Skip to content

chore(deps): bump the indexer-dependencies group across 1 directory with 6 updates#223

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/indexer/indexer-dependencies-76d9fc1518
Open

chore(deps): bump the indexer-dependencies group across 1 directory with 6 updates#223
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/indexer/indexer-dependencies-76d9fc1518

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 6, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Bumps the indexer-dependencies group with 6 updates in the /indexer directory:

Package From To
@prisma/client 5.22.0 7.8.0
dotenv 16.6.1 17.4.2
express 4.22.2 5.2.1
node-cron 3.0.3 4.5.0
@types/express 4.17.25 5.0.6
prisma 5.22.0 7.8.0

Updates @prisma/client from 5.22.0 to 7.8.0

Release notes

Sourced from @​prisma/client's releases.

7.8.0

Today, we are excited to share the 7.8.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Features

Prisma Client

  • Added a queryPlanCacheMaxSize option to the PrismaClient constructor for fine-grained control over the query plan cache. Pass 0 to disable the cache entirely, or omit it to use the default cache size. A larger value can improve performance in applications that execute many unique queries, while a smaller one can reduce memory usage. (#29503)

Bug Fixes

Prisma Client

  • Fixed an equality filter panic and incorrect ::jsonb cast when filtering on PostgreSQL JSON list columns. Queries using where: { jsonListField: { equals: [...] } }prisma/prisma-engines#5804
  • Fixed case-insensitive JSON field filtering (mode: insensitive), allowing where: { jsonField: { equals: "...", mode: "insensitive" } }prisma/prisma-engines#5806
  • Fixed incorrect parameterization of enum values that have a custom database name set via @map. (#29422)
  • Fixed a database parameter limit check (P2029), which could incorrectly reject or miss over-limit queries. (#29422)
  • Fixed a regression that caused missing SQL Server VARCHARprisma/prisma-engines#5801

Schema Engine

  • Fixed a misleading error message in prisma migrate diff that referenced the --shadow-database-url CLI flag, which was removed in Prisma 7. (#29455)
  • Fixed prisma migrate dev (and shadow database migration replay in general) failing with CREATE INDEX CONCURRENTLY cannot run inside a transaction blockprisma/prisma-engines#5799
  • Fixed PostgreSQL introspection silently dropping sequence defaults when the database returns the schema-qualified form pg_catalog.nextval('sequence_name'::regclass) instead of the bare nextval(...). Columns backed by sequences now correctly appear as @default(autoincrement())prisma/prisma-engines#5802

Driver Adapters

  • @​prisma/adapter-d1: Savepoint operations (createSavepoint, rollbackToSavepoint, releaseSavepoint) now silently no-op with debug logging instead of executing SQL statements, consistent with how the D1 adapter already treats top-level transactions. (#29499)

Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

... (truncated)

Commits
  • 62b44ac chore(deps): update engines to 7.8.0-5.e96eae70cf4ade6a15d7e6064d5b0b4f7d835d...
  • 4104864 feat: add a query plan cache size parameter (#29503)
  • 723ba7b chore(deps): update engines to 7.8.0-4.8c287008617e9b12f313df99e2c821ae61ea9a...
  • cadbafe chore(deps): update engines to 7.8.0-2.3187e3937290320ba3c7dbd5aa94af67942b44...
  • f705533 chore(deps): update engines to 7.8.0-1.7b80cc56c645c6e03c7541474e6a7c8d91b70d...
  • fbab4e8 Fix 29271 (#29303)
  • 6a3c3cc chore: extract parameterization to client-engine-runtime (#29422)
  • 5b420f8 fix(client): prevent caching of createMany queries to avoid cache bloat and p...
  • 30f0af6 feat: dmmf streaming with an E2E test (#29377)
  • 14c3c2e fix: pin E2E typescript to prevent 6 upgrade (#29383)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​prisma/client since your current version.


Updates dotenv from 16.6.1 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

  • Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

  • Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

  • Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

  • Tighten up logs: ◇ injecting env (14) from .env (#1003)

17.3.1 (2026-02-12)

Changed

  • Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

  • Add a new README section on dotenv’s approach to the agentic future.

Changed

  • Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

  • Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)
  • Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

17.2.3 (2025-09-29)

Changed

  • Fixed typescript error definition (#912)

... (truncated)

Commits

Updates express from 4.22.2 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

What's Changed

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

  • Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
    • The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

5.2.0 / 2025-12-01

  • Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
  • deps: body-parser@^2.2.1
  • A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

5.1.0 / 2025-03-31

  • Add support for Uint8Array in res.send()
  • Add support for ETag option in res.sendFile()
  • Add support for multiple links with the same rel in res.links()
  • Add funding field to package.json
  • perf: use loop for acceptParams
  • refactor: prefix built-in node module imports
  • deps: remove setprototypeof
  • deps: remove safe-buffer
  • deps: remove utils-merge
  • deps: remove methods
  • deps: remove depd
  • deps: debug@^4.4.0
  • deps: body-parser@^2.2.0
  • deps: router@^2.2.0
  • deps: content-type@^1.0.5
  • deps: finalhandler@^2.1.0
  • deps: qs@^6.14.0
  • deps: server-static@2.2.0
  • deps: type-is@2.0.1

5.0.1 / 2024-10-08

5.0.0 / 2024-09-10

  • remove:
    • path-is-absolute dependency - use path.isAbsolute instead
  • breaking:
    • res.status() accepts only integers, and input must be greater than 99 and less than 1000
      • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
      • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
    • deps: send@1.0.0

... (truncated)

Commits

Updates node-cron from 3.0.3 to 4.5.0

Release notes

Sourced from node-cron's releases.

v4.5.0

Added

  • lastRun() introspection getter on ScheduledTask: returns { date, result } after a successful execution, { date, error } after a failed one, or null before the first run.
  • Extended day-of-week tokens: <weekday>#<nth> (nth weekday of the month, e.g. 1#1 for the first Monday) and <weekday>L (last weekday of the month, e.g. 5L for the last Friday).

Performance

  • Cache Intl.DateTimeFormat instances per timezone instead of rebuilding on every call.
  • Parse the cron expression once per TimeMatcher instead of re-parsing in MatcherWalker.
  • Compute the GMT offset lazily (only when formatting ISO strings, not during the next-run search).
  • Replace crypto.randomBytes with crypto.randomUUID for internal ID generation.
  • Skip setTimeout jitter wrapper when maxRandomDelay is zero.
  • Bundle dist into flat files instead of preserving the module tree (reduces import time).

Fixed

  • Flaky should schedule a task test: poll for the first execution instead of asserting an exact count after a fixed sleep.

Changed

  • Renamed internal functions interprete to interpret and appendSeccondExpression to appendSecondExpression.
  • Rewritten README and package metadata to surface scheduling capabilities (overlap prevention, distributed coordination, background tasks).

v4.4.1

Patch release.

Changed

  • Renamed the distributedTtl task option to distributedLease (same meaning: the safety lease, in ms, for lease-based run coordinators). distributedTtl was the only abbreviation in the options API and shipped just days ago in 4.4.0, so it's removed without an alias. If you adopted distributedTtl from 4.4.0, rename it to distributedLease. (#551)

Full Changelog: node-cron/node-cron@v4.4.0...v4.4.1

v4.4.0

Features

  • Distributed run coordination — opt-in distributed: true runs a task on a single instance per fire across a fleet (the #477 use case). Ships a built-in NODE_CRON_RUN env-var default (one designated runner, no dependencies) and a pluggable RunCoordinator (via setRunCoordinator, or the per-task runCoordinator option) for high-availability, per-fire coordination (e.g. a Redis lock). Adds the distributedTtl option and an execution:skipped event carrying a reason ('not-elected' | 'coordinator-error'). Works for inline and background tasks. (#549, closes #477)
  • Task introspection on ScheduledTask: getNextRuns(n) (preview the next N run times), match(date), msToNext(), isBusy(), runsLeft() and getPattern(). (#547)
  • cron.parse(expression) and cron.validateDetailed(expression) — decompose an expression into its fields, or get every field-level problem (without throwing) for tooling and richer error messages. (#548)

Fixes

  • getNextMatch no longer scans every time of day on a day that matches the day-of-month but not the weekday. A dense expression constrained by both (e.g. * * * 15 * 1) could take minutes to resolve; it is now instant. (#542)

Internal

  • Cleanups with no public API change: fixed the milisecondmillisecond spelling and the convertion/conversion/ directory name. (#543)

Docs

  • New Distributed Coordination guide, plus pages for task introspection and parse/validateDetailed, at nodecron.com.

Full Changelog: node-cron/node-cron@v4.3.0...v4.4.0

v4.3.0

Features

  • L (last day of month) in the day-of-month field — e.g. 0 0 12 L * *, leap-year aware, and combinable with explicit days (15,L). (#396, closes #147 — thanks @​antonidasyang)
  • missedExecutionTolerance option (ms, default 1000): a heartbeat that wakes a little late still runs its slot instead of being reported as missed. Always capped to the gap to the next slot. (#534, closes #485)
  • startTimeout option for background tasks (ms, default 5000). (#535)

... (truncated)

Changelog

Sourced from node-cron's changelog.

[4.5.0] - 2026-06-21

Added

  • lastRun() introspection getter on ScheduledTask: returns { date, result } after a successful execution, { date, error } after a failed one, or null before the first run. (#557)
  • Extended day-of-week tokens: <weekday>#<nth> (nth weekday of the month, e.g. 1#1 for the first Monday) and <weekday>L (last weekday of the month, e.g. 5L for the last Friday). (#560)

Performance

  • Cache Intl.DateTimeFormat instances per timezone instead of rebuilding on every call. (#561)
  • Parse the cron expression once per TimeMatcher instead of re-parsing in MatcherWalker. (#562)
  • Compute the GMT offset lazily (only when formatting ISO strings, not during the next-run search). (#563)
  • Replace crypto.randomBytes with crypto.randomUUID for internal ID generation. (#564)
  • Skip setTimeout jitter wrapper when maxRandomDelay is zero. (#565)
  • Bundle dist into flat files instead of preserving the module tree (reduces import time). (#566)

Fixed

  • Flaky should schedule a task test: poll for the first execution instead of asserting an exact count after a fixed sleep.

Changed

  • Renamed internal functions interprete to interpret and appendSeccondExpression to appendSecondExpression. (#567)
  • Rewritten README and package metadata to surface scheduling capabilities (overlap prevention, distributed coordination, background tasks). (#568)

[4.4.1] - 2026-06-18

Changed

  • Renamed the distributedTtl option to distributedLease (same meaning: the safety lease, in ms, for lease-based coordinators). The old name was the only abbreviation in the options API; the new one groups with distributed. distributedTtl was introduced in 4.4.0 and is removed without an alias.

[4.4.0] - 2026-06-17

Added

  • Task introspection on ScheduledTask: getNextRuns(n) (preview the next N run times), match(date), msToNext(), isBusy(), runsLeft() and getPattern(). (#547)
  • cron.parse(expression) and cron.validateDetailed(expression): decompose an expression into its fields, or get every field-level problem (without throwing) for tooling and richer error messages. (#548)

... (truncated)

Commits
  • cd9a5a7 chore(release): 4.5.0 (#569)
  • fbdd883 Rewrite README to surface scheduling capabilities (#568)
  • c80a396 perf(build): bundle dist into flat files instead of preserving modules (#566)
  • b71b9b1 Fix typos in internal function names (#567)
  • 7c5015c perf(id): drop crypto.randomBytes from internal id generation (#564)
  • dd0a2a9 perf(pattern): parse cron expression once per TimeMatcher (#562)
  • cf69f32 perf(time): cache Intl.DateTimeFormat instances per timezone (#561)
  • dad56e1 perf(runner): run inline when no random delay is configured (#565)
  • a309d5f perf(time): compute the GMT offset lazily (#563)
  • c2db9d1 feat: support extended day-of-week tokens (# nth weekday and L last weekday) ...
  • Additional commits viewable in compare view

Updates @types/express from 4.17.25 to 5.0.6

Commits

Updates prisma from 5.22.0 to 7.8.0

Release notes

Sourced from prisma's releases.

7.8.0

Today, we are excited to share the 7.8.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Features

Prisma Client

  • Added a queryPlanCacheMaxSize option to the PrismaClient constructor for fine-grained control over the query plan cache. Pass 0 to disable the cache entirely, or omit it to use the default cache size. A larger value can improve performance in applications that execute many unique queries, while a smaller one can reduce memory usage. (#29503)

Bug Fixes

Prisma Client

  • Fixed an equality filter panic and incorrect ::jsonb cast when filtering on PostgreSQL JSON list columns. Queries using where: { jsonListField: { equals: [...] } }prisma/prisma-engines#5804
  • Fixed case-insensitive JSON field filtering (mode: insensitive), allowing where: { jsonField: { equals: "...", mode: "insensitive" } }prisma/prisma-engines#5806
  • Fixed incorrect parameterization of enum values that have a custom database name set via @map. (#29422)
  • Fixed a database parameter limit check (P2029), which could incorrectly reject or miss over-limit queries. (#29422)
  • Fixed a regression that caused missing SQL Server VARCHARprisma/prisma-engines#5801

Schema Engine

  • Fixed a misleading error message in prisma migrate diff that referenced the --shadow-database-url CLI flag, which was removed in Prisma 7. (#29455)
  • Fixed prisma migrate dev (and shadow database migration replay in general) failing with CREATE INDEX CONCURRENTLY cannot run inside a transaction blockprisma/prisma-engines#5799
  • Fixed PostgreSQL introspection silently dropping sequence defaults when the database returns the schema-qualified form pg_catalog.nextval('sequence_name'::regclass) instead of the bare nextval(...). Columns backed by sequences now correctly appear as @default(autoincrement())prisma/prisma-engines#5802

Driver Adapters

  • @​prisma/adapter-d1: Savepoint operations (createSavepoint, rollbackToSavepoint, releaseSavepoint) now silently no-op with debug logging instead of executing SQL statements, consistent with how the D1 adapter already treats top-level transactions. (#29499)

Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

... (truncated)

Commits
  • 5723406 fix(cli): route bootstrap telemetry to Prisma Web Properties project (#29473)
  • 8e71aa7 fix(cli): install missing @prisma/client in prisma bootstrap (#29444)
  • ada077b fix(cli): bootstrap UX — auto-install deps, resumable flow, timeout handling ...
  • 9b0b7f5 feat(cli): add prisma bootstrap command (#29374)
  • 5fece0a chore: bump @​prisma/dev to 0.24.3 (#29396)
  • 45d7e0f feat(cli): add prisma postgres link command (#29352)
  • adbdf15 Pre-bundle Studio frontend assets and replace Hono (#29389)
  • f8258ad chore: bump effect to fix vulnerability (#29384)
  • 74839a9 feat(cli): update bundled @​prisma/studio-core to 0.27.3 (#29376)
  • 309b4bc refactor: extract 'prisma-client-js' into PRISMA_CLIENT_JS_PROVIDER constant ...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for prisma since your current version.

@dependabot @github

dependabot Bot commented on behalf of github Jun 6, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, indexer. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot changed the title chore(deps): bump the indexer-dependencies group in /indexer with 6 updates chore(deps): bump the indexer-dependencies group across 1 directory with 6 updates Jun 22, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/indexer/indexer-dependencies-76d9fc1518 branch from 8a0fe20 to beb6033 Compare June 22, 2026 09:29
@dependabot
chore(deps): bump the indexer-dependencies group across 1 directory w…
2e8bdf8 
…ith 6 updates

Bumps the indexer-dependencies group with 6 updates in the /indexer directory:

| Package | From | To |
| --- | --- | --- |
| [@prisma/client](https://github.com/prisma/prisma/tree/HEAD/packages/client) | `5.22.0` | `7.8.0` |
| [dotenv](https://github.com/motdotla/dotenv) | `16.6.1` | `17.4.2` |
| [express](https://github.com/expressjs/express) | `4.22.2` | `5.2.1` |
| [node-cron](https://github.com/node-cron/node-cron) | `3.0.3` | `4.5.0` |
| [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express) | `4.17.25` | `5.0.6` |
| [prisma](https://github.com/prisma/prisma/tree/HEAD/packages/cli) | `5.22.0` | `7.8.0` |



Updates `@prisma/client` from 5.22.0 to 7.8.0
- [Release notes](https://github.com/prisma/prisma/releases)
- [Commits](https://github.com/prisma/prisma/commits/7.8.0/packages/client)

Updates `dotenv` from 16.6.1 to 17.4.2
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v16.6.1...v17.4.2)

Updates `express` from 4.22.2 to 5.2.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@v4.22.2...v5.2.1)

Updates `node-cron` from 3.0.3 to 4.5.0
- [Release notes](https://github.com/node-cron/node-cron/releases)
- [Changelog](https://github.com/node-cron/node-cron/blob/main/CHANGELOG.md)
- [Commits](node-cron/node-cron@v3.0.3...v4.5.0)

Updates `@types/express` from 4.17.25 to 5.0.6
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express)

Updates `prisma` from 5.22.0 to 7.8.0
- [Release notes](https://github.com/prisma/prisma/releases)
- [Commits](https://github.com/prisma/prisma/commits/7.8.0/packages/cli)

---
updated-dependencies:
- dependency-name: "@prisma/client"
  dependency-version: 7.8.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: indexer-dependencies
- dependency-name: "@types/express"
  dependency-version: 5.0.6
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: indexer-dependencies
- dependency-name: dotenv
  dependency-version: 17.4.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: indexer-dependencies
- dependency-name: express
  dependency-version: 5.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: indexer-dependencies
- dependency-name: node-cron
  dependency-version: 4.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: indexer-dependencies
- dependency-name: prisma
  dependency-version: 7.8.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: indexer-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/indexer/indexer-dependencies-76d9fc1518 branch from beb6033 to 2e8bdf8 Compare June 29, 2026 09:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants