fix(deps): update prisma monorepo to v4.10.0

renovate[bot] commented 1 year ago

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@prisma/client (source)	`4.9.0` -> `4.10.0`
prisma (source)	`4.9.0` -> `4.10.0`

Release Notes

prisma/prisma

### [`v4.10.0`](https://togithub.com/prisma/prisma/releases/tag/4.10.0) [Compare Source](https://togithub.com/prisma/prisma/compare/4.9.0...4.10.0) 🌟 **Help us spread the word about Prisma by starring the repo or [tweeting](https://twitter.com/intent/tweet?text=Check%20out%20the%20latest%20@prisma%20release%20v4.10.0%20%F0%9F%9A%80%0D%0A%0D%0Ahttps://github.com/prisma/prisma/releases/tag/4.10.0) about the release.** 🌟 #### Highlights ##### Improved CLI support for connection poolers When working with connection poolers such as the [Prisma Data Proxy](https://www.prisma.io/data-platform/proxy), [Accelerate](https://www.prisma.io/data-platform/accelerate) or [pgBouncer](https://www.prisma.io/docs/guides/performance-and-optimization/connection-management/configure-pg-bouncer), it is necessary to use a different URL to connect to the database when using Prisma Client and Prisma Migrate. We're introducing a new datasource property `directUrl` to improve this. When the `directUrl` property is present, the Prisma CLI will use it to connect to the database for tasks such as introspection and migrations. ```sh ### .env ### Connection to Prisma Data Proxy. Used by Prisma Client. DATABASE_URL="prisma://__HOST__/?api_key=__KEY__" ### Connection to the database. Used for migrations and introspection. DIRECT_URL="postgresql://__USER__:__PASSWORD__@__HOST__:__PORT__/__DATABASE__" ``` ```prisma // ./prisma/schema.prisma generator client { provider = "prisma-client-js" } datasource db { provider = "postgresql" url = env("DATABASE_URL") directUrl = env("DIRECT_URL") } ``` To learn more, refer to our [documentation](https://www.prisma.io/docs/data-platform/data-proxy/prisma-cli-with-data-proxy). ##### Introspection support for PostgreSQL views We introduced initial support for database views in [4.9.0](https://togithub.com/prisma/prisma/releases/tag/4.9.0) with the addition of the `view` keyword. This release introduces introspection support for PostgreSQL views. You can run `prisma db pull` against your database to populate your Prisma schema with your views. To learn more, refer to our documentation on [views introspection](https://www.prisma.io/docs/concepts/components/prisma-schema/views#use-introspection). Try it out and let us know your thoughts in this [GitHub issue](https://togithub.com/prisma/prisma/issues/17335). ##### Improved introspection for unsupported database functionality & partitioned tables Currently, the Prisma Schema Language(PSL) does not cover the full feature sets of different database providers. For the unsupported database functionality, Prisma provides offers escape hatches like [raw queries](https://www.prisma.io/docs/concepts/components/prisma-client/raw-database-access) or [manual editing of the migration files](https://www.prisma.io/docs/guides/database/developing-with-prisma-migrate/customizing-migrations). While we work on adding support for missing database functionality, e.g. database views, some of it is not fully-supported and the escape hatches fail. Objects that use unsupported properties might not be caught during introspection and raw queries might not work. Re-introspection may sometimes remove the information from the schema file and the generated migrations may be invalid or re-generate the same SQL repeatedly. We're therefore fixing the defects and supporting the unsupported database functionalities Prisma currently doesn't support. We created a list of these features in [this GitHub issue](https://togithub.com/prisma/prisma/issues/16311) we would like to improve. This release improves introspection support for **partitioned tables** in PostgreSQL and MySQL. Previously, Prisma would pick up the partitions as `model`s and miss the *actual* main table. Prisma will now pick up the main table as a `model`, not the partitions. If you're already using partitioned tables in your database, you can use `prisma db pull` to update your Prisma schema. If you're already using Prisma and want to partition a table in your database, you can: 1. Create a draft migration using `prisma migrate dev --create-only` 2. Update the draft migration with the SQL to partition the tables 3. Re-run `prisma migrate dev` to apply the draft migration to your database Try it out and let us know what you think. If you run into an issue, feel free to create a [bug report](https://togithub.com/prisma/prisma/issues/new?assignees=\&labels=kind/bug\&template=bug_report.yml). ##### Smaller engine size used in Prisma CLI In 4.8.0, we decreased the size of the engines by ~50%, which significantly impacted Prisma Client, especially in serverless environments. In this release, we've reduced the size of Prisma CLI by removing the Introspection and Formatter engines. The introspection functionality is now served by the Migration Engine. A cross-platform Wasm module has entirely replaced the Formatter Engine. This reduces the overall installation size for Prisma CLI. #### Fixes and improvements ##### Prisma Client - [Precompiled engine files for `aarch64-unknown-linux-musl` target (Alpine Linux on ARM, e.g. M1)](https://togithub.com/prisma/prisma/issues/8478) - [Specify the generator to use for sharing schema files in different environments](https://togithub.com/prisma/prisma/issues/10527) - [Implement `getDmmf` as Wasm module that could be used in Prisma CLI](https://togithub.com/prisma/prisma/issues/12482) - [Client in interactive transaction is not extended ](https://togithub.com/prisma/prisma/issues/16582) - [Deeply nested objects aren't typed when clientExtensions is enabled](https://togithub.com/prisma/prisma/issues/17349) - [Typescript issue on nested queries with clientExtensions feature](https://togithub.com/prisma/prisma/issues/17563) ##### Prisma - [Introspection can't get composite primary key for partitioned table](https://togithub.com/prisma/prisma/issues/10870) - [db pull adds redundant comment about ignored table](https://togithub.com/prisma/prisma/issues/16796) - [Remove `prisma-fmt` formatter binary](https://togithub.com/prisma/prisma/issues/16924) - [Diagnostics currently need to be manually written for Code Action tests](https://togithub.com/prisma/prisma/issues/16944) - [OpenSSL on Node Alpine still not working after Prisma 4.8.0 on an ARM machine](https://togithub.com/prisma/prisma/issues/16963) - [Improved error messages on system library detection](https://togithub.com/prisma/prisma/issues/16970) - [Remove `introspection-engine` binary from CLI](https://togithub.com/prisma/prisma/issues/17300) - [\[Stopgap\] Introspect partitioned tables better: Only introspect main table in a valid way, ignore partitions](https://togithub.com/prisma/prisma/issues/17351) - [Regression: `get-platform` error for non-`amd64` Alpine introduced in `prisma@4.9.0` prevents using custom Prisma engines](https://togithub.com/prisma/prisma/issues/17390) - [Introspection of PostgreSQL views](https://togithub.com/prisma/prisma/issues/17413) - [internal: use original distro and distro family in warning messages](https://togithub.com/prisma/prisma/issues/17480) - [Failed to detect linux distro + `Error: Unknown binaryTarget debian-openssl-0.0.x and no custom engine files were provided` after upgrading from 4.8.1 to 4.9.0](https://togithub.com/prisma/prisma/issues/17499) ##### Language tools (e.g. VS Code) - [Add VS Code quick fix / code action to phase out `referentialIntegrity` in favor of `relationMode`](https://togithub.com/prisma/language-tools/issues/1276) - [Auto completion of `directUrl`](https://togithub.com/prisma/language-tools/issues/1359) #### Credits Huge thanks to [@rintaun](https://togithub.com/rintaun), [@ivan](https://togithub.com/ivan), [@Mini256](https://togithub.com/Mini256), [@yukukotani](https://togithub.com/yukukotani), [@sandrewTx08](https://togithub.com/sandrewTx08) for helping! #### 📺 Join us for another "What's new in Prisma" live stream Learn about the latest release and other news from the Prisma community by joining us for another ["What's new in Prisma"](https://youtube.com/playlist?list=PLn2e1F9Rfr6l1B9RP0A9NdX7i7QIWfBa7) live stream. The stream takes place [on YouTube](https://youtu.be/bLC7sS-9x20) on **Thursday, February 9** at **5 pm Berlin | 8 am San Francisco**.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

socket-security[bot] commented 1 year ago

Socket Security Pull Request Report

Dependency issues detected. If you merge this pull request, you will not be alerted to the instances of these issues again.

📜 Install scripts

Install scripts are run when the package is installed. The majority of malware in npm is hidden in install scripts.

Packages should not be running non-essential scripts during install and there are often solutions to problems people solve with install scripts that can be run at publish time instead.

Package	Script field	Source
prisma@4.10.0 (upgraded)	`install`	`package-lock.json`, `server/package.json` via @prisma/client@4.10.0
prisma@4.10.0 (upgraded)	`preinstall`	`package-lock.json`, `server/package.json` via @prisma/client@4.10.0
@prisma/client@4.10.0 (upgraded)	`postinstall`	`package-lock.json`, `server/package.json`
@prisma/engines@4.10.0 (upgraded)	`postinstall`	`package-lock.json`, `server/package.json` via @prisma/client@4.10.0, prisma@4.10.0
browser-tabs-lock@1.2.15 (added)	`postinstall`	`package-lock.json`, `client/package.json` via @auth0/auth0-react@1.12.1

Pull request report summary

Issue	Status
Install scripts	⚠️ 5 issues
Native code	✅ 0 issues
Bin script confusion	✅ 0 issues
Bin script shell injection	✅ 0 issues
Unresolved require	✅ 0 issues
Invalid package.json	✅ 0 issues
HTTP dependency	✅ 0 issues
Git dependency	✅ 0 issues
Potential typo squat	✅ 0 issues
Known Malware	✅ 0 issues
Telemetry	✅ 0 issues
Protestware/Troll package	✅ 0 issues

Bot Commands

To ignore an alert, reply with a comment starting with @SocketSecurity ignore followed by a space separated list of package-name@version specifiers. e.g. @SocketSecurity ignore foo@1.0.0 bar@2.4.2

@SocketSecurity ignore prisma@4.10.0
@SocketSecurity ignore @prisma/client@4.10.0
@SocketSecurity ignore @prisma/engines@4.10.0
@SocketSecurity ignore browser-tabs-lock@1.2.15

Powered by socket.dev

ghost commented 1 year ago

👇 Click on the image for a new way to code review

- Make big changes easier — review code in small groups of related files - Know where to start — see the whole change at a glance - Take a code tour — explore the change with an interactive tour - Make comments and review — all fully sync’ed with github [Try it now!](https://app.codesee.io/r/reviews?pr=2355&src=https%3A%2F%2Fgithub.com%2FfreeCodeCamp%2Fchapter)

Legend

CodeSee Map Legend

Sboonny commented 1 year ago

I can't merge security reports 🤣, well that's smart. @ojeytonwilliams, can you merge this, and I will update, the .env.example file with these values.

### Connection to Prisma Data Proxy. Used by Prisma Client.
DATABASE_URL="prisma://__HOST__/?api_key=__KEY__"

### Connection to the database. Used for migrations and introspection.
DIRECT_URL="postgresql://__USER__:__PASSWORD__@&#8203;__HOST__:__PORT__/__DATABASE__"

ojeytonwilliams commented 1 year ago

There's nothing to fix, @Sboonny. They're just giving examples of env vars we might use if we used a connection pooler.

freeCodeCamp / chapter