Skip to content

chore(deps): bump the indexer-dependencies group across 1 directory with 6 updates#223

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/indexer/indexer-dependencies-76d9fc1518
Open

chore(deps): bump the indexer-dependencies group across 1 directory with 6 updates#223
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/indexer/indexer-dependencies-76d9fc1518

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 6, 2026

Copy link
Copy Markdown
Contributor

Bumps the indexer-dependencies group with 6 updates in the /indexer directory:

Package From To
@prisma/client 5.22.0 7.8.0
dotenv 16.6.1 17.4.2
express 4.22.2 5.2.1
node-cron 3.0.3 4.6.0
@types/express 4.17.25 5.0.6
prisma 5.22.0 7.8.0

Updates @prisma/client from 5.22.0 to 7.8.0

Release notes

Sourced from @​prisma/client's releases.

7.8.0

Today, we are excited to share the 7.8.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Features

Prisma Client

  • Added a queryPlanCacheMaxSize option to the PrismaClient constructor for fine-grained control over the query plan cache. Pass 0 to disable the cache entirely, or omit it to use the default cache size. A larger value can improve performance in applications that execute many unique queries, while a smaller one can reduce memory usage. (#29503)

Bug Fixes

Prisma Client

  • Fixed an equality filter panic and incorrect ::jsonb cast when filtering on PostgreSQL JSON list columns. Queries using where: { jsonListField: { equals: [...] } }prisma/prisma-engines#5804
  • Fixed case-insensitive JSON field filtering (mode: insensitive), allowing where: { jsonField: { equals: "...", mode: "insensitive" } }prisma/prisma-engines#5806
  • Fixed incorrect parameterization of enum values that have a custom database name set via @map. (#29422)
  • Fixed a database parameter limit check (P2029), which could incorrectly reject or miss over-limit queries. (#29422)
  • Fixed a regression that caused missing SQL Server VARCHARprisma/prisma-engines#5801

Schema Engine

  • Fixed a misleading error message in prisma migrate diff that referenced the --shadow-database-url CLI flag, which was removed in Prisma 7. (#29455)
  • Fixed prisma migrate dev (and shadow database migration replay in general) failing with CREATE INDEX CONCURRENTLY cannot run inside a transaction blockprisma/prisma-engines#5799
  • Fixed PostgreSQL introspection silently dropping sequence defaults when the database returns the schema-qualified form pg_catalog.nextval('sequence_name'::regclass) instead of the bare nextval(...). Columns backed by sequences now correctly appear as @default(autoincrement())prisma/prisma-engines#5802

Driver Adapters

  • @​prisma/adapter-d1: Savepoint operations (createSavepoint, rollbackToSavepoint, releaseSavepoint) now silently no-op with debug logging instead of executing SQL statements, consistent with how the D1 adapter already treats top-level transactions. (#29499)

Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

... (truncated)

Commits
  • 62b44ac chore(deps): update engines to 7.8.0-5.e96eae70cf4ade6a15d7e6064d5b0b4f7d835d...
  • 4104864 feat: add a query plan cache size parameter (#29503)
  • 723ba7b chore(deps): update engines to 7.8.0-4.8c287008617e9b12f313df99e2c821ae61ea9a...
  • cadbafe chore(deps): update engines to 7.8.0-2.3187e3937290320ba3c7dbd5aa94af67942b44...
  • f705533 chore(deps): update engines to 7.8.0-1.7b80cc56c645c6e03c7541474e6a7c8d91b70d...
  • fbab4e8 Fix 29271 (#29303)
  • 6a3c3cc chore: extract parameterization to client-engine-runtime (#29422)
  • 5b420f8 fix(client): prevent caching of createMany queries to avoid cache bloat and p...
  • 30f0af6 feat: dmmf streaming with an E2E test (#29377)
  • 14c3c2e fix: pin E2E typescript to prevent 6 upgrade (#29383)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​prisma/client since your current version.


Updates dotenv from 16.6.1 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

  • Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

  • Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

  • Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

  • Tighten up logs: ◇ injecting env (14) from .env (#1003)

17.3.1 (2026-02-12)

Changed

  • Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

  • Add a new README section on dotenv’s approach to the agentic future.

Changed

  • Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

  • Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)
  • Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

17.2.3 (2025-09-29)

Changed

  • Fixed typescript error definition (#912)

... (truncated)

Commits

Updates express from 4.22.2 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

What's Changed

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

  • Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
    • The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

5.2.0 / 2025-12-01

  • Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
  • deps: body-parser@^2.2.1
  • A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

5.1.0 / 2025-03-31

  • Add support for Uint8Array in res.send()
  • Add support for ETag option in res.sendFile()
  • Add support for multiple links with the same rel in res.links()
  • Add funding field to package.json
  • perf: use loop for acceptParams
  • refactor: prefix built-in node module imports
  • deps: remove setprototypeof
  • deps: remove safe-buffer
  • deps: remove utils-merge
  • deps: remove methods
  • deps: remove depd
  • deps: debug@^4.4.0
  • deps: body-parser@^2.2.0
  • deps: router@^2.2.0
  • deps: content-type@^1.0.5
  • deps: finalhandler@^2.1.0
  • deps: qs@^6.14.0
  • deps: server-static@2.2.0
  • deps: type-is@2.0.1

5.0.1 / 2024-10-08

5.0.0 / 2024-09-10

  • remove:
    • path-is-absolute dependency - use path.isAbsolute instead
  • breaking:
    • res.status() accepts only integers, and input must be greater than 99 and less than 1000
      • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
      • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
    • deps: send@1.0.0

... (truncated)

Commits

Updates node-cron from 3.0.3 to 4.6.0

Release notes

Sourced from node-cron's releases.

v4.6.0

4.6.0 (2026-07-04)

Added

  • add cron.shutdown(timeout?) for graceful process teardown (#589) (35f1a61)
  • add unref option for heartbeat timers (#588) (35cb140)
  • day-of-month: Quartz-style W, L-n and ? modifiers (#570) (cbe379b)
  • emit task:failed when a background daemon exits unexpectedly (7bd91d6)
  • support cron expression nicknames (@​yearly, @​daily, etc.) (#579) (6a6e14e)

Fixed

  • background task state transition on stop/destroy without fork (#584) (9dbc6de)
  • clear jitter timeout on runner stop (#583) (28b8146)
  • CommonJS type resolution (#608) (ee9d294)
  • correct falied->failed typo in daemon task error log (#594) (66c6961)
  • correct shutdown listener typing that broke the build (#595) (7aac3ad)
  • correlate execute() by id, isolate event hooks, and stop counting manual runs toward maxExecutions (#607) (0f039a9)
  • daemon serialized task state with wrong field name (#587) (688d465)
  • expand inverted ranges with wrap-around instead of silently swapping (#602) (a10ae53)
  • harden cron.shutdown() teardown (#598) (a0b0d1f)
  • kill orphan child process on background task stop/destroy timeout (#582) (8179e10)
  • make concurrent background start() await the daemon and time out coordinator lookups (#605) (446f03a)
  • make lifecycle calls on a destroyed task safe no-ops (#600) (7fa9795)
  • prevent double destroy on registry remove (#585) (8ae9f06)
  • release-please: match existing v-prefixed tags (#575) (e43c152)
  • runner promise bugs that could hang scheduling or crash process (#581) (0ae62be)
  • unref the IPC channel so background tasks let the process exit (#599) (534e593)
  • validate the cron expression when scheduling a task (#603) (196e6cd)
  • validate() consistency and multi-asterisk expansion (#606) (8cf41c4)
  • weekday 7-to-0 conversion corrupting ranges (#580) (c8a3943)

Changed

  • replace chai and sinon with native vitest assertions (#590) (d29d07a)

v4.5.0

Added

  • lastRun() introspection getter on ScheduledTask: returns { date, result } after a successful execution, { date, error } after a failed one, or null before the first run.
  • Extended day-of-week tokens: <weekday>#<nth> (nth weekday of the month, e.g. 1#1 for the first Monday) and <weekday>L (last weekday of the month, e.g. 5L for the last Friday).

Performance

  • Cache Intl.DateTimeFormat instances per timezone instead of rebuilding on every call.
  • Parse the cron expression once per TimeMatcher instead of re-parsing in MatcherWalker.
  • Compute the GMT offset lazily (only when formatting ISO strings, not during the next-run search).
  • Replace crypto.randomBytes with crypto.randomUUID for internal ID generation.

... (truncated)

Changelog

Sourced from node-cron's changelog.

4.6.0 (2026-07-04)

Added

  • add cron.shutdown(timeout?) for graceful process teardown (#589) (35f1a61)
  • add unref option for heartbeat timers (#588) (35cb140)
  • day-of-month: Quartz-style W, L-n and ? modifiers (#570) (cbe379b)
  • emit task:failed when a background daemon exits unexpectedly (7bd91d6)
  • support cron expression nicknames (@​yearly, @​daily, etc.) (#579) (6a6e14e)

Fixed

  • background task state transition on stop/destroy without fork (#584) (9dbc6de)
  • clear jitter timeout on runner stop (#583) (28b8146)
  • CommonJS type resolution (#608) (ee9d294)
  • correct falied->failed typo in daemon task error log (#594) (66c6961)
  • correct shutdown listener typing that broke the build (#595) (7aac3ad)
  • correlate execute() by id, isolate event hooks, and stop counting manual runs toward maxExecutions (#607) (0f039a9)
  • daemon serialized task state with wrong field name (#587) (688d465)
  • expand inverted ranges with wrap-around instead of silently swapping (#602) (a10ae53)
  • harden cron.shutdown() teardown (#598) (a0b0d1f)
  • kill orphan child process on background task stop/destroy timeout (#582) (8179e10)
  • make concurrent background start() await the daemon and time out coordinator lookups (#605) (446f03a)
  • make lifecycle calls on a destroyed task safe no-ops (#600) (7fa9795)
  • prevent double destroy on registry remove (#585) (8ae9f06)
  • release-please: match existing v-prefixed tags (#575) (e43c152)
  • runner promise bugs that could hang scheduling or crash process (#581) (0ae62be)
  • unref the IPC channel so background tasks let the process exit (#599) (534e593)
  • validate the cron expression when scheduling a task (#603) (196e6cd)
  • validate() consistency and multi-asterisk expansion (#606) (8cf41c4)
  • weekday 7-to-0 conversion corrupting ranges (#580) (c8a3943)

Changed

  • replace chai and sinon with native vitest assertions (#590) (d29d07a)

[4.5.0] - 2026-06-21

Added

  • lastRun() introspection getter on ScheduledTask: returns { date, result } after a successful execution, { date, error } after a failed one, or null before the first run. (#557)
  • Extended day-of-week tokens: <weekday>#<nth> (nth weekday of the month, e.g. 1#1 for the first Monday) and <weekday>L (last weekday of the month, e.g. 5L for the last Friday). (#560)

Performance

... (truncated)

Commits
  • 0be2ca0 chore(main): release 4.6.0 (#576)
  • 813ab08 docs: note bundlers must keep node-cron external for background tasks (#610)
  • ee9d294 fix: CommonJS type resolution (#608)
  • 0f039a9 fix: correlate execute() by id, isolate event hooks, and stop counting manual...
  • 8cf41c4 fix: validate() consistency and multi-asterisk expansion (#606)
  • 446f03a fix: make concurrent background start() await the daemon and time out coordin...
  • 88647a6 docs: note DST fall-back behavior for sub-hourly schedules and the UTC workar...
  • 196e6cd fix: validate the cron expression when scheduling a task (#603)
  • 7bd91d6 feat: emit task:failed when a background daemon exits unexpectedly (#601)
  • a10ae53 fix: expand inverted ranges with wrap-around instead of silently swapping (#602)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for node-cron since your current version.


Updates @types/express from 4.17.25 to 5.0.6

Commits

Updates prisma from 5.22.0 to 7.8.0

Release notes

Sourced from prisma's releases.

7.8.0

Today, we are excited to share the 7.8.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Features

Prisma Client

  • Added a queryPlanCacheMaxSize option to the PrismaClient constructor for fine-grained control over the query plan cache. Pass 0 to disable the cache entirely, or omit it to use the default cache size. A larger value can improve performance in applications that execute many unique queries, while a smaller one can reduce memory usage. (#29503)

Bug Fixes

Prisma Client

  • Fixed an equality filter panic and incorrect ::jsonb cast when filtering on PostgreSQL JSON list columns. Queries using where: { jsonListField: { equals: [...] } }prisma/prisma-engines#5804
  • Fixed case-insensitive JSON field filtering (mode: insensitive), allowing where: { jsonField: { equals: "...", mode: "insensitive" } }prisma/prisma-engines#5806
  • Fixed incorrect parameterization of enum values that have a custom database name set via @map. (#29422)
  • Fixed a database parameter limit check (P2029), which could incorrectly reject or miss over-limit queries. (#29422)
  • Fixed a regression that caused missing SQL Server VARCHARprisma/prisma-engines#5801

Schema Engine

  • Fixed a misleading error message in prisma migrate diff that referenced the --shadow-database-url CLI flag, which was removed in Prisma 7. (#29455)
  • Fixed prisma migrate dev (and shadow database migration replay in general) failing with CREATE INDEX CONCURRENTLY cannot run inside a transaction blockprisma/prisma-engines#5799
  • Fixed PostgreSQL introspection silently dropping sequence defaults when the database returns the schema-qualified form pg_catalog.nextval('sequence_name'::regclass) instead of the bare nextval(...). Columns backed by sequences now correctly appear as @default(autoincrement())prisma/prisma-engines#5802

Driver Adapters

  • @​prisma/adapter-d1: Savepoint operations (createSavepoint, rollbackToSavepoint, releaseSavepoint) now silently no-op with debug logging instead of executing SQL statements, consistent with how the D1 adapter already treats top-level transactions. (#29499)

Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

... (truncated)

Commits
  • 5723406 fix(cli): route bootstrap telemetry to Prisma Web Properties project (#29473)
  • 8e71aa7 fix(cli): install missing @prisma/client in prisma bootstrap (#29444)
  • ada077b fix(cli): bootstrap UX — auto-install deps, resumable flow, timeout handling ...
  • 9b0b7f5 feat(cli): add prisma bootstrap command (#29374)
  • 5fece0a chore: bump @​prisma/dev to 0.24.3 (#29396)
  • 45d7e0f feat(cli): add prisma postgres link command (#29352)
  • adbdf15 Pre-bundle Studio frontend assets and replace Hono (#29389)
  • f8258ad chore: bump effect to fix vulnerability (#29384)
  • 74839a9 feat(cli): update bundled @​prisma/studio-core to 0.27.3 (#29376)
  • 309b4bc refactor: extract 'prisma-client-js' into PRISMA_CLIENT_JS_PROVIDER constant ...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for prisma since your current version.


@dependabot @github

dependabot Bot commented on behalf of github Jun 6, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies, indexer. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot changed the title chore(deps): bump the indexer-dependencies group in /indexer with 6 updates chore(deps): bump the indexer-dependencies group across 1 directory with 6 updates Jun 22, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/indexer/indexer-dependencies-76d9fc1518 branch 2 times, most recently from beb6033 to 2e8bdf8 Compare June 29, 2026 09:25
…ith 6 updates

Bumps the indexer-dependencies group with 6 updates in the /indexer directory:

| Package | From | To |
| --- | --- | --- |
| [@prisma/client](https://github.com/prisma/prisma/tree/HEAD/packages/client) | `5.22.0` | `7.8.0` |
| [dotenv](https://github.com/motdotla/dotenv) | `16.6.1` | `17.4.2` |
| [express](https://github.com/expressjs/express) | `4.22.2` | `5.2.1` |
| [node-cron](https://github.com/node-cron/node-cron) | `3.0.3` | `4.6.0` |
| [@types/express](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/express) | `4.17.25` | `5.0.6` |
| [prisma](https://github.com/prisma/prisma/tree/HEAD/packages/cli) | `5.22.0` | `7.8.0` |



Updates `@prisma/client` from 5.22.0 to 7.8.0
- [Release notes](https://github.com/prisma/prisma/releases)
- [Commits](https://github.com/prisma/prisma/commits/7.8.0/packages/client)

Updates `dotenv` from 16.6.1 to 17.4.2
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v16.6.1...v17.4.2)

Updates `express` from 4.22.2 to 5.2.1
- [Release notes](https://github.com/expressjs/express/releases)
- [Changelog](https://github.com/expressjs/express/blob/master/History.md)
- [Commits](expressjs/express@v4.22.2...v5.2.1)

Updates `node-cron` from 3.0.3 to 4.6.0
- [Release notes](https://github.com/node-cron/node-cron/releases)
- [Changelog](https://github.com/node-cron/node-cron/blob/main/CHANGELOG.md)
- [Commits](node-cron/node-cron@v3.0.3...v4.6.0)

Updates `@types/express` from 4.17.25 to 5.0.6
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/express)

Updates `prisma` from 5.22.0 to 7.8.0
- [Release notes](https://github.com/prisma/prisma/releases)
- [Commits](https://github.com/prisma/prisma/commits/7.8.0/packages/cli)

---
updated-dependencies:
- dependency-name: "@prisma/client"
  dependency-version: 7.8.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: indexer-dependencies
- dependency-name: "@types/express"
  dependency-version: 5.0.6
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: indexer-dependencies
- dependency-name: dotenv
  dependency-version: 17.4.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: indexer-dependencies
- dependency-name: express
  dependency-version: 5.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: indexer-dependencies
- dependency-name: node-cron
  dependency-version: 4.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: indexer-dependencies
- dependency-name: prisma
  dependency-version: 7.8.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: indexer-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/indexer/indexer-dependencies-76d9fc1518 branch from 2e8bdf8 to 50aa711 Compare July 6, 2026 09:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants