma migrate dev --name add-extension --create-only

You can then install an extension with plain SQL in the newly created, empty migration file:

CREATE EXTENSION IF NOT EXISTS "pgcrypto";
Prisma Postgres

Prisma Postgres is our fully managed Postgres service designed with the same philosophy of great DX that has guided Prisma for close to a decade. With this release we are introducing the following improvements:

Manage OAuth apps in Prisma Console

In Prisma Console, you can now manage all of the 3rd party applications that you've granted access to perform actions on behalf of yourself in your Prisma Console account. Find the 🧩 Integrations tab in the sidenav to see which applications currently have access.

Rust-free Prisma ORM with Prisma Accelerate and Prisma Postgres

With this release, the Rust-free Prisma ORM (Query Compiler) can now be used together with Prisma Postgres and also Prisma Accelerate. This means you can take advantage of connection pooling and caching while using the new TypeScript-based ORM architecture.

To enable it, update your Prisma schema:

generator client {
  provider   = "prisma-client"
  output     = "../src/generated/prisma"
  engineType = "client"
}

We'd love for you to try this out and share your feedback as we prepare for General Availability. Please open an issue on GitHub if you encounter any problems or have suggestions.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

AssemblyScript/assemblyscript (assemblyscript)

v0.28.8

Compare Source

New features

v0.28.7

Compare Source

Bug fixes

v0.28.6

Compare Source

New features
unjs/automd (automd)

v0.4.2

Compare Source

compare changes

v0.4.1

Compare Source

compare changes

🩹 Fixes
  • pm-install: Use pnpm add instead of pnpm install (#​122)
  • pm, pm-install: Add npm: prefix for deno (#​115)
  • jsimport: Bun doesn't support url imports (#​112)
  • Create missing output dir (#​106)
📖 Documentation
🏡 Chore
❤️ Contributors
eslint/eslint (eslint)

v9.35.0

Compare Source

rich-harris/magic-string (magic-string)

v0.30.19

Compare Source

Bug Fixes
Features
  • replace(All) support replacement for functions when the first parameter is a string (#​304) (fd1d887)
cloudflare/workers-sdk (miniflare)

v4.20250906.2

Compare Source

Minor Changes

v4.20250906.1

Compare Source

Minor Changes
  • #​10119 336a75d Thanks @​dxh9845! - Add support for dynamically loading 'external' Miniflare plugins for unsafe Worker bindings (developed outside of the workers-sdk repo)
Patch Changes

v4.20250906.0

Compare Source

Patch Changes

  • #​10568 dac302c Thanks @​dependabot! - chore: update dependencies of "miniflare" package

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20250902.0 1.20250906.0

v4.20250902.0

Compare Source

Patch Changes

  • #​10535 4cb3370 Thanks @​dependabot! - chore: update dependencies of "miniflare" package

    The following dependency versions have been updated:

    Dependency From To
    workerd 1.20250829.0 1.20250902.0

v4.20250829.0

Compare Source

Patch Changes
pnpm/pnpm (pnpm)

v10.16.1

Compare Source

Patch Changes
  • The full metadata cache should be stored not at the same location as the abbreviated metadata. This fixes a bug where pnpm was loading the abbreviated metadata from cache and couldn't find the "time" field as a result #​9963.
  • Forcibly disable ANSI color codes when generating patch diff #​9914.

v10.16.0

Compare Source

Minor Changes

  • There have been several incidents recently where popular packages were successfully attacked. To reduce the risk of installing a compromised version, we are introducing a new setting that delays the installation of newly released dependencies. In most cases, such attacks are discovered quickly and the malicious versions are removed from the registry within an hour.

    The new setting is called minimumReleaseAge. It specifies the number of minutes that must pass after a version is published before pnpm will install it. For example, setting minimumReleaseAge: 1440 ensures that only packages released at least one day ago can be installed.

    If you set minimumReleaseAge but need to disable this restriction for certain dependencies, you can list them under the minimumReleaseAgeExclude setting. For instance, with the following configuration pnpm will always install the latest version of webpack, regardless of its release time:

    minimumReleaseAgeExclude:
  - webpack

    Related issue: #​9921.

  • Added support for finders #​9946.

    In the past, pnpm list and pnpm why could only search for dependencies by name (and optionally version). For example:

    pnpm why minimist

    prints the chain of dependencies to any installed instance of minimist:

    verdaccio 5.20.1
├─┬ handlebars 4.7.7
│ └── minimist 1.2.8
└─┬ mv 2.1.1
  └─┬ mkdirp 0.5.6
    └── minimist 1.2.8

    What if we want to search by other properties of a dependency, not just its name? For instance, find all packages that have react@17 in their peer dependencies?

    This is now possible with "finder functions". Finder functions can be declared in .pnpmfile.cjs and invoked with the --find-by=<function name> flag when running pnpm list or pnpm why.

    Let's say we want to find any dependencies that have React 17 in peer dependencies. We can add this finder to our .pnpmfile.cjs:

    module.exports = {
  finders: {
    react17: (ctx) => {
      return ctx.readManifest().peerDependencies?.react === "^17.0.0";
    },
  },
};

    Now we can use this finder function by running:

    pnpm why --find-by=react17

    pnpm will find all dependencies that have this React in peer dependencies and print their exact locations in the dependency graph.

    @&#8203;apollo/client 4.0.4
├── @&#8203;graphql-typed-document-node/core 3.2.0
└── graphql-tag 2.12.6

    It is also possible to print out some additional information in the output by returning a string from the finder. For example, with the following finder:

    module.exports = {
  finders: {
    react17: (ctx) => {
      const manifest = ctx.readManifest();
      if (manifest.peerDependencies?.react === "^17.0.0") {
        return `license: ${manifest.license}`;
      }
      return false;
    },
  },
};

    Every matched package will also print out the license from its package.json:

    @&#8203;apollo/client 4.0.4
├── @&#8203;graphql-typed-document-node/core 3.2.0
│   license: MIT
└── graphql-tag 2.12.6
    license: MIT
Patch Changes
  • Fix deprecation warning printed when executing pnpm with Node.js 24 #​9529.
  • Throw an error if nodeVersion is not set to an exact semver version #​9934.
  • pnpm publish should be able to publish a .tar.gz file #​9927.
  • Canceling a running process with Ctrl-C should make pnpm run return a non-zero exit code #​9626.
rollup/rollup (rollup)

v4.50.2

Compare Source

2025-09-15

Bug Fixes
  • Resolve an issue where unused destructured array pattern declarations would conflict with included variables (#​6100)
Pull Requests

v4.50.1

Compare Source

2025-09-07

Bug Fixes
  • Resolve a situation where a destructuring default value was removed (#​6090)
Pull Requests

Configuration

📅 Schedule: Branch creation - "after 2am and before 3am" (UTC), Automerge - "after 1am and before 2am" (UTC).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 49f23af to f19e298 Compare September 4, 2025 10:43
@renovate renovate bot changed the title chore(deps): update devdependency miniflare to ^4.20250829.0 chore(deps): update all non-major dependencies Sep 4, 2025
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 11 times, most recently from 2102486 to 208de07 Compare September 11, 2025 15:08
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 5 times, most recently from a7e0b86 to d8de301 Compare September 15, 2025 07:31
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from d8de301 to 2d3eb7b Compare September 16, 2025 01:56
@renovate Renovate
Copy link
Contributor Author

renovate bot commented Sep 16, 2025

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants