Skip to content

chore(deps): bump the production-dependencies group with 6 updates#27

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/production-dependencies-348de08ffb
Open

chore(deps): bump the production-dependencies group with 6 updates#27
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/production-dependencies-348de08ffb

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot bot commented on behalf of github Mar 30, 2026

Bumps the production-dependencies group with 6 updates:

Package From To
@prisma/adapter-pg 7.5.0 7.6.0
@prisma/client 7.5.0 7.6.0
fastify 5.8.2 5.8.4
@xyflow/react 12.10.1 12.10.2
react 19.1.0 19.2.4
react-dom 19.1.0 19.2.4

Updates @prisma/adapter-pg from 7.5.0 to 7.6.0

Release notes

Sourced from @​prisma/adapter-pg's releases.

7.6.0

Today, we are excited to share the 7.6.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Features

CLI

  • Added a prisma postgres link command that connects a local project to a Prisma Postgres database. This is the first command in a new prisma postgres command group for managing Prisma Postgres databases directly from the CLI. (#29352)

Driver Adapters

  • @​prisma/adapter-pg: Added a statementNameGenerator option that accepts a custom prepared statement name generator to allow users to leverage pg statement caching (#29395)
  • @​prisma/adapter-pg: Added support for usage of connection strings directly in the constructor for improved ergonomics (#29287)
  • @​prisma/adapter-mariadb: Added a useTextProtocol option in the constructor to toggle between text and binary protocols (#29392)

Bug Fixes

Prisma Client

  • Disabled caching of createMany queries to avoid cache bloat and potential Node.js crashes in bulk operations (#29382)
  • Made NowGenerator lazy to avoid synchronous new Date() calls, fixing Next.js "dynamic usage" errors in cached components (#28724)
  • Fixed missing export of Get<Model>GroupByPayload type in the new prisma-client generator, making it accessible for TypeScript usage (#29346)

CLI

  • Added streaming parsing with automatic fallback to handle Prisma schemas that produce extremely large intermediate strings (>500MB) that hit V8's string limits (#29377)

Driver Adapters

  • @​prisma/adapter-pg: Relaxed the @types/pg version constraint to ^8.16.0 for compatibility with newer PostgreSQL type definitions (#29390)
  • @​prisma/adapter-pg: Corrected error handling for ColumnNotFound errors to correctly extract column names from both quoted and unquoted PostgreSQL error messages (#29307)
  • @​prisma/adapter-mariadb: Modified the adapter to disable mariadb statement caching by default to address a reported leak (#29392)

Prisma Studio

We’re continuing our work to improve Prisma Studio with more features being added.

Dark Mode

Need we say more? You’ve all asked for it, and it’s back.

dark-mode-studio.mp4

... (truncated)

Commits
  • f2ca67e feat: pg statement name generator (#29395)
  • 4131568 fix: set @​types/pg to ^8.16.0 (#29390)
  • 33667c3 fix(adapter-pg): handle both quoted/unquoted column names in ColumnNotFound e...
  • e97b3e0 feat(adapter-pg): accept connection string URL in PrismaPg constructor (#29287)
  • See full diff in compare view

Updates @prisma/client from 7.5.0 to 7.6.0

Release notes

Sourced from @​prisma/client's releases.

7.6.0

Today, we are excited to share the 7.6.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Features

CLI

  • Added a prisma postgres link command that connects a local project to a Prisma Postgres database. This is the first command in a new prisma postgres command group for managing Prisma Postgres databases directly from the CLI. (#29352)

Driver Adapters

  • @​prisma/adapter-pg: Added a statementNameGenerator option that accepts a custom prepared statement name generator to allow users to leverage pg statement caching (#29395)
  • @​prisma/adapter-pg: Added support for usage of connection strings directly in the constructor for improved ergonomics (#29287)
  • @​prisma/adapter-mariadb: Added a useTextProtocol option in the constructor to toggle between text and binary protocols (#29392)

Bug Fixes

Prisma Client

  • Disabled caching of createMany queries to avoid cache bloat and potential Node.js crashes in bulk operations (#29382)
  • Made NowGenerator lazy to avoid synchronous new Date() calls, fixing Next.js "dynamic usage" errors in cached components (#28724)
  • Fixed missing export of Get<Model>GroupByPayload type in the new prisma-client generator, making it accessible for TypeScript usage (#29346)

CLI

  • Added streaming parsing with automatic fallback to handle Prisma schemas that produce extremely large intermediate strings (>500MB) that hit V8's string limits (#29377)

Driver Adapters

  • @​prisma/adapter-pg: Relaxed the @types/pg version constraint to ^8.16.0 for compatibility with newer PostgreSQL type definitions (#29390)
  • @​prisma/adapter-pg: Corrected error handling for ColumnNotFound errors to correctly extract column names from both quoted and unquoted PostgreSQL error messages (#29307)
  • @​prisma/adapter-mariadb: Modified the adapter to disable mariadb statement caching by default to address a reported leak (#29392)

Prisma Studio

We’re continuing our work to improve Prisma Studio with more features being added.

Dark Mode

Need we say more? You’ve all asked for it, and it’s back.

dark-mode-studio.mp4

... (truncated)

Commits
  • 5b420f8 fix(client): prevent caching of createMany queries to avoid cache bloat and p...
  • 30f0af6 feat: dmmf streaming with an E2E test (#29377)
  • 14c3c2e fix: pin E2E typescript to prevent 6 upgrade (#29383)
  • ecae3b6 chore(deps): update engines to 7.6.0-1.75cbdc1eb7150937890ad5465d861175c66247...
  • 309b4bc refactor: extract 'prisma-client-js' into PRISMA_CLIENT_JS_PROVIDER constant ...
  • See full diff in compare view

Updates fastify from 5.8.2 to 5.8.4

Release notes

Sourced from fastify's releases.

v5.8.4

Full Changelog: fastify/fastify@v5.8.3...v5.8.4

v5.8.3

⚠️ Security Release

This fixes CVE CVE-2026-3635 GHSA-444r-cwp2-x5xf.

What's Changed

New Contributors

Full Changelog: fastify/fastify@v5.8.2...v5.8.3

Commits
  • af92d0d Bumped v5.8.4
  • a3e77ce Bumped v5.8.3
  • 4e1db5b fix: gate host and protocol getters on proxy trust function
  • a22217f ci(lock-threads): use shared lock-threads workflow (#6592)
  • 1851f20 docs: update links (#6593)
  • 9cc5187 types: Allow port to be null in request type definition (#6589)
  • 722d83b docs: replace redirected npm.im http-errors link (#6588)
  • a1413de docs: fix incorrect code examples in Reply and Request reference (#6582)
  • d7f01b6 docs: clarify content-type parser/schema mismatch is outside threat model (#6...
  • a0649e9 docs: update syntax markdown, absolute paths and links (#6569)
  • Additional commits viewable in compare view

Updates @xyflow/react from 12.10.1 to 12.10.2

Release notes

Sourced from @​xyflow/react's releases.

@​xyflow/react@​12.10.2

Patch Changes

Changelog

Sourced from @​xyflow/react's changelog.

12.10.2

Patch Changes

Commits
  • ba0a361 chore(packages): bump
  • 613ad30 Merge pull request #5733 from AlaricBaraou/fix/store-reset-timing-on-remount
  • a6c938f Explicitly allow missing type field in BuiltInNode type definition
  • f2831bd Merge pull request #5727 from unifygtm/clear-nodes-selection-active
  • 0e48d84 Return hasSelectedNodes from adoptUserNodes and use it to update `nodesSe...
  • 6db2bd0 fix(react): prevent empty store during ReactFlow remount
  • e7b78d1 Merge pull request #5720 from yarikoptic/enh-codespell
  • 38f4fef Merge pull request #5722 from dfblhmm/fix/type-definition
  • 759042d Fix spacing in store/index.ts
  • 52d452b Centralize nodesSelectionActive update in setNodes of store
  • Additional commits viewable in compare view

Updates react from 19.1.0 to 19.2.4

Release notes

Sourced from react's releases.

19.2.4 (January 26th, 2026)

React Server Components

19.2.3 (December 11th, 2025)

React Server Components

19.2.2 (December 11th, 2025)

React Server Components

19.2.1 (December 3rd, 2025)

React Server Components

19.2.0 (Oct 1, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
  • Added resume APIs for partial pre-rendering with Node Streams:
  • Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

  • React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
  • Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
  • Use underscore instead of : IDs generated by useId

All Changes

... (truncated)

Changelog

Sourced from react's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

19.2.0 (October 1st, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
  • Added resume APIs for partial pre-rendering with Node Streams:
  • Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

  • React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
  • Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
  • Use underscore instead of : IDs generated by useId

All Changes

React

... (truncated)

Commits

Updates react-dom from 19.1.0 to 19.2.4

Release notes

Sourced from react-dom's releases.

19.2.4 (January 26th, 2026)

React Server Components

19.2.3 (December 11th, 2025)

React Server Components

19.2.2 (December 11th, 2025)

React Server Components

19.2.1 (December 3rd, 2025)

React Server Components

19.2.0 (Oct 1, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
  • Added resume APIs for partial pre-rendering with Node Streams:
  • Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

  • React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
  • Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
  • Use underscore instead of : IDs generated by useId

All Changes

... (truncated)

Changelog

Sourced from react-dom's changelog.

19.2.1 (Dec 3, 2025)

React Server Components

19.2.0 (October 1st, 2025)

Below is a list of all new features, APIs, and bug fixes.

Read the React 19.2 release post for more information.

New React Features

  • <Activity>: A new API to hide and restore the UI and internal state of its children.
  • useEffectEvent is a React Hook that lets you extract non-reactive logic into an Effect Event.
  • cacheSignal (for RSCs) lets your know when the cache() lifetime is over.
  • React Performance tracks appear on the Performance panel’s timeline in your browser developer tools

New React DOM Features

  • Added resume APIs for partial pre-rendering with Web Streams:
  • Added resume APIs for partial pre-rendering with Node Streams:
  • Updated prerender APIs to return a postponed state that can be passed to the resume APIs.

Notable changes

  • React DOM now batches suspense boundary reveals, matching the behavior of client side rendering. This change is especially noticeable when animating the reveal of Suspense boundaries e.g. with the upcoming <ViewTransition> Component. React will batch as much reveals as possible before the first paint while trying to hit popular first-contentful paint metrics.
  • Add Node Web Streams (prerender, renderToReadableStream) to server-side-rendering APIs for Node.js
  • Use underscore instead of : IDs generated by useId

All Changes

React

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the production-dependencies group with 6 updates
08ab3d5 
Bumps the production-dependencies group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@prisma/adapter-pg](https://github.com/prisma/prisma/tree/HEAD/packages/adapter-pg) | `7.5.0` | `7.6.0` |
| [@prisma/client](https://github.com/prisma/prisma/tree/HEAD/packages/client) | `7.5.0` | `7.6.0` |
| [fastify](https://github.com/fastify/fastify) | `5.8.2` | `5.8.4` |
| [@xyflow/react](https://github.com/xyflow/xyflow/tree/HEAD/packages/react) | `12.10.1` | `12.10.2` |
| [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.1.0` | `19.2.4` |
| [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.1.0` | `19.2.4` |


Updates `@prisma/adapter-pg` from 7.5.0 to 7.6.0
- [Release notes](https://github.com/prisma/prisma/releases)
- [Commits](https://github.com/prisma/prisma/commits/7.6.0/packages/adapter-pg)

Updates `@prisma/client` from 7.5.0 to 7.6.0
- [Release notes](https://github.com/prisma/prisma/releases)
- [Commits](https://github.com/prisma/prisma/commits/7.6.0/packages/client)

Updates `fastify` from 5.8.2 to 5.8.4
- [Release notes](https://github.com/fastify/fastify/releases)
- [Commits](fastify/fastify@v5.8.2...v5.8.4)

Updates `@xyflow/react` from 12.10.1 to 12.10.2
- [Release notes](https://github.com/xyflow/xyflow/releases)
- [Changelog](https://github.com/xyflow/xyflow/blob/main/packages/react/CHANGELOG.md)
- [Commits](https://github.com/xyflow/xyflow/commits/@xyflow/react@12.10.2/packages/react)

Updates `react` from 19.1.0 to 19.2.4
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.4/packages/react)

Updates `react-dom` from 19.1.0 to 19.2.4
- [Release notes](https://github.com/facebook/react/releases)
- [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md)
- [Commits](https://github.com/facebook/react/commits/v19.2.4/packages/react-dom)

---
updated-dependencies:
- dependency-name: "@prisma/adapter-pg"
  dependency-version: 7.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: "@prisma/client"
  dependency-version: 7.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: fastify
  dependency-version: 5.8.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: "@xyflow/react"
  dependency-version: 12.10.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: react
  dependency-version: 19.2.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: react-dom
  dependency-version: 19.2.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Mar 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants