chore(deps): bump the dependencies group across 1 directory with 16 updates

[dependabot]

Bumps the dependencies group with 16 updates in the / directory:

Package	From	To
react-doctor	0.0.28	0.0.29
@aws-sdk/client-s3	3.993.0	3.995.0
@aws-sdk/s3-request-presigner	3.993.0	3.995.0
@prisma/client	5.22.0	7.4.1
dotenv	16.6.1	17.3.1
express	4.22.1	5.2.1
@types/express	4.17.25	5.0.6
express-rate-limit	7.5.1	8.2.1
node-cron	3.0.3	4.2.1
zod	3.25.76	4.3.6
@types/node	20.19.33	25.3.0
prisma	5.22.0	7.4.1
next	16.1.0	16.1.6
react	19.2.0	19.2.4
react-dom	19.2.0	19.2.4
tailwindcss	3.4.19	4.2.0

Updates react-doctor from 0.0.28 to 0.0.29

Changelog

Sourced from react-doctor's changelog.

0.0.29

Patch Changes

• fix

Commits

• See full diff in compare view

Updates @aws-sdk/client-s3 from 3.993.0 to 3.995.0

Release notes

Sourced from @​aws-sdk/client-s3's releases.

v3.995.0

3.995.0(2026-02-20)

Chores

• codegen: bump codegen version to 0.45.0 (#7752) (3c93f8ab)
• util-user-agent-node: populate metadata of alternative JavaScript runtimes (#7754) (79d2c235)
• make PR template checklist easier to edit (#7753) (be25ea35)

New Features

• clients: update client endpoints as of 2026-02-20 (aa23f1e0)
• client-appstream: Adding new attribute to disable IMDS v1 APIs for fleet, Image Builder and AppBlockBuilder instances. (72021889)
• client-sagemaker-runtime: Added support for S3OutputPathExtension and Filename parameters to the InvokeEndpointAsync API to allow users to customize the S3 output path and file name for async inference response payloads. (edac3d73)
• client-trustedadvisor: Adding a new enum attribute(statusReason) to TrustedAdvisorAPI response. This attribute explains reasoning behind check status for certain specific scenarios. (2d4a1eb4)
• client-ecs: Migrated to Smithy. No functional changes (20258a5f)
• client-ssm: Add support for AssociationDispatchAssumeRole in AWS SSM State Manager. (83535fc8)
• client-signer-data: This release introduces AWS Signer Data Plane SDK client supporting GetRevocationStatus API. The new client enables AWS PrivateLink connectivity with both private DNS and VPC endpoint URLs. (b03b059d)

---

For list of updated packages, view updated-packages.md in assets-3.995.0.zip

v3.994.0

3.994.0(2026-02-19)

Chores

• codegen: bump Gradle to 9.3.1 (#7750) (9db72de8)

New Features

• client-pca-connector-scep: AWS Private CA Connector for SCEP now supports AWS PrivateLink, allowing your clients to request certificates from within your Amazon Virtual Private Cloud (VPC) without traversing the public internet. With this launch, you can create VPC endpoints to connect to your SCEP connector privately. (6ffd8f08)
• client-bcm-dashboards: The Billing and Cost Management GetDashboard API now returns identifier for each widget, enabling users to uniquely identify widgets within their dashboards. (4d6e1de7)
• client-ecr: Adds multiple artifact types filter support in ListImageReferrers API. (9335ea37)

---

For list of updated packages, view updated-packages.md in assets-3.994.0.zip

Changelog

Sourced from @​aws-sdk/client-s3's changelog.

3.995.0 (2026-02-20)

Note: Version bump only for package @​aws-sdk/client-s3

3.994.0 (2026-02-19)

Note: Version bump only for package @​aws-sdk/client-s3

Commits

• e8dc4f2 Publish v3.995.0
• 62005a2 Publish v3.994.0
• See full diff in compare view

Updates @aws-sdk/s3-request-presigner from 3.993.0 to 3.995.0

Release notes

Sourced from @​aws-sdk/s3-request-presigner's releases.

v3.995.0

3.995.0(2026-02-20)

Chores

• codegen: bump codegen version to 0.45.0 (#7752) (3c93f8ab)
• util-user-agent-node: populate metadata of alternative JavaScript runtimes (#7754) (79d2c235)
• make PR template checklist easier to edit (#7753) (be25ea35)

New Features

• clients: update client endpoints as of 2026-02-20 (aa23f1e0)
• client-appstream: Adding new attribute to disable IMDS v1 APIs for fleet, Image Builder and AppBlockBuilder instances. (72021889)
• client-sagemaker-runtime: Added support for S3OutputPathExtension and Filename parameters to the InvokeEndpointAsync API to allow users to customize the S3 output path and file name for async inference response payloads. (edac3d73)
• client-trustedadvisor: Adding a new enum attribute(statusReason) to TrustedAdvisorAPI response. This attribute explains reasoning behind check status for certain specific scenarios. (2d4a1eb4)
• client-ecs: Migrated to Smithy. No functional changes (20258a5f)
• client-ssm: Add support for AssociationDispatchAssumeRole in AWS SSM State Manager. (83535fc8)
• client-signer-data: This release introduces AWS Signer Data Plane SDK client supporting GetRevocationStatus API. The new client enables AWS PrivateLink connectivity with both private DNS and VPC endpoint URLs. (b03b059d)

---

For list of updated packages, view updated-packages.md in assets-3.995.0.zip

v3.994.0

3.994.0(2026-02-19)

Chores

• codegen: bump Gradle to 9.3.1 (#7750) (9db72de8)

New Features

• client-pca-connector-scep: AWS Private CA Connector for SCEP now supports AWS PrivateLink, allowing your clients to request certificates from within your Amazon Virtual Private Cloud (VPC) without traversing the public internet. With this launch, you can create VPC endpoints to connect to your SCEP connector privately. (6ffd8f08)
• client-bcm-dashboards: The Billing and Cost Management GetDashboard API now returns identifier for each widget, enabling users to uniquely identify widgets within their dashboards. (4d6e1de7)
• client-ecr: Adds multiple artifact types filter support in ListImageReferrers API. (9335ea37)

---

For list of updated packages, view updated-packages.md in assets-3.994.0.zip

Changelog

Sourced from @​aws-sdk/s3-request-presigner's changelog.

3.995.0 (2026-02-20)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

3.994.0 (2026-02-19)

Note: Version bump only for package @​aws-sdk/s3-request-presigner

Commits

• e8dc4f2 Publish v3.995.0
• 62005a2 Publish v3.994.0
• See full diff in compare view

Updates @prisma/client from 5.22.0 to 7.4.1

Release notes

Sourced from @​prisma/client's releases.

7.4.1

Today, we are issuing a 7.4.1 patch release focused on bug fixes and quality improvements.

🛠 Fixes

Prisma Client

• Fix cursor-based pagination regression with parameterised values (prisma/prisma#29184)
• Preserve Prisma.skip through query extension argument cloning (prisma/prisma#29198)
• Enable batching of multiple queries inside interactive transactions (prisma/prisma#25571)
• Add missing JSON value deserialization for JSONB parameter fields (prisma/prisma#29182)
• Apply result extensions correctly for nested and fluent relations (prisma/prisma#29218)
• Allow missing config datasource URL and validate only when needed (prisma/prisma-engines#5777)

Driver Adapters

• @​prisma/adapter-ppg: Handle null values in type parsers for nullable columns (prisma/prisma#29192)

Prisma Schema Language

• Support where argument on field-level @unique for partial indexes (prisma/prisma-engines#5774)
• Add object expression and object member support to schema reformatter (prisma/prisma-engines#5776)

🙏 Huge thanks to our community

Many of the fixes in this release were contributed by our amazing community members. We're grateful for your continued support and contributions that help make Prisma better for everyone!

7.4.0

Today, we are excited to share the 7.4.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Caching in Prisma Client

Today’s release is a big one, as we introduce a new caching layer into Prisma ORM. But why the need for a caching layer?

In Prisma 7, the query compiler runs as a WebAssembly module directly on the JavaScript main thread. While this simplified the architecture by eliminating the separate engine process, it introduced a trade-off: every query now synchronously blocks the event loop during compilation.

For individual queries, compilation takes between 0.1ms and 1ms, which is barely noticeable in isolation. But under high concurrency this overhead adds up and creates event loop contention that affects overall application throughput.

For instance, say we have a query that is run over and over, but is a similar shape:

// These two queries have the same shape:
const alice = await prisma.user.findUnique({ where: { email: 'alice@prisma.io' } })
const bob = await prisma.user.findUnique({ where: { email: 'bob@prisma.io' } })

Prior to v7.4.0, this would be reevaluated ever time the query is run. Now, Prisma Client will extract the user-provided values and replaces them with typed placeholders, producing a normalized query shape:

... (truncated)

Commits

• 533e22a chore: port fixes to 7.4 patch branch (#29222)
• 7060f68 chore(deps): update engines to 7.4.0-20.ab56fe763f921d033a6c195e7ddeb3e255bdb...
• 91a24a9 feat: query plan caching (#29038)
• b49d446 chore(deps): update engines to 7.4.0-18.2997580c8cb38878f73e100453e7b27119e8f...
• 3c99935 chore(deps): update engines to 7.4.0-17.57b675f79cd26fbf702d70f9a13d2b7b2fad9...
• e7504d7 chore(deps): update engines to 7.4.0-16.d0314091cdd30494eefc61d346f8c09aca20d...
• 1e6c91c chore(deps): update engines to 7.4.0-15.6129681d45ea4510d3372dd5b28f6b8927584...
• e1bfd22 chore(deps): update engines to 7.4.0-13.e876f7aec6b9be3e5147d061ed521ec45a845...
• 12ca969 chore(deps): update engines to 7.4.0-12.aa5ee090ba89988f1dce71be263f4bcd9519b...
• 36b57cb chore(deps): update engines to 7.4.0-11.8583547702bad6d8e7de7d9812f7ec5c22e1c...
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @​prisma/client since your current version.

Updates dotenv from 16.6.1 to 17.3.1

Changelog

Sourced from dotenv's changelog.

17.3.1 (2026-02-12)

Changed

• Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

• Add a new README section on dotenv’s approach to the agentic future.

Changed

• Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

• Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)

• Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

17.2.3 (2025-09-29)

Changed

• Fixed typescript error definition (#912)

17.2.2 (2025-09-02)

Added

• 🙏 A big thank you to new sponsor Tuple.app - the premier screen sharing app for developers on macOS and Windows. Go check them out. It's wonderful and generous of them to give back to open source by sponsoring dotenv. Give them some love back.

17.2.1 (2025-07-24)

Changed

• Fix clickable tip links by removing parentheses (#897)

17.2.0 (2025-07-09)

Added

• Optionally specify DOTENV_CONFIG_QUIET=true in your environment or .env file to quiet the runtime log (#889)
• Just like dotenv any DOTENV_CONFIG_ environment variables take precedence over any code set options like ({quiet: false})

# .env
</tr></table> 

... (truncated)

Commits

• 7bc16a4 17.3.1
• 27303fd update README-es
• 6379eb2 update README
• b6d7339 fix spelling
• 5febe35 17.3.0
• f61f383 changelog 🪵
• dec94ad update README
• 4856950 update README
• 6351887 update README
• 23bd017 update README
• Additional commits viewable in compare view

Updates express from 4.22.1 to 5.2.1

Release notes

Sourced from express's releases.

v5.2.1

What's Changed

[!IMPORTANT]
The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

• Release: 5.2.1 by @​UlisesGascon in expressjs/express#6933

Full Changelog: expressjs/express@v5.2.0...v5.2.1

v5.2.0

Important: Security

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)

What's Changed

• build(deps): bump github/codeql-action from 3.28.11 to 3.28.13 by @​dependabot[bot] in expressjs/express#6429
• Refactor: simplify acceptsLanguages implementation using spread operator by @​Ayoub-Mabrouk in expressjs/express#6137
• increased code coverage of utils.js file by @​ashish3011 in expressjs/express#6386
• chore: remove duplicate word by @​dufucun in expressjs/express#6456
• build(deps): bump github/codeql-action from 3.28.13 to 3.28.16 by @​dependabot[bot] in expressjs/express#6498
• build(deps): bump actions/setup-node from 4.3.0 to 4.4.0 by @​dependabot[bot] in expressjs/express#6497
• build(deps): bump actions/download-artifact from 4.2.1 to 4.3.0 by @​dependabot[bot] in expressjs/express#6496
• ci: add node.js 24 to test matrix by @​Phillip9587 in expressjs/express#6504
• ci: update codeql config by @​Phillip9587 in expressjs/express#6488
• chore: wider range for query test skip by @​jonchurch in expressjs/express#6512
• chore: fix typos in test by @​noritaka1166 in expressjs/express#6535
• ci: disable credential persistence for checkout actions by @​mertssmnoglu in expressjs/express#6522
• ci: allow manual triggering of workflow by @​shivarm in expressjs/express#6515
• test: add coverage for app.listen() variants by @​kgarg1 in expressjs/express#6476
• docs: move documentation and charters to the discussions and .github … by @​bjohansebas in expressjs/express#6427
• build(deps): bump github/codeql-action from 3.28.16 to 3.28.18 by @​dependabot[bot] in expressjs/express#6549
• build(deps): bump ossf/scorecard-action from 2.4.1 to 2.4.2 by @​dependabot[bot] in expressjs/express#6548
• chore: enforce explicit Buffer import and add lint rule by @​shivarm in expressjs/express#6525
• chore: use node protocol for querystring by @​shivarm in expressjs/express#6520
• chore: fix typo by @​mountdisk in expressjs/express#6609
• build(deps): bump github/codeql-action from 3.28.18 to 3.29.2 by @​dependabot[bot] in expressjs/express#6618
• add deprecation warnings for redirect arguments undefined by @​bjohansebas in expressjs/express#6405
• ci: run CI when the markdown changes by @​bjohansebas in expressjs/express#6632
• doc: fix CONTRIBUTING link by @​jonchurch in expressjs/express#6653
• doc: update contributing guidelines and code of conduct links by @​ShubhamOulkar in expressjs/express#6601
• build(deps-dev): bump morgan from 1.10.0 to 1.10.1 by @​dependabot[bot] in expressjs/express#6679
• build(deps-dev): bump cookie-session from 2.1.0 to 2.1.1 by @​dependabot[bot] in expressjs/express#6678
• lint: add --fix flag to automatic fix linting issue by @​shivarm in expressjs/express#6644
• chore: ignore yarn.lock file and update example by @​shivarm in expressjs/express#6588
• lib: use req.socket over deprecated req.connection by @​bjohansebas in expressjs/express#6705
• doc: update express app example by @​shivarm in expressjs/express#6718
• build(deps): bump github/codeql-action from 3.29.2 to 3.29.5 by @​dependabot[bot] in expressjs/express#6675
• Remove history.md from being packaged on publish by @​sheplu in expressjs/express#6780

... (truncated)

Changelog

Sourced from express's changelog.

5.2.1 / 2025-12-01

• Revert security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
  • The prior release (5.2.0) included an erroneous breaking change related to the extended query parser. There is no actual security vulnerability associated with this behavior (CVE-2024-51999 has been rejected). The change has been fully reverted in this release.

5.2.0 / 2025-12-01

• Security fix for CVE-2024-51999 (GHSA-pj86-cfqh-vqx6)
• deps: body-parser@^2.2.1
• A deprecation warning was added when using res.redirect with undefined arguments, Express now emits a warning to help detect calls that pass undefined as the status or URL and make them easier to fix.

5.1.0 / 2025-03-31

• Add support for Uint8Array in res.send()
• Add support for ETag option in res.sendFile()
• Add support for multiple links with the same rel in res.links()
• Add funding field to package.json
• perf: use loop for acceptParams
• refactor: prefix built-in node module imports
• deps: remove setprototypeof
• deps: remove safe-buffer
• deps: remove utils-merge
• deps: remove methods
• deps: remove depd
• deps: debug@^4.4.0
• deps: body-parser@^2.2.0
• deps: router@^2.2.0
• deps: content-type@^1.0.5
• deps: finalhandler@^2.1.0
• deps: qs@^6.14.0
• deps: server-static@2.2.0
• deps: type-is@2.0.1

5.0.1 / 2024-10-08

• Update cookie semver lock to address CVE-2024-47764

5.0.0 / 2024-09-10

• remove:
  • path-is-absolute dependency - use path.isAbsolute instead
• breaking:
  • res.status() accepts only integers, and input must be greater than 99 and less than 1000
    • will throw a RangeError: Invalid status code: ${code}. Status code must be greater than 99 and less than 1000. for inputs outside this range
    • will throw a TypeError: Invalid status code: ${code}. Status code must be an integer. for non integer inputs
  • deps: send@1.0.0

... (truncated)

Commits

• dbac741 5.2.1
• 697547c Revert "sec: security patch for CVE-2024-51999"
• 4007ad1 Release: 5.2.0 (#6920)
• 2f64f68 sec: security patch for CVE-2024-51999
• ed0ba3f build(deps): bump actions/checkout from 5.0.0 to 6.0.0 (#6928)
• 8eace46 build(deps): bump github/codeql-action from 4.31.2 to 4.31.6 (#6929)
• 30bae81 build(deps): bump coverallsapp/github-action from 2.3.6 to 2.3.7 (#6930)
• 758d435 deps: body-parser@^2.2.1 (#6922)
• 77bcd52 docs: update emeritus triagers (#6890)
• f33caf1 Nominate to @​efekrskl for triage team (#6888)
• Additional commits viewable in compare view

Updates @types/express from 4.17.25 to 5.0.6

Commits

• See full diff in compare view

Updates express-rate-limit from 7.5.1 to 8.2.1

Release notes

Sourced from express-rate-limit's releases.

v8.2.1

You can view the changelog here.

v8.2.0

You can view the changelog here.

v8.1.0

You can view the changelog here.

v8.0.1

You can view the changelog here.

v8.0.0

You can view the changelog here.

Commits

• fe1604d 8.2.1
• b11c05b Fix: don't warn for extra config from express-slow-down (#580)
• 3734733 8.2.0
• 962d737 feat: Unknown Options validation check (#578)
• 992c15c chore(deps-dev): bump the development-dependencies group with 3 updates (#579)
• 449a28a chore(deps-dev): bump the development-dependencies group across 1 directory w...
• ceaff6f chore(deps-dev): bump @​biomejs/biome from 2.2.5 to 2.2.6 (#574)
• 4fccb9e chore(deps-dev): bump lint-staged from 16.2.4 to 16.2.5 (#573)
• b597770 Rework dependabot grouping
• 03e8336 chore(deps-dev): bump mintlify from 4.2.114 to 4.2.175 (#572)
• Additional commits viewable in compare view

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.

Updates node-cron from 3.0.3 to 4.2.1

Release notes

Sourced from node-cron's releases.

v4.0.0

What's Changed

• add option recoverMissedExecutions in readme by @​theusmoreira in node-cron/node-cron#332
• docs: migrate to es6 and add how to get tasks in node-cron by @​linder3hs in node-cron/node-cron#398
• v4 - migrating to typescript by @​merencia in node-cron/node-cron#439

New Contributors

• @​theusmoreira made their first contribution in node-cron/node-cron#332
• @​linder3hs made their first contribution in node-cron/node-cron#398

Full Changelog: node-cron/node-cron@v3.0.3...v4.0.0

Commits

• 3c31384 v4.2.1
• 6b27cb1 Merge pull request #471 from GiovaniGuizzo/fix/windows-path
• 3c52b87 doc: added hack notice
• 50bfc82 fix: fixed interop of ESM and CJS on Windows
• fb0c835 tests: added tests
• 7821a27 fix: fixed task import on Windows
• 19b4ba5 chore: added FUNDING.yml
• ce5c94e v4.2.0
• b4d224a Merge pull request #468 from AdrianoRuberto/main
• 0c5a91e Expose getTasks and getTask
• Additional commits viewable in compare view

Updates zod from 3.25.76 to 4.3.6

Release notes

Sourced from zod's releases.

v4.3.6

Commits:

• 9977fb0868432461de265a773319e80a90ba3e37 Add brand.dev to sponsors
• f4b7bae3468f6188b8f004e007d722148fc91d77 Update pullfrog.yml (#5634)
• 251d7163a0ac7740fee741428d913e3c55702ace Clean up workflow_call
• edd4132466da0f5065a8e051b599d01fdd1081d8 fix: add missing User-agent to robots.txt and allow all (#5646)
• 85db85e9091d0706910d60c7eb2e9c181edd87bd fix: typo in codec.test.ts file (#5628)
• cbf77bb12bdfda2e054818e79001f5cb3798ce76 Avoid non null assertion (#5638)
• dfbbf1c1ae0c224b8131d80ddf0a264262144086 Avoid re-exported star modules (#5656)
• 762e911e5773f949452fd6dd4e360f2362110e8e Generalize numeric key handling
• ca3c8629c0c2715571f70b44c2433cad3db7fe4e v4.3.6

v4.3.5

Commits:

• 21afffdb42ccab554036312e33fed0ea3cb8f982 [Docs] Update migration guide docs for deprecation of message (#5595)
• e36743e513aadb307b29949a80d6eb0dcc8fc278 Improve mini treeshaking
• 0cdc0b8597999fd9ca99767b912c1e82c1ff2d6c 4.3.5

v4.3.4

Commits:

• 1a8bea3b474eada6f219c163d0d3ad09fadabe72 Add integration tests
• e01cd02b2f23d7e9078d3813830b146f8a2258b4 Support patternProperties for looserecord (#5592)
• 089e5fbb0f58ce96d2c4fb34cd91724c78df4af5 Improve looseRecord docs
• decef9c418d9a598c3f1bada06891ba5d922c5cd Fix lint
• 9443aab00d44d5d5f4a7eada65fc0fc851781042 Drop iso time in fromJSONSchema
• 66bda7491a1b9eab83bdeec0c12f4efc7290bd48 Remove .refine() from ZodMiniType
• b4ab94ca608cd5b581bfc12b20dd8d95b35b3009 4.3.4

v4.3.3

Commits:

• f3b2151959d215d405f54dff3c7ab3bf1fd887ca v4.3.3

v4.3.2

Commits:

• bf96635d243118de6e4f260077aa137453790bf6 Loosen strictObjectinside intersection (#5587)
• f71dc0182ab0f0f9a6be6295b07faca269e10179 Remove Juno (#5590)
• 0f41e5a12a43e6913c9dcb501b2b5136ea86500d 4.3.2

v4.3.1

Commits:

• 0fe88407a4149c907929b757dc6618d8afe998fc allow non-overwriting extends with refinements. 4.3.1

v4.3.0

This is Zod's biggest release since 4.0. It addresses several of Zod's longest-standing feature requests.

... (truncated)

Commits

• ca3c862 v4.3.6
• 762e911 Generalize numeric key handling
• dfbbf1c Avoid re-exported star modules (#5656)
• cbf77bb Avoid non null assertion (#5638)
• 85db85e fix: typo in codec.test.ts file (#5628)
• edd4132 fix: add missing User-agent to robots.txt and allow all (#5646)
• 251d716 Clean up workflow_call
• f4b7bae Update pullfrog.yml (#5634)
• 9977fb0 Add brand.dev to sponsors
• 0cdc0b8 4.3.5
• Additional commits viewable in compare view

Updates @types/express from 4.17.25 to 5.0.6

Commits

• See full diff in compare view

Updates @types/node from 20.19.33 to 25.3.0

Commits

• See full diff in compare view

Updates prisma from 5.22.0 to 7.4.1

Release notes

Sourced from prisma's releases.

7.4.1

Today, we are issuing a 7.4.1 patch release focused on bug fixes and quality improvements.

🛠 Fixes

Prisma Client

• Fix cursor-based pagination regression with parameterised values (prisma/prisma#29184)
• Preserve Prisma.skip through query extension argument cloning (prisma/prisma#29198)
• Enable batching of multiple queries inside interactive transactions (prisma/prisma#25571)
• Add missing JSON value deserialization for JSONB parameter fields (prisma/prisma#29182)
• Apply result extensions correctly for nested and fluent relations (prisma/prisma#29218)
• Allow missing config datasource URL and validate only when needed (prisma/prisma-engines#5777)

Driver Adapters

• @​prisma/adapter-ppg: Handle null values in type parsers for nullable columns (prisma/prisma#29192)

Prisma Schema Language

• Support where argument on field-level @unique for partial indexes (prisma/prisma-engines#5774)
• Add object expression and object member support to schema reformatter (prisma/prisma-engines#5776)

🙏 Huge thanks to our community

Many of the fixes in this release were contributed by our amazing community members. We're grateful for your continued support and contributions that help make Prisma better for everyone!

7.4.0

Today, we are excited to share the 7.4.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Caching in Prisma Client

Today’s release is a big one, as we introduce a new caching layer into Prisma ORM. But why the need for a caching layer?

In Prisma 7, the query compiler runs as a WebAssembly module directly on the JavaScript main thread. While this simplified the architecture by eliminating the separate engine process, it introduced a trade-off: every query now synchronously blocks the event loop during compilation.

For individual queries, compilation takes between 0.1ms and 1ms, which is barely noticeable in isolation. But under high concurrency this overhead adds up and creates event loop contention that affects overall application throughput.

For instance, say we have a query that is run over and over, but is a similar shape:

// These two queries have the same shape:
const alice = await prisma.user.findUnique({ where: { email: 'alice@prisma.io' } })
const bob = await prisma.user.findUnique({ where: { email: 'bob@prisma.io' } })

Prior to v7.4.0, this would be reevaluated ever time the query is run. Now, Prisma Client will extract the user-provided values and replaces them with typed placeholders, producing a normalized query shape:

... (truncated)

Commits

• 1df1c6d fix(cli-generator): outdated default generator provider (#29089)
• 710c25d fix: update dependencies to fix pnpm audit (#29128)
• fdabc1c fix(cli): remove Prisma Pulse from CLI help message (#29093)
• 1677a32 docs: fix broken getting started links across repository (#28948)
• 32e5614 chore(cli): bump hono and @prisma/dev, resolving hono vulnerability. (#...
• 2a44bb8 chore(cli): bump studio, fixing vitess introspection. (#29045)
• 011b6a6 chore: remove promotions (#29015)
• 90141bb chore(cli): bump studio, add northwind to sandbox. (#28985)
• fd479fd feat(qc): fast and small build modes (#28976)
• 815ba13 chore(cli): bump @prisma/dev, fix init usage following changes. (#28929)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for prisma since your current version.

Updates next from 16.1.0 to 16.1.6

Release notes

Sourced from next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Upgrade to swc 54 (#88207)
• implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)
• tweak LRU sentinel key (#89123)

Credits

Huge thanks to @​mischnic, @​wyattjoh, and @​ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Only filter next config if experimental flag is enabled (#88733)

Credits

Huge thanks to @​mischnic for helping!

v16.1.3

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• Fix linked list bug in LRU deleteFromLru (#88652)
• Fix relative same host redirects in node middleware (#88253)

Credits

Huge thanks to @​acdlite and @​ijjk for helping!

v16.1.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

... (truncated)

Commits

• adf8c61 v16.1.6
• 098c0c0 [backport][ci] Make gh auth status optional when triggering a release (#89100)
• a43df32 Backport/docs fixes jan 25 16.1.x (#89124)
• d6d5734 tweak LRU sentinel cache key (#89123)
• 4324698 backport: implement LRU cache with invocation ID scoping for minimal mode res...
• 23c4649 [backport] Upgrade to swc 54 (#88207) (#89103)
• acba4a6 v16.1.5
• e1d1fc6 Add maximum size limit for postponed body parsing (#88175)
• 500ec83 fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
• 1caaca3 feat(next/image)!: add images.maximumResponseBody config (#88183)
• Additional commits viewable in compare view

Updates react from 19.2.0 to 19.2.4

Release notes

Sourced from react's releases.

19.2.4 (January 26th, 2026)

React Server Components

• Add more DoS mitigations to Server Actions, and harden Server Componen...

  Description has been truncated