chore(deps): update all-dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update
@asteasolutions/zod-to-openapi	8.2.0 → 8.4.3					dependencies	minor
@prisma/adapter-pg (source)	7.2.0 → 7.4.2					dependencies	minor
@prisma/client (source)	7.2.0 → 7.4.2					dependencies	minor
@scalar/express-api-reference (source)	0.8.30 → 0.8.47					dependencies	patch
@swc/cli	0.7.9 → 0.8.0					dependencies	minor
@swc/core (source)	1.15.8 → 1.15.18					dependencies	patch
cors	2.8.5 → 2.8.6					dependencies	patch
dotenv	17.2.3 → 17.3.1					dependencies	minor
ioredis	5.9.0 → 5.10.0					dependencies	minor
lint-staged	16.2.7 → 16.3.1					dependencies	minor
mongoose (source)	9.1.1 → 9.2.3					dependencies	minor
pg (source)	8.16.3 → 8.19.0					dependencies	minor
pino (source)	10.1.0 → 10.3.1					dependencies	minor
pnpm (source)	10.26.1 → 10.30.3					packageManager	minor
redis	8.4.0-alpine → 8.6.1-alpine						minor
zod (source)	4.3.2 → 4.3.6					dependencies	patch

---

Release Notes

asteasolutions/zod-to-openapi (@​asteasolutions/zod-to-openapi)

v8.4.3

Compare Source

What's Changed

• Bump rollup from 4.22.4 to 4.59.0

Full Changelog: asteasolutions/zod-to-openapi@v8.4.2...v8.4.3

v8.4.2

Compare Source

What's Changed

• Bump minimatch

Full Changelog: asteasolutions/zod-to-openapi@v8.4.1...v8.4.2

v8.4.1

Compare Source

What's Changed

• Fix memory leak in generateDocument() when using request parameters (fixes #​361)

Full Changelog: asteasolutions/zod-to-openapi@v8.4.0...v8.4.1

v8.4.0

Compare Source

What's Changed

• Added support for z.json (#​353)
• Added support for template literals (#​352)
• Fixed a bug in some nested structures when using isAnyZodType with null/undefined #​343
• Exported OpenApiOptions to resolve a problem when extending an object schema. For more information see: #​341

Full Changelog: asteasolutions/zod-to-openapi@v8.3.3...v8.4.0

v8.3.3

Compare Source

What's Changed

• use correct date-time instead of date when using z.date
• fix: add null option for nullable enum

Full Changelog: asteasolutions/zod-to-openapi@v8.3.2...v8.3.3

v8.3.2

Compare Source

Testing Trusted Publishers setup again

Full Changelog: asteasolutions/zod-to-openapi@v8.3.1...v8.3.2

v8.3.1

Compare Source

Testing the Trusted Publihsers setup

Full Changelog: asteasolutions/zod-to-openapi@v8.3.0...v8.3.1

v8.3.0

Compare Source

What's Changed

• 🎉 FINALLY added support for zod lazy (and recursive schemas with getters). Closes: #​247, #​300 and the discussion in #​191
• Bump js-yaml from 3.14.1 to 3.14.2
• Setup Trusted Publishsers for NPM

Full Changelog: asteasolutions/zod-to-openapi@v8.2.0...v8.3.0

prisma/prisma (@​prisma/adapter-pg)

v7.4.2

Compare Source

Today, we are issuing a 7.4.2 patch release focused on bug fixes and quality improvements.

🛠 Fixes

Prisma Client

• Fix a case-insensitive IN and NOT IN filter regression (#​29243)
• Fix a query plan mutation issue that resulted in broken cursor queries (#​29262)
• Fix an array parameter wrapping issue in push operations (prisma/prisma-engines#5784)
• Fix Uint8Array serialization in nested JSON fields (#​29268)
• Fix an issue with MySQL joins that relied on non-strict equality (#​29251)

Driver Adapters

• @​prisma/adapter-mariadb: Update text column detection to check for a binary collation (#​29238)
• @​prisma/adapter-mariadb: Correct relationJoins compatibility check for MariaDB 8.x versions (#​29246)

Schema Engine

• Fix partial index predicate comparison on PostgreSQL and MSSQL (prisma/prisma-engines#5780)

🙏 Huge thanks to our community

Many of the fixes in this release were contributed by our amazing community members. We're grateful for your continued support and contributions that help make Prisma better for everyone!

v7.4.1

Compare Source

Today, we are issuing a 7.4.1 patch release focused on bug fixes and quality improvements.

🛠 Fixes

Prisma Client

• Fix cursor-based pagination regression with parameterised values (#​29184)
• Preserve Prisma.skip through query extension argument cloning (#​29198)
• Enable batching of multiple queries inside interactive transactions (#​25571)
• Add missing JSON value deserialization for JSONB parameter fields (#​29182)
• Apply result extensions correctly for nested and fluent relations (#​29218)
• Allow missing config datasource URL and validate only when needed (prisma/prisma-engines#5777)

Driver Adapters

• @​prisma/adapter-ppg: Handle null values in type parsers for nullable columns (#​29192)

Prisma Schema Language

• Support where argument on field-level @unique for partial indexes (prisma/prisma-engines#5774)
• Add object expression and object member support to schema reformatter (prisma/prisma-engines#5776)

🙏 Huge thanks to our community

Many of the fixes in this release were contributed by our amazing community members. We're grateful for your continued support and contributions that help make Prisma better for everyone!

v7.4.0

Compare Source

Today, we are excited to share the 7.4.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Caching in Prisma Client

Today’s release is a big one, as we introduce a new caching layer into Prisma ORM. But why the need for a caching layer?

In Prisma 7, the query compiler runs as a WebAssembly module directly on the JavaScript main thread. While this simplified the architecture by eliminating the separate engine process, it introduced a trade-off: every query now synchronously blocks the event loop during compilation.

For individual queries, compilation takes between 0.1ms and 1ms, which is barely noticeable in isolation. But under high concurrency this overhead adds up and creates event loop contention that affects overall application throughput.

For instance, say we have a query that is run over and over, but is a similar shape:

// These two queries have the same shape:
const alice = await prisma.user.findUnique({ where: { email: 'alice@prisma.io' } })
const bob = await prisma.user.findUnique({ where: { email: 'bob@prisma.io' } })

Prior to v7.4.0, this would be reevaluated ever time the query is run. Now, Prisma Client will extract the user-provided values and replaces them with typed placeholders, producing a normalized query shape:

prisma.user.findUnique({ where: { email: %1 } })   // cache key
                                         ↑
                              %1 = 'alice@prisma.io'  (or 'bob@prisma.io')

This normalized shape is used as a cache key. On the first call, the query is compiled as usual and the resulting plan is stored in an LRU cache. On every subsequent call with the same query shape, regardless of the actual values, the cached plan is reused instantly without invoking the compiler.

We have more details on the impact of this change and some deep dives into Prisma architecture in an upcoming blog post!

Partial Indexes (Filtered Indexes) Support

We're excited to announce Partial Indexes support in Prisma! This powerful community-contributed feature allows you to create indexes that only include rows matching specific conditions, significantly reducing index size and improving query performance.

Partial indexes are available behind the partialIndexes preview feature for PostgreSQL, SQLite, SQL Server, and CockroachDB, with full migration and introspection support.

Basic usage

Enable the preview feature in your schema:

generator client {
  provider        = "prisma-client-js"
  previewFeatures = ["partialIndexes"]
}

Raw SQL syntax

For maximum flexibility, use the raw() function with database-specific predicates:

model User {
  id       Int     @​id
  email    String
  status   String

  @​@​unique([email], where: raw("status = 'active'"))
  @​@​index([email], where: raw("deletedAt IS NULL"))
}

Type-safe object syntax

For better type safety, use the object literal syntax for simple conditions:

model Post {
  id        Int      @​id
  title     String
  published Boolean

  @​@​index([title], where: { published: true })
  @​@​unique([title], where: { published: { not: false } })
}

Bug Fixes

Most of these fixes are community contributions - thank you to our amazing contributors!

• prisma/prisma-engines#5767: Fixed an issue with PostgreSQL migration scripts that prevented usage of CREATE INDEX CONCURRENTLY in migrations
• prisma/prisma-engines#5752: Fixed BigInt precision loss in JSON aggregation for MySQL and CockroachDB by casting BigInt values to text (from community member polaz)
• prisma/prisma-engines#5750: Fixed connection failures with non-ASCII database names by properly URL-decoding database names in connection strings
• #​29155: Fixed silent transaction commit errors in PlanetScale adapter by ensuring COMMIT failures are properly propagated
• #​29141: Resolved race condition errors (EREQINPROG) in SQL Server adapter by serializing commit/rollback operations using mutex synchronization
• #​29158: Fixed MSSQL connection string parsing to properly handle curly brace escaping for passwords containing special characters

Open roles at Prisma

Interested in joining Prisma? We’re growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that’s right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

v7.3.0

Compare Source

Today, we are excited to share the 7.3.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

ORM

• #​28976: Fast and Small Query Compilers
  We've been working on various performance-related bugs since the initial ORM 7.0 release. With 7.3.0, we're introducing a new compilerBuild option for the client generator block in schema.prisma with two options: fast and small. This allows you to swap the underlying Query Compiler engine based on your selection, one built for speed (with an increase in size), and one built for size (with the trade off for speed). By default, the fast mode is used, but this can be set by the user:

generator client {
  provider = "prisma-client"
  output   = "../src/generated/prisma"
  compilerBuild = "fast" // "fast" | "small"
}

We still have more in progress for performance, but this new compilerBuild option is our first step toward addressing your concerns!

• #​29005: Bypass the Query Compiler for Raw Queries
  Raw queries ($executeRaw, $queryRaw) can now skip going through the query compiler and query interpreter infrastructure. They can be sent directly to the driver adapter, removing additional overhead.

• #​28965: Update MSSQL to v12.2.0
  This community PR updates the @prisma/adapter-mssql to use MSSQL v12.2.0. Thanks Jay-Lokhande!

• #​29001: Pin better-sqlite3 version to avoid SQLite bug
  An underlying bug in SQLite 3.51.0 has affected the better-sqlite3 adapter. We’ve bumped the version that powers @prisma/better-sqlite3 and have pinned the version to prevent any unexpected issues. If you are using @prisma/better-sqlite3 , please upgrade to v7.3.0.

• #​29002: Revert @map enums to v6.19.0 behavior
  In the initial release of v7.0, we made a change with Mapped Enums where the generated enum would get its value from the value passed to the @map function. This was a breaking change from v6 that caused issues for many users. We have reverted this change for the time being, as many different diverging approaches have emerged from the community discussion.

• prisma-engines#5745: Cast BigInt to text in JSON aggregation
  When using relationJoins with BigInt fields in Prisma 7, JavaScript's JSON.parse loses precision for integers larger than Number.MAX_SAFE_INTEGER (2^53 - 1). This happens because PostgreSQL's JSONB_BUILD_OBJECT returns BigInt values as JSON numbers, which JavaScript cannot represent precisely.

  // Original BigInt ID: 312590077454712834
  // After JSON.parse: 312590077454712830 (corrupted!)
  

  This PR cast BigInt columns to ::text inside JSONB_BUILD_OBJECT calls, similar to how MONEY is already cast to ::numeric.

  -- Before
  JSONB_BUILD_OBJECT('id', "id")
  
  -- After
  JSONB_BUILD_OBJECT('id', "id"::text)
  

This ensures BigInt values are returned as JSON strings, preserving full precision when parsed in JavaScript.

Open roles at Prisma

Interested in joining Prisma? We’re growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our [Careers page](https://www.prisma.io/careers#current) and find the role that’s right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

scalar/scalar (@​scalar/express-api-reference)

v0.8.47

Patch Changes

Updated Dependencies

• @​scalar/core@​0.3.44

v0.8.46

Patch Changes

Updated Dependencies

• @​scalar/core@​0.3.43

v0.8.45

Patch Changes

• #​8248: fix(express): remove unused customTheme

Updated Dependencies

• @​scalar/core@​0.3.42

v0.8.44

Patch Changes

Updated Dependencies

• @​scalar/core@​0.3.41

v0.8.41

Patch Changes

Updated Dependencies

• @​scalar/core@​0.3.38

v0.8.40

Patch Changes

Updated Dependencies

• @​scalar/core@​0.3.37

v0.8.39

Patch Changes

Updated Dependencies

• @​scalar/core@​0.3.36

v0.8.38

Patch Changes

Updated Dependencies

• @​scalar/core@​0.3.35

v0.8.37

Patch Changes

Updated Dependencies

• @​scalar/core@​0.3.34

v0.8.36

Patch Changes

Updated Dependencies

• @​scalar/core@​0.3.33

v0.8.35

Patch Changes

• #​7810: docs: update documentation domain

v0.8.34

Patch Changes

Updated Dependencies

• @​scalar/core@​0.3.32

v0.8.33

Patch Changes

Updated Dependencies

• @​scalar/core@​0.3.31

v0.8.32

Patch Changes

Updated Dependencies

• @​scalar/core@​0.3.30

v0.8.31

Patch Changes

Updated Dependencies

• @​scalar/core@​0.3.29

swc-project/swc (@​swc/core)

v1.15.18

Compare Source

Bug Fixes

• (html/wasm) Publish @​swc/html-wasm for nodejs (#​11601) (bd443f5)

Documentation

• Add AGENTS note about next-gen ast (#​11592) (80b4be8)

• Add typescript-eslint AST compatibility note (#​11598) (c7bfebe)

Features

• (es/ast) Add runtime arena crate and bootstrap swc_es_ast (#​11588) (7a06d96)

• (es/parser) Add swc_es_parser (#​11593) (f11fd70)

Ci

• Triage main CI breakage (#​11589) (075af57)

v1.15.17

Compare Source

Documentation

• Add submodule update step before test runs (#​11576) (81b22c3)

Features

• (bindings) Add html wasm binding and publish wiring (#​11587) (b3869c3)

• (sourcemap) Support safe scopes round-trip metadata (#​11581) (de2a348)

• Emit ECMA-426 source map scopes behind experimental flag (#​11582) (2385a22)

v1.15.13

Compare Source

Bug Fixes

• (errors) Avoid panic on invalid diagnostic spans (#​11561) (b24b8e0)

• (es/helpers) Fix _object_without_properties crash on primitive values (#​11571) (4f35904)

• (es/jsx) Preserve whitespace before HTML entities (#​11521) (64be077)

• (es/minifier) Do not merge if statements with different local variable values (#​11518) (3e63627)

• (es/minifier) Prevent convert_tpl_to_str when there's emoji under es5 (#​11529) (ff6cf88)

• (es/minifier) Inline before merge if (#​11526) (aa5a9ac)

• (es/minifier) Preserve array join("") nullish semantics (#​11558) (d477f61)

• (es/minifier) Inline side-effect-free default params (#​11564) (1babda7)

• (es/parser) Fix generic arrow function in TSX mode (#​11549) (366a16b)

• (es/react) Preserve first-line leading whitespace with entities (#​11568) (fc62617)

• (es/regexp) Transpile unicode property escapes in RegExp constructor (#​11554) (476d544)

Documentation

• (agents) Clarify sandbox escalation for progress (#​11574) (cb31d0d)

Features

• (es/minifier) Add unsafe_hoist_static_method_alias option (#​11493) (6e7dbe2)

• (es/minifier) Remove unused args for IIFE (#​11536) (3cc286b)

Refactor

• (es/parser) Compare token kind rather than strings (#​11531) (5872ffa)

• (es/typescript) Run typescript transform in two passes (#​11532) (b069558)

• (es/typescript) Precompute namespace import-equals usage in semantic pass (#​11534) (b7e87c7)

Testing

• (es/minifier) Add execution tests for issue #​11517 (#​11530) (01b3b64)

• Disable cva ecosystem ci temporariliy (55bc966)

Ci

• Reset closed issue and PR milestone to Planned (#​11559) (d5c4ebe)

• Add permission (431c576)

v1.15.11

Compare Source

Bug Fixes

• (es/codegen) Emit leading comments for JSX elements, fragments, and empty expressions (#​11488) (1520633)

• (es/decorators) Invoke addInitializer callbacks for decorated fields (#​11495) (11cfe4d)

• (es/es3) Visit export decl body even if name is not reserved (#​11473) (9113fff)

• (es/es3) Remove duplicate code (#​11499) (fbee775)

• (es/minifier) Treat new expression with empty class as side-effect free (#​11455) (a33a45e)

• (es/minifier) Escape control characters when converting strings to template literals (#​11464) (028551f)

• (es/minifier) Handle unused parameters with default values (#​11494) (6ed1ee9)

• (es/module) Preserve ./ prefix for hidden directory imports (#​11489) (a005391)

• (es/parser) Validate dynamic import argument count (#​11462) (2f67591)

• (es/parser) Allow compilation with --no-default-features (#​11460) (b70c5f8)

• (es/parser) Skip emitting TS1102 in TypeScript mode (#​11463) (e6f5b06)

• (es/parser) Reject ambiguous generic arrow functions in TSX mode (#​11491) (ac00915)

• (es/parser) Disallow NumericLiteralSeparator with BigInts (#​11510) (6b3644b)

• (es/react) Preserve HTML entity-encoded whitespace in JSX (#​11474) (7d433a9)

• (es/renamer) Prevent duplicate parameter names with destructuring patterns (#​11456) (e25a2c8)

• (es/testing) Skip update when expected output has invalid code (#​11469) (2be6b8a)

• (es/typescript) Don't mark enums with opaque members as pure (#​11452) (b713fae)

• (preset-env) Distinguish unknown browser vs empty config (#​11457) (1310957)

Documentation

• Replace swc.config.js references with .swcrc (#​11485) (fec8d2c)

Features

• (cli) Add --root-mode argument for .swcrc resolution (#​11501) (b53a0e2)

• (es/module) Make module transforms optional via module feature (#​11509) (b94a178)

• (es/regexp) Implement unicode property escape transpilation (#​11472) (a2e0ba0)

• (es/transformer) Merge ES3 hooks into swc_ecma_transformer (#​11503) (5efcac9)

Miscellaneous Tasks

• (es/minifier) Extend OrderedChain to support more node types (#​11477) (aa9d789)

Performance

• (bindings) Optimize string handling by avoiding unnecessary clones (#​11490) (81daaaa)

• (es/codegen) Make commit_pending_semi explicit in write_punct (#​11492) (5a27fc0)

• (es/es2015) Port ES2015 transforms to hook-based visitors (#​11484) (a54eb0e)

• (es/es3) Use hooks pattern for single AST traversal (#​11483) (a139fba)

• (es/minifier) Use combined AST traversal (#​11471) (c611663)

• (es/transformer) Add inline hint (#​11508) (d72c9df)

Refactor

• (es/compat) Put ES3 crates behind feature flag (#​11480) (d5a8d84)

Testing

• (es/minifier) Add test case for merge_imports order preservation (#​11458) (b874a05)

• (es/parser) Add error tests for import.source and import.defer with too many args (#​11466) (7313462)

• (es/parser) Check handler.has_errors() in test error parsing (#​11487) (fade647)

• Replace deprecated cargo_bin function with cargo_bin! macro (#​11461) (73f77b6)

v1.15.10

Compare Source

Bug Fixes

• (ci) Handle merged PRs separately in milestone manager (#​11409) (3554268)

• (es/compat) Preserve this context in nested arrow functions (#​11423) (f2bdaf2)

• (es/es2017) Replace this in arrow functions during async-to-generator (#​11450) (a993da6)

Features

• (bindings/wasm) Enable ecma_lints feature to support semantic error detection (#​11414) (1faa4a5)

• (es/hooks) Implement VisitMutHook for Either type (#​11428) (395c85e)

• (es/hooks) Implement VisitMutHook for Option (#​11429) (0bf1954)

• (es/hooks) Add VisitHook trait for immutable AST visitors (#​11437) (3efb41d)

• (es/minifier) Improve nested template literal evaluation (#​11411) (147df2f)

• (es/minifier) Remove inlined IIFE arg and param (#​11436) (2bc5d40)

• (es/minifier) Remove inlined IIFE arg and param (#​11446) (baa1ae3)

Miscellaneous Tasks

• (deps) Update rkyv (#​11419) (432197b)

• (deps) Update lru to 0.16.3 (#​11438) (67c2d75)

• (deps) Update browserslist-data to v0.1.5 (#​11454) (e9f78f0)

• (helpers) Replace MagicString with ast-grep's built-in edit API (#​11410) (a3f0d33)

• (hstr/wtf8) Address legacy FIXME comments by switching to derives (#​11416) (f03bfd8)

Performance

• (es/codegen, es/utils) Migrate to dragonbox_ecma for faster Number::toString (#​11412) (b7978cc)

• (es/react) Optimize JSX transforms to reduce allocations (#​11425) (2a20cb6)

Refactor

• (es) Improve TypeScript transform configuration structure (#​11434) (f33a975)

• (es/minifier) Migrate MinifierPass to Pass trait (#​11442) (a41e631)

• (es/minifier) Improve tpl to str (#​11415) (0239523)

• (es/react) Port to VisitMutHook (#​11418) (9604d9c)

• (es/transformer) Remove OptionalHook wrapper in favor of Option (#​11430) (72da6bd)

• (es/transforms) Migrate TypeScript transform to Pass trait (#​11439) (dd007c6)

Testing

• (es) Enable benchmark for swc (#​11420) (3a50a25)

• Disable LTO for benchmarks (#​11421) (af3c2d3)

• Use rstest as the test framework (#​11417) (fae258f)

Ci

• Collapse preivous claude[bot] PR review comments (affb6a2)

expressjs/cors (cors)

v2.8.6

Compare Source

==================

• Improve documentation (API, context, examples...)
• Remove additional markdown files from tarball

motdotla/dotenv (dotenv)

v17.3.1

Compare Source

Changed

• Fix as2 example command in README and update spanish README

v17.3.0

Compare Source

Added

• Add a new README section on dotenv’s approach to the agentic future.

Changed

• Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

v17.2.4

Compare Source

Changed

• Make DotenvPopulateInput accept NodeJS.ProcessEnv type ([#&#820

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
express_boilerplate	Ready	Preview, Comment	Mar 2, 2026 10:10pm
express-boilerplate	Ready	Preview, Comment	Mar 2, 2026 10:10pm
express-v5-typescript-boilerplate	Ready	Preview, Comment	Mar 2, 2026 10:10pm