Skip to content

fix(deps): update all non-major dependencies#154

Merged
alexolivier merged 2 commits intomainfrom
renovate/all-minor-patch
Mar 5, 2026
Merged

fix(deps): update all non-major dependencies#154
alexolivier merged 2 commits intomainfrom
renovate/all-minor-patch

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate bot commented Mar 2, 2026
edited
Loading

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package Change Age Confidence Type Update
@cerbos/core (source) ^0.27.0^0.28.0 age confidence dependencies minor
@cerbos/grpc (source) ^0.24.0^0.25.0 age confidence dependencies minor
@prisma/adapter-better-sqlite3 (source) 7.3.07.4.2 age confidence devDependencies minor
@prisma/client (source) 7.3.07.4.2 age confidence devDependencies minor
@tsconfig/node20 (source) 20.1.820.1.9 age confidence dependencies patch
@tsconfig/node20 (source) 20.1.820.1.9 age confidence devDependencies patch
@types/node (source) 24.10.924.11.0 age confidence devDependencies minor
@types/node (source) 24.10.1324.11.0 age confidence devDependencies minor
actions/setup-node v6.2.0v6.3.0 age confidence action minor
better-sqlite3 12.4.112.6.2 age confidence devDependencies minor
chromadb 3.2.23.3.1 age confidence dependencies minor
convex (source) 1.31.71.32.0 age confidence devDependencies minor
gradle/actions v4.4.1v4.4.4 age confidence action patch
mongoose (source) 9.1.59.2.4 age confidence devDependencies minor
prisma (source) 7.3.07.4.2 age confidence devDependencies minor
rimraf 6.1.26.1.3 age confidence devDependencies patch
rimraf 6.1.06.1.3 age confidence devDependencies patch
start-server-and-test 2.1.32.1.5 age confidence devDependencies patch
org.slf4j:slf4j-simple (source, changelog) 2.0.162.0.17 age confidence dependencies patch
com.fasterxml.jackson.core:jackson-databind (source) 2.18.22.21.1 age confidence dependencies minor
org.testcontainers:elasticsearch (source) 1.20.41.21.4 age confidence dependencies minor
org.testcontainers:junit-jupiter (source) 1.20.41.21.4 age confidence dependencies minor
org.testcontainers:testcontainers (source) 1.20.41.21.4 age confidence dependencies minor
org.junit:junit-bom (source) 5.11.45.14.3 age confidence dependencies minor
com.google.protobuf:protobuf-java (source) 4.27.14.34.0 age confidence dependencies minor
dev.cerbos:cerbos-sdk-java (source) 0.13.00.18.0 age confidence dependencies minor

Release Notes

cerbos/cerbos-sdk-javascript (@​cerbos/core)

v0.28.0

Compare Source

Added
Changed
cerbos/cerbos-sdk-javascript (@​cerbos/grpc)

v0.25.0

Compare Source

Added
Changed
prisma/prisma (@​prisma/adapter-better-sqlite3)

v7.4.2

Compare Source

Today, we are issuing a 7.4.2 patch release focused on bug fixes and quality improvements.

🛠 Fixes

Prisma Client

  • Fix a case-insensitive IN and NOT IN filter regression (#​29243)
  • Fix a query plan mutation issue that resulted in broken cursor queries (#​29262)
  • Fix an array parameter wrapping issue in push operations (prisma/prisma-engines#5784)
  • Fix Uint8Array serialization in nested JSON fields (#​29268)
  • Fix an issue with MySQL joins that relied on non-strict equality (#​29251)

Driver Adapters

Schema Engine

🙏 Huge thanks to our community

Many of the fixes in this release were contributed by our amazing community members. We're grateful for your continued support and contributions that help make Prisma better for everyone!

v7.4.1

Compare Source

Today, we are issuing a 7.4.1 patch release focused on bug fixes and quality improvements.

🛠 Fixes

Prisma Client

  • Fix cursor-based pagination regression with parameterised values (#​29184)
  • Preserve Prisma.skip through query extension argument cloning (#​29198)
  • Enable batching of multiple queries inside interactive transactions (#​25571)
  • Add missing JSON value deserialization for JSONB parameter fields (#​29182)
  • Apply result extensions correctly for nested and fluent relations (#​29218)
  • Allow missing config datasource URL and validate only when needed (prisma/prisma-engines#5777)

Driver Adapters

Prisma Schema Language

🙏 Huge thanks to our community

Many of the fixes in this release were contributed by our amazing community members. We're grateful for your continued support and contributions that help make Prisma better for everyone!

v7.4.0

Compare Source

Today, we are excited to share the 7.4.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Caching in Prisma Client

Today’s release is a big one, as we introduce a new caching layer into Prisma ORM. But why the need for a caching layer?

In Prisma 7, the query compiler runs as a WebAssembly module directly on the JavaScript main thread. While this simplified the architecture by eliminating the separate engine process, it introduced a trade-off: every query now synchronously blocks the event loop during compilation.

For individual queries, compilation takes between 0.1ms and 1ms, which is barely noticeable in isolation. But under high concurrency this overhead adds up and creates event loop contention that affects overall application throughput.

For instance, say we have a query that is run over and over, but is a similar shape:

// These two queries have the same shape:
const alice = await prisma.user.findUnique({ where: { email: 'alice@prisma.io' } })
const bob = await prisma.user.findUnique({ where: { email: 'bob@prisma.io' } })

Prior to v7.4.0, this would be reevaluated ever time the query is run. Now, Prisma Client will extract the user-provided values and replaces them with typed placeholders, producing a normalized query shape:

prisma.user.findUnique({ where: { email: %1 } })   // cache key
                                         ↑
                              %1 = 'alice@prisma.io'  (or 'bob@prisma.io')

This normalized shape is used as a cache key. On the first call, the query is compiled as usual and the resulting plan is stored in an LRU cache. On every subsequent call with the same query shape, regardless of the actual values, the cached plan is reused instantly without invoking the compiler.

We have more details on the impact of this change and some deep dives into Prisma architecture in an upcoming blog post!

Partial Indexes (Filtered Indexes) Support

We're excited to announce Partial Indexes support in Prisma! This powerful community-contributed feature allows you to create indexes that only include rows matching specific conditions, significantly reducing index size and improving query performance.

Partial indexes are available behind the partialIndexes preview feature for PostgreSQL, SQLite, SQL Server, and CockroachDB, with full migration and introspection support.

Basic usage

Enable the preview feature in your schema:

generator client {
  provider        = "prisma-client-js"
  previewFeatures = ["partialIndexes"]
}

Raw SQL syntax

For maximum flexibility, use the raw() function with database-specific predicates:

model User {
  id       Int     @​id
  email    String
  status   String

  @​@​unique([email], where: raw("status = 'active'"))
  @​@​index([email], where: raw("deletedAt IS NULL"))
}

Type-safe object syntax

For better type safety, use the object literal syntax for simple conditions:

model Post {
  id        Int      @​id
  title     String
  published Boolean

  @​@​index([title], where: { published: true })
  @​@​unique([title], where: { published: { not: false } })
}
Bug Fixes

Most of these fixes are community contributions - thank you to our amazing contributors!

  • prisma/prisma-engines#5767: Fixed an issue with PostgreSQL migration scripts that prevented usage of CREATE INDEX CONCURRENTLY in migrations
  • prisma/prisma-engines#5752: Fixed BigInt precision loss in JSON aggregation for MySQL and CockroachDB by casting BigInt values to text (from community member polaz)
  • prisma/prisma-engines#5750: Fixed connection failures with non-ASCII database names by properly URL-decoding database names in connection strings
  • #​29155: Fixed silent transaction commit errors in PlanetScale adapter by ensuring COMMIT failures are properly propagated
  • #​29141: Resolved race condition errors (EREQINPROG) in SQL Server adapter by serializing commit/rollback operations using mutex synchronization
  • #​29158: Fixed MSSQL connection string parsing to properly handle curly brace escaping for passwords containing special characters

Open roles at Prisma

Interested in joining Prisma? We’re growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that’s right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

tsconfig/bases (@​tsconfig/node20)

v20.1.9

Compare Source

actions/setup-node (actions/setup-node)

v6.3.0

Compare Source

What's Changed
Enhancements:

When using node-version-file: package.json, setup-node now prefers devEngines.runtime over engines.node.

Dependency updates:
Bug fixes:
New Contributors

Full Changelog: actions/setup-node@v6...v6.3.0

WiseLibs/better-sqlite3 (better-sqlite3)

v12.6.2

Compare Source

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.6.1...v12.6.2

v12.6.0

Compare Source

What's Changed
  • Update SQLite to version 3.51.2 in #​1436

Full Changelog: WiseLibs/better-sqlite3@v12.5.0...v12.6.0

v12.5.0

Compare Source

What's Changed

  • Update SQLite to version 3.51.1 in #​1424

Full Changelog: WiseLibs/better-sqlite3@v12.4.6...v12.5.0

v12.4.6

Compare Source

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.4.5...v12.4.6

v12.4.5

Compare Source

What's Changed

Full Changelog: WiseLibs/better-sqlite3@v12.4.4...v12.4.5

get-convex/convex-js (convex)

v1.32.0

  • Improved the API documentation with more examples to help AI agents.

  • Added a new npx convex insights CLI command to show the insights
    for a deployment.

  • Added insights MCP tool for diagnosing OCC conflicts and resource limit issues
    on cloud deployments.

  • The insights MCP tool works on production deployments without requiring
    --dangerously-enable-production-deployments.

  • When using a local Convex backend (local dev deployment, agent mode or
    anonymous mode), the deployment’s data is now stored in a .convex
    directory in the project root (instead of ~/.convex). This change
    is helpful when using multiple worktrees, since each worktree can get
    its own isolated storage. Existing local deployments are not affected.

  • Added new options maximumRowsRead and maximumBytesRead
    to PaginationOptions to get more fine-grained control over
    the number of rows read when using pagination.

  • When creating a new dev deployment, the Convex CLI now asks you which
    deployment region you want to use if you haven’t set a team default.

  • Increased the default value for authRefreshTokenLeewaySeconds
    to 10 seconds.

  • The CLI now uses VITE_CONVEX_* environment variables when using Remix
    alongside Vite, instead of CONVEX_*.

  • Fixed an issue where the CLI would sometimes be affected by GitHub API
    rate limits when downloading the local deployment binary.

  • Fixed an issue where websockets would disconnect when using Bun.

  • Fixed an issue with the WorkOS integration that caused crashes
    when running npx convex deploy with a deployment that has
    its own WorkOS credentials.

  • Fixed an issue with the WorkOS integration where the
    WORKOS_API_KEY environment variable from the shell
    would incorrectly be used.

  • Fixed an issue where some modifications to auth.config.ts
    would cause the push process to fail.

  • Fixed an issue on Windows that caused arrow key presses to be ignored when the “cloud or local deployment” prompt is shown.

gradle/actions (gradle/actions)

v4.4.4

Compare Source

What's Changed

Full Changelog: gradle/actions@v4...v4.4.4

v4.4.3

Compare Source

What's Changed

Full Changelog: gradle/actions@v4.4.2...v4.4.3

v4.4.2

Compare Source

This patch release updates a bunch of dependency versions

What's Changed

  • Bump github/codeql-action from 3.29.4 to 3.29.5 in the github-actions group across 1 directory (#​703)
  • Bumps the npm-dependencies group in /sources with 4 updates (#​702)
  • Upgrade to gradle 9 in workflows and tests (#​704)
  • Update known wrapper checksums (#​701)
  • Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/gradle-plugin (#​695)
  • Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/groovy-dsl (#​696)
  • Bump Gradle Wrapper from 8.14.3 to 9.0.0 in /.github/workflow-samples/java-toolchain (#​697)
  • Bump com.fasterxml.jackson.dataformat:jackson-dataformat-smile from 2.19.1 to 2.19.2 in /sources/test/init-scripts in the gradle group across 1 directory (#​693)
  • Bump github/codeql-action from 3.29.0 to 3.29.4 in the github-actions group across 1 directory (#​691)
  • Bump the npm-dependencies group in /sources with 5 updates (#​692)
  • Bump references to Develocity Gradle plugin from 4.0.2 to 4.1 (#​685)
  • Bump the npm-dependencies group across 1 directory with 8 updates (#​684)
  • Run Gradle release candidate tests with JDK 17 (#​690)
  • Update Develocity npm agent to version 1.0.1 (#​687)
  • Update known wrapper checksums (#​688)
  • Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/kotlin-dsl (#​683
  • Bump the github-actions group across 1 directory with 3 updates (#​675)
  • Bump the gradle group across 3 directories with 2 updates (#​674)
  • Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /sources/test/init-scripts (#​679)
  • Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/java-toolchain (#​682)
  • Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/groovy-dsl (#​681)
  • Bump Gradle Wrapper from 8.14.2 to 8.14.3 in /.github/workflow-samples/gradle-plugin (#​680)
  • Update known wrapper checksums (#​676)

Full Changelog: gradle/actions@v4.4.1...v4.4.2

Automattic/mongoose (mongoose)

v9.2.4

Compare Source

==================

  • types(models): allow unknown keys in subdocs while retaining autocomplete suggestions #​16048
  • types(schema): fix issues related to defining timestamps and virtuals with methods and/or statics in schema options #​16052 #​16046
  • docs: use lowercase primitive types in JSDoc and fix incorrect @returns declarations #​16036 #​16018
  • docs(field-level-encryption): improve CSFLE docs with model registration guidance and schema definition example #​16065 #​16015

v9.2.3

Compare Source

==================

  • types(model): make bulkSave() correctly take array of THydratedDocumentType #​16032

v9.2.2

Compare Source

==================

  • fix(document): make pathsToSave filter all update operators and preserve unsaved state #​16027
  • fix(setDefaultsOnInsert): check child filter paths before applying defaults, fix dot-notation handling, and prevent prototype pollution #​16031 #​16030
  • fix(populate): make refPath work as a function, including map paths with $* #​16035 #​16028
  • perf: optimize pathsToSave and indexed-path checks for subdocuments
  • types: remove duplicate definition of UUIDToJSON type #​16029
  • docs(field-level-encryption): clarify crypt_shared library usage and move extraOptions under autoEncryption #​16026 #​16015
  • test(types): introduce TSTyche for type testing #​16024

v9.2.1

Compare Source

==================

  • types(query): allow assigning QueryFilter to QueryFilter #​16020
  • types: duplicate identifier 'UUIDToJSON' in mongoosejs 9.2.0 #​16023
  • types: preserve subdocument toObject() field types when using virtuals + versionKey options #​16021 #​15965 AbdelrahmanHafez
  • docs(mongoose): add missing options to mongoose.set() docs #​16019

v9.2.0

Compare Source

==================

  • types(query): allow assigning QueryFilter to QueryFilter #​16020
  • types: duplicate identifier 'UUIDToJSON' in mongoosejs 9.2.0 #​16023
  • types: preserve subdocument toObject() field types when using virtuals + versionKey options #​16021 #​15965 AbdelrahmanHafez
  • docs(mongoose): add missing options to mongoose.set() docs #​16019

v9.1.6

Compare Source

==================

isaacs/rimraf (rimraf)

v6.1.3

Compare Source

bahmutov/start-server-and-test (start-server-and-test)

v2.1.5

Compare Source

Bug Fixes
  • formatting the message in the constructor of Error object (#​395) (9d135de)

v2.1.4

Compare Source

Bug Fixes
testcontainers/testcontainers-java (org.testcontainers:elasticsearch)

v1.21.4

Compare Source

This release makes version 1.21.x works with recent Docker Engine changes.

v1.21.3

Compare Source

What's Changed

v1.21.2

Compare Source

What's Changed

📖 Documentation

📦 Dependency updates

v1.21.1

Compare Source

What's Changed

🚀 Features & Enhancements

🐛 Bug Fixes

  • Use generic init script filename when copying it into a Cassandra container (#​9606) @​maximevw

📖 Documentation

📦 Dependency updates

v1.21.0

Compare Source

What's Changed

Configuration

📅 Schedule: Branch creation - Between 12:00 AM and 03:59 AM, only on Monday ( * 0-3 * * 1 ) (UTC), Automerge - "after 9am and before 5pm Monday" (UTC).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested a review from alexolivier March 2, 2026 10:01
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from ef1c45a to adcab81 Compare March 4, 2026 00:49
@renovate
fix(deps): update all non-major dependencies
5469942 
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from adcab81 to 5469942 Compare March 4, 2026 04:38
@alexolivier
fix(convex): update nand/nor tests for Cerbos 0.51.0 plan changes
0e32c1e 
Cerbos PDP now returns KIND_CONDITIONAL instead of KIND_ALWAYS_DENIED
for policies with conditional DENY + unconditional ALLOW rules.

Signed-off-by: Alex Olivier <alex@alexolivier.me>
@alexolivier alexolivier merged commit b943c91 into main Mar 5, 2026
31 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexolivier alexolivier Awaiting requested review from alexolivier

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@alexolivier