fix(deps): 🐛 🔗 update all dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence	Type	Update	Pending
@apollo/sandbox (source)	2.5.0 -> 2.5.1					dependencies	patch
@apollo/server	4.9.2 -> 4.9.4					dependencies	patch
@aws-sdk/client-cloudformation (source)	^3.408.0 -> 3.408.0					dependencies	pin
@aws-sdk/client-lambda (source)	3.398.0 -> 3.428.0					dependencies	minor
@commitlint/cli (source)	17.7.1 -> 17.7.2					devDependencies	patch	17.8.0
@docusaurus/core	2.4.1 -> 2.4.3					dependencies	patch
@docusaurus/module-type-aliases	2.4.1 -> 2.4.3					devDependencies	patch
@docusaurus/preset-classic	2.4.1 -> 2.4.3					dependencies	patch
@docusaurus/remark-plugin-npm2yarn	2.4.1 -> 2.4.3					dependencies	patch
@docusaurus/theme-classic	2.4.1 -> 2.4.3					dependencies	patch
@docusaurus/types	2.4.1 -> 2.4.3					devDependencies	patch
@graphql-tools/utils	10.0.5 -> 10.0.7					dependencies	patch
@prisma/client (source)	5.2.0 -> 5.4.2					dependencies	minor
@smithy/util-waiter (source)	^2.0.6 -> 2.0.6					dependencies	pin
@tsconfig/docusaurus	2.0.0 -> 2.0.1					devDependencies	patch	2.0.2
@tsconfig/node18	^18.2.1 -> 18.2.1					devDependencies	pin
@types/aws-lambda (source)	8.10.119 -> 8.10.124					devDependencies	patch
@types/he (source)	1.2.0 -> 1.2.1					dependencies	patch
@types/node (source)	18.17.12 -> 18.18.5					devDependencies	minor
@types/pluralize (source)	0.0.30 -> 0.0.31					devDependencies	patch
@typescript-eslint/eslint-plugin	6.5.0 -> 6.7.5					devDependencies	minor	6.8.0
@typescript-eslint/parser	6.5.0 -> 6.7.5					devDependencies	minor	6.8.0
actions/cache	88522ab -> 704facf					action	digest
actions/checkout	v3 -> v4					action	major
aws-cdk	2.93.0 -> 2.100.0					devDependencies	minor	2.101.0
aws-cdk-lib	2.93.0 -> 2.100.0					dependencies	minor	2.101.0
aws-cdk-lib	2.93.0 -> 2.100.0					devDependencies	minor	2.101.0
csv-parse (source)	5.5.0 -> 5.5.2					dependencies	patch
csv-stringify (source)	6.4.2 -> 6.4.4					dependencies	patch
esbuild	0.19.2 -> 0.19.4					devDependencies	patch
eslint (source)	8.48.0 -> 8.51.0					devDependencies	minor
eslint-config-turbo	1.10.13 -> 1.10.15					devDependencies	patch
graphql	16.8.0 -> 16.8.1					dependencies	patch
pnpm (source)	8.7.4 -> 8.9.0					packageManager	minor	8.9.2 (+1)
prettier (source)	3.0.2 -> 3.0.3					devDependencies	patch
prettier-plugin-packagejson	2.4.5 -> 2.4.6					devDependencies	patch
prisma (source)	5.2.0 -> 5.4.2					devDependencies	minor
tsx	3.12.7 -> 3.13.0					devDependencies	minor
turbo (source)	1.10.13 -> 1.10.15					devDependencies	patch
unconfig	0.3.10 -> 0.3.11					devDependencies	patch
winston	3.10.0 -> 3.11.0					dependencies	minor
zod (source)	3.22.2 -> 3.22.4					dependencies	patch

---

Release Notes

apollographql/embeddable-explorer (@​apollo/sandbox)

v2.5.1

Compare Source

apollographql/apollo-server (@​apollo/server)

v4.9.4

Compare Source

Patch Changes

• #​7747 ddce036e1 Thanks @​trevor-scheer! - The minimum version of graphql officially supported by Apollo Server 4 as a peer dependency, v16.6.0, contains a serious bug that can crash your Node server. This bug is fixed in the immediate next version, graphql@16.7.0, and we strongly encourage you to upgrade your installation of graphql to at least v16.7.0 to avoid this bug. (For backwards compatibility reasons, we cannot change Apollo Server 4's minimum peer dependency, but will change it when we release Apollo Server 5.)

  Apollo Server 4 contained a particular line of code that makes triggering this crashing bug much more likely. This line was already removed in Apollo Server v3.8.2 (see #​6398) but the fix was accidentally not included in Apollo Server 4. We are now including this change in Apollo Server 4, which will reduce the likelihood of hitting this crashing bug for users of graphql v16.6.0. That said, taking this @apollo/server upgrade does not prevent this bug from being triggered in other ways, and the real fix to this crashing bug is to upgrade graphql.

v4.9.3

Compare Source

Patch Changes

• a1c725eaf Thanks @​trevor-scheer! - Ensure API keys are valid header values on startup

  Apollo Server previously performed no sanitization or validation of API keys on startup. In the case that an API key was provided which contained characters that are invalid as header values, Apollo Server could inadvertently log the API key in cleartext.

  This only affected users who:

  • Provide an API key with characters that are invalid as header values
  • Use either schema or usage reporting
  • Use the default fetcher provided by Apollo Server or configure their own node-fetch fetcher

  Apollo Server now trims whitespace from API keys and validates that they are valid header values. If an invalid API key is provided, Apollo Server will throw an error on startup.

  For more details, see the security advisory:
  GHSA-j5g3-5c8r-7qfx

aws/aws-sdk-js-v3 (@​aws-sdk/client-lambda)

v3.428.0

Compare Source

Features

• client-lambda: Adds support for Lambda functions to access Dual-Stack subnets over IPv6, via an opt-in flag in CreateFunction and UpdateFunctionConfiguration APIs (2bb63a0)

v3.427.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-lambda

v3.425.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-lambda

v3.423.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-lambda

v3.421.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-lambda

v3.418.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-lambda

v3.414.0

Compare Source

Features

• region-config: add aws region runtime extension codegen (#​5157) (b9d59e8)

v3.413.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-lambda

v3.410.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-lambda

v3.409.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-lambda

v3.408.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-lambda

v3.405.0

Compare Source

Note: Version bump only for package @​aws-sdk/client-lambda

conventional-changelog/commitlint (@​commitlint/cli)

v17.7.2

Compare Source

Note: Version bump only for package @​commitlint/cli

facebook/docusaurus (@​docusaurus/core)

v2.4.3

Compare Source

🐛 Bug Fix

• docusaurus-plugin-content-docs
  • #​9107 fix(content-docs): sidebar generator should return customProps for doc items (@​TheCatLady)
• docusaurus-theme-classic
  • #​9108 feat(theme-classic): add description & keywords microdata to blog posts (@​TheCatLady)
  • #​9099 fix(theme): only set classname on ul elements if they have an existing class (@​homotechsual)
  • #​9243 fix(theme-common): ThemedComponent should display something when JS is disabled (@​slorber)
• docusaurus-theme-classic, docusaurus-theme-common
  • #​9130 fix(theme): canonical url should be not change after hydration if url accessed with/without trailing slash (@​ori-shalom)

Committers: 4

• Mikey O'Toole (@​homotechsual)
• Ori Shalom (@​ori-shalom)
• Sébastien Lorber (@​slorber)
• @​TheCatLady

ardatan/graphql-tools (@​graphql-tools/utils)

v10.0.7

Compare Source

Patch Changes

• b4c17591
  Thanks @​ardatan! - Convert GraphQLError like originalError property
  to a GraphQLError

v10.0.6

Compare Source

Patch Changes

• c52de863
  Thanks @​ardatan! - fix isValid path regex for paths including =
  #​5551

prisma/prisma (@​prisma/client)

v5.4.2

Compare Source

Today, we are issuing the 5.4.2 patch release.

Fix in Prisma Client

• 5.4.0 subquery has too many columns
• One-to-Many relationship does not join on the specified field

v5.4.1

Compare Source

Today, we are issuing the 5.4.1 patch release.

Fix in Prisma Client

• Invalid ….findMany() invocation: The column j1.id does not exist in the current database.

Fix in @prisma/adapter-planetscale

• Planetscale driver: unsupported column type NULL

v5.4.0

Compare Source

🌟 Help us spread the word about Prisma by starring the repo or tweeting about the release. 🌟

Highlights

Preview support for PlanetScale and Neon serverless database drivers

We’re excited to announce Preview support for the Neon and PlanetScale serverless database drivers. The PlanetScale and Neon serverless database drivers allow Prisma to connect to your database using protocols besides TCP — HTTP (PlanetScale) or WebSockets (Neon).

To get started with the serverless database drivers, first enable the driverAdapters Preview feature flag in your Prisma schema:

// schema.prisma
generator client {
  provider        = "prisma-client-js"
  previewFeatures = ["driverAdapters"]
}

Next, to set up Prisma Client to use the serverless database drivers:

PlanetScale

Install the Prisma adapter for PlanetScale and PlanetScale serverless database driver, and undici:

npm install @​prisma/adapter-planetscale @​planetscale/database undici

Prisma ORM supports Node 16 and up. In Node 18 and up, undici is not needed.

Ensure you update the host value in your connection string to aws.connect.psdb.cloud. You can learn more about this here.

DATABASE_URL='mysql://johndoe:strongpassword@aws.connect.psdb.cloud/clear_nightsky?sslaccept=strict'

Update your Prisma Client instance to use the PlanetScale database driver:

// Import required dependencies
import { connect } from '@​planetscale/database';
import { PrismaPlanetScale } from '@​prisma/adapter-planetscale';
import { PrismaClient } from '@​prisma/client';
import { fetch as undiciFetch } from 'undici';

// Initialize Prisma Client with the PlanetScale serverless database driver
const connection = connect({ url: connectionString, fetch: undiciFetch });
const adapter = new PrismaPlanetScale(connection);
const prisma = new PrismaClient({ adapter });

Neon

Install the Prisma adapter for Neon, Neon serverless database driver and undici (WebSockets):

npm install @​prisma/adapter-neon @​neondatabase/serverless undici

Update your Prisma Client instance to use the Neon serverless database driver:

// Import required dependencies
import { Pool, neonConfig } from '@​neondatabase/serverless';
import { PrismaNeon } from '@​prisma/adapter-neon';
import { PrismaClient } from '@​prisma/client';
import { WebSocket } from 'undici'

neonConfig.webSocketConstructor = WebSocket;

// Initialize Prisma Client with the Neon serverless database driver
const pool = new Pool({ connectionString: process.env.DATABASE_URL });
const adapter = new PrismaNeon(pool);
const prisma = new PrismaClient({ adapter });

Let us know your feedback about the Neon or Planetscale serverless database drivers in the linked GitHub discussions. Create a bug report if you run into any issues.

Early Access support for Turso

Turso is an edge-hosted, distributed database that's based on libSQL, an open-source and open-contribution fork of SQLite, enabling you to bring data closer to your application and minimize query latency.

Since support for Turso is in Early Access, there may be some rough edges which we’re still working on it to improve the API and overall support. Additionally, it is behind the driverAdapters Preview feature flag. Enable it to get started using Turso in your project:

// schema.prisma
generator client {
  provider        = "prisma-client-js"
  previewFeatures = ["driverAdapters"]
}

Next, install the Prisma Client adapter for Turso and the libSQL database client

npm install @​prisma/adapter-libsql @​libsql/client

Update your Prisma Client instance:

// Import required dependencies
import { PrismaClient } from '@​prisma/client'
import { PrismaLibSQL } from '@​prisma/adapter-libsql'
import { createClient } from '@​libsql/client'

// Create a new instance of the libSQL database client
const libsql = createClient({
  // @​ts-expect-error
  url: process.env.TURSO_DATABASE_URL,
  authToken: process.env.TURSO_AUTH_TOKEN 
})

// Create a Prisma "adapter" for libSQL
const adapter = new PrismaLibSQL(libsql)
// Pass the adapter option to the Prisma Client instance
const prisma = new PrismaClient({ adapter })

You can learn more on how to use Prisma together with Turso in the announcement blog post.

Try it out! Let us know what you think and create a bug report if you run into any issues.

Query performance improvements

In our continued efforts to make Prisma Client faster, we identified and improved the performance of different types of queries.

Relation filters improvements

We made the following improvements to relation filters:

• Removed an unnecessary INNER JOIN used in relation filter queries (Big thank you to @​KhooHaoYit for helping out)
• Use of LEFT JOIN's for to-one relations. Previously, Prisma made use of sub-queries to fetch data.

Example Prisma Client query

prisma.comment.findMany({
  where: {
    post: {
      author: {
        name: "John"
      }
    }
  }
})

Before 5.4.0

SELECT
  "Comment"."id"
FROM
  "Comment"
WHERE
  ("Comment"."id") IN (
    SELECT
      "t0"."id"
    FROM
      "Comment" AS "t0"
      INNER JOIN "Post" AS "j0" ON ("j0"."id") = ("t0"."postId")
    WHERE
      (
        ("j0"."id") IN (
          SELECT
            "t1"."id"
          FROM
            "Post" AS "t1"
            INNER JOIN "User" AS "j1" ON ("j1"."id") = ("t1"."userId")
          WHERE
            (
              "j1"."name" = $ 1
              AND "t1"."id" IS NOT NULL
            )
        )
        AND "t0"."id" IS NOT NULL
      )
  );

After 5.4.0

SELECT
  "Comment"."id"
FROM
  "Comment"
  LEFT JOIN "Post" AS "j1" ON ("j1"."id") = ("Comment"."postId")
  LEFT JOIN "User" AS "j2" ON ("j2"."id") = ("j1"."userId")
WHERE
  (
    "j2"."name" = $ 1
    AND ("j2"."id" IS NOT NULL)
    AND ("j1"."id" IS NOT NULL)
  );

If you’re interested in more details on the relation query filter improvements, you can take a look at this pull request.

Enum improvements on PostgreSQL and CockroachDB

Previously, when an enum value was used in a query, our Postgres driver would make additional queries to resolve the enum types that were used.

In this release, we’re making improvements by casting enums to TEXT to avoid the additional roundtrips when resolving the types.

This change should have the most impact if you’re using pgBouncer or if you’re running Prisma in a serverless environment, where our Postgres driver can’t cache enum types information.

Prisma schema

model User {
  id   Int  @​id @​default(cuid())
  role Role
}

enum Role {
  User
  Admin
}

Prisma Client query

await prisma.user.findMany({ 
  where: {
    role: "Admin"
  }
})

Before 5.4.0

-- Internal driver query
SELECT t.typname, t.typtype, t.typelem, r.rngsubtype, t.typbasetype, n.nspname, t.typrelid FROM pg_catalog.pg_type t LEFT OUTER JOIN pg_catalog.pg_range r ON r.rngtypid = t.oid INNER JOIN pg_catalog.pg_namespace n ON t.typnamespace = n.oid WHERE t.oid = $1;

-- Internal driver query
SELECT enumlabel FROM pg_catalog.pg_enum WHERE enumtypid = $1 ORDER BY enumsortorder;

-- Prisma Client query
SELECT id, role FROM "User" WHERE role = $1;

After 5.4.0

-- Prisma Client query
SELECT id, role::text FROM "User" WHERE role = CAST($1::text AS "Role);

Bulk delete improvements

We optimized the deleteMany operation by:

• Removing all SELECT queries used to fetch data that would be used as input for the DELETE operation. In some cases, this also improves index usage.
• Removing the transaction previously used as it’s now a single atomic operation.

Prisma Client query

await prisma.post.deleteMany({
  where: {
    id: {
      gt: 1,
      lt: 10,
    }
  }
})

Before 5.4.0

BEGIN
SELECT id FROM "Post" WHERE id > 1 AND id < 10;
SELECT id FROM "Post" WHERE id > 1 AND id < 10 AND id IN (<...select ids>);
DELETE FROM "Post" WHERE id IN (<...select ids>) AND id > 1 AND id < 10;
COMMIT

After 5.4.0

DELETE FROM "Post" WHERE id > 1 AND id < 10;

Upsert improvements

We improved the upsert operation (non-native database upsert) by removing a redundant SELECT query:

Prisma Client query

await prisma.user.upsert({
  where: { email: "john@doe.com" },
  create: { email: "john@doe.com", firstName: "John" },
  update: { firstName: "Johnny" },
})

Before 5.4.0

SELECT `User`.`id` FROM `User` WHERE `User`.`email` = ?;
SELECT `User`.`id` FROM `User` WHERE `User`.`email` = ?;
UPDATE `prisma`.`User` SET `firstName` = ? WHERE `prisma`.`User`.`id` IN (?) AND `prisma`.`User`.`email` = ?;
SELECT `User`.`id` FROM `User` WHERE `User`.`id` = ?;

After 5.4.0

SELECT `User`.`id` FROM `User` WHERE `User`.`email` = ?;
UPDATE `prisma`.`User` SET `firstName` = ? WHERE `prisma`.`User`.`id` IN (?) AND `prisma`.`User`.`email` = ?;
SELECT `User`.`id` FROM `User` WHERE `User`.`id` = ?;

Fixes and improvements

Prisma Client

• Unnecessary SELECT may be generated by upsert()
• Inefficient deleteMany query generation
• Prisma can generate an overly complex and inefficient query in some cases
• deleteMany optimisation
• CockroachDB: Highly Variable Query Response Times
• Extremely poor relation where clause query
• Enums loaded as part of transaction after UPDATE, slowing down transaction.
• MongoDB deleteMany seems to send 2 identical read queries first before triggering the actual delete
• Query validation messages reference color output even if colors are not enabled
• Prisma generates unnecessary subquery, which is inefficient
• Unnecessary INNER JOIN when doing nested queries
• Semver checks for yarn and typescript could potentially fail
• [Prisma overr

---

Configuration

📅 Schedule: Branch creation - "before 4am on the first day of the month" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.