build(deps): bump the minor-and-patch group across 1 directory with 17 updates by dependabot[bot] · Pull Request #64 · groundsgg/cockpit

dependabot · 2026-02-16T02:53:23Z

Bumps the minor-and-patch group with 17 updates in the / directory:

Package	From	To
@formatjs/intl-localematcher	`0.7.1`	`0.8.1`
@paralleldrive/cuid2	`3.0.4`	`3.3.0`
@prisma/adapter-pg	`7.1.0`	`7.4.0`
@prisma/client	`7.1.0`	`7.4.0`
better-auth	`1.4.7`	`1.4.18`
dotenv	`17.2.3`	`17.3.1`
lucide-react	`0.561.0`	`0.564.0`
next	`16.0.10`	`16.1.6`
pg	`8.16.3`	`8.18.0`
prisma	`7.1.0`	`7.4.0`
react	`19.2.3`	`19.2.4`
react-dom	`19.2.3`	`19.2.4`
tailwind-merge	`3.4.0`	`3.4.1`
zod	`4.2.0`	`4.3.6`
@commitlint/cli	`20.2.0`	`20.4.1`
@commitlint/config-conventional	`20.2.0`	`20.4.1`
prettier	`3.7.4`	`3.8.1`

Updates @formatjs/intl-localematcher from 0.7.1 to 0.8.1

Release notes

Sourced from @formatjs/intl-localematcher's releases.

@formatjs/intl-localematcher@0.8.0

0.8.0 (2026-01-15)

Features

@formatjs/intl-segmenter: improve Unicode 17.0 Format/Extend transparency and upgrade deps (#5862) (effeb9c), closes #29 - by @longlho

@formatjs/intl-localematcher@0.7.3

0.7.3 (2025-12-23)

Bug Fixes

@formatjs/intl-localematcher: speed up best fit matcher, fix #4936 (#5674) (a6ad458) - by @longlho

Commits

4f1a1cf build: publish
71e4c82 build: allow renovate and graphite-app bot for Claude
1fbac61 build: rm tsx, use --experimental-transform-types (#6007)
968b211 fix(@formatjs/cli-lib): respect throws:false flag in extract() function (#6002)
c92c30b fix(@formatjs/intl-datetimeformat): fix formatRange date duplication and h24 ...
b7a75e0 build: add Claude Code GitHub Workflow (#5998)
abfa037 feat(formatjs_cli): add base62 support (#5996)
e91cc79 fix(formatjs_cli): bump version
fb23213 fix(formatjs_cli): fix format extraction bug (#5995)
05afc90 chore(deps): update dependency lodash-es to v4.17.23 [security] (#5989)
Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for @formatjs/intl-localematcher since your current version.

Updates @paralleldrive/cuid2 from 3.0.4 to 3.3.0

Changelog

Sourced from @paralleldrive/cuid2's changelog.

[3.3.0] - 2026-01-25

Fixed

Fix typo in package.json exports field: ./package.json path was incorrectly specified

Fix TypeScript compilation error (TS1203) by replacing export = with named exports in index.d.ts

Updated

Update AI development framework (aidd) to v2.5.0 for enhanced security reviews

Update all devDependencies to latest versions (@types/node, @types/react, eslint, eslint-config-next, eslint-config-prettier, eslint-plugin-prettier, next, prettier, react, react-dom, release-it, riteway, updtr, watch)

[3.0.2] - 2025-10-27

Changed

Remove collision-test from pre-commit hook to unblock release process

Fixed

Replace BigInt with bignumber.js for broader browser support (legacy browsers)

Add export module field to package.json for better ESM compatibility

Added

Implement CSPRNG using crypto.getRandomValues for enhanced security

Add validation to throw error when length > 32

Documentation

Fix typo: Change "Pseudo" to "Pseudo" in README.md

Update link for PleaseRobMe.com

[3.0.0] - 2025-10-18

⚠️ BREAKING CHANGES

Convert entire project from CommonJS to ES modules

Changed from require()/module.exports to import/export

Added "type": "module" to package.json

Users must use ESM imports or upgrade to this version carefully

For CommonJS compatibility, use v2.3.1 instead

[2.3.1] - 2025-10-24

Fixed

Maintenance release: Restore CommonJS compatibility for v2.x line

This version is based on v2.2.2 to provide a non-breaking upgrade path

Published with v2-compat tag for users who need CommonJS

... (truncated)

Commits

2275e80 chore(release): v3.3.0
3af6f1b chore: update CHANGELOG for v3.2.1
ee1ff97 Merge pull request #119 from paralleldrive/update
59541b5 chore: downgrade packages for security
aebdc31 chore: remove legacy Travis CI config
71b5d09 ci: add GitHub Actions workflow
d044cfe chore: update dependencies and AI framework
3bec9b1 Merge pull request #116 from paralleldrive/copilot/fix-typescript-error-ts1203
a910d6e Delete REVIEW.md
76b5c83 docs: add comprehensive code review for TS1203 fix
Additional commits viewable in compare view

Updates @prisma/adapter-pg from 7.1.0 to 7.4.0

Release notes

Sourced from @prisma/adapter-pg's releases.

7.4.0

Today, we are excited to share the 7.4.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Caching in Prisma Client

Today’s release is a big one, as we introduce a new caching layer into Prisma ORM. But why the need for a caching layer?

In Prisma 7, the query compiler runs as a WebAssembly module directly on the JavaScript main thread. While this simplified the architecture by eliminating the separate engine process, it introduced a trade-off: every query now synchronously blocks the event loop during compilation.

For individual queries, compilation takes between 0.1ms and 1ms, which is barely noticeable in isolation. But under high concurrency this overhead adds up and creates event loop contention that affects overall application throughput.

For instance, say we have a query that is run over and over, but is a similar shape:
// These two queries have the same shape:
const alice = await prisma.user.findUnique({ where: { email: 'alice@prisma.io' } })
const bob = await prisma.user.findUnique({ where: { email: 'bob@prisma.io' } })
Prior to v7.4.0, this would be reevaluated ever time the query is run. Now, Prisma Client will extract the user-provided values and replaces them with typed placeholders, producing a normalized query shape:
prisma.user.findUnique({ where: { email: %1 } })   // cache key
                                         ↑
                              %1 = 'alice@prisma.io'  (or 'bob@prisma.io')
This normalized shape is used as a cache key. On the first call, the query is compiled as usual and the resulting plan is stored in an LRU cache. On every subsequent call with the same query shape, regardless of the actual values, the cached plan is reused instantly without invoking the compiler.

We have more details on the impact of this change and some deep dives into Prisma architecture in an upcoming blog post!

Partial Indexes (Filtered Indexes) Support

We're excited to announce Partial Indexes support in Prisma! This powerful community-contributed feature allows you to create indexes that only include rows matching specific conditions, significantly reducing index size and improving query performance.

Partial indexes are available behind the partialIndexes preview feature for PostgreSQL, SQLite, SQL Server, and CockroachDB, with full migration and introspection support.

Basic usage

Enable the preview feature in your schema:
generator client {
  provider        = "prisma-client-js"
</tr></table> 

... (truncated)

Commits

531886f fix: fix byte upserts by removing legacy byte array representation (#28913)
0c6db15 fix(adapter-{pg,neon,ppg}): handle 22P02 error in Postgres (#28849)
See full diff in compare view

Updates @prisma/client from 7.1.0 to 7.4.0

Release notes

Sourced from @prisma/client's releases.

7.4.0

Today, we are excited to share the 7.4.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Caching in Prisma Client

Today’s release is a big one, as we introduce a new caching layer into Prisma ORM. But why the need for a caching layer?

In Prisma 7, the query compiler runs as a WebAssembly module directly on the JavaScript main thread. While this simplified the architecture by eliminating the separate engine process, it introduced a trade-off: every query now synchronously blocks the event loop during compilation.

For individual queries, compilation takes between 0.1ms and 1ms, which is barely noticeable in isolation. But under high concurrency this overhead adds up and creates event loop contention that affects overall application throughput.

For instance, say we have a query that is run over and over, but is a similar shape:
// These two queries have the same shape:
const alice = await prisma.user.findUnique({ where: { email: 'alice@prisma.io' } })
const bob = await prisma.user.findUnique({ where: { email: 'bob@prisma.io' } })
Prior to v7.4.0, this would be reevaluated ever time the query is run. Now, Prisma Client will extract the user-provided values and replaces them with typed placeholders, producing a normalized query shape:
prisma.user.findUnique({ where: { email: %1 } })   // cache key
                                         ↑
                              %1 = 'alice@prisma.io'  (or 'bob@prisma.io')
This normalized shape is used as a cache key. On the first call, the query is compiled as usual and the resulting plan is stored in an LRU cache. On every subsequent call with the same query shape, regardless of the actual values, the cached plan is reused instantly without invoking the compiler.

We have more details on the impact of this change and some deep dives into Prisma architecture in an upcoming blog post!

Partial Indexes (Filtered Indexes) Support

We're excited to announce Partial Indexes support in Prisma! This powerful community-contributed feature allows you to create indexes that only include rows matching specific conditions, significantly reducing index size and improving query performance.

Partial indexes are available behind the partialIndexes preview feature for PostgreSQL, SQLite, SQL Server, and CockroachDB, with full migration and introspection support.

Basic usage

Enable the preview feature in your schema:
generator client {
  provider        = "prisma-client-js"
</tr></table> 

... (truncated)

Commits

7060f68 chore(deps): update engines to 7.4.0-20.ab56fe763f921d033a6c195e7ddeb3e255bdb...
91a24a9 feat: query plan caching (#29038)
b49d446 chore(deps): update engines to 7.4.0-18.2997580c8cb38878f73e100453e7b27119e8f...
3c99935 chore(deps): update engines to 7.4.0-17.57b675f79cd26fbf702d70f9a13d2b7b2fad9...
e7504d7 chore(deps): update engines to 7.4.0-16.d0314091cdd30494eefc61d346f8c09aca20d...
1e6c91c chore(deps): update engines to 7.4.0-15.6129681d45ea4510d3372dd5b28f6b8927584...
e1bfd22 chore(deps): update engines to 7.4.0-13.e876f7aec6b9be3e5147d061ed521ec45a845...
12ca969 chore(deps): update engines to 7.4.0-12.aa5ee090ba89988f1dce71be263f4bcd9519b...
36b57cb chore(deps): update engines to 7.4.0-11.8583547702bad6d8e7de7d9812f7ec5c22e1c...
b6afc3f test: initialize the test client before the QPE (#29130)
Additional commits viewable in compare view

Updates better-auth from 1.4.7 to 1.4.18

Release notes

Sourced from better-auth's releases.

v1.4.18

🚀 Features

Add disableImplicitLinking to accountLinking - by @Paola3stefania and @himself65 in better-auth/better-auth#7270 (a7740)

Mark /forget-password/email-otp as deprecation - by @bytaesu in better-auth/better-auth#7645 (8f333)

device-authorization:

Add user id checks - by @himself65 in better-auth/better-auth#7632 (4d79c)

one-tap:

Add button mode for Google sign-in - by @himself65 and Alex Yang in better-auth/better-auth#7482 (aeb92)

sso:

Support multi-domain providers - by @Paola3stefania in better-auth/better-auth#7541 (5be34)

Add provider list and detail endpoints - by @Paola3stefania and @himself65 in better-auth/better-auth#6967 (d0ed1)

🐞 Bug Fixes

Correctly handle OAuth callback and Apple email field - by @bytaesu in better-auth/better-auth#7181 (c918e)

Centralize cookie parsing and handle Expires dates correctly - by @bytaesu, @cursoragent, taesu and @himself65 in better-auth/better-auth#7556 (d598b)

Refresh account_data cookie when session is refreshed - by @bytaesu and @himself65 in better-auth/better-auth#7576 (5d3f7)

Remove duplicate secondary storage writes from setSessionCookie - by @bytaesu in better-auth/better-auth#7592 (7a4bc)

Set default logger level to "warn" - by @bytaesu, @cursoragent and taesu in better-auth/better-auth#7597 (5d0e7)

Respect the explicitly set sendOnSignUp option - by @bytaesu in better-auth/better-auth#7593 (33619)

Handle serial and false cases in generateId - by @bytaesu in better-auth/better-auth#7474 (949cd)

Log error when misconfigured - by @himself65 in better-auth/better-auth#7584 (16201)

Update google oauth endpoints - by @bytaesu in better-auth/better-auth#7442 (d401b)

Consistent api version for facebook provider - by @bytaesu in better-auth/better-auth#7445 (cf619)

Check jsconfig.json in getPathAliases - by @jycouet in better-auth/better-auth#7650 (9cb45)

2fa:

Server-side trust device expiration and configurable maxAge - by @Paola3stefania and @himself65 in better-auth/better-auth#7644 (5d15b)

anonymous:

Export types - by @CalLavicka and @himself65 in better-auth/better-auth#7661 (133a2)

cli:

Use inkeep remote mcp url - by @Bekacru in better-auth/better-auth#7543 (27af8)

Update MCP URL from Chonkie to Inkeep - by @Paola3stefania in better-auth/better-auth#7585 (79621)

core:

Consolidate rateLimit table schema definition - by @bytaesu in better-auth/better-auth#7551 (ea589)

email-otp:

Add stricter default rate limits for password reset endpoints - by @bytaesu in better-auth/better-auth#7658 (dcc28)

expo:

Prevent null cookie key when redirect URL has no cookie param - by @bytaesu in better-auth/better-auth#7555 (d2ca0)

Prevent duplicate listener notifications in FocusManager and OnlineManager - by @kimchi-developer and @himself65 in better-auth/better-auth#7552 (a3ffb)

github:

Surface OAuth token exchange errors - by @Paola3stefania in better-auth/better-auth#7186 (94b75)

mcp:

Remove local mpc - by @Paola3stefania in better-auth/better-auth#7574 (d6d62)

multi-session:

Prevent duplicate cookies when same user signs in multiple times - by @Paola3stefania and @himself65 in better-auth/better-auth#7256 (9db76)

oauth-provider:

Properly handle metadata field in client registration - by @Paola3stefania in better-auth/better-auth#7232 (33015)

okta:

Userinfo route mismatch - by @psigen in better-auth/better-auth#7602 (acf77)

... (truncated)

Commits

d99d3ce chore: release v1.4.18
5d15bf4 fix(2fa): server-side trust device expiration and configurable maxAge (#7644)
c6f8f3b fix(saml): IdP-Initiated Callback Routing (#6675)
040c624 chore: improve rate limiting type definitions (#7313)
133a2b2 fix(anonymous): export types (#7661)
dcc289e fix(email-otp): add stricter default rate limits for password reset endpoints...
8f3330d feat: mark /forget-password/email-otp as deprecation (#7645)
4d79c43 feat(device-authorization): add user id checks (#7632)
a7740bc feat: add disableImplicitLinking to accountLinking (#7270)
9db76ab fix(multi-session): prevent duplicate cookies when same user signs in multipl...
Additional commits viewable in compare view

Updates dotenv from 17.2.3 to 17.3.1

Changelog

Sourced from dotenv's changelog.

17.3.1 (2026-02-12)

Changed

Fix as2 example command in README and update spanish README

17.3.0 (2026-02-12)

Added

Add a new README section on dotenv’s approach to the agentic future.

Changed

Rewrite README to get humans started more quickly with less noise while simultaneously making more accessible for llms and agents to go deeper into details.

17.2.4 (2026-02-05)

Changed

Make DotenvPopulateInput accept NodeJS.ProcessEnv type (#915)

Give back to dotenv by checking out my newest project vestauth. It is auth for agents. Thank you for using my software.

Commits

7bc16a4 17.3.1
27303fd update README-es
6379eb2 update README
b6d7339 fix spelling
5febe35 17.3.0
f61f383 changelog 🪵
dec94ad update README
4856950 update README
6351887 update README
23bd017 update README
Additional commits viewable in compare view

Updates lucide-react from 0.561.0 to 0.564.0

Release notes

Sourced from lucide-react's releases.

Version 0.564.0

What's Changed

chore(docs): Improve SEO icon detail pages by @ericfennis in lucide-icons/lucide#4040

feat(icons): added database-search icon by @Spleefies in lucide-icons/lucide#4003

fix(icons): changed user-lock icon by @jguddas in lucide-icons/lucide#3971

fix(icons): changed bug-off icon by @jguddas in lucide-icons/lucide#3972

fix(icons): changed bell-dot icon by @jguddas in lucide-icons/lucide#3973

fix(icons): changed bandage icon by @jguddas in lucide-icons/lucide#3967

fix(icons): changed hard-drive icon by @jguddas in lucide-icons/lucide#3622

fix(icons): changed git-branch icon by @jguddas in lucide-icons/lucide#3938

fix(icons): changed file-cog icon by @jguddas in lucide-icons/lucide#3965

fix(icons): changed cloud-alert and cloud-check icon by @jguddas in lucide-icons/lucide#3976

feat(icons): adds user-key and user-round-key, updates other -key icons to match by @karsa-mistmere in lucide-icons/lucide#4044

New Contributors

@Spleefies made their first contribution in lucide-icons/lucide#4003

Full Changelog: lucide-icons/lucide@0.563.1...0.564.0

Hotfix @lucide/svelte hasA11yProp.js import

What's Changed

fix(@lucide/svelte): Fix build in by @ericfennis in lucide-icons/lucide#4026

Full Changelog: lucide-icons/lucide@0.563.0...0.563.1

Version 0.563.0

What's Changed

aria-hidden is by default added to icons components in all packages. This was already added to lucide-react before. Making icons accessible, you can add an aria-label or a title. See docs about accessibility.

All changes

chore(dev): Enable ligatures in font build configuration by @dcxo in lucide-icons/lucide#3876

chore(repo): add Android to brand stopwords by @karsa-mistmere in lucide-icons/lucide#3895

fix(site): add missing titles and a title template by @taimar in lucide-icons/lucide#3920

fix(site): unify and improve the styling of input fields by @taimar in lucide-icons/lucide#3919

fix(icons): changed star-off icon by @jguddas in lucide-icons/lucide#3952

fix(icons): changed tickets-plane icon by @jguddas in lucide-icons/lucide#3928

fix(icons): changed monitor-off icon by @jguddas in lucide-icons/lucide#3962

fix(icons): changed lasso icon by @jguddas in lucide-icons/lucide#3961

fix(icons): changed cloud-off icon by @jguddas in lucide-icons/lucide#3942

docs(site): added lucide-web-components third-party package by @midesweb in lucide-icons/lucide#3948

chore(deps-dev): bump preact from 10.27.2 to 10.27.3 by @dependabot[bot] in lucide-icons/lucide#3955

feat(icon): add globe-x icon with metadata by @Muhammad-Aqib-Bashir in lucide-icons/lucide#3827

fix(icons): changed waypoints icon by @karsa-mistmere in lucide-icons/lucide#3990

fix(icons): changed bookmark icon by @jguddas in lucide-icons/lucide#2906

fix(icons): changed message-square-dashed icon by @jguddas in lucide-icons/lucide#3959

fix(icons): changed cloudy icon by @jguddas in lucide-icons/lucide#3966

fix(github-actions): resolved spelling mistake in gh issue close command by @jguddas in lucide-icons/lucide#4000

... (truncated)

Commits

67c0485 feat(scripts): added helper script to automatically update OpenCollective bac...
b6ed43d feat(packages): Added aria-hidden fallback for decorative icons to all packag...
See full diff in compare view

Updates next from 16.0.10 to 16.1.6

Release notes

Sourced from next's releases.

v16.1.6

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Upgrade to swc 54 (#88207)

implement LRU cache with invocation ID scoping for minimal mode response cache (#88509)

tweak LRU sentinel key (#89123)

Credits

Huge thanks to @mischnic, @wyattjoh, and @ztanner for helping!

v16.1.5

Please refer the following changelogs for more information about this security release:

https://vercel.com/changelog/summaries-of-cve-2025-59471-and-cve-2025-59472 https://vercel.com/changelog/summary-of-cve-2026-23864

v16.1.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Only filter next config if experimental flag is enabled (#88733)

Credits

Huge thanks to @mischnic for helping!

v16.1.3

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

Fix linked list bug in LRU deleteFromLru (#88652)

Fix relative same host redirects in node middleware (#88253)

Credits

Huge thanks to @acdlite and @ijjk for helping!

v16.1.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

... (truncated)

Commits

adf8c61 v16.1.6
098c0c0 [backport][ci] Make gh auth status optional when triggering a release (#89100)
a43df32 Backport/docs fixes jan 25 16.1.x (#89124)
d6d5734 tweak LRU sentinel cache key (#89123)
4324698 backport: implement LRU cache with invocation ID scoping for minimal mode res...
23c4649 [backport] Upgrade to swc 54 (#88207) (#89103)
acba4a6 v16.1.5
e1d1fc6 Add maximum size limit for postponed body parsing (#88175)
500ec83 fetch(next/image): reduce maximumResponseBody from 300MB to 50MB (#88588)
1caaca3 feat(next/image)!: add images.maximumResponseBody config (#88183)
Additional commits viewable in compare view

Updates pg from 8.16.3 to 8.18.0

Changelog

Sourced from pg's changelog.

pg@8.18.0

Return the client instance as the result of calling connect (previously it was void).

pg@8.17.0

Throw correct error if database URL parsing fails.

pg@8.16.0

Add support for min connection pool size.

pg@8.15.0

Add support for esm importing. CommonJS importing is still also supported.

pg@8.14.0

Add support from SCRAM-SAH-256-PLUS i.e. channel binding.

pg@8.13.0

Add ability to specify query timeout on per-query basis.

pg@8.12.0

Add queryMode config option to force use of the extended query protocol on queries without any parameters.

pg-pool@8.10.0

Emit release event when client is returned to the pool.

pg@8.9.0

Add support for stream factory.

Better errors for SASL authentication.

Use native crypto module for SASL authentication.

pg@8.8.0

Bump minimum required version of native bindings.

Catch previously uncatchable errors thrown in pool.query.

Prevent the pool from blocking the event loop if all clients are idle (and allowExitOnIdle is enabled).

Support lock_timeout in client config.

Fix errors thrown in callbacks from interfering with cleanup.

pg-pool@3.5.0

Add connection lifetime limit config option.

... (truncated)

Commits

fc4de3c Publish
0d1541d Always check if activeQuery is null before using it (#3586)
57e93b5 Return the client instance in the connect() method (#3564)
5b68a11 Publish
ea06db5 Remove node: prefix from imports (#3584)
a3a4567 remove unused variable (#3562)
4eb7529 Publish
b94c8e1 Don't use prefix import as it breaks in old nodes. (#3578)
6bf475c Improve Deno compatibility: config-first and safe env access (#3547)
d10e09c Publish
Additional commits viewable in compare view

Updates prisma from 7.1.0 to 7.4.0

Release notes

Sourced from prisma's releases.

7.4.0

Today, we are excited to share the 7.4.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Caching in Prisma Client

Today’s release is a big one, as we introduce a new caching layer into Prisma ORM. But why the need for a caching layer?

In Prisma 7, the query compiler runs as a WebAssembly module directly on the JavaScript main thread. While this simplified the architecture by eliminating the separate engine process, it introduced a trade-off: every query now synchronously blocks the event loop during compilation.

For individual queries, compilation takes between 0.1ms and 1ms, which is barely noticeable in isolation. But under high concurrency this overhead adds up and creates event loop contention that affects overall application throughput.

For instance, say we have a query that is run over and over, but is a similar shape:
// These two queries have the same shape:
const alice = await prisma.user.findUnique({ where: { email: 'alice@prisma.io' } })
const bob = await prisma.user.findUnique({ where: { email: 'bob@prisma.io' } })
Prior to v7.4.0, this would be reevaluated ever time the query is run. Now, Prisma Client will extract the user-provided values and replaces them with typed placeholders, producing a normalized query shape:
prisma.user.findUnique({ where: { email: %1 } })   // cache key
                                         ↑
                              %1 = 'alice@prisma.io'  (or 'bob@prisma.io')
This normalized shape is used as a cache key. On the first call, the query is compiled as usual and the resulting plan is stored in an LRU cache. On every subsequent call with the same query shape, regardless of the actual values, the cached plan is reused instantly without invoking the compiler.

We have more details on the impact of this change and some deep dives into Prisma architecture in an upcoming blog post!

Partial Indexes (Filtered Indexes) Support

We're excited to announce Partial Indexes support in Prisma! This powerful community-contributed feature allows you to create indexes that only include rows matching specific conditions, significantly reducing index size and improving query performance.

Partial indexes are available behind the partialIndexes preview feature for PostgreSQL, SQLite, SQL Server, and CockroachDB, with full migration and introspection support.

Basic usage

Enable the preview feature in your schema:
generator client {
  provider        = "prisma-client-js"
</tr></table> 

... (truncated)

Commits

1df1c6d fix(cli-generator): outdated default generator provider (#29089)
710c25d fix: update dependencies to fix pnpm audit (#29128)
fdabc1c fix(cli): remove Prisma Pulse from CLI help message (#29093)
1677a32 docs: fix broken getting started links across repository (#28948)
32e5614 chore(cli): bump hono and @prisma/dev, resolving hono vulnerability. (#...
2a44bb8 chore(cli): bump studio, fixing vitess introspection. (#29045)
011b6a6 chore: remove promotions (#29015)
90141bb chore(cli): bump studio, add northwind to sandbox. (#28985)
fd479fd feat(qc): fast and small build modes (#28976)
815ba13 chore(cli): bump @prisma/dev, fix init usage following changes. (#28929)
Additional commits viewable in compare view

Updates react from 19.2.3 to 19.2.4

Release notes

Sourced from react's releases.

19.2.4 (January 26th, 2026)

React Server Components

Add more DoS mitigations to Server Actions, and harden Server Components (#35632 by @gnoff, @lubieowoce, @sebmarkb... Description has been truncated

…7 updates Bumps the minor-and-patch group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [@formatjs/intl-localematcher](https://github.com/formatjs/formatjs) | `0.7.1` | `0.8.1` | | [@paralleldrive/cuid2](https://github.com/ericelliott/cuid2) | `3.0.4` | `3.3.0` | | [@prisma/adapter-pg](https://github.com/prisma/prisma/tree/HEAD/packages/adapter-pg) | `7.1.0` | `7.4.0` | | [@prisma/client](https://github.com/prisma/prisma/tree/HEAD/packages/client) | `7.1.0` | `7.4.0` | | [better-auth](https://github.com/better-auth/better-auth/tree/HEAD/packages/better-auth) | `1.4.7` | `1.4.18` | | [dotenv](https://github.com/motdotla/dotenv) | `17.2.3` | `17.3.1` | | [lucide-react](https://github.com/lucide-icons/lucide/tree/HEAD/packages/lucide-react) | `0.561.0` | `0.564.0` | | [next](https://github.com/vercel/next.js) | `16.0.10` | `16.1.6` | | [pg](https://github.com/brianc/node-postgres/tree/HEAD/packages/pg) | `8.16.3` | `8.18.0` | | [prisma](https://github.com/prisma/prisma/tree/HEAD/packages/cli) | `7.1.0` | `7.4.0` | | [react](https://github.com/facebook/react/tree/HEAD/packages/react) | `19.2.3` | `19.2.4` | | [react-dom](https://github.com/facebook/react/tree/HEAD/packages/react-dom) | `19.2.3` | `19.2.4` | | [tailwind-merge](https://github.com/dcastil/tailwind-merge) | `3.4.0` | `3.4.1` | | [zod](https://github.com/colinhacks/zod) | `4.2.0` | `4.3.6` | | [@commitlint/cli](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/cli) | `20.2.0` | `20.4.1` | | [@commitlint/config-conventional](https://github.com/conventional-changelog/commitlint/tree/HEAD/@commitlint/config-conventional) | `20.2.0` | `20.4.1` | | [prettier](https://github.com/prettier/prettier) | `3.7.4` | `3.8.1` | Updates `@formatjs/intl-localematcher` from 0.7.1 to 0.8.1 - [Release notes](https://github.com/formatjs/formatjs/releases) - [Commits](https://github.com/formatjs/formatjs/compare/@formatjs/intl-localematcher@0.7.1...@formatjs/intl-localematcher@0.8.1) Updates `@paralleldrive/cuid2` from 3.0.4 to 3.3.0 - [Changelog](https://github.com/paralleldrive/cuid2/blob/main/CHANGELOG.md) - [Commits](paralleldrive/cuid2@v3.0.4...v3.3.0) Updates `@prisma/adapter-pg` from 7.1.0 to 7.4.0 - [Release notes](https://github.com/prisma/prisma/releases) - [Commits](https://github.com/prisma/prisma/commits/7.4.0/packages/adapter-pg) Updates `@prisma/client` from 7.1.0 to 7.4.0 - [Release notes](https://github.com/prisma/prisma/releases) - [Commits](https://github.com/prisma/prisma/commits/7.4.0/packages/client) Updates `better-auth` from 1.4.7 to 1.4.18 - [Release notes](https://github.com/better-auth/better-auth/releases) - [Commits](https://github.com/better-auth/better-auth/commits/v1.4.18/packages/better-auth) Updates `dotenv` from 17.2.3 to 17.3.1 - [Changelog](https://github.com/motdotla/dotenv/blob/master/CHANGELOG.md) - [Commits](motdotla/dotenv@v17.2.3...v17.3.1) Updates `lucide-react` from 0.561.0 to 0.564.0 - [Release notes](https://github.com/lucide-icons/lucide/releases) - [Commits](https://github.com/lucide-icons/lucide/commits/0.564.0/packages/lucide-react) Updates `next` from 16.0.10 to 16.1.6 - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v16.0.10...v16.1.6) Updates `pg` from 8.16.3 to 8.18.0 - [Changelog](https://github.com/brianc/node-postgres/blob/master/CHANGELOG.md) - [Commits](https://github.com/brianc/node-postgres/commits/pg@8.18.0/packages/pg) Updates `prisma` from 7.1.0 to 7.4.0 - [Release notes](https://github.com/prisma/prisma/releases) - [Commits](https://github.com/prisma/prisma/commits/7.4.0/packages/cli) Updates `react` from 19.2.3 to 19.2.4 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.4/packages/react) Updates `react-dom` from 19.2.3 to 19.2.4 - [Release notes](https://github.com/facebook/react/releases) - [Changelog](https://github.com/facebook/react/blob/main/CHANGELOG.md) - [Commits](https://github.com/facebook/react/commits/v19.2.4/packages/react-dom) Updates `tailwind-merge` from 3.4.0 to 3.4.1 - [Release notes](https://github.com/dcastil/tailwind-merge/releases) - [Commits](dcastil/tailwind-merge@v3.4.0...v3.4.1) Updates `zod` from 4.2.0 to 4.3.6 - [Release notes](https://github.com/colinhacks/zod/releases) - [Commits](colinhacks/zod@v4.2.0...v4.3.6) Updates `@commitlint/cli` from 20.2.0 to 20.4.1 - [Release notes](https://github.com/conventional-changelog/commitlint/releases) - [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/cli/CHANGELOG.md) - [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.4.1/@commitlint/cli) Updates `@commitlint/config-conventional` from 20.2.0 to 20.4.1 - [Release notes](https://github.com/conventional-changelog/commitlint/releases) - [Changelog](https://github.com/conventional-changelog/commitlint/blob/master/@commitlint/config-conventional/CHANGELOG.md) - [Commits](https://github.com/conventional-changelog/commitlint/commits/v20.4.1/@commitlint/config-conventional) Updates `prettier` from 3.7.4 to 3.8.1 - [Release notes](https://github.com/prettier/prettier/releases) - [Changelog](https://github.com/prettier/prettier/blob/main/CHANGELOG.md) - [Commits](prettier/prettier@3.7.4...3.8.1) --- updated-dependencies: - dependency-name: "@formatjs/intl-localematcher" dependency-version: 0.8.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: "@paralleldrive/cuid2" dependency-version: 3.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: "@prisma/adapter-pg" dependency-version: 7.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: "@prisma/client" dependency-version: 7.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: better-auth dependency-version: 1.4.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: dotenv dependency-version: 17.3.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: lucide-react dependency-version: 0.564.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: next dependency-version: 16.1.6 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: pg dependency-version: 8.18.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: prisma dependency-version: 7.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: react dependency-version: 19.2.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: react-dom dependency-version: 19.2.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: tailwind-merge dependency-version: 3.4.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: zod dependency-version: 4.3.6 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: "@commitlint/cli" dependency-version: 20.4.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: "@commitlint/config-conventional" dependency-version: 20.4.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: prettier dependency-version: 3.8.1 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot · 2026-02-19T02:49:14Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Feb 16, 2026

dependabot bot closed this Feb 19, 2026

dependabot bot deleted the dependabot/npm_and_yarn/minor-and-patch-7090ee4be6 branch February 19, 2026 02:49

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

build(deps): bump the minor-and-patch group across 1 directory with 17 updates#64

build(deps): bump the minor-and-patch group across 1 directory with 17 updates#64
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/minor-and-patch-7090ee4be6

dependabot bot commented on behalf of github Feb 16, 2026 •

edited

Loading

Uh oh!

dependabot bot commented on behalf of github Feb 19, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Comments

Conversation

dependabot bot commented on behalf of github Feb 16, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

@​formatjs/intl-localematcher@​0.8.0

0.8.0 (2026-01-15)

Features

@​formatjs/intl-localematcher@​0.7.3

0.7.3 (2025-12-23)

Bug Fixes

[3.3.0] - 2026-01-25

Fixed

Updated

[3.0.2] - 2025-10-27

Changed

Fixed

Added

Documentation

[3.0.0] - 2025-10-18

⚠️ BREAKING CHANGES

[2.3.1] - 2025-10-24

Fixed

7.4.0

Highlights

ORM

Caching in Prisma Client

Partial Indexes (Filtered Indexes) Support

7.4.0

Highlights

ORM

Caching in Prisma Client

Partial Indexes (Filtered Indexes) Support

v1.4.18

🚀 Features

🐞 Bug Fixes

17.3.1 (2026-02-12)

Changed

17.3.0 (2026-02-12)

Added

Changed

17.2.4 (2026-02-05)

Changed

Version 0.564.0

What's Changed

New Contributors

Hotfix @lucide/svelte hasA11yProp.js import

What's Changed

Version 0.563.0

What's Changed

All changes

v16.1.6

Core Changes

Credits

v16.1.5

v16.1.4

Core Changes

Credits

v16.1.3

Core Changes

Credits

v16.1.2

Core Changes

pg@8.18.0

pg@8.17.0

pg@8.16.0

pg@8.15.0

pg@8.14.0

pg@8.13.0

pg@8.12.0

pg-pool@8.10.0

pg@8.9.0

pg@8.8.0

pg-pool@3.5.0

7.4.0

Highlights

ORM

Caching in Prisma Client

Partial Indexes (Filtered Indexes) Support

19.2.4 (January 26th, 2026)

React Server Components

Uh oh!

dependabot bot commented on behalf of github Feb 16, 2026 •

edited

Loading

`@formatjs/intl-localematcher@0`.8.0

`@formatjs/intl-localematcher@0`.7.3

Hotfix `@lucide/svelte` hasA11yProp.js import