Skip to content

chore(deps): bump the production-dependencies group in /backend with 8 updates#12

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/backend/production-dependencies-8a2ec644ce
Open

chore(deps): bump the production-dependencies group in /backend with 8 updates#12
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/backend/production-dependencies-8a2ec644ce

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 9, 2026
edited
Loading

Bumps the production-dependencies group in /backend with 8 updates:

Package From To
@prisma/client 5.22.0 7.7.0
dotenv 16.6.1 17.4.1
express-rate-limit 7.5.1 8.3.2
helmet 7.2.0 8.1.0
http-proxy-middleware 2.0.9 3.0.5
joi 17.13.3 18.1.2
uuid 9.0.1 13.0.0
prisma 5.22.0 7.7.0

Updates @prisma/client from 5.22.0 to 7.7.0

Release notes

Sourced from @​prisma/client's releases.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

prisma bootstrap command

A new prisma bootstrap command (#29374, #29424) sequences the full Prisma Postgres setup into a single interactive flow. It detects the current project state and runs only the steps that are needed:

  1. Init or scaffold — In an empty directory, offers a choice of 10 starter templates (Next.js, Express, Hono, Fastify, Nuxt, SvelteKit, Remix, React Router 7, Astro, NestJS) from prisma-examples. In an existing project without a schema, runs prisma init.
  2. Link — Authenticates via the browser and connects to a Prisma Postgres database. Skips if already linked.
  3. Install dependencies — Detects the package manager and offers to install missing @prisma/client, prisma, and dotenv.
  4. Migrate — Runs prisma migrate dev if the schema contains models.
  5. Generate — Runs prisma generate.
  6. Seed — Runs prisma db seed if a seed script is configured.

Each side-effecting step prompts for confirmation. Re-running the command skips already-completed steps.

Basic usage

npx prisma@latest bootstrap

With a starter template

npx prisma@latest bootstrap --template nextjs

Non-interactive (CI)

npx prisma@latest bootstrap --api-key "$PRISMA_API_KEY" --database "db_abc123"

Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

... (truncated)

Commits
  • 6a3c3cc chore: extract parameterization to client-engine-runtime (#29422)
  • 5b420f8 fix(client): prevent caching of createMany queries to avoid cache bloat and p...
  • 30f0af6 feat: dmmf streaming with an E2E test (#29377)
  • 14c3c2e fix: pin E2E typescript to prevent 6 upgrade (#29383)
  • ecae3b6 chore(deps): update engines to 7.6.0-1.75cbdc1eb7150937890ad5465d861175c66247...
  • 309b4bc refactor: extract 'prisma-client-js' into PRISMA_CLIENT_JS_PROVIDER constant ...
  • ccce148 chore(deps): update engines to 7.5.0-15.280c870be64f457428992c43c1f6d557fab6e...
  • de1c376 chore(deps): update engines to 7.5.0-14.d684c195f0a8bfb0ba8ca628416376df0625b...
  • ea93809 fix: fix DATE cursor comparison (#29327)
  • f8e742a chore(deps): update engines to 7.5.0-13.0f1690a1b5dcd01b5341a4f411f07767f1f76...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​prisma/client since your current version.


Updates dotenv from 16.6.1 to 17.4.1

Changelog

Sourced from dotenv's changelog.

17.4.1 (2026-04-05)

Changed

  • Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

  • Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

  • Tighten up logs: ◇ injecting env (14) from .env (#1003)

17.3.1 (2026-02-12)

Changed

  • Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

  • Add a new README section on dotenv’s approach to the agentic future.

Changed

  • Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

  • Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)
  • Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

17.2.3 (2025-09-29)

Changed

  • Fixed typescript error definition (#912)

17.2.2 (2025-09-02)

Added

  • 🙏 A big thank you to new sponsor Tuple.app - the premier screen sharing app for developers on macOS and Windows. Go check them out. It's wonderful and generous of them to give back to open source by sponsoring dotenv. Give them some love back.

... (truncated)

Commits

Updates express-rate-limit from 7.5.1 to 8.3.2

Release notes

Sourced from express-rate-limit's releases.

v8.3.2

You can view the changelog here.

v8.3.1

You can view the changelog here.

v8.3.0

You can view the changelog here.

v8.2.1

You can view the changelog here.

v8.2.0

You can view the changelog here.

v8.1.0

You can view the changelog here.

v8.0.1

You can view the changelog here.

v8.0.0

You can view the changelog here.

Commits
  • c4dbb42 8.3.2
  • 8f1cc66 v8.3.2 changelog
  • 601b87f Fix skipFailedRequests for for connections that close very early (#611)
  • 014c2f3 chore(deps-dev): bump the development-dependencies group with 6 updates (#612)
  • 4e8b18b Remove Zuplo sponsorship details from README (#613)
  • 31dab19 test: use numeric range for reset timestamp assertion (#610)
  • f82ad13 chore(deps-dev): bump the development-dependencies group with 2 updates (#609)
  • fa0b098 docs: fix broken link
  • 47e5b29 8.3.1
  • eb61179 v8.3.1 changelog
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for express-rate-limit since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates helmet from 7.2.0 to 8.1.0

Changelog

Sourced from helmet's changelog.

8.1.0 - 2025-03-17

Changed

  • Content-Security-Policy gives a better error when a directive value, like self, should be quoted. See #482

8.0.0 - 2024-09-28

Changed

  • Breaking: Strict-Transport-Security now has a max-age of 365 days, up from 180
  • Breaking: Content-Security-Policy middleware now throws an error if a directive should have quotes but does not, such as self instead of 'self'. See #454
  • Breaking: Content-Security-Policy's getDefaultDirectives now returns a deep copy. This only affects users who were mutating the result
  • Breaking: Strict-Transport-Security now throws an error when "includeSubDomains" option is misspelled. This was previously a warning

Removed

  • Breaking: Drop support for Node 16 and 17. Node 18+ is now required
Commits
  • 57e1b39 8.1.0
  • c8efbe3 Update changelog for 8.1.0 release
  • 3396804 Add 8.0.0 release date to changelog
  • 52dd8eb Content-Security-Policy: better error when value should be quoted
  • 4af4777 Use built-in test runner (instead of Jest)
  • ba10272 Organize imports
  • e0f1387 Update devDependencies to latest versions
  • 842393c Check types during npm test, run in parallel
  • 77fbe3a Strict-Transport-Security: fix documentation for default max-age
  • 632e629 Update license year for 2025
  • Additional commits viewable in compare view

Updates http-proxy-middleware from 2.0.9 to 3.0.5

Release notes

Sourced from http-proxy-middleware's releases.

v3.0.5

What's Changed

Full Changelog: chimurai/http-proxy-middleware@v3.0.4...v3.0.5

v3.0.4

What's Changed

New Contributors

Full Changelog: chimurai/http-proxy-middleware@v3.0.3...v3.0.4

v3.0.3

What's Changed

Full Changelog: chimurai/http-proxy-middleware@v3.0.2...v3.0.3

v3.0.2

... (truncated)

Changelog

Sourced from http-proxy-middleware's changelog.

v3.0.5

  • fix(fixRequestBody): check readableLength (#1096)

v3.0.4

  • fix(fixRequestBody): handle invalid request (#1092)
  • fix(fixRequestBody): prevent multiple .write() calls (#1089)
  • fix(websocket): handle errors in handleUpgrade (#823)
  • ci(package): patch http-proxy (#1084)
  • fix(fixRequestBody): support multipart/form-data (#896)
  • feat(types): export Plugin type (#1071)

v3.0.3

  • fix(pathFilter): handle errors

v3.0.2

  • refactor(dependency): replace is-plain-obj with is-plain-object (#1031)
  • chore(package): upgrade to eslint v9 (#1032)
  • fix(logger-plugin): handle undefined protocol and hostname (#1036)

v3.0.1

  • fix(type): fix RequestHandler return type (#980)
  • refactor(errors): improve pathFilter error message (#987)
  • fix(logger-plugin): fix missing target port (#989)
  • ci(package): npm package provenance (#991)
  • fix(logger-plugin): log target port when router option is used (#1001)
  • refactor: fix circular dependencies (#1010)
  • fix(fix-request-body): support '+json' content-type suffix (#1015)

v3.0.0

This release contains some breaking changes.

Please read the V3 discussion chimurai/http-proxy-middleware#768 or follow the MIGRATION.md guide.

  • feat(typescript): type improvements (#882)
  • chore(deps): update micromatch to 4.0.5
  • chore(package): bump devDependencies
  • feat(legacyCreateProxyMiddleware): show migration tips (#756)
  • feat(legacyCreateProxyMiddleware): adapter with v2 behavior (#754)
  • docs(proxy events): fix new syntax (#753)
  • feat(debug): improve troubleshooting (#752)
  • test(path-rewriter): improve coverage (#751)
  • feat(ejectPlugins): skip registering default plugins (#750)
  • refactor: logging [BREAKING CHANGE] (#749)

... (truncated)

Commits
Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates joi from 17.13.3 to 18.1.2

Commits
  • 7d43b12 18.1.2
  • d98c802 Merge pull request #3107 from mahmoodhamdi/fix/json-schema-number-rules
  • 7edc591 fix: improve JSON Schema conversion for number.port() and number.sign()
  • 06afeb5 18.1.1
  • 407ed75 chore: apply npm pkg fix
  • 4323588 Merge pull request #3099 from poupounetjoyeux/master
  • 8607f5c Merge pull request #3103 from ordinary9843/fix/describe-nan-allow
  • 384c5cd Merge pull request #3097 from iamnivekx/feat/standard-validate-options
  • 3e6d6cd 18.1.0
  • b366678 Merge pull request #3102 from hapijs/feat/standard-json-schema
  • Additional commits viewable in compare view

Updates uuid from 9.0.1 to 13.0.0

Release notes

Sourced from uuid's releases.

v13.0.0

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

  • make browser exports the default (#901)

Bug Fixes

v12.0.0

12.0.0 (2025-09-05)

⚠ BREAKING CHANGES

  • update to typescript@5.2 (#887)
  • remove CommonJS support (#886)
  • drop node@16 support (#883)

Features

Bug Fixes

v11.1.0

11.1.0 (2025-02-19)

Features

  • update TS types to allowUint8Array subtypes for buffer option (#865) (a5231e7)

v11.0.5

11.0.5 (2025-01-09)

Bug Fixes

  • add TS unit test, pin to typescript@5.0.4 (#860) (24ac2fd)

... (truncated)

Changelog

Sourced from uuid's changelog.

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

  • make browser exports the default (#901)

Bug Fixes

12.0.0 (2025-09-05)

⚠ BREAKING CHANGES

  • update to typescript@5.2 (#887)
  • remove CommonJS support (#886)
  • drop node@16 support (#883)

Features

Bug Fixes

11.1.0 (2025-02-19)

Features

  • update TS types to allowUint8Array subtypes for buffer option (#865) (a5231e7)

11.0.5 (2025-01-09)

Bug Fixes

  • add TS unit test, pin to typescript@5.0.4 (#860) (24ac2fd)

11.0.4 (2025-01-05)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by broofa, a new releaser for uuid since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates prisma from 5.22.0 to 7.7.0

Release notes

Sourced from prisma's releases.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

prisma bootstrap command

A new prisma bootstrap command (#29374, #29424) sequences the full Prisma Postgres setup into a single interactive flow. It detects the current project state and runs only the steps that are needed:

  1. Init or scaffold — In an empty directory, offers a choice of 10 starter templates (Next.js, Express, Hono, Fastify, Nuxt, SvelteKit, Remix, React Router 7, Astro, NestJS) from prisma-examples. In an existing project without a schema, runs prisma init.
  2. Link — Authenticates via the browser and connects to a Prisma Postgres database. Skips if already linked.
  3. Install dependencies — Detects the package manager and offers to install missing @prisma/client, prisma, and dotenv.
  4. Migrate — Runs prisma migrate dev if the schema contains models.
  5. Generate — Runs prisma generate.
  6. Seed — Runs prisma db seed if a seed script is configured.

Each side-effecting step prompts for confirmation. Re-running the command skips already-completed steps.

Basic usage

npx prisma@latest bootstrap

With a starter template

npx prisma@latest bootstrap --template nextjs

Non-interactive (CI)

npx prisma@latest bootstrap --api-key "$PRISMA_API_KEY" --database "db_abc123"

Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

... (truncated)

Commits
  • 8e71aa7 fix(cli): install missing @prisma/client in prisma bootstrap (#29444)
  • ada077b fix(cli): bootstrap UX — auto-install deps, resumable flow, timeout handling ...
  • 9b0b7f5 feat(cli): add prisma bootstrap command (#29374)
  • 5fece0a chore: bump @​prisma/dev to 0.24.3 (#29396)
  • 45d7e0f feat(cli): add prisma postgres link command (#29352)
  • adbdf15 Pre-bundle Studio frontend assets and replace Hono (#29389)
  • f8258ad chore: bump effect to fix vulnerability (#29384)
  • 74839a9 feat(cli): update bundled @​prisma/studio-core to 0.27.3 (#29376)
  • 309b4bc refactor: extract 'prisma-client-js' into PRISMA_CLIENT_JS_PROVIDER constant ...
  • 2cd422d Bump studio-core dependency to 0.21.1 (#29322)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for prisma since your current version.


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 9, 2026
@dependabot
chore(deps): bump the production-dependencies group
8afd6a5 
Bumps the production-dependencies group in /backend with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [@prisma/client](https://github.com/prisma/prisma/tree/HEAD/packages/client) | `5.22.0` | `7.7.0` |
| [dotenv](https://github.com/motdotla/dotenv) | `16.6.1` | `17.4.1` |
| [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `7.5.1` | `8.3.2` |
| [helmet](https://github.com/helmetjs/helmet) | `7.2.0` | `8.1.0` |
| [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.9` | `3.0.5` |
| [joi](https://github.com/hapijs/joi) | `17.13.3` | `18.1.2` |
| [uuid](https://github.com/uuidjs/uuid) | `9.0.1` | `13.0.0` |
| [prisma](https://github.com/prisma/prisma/tree/HEAD/packages/cli) | `5.22.0` | `7.7.0` |


Updates `@prisma/client` from 5.22.0 to 7.7.0
- [Release notes](https://github.com/prisma/prisma/releases)
- [Commits](https://github.com/prisma/prisma/commits/7.7.0/packages/client)

Updates `dotenv` from 16.6.1 to 17.4.1
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v16.6.1...v17.4.1)

Updates `express-rate-limit` from 7.5.1 to 8.3.2
- [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases)
- [Commits](express-rate-limit/express-rate-limit@v7.5.1...v8.3.2)

Updates `helmet` from 7.2.0 to 8.1.0
- [Changelog](https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md)
- [Commits](helmetjs/helmet@v7.2.0...v8.1.0)

Updates `http-proxy-middleware` from 2.0.9 to 3.0.5
- [Release notes](https://github.com/chimurai/http-proxy-middleware/releases)
- [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/master/CHANGELOG.md)
- [Commits](chimurai/http-proxy-middleware@v2.0.9...v3.0.5)

Updates `joi` from 17.13.3 to 18.1.2
- [Commits](hapijs/joi@v17.13.3...v18.1.2)

Updates `uuid` from 9.0.1 to 13.0.0
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v9.0.1...v13.0.0)

Updates `prisma` from 5.22.0 to 7.7.0
- [Release notes](https://github.com/prisma/prisma/releases)
- [Commits](https://github.com/prisma/prisma/commits/7.7.0/packages/cli)

---
updated-dependencies:
- dependency-name: "@prisma/client"
  dependency-version: 7.7.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: dotenv
  dependency-version: 17.4.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: express-rate-limit
  dependency-version: 8.3.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: helmet
  dependency-version: 8.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: http-proxy-middleware
  dependency-version: 3.0.5
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: joi
  dependency-version: 18.1.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: uuid
  dependency-version: 13.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: prisma
  dependency-version: 7.7.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/npm_and_yarn/backend/production-dependencies-8a2ec644ce branch from 46ebf3d to 8afd6a5 Compare April 13, 2026 21:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants