fix(deps): update all non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
@apollo/client (source)	^3.7.15 -> ^3.7.16
@apollo/server	^4.7.3 -> ^4.7.5
@aws-sdk/client-s3 (source)	^3.350.0 -> ^3.360.0
@aws-sdk/s3-request-presigner (source)	^3.350.0 -> ^3.360.0
@headlessui/vue	^1.7.13 -> ^1.7.14
@nestjs/common (source)	^9.4.2 -> ^9.4.3
@nestjs/config	^2.3.2 -> ^2.3.4
@nestjs/core (source)	^9.4.2 -> ^9.4.3
@nestjs/platform-express (source)	^9.4.2 -> ^9.4.3
@nestjs/testing (source)	^9.4.2 -> ^9.4.3
@prisma/client (source)	^4.15.0 -> ^4.16.1
@rushstack/eslint-patch (source)	^1.3.1 -> ^1.3.2
@types/node (source)	^18.16.17 -> ^18.16.18
@typescript-eslint/eslint-plugin	^5.59.9 -> ^5.60.1
@typescript-eslint/parser	^5.59.9 -> ^5.60.1
@unhead/vue (source)	^1.1.27 -> ^1.1.28
@vue/apollo-composable (source)	4.0.0-beta.5 -> 4.0.0-beta.7
@vue/test-utils	^2.3.2 -> ^2.4.0
@vueuse/core	^10.1.2 -> ^10.2.0
@vueuse/nuxt (source)	^10.1.2 -> ^10.2.0
consola	3.1.0 -> 3.2.1
cypress	^12.14.0 -> ^12.16.0
eslint (source)	^8.42.0 -> ^8.43.0
eslint-define-config	^1.20.0 -> ^1.21.0
eslint-plugin-vue (source)	^9.14.1 -> ^9.15.1
graphql	^16.6.0 -> ^16.7.1
nuxt	^3.5.3 -> ^3.6.1
pinia	^2.1.3 -> ^2.1.4
pnpm (source)	8.6.2 -> 8.6.5
prisma (source)	^4.15.0 -> ^4.16.1
supertokens-node	^14.1.1 -> ^14.1.2
typescript (source)	^5.1.3 -> ^5.1.5
vee-validate (source)	^4.9.6 -> ^4.10.2
vitest	^0.32.0 -> ^0.32.2
vue-tsc	^1.6.5 -> ^1.8.2
webpack	^5.86.0 -> ^5.88.0

---

Release Notes

apollographql/apollo-client (@​apollo/client)

v3.7.16

Compare Source

Patch Changes

• #​10806 cb1540504 Thanks @​phryneas! - Fix a bug in PersistedQueryLink that would cause it to permanently skip persisted queries after a 400 or 500 status code.

• #​10807 b32369592 Thanks @​phryneas! - PersistedQueryLink will now also check for error codes in extensions.

• #​10982 b9be7a814 Thanks @​sdeleur-sc! - Update relayStylePagination to avoid populating startCursor when only a single cursor is present under the edges field. Use that cursor only as the endCursor.

• #​10962 772cfa3cb Thanks @​jerelmiller! - Remove useGETForQueries option in BatchHttpLink.Options type since it is not supported.

apollographql/apollo-server (@​apollo/server)

v4.7.5

Compare Source

Patch Changes

• #​7614 4fadf3ddc Thanks @​Cellule! - Publish TypeScript typings for CommonJS modules output.

  This allows TypeScript projects that use CommonJS modules with
  moduleResolution: "node16" or
  moduleResolution: "nodeNext"
  to correctly resolves the typings of apollo's packages as CommonJS instead of ESM.

• Updated dependencies [4fadf3ddc]:

  • @​apollo/cache-control-types@​1.0.3
  • @​apollo/server-gateway-interface@​1.1.1
  • @​apollo/usage-reporting-protobuf@​4.1.1

v4.7.4

Compare Source

Patch Changes

• 0adaf80d1 Thanks @​trevor-scheer! - Address Content Security Policy issues

  The previous implementation of CSP nonces within the landing pages did not take full advantage of the security benefit of using them. Nonces should only be used once per request, whereas Apollo Server was generating one nonce and reusing it for the lifetime of the instance. The reuse of nonces degrades the security benefit of using them but does not pose a security risk on its own. The CSP provides a defense-in-depth measure against a potential XSS, so in the absence of a known XSS vulnerability there is likely no risk to the user.

  The mentioned fix also coincidentally addresses an issue with using crypto functions on startup within Cloudflare Workers. Crypto functions are now called during requests only, which resolves the error that Cloudflare Workers were facing. A recent change introduced a precomputedNonce configuration option to mitigate this issue, but it was an incorrect approach given the nature of CSP nonces. This configuration option is now deprecated and should not be used for any reason since it suffers from the previously mentioned issue of reusing nonces.

  Additionally, this change adds other applicable CSPs for the scripts, styles, images, manifest, and iframes that the landing pages load.

  A final consequence of this change is an extension of the renderLandingPage plugin hook. This hook can now return an object with an html property which returns a Promise<string> in addition to a string (which was the only option before).

aws/aws-sdk-js-v3 (@​aws-sdk/client-s3)

v3.360.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.359.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.358.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.357.0

Compare Source

Features

• clients: automatic blob type conversions (#​4836) (60ec921)

v3.354.0

Compare Source

Features

• client-s3: This release adds SDK support for request-payer request header and request-charged response header in the "GetBucketAccelerateConfiguration", "ListMultipartUploads", "ListObjects", "ListObjectsV2" and "ListObjectVersions" S3 APIs. (20bc94f)

v3.353.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-s3

v3.352.0

Compare Source

Features

• client-s3: Integrate double encryption feature to SDKs. (55c2691)

aws/aws-sdk-js-v3 (@​aws-sdk/s3-request-presigner)

v3.360.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.359.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.358.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.357.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.354.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.353.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

v3.352.0

Compare Source

Note: Version bump only for package @​aws-sdk/s3-request-presigner

nestjs/nest (@​nestjs/common)

v9.4.3

Compare Source

nestjs/config (@​nestjs/config)

v2.3.4

Compare Source

• fix: stringify primitives to avoid regressions (d2236e6)
• Merge pull request #​1345 from nestjs/renovate/cimg-node-20.x (9f9b3fa)
• Merge pull request #​1351 from nestjs/renovate/node-18.x (ebbc527)
• chore(deps): update dependency @​types/node to v18.16.18 (f5c25ac)
• chore(deps): update typescript-eslint monorepo to v5.59.11 (fe32a0c)
• chore(deps): update nest monorepo to v9.4.3 (64c2c6e)
• chore(deps): update dependency @​types/node to v18.16.17 (12a8a5b)
• chore(deps): update node.js to v20.3 (7d3301e)

v2.3.3

Compare Source

• Merge pull request #​1346 from MatthiasKunnen/fix-process-env-undefined-assignment (7973ee2)
• fix(): do not assign a non-string to process.env (efdb29e)
• test(): unexpected stringification of variables assigned to process.env (5ee253c)
• Merge pull request #​1336 from nestjs/renovate/dotenv-16.x (0a2ca57)
• chore(deps): update dependency @​types/uuid to v9.0.2 (75ea3cd)
• chore(deps): update dependency release-it to v15.11.0 (f505033)
• chore(deps): update typescript-eslint monorepo to v5.59.9 (82e6349)
• fix(deps): update dependency dotenv to v16.1.4 (7b698fe)
• chore(deps): update dependency eslint to v8.42.0 (2960856)
• chore(deps): update dependency release-it to v15.10.5 (3447171)
• chore(deps): update dependency typescript to v5.1.3 (2ebec41)
• chore(deps): update dependency @​types/jest to v29.5.2 (4eaa59e)
• chore(deps): update commitlint monorepo to v17.6.5 (05ceed9)
• chore(deps): update typescript-eslint monorepo to v5.59.8 (46ace89)
• chore(deps): update dependency @​types/node to v18.16.16 (b29e460)
• chore(deps): update dependency @​types/node to v18.16.15 (b177ccf)
• chore(deps): update dependency @​types/lodash to v4.14.195 (8e640ea)
• chore(deps): update nest monorepo to v9.4.2 (47a2a7d)
• chore(deps): update typescript-eslint monorepo to v5.59.7 (b7e0f2e)
• chore(deps): update dependency @​types/node to v18.16.14 (d21959d)
• chore(deps): update dependency eslint to v8.41.0 (b255adc)
• Merge pull request #​1321 from nestjs/renovate/cimg-node-20.x (122273e)
• chore(deps): update dependency @​types/node to v18.16.13 (7e6a991)
• chore(deps): update dependency rimraf to v5.0.1 (9cbd5e0)
• chore(deps): update dependency @​types/node to v18.16.12 (fbb5051)
• chore(deps): update node.js to v20.2 (0b303b1)
• chore(deps): update nest monorepo to v9.4.1 (1babdd4)

nestjs/nest (@​nestjs/core)

v9.4.3

Compare Source

nestjs/nest (@​nestjs/platform-express)

v9.4.3

Compare Source

nestjs/nest (@​nestjs/testing)

v9.4.3

Compare Source

prisma/prisma (@​prisma/client)

v4.16.1

Compare Source

Today, we are issuing the 4.16.1 patch release.

Fixes in Prisma Client

• Field references are not available on extended clients
• 4.16.x cannot wrap $extend in factory function when compilerOptions.composite is true
• Prisma Schema Type inside a Type not generating a right Payload
• Query in findMany in prisma extends returns a wrong type
• 4.16.0 Count query is not returning the right type when in a transaction
• FindMany returns wrong type after extending prisma client
• Can't specify $queryRawUnsafe return type after extending prisma client

v4.16.0

Compare Source

🌟 Help us spread the word about Prisma by starring the repo or tweeting about the release. 🌟

Highlights

This release promotes the following Preview features to General Availability:

• Prisma Client extensions
• Ordering by nulls first and last
• Count by filtered relation

Prisma Client extensions are Generally Available

Today, we’re very excited to announce that Prisma Client extensions are Generally Available and production-ready! This means you can use the feature without the clientExtensions Preview feature flag.🚀

Prisma Client extensions are a powerful new feature for adding functionality on top of your Prisma Client in a type-safe manner. With this feature, you can create simple, but flexible solutions.

Prisma Client extensions have 4 different types of components that can be included in an extension:

• Result extensions components: add custom fields and methods to query result objects, for example, virtual/computed fields.
• Model extensions components: enable you to add new methods to your models alongside existing model methods such as findMany.
• Query extensions components: let you hook into the lifecycle of a query and perform side effects, modify query arguments, or modify the results in a type-safe way. These are an alternative to middleware that provide complete type safety and can be applied in an ad-hoc manner to different extensions.
• Client extensions components: allow you to add new top-level methods to Prisma Client. You can use this to extend Prisma Client with functionality that isn’t tied to specific models.

const prisma = new PrismaClient().$extends({
  name: "extension-name",
  result: { /* ... */ },
  model: { /* ... */ },
  query: { /* ... */ },
  client: { /* ... */ },
});

You can also create and publish extensions for others to use. Learn more about how to share extensions in our documentation.

More features and changes made to Client Extensions

We also made the following improvements to Prisma Client extensions in preparation for General Availability:

• Added a top-level $allOperations method for query component that captures all model operations as well as top-level raw queries. Refer to our documentation for more information.

  const prisma = new PrismaClient().$extends({
    query: {
      $allOperations({ args, query, operation, model }) {
        /* your extension's logic here */
      }
    }
  })

• Prisma.validator can now also be used for extended types:

  const prisma = new PrismaClient().$extends({/* ... */})
  const data = Prisma.validator(prisma, 'user', 'findFirst', 'select')({
    id: true,
  })

• query callbacks for $queryRaw and $executeRaw will always receive Sql instance as args. This instance can be used to compose a new query using Prisma.sql:

  const prisma = new PrismaClient().$extends({
    query: {
      $queryRaw({ args, query }) {
        return query(Prisma.sql`START TRANSACTION; ${args}; COMMIT;`)
      }
    }
  })

• $on cannot be called after extending Prisma Client. Therefore, if you want to use event handlers together with extensions, we recommend using the $on method before $extends.

  const prisma = new PrismaClient()
    .$on(/* ... */)
    .$extends({/* ... */})

• We updated the import path for utilities used for authoring extension to @prisma/client/extension rather than @prisma/client

  + import { Prisma } from "@​prisma/client/extension"
  - import { Prisma } from "@​prisma/client"

Deprecating Middleware

We also took this opportunity to deprecate Prisma Client’s middleware. We recommend using to using Prisma Client query extension components which can be used to achieve the same functionality and with better type safety.

🚧 Middleware will still be available in Prisma Client’s API. However, we recommend using Prisma Client extensions over middleware.

Ordering by nulls first and last is now Generally Available

Starting with this release, we’re excited to announce that orderByNulls is now Generally Available! This means you can use the feature without the orderByNulls Preview feature flag.🌟

We introduced this feature in 4.1.0 to enable you to sort records with null fields to either appear at the beginning or end of the result.

The following example query sorts posts by updatedAt, with records having a null value at the end of the list:

await prisma.post.findMany({
  orderBy: {
    updatedAt: { sort: 'asc', nulls: 'last' },
  },
})

To learn more about this feature, refer to our documentation.

We’re excited to see what you will build! Feel free to share with us what you build on Twitter, Slack, or Discord.

Count by filtered relation is now Generally Available

This release moves the filteredRelationCount Preview feature to General Availability! This means you can use the feature without the filteredRelationCount Preview feature flag.

We first introduced this feature in 4.3.0 to add the ability to count by filtered relations.

The following query, for example, counts all posts with the title “Hello!”:

await prisma.user.findMany({
  select: {
    _count: {
      select: {
        posts: { where: { title: 'Hello!' } },
      },
    },
  },
})

To learn more about this feature, refer to our documentation.

Introspection warnings for expression indexes

In the last two releases, 4.13.0 and 4.14.0, we added 9 introspection warnings. These warnings surface features in use in your database that cannot currently be represented in the Prisma schema.

In this release, we’re adding one more introspection warning to the list: expression indexes.

On database introspection, the Prisma CLI will surface the feature with a warning, and a comment in your Prisma schema for sections for each feature in use. The warnings will also contain instructions for workarounds on how to use the feature.

Fixes and improvements

Prisma Client

• Attach comments to enum values
• Extend Prisma Client
• Triple-slash Comments should attach to Composite Types
• Nested disconnect fails on MongoDB with extendedWhereUnique
• [ClientExtensions, TypeScript] Fields of custom type aren't available when using the ClientExtensions preview-feature, unless select'd explicitly.
• Extensions incorrect typings generated (casing)
• Misleading error message of prisma generate when running it directly after installing prisma
• Prisma.validator: with clientExtensions enabled, Typescript can no longer compute types
• enum docstrings do not make it to the prisma client
• VScode behavior is very slow while using clientExtensions
• Client extensions in interactive transactions are bound to the base client
• $runCommandRaw is not passing the expected data to middleware or client extension
• PCE: Improve runtime types in raw query extensions
• Sequential transactions run out of order when using client extensions and middleware
• Client Extension: Make .prismaVersion.client available on "@​prisma/client/scripts/default-index"
• Cannot create record with Prisma.DbNull when clientExtensions enabled
• Extended client raw queries fail when using the Prisma.sql helper
• jsonProtocol: array shortcut is missing for distinct field
• Prisma Client Extension: support Prisma.validator
• Prisma Client: make clientExtensions GA
• PCE: Query extensions of $queryRawUnsafe also triggers $allModels.$allOperations
• PCE: $on applied to an extended client is also bound to the parent client
• Type "never" returned from nested properties when using "select" after enabling data proxy + accelerate
• $queryRaw* is broken in interactive transactions together with clientExtensions in 4.16.0-dev.17
• Deploying to an offline environment fails because it tries to download a Prisma engine checksum file
• jsonProtocol: Wrong error message shown for validation error for checked/unchecked types
• Bug: FindXOrThrow don't get batched on the engine

Prisma Migrate

• Allow skipping sha checksum
• Documentation not available in DMMF for MongoDB types
• prisma db pull gets rid of @default(uuid()) on re-introspection

Language tools (e.g. VS Code)

• Go to Definition does not work when target model contains a field with a type name that starts with the same name

Prisma Studio

• Error: spawn xdg-open ENOENT on prisma studio

📺 Join us for another "What's new in Prisma" live stream

Learn

---

Configuration

📅 Schedule: Branch creation - "before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.