-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Snyk] Upgrade @prisma/client from 5.10.2 to 5.16.0 #2
base: main
Are you sure you want to change the base?
Conversation
Snyk has created this PR to upgrade @prisma/client from 5.10.2 to 5.16.0. See this package in npm: @prisma/client See this project in Snyk: https://app.snyk.io/org/eryn-muetzel/project/0c5924b1-f0dd-47b6-9de1-8c9fb6f5c7cb?utm_source=github&utm_medium=referral&page=upgrade-pr
Hi, I’m Jit, a friendly security platform designed to help developers build secure applications from day zero with an MVS (Minimal viable security) mindset. In case there are security findings, they will be communicated to you as a comment inside the PR. Hope you’ll enjoy using Jit. Questions? Comments? Want to learn more? Get in touch with us. |
Minder Vulnerability Report ✅Minder analyzed this PR and found no vulnerable dependencies.
|
1 similar comment
Minder Vulnerability Report ✅Minder analyzed this PR and found no vulnerable dependencies.
|
Dependency InformationMinder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile. 📦 Dependency: @nrwl/nx-darwin-arm64Trusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-darwin-x64Trusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-arm-gnueabihfTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-arm64-gnuTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-arm64-muslTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-x64-gnuTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-x64-muslTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-win32-arm64-msvcTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-win32-x64-msvcTrusty Score: 0Scoring details
📦 Dependency: json-schema-traverseTrusty Score: 4.8Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
|
New and removed dependencies detected. Learn more about Socket for GitHub ↗︎
🚮 Removed packages: npm/@prisma/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected], npm/@types/[email protected] |
🚨 Potential security issues detected. Learn more about Socket for GitHub ↗︎ To accept the risk, merge this PR and you will not be notified again.
Next stepsWhat is an install script?Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts. Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead. Take a deeper look at the dependencyTake a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support [AT] socket [DOT] dev. Remove the packageIf you happen to install a dependency that Socket reports as Known Malware you should immediately remove it and select a different dependency. For other alert types, you may may wish to investigate alternative packages or consider if there are other ways to mitigate the specific risk posed by the dependency. Mark a package as acceptable riskTo ignore an alert, reply with a comment starting with
|
Dependency InformationMinder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile. 📦 Dependency: @nrwl/cliTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: @nrwl/nx-darwin-arm64Trusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-darwin-x64Trusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-arm-gnueabihfTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-arm64-gnuTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-arm64-muslTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-x64-gnuTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-x64-muslTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-win32-arm64-msvcTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-win32-x64-msvcTrusty Score: 0Scoring details
📦 Dependency: @nrwl/taoTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
This package has been digitally signed using sigtore.
📦 Dependency: @nrwl/workspaceTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
This package has been digitally signed using sigtore.
📦 Dependency: @parcel/watcherTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: @prisma/clientTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
This package has been digitally signed using sigtore.
📦 Dependency: acornTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: ajvTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: ansi-stylesTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: babel-plugin-macrosTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: brace-expansionTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: chalkTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: cliuiTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: cosmiconfigTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: dotenvTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: emoji-regexTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: fast-globTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: fast-uriTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: fs-extraTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: globTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: has-flagTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: json-schema-traverseTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: minimatchTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: nxTrusty Score: 0Scoring details
📦 Dependency: rxjsTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: search-insightsTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: string-widthTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: supports-colorTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: tslibTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: v8-compile-cacheTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: wrap-ansiTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
|
Dependency InformationMinder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile. 📦 Dependency: @nrwl/cliTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-darwin-arm64Trusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-darwin-x64Trusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-arm-gnueabihfTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-arm64-gnuTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-arm64-muslTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-x64-gnuTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-x64-muslTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-win32-arm64-msvcTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-win32-x64-msvcTrusty Score: 0Scoring details
📦 Dependency: @nrwl/taoTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
This package has been digitally signed using sigtore.
📦 Dependency: @nrwl/workspaceTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
This package has been digitally signed using sigtore.
📦 Dependency: @parcel/watcherTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: @prisma/clientTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
This package has been digitally signed using sigtore.
📦 Dependency: acornTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: ajvTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: ansi-stylesTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: babel-plugin-macrosTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: brace-expansionTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: chalkTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: cliuiTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: cosmiconfigTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: dotenvTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: emoji-regexTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: fast-globTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: fast-uriTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: fs-extraTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: globTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: has-flagTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: json-schema-traverseTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: minimatchTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: nxTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
This package has been digitally signed using sigtore.
📦 Dependency: rxjsTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: search-insightsTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: string-widthTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: supports-colorTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: tslibTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: v8-compile-cacheTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: wrap-ansiTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
|
Dependency InformationMinder analyzed the dependencies introduced in this pull request and detected that some dependencies do not meet your security profile. 📦 Dependency: @nrwl/cliTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Alternatives
📦 Dependency: @nrwl/nx-darwin-arm64Trusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-darwin-x64Trusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-arm-gnueabihfTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-arm64-gnuTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-arm64-muslTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-x64-gnuTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-linux-x64-muslTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-win32-arm64-msvcTrusty Score: 0Scoring details
📦 Dependency: @nrwl/nx-win32-x64-msvcTrusty Score: 0Scoring details
📦 Dependency: @nrwl/taoTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
This package has been digitally signed using sigtore.
📦 Dependency: @nrwl/workspaceTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
This package has been digitally signed using sigtore.
Alternatives
📦 Dependency: @parcel/watcherTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: @prisma/clientTrusty Score: 0📦 Dependency: acornTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: ajvTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Alternatives
📦 Dependency: ansi-stylesTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Alternatives
📦 Dependency: babel-plugin-macrosTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Alternatives
📦 Dependency: brace-expansionTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Alternatives
📦 Dependency: chalkTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Alternatives
📦 Dependency: cliuiTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Alternatives
📦 Dependency: cosmiconfigTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Alternatives
📦 Dependency: dotenvTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Alternatives
📦 Dependency: emoji-regexTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: fast-globTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Alternatives
📦 Dependency: fast-uriTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: fs-extraTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Alternatives
📦 Dependency: globTrusty Score: 0Alternatives
📦 Dependency: has-flagTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: json-schema-traverseTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Alternatives
📦 Dependency: minimatchTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Alternatives
📦 Dependency: nxTrusty Score: 0📦 Dependency: rxjsTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: search-insightsTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: string-widthTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Alternatives
📦 Dependency: supports-colorTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: tslibTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Alternatives
📦 Dependency: v8-compile-cacheTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
📦 Dependency: wrap-ansiTrusty Score: 0Scoring details
Proof of Origin (Provenance)This package can be linked back to its source code using a historical provenance map. We were able to correlate a significant number of git tags and tagged releases in this package’s source code to versions of the published package. This mapping creates a strong link from the package back to its source code repository, verifying proof of origin.
Alternatives
|
This PR was automatically created by Snyk using the credentials of a real user.
![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)
Snyk has created this PR to upgrade @prisma/client from 5.10.2 to 5.16.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 520 versions ahead of your current version.
The recommended version was released on 22 days ago.
Release notes
Package name: @prisma/client
🌟 Help us spread the word about Prisma by starring the repo or tweeting about the release. 🌟
Highlights
Omit model fields globally
With Prisma ORM 5.16.0 we’re more than happy to announce that we’re expanding the
omitApi
Preview feature to also include the ability to omit fields globally.When the Preview feature is enabled, you’re able to define fields to omit when instantiating Prisma Client.
You’re also able to omit fields from multiple models and multiple fields from the same model
With both local and global
omit
, you now have the flexibility to completely remove sensitive fields while also tailoring individual queries. If you need the ability to generally omit a field except in a specific query, you can also overwrite a global omit locallyomit: {
user: {
// password is omitted globally.
password: true,
},
},
});
const userWithPassword = await prisma.user.findUnique({
omit: { password: false }, // omit now false, so password is returned
where: { id: 1 },
});
Changes to
prismaSchemaFolder
In
5.15.0
we released theprismaSchemaFolder
Preview feature, allowing you to create multiple Prisma Schema files in aprisma/schema
directory. We’ve gotten a lot of great feedback and are really excited with how the community has been using the feature.To continue improving our multi-file schema support, we have a few breaking changes to the
prismaSchemaFolder
feature:prismaSchemaFolder
feature, a path is now relative to the file it is defined in rather than relative to theprisma/schema
folder. This means that if you have a generator block in/project/prisma/schema/config/generator.prisma
with anoutput
of./foo
the output will be resolved to/project/prisma/schema/config/foo
rather than/project/prisma/foo
. The path to a SQLite file will be resolved in the same manner.prisma/schema
as well asprisma/schema.prisma
. Our initial implementation looked for a.prisma
file first and would ignore theschema
folder if it exists. This is now an error.Changes to
fullTextSearch
In order to improve our full-text search implementation we have made a breaking change to the
fullTextSearch
Preview feature.Previously, when the feature was enabled we updated the
<Model>OrderByWithRelationInput
TypeScript type with the<Model>OrderByWithRelationAndSearchRelevanceInput
type. However, we have noted that there are no cases where relational ordering is needed but search relevance is not. Thus, we have decided to remove the<Model>OrderByWithRelationAndSearchRelevanceInput
naming and only use the<Model>OrderByWithRelationInput
naming.Fixes and improvements
Prisma
Prisma has no exported member named OrderByWithRelationInput. Did you mean OrderByWithAggregationInput?
prisma generate
@ prisma/adapter-pg
modifies node-postgres global type parsersdb pull
fails with[libs\user-facing-errors\src\quaint.rs:136:18] internal error: entered unreachable code
on invalid credentialsLanguage tools (e.g. VS Code)
Prisma Engines
Credits
Huge thanks to @ key-moon, @ pranayat, @ yubrot, @ skyzh, @ brian-dlee, @ mydea, @ nickcarnival, @ eruditmorina, @ nzakas, @ gutyerrez, @ avallete, @ ceddy4395, @ Kayoshi-dev, @ yehonatanz for helping!
Today, we are issuing the
5.15.1
patch release.Fixes in Prisma Client
ConnectionError(Timed out during query execution.)
during seedingConnectionError(Timed out during query execution.)
error when usingPromise.all
for SQLitePromise.all()
/ concurrentToday, we are excited to share the
5.15.0
stable release 🎉🌟 Help us spread the word about Prisma by starring the repo or tweeting about the release. 🌟
Highlights
Multi-File Prisma Schema support
Prisma ORM 5.15.0 features support for multi-file Prisma Schema in Preview.
This closes a long standing issue and does so in a clean and easy to migrate way.
To get started:
prismaSchemaFolder
Preview feature by including it in thepreviewFeatures
field of yourgenerator
.provider = "postgresql"
url = env("DATABASE_URL")
}
generator client {
provider = "prisma-client-js"
previewFeatures = ["prismaSchemaFolder"]
}
schema
subdirectory under yourprisma
directory.schema.prisma
into this directory.You are now set up with a multi-file Prisma Schema! Add as many or as few
.prisma
files to the newprisma/schema
directory.When running commands where a Prisma Schema file is expected to be provided, you can now define a Prisma Schema directory. This includes Prisma CLI commands that use the
--schema
option as well as defining schema viapackage.json
Our tooling has also been updated to handle multiple Prisma Schema files. This includes our Visual Studio Code extension and tools like database introspection, which will deposit new models in a
introspected.prisma
file. Existing models will be updated in the file they are found.To learn more, please refer to our official documentation and announcement blog post. If you try out
prismaSchemaFolder
, please let us know!Interesting Bug Fixes
Fix for PostgreSQL prepared statement caching for raw queries
This release fixes a nasty bug with the caching of prepared statements in raw Prisma Client queries that affected PostgreSQL when you ran the same SQL statement with differently typed paramters. This should not fail any more.
Fix for SQL Server introspection of (deprecated)
CREATE DEFAULT
Our Introspection logic crashed on encountering certain multi-line
CREATE DEFAULT
, a deprecated way to define defaults in SQL Server. As many SQL Server users are working with established databases, this happened frequently enough that we now explicitly ignore these defaults instead of crashing.Fix for Cloudflare D1’s lower parameter limit
Cloudflare’s D1 has a lower parameter limit than local SQLite, which caused bigger queries to fail. We adapted that limit to the D1 default for
@ prisma/adapter-d1
, which will avoid such failures.Fix for Cloudflare D1’s different
PRAGMA
supportOur generated migration SQL for SQLite did not always work for Cloudflare D1, because of differences in the supported pragmas. We adapted the SQL to work in both local SQLite and Cloudflare D1.
Fixes and improvements
Prisma Migrate
Result::unwrap()
on anErr
value: "Couldn't parse default value:create default [dbo].[member_notification_cancel_flags] as 0\r\n
"Result::unwrap()
on anErr
value: "Couldn't parse default value:create default d_password as 'D,73'
"DEFAULT
sResult::unwrap()
on anErr
value: "Couldn't parse default value:\r\ncreate default D_BIT_OFF\r\nas 0\r\n
"Result::unwrap()
on anErr
value: "Couldn't parse default value in SQL ServerError: [libs\sql-schema-describer\src\mssql.rs:336:30] called
Result::unwrap()on an
Errvalue: "Couldn't parse default value: [...]
Result::unwrap()
on anErr
value: "Couldn't parse default value:\r\ncreate default [va_nulla] as 0\r\n
"db pull
can't parse script setting default valuePrisma Client
22P03
. Message:db error: ERROR: incorrect binary data format in bind parameter 1
incorrect binary data format in bind parameter 1
incorrect binary data format in bind parameter x
)_count
leads to errorwarn(prisma-client) This is the 10th instance of Prisma Client being started.
warning in Edge (and potentially) other envs)incorrect binary data format in bind parameter 6
Inconsistent column data: Unexpected conversion failure from Number to BigInt
error when using@prisma/adapter-pg
Int
switched to beingInt32
for MongoDBLanguage tools (e.g. VS Code)
Generate
codelens fails on WindowsCredits
Huge thanks to @ pranayat, @ yubrot, and @ skyzh for helping!
Today, we are excited to share the
5.14.0
stable release 🎉🌟 Help us spread the word about Prisma by starring the repo ☝️ or posting on X about the release. 🌟
Highlights
Share your feedback about Prisma ORM
We want to know how you like working with Prisma ORM in your projects! Please take our 2min survey and let us know what you like or where we can improve 🙏
createManyAndReturn()
We’re happy to announce the availability of a new, top-level Prisma Client query:
createManyAndReturn()
. It works similarly tocreateMany()
but uses aRETURNING
clause in the SQL query to retrieve the records that were just created.Here’s an example of creating multiple posts and then immediately returning those posts.
const posts = prisma.post.createManyAndReturn({
data: postBodies
});
return posts
Additionally,
createManyAndReturn()
supports the same options asfindMany()
, such as the ability to return only specific fields.const postTitles = prisma.post.createManyAndReturn({
data: postBodies,
select: {
title: true,
},
});
return postTitles
Full documentation for this feature can be found in the Prisma Client API Reference.
Note: Because
createManyAndReturn()
uses theRETURNING
clause, it is only supported by PostgreSQL, CockroachDB, and SQLite databases. At this time,relationLoadStrategy: join
is not supported increateManyAndReturn()
queries.MongoDB performance improvements
Previously, Prisma ORM suffered from performance issues when using the
in
operator or when including related models in queries against a MongoDB database. These queries were translated by the Prisma query engine in such a way that indexes were skipped and collection scans were used, leading to slower queries especially on large datasets.With 5.14.0, Prisma ORM now rewrites queries to use a combination of
$or
and$eq
operators, leading to dramatic performance increases for queries that includein
operators or relation loading.Fixes and improvements
Prisma Client
createMany()
should return the created recordstake
on many-to-one relationshipinclude
for relationsfindMany()
query execution within
include
query slowonDelete: SetNull
prisma init --with-model
@ opentelemetry/*
dependenciesThe required connected records were not found.
when using indicesPrisma Migrate
dbgenerated()
still breaking forUnsupported()
typesshadowDatabaseUrl
is identical tourl
(ordirectUrl
)PRAGMA foreign_key_check;
Language tools (e.g. VS Code)
Company news
Prisma Changelog
Curious about all things Prisma? Be sure to check out the Prisma Changelog for updates across Prisma's products, including ORM, Accelerate, and Pulse!
New product announcement: Prisma Optimize
With this release, we are excited to introduce a new Prisma product. We’re calling it “Optimize” because that’s what it does! Let your favorite ORM also help you debug the performance of your application.
Check out our announcement blog post for more details, including a demo video.
Credits
Huge thanks to @ pranayat, @ yubrot, @ skyzh, @ anuraaga, @ gutyerrez, @ avallete, @ ceddy4395, @ Kayoshi-dev for helping!