Bump the production-dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the production-dependencies group with 10 updates in the /backend directory:

Package	From	To
@prisma/client	5.16.0	5.22.0
axios	1.7.2	1.7.7
body-parser	1.20.2	1.20.3
bull	4.15.1	4.16.4
@types/bull	4.10.0	4.10.4
debug	4.3.5	4.3.7
express	4.19.2	4.21.1
prisma	5.16.0	5.22.0
simple-git	3.25.0	3.27.0
typescript	5.5.2	5.6.3

Updates @prisma/client from 5.16.0 to 5.22.0

Release notes

Sourced from @​prisma/client's releases.

5.22.0

Today, we are excited to share the 5.22.0 stable release 🎉

🌟 Help us spread the word about Prisma by starring the repo ☝️ or posting on X about the release.

Highlights

Further Tracing Improvements

In our ongoing effort to stabilize the tracing Preview feature, we’ve made our spans compliant with OpenTelemetry Semantic Conventions for Database Client Calls. This should lead to better compatibility with tools such as DataDog and Sentry.

We’ve also included numerous bug fixes that should make this Preview feature easier to work with.

Metrics bug fix

Occasionally, connection pool metrics would become negative or grow unbounded. In this release, connection pool metrics should stay consistent.

Connection Pool Timeout fix

In a specific case, there could be issues where fetching a new connection from the connection pool would time out, regardless of the state of the application and connection pool. If you have experience connection pool issues accessing a PostgreSQL database with TLS encryption in a resource-constrained environment (such as Function-as-a-Service offerings or very small VPS) this should resolve those issues.

Special thanks to @​youxq for their pull request and help resolving this issue!

Join us

Looking to make an impact on Prisma in a big way? We're hiring!

Learn more on our careers page: https://www.prisma.io/careers

Fixes and improvements

Prisma Migrate

• removing @unique in schema.prisma does not generate SQL to do so

Prisma

• Prisma generate randomly fails on Ubuntu due to missing internal .so libquery_engine-debian-openssl-1.1.x.so.node
• Timed out fetching a new connection from the connection pool.
• Some prisma:engine:connection spans have no parent
• Query-related spans outside of prisma:engine:itx_runner are disconnected from the tree
• Tracing with dataproxy/mini-proxy: itx_runner span and it's children are missing sometimes
• Incorrect OpenTelemetry span reported by Prisma
• OTEL spans are not recognised as spans from a database
• SQL Injection bug - D1 adaptor throws "Conversion failed: expected a datetime string in column" when string column contains any ISO date
• Prisma generate randomly fails on Ubuntu due to missing internal .so libquery_engine-debian-openssl-1.1.x.so.node

Credits

Huge thanks to @​tmm1, @​Takur0, @​hinaloe, @​andyjy, and @​youxq for helping!

... (truncated)

Commits

• 718358a fix: integrate backwards compatibility change for Optimize (#25591)
• c64991b feat: integrate iTX and tracing refactor (#25285)
• b7210d9 chore: Small exports and changes for using Json Protocol types and utils in S...
• 9af950b chore(deps): update engines to 5.22.0-39.387bb643aa7d27f1f14d278b1a15691d8d4e...
• dd7d5ee chore: Expose serializeJsonQuery and deserializeJsonResponse (#25576)
• b599db6 chore(deps): update engines to 5.22.0-32.2428ad6eca74cb0654e6b55b8f19b662f2fa...
• 699552e chore: Expose JsonQuery type in @​prisma/client/runtime/library (#25557)
• 9567ac0 fix(adapter-d1): throws Error when string column contains any ISO date (#25483)
• 7496049 chore(deps): update engines to 5.22.0-12.8263a1f2b3deb0a72687cad83ceb981a2562...
• 8e14920 chore(deps): update engines to 5.22.0-10.4fe298bcdaa934021fad991610757e9d42ee...
• Additional commits viewable in compare view

Updates axios from 1.7.2 to 1.7.7

Release notes

Sourced from axios's releases.

Release v1.7.7

Release notes:

Bug Fixes

• fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
• http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

• Rishi556
• Dmitriy Mozgovoy

Release v1.7.6

Release notes:

Bug Fixes

• fetch: fix content length calculation for FormData payload; (#6524) (085f568)
• fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

• Dmitriy Mozgovoy
• Jacques Germishuys
• kuroino721

Release v1.7.5

Release notes:

Bug Fixes

• adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
• core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
• core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
• fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

• Dmitriy Mozgovoy
• Antonin Bas
• Hans Otto Wirtz

Release v1.7.4

Release notes:

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

Contributors to this release

• Lev Pachmanov

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.7 (2024-08-31)

Bug Fixes

• fetch: fix stream handling in Safari by fallback to using a stream reader instead of an async iterator; (#6584) (d198085)
• http: fixed support for IPv6 literal strings in url (#5731) (364993f)

Contributors to this release

• Rishi556
• Dmitriy Mozgovoy

1.7.6 (2024-08-30)

Bug Fixes

• fetch: fix content length calculation for FormData payload; (#6524) (085f568)
• fetch: optimize signals composing logic; (#6582) (df9889b)

Contributors to this release

• Dmitriy Mozgovoy
• Jacques Germishuys
• kuroino721

1.7.5 (2024-08-23)

Bug Fixes

• adapter: fix undefined reference to hasBrowserEnv (#6572) (7004707)
• core: add the missed implementation of AxiosError#status property; (#6573) (6700a8a)
• core: fix ReferenceError: navigator is not defined for custom environments; (#6567) (fed1a4b)
• fetch: fix credentials handling in Cloudflare workers (#6533) (550d885)

Contributors to this release

• Dmitriy Mozgovoy
• Antonin Bas
• Hans Otto Wirtz

1.7.4 (2024-08-13)

Bug Fixes

• sec: CVE-2024-39338 (#6539) (#6543) (6b6b605)
• sec: disregard protocol-relative URL to remediate SSRF (#6539) (07a661a)

... (truncated)

Commits

• 5b8a826 chore(release): v1.7.7 (#6585)
• 364993f fix(http): fixed support for IPv6 literal strings in url (#5731)
• d198085 fix(fetch): fix stream handling in Safari by fallback to using a stream reade...
• d584fcf chore(release): v1.7.6 (#6583)
• bc03c6c chore(examples): fix module import (#6575)
• df9889b fix(fetch): optimize signals composing logic; (#6582)
• ee208cf chore(sponsor): update sponsor block (#6576)
• 085f568 fix(fetch): fix content length calculation for FormData payload; (#6524)
• 59cd6b0 chore(release): v1.7.5 (#6574)
• 6700a8a fix(core): add the missed implementation of AxiosError#status property; (#6573)
• Additional commits viewable in compare view

Updates body-parser from 1.20.2 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/body-parser#522
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/body-parser#523
• fix: pin to node@22.4.1 by @​wesleytodd in expressjs/body-parser#527
• deps: qs@6.12.3 by @​melikhov-dev in expressjs/body-parser#521
• Add OSSF Scorecard badge by @​bjohansebas in expressjs/body-parser#531
• Linter by @​UlisesGascon in expressjs/body-parser#534
• Release: 1.20.3 by @​UlisesGascon in expressjs/body-parser#535

New Contributors

• @​inigomarquinez made their first contribution in expressjs/body-parser#522
• @​melikhov-dev made their first contribution in expressjs/body-parser#521
• @​bjohansebas made their first contribution in expressjs/body-parser#531
• @​UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Commits

• 1752951 1.20.3
• 39744cf chore: linter (#534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme (#531)
• 99a1bd6 deps: qs@6.12.3 (#521)
• 9478591 fix: pin to node@22.4.1
• 83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
• 9d4e212 chore: add support for OSSF scorecard reporting (#522)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates bull from 4.15.1 to 4.16.4

Release notes

Sourced from bull's releases.

v4.16.4

4.16.4 (2024-11-01)

Bug Fixes

• deps: bump msgpackr to 1.1.2 to resolve ERR_BUFFER_OUT_OF_BOUNDS error (#2783) fixes #2782 (bc0ae0a)

v4.16.3

4.16.3 (2024-09-10)

Bug Fixes

• metrics: differentiate points in different minutes to be more accurate (#2770) (fbf2fa3)

v4.16.2

4.16.2 (2024-09-05)

Performance Improvements

• metrics: save zeros as much as max data points (#2767) (3a09840)

v4.16.1

4.16.1 (2024-08-28)

Bug Fixes

• metrics: use batches include when collecting metrics (#2765) fixes #2764 #2763 (8276f72)

v4.16.0

4.16.0 (2024-07-30)

Features

• job: support debouncing (#2760) (603befe)

Changelog

Sourced from bull's changelog.

4.16.4 (2024-11-01)

Bug Fixes

• deps: bump msgpackr to 1.1.2 to resolve ERR_BUFFER_OUT_OF_BOUNDS error (#2783) fixes #2782 (bc0ae0a)

4.16.3 (2024-09-10)

Bug Fixes

• metrics: differentiate points in different minutes to be more accurate (#2770) (fbf2fa3)

4.16.2 (2024-09-05)

Performance Improvements

• metrics: save zeros as much as max data points (#2767) (3a09840)

4.16.1 (2024-08-28)

Bug Fixes

• metrics: use batches include when collecting metrics (#2765) fixes #2764 #2763 (8276f72)

4.16.0 (2024-07-30)

Features

• job: support debouncing (#2760) (603befe)

Commits

• 65355b8 chore(release): 4.16.4 [skip ci]
• bc0ae0a fix(deps): bump msgpackr to 1.1.2 to resolve ERR_BUFFER_OUT_OF_BOUNDS error (...
• c2f37ee docs(readme): replace gitter with slack (#2775)
• 461afc7 build(deps): bump path-to-regexp from 1.8.0 to 1.9.0 (#2771)
• 66f8241 chore(release): 4.16.3 [skip ci]
• fbf2fa3 fix(metrics): differentiate points in different minutes to be more accurate (...
• f59473b chore(release): 4.16.2 [skip ci]
• 3a09840 perf(metrics): save zeros as much as max data points (#2767)
• 090c529 docs: update phrasing to clarify promise usage over done callback (#2766)
• 8564453 chore(release): 4.16.1 [skip ci]
• Additional commits viewable in compare view

Updates @types/bull from 4.10.0 to 4.10.4

Commits

• See full diff in compare view

Updates debug from 4.3.5 to 4.3.7

Release notes

Sourced from debug's releases.

4.3.7

What's Changed

• Upgrade ms to version 2.1.3 by @​realityking in debug-js/debug#819

Full Changelog: debug-js/debug@4.3.6...4.3.7

4.3.6

What's Changed

• Avoid using deprecated RegExp.$1 by @​bluwy in debug-js/debug#969

New Contributors

• @​bluwy made their first contribution in debug-js/debug#969

Full Changelog: debug-js/debug@4.3.5...4.3.6

Commits

• bc60914 4.3.7
• c63e96e Upgrade ms to version 2.1.3 (#819)
• 382864a remove archaic badges from readme
• c33b464 4.3.6
• 7956a45 Avoid using deprecated RegExp.$1
• See full diff in compare view

Updates express from 4.19.2 to 4.21.1

Release notes

Sourced from express's releases.

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• finalhandler@1.3.1 by @​wesleytodd in expressjs/express#5954
• fix(deps): serve-static@1.16.2 by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605
• deps: encodeurl@~2.0.0 by @​blakeembrey in expressjs/express#5569
• skip QUERY method test by @​jonchurch in expressjs/express#5628
• ignore ETAG query test on 21 and 22, reuse skip util by @​jonchurch in expressjs/express#5639
• add support Node.js@22 in the CI by @​mertcanaltin in expressjs/express#5627
• doc: add table of contents, tc/triager lists to readme by @​mertcanaltin in expressjs/express#5619
• List and sort all projects, add captains by @​blakeembrey in expressjs/express#5653
• docs: add @​UlisesGascon as captain for cookie-parser by @​UlisesGascon in expressjs/express#5666
• ✨ bring back query tests for node 21 by @​ctcpip in expressjs/express#5690
• [v4] Deprecate res.clearCookie accepting options.maxAge and options.expires by @​jonchurch in expressjs/express#5672
• skip QUERY tests for Node 21 only, still not supported by @​jonchurch in expressjs/express#5695

... (truncated)

Changelog

Sourced from express's changelog.

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: serve-static@1.16.2
  • includes send@0.19.0
• deps: finalhandler@1.3.1
• deps: qs@6.13.0

4.20.0 / 2024-09-10

• deps: serve-static@0.16.0
  • Remove link renderization in html while redirecting
• deps: send@0.19.0
  • Remove link renderization in html while redirecting
• deps: body-parser@0.6.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: path-to-regexp@0.1.10
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

• 8e229f9 4.21.1
• a024c8a fix(deps): cookie@0.7.1
• 7e562c6 4.21.0
• 1bcde96 fix(deps): qs@6.13.0 (#5946)
• 7d36477 fix(deps): serve-static@1.16.2 (#5951)
• 40d2d8f fix(deps): finalhandler@1.3.1
• 77ada90 Deprecate "back" magic string in redirects (#5935)
• 21df421 4.20.0
• 4c9ddc1 feat: upgrade to serve-static@0.16.0
• 9ebe5d5 feat: upgrade to send@0.19.0 (#5928)
• Additional commits viewable in compare view

Updates prisma from 5.16.0 to 5.22.0

Release notes

Sourced from prisma's releases.

5.22.0

Today, we are excited to share the 5.22.0 stable release 🎉

🌟 Help us spread the word about Prisma by starring the repo ☝️ or posting on X about the release.

Highlights

Further Tracing Improvements

In our ongoing effort to stabilize the tracing Preview feature, we’ve made our spans compliant with OpenTelemetry Semantic Conventions for Database Client Calls. This should lead to better compatibility with tools such as DataDog and Sentry.

We’ve also included numerous bug fixes that should make this Preview feature easier to work with.

Metrics bug fix

Occasionally, connection pool metrics would become negative or grow unbounded. In this release, connection pool metrics should stay consistent.

Connection Pool Timeout fix

In a specific case, there could be issues where fetching a new connection from the connection pool would time out, regardless of the state of the application and connection pool. If you have experience connection pool issues accessing a PostgreSQL database with TLS encryption in a resource-constrained environment (such as Function-as-a-Service offerings or very small VPS) this should resolve those issues.

Special thanks to @​youxq for their pull request and help resolving this issue!

Join us

Looking to make an impact on Prisma in a big way? We're hiring!

Learn more on our careers page: https://www.prisma.io/careers

Fixes and improvements

Prisma Migrate

• removing @unique in schema.prisma does not generate SQL to do so

Prisma

• Prisma generate randomly fails on Ubuntu due to missing internal .so libquery_engine-debian-openssl-1.1.x.so.node
• Timed out fetching a new connection from the connection pool.
• Some prisma:engine:connection spans have no parent
• Query-related spans outside of prisma:engine:itx_runner are disconnected from the tree
• Tracing with dataproxy/mini-proxy: itx_runner span and it's children are missing sometimes
• Incorrect OpenTelemetry span reported by Prisma
• OTEL spans are not recognised as spans from a database
• SQL Injection bug - D1 adaptor throws "Conversion failed: expected a datetime string in column" when string column contains any ISO date
• Prisma generate randomly fails on Ubuntu due to missing internal .so libquery_engine-debian-openssl-1.1.x.so.node

Credits

Huge thanks to @​tmm1, @​Takur0, @​hinaloe, @​andyjy, and @​youxq for helping!

... (truncated)

Commits

• 85e9f0b feat(cli): add new promo survey for Prisma 5.22 (#25590)
• c64991b feat: integrate iTX and tracing refactor (#25285)
• 738d5b7 fix(cli): prisma version --json suppress dotenv message (#25535)
• 3c61d1a fix(cli): replace http with https in prisma generate message (#25459)
• 252920b chore(cli): Bump prisma studio (#25431)
• 8957496 feat(client): Typed SQL (#24907)
• f3856a9 chore(deps): update devdependencies patch (non-major) (#24813)
• ce552f3 feat(cli): remove Optimize specific login in Platform CLI (#25036)
• 26c8d91 feat(cli): Chokidar-based watch (#24983)
• cebc9c0 feat: Added a tip to remove tips (#24818)
• Additional commits viewable in compare view

Updates simple-git from 3.25.0 to 3.27.0

Release notes

Sourced from simple-git's releases.

simple-git@3.27.0

Minor Changes

• 52f767b: Add similarity to the DiffResultNameStatusFile interface used when fetching log/diff with the --name-status option.
• 739b0d9: Diff summary includes original name of renamed files when run wiht the --name-status option.
• bc90e7e: Fixes an issue with reporting name changes in the files array returned by git.status. Thank you @​mark-codesphere for the contribution.

Patch Changes

• 03e1c64: Resolve error in log parsing when fields have empty values.

simple-git@3.26.0

Minor Changes

• 28d545b: Upgrade build tools and typescript

Changelog

Sourced from simple-git's changelog.

3.27.0

Minor Changes

• 52f767b: Add similarity to the DiffResultNameStatusFile interface used when fetching log/diff with the --name-status option.
• 739b0d9: Diff summary includes original name of renamed files when run wiht the --name-status option.
• bc90e7e: Fixes an issue with reporting name changes in the files array returned by git.status. Thank you @​mark-codesphere for the contribution.

Patch Changes

• 03e1c64: Resolve error in log parsing when fields have empty values.

3.26.0

Minor Changes

• 28d545b: Upgrade build tools and typescript

Commits

• 4a6126b Version Packages
• 52f767b Feat/name status similarity (#1025)
• 03e1c64 Resolve an issue when parsing the response to git.log that could leave part...
• 739b0d9 Renamed files in git diff --name-status (#1023)
• bc90e7e Pr/1019 (#1021)
• 83a8b77 Version Packages
• 28d545b Typescript & Jest Upgrade
• See full diff in compare view

Updates typescript from 5.5.2 to 5.6.3

Release notes

Sourced from typescript's releases.

TypeScript 5.6.3

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript 5.6.0 (Beta).
• fixed issues query for Typescript 5.6.1 (RC).
• fixed issues query for Typescript 5.6.2 (Stable).
• fixed issues query for Typescript 5.6.3 (Stable).

Downloads are available on:

• npm
• NuGet package

TypeScript 5.6

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript 5.6.0 (Beta).
• fixed issues query for Typescript 5.6.1 (RC).
• fixed issues query for Typescript 5.6.2 (Stable).

Downloads are available on:

• npm
• NuGet package

TypeScript 5.6 RC

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for TypeScript v5.6.1 (RC).
• fixed issues query for TypeScript v5.6.0 (Beta).

Downloads are available on:

• npm

TypeScript 5.6 Beta

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript 5.6.0 (Beta).

... (truncated)

Commits

• d48a5cf Bump version to 5.6.3 and LKG
• fefa70a 🤖 Pick PR #60083 (Don't issue implicit any when obtai...) into release-5.6 (#...
• ff71692 [release-5.6] Remove tsbuildInfo specification error now that we need it for ...
• 1f44dcf 🤖 Pick PR #60157 (fix automatic type acquisition) into release-5.6 (#60169)
• a7e3374 Bump version to 5.6.2 and LKG
• 2063357 🤖 Pick PR #59708 (LEGO: Pull request from lego/hb_537...) into release-5.6 (#...
• 4fe7e41 🤖 Pick PR #59670 (fix(59649): ts Move to a new file d...) into release-5.6 (#...
• 1a03e53 🤖 Pick PR #59761 (this can be nullish) into release-5.6 (#59762)
• 6212132 Update LKG
• bbb5faf 🤖 Pick PR #59542 (Fixing delay caused in vscode due t...) into release-5.6 (#...
• Additional commits viewable in compare view

...

Description has been truncated

[dependabot]

Superseded by #94.