Bump the production-dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the production-dependencies group with 10 updates in the /backend directory:

Package	From	To
@prisma/client	5.16.0	5.21.1
axios	1.7.2	1.7.7
body-parser	1.20.2	1.20.3
bull	4.15.1	4.16.4
@types/bull	4.10.0	4.10.4
debug	4.3.5	4.3.7
express	4.19.2	4.21.1
prisma	5.16.0	5.21.1
simple-git	3.25.0	3.27.0
typescript	5.5.2	5.6.3

Updates @prisma/client from 5.16.0 to 5.21.1

Release notes

Sourced from @​prisma/client's releases.

5.21.1

• Fixed a bug where migrations were not using shadow database correctly in some edge cases

5.21.0

Today, we are excited to share the 5.21.0 release 🎉

🌟 Help us spread the word about Prisma by starring the repo ☝️ or posting on X about the release.

Highlights

Better support for tracing in MongoDB

The tracing Preview feature now has full support for MongoDB with previously missing functionality now implemented. This is a part of the ongoing effort to stabilize this Preview feature and release it in General Availability.

tracing is a Preview feature that enables built-in support for OpenTelemetry instrumentation inside the Prisma Client and provides deep insights into the performance and timing of your queries. See our documentation for more information.

For an easy to use and zero-configuration tracing instrumentation tool with a dashboard that provides an overview of your queries, statistics, and AI-powered recommendations, try Prisma Optimize.

WebAssembly engine size decrease for edge functions

Due to recent changes, some users experienced a steep increase of the bundle size in Prisma 5.20 when using the driverAdapters Preview feature, going over the 1 MB limit on the free tier of Cloudflare Workers. This has now been fixed.

Fixes and improvements

Prisma Engines

• Avoid regex crate for wasm bundle size (to keep cloudflare free plan)

Credits

Huge thanks to @​austin-tildei, @​LucianBuzzo, @​mcuelenaere, @​pagewang0, @​key-moon, @​pranayat, @​yubrot, @​skyzh for helping!

5.20.0

🌟 Help us spread the word about Prisma by starring the repo or posting on X about the release. 🌟

Highlights

strictUndefinedChecks in Preview

With Prisma ORM 5.20.0, the Preview feature strictUndefinedChecks will disallow any value that is explicitly undefined and will be a runtime error. This change is direct feedback from this GitHub issue and follows our latest proposal on the same issue.

To demonstrate the change, take the following code snippet:

prisma.table.deleteMany({
  where: {
    // If `nullableThing` is nullish, this query will remove all data.
    email: nullableThing?.property,
  }
})
</tr></table> 

... (truncated)

Commits

• a9dd792 chore(deps): patch 5.21.x 5.21.1-1.bf0e5e8a04cada8225617067eaa03d041e2bba36 (...
• 6819678 chore(deps): update engines to 5.21.0-36.08713a93b99d58f31485621c634b04983ae0...
• b11a6c2 feat(client): Support prisma+postgres URL scheme for postgres migrations (#25...
• 5c59fac chore(deps): update engines to 5.21.0-33.edd552ca6fe6bb4ebbfe57bafc00a55aef8e...
• 6792f13 test(e2e): bumped "@​prisma/extension-accelerate" to 1.2.1, fix failing e2e te...
• 7aae7ec chore(deps): update engines to 5.21.0-32.6a192e231962f2731353b2df0d76ad5a1227...
• 9952c28 test(client): add count and aggregate tracing tests (#25385)
• d43178a chore(deps): update engines to 5.21.0-31.00f0d739277ee51ca227615ad3f1c4c36eea...
• 4c6498f chore(client): remove dead code in fixtures/generate.ts (#25351)
• f19a3e2 chore(deps): update engines to 5.21.0-8.031f4d3fc290d071071bf02083dc6e7b78346...
• Additional commits viewable in compare view

Updates axios from 1.7.2 to 1.7.7

Release notes

Sourced from axios's releases.

Release v1.7.7

Release notes:

Bug Fixes

• fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
• http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

• Rishi556
• Dmitriy Mozgovoy

Release v1.7.6

Release notes:

Bug Fixes

• fetch: fix content length calculation for FormData payload; (#6524) (085f568)
• fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

• Dmitriy Mozgovoy
• Jacques Germishuys
• kuroino721

Release v1.7.5

Release notes:

Bug Fixes

• adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
• core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
• core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
• fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

• Dmitriy Mozgovoy
• Antonin Bas
• Hans Otto Wirtz

Release v1.7.4

Release notes:

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.7 (2024-08-31)

Bug Fixes

• fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
• http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

• Rishi556
• Dmitriy Mozgovoy

1.7.6 (2024-08-30)

Bug Fixes

• fetch: fix content length calculation for FormData payload; (#6524) (085f568)
• fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

• Dmitriy Mozgovoy
• Jacques Germishuys
• kuroino721

1.7.5 (2024-08-23)

Bug Fixes

• adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
• core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
• core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
• fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

• Dmitriy Mozgovoy
• Antonin Bas
• Hans Otto Wirtz

1.7.4 (2024-08-13)

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

... (truncated)

Commits

• 5b8a826 chore(release): v1.7.7 (#6585)
• 364993f fix(http): fixed support for IPv6 literal strings in url (#5731)
• d198085 fix(fetch): fix stream handling in Safari by fallback to using a stream reade...
• d584fcf chore(release): v1.7.6 (#6583)
• bc03c6c chore(examples): fix module import (#6575)
• df9889b fix(fetch): optimize signals composing logic; (#6582)
• ee208cf chore(sponsor): update sponsor block (#6576)
• 085f568 fix(fetch): fix content length calculation for FormData payload; (#6524)
• 59cd6b0 chore(release): v1.7.5 (#6574)
• 6700a8a fix(core): add the missed implementation of AxiosError#status property; (#6573)
• Additional commits viewable in compare view

Updates body-parser from 1.20.2 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/body-parser#522
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/body-parser#523
• fix: pin to node@22.4.1 by @​wesleytodd in expressjs/body-parser#527
• deps: qs@6.12.3 by @​melikhov-dev in expressjs/body-parser#521
• Add OSSF Scorecard badge by @​bjohansebas in expressjs/body-parser#531
• Linter by @​UlisesGascon in expressjs/body-parser#534
• Release: 1.20.3 by @​UlisesGascon in expressjs/body-parser#535

New Contributors

• @​inigomarquinez made their first contribution in expressjs/body-parser#522
• @​melikhov-dev made their first contribution in expressjs/body-parser#521
• @​bjohansebas made their first contribution in expressjs/body-parser#531
• @​UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Commits

• 1752951 1.20.3
• 39744cf chore: linter (#534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme (#531)
• 99a1bd6 deps: qs@6.12.3 (#521)
• 9478591 fix: pin to node@22.4.1
• 83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
• 9d4e212 chore: add support for OSSF scorecard reporting (#522)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates bull from 4.15.1 to 4.16.4

Release notes

Sourced from bull's releases.

v4.16.4

4.16.4 (2024-11-01)

Bug Fixes

• deps: bump msgpackr to 1.1.2 to resolve ERR_BUFFER_OUT_OF_BOUNDS error (#2783) fixes #2782 (bc0ae0a)

v4.16.3

4.16.3 (2024-09-10)

Bug Fixes

• metrics: differentiate points in different minutes to be more accurate (#2770) (fbf2fa3)

v4.16.2

4.16.2 (2024-09-05)

Performance Improvements

• metrics: save zeros as much as max data points (#2767) (3a09840)

v4.16.1

4.16.1 (2024-08-28)

Bug Fixes

• metrics: use batches include when collecting metrics (#2765) fixes #2764 #2763 (8276f72)

v4.16.0

4.16.0 (2024-07-30)

Features

• job: support debouncing (#2760) (603befe)

Changelog

Sourced from bull's changelog.

4.16.4 (2024-11-01)

Bug Fixes

• deps: bump msgpackr to 1.1.2 to resolve ERR_BUFFER_OUT_OF_BOUNDS error (#2783) fixes #2782 (bc0ae0a)

4.16.3 (2024-09-10)

Bug Fixes

• metrics: differentiate points in different minutes to be more accurate (#2770) (fbf2fa3)

4.16.2 (2024-09-05)

Performance Improvements

• metrics: save zeros as much as max data points (#2767) (3a09840)

4.16.1 (2024-08-28)

Bug Fixes

• metrics: use batches include when collecting metrics (#2765) fixes #2764 #2763 (8276f72)

4.16.0 (2024-07-30)

Features

• job: support debouncing (#2760) (603befe)

Commits

• 65355b8 chore(release): 4.16.4 [skip ci]
• bc0ae0a fix(deps): bump msgpackr to 1.1.2 to resolve ERR_BUFFER_OUT_OF_BOUNDS error (...
• c2f37ee docs(readme): replace gitter with slack (#2775)
• 461afc7 build(deps): bump path-to-regexp from 1.8.0 to 1.9.0 (#2771)
• 66f8241 chore(release): 4.16.3 [skip ci]
• fbf2fa3 fix(metrics): differentiate points in different minutes to be more accurate (...
• f59473b chore(release): 4.16.2 [skip ci]
• 3a09840 perf(metrics): save zeros as much as max data points (#2767)
• 090c529 docs: update phrasing to clarify promise usage over done callback (#2766)
• 8564453 chore(release): 4.16.1 [skip ci]
• Additional commits viewable in compare view

Updates @types/bull from 4.10.0 to 4.10.4

Commits

• See full diff in compare view

Updates debug from 4.3.5 to 4.3.7

Release notes

Sourced from debug's releases.

4.3.7

What's Changed

• Upgrade ms to version 2.1.3 by @​realityking in debug-js/debug#819

Full Changelog: debug-js/debug@4.3.6...4.3.7

4.3.6

What's Changed

• Avoid using deprecated RegExp.$1 by @​bluwy in debug-js/debug#969

New Contributors

• @​bluwy made their first contribution in debug-js/debug#969

Full Changelog: debug-js/debug@4.3.5...4.3.6

Commits

• bc60914 4.3.7
• c63e96e Upgrade ms to version 2.1.3 (#819)
• 382864a remove archaic badges from readme
• c33b464 4.3.6
• 7956a45 Avoid using deprecated RegExp.$1
• See full diff in compare view

Updates express from 4.19.2 to 4.21.1

Release notes

Sourced from express's releases.

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• finalhandler@1.3.1 by @​wesleytodd in expressjs/express#5954
• fix(deps): serve-static@1.16.2 by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605
• deps: encodeurl@~2.0.0 by @​blakeembrey in expressjs/express#5569
• skip QUERY method test by @​jonchurch in expressjs/express#5628
• ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
• add support Node.js@22 in the CI by @​mertcanaltin in expressjs/express#5627
• doc: add table of contents, tc/triager lists to readme by @​mertcanaltin in expressjs/express#5619
• List and sort all projects, add captains by @​blakeembrey in expressjs/express#5653
• docs: add @​UlisesGascon as captain for cookie-parser by @​UlisesGascon in expressjs/express#5666
• ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
• [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @​jonchurch in expressjs/express#5672
• skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695

... (truncated)

Changelog

Sourced from express's changelog.

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: serve-static@1.16.2
  • includes send@0.19.0
• deps: finalhandler@1.3.1
• deps: qs@6.13.0

4.20.0 / 2024-09-10

• deps: serve-static@0.16.0
  • Remove link renderization in html while redirecting
• deps: send@0.19.0
  • Remove link renderization in html while redirecting
• deps: body-parser@0.6.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: path-to-regexp@0.1.10
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

• 8e229f9 4.21.1
• a024c8a fix(deps): cookie@0.7.1
• 7e562c6 4.21.0
• 1bcde96 fix(deps): qs@6.13.0 (#5946)
• 7d36477 fix(deps): serve-static@1.16.2 (#5951)
• 40d2d8f fix(deps): finalhandler@1.3.1
• 77ada90 Deprecate "back" magic string in redirects (#5935)
• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to serve-static@0.16.0
• 9ebe5d5 feat: upgrade to send@0.19.0 (#5928)
• Additional commits viewable in compare view

Updates prisma from 5.16.0 to 5.21.1

Release notes

Sourced from prisma's releases.

5.21.1

• Fixed a bug where migrations were not using shadow database correctly in some edge cases

5.21.0

Today, we are excited to share the 5.21.0 release 🎉

🌟 Help us spread the word about Prisma by starring the repo ☝️ or posting on X about the release.

Highlights

Better support for tracing in MongoDB

The tracing Preview feature now has full support for MongoDB with previously missing functionality now implemented. This is a part of the ongoing effort to stabilize this Preview feature and release it in General Availability.

tracing is a Preview feature that enables built-in support for OpenTelemetry instrumentation inside the Prisma Client and provides deep insights into the performance and timing of your queries. See our documentation for more information.

For an easy to use and zero-configuration tracing instrumentation tool with a dashboard that provides an overview of your queries, statistics, and AI-powered recommendations, try Prisma Optimize.

WebAssembly engine size decrease for edge functions

Due to recent changes, some users experienced a steep increase of the bundle size in Prisma 5.20 when using the driverAdapters Preview feature, going over the 1 MB limit on the free tier of Cloudflare Workers. This has now been fixed.

Fixes and improvements

Prisma Engines

• Avoid regex crate for wasm bundle size (to keep cloudflare free plan)

Credits

Huge thanks to @​austin-tildei, @​LucianBuzzo, @​mcuelenaere, @​pagewang0, @​key-moon, @​pranayat, @​yubrot, @​skyzh for helping!

5.20.0

🌟 Help us spread the word about Prisma by starring the repo or posting on X about the release. 🌟

Highlights

strictUndefinedChecks in Preview

With Prisma ORM 5.20.0, the Preview feature strictUndefinedChecks will disallow any value that is explicitly undefined and will be a runtime error. This change is direct feedback from this GitHub issue and follows our latest proposal on the same issue.

To demonstrate the change, take the following code snippet:

prisma.table.deleteMany({
  where: {
    // If `nullableThing` is nullish, this query will remove all data.
    email: nullableThing?.property,
  }
})
</tr></table> 

... (truncated)

Commits

• 252920b chore(cli): Bump prisma studio (#25431)
• 8957496 feat(client): Typed SQL (#24907)
• f3856a9 chore(deps): update devdependencies patch (non-major) (#24813)
• ce552f3 feat(cli): remove Optimize specific login in Platform CLI (#25036)
• 26c8d91 feat(cli): Chokidar-based watch (#24983)
• cebc9c0 feat: Added a tip to remove tips (#24818)
• b58adc8 fix(client): Correctly resolve configDir when prismaSchemaFolder is used ...
• a15d3b9 feat(cli, generate command): Added promo array to rotate and make cli messagi...
• 7308378 feat(cli): Support prisma platform auth show --sensitive (#24745)
• 190bac1 chore(cli): cleanup import message when running generate (#24739)
• Additional commits viewable in compare view

Updates simple-git from 3.25.0 to 3.27.0

Release notes

Sourced from simple-git's releases.

simple-git@3.27.0

Minor Changes

• 52f767b: Add similarity to the DiffResultNameStatusFile interface used when fetching log/diff with the --name-status option.
• 739b0d9: Diff summary includes original name of renamed files when run wiht the --name-status option.
• bc90e7e: Fixes an issue with reporting name changes in the files array returned by git.status. Thank you @​mark-codesphere for the contribution.

Patch Changes

• 03e1c64: Resolve error in log parsing when fields have empty values.

simple-git@3.26.0

Minor Changes

• 28d545b: Upgrade build tools and typescript

Changelog

Sourced from simple-git's changelog.

3.27.0

Minor Changes

• 52f767b: Add similarity to the DiffResultNameStatusFile interface used when fetching log/diff with the --name-status option.
• 739b0d9: Diff summary includes original name of renamed files when run wiht the --name-status option.
• bc90e7e: Fixes an issue with reporting name changes in the files array returned by git.status. Thank you @​mark-codesphere for the contribution.

Patch Changes

• 03e1c64: Resolve error in log parsing when fields have empty values.

3.26.0

Minor Changes

• 28d545b: Upgrade build tools and typescript

Commits

• 4a6126b Version Packages
• 52f767b Feat/name status similarity (#1025)
• 03e1c64 Resolve an issue when parsing the response to git.log that could leave part...
• 739b0d9 Renamed files in git diff --name-status (#1023)
• bc90e7e Pr/1019 (#1021)
• 83a8b77 Version Packages
• 28d545b Typescript & Jest Upgrade
• See full diff in compare view

Updates typescript from 5.5.2 to 5.6.3

Release notes

Sourced from typescript's releases.

TypeScript 5.6.3

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript 5.6.0 (Beta).
• fixed issues query for Typescript 5.6.1 (RC).
• fixed issues query for Typescript 5.6.2 (Stable).
• fixed issues query for Typescript 5.6.3 (Stable).

Downloads are available on:

• npm
• NuGet package

TypeScript 5.6

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript 5.6.0 (Beta).
• fixed issues query for Typescript 5.6.1 (RC).
• fixed issues query for Typescript 5.6.2 (Stable).

Downloads are available on:

• npm
• NuGet package

TypeScript 5.6 RC

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for TypeScript v5.6.1 (RC).
• fixed issues query for TypeScript v5.6.0 (Beta).

Downloads are available on:

• npm

TypeScript 5.6 Beta

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript 5.6.0 (Beta).

... (truncated)

Commits

• d48a5cf Bump version to 5.6.3 and LKG
• fefa70a 🤖 Pick PR #60083 (Don't issue implicit any when obtai...) into release-5.6 (#...
• ff71692 [release-5.6] Remove tsbuildInfo specification error now that we need it for ...
• 1f44dcf 🤖 Pick PR #60157 (fix automatic type acquisition) into release-5.6 (#60169)
• a7e3374 Bump version to 5.6.2 and LKG
• 2063357 🤖 Pick PR #59708 (LEGO: Pull request from lego/hb_537...) into release-5.6 (#...
• 4fe7e41 🤖 Pick PR #59670 (fix(59649): ts Move to a new file d...) into release-5.6 (#...
• 1a03e53 🤖 Pick PR #59761 (this can be nullish) into release-5.6 (#59762)
• 6212132 Update LKG
• bbb5faf 🤖 Pick PR #59542 (Fixing delay caused in vscode due t...) into release-5.6 (#...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• `@depen...

Description has been truncated

[dependabot]

Superseded by #87.