build(deps): bump @prisma/client from 7.4.0 to 7.4.2 by dependabot[bot] · Pull Request #2078 · ryanmaclean/vibecode-webgui

dependabot · 2026-03-02T01:47:10Z

Bumps @prisma/client from 7.4.0 to 7.4.2.

Release notes

Sourced from @prisma/client's releases.

7.4.2

Today, we are issuing a 7.4.2 patch release focused on bug fixes and quality improvements.

🛠 Fixes

Prisma Client

Fix a case-insensitive IN and NOT IN filter regression (prisma/prisma#29243)

Fix a query plan mutation issue that resulted in broken cursor queries (prisma/prisma#29262)

Fix an array parameter wrapping issue in push operations (prisma/prisma-engines#5784)

Fix Uint8Array serialization in nested JSON fields (prisma/prisma#29268)

Fix an issue with MySQL joins that relied on non-strict equality (prisma/prisma#29251)

Driver Adapters

@prisma/adapter-mariadb: Update text column detection to check for a binary collation (prisma/prisma#29238)

@prisma/adapter-mariadb: Correct relationJoins compatibility check for MariaDB 8.x versions (prisma/prisma#29246)

Schema Engine

Fix partial index predicate comparison on PostgreSQL and MSSQL (prisma/prisma-engines#5780)

🙏 Huge thanks to our community

Many of the fixes in this release were contributed by our amazing community members. We're grateful for your continued support and contributions that help make Prisma better for everyone!

7.4.1

Today, we are issuing a 7.4.1 patch release focused on bug fixes and quality improvements.

🛠 Fixes

Prisma Client

Fix cursor-based pagination regression with parameterised values (prisma/prisma#29184)

Preserve Prisma.skip through query extension argument cloning (prisma/prisma#29198)

Enable batching of multiple queries inside interactive transactions (prisma/prisma#25571)

Add missing JSON value deserialization for JSONB parameter fields (prisma/prisma#29182)

Apply result extensions correctly for nested and fluent relations (prisma/prisma#29218)

Allow missing config datasource URL and validate only when needed (prisma/prisma-engines#5777)

Driver Adapters

@prisma/adapter-ppg: Handle null values in type parsers for nullable columns (prisma/prisma#29192)

Prisma Schema Language

Support where argument on field-level @unique for partial indexes (prisma/prisma-engines#5774)

Add object expression and object member support to schema reformatter (prisma/prisma-engines#5776)

🙏 Huge thanks to our community

Many of the fixes in this release were contributed by our amazing community members. We're grateful for your continued support and contributions that help make Prisma better for everyone!

Commits

ac2bed1 chore: port fixes for 7.4.2 (#29270)
533e22a chore: port fixes to 7.4 patch branch (#29222)
See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [@prisma/client](https://github.com/prisma/prisma/tree/HEAD/packages/client) from 7.4.0 to 7.4.2. - [Release notes](https://github.com/prisma/prisma/releases) - [Commits](https://github.com/prisma/prisma/commits/7.4.2/packages/client) --- updated-dependencies: - dependency-name: "@prisma/client" dependency-version: 7.4.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-03-02T01:53:06Z

🔒 Security Audit Results

✅ Secret Scanning: No secrets detected
⚠️ Environment Config: Missing variables
❌ NPM Audit: Critical/High vulnerabilities
✅ Secret Patterns: None detected

📊 View full results: Security Audit Summary
⏱️ Duration: < 2 minutes

github-actions · 2026-03-02T01:54:01Z

PR Analysis 📊

Changed Files Summary:

JavaScript/TypeScript files: 0
Test files: 0
Documentation files: 0
Configuration files: 1

CI Status: Running automated checks...

github-actions · 2026-03-02T02:01:00Z

Quick Checks Results

Check	Status
ESLint	✅
TypeScript	✅

✅ All quick checks passed!

github-actions · 2026-03-02T02:02:46Z

Test Results ✅ Passed

Test Suites: 57 failed, 5 skipped, 488 passed, 545 of 550 total
Tests: 379 failed, 104 skipped, 30 todo, 10666 passed, 11179 total

✅ All tests passed! Ready for review.

View test output

Check the Actions tab for detailed test output.

github-actions · 2026-03-02T02:05:39Z

Build Status ✅ Build successful

✅ Build completed successfully!

github-actions · 2026-03-02T02:25:17Z

PR Status Summary

Check	Status
Quick Checks	✅ Passed
Tests	✅ Passed
Build	✅ Passed

✅ All checks passed! This PR is ready to merge. 🎉

github-actions · 2026-03-02T02:37:27Z

Dependency Audit Results

# npm audit report

basic-ftp  <5.2.0
Severity: critical
Basic FTP has Path Traversal Vulnerability in its downloadToDir() method - https://github.com/advisories/GHSA-5rq4-664w-9x2c
fix available via `npm audit fix`
node_modules/basic-ftp

fast-xml-parser  <5.3.8
fast-xml-parser has stack overflow in XMLBuilder with preserveOrder - https://github.com/advisories/GHSA-fj3w-jwp8-x2g3
fix available via `npm audit fix --force`
Will install @aws-sdk/client-s3@3.893.0, which is a breaking change
node_modules/fast-xml-parser
  @aws-sdk/xml-builder  >=3.894.0
  Depends on vulnerable versions of fast-xml-parser
  node_modules/@aws-sdk/xml-builder
    @aws-sdk/core  >=3.894.0
    Depends on vulnerable versions of @aws-sdk/xml-builder
    node_modules/@aws-sdk/core
      @aws-sdk/client-s3  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      Depends on vulnerable versions of @aws-sdk/credential-provider-node
      Depends on vulnerable versions of @aws-sdk/middleware-flexible-checksums
      Depends on vulnerable versions of @aws-sdk/middleware-sdk-s3
      Depends on vulnerable versions of @aws-sdk/middleware-user-agent
      Depends on vulnerable versions of @aws-sdk/signature-v4-multi-region
      Depends on vulnerable versions of @aws-sdk/util-user-agent-node
      node_modules/@aws-sdk/client-s3
      @aws-sdk/credential-provider-env  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      node_modules/@aws-sdk/credential-provider-env
      @aws-sdk/credential-provider-http  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      node_modules/@aws-sdk/credential-provider-http
        @aws-sdk/credential-provider-node  >=3.894.0
        Depends on vulnerable versions of @aws-sdk/credential-provider-env
        Depends on vulnerable versions of @aws-sdk/credential-provider-http
        Depends on vulnerable versions of @aws-sdk/credential-provider-ini
        Depends on vulnerable versions of @aws-sdk/credential-provider-process
        Depends on vulnerable versions of @aws-sdk/credential-provider-sso
        Depends on vulnerable versions of @aws-sdk/credential-provider-web-identity
        node_modules/@aws-sdk/credential-provider-node
      @aws-sdk/credential-provider-ini  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      Depends on vulnerable versions of @aws-sdk/credential-provider-env
      Depends on vulnerable versions of @aws-sdk/credential-provider-http
      Depends on vulnerable versions of @aws-sdk/credential-provider-login
      Depends on vulnerable versions of @aws-sdk/credential-provider-process
      Depends on vulnerable versions of @aws-sdk/credential-provider-sso
      Depends on vulnerable versions of @aws-sdk/credential-provider-web-identity
      Depends on vulnerable versions of @aws-sdk/nested-clients
      node_modules/@aws-sdk/credential-provider-ini
      @aws-sdk/credential-provider-login  *
      Depends on vulnerable versions of @aws-sdk/core
      Depends on vulnerable versions of @aws-sdk/nested-clients
      node_modules/@aws-sdk/credential-provider-login
      @aws-sdk/credential-provider-process  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      node_modules/@aws-sdk/credential-provider-process
      @aws-sdk/credential-provider-sso  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      Depends on vulnerable versions of @aws-sdk/nested-clients
      Depends on vulnerable versions of @aws-sdk/token-providers
      node_modules/@aws-sdk/credential-provider-sso
      @aws-sdk/credential-provider-web-identity  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      Depends on vulnerable versions of @aws-sdk/nested-clients
      node_modules/@aws-sdk/credential-provider-web-identity
      @aws-sdk/middleware-flexible-checksums  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      node_modules/@aws-sdk/middleware-flexible-checksums
      @aws-sdk/middleware-sdk-s3  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      node_modules/@aws-sdk/middleware-sdk-s3
        @aws-sdk/signature-v4-multi-region  >=3.894.0
        Depends on vulnerable versions of @aws-sdk/middleware-sdk-s3
        node_modules/@aws-sdk/signature-v4-multi-region
      @aws-sdk/middleware-user-agent  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      node_modules/@aws-sdk/middleware-user-agent
        @aws-sdk/util-user-agent-node  >=3.894.0
        Depends on vulnerable versions of @aws-sdk/middleware-user-agent
        node_modules/@aws-sdk/util-user-agent-node
      @aws-sdk/nested-clients  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      Depends on vulnerable versions of @aws-sdk/middleware-user-agent
      Depends on vulnerable versions of @aws-sdk/util-user-agent-node
      node_modules/@aws-sdk/nested-clients
      @aws-sdk/token-providers  >=3.894.0
      Depends on vulnerable versions of @aws-sdk/core
      Depends on vulnerable versions of @aws-sdk/nested-clients
      node_modules/@aws-sdk/token-providers

hono  4.12.0 - 4.12.1
Severity: high
Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo - https://github.com/advisories/GHSA-xh87-mx6m-69f3
fix available via `npm audit fix`
node_modules/hono

serialize-javascript  <=7.0.2
Severity: high
Serialize JavaScript is Vulnerable to RCE via RegExp.flags and Date.prototype.toISOString() - https://github.com/advisories/GHSA-5c6j-r48x-rmvq
No fix available
node_modules/serialize-javascript
  terser-webpack-plugin  *
  Depends on vulnerable versions of serialize-javascript
  node_modules/terser-webpack-plugin

23 vulnerabilities (19 low, 3 high, 1 critical)

To address issues that do not require attention, run:
  npm audit fix

To address all issues possible (including breaking changes), run:
  npm audit fix --force

Some issues need review, and may require choosing
a different dependency.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 2, 2026

dependabot bot requested a review from ryanmaclean as a code owner March 2, 2026 01:47

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 2, 2026

ryanmaclean enabled auto-merge (squash) March 2, 2026 06:20

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump @prisma/client from 7.4.0 to 7.4.2#2078

build(deps): bump @prisma/client from 7.4.0 to 7.4.2#2078
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/prisma/client-7.4.2

dependabot bot commented on behalf of github Mar 2, 2026

Uh oh!

github-actions bot commented Mar 2, 2026

Uh oh!

github-actions bot commented Mar 2, 2026

Uh oh!

github-actions bot commented Mar 2, 2026

Uh oh!

github-actions bot commented Mar 2, 2026

Uh oh!

github-actions bot commented Mar 2, 2026

Uh oh!

github-actions bot commented Mar 2, 2026

Uh oh!

github-actions bot commented Mar 2, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Mar 2, 2026

7.4.2

🛠 Fixes

🙏 Huge thanks to our community

7.4.1

🛠 Fixes

🙏 Huge thanks to our community

Uh oh!

github-actions bot commented Mar 2, 2026

🔒 Security Audit Results

Uh oh!

github-actions bot commented Mar 2, 2026

PR Analysis 📊

Uh oh!

github-actions bot commented Mar 2, 2026

Quick Checks Results

Uh oh!

github-actions bot commented Mar 2, 2026

Test Results ✅ Passed

Uh oh!

github-actions bot commented Mar 2, 2026

Build Status ✅ Build successful

Uh oh!

github-actions bot commented Mar 2, 2026

PR Status Summary

Uh oh!

github-actions bot commented Mar 2, 2026

Dependency Audit Results

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants