Skip to content

chore(deps): bump the production-dependencies group across 1 directory with 8 updates#12

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/backend/production-dependencies-8a2ec644ce
Open

chore(deps): bump the production-dependencies group across 1 directory with 8 updates#12
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/backend/production-dependencies-8a2ec644ce

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 9, 2026
edited
Loading

Bumps the production-dependencies group with 8 updates in the /backend directory:

Package From To
@prisma/client 5.22.0 7.8.0
dotenv 16.6.1 17.4.2
express-rate-limit 7.5.1 8.5.2
helmet 7.2.0 8.2.0
http-proxy-middleware 2.0.9 4.0.0
joi 17.13.3 18.2.1
uuid 9.0.1 14.0.0
prisma 5.22.0 7.8.0

Updates @prisma/client from 5.22.0 to 7.8.0

Release notes

Sourced from @​prisma/client's releases.

7.8.0

Today, we are excited to share the 7.8.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Features

Prisma Client

  • Added a queryPlanCacheMaxSize option to the PrismaClient constructor for fine-grained control over the query plan cache. Pass 0 to disable the cache entirely, or omit it to use the default cache size. A larger value can improve performance in applications that execute many unique queries, while a smaller one can reduce memory usage. (#29503)

Bug Fixes

Prisma Client

  • Fixed an equality filter panic and incorrect ::jsonb cast when filtering on PostgreSQL JSON list columns. Queries using where: { jsonListField: { equals: [...] } }prisma/prisma-engines#5804
  • Fixed case-insensitive JSON field filtering (mode: insensitive), allowing where: { jsonField: { equals: "...", mode: "insensitive" } }prisma/prisma-engines#5806
  • Fixed incorrect parameterization of enum values that have a custom database name set via @map. (#29422)
  • Fixed a database parameter limit check (P2029), which could incorrectly reject or miss over-limit queries. (#29422)
  • Fixed a regression that caused missing SQL Server VARCHARprisma/prisma-engines#5801

Schema Engine

  • Fixed a misleading error message in prisma migrate diff that referenced the --shadow-database-url CLI flag, which was removed in Prisma 7. (#29455)
  • Fixed prisma migrate dev (and shadow database migration replay in general) failing with CREATE INDEX CONCURRENTLY cannot run inside a transaction blockprisma/prisma-engines#5799
  • Fixed PostgreSQL introspection silently dropping sequence defaults when the database returns the schema-qualified form pg_catalog.nextval('sequence_name'::regclass) instead of the bare nextval(...). Columns backed by sequences now correctly appear as @default(autoincrement())prisma/prisma-engines#5802

Driver Adapters

  • @​prisma/adapter-d1: Savepoint operations (createSavepoint, rollbackToSavepoint, releaseSavepoint) now silently no-op with debug logging instead of executing SQL statements, consistent with how the D1 adapter already treats top-level transactions. (#29499)

Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

... (truncated)

Commits
  • 62b44ac chore(deps): update engines to 7.8.0-5.e96eae70cf4ade6a15d7e6064d5b0b4f7d835d...
  • 4104864 feat: add a query plan cache size parameter (#29503)
  • 723ba7b chore(deps): update engines to 7.8.0-4.8c287008617e9b12f313df99e2c821ae61ea9a...
  • cadbafe chore(deps): update engines to 7.8.0-2.3187e3937290320ba3c7dbd5aa94af67942b44...
  • f705533 chore(deps): update engines to 7.8.0-1.7b80cc56c645c6e03c7541474e6a7c8d91b70d...
  • fbab4e8 Fix 29271 (#29303)
  • 6a3c3cc chore: extract parameterization to client-engine-runtime (#29422)
  • 5b420f8 fix(client): prevent caching of createMany queries to avoid cache bloat and p...
  • 30f0af6 feat: dmmf streaming with an E2E test (#29377)
  • 14c3c2e fix: pin E2E typescript to prevent 6 upgrade (#29383)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for @​prisma/client since your current version.


Updates dotenv from 16.6.1 to 17.4.2

Changelog

Sourced from dotenv's changelog.

17.4.2 (2026-04-12)

Changed

  • Improved skill files - tightened up details (#1009)

17.4.1 (2026-04-05)

Changed

  • Change text injecting to injected (#1005)

17.4.0 (2026-04-01)

Added

  • Add skills/ folder with focused agent skills: skills/dotenv/SKILL.md (core usage) and skills/dotenvx/SKILL.md (encryption, multiple environments, variable expansion) for AI coding agent discovery via the skills.sh ecosystem (npx skills add motdotla/dotenv)

Changed

  • Tighten up logs: ◇ injecting env (14) from .env (#1003)

17.3.1 (2026-02-12)

Changed

  • Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

  • Add a new README section on dotenv’s approach to the agentic future.

Changed

  • Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

  • Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)
  • Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

17.2.3 (2025-09-29)

Changed

  • Fixed typescript error definition (#912)

... (truncated)

Commits

Updates express-rate-limit from 7.5.1 to 8.5.2

Release notes

Sourced from express-rate-limit's releases.

v8.5.2

You can view the changelog here.

v8.5.1

You can view the changelog here.

v8.5.0

You can view the changelog here.

v8.4.1

You can view the changelog here.

v8.4.0

You can view the changelog here.

v8.3.2

You can view the changelog here.

v8.3.1

You can view the changelog here.

v8.3.0

You can view the changelog here.

v8.2.1

You can view the changelog here.

v8.2.0

You can view the changelog here.

v8.1.0

You can view the changelog here.

v8.0.1

You can view the changelog here.

v8.0.0

You can view the changelog here.

Commits
  • 9774693 8.5.2
  • 0e94cc0 v8.5.2 changelog
  • 9a583c5 feat: simplify IPv6 key generation (#633)
  • 4f4b3fb chore(deps-dev): bump lint-staged from 16.4.0 to 17.0.4 (#632)
  • 3c1d6c5 chore(deps-dev): bump the development-dependencies group with 7 updates (#631)
  • 18884b6 chore(deps): bump basic-ftp from 5.2.0 to 5.3.1 (#630)
  • dacc980 chore(deps): bump handlebars from 4.7.8 to 4.7.9 (#629)
  • 486d0c6 chore(deps): bump follow-redirects from 1.15.11 to 1.16.0 (#627)
  • 50cc3f6 8.5.1
  • 92c8e3e chore: bump ip-address library to latest (#626)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for express-rate-limit since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates helmet from 7.2.0 to 8.2.0

Changelog

Sourced from helmet's changelog.

8.2.0 - 2026-05-21

  • Cross-Origin-Opener-Policy: support noopener-allow-popups. See #522
  • Improve error message when passing duplicate options

8.1.0 - 2025-03-17

Changed

  • Content-Security-Policy gives a better error when a directive value, like self, should be quoted. See #482

8.0.0 - 2024-09-28

Changed

  • Breaking: Strict-Transport-Security now has a max-age of 365 days, up from 180
  • Breaking: Content-Security-Policy middleware now throws an error if a directive should have quotes but does not, such as self instead of 'self'. See #454
  • Breaking: Content-Security-Policy's getDefaultDirectives now returns a deep copy. This only affects users who were mutating the result
  • Breaking: Strict-Transport-Security now throws an error when "includeSubDomains" option is misspelled. This was previously a warning

Removed

  • Breaking: Drop support for Node 16 and 17. Node 18+ is now required
Commits

Updates http-proxy-middleware from 2.0.9 to 4.0.0

Release notes

Sourced from http-proxy-middleware's releases.

v4.0.0

Notable changes

  • Switched proxy from http-proxy to httpxy ✨ (chimurai/http-proxy-middleware#1160) This replaces a long-standing core dependency and brings in many upstream fixes and behavior improvements documented by the httpxy project: unjs/httpxy#2

  • ESM-only package [BREAKING CHANGE] 💣 http-proxy-middleware now ships as native ES modules only. CommonJS require() usage is no longer supported, so imports should use ESM syntax.

  • Updated Node.js support policy [BREAKING CHANGE] 💣 Dropped Node.js 14, 16, 18, and 20. New minimum supported runtime is Node.js 22.15.0

  • Removed legacyCreateProxyMiddleware() [BREAKING CHANGE] 💣 The legacy compatibility wrapper has been removed as part of API cleanup. Use createProxyMiddleware() directly.

  • Added IPv6 literal support ✨ target and forward now support literal IPv6 URLs, for example: http://[::1]:3000.

  • Experimental Hono support 🧪 Added createHonoProxyMiddleware() for Hono apps, including dedicated subpath support via http-proxy-middleware/hono.

Many thanks to everyone who helped make this release possible. 🙏

What's Changed

... (truncated)

Changelog

Sourced from http-proxy-middleware's changelog.

v4.0.0

  • fix(types): fix Logger type
  • fix(error-response-plugin): sanitize input
  • feat: drop node v14/v16/v18 [BREAKING CHANGE]
  • refactor: replace http-proxy w/ httpxy
  • chore: remove legacyCreateProxyMiddleware() [BREAKING CHANGE]
  • ci: migrate from jest to vitest
  • chore(package.json): esm only [BREAKING CHANGE]
  • chore(package.json): bump to httpxy 0.5.0 (#1183)
  • chore(package.json): drop node20 [BREAKING CHANGE] (#1179)
  • refactor: remove deprecated url.parse() (#1176)
  • fix(fixRequestBody): support content-encoding on request body (#1142)
  • fix: prevent TypeError when ws enabled but server is undefined (#1163)
  • fix: applyPathRewrite logs old req.url instead of rewritten path (#1157)
  • feat(hono): support for hono with createHonoProxyMiddleware
  • feat(ipv6): support literal IPv6 addresses in target and forward options (ie. "http://[::1]:8000")
  • chore(package.json): bump httpxy to ^0.5.1
  • fix(logger-plugin): support ipv6 host and handle undefined protocol/host
  • ci(publish.yml): pin github.triggering_actor
  • chore(package.json): node ^22.15.0 (#1218)
  • refactor(package): subpath 'http-proxy-middleware/hono' (#1220)
  • chore: node 26 support

v3.0.5

  • fix(fixRequestBody): check readableLength (#1096)

v3.0.4

  • fix(fixRequestBody): handle invalid request (#1092)
  • fix(fixRequestBody): prevent multiple .write() calls (#1089)
  • fix(websocket): handle errors in handleUpgrade (#823)
  • ci(package): patch http-proxy (#1084)
  • fix(fixRequestBody): support multipart/form-data (#896)
  • feat(types): export Plugin type (#1071)

v3.0.3

  • fix(pathFilter): handle errors

v3.0.2

  • refactor(dependency): replace is-plain-obj with is-plain-object (#1031)
  • chore(package): upgrade to eslint v9 (#1032)
  • fix(logger-plugin): handle undefined protocol and hostname (#1036)

v3.0.1

  • fix(type): fix RequestHandler return type (#980)

... (truncated)

Commits
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for http-proxy-middleware since your current version.

Install script changes

This version modifies prepare script that runs during installation. Review the package contents before updating.


Updates joi from 17.13.3 to 18.2.1

Commits
  • 048fe05 18.2.1
  • 2392713 Merge pull request #3113 from hapijs/fix/link-max-call-stack
  • fc146a6 fix: protect link recursion from max call stack
  • f4e97e0 18.2.0
  • 626893d Merge pull request #3111 from hapijs/feat/link-maxRecursion
  • 9c7a443 feat: add maxRecursion limit to links
  • 7d43b12 18.1.2
  • d98c802 Merge pull request #3107 from mahmoodhamdi/fix/json-schema-number-rules
  • 7edc591 fix: improve JSON Schema conversion for number.port() and number.sign()
  • 06afeb5 18.1.1
  • Additional commits viewable in compare view

Updates uuid from 9.0.1 to 14.0.0

Release notes

Sourced from uuid's releases.

v14.0.0

14.0.0 (2026-04-19)

⚠ BREAKING CHANGES

  • expect crypto to be global everywhere (requires node@20+) (#935)
  • drop node@18 support (#934)

Features

Bug Fixes

  • expect crypto to be global everywhere (requires node@20+) (#935) (f2c235f)
  • Use GITHUB_TOKEN for release-please and enable npm provenance (#925) (ffa3138)

v13.0.2

13.0.2 (2026-05-04)

Bug Fixes

  • rerelease to fix provenance. (49ccb35)

v13.0.1

13.0.1 (2026-04-27)

Bug Fixes

v13.0.0

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

  • make browser exports the default (#901)

Bug Fixes

v12.0.1

12.0.1 (2026-04-29)

... (truncated)

Changelog

Sourced from uuid's changelog.

14.0.0 (2026-04-19)

Security

  • Fixes GHSA-w5hq-g745-h8pq: v3(), v5(), and v6() did not validate that writes would remain within the bounds of a caller-supplied buffer, allowing out-of-bounds writes when an invalid offset was provided. A RangeError is now thrown if offset < 0 or offset + 16 > buf.length.

⚠ BREAKING CHANGES

  • crypto is now expected to be globally defined (requires node@20+) (#935)
  • drop node@18 support (#934)
  • upgrade minimum supported TypeScript version to 5.4.3, in keeping with the project's policy of supporting TypeScript versions released within the last two years

13.0.0 (2025-09-08)

⚠ BREAKING CHANGES

  • make browser exports the default (#901)

Bug Fixes

12.0.0 (2025-09-05)

⚠ BREAKING CHANGES

  • update to typescript@5.2 (#887)
  • remove CommonJS support (#886)
  • drop node@16 support (#883)

Features

Bug Fixes

11.1.0 (2025-02-19)

... (truncated)

Commits
  • 7c1ea08 chore(main): release 14.0.0 (#926)
  • 3d2c5b0 Merge commit from fork
  • f2c235f fix!: expect crypto to be global everywhere (requires node@20+) (#935)
  • 529ef08 chore: upgrade TypeScript and fixup types (#927)
  • 086fd79 chore: update dependencies (#933)
  • dc4ddb8 feat!: drop node@18 support (#934)
  • 0f1f9c9 chore: switch to Biome for parsing and linting (#932)
  • e2879e6 chore: use maintained version of npm-run-all (#930)
  • ffa3138 fix: Use GITHUB_TOKEN for release-please and enable npm provenance (#925)
  • 0423d49 docs: remove obsolete v1 option notes (#915)
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for uuid since your current version.

Install script changes

This version adds prepare script that runs during installation. Review the package contents before updating.


Updates prisma from 5.22.0 to 7.8.0

Release notes

Sourced from prisma's releases.

7.8.0

Today, we are excited to share the 7.8.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Features

Prisma Client

  • Added a queryPlanCacheMaxSize option to the PrismaClient constructor for fine-grained control over the query plan cache. Pass 0 to disable the cache entirely, or omit it to use the default cache size. A larger value can improve performance in applications that execute many unique queries, while a smaller one can reduce memory usage. (#29503)

Bug Fixes

Prisma Client

  • Fixed an equality filter panic and incorrect ::jsonb cast when filtering on PostgreSQL JSON list columns. Queries using where: { jsonListField: { equals: [...] } }prisma/prisma-engines#5804
  • Fixed case-insensitive JSON field filtering (mode: insensitive), allowing where: { jsonField: { equals: "...", mode: "insensitive" } }prisma/prisma-engines#5806
  • Fixed incorrect parameterization of enum values that have a custom database name set via @map. (#29422)
  • Fixed a database parameter limit check (P2029), which could incorrectly reject or miss over-limit queries. (#29422)
  • Fixed a regression that caused missing SQL Server VARCHARprisma/prisma-engines#5801

Schema Engine

  • Fixed a misleading error message in prisma migrate diff that referenced the --shadow-database-url CLI flag, which was removed in Prisma 7. (#29455)
  • Fixed prisma migrate dev (and shadow database migration replay in general) failing with CREATE INDEX CONCURRENTLY cannot run inside a transaction blockprisma/prisma-engines#5799
  • Fixed PostgreSQL introspection silently dropping sequence defaults when the database returns the schema-qualified form pg_catalog.nextval('sequence_name'::regclass) instead of the bare nextval(...). Columns backed by sequences now correctly appear as @default(autoincrement())prisma/prisma-engines#5802

Driver Adapters

  • @​prisma/adapter-d1: Savepoint operations (createSavepoint, rollbackToSavepoint, releaseSavepoint) now silently no-op with debug logging instead of executing SQL statements, consistent with how the D1 adapter already treats top-level transactions. (#29499)

Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

... (truncated)

Commits
  • 5723406 fix(cli): route bootstrap telemetry to Prisma Web Properties project (#29473)
  • 8e71aa7 fix(cli): install missing @prisma/client in prisma bootstrap (#29444)
  • ada077b fix(cli): bootstrap UX — auto-install deps, resumable flow, timeout handling ...
  • 9b0b7f5 feat(cli): add prisma bootstrap command (#29374)
  • 5fece0a chore: bump @​prisma/dev to 0.24.3 (#29396)
  • 45d7e0f feat(cli): add prisma postgres link command (#29352)
  • adbdf15 Pre-bundle Studio frontend assets and replace Hono (#29389)
  • f8258ad chore: bump effect to fix vulnerability (#29384)
  • 74839a9 feat(cli): update bundled @​prisma/studio-core to 0.27.3 (#29376)
  • 309b4bc refactor: extract 'prisma-client-js' into PRISMA_CLIENT_JS_PROVIDER constant ...
  • Additional commits viewable in compare view
Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for prisma since your current version.

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 9, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/backend/production-dependencies-8a2ec644ce branch from 46ebf3d to 8afd6a5 Compare April 13, 2026 21:47
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/backend/production-dependencies-8a2ec644ce branch from 8afd6a5 to d35a78a Compare April 20, 2026 22:42
@dependabot dependabot Bot changed the title chore(deps): bump the production-dependencies group in /backend with 8 updates chore(deps): bump the production-dependencies group across 1 directory with 8 updates Apr 28, 2026
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/backend/production-dependencies-8a2ec644ce branch from d35a78a to 83f2429 Compare April 28, 2026 00:12
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/backend/production-dependencies-8a2ec644ce branch from 83f2429 to 7b4f730 Compare May 12, 2026 03:26
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/backend/production-dependencies-8a2ec644ce branch 2 times, most recently from 4c464f0 to a2355a0 Compare May 26, 2026 02:32
@dependabot
chore(deps): bump the production-dependencies group across 1 director…
63d49ff 
…y with 8 updates

Bumps the production-dependencies group with 8 updates in the /backend directory:

| Package | From | To |
| --- | --- | --- |
| [@prisma/client](https://github.com/prisma/prisma/tree/HEAD/packages/client) | `5.22.0` | `7.8.0` |
| [dotenv](https://github.com/motdotla/dotenv) | `16.6.1` | `17.4.2` |
| [express-rate-limit](https://github.com/express-rate-limit/express-rate-limit) | `7.5.1` | `8.5.2` |
| [helmet](https://github.com/helmetjs/helmet) | `7.2.0` | `8.2.0` |
| [http-proxy-middleware](https://github.com/chimurai/http-proxy-middleware) | `2.0.9` | `4.0.0` |
| [joi](https://github.com/hapijs/joi) | `17.13.3` | `18.2.1` |
| [uuid](https://github.com/uuidjs/uuid) | `9.0.1` | `14.0.0` |
| [prisma](https://github.com/prisma/prisma/tree/HEAD/packages/cli) | `5.22.0` | `7.8.0` |



Updates `@prisma/client` from 5.22.0 to 7.8.0
- [Release notes](https://github.com/prisma/prisma/releases)
- [Commits](https://github.com/prisma/prisma/commits/7.8.0/packages/client)

Updates `dotenv` from 16.6.1 to 17.4.2
- [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md)
- [Commits](motdotla/dotenv@v16.6.1...v17.4.2)

Updates `express-rate-limit` from 7.5.1 to 8.5.2
- [Release notes](https://github.com/express-rate-limit/express-rate-limit/releases)
- [Commits](express-rate-limit/express-rate-limit@v7.5.1...v8.5.2)

Updates `helmet` from 7.2.0 to 8.2.0
- [Changelog](https://github.com/helmetjs/helmet/blob/main/CHANGELOG.md)
- [Commits](helmetjs/helmet@v7.2.0...v8.2.0)

Updates `http-proxy-middleware` from 2.0.9 to 4.0.0
- [Release notes](https://github.com/chimurai/http-proxy-middleware/releases)
- [Changelog](https://github.com/chimurai/http-proxy-middleware/blob/master/CHANGELOG.md)
- [Commits](chimurai/http-proxy-middleware@v2.0.9...v4.0.0)

Updates `joi` from 17.13.3 to 18.2.1
- [Commits](hapijs/joi@v17.13.3...v18.2.1)

Updates `uuid` from 9.0.1 to 14.0.0
- [Release notes](https://github.com/uuidjs/uuid/releases)
- [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md)
- [Commits](uuidjs/uuid@v9.0.1...v14.0.0)

Updates `prisma` from 5.22.0 to 7.8.0
- [Release notes](https://github.com/prisma/prisma/releases)
- [Commits](https://github.com/prisma/prisma/commits/7.8.0/packages/cli)

---
updated-dependencies:
- dependency-name: "@prisma/client"
  dependency-version: 7.7.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: dotenv
  dependency-version: 17.4.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: express-rate-limit
  dependency-version: 8.3.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: helmet
  dependency-version: 8.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: http-proxy-middleware
  dependency-version: 3.0.5
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: joi
  dependency-version: 18.1.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: prisma
  dependency-version: 7.7.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: production-dependencies
- dependency-name: uuid
  dependency-version: 13.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/backend/production-dependencies-8a2ec644ce branch from a2355a0 to 63d49ff Compare June 3, 2026 08:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants