[Snyk] Upgrade @prisma/client from 6.13.0 to 6.15.0

[Sunwuyuan]

Snyk has created this PR to upgrade @prisma/client from 6.13.0 to 6.15.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 93 versions ahead of your current version.

• The recommended version was released a month ago.

Release notes

Package name: @prisma/client

• 6.15.0 - 2025-08-27
  

  Today, we are excited to share the 6.15.0 stable release 🎉

  🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

  Highlights

  AI safety guardrails for destructive commands

  Prisma ORM now includes built-in safety checks that protect against destructive commands when triggered by AI coding assistants. The CLI can recognize when it is being executed by popular AI agents such as Claude Code, Gemini CLI, Qwen Code, Cursor, Aider and Replit.

  If a command like prisma migrate reset --force is attempted, Prisma ORM will prompt for explicit confirmation before proceeding.

  

  This feature ensures that irreversible operations which drop and recreate the database are not executed automatically by an AI tool. Prisma ORM is the first ORM to provide this level of protection, making it safer to use AI-assisted development while working with your databases.

  📚 Learn more in the docs.

  prisma-client: runtime improvements and schema flexibility

  We simplified Prisma ORM by making the runtime options for the Prisma Client more consistent and easier to understand. Previously there were several overlapping aliases which created confusion. With this release we simplified the inputs while keeping support for all the major environments you might be targeting.

  Changes include:

  • node has been removed, use runtime = "nodejs" instead
  • deno-deploy has been removed, use runtime = "deno" instead
  • vercel has been replaced by the new runtime = "vercel-edge"
  • edge-light is now just an alias for vercel-edge
  • nodejs, deno, and bun now share the same internal code path, while still keeping their separate input values for clarity
  • The VS Code extension has been updated to reflect these changes

  The updated list of supported runtimes is now:

  nodejs, deno, bun, workerd (alias cloudflare), vercel-edge (alias edge-light), and react-native.

  In addition, we fixed an issue where running prisma generate would fail if your schema contained no models. This is now supported with the new prisma-client generator, just like it already worked with the older prisma-client-js generator.

  For example, the following schema will now generate a client without errors:

  generator client {
  provider = "prisma-client"
  output = "../generated/client"
  }

  datasource db {
  provider = "postgresql"
  url = env("DATABASE_URL")
  }

  Running prisma generate with this schema will succeed and create the client in ./generated/client.

  📚 Learn more in the docs.

  Using Prisma ORM with Vercel Fluid

  Fluid compute is a new compute model from Vercel that combines the flexibility of serverless with the stability of servers, making it ideal for dynamic workloads such as streaming data and AI APIs.

  A common challenge in traditional serverless platforms is that when functions are suspended, database connection pools can’t close idle connections. This leads to leaked connections that stay open until the database times them out, which can exhaust the pool.

  Vercel provides the attachDatabasePool utility to solve this problem. It ensures idle connections in the pool are properly released before a function is suspended, preventing connection leaks.

  You can use this utility together with Prisma’s driver adapters to safely manage database connections in Fluid Compute:

  import { Pool } from "pg";
  import { attachDatabasePool } from "@ vercel/functions";
  import { PrismaPg } from "@ prisma/adapter-pg";
  import { PrismaClient } from "./generated/prisma/client";

  const pool = new Pool({ connectionString: process.env.POSTGRES_URL });
  attachDatabasePool(pool);

  const prisma = new PrismaClient({
  adapter: new PrismaPg(pool),
  });

  📚 Learn more in the docs.

  Other news

  Prisma Postgres Management API is Generally Available

  The Prisma Postgres Management API allows you to programmatically provision and manage Prisma Postgres instances. It’s the perfect way to spin up a database in your CI/CD workflow, see our GitHub Action examples for creating and deleting if you’re curious about this use case.

  It also enables developers to offer databases to their own users! For example, did you know that Co.dev (YC23), a popular “low-code AI app builder” is using the Management API to provision Prisma Postgres instances to people building apps with their platform?

  We’re excited to share that the Management API is now fully ready for production. With it moving into GA, we also added another piece of functionality where you can now create new projects without a default database.

  We’re looking forward to see what you’re going to build with it!

  📚 Learn more in the docs.

  Prisma Postgres is now available on Pipedream

  Prisma Postgres can now be used directly in your Pipedream workflows 🎉

  With this integration, you can connect Prisma Postgres to over 2,800+ apps supported on Pipedream, enabling powerful automations and data workflows. For example, you can:

  • Automatically spin up a new Prisma Postgres database when a customer signs up in Stripe.
  • Connect Prisma Postgres with Slack, Notion, Airtable, or any other app in the Pipedream ecosystem

  This makes it easier than ever to use Prisma Postgres in your automation pipelines, without needing to manage custom scripts or infrastructure.

  📚 Learn more on the Pipedream integration page.

  

  New --json flag for npx create-db

  The npx create-db command lets you spin up a temporary, production-ready Prisma Postgres database that you can later claim for continued use. With this release, you can now add the --json flag to return the database details in JSON format.

  This makes it straightforward to programmatically use the connection details, whether you are building custom APIs or integrating database provisioning into your workflows.

  📚 Learn more in the docs.

  

  Direct connections to Prisma Postgres are coming close to GA

  Direct connections enable you to connect to your database using any ORM library or tool of your choice (e.g. Drizzle ORM, Kysely but also database GUIs like Postico or TablePlus).

  In this release, we’ve improved the robustness of direct TCP connections and are close to bringing it to General Availability.

  📚 Learn more in the docs.

  Enterprise support

  Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

  With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

• 6.15.0-integration-query-plan-caching.1 - 2025-08-25
• 6.15.0-integration-push-pprzzpqvmyuv.1 - 2025-08-19
• 6.15.0-integration-fix-prisma-client-dirname-aws-lambda.3 - 2025-08-20
• 6.15.0-integration-fix-prisma-client-dirname-aws-lambda.2 - 2025-08-19
• 6.15.0-integration-fix-prisma-client-dirname-aws-lambda.1 - 2025-08-19
• 6.15.0-integration-feat-prisma-client-default-runtime.1 - 2025-08-22
• 6.15.0-dev.30 - 2025-08-27
• 6.15.0-dev.29 - 2025-08-27
• 6.15.0-dev.28 - 2025-08-26
• 6.15.0-dev.27 - 2025-08-26
• 6.15.0-dev.26 - 2025-08-22
• 6.15.0-dev.25 - 2025-08-22
• 6.15.0-dev.24 - 2025-08-22
• 6.15.0-dev.23 - 2025-08-21
• 6.15.0-dev.22 - 2025-08-21
• 6.15.0-dev.21 - 2025-08-21
• 6.15.0-dev.20 - 2025-08-21
• 6.15.0-dev.19 - 2025-08-21
• 6.15.0-dev.18 - 2025-08-21
• 6.15.0-dev.17 - 2025-08-21
• 6.15.0-dev.16 - 2025-08-21
• 6.15.0-dev.15 - 2025-08-20
• 6.15.0-dev.14 - 2025-08-20
• 6.15.0-dev.13 - 2025-08-20
• 6.15.0-dev.12 - 2025-08-19
• 6.15.0-dev.11 - 2025-08-19
• 6.15.0-dev.10 - 2025-08-19
• 6.15.0-dev.9 - 2025-08-19
• 6.15.0-dev.8 - 2025-08-19
• 6.15.0-dev.7 - 2025-08-18
• 6.15.0-dev.6 - 2025-08-18
• 6.15.0-dev.5 - 2025-08-18
• 6.15.0-dev.4 - 2025-08-15
• 6.15.0-dev.3 - 2025-08-15
• 6.15.0-dev.2 - 2025-08-15
• 6.15.0-dev.1 - 2025-08-13
• 6.14.0 - 2025-08-12
  

  Today, we are excited to share the 6.14.0 stable release 🎉

  🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

  Highlights

  @ unique attributes for SQL views (Preview)

  Last release, we improved the robustness of SQL views defined in the Prisma schema. Views are virtual tables that don't allows for defining unique constraints, indexes or foreign keys in the underlying database.

  However, as an application developer, it can be convenient to also define relationships involving views or paginate them using cursors. We've received this feedback from several people who had been using views in that way with Prisma ORM, so in this release we're re-introducing the @ unique attribute for views. This attribute enables:

  • relationships involving views
  • findUnique queries, cursor-based pagination & implicit ordering for views

  Here's an example schema using @ unique and defining a relationship from a model to a view:

  model User {
  id Int @ id @ default(autoincrement())
  email String @ unique
  posts Post[]
  stats UserPostStats? @ relation(fields: [email], references: [userEmail])
  }

  model Post {
  id Int @ id @ default(autoincrement())
  title String
  published Boolean @ default(false)
  createdAt DateTime @ default(now())
  authorId Int?
  author User? @ relation(fields: [authorId], references: [id])
  }

  view UserPostStats {
  userEmail String @ unique
  totalPosts BigInt?
  publishedPosts BigInt?
  unpublishedPosts BigInt?
  latestPostDate DateTime? @ db.Timestamp(6)
  user User?
  }

  Expand to view the SQL code for this view

  CREATE OR REPLACE VIEW "UserPostStats" AS
  SELECT 
      u.email AS "userEmail",
      u.name AS "userName",
      COUNT(p.id) AS "totalPosts",
      COUNT(CASE WHEN p.published = true THEN 1 END) AS "publishedPosts",
      COUNT(CASE WHEN p.published = false THEN 1 END) AS "unpublishedPosts",
      MAX(p."createdAt") AS "latestPostDate"
  FROM "User" u
  LEFT JOIN "Post" p ON u.id = p."authorId"
  GROUP BY u.id, u.email, u.name;

  You can now query this view and its relationship using include:

  const userPostStats = await prisma.userPostStats.findMany({
    include: {
      user: true,
    }
  })

  📚 Learn more in the docs.

  Various fixes & stability improvements

  • Fixed several issues related to new prisma-client generator and the queryCompiler Preview feature (aka “Prisma Client without Rust engines”). Both will become the default in the upcoming Prisma 7 release and we're working hard on bringing these features into General Availability. You can try them out with your favorite stack with our ready-to-run examples.
  • Fixed several regressions, e.g. related to Prisma Config
  • Removed middleware from Prisma Client (i.e. the prisma.$use method), which was deprecated since v4.16.0. Use Prisma Client extensions instead.
  • Deprecated metrics Preview feature (which will be removed in Prisma 7)

  Improved type performance

  In this release, we also addressed some type performance issues that led to slower editors and lagging auto-complete. If you're curious about the details, you can check the description and changes in this PR.

  Other news

  Increased robustness of Management API (Early Access)

  We recently released an API for programmatically managing Prisma Postgres instances that's perfect for CI/CD workflows and scripting.

  In this release, we made it more robust and are bringing it closer to its General Availability release.

  Revoke OAuth tokens in Prisma Console

  If you use OAuth to authorize third-party applications to act on your behalf in the Prisma Console, you can now revoke any app's access at any time. The Prisma Console shows a list of your authorized (connected) apps, and you can easily remove one to immediately block further access.

  ICYMI

  Last release was huge, so just in case you missed it, here's the TLDR of what we put out last time:

  • Prisma ORM
    • Prisma Config file (prisma.config.ts) is Generally Available – Native way to configure schema paths, migrations, seeds, and more; no need for earlyAccess flag anymore.
    • Multi-schema support is Generally Available – Allows assigning models to different database schemas in Postgres and SQL Server using @@ schema.
    • Improved SQL views support (still in Preview) – Adds guardrails for views by disabling unsupported features.
    • Externally managed tables – Lets you exclude specific tables from Prisma Migrate while still querying them via Prisma Client.
  • Prisma Postgres
    • Extension support for Prisma Postgres – Prisma Postgres now supports pgvector, pg_search, pg_stat_statements, citext, pg_trgm, fuzzystrmatch, and unaccent. If you don't see the extension you need, you can request it here. Extensions only work on new instances, if you want to use any of them on your existing instance, reach out to us.
    • Management API for Prisma Postgres – REST API to provision, delete, and manage Prisma Postgres instances programmatically, perfect for CI/CD and scripting workflows.
    • GitHub Actions for Prisma Postgres – Actions for creating and deleting databases in CI/CD workflows, available on GitHub Marketplace.
    • New CLI: npx create-db – Instantly spin up a new Postgres database—no authentication required.
• 6.14.0-integration-feat-prisma-client-cjs-fixes.2 - 2025-08-06
• 6.14.0-integration-feat-prisma-client-cjs-fixes.1 - 2025-08-05
• 6.14.0-integration-feat-client-wasm-base64-on-nodejs.6 - 2025-08-02
• 6.14.0-integration-feat-client-wasm-base64-on-nodejs.5 - 2025-08-01
• 6.14.0-integration-feat-client-wasm-base64-on-nodejs.4 - 2025-08-01
• 6.14.0-integration-feat-client-wasm-base64-on-nodejs.3 - 2025-08-01
• 6.14.0-integration-feat-client-wasm-base64-on-nodejs.2 - 2025-08-01
• 6.14.0-integration-feat-client-wasm-base64-on-nodejs.1 - 2025-08-01
• 6.14.0-integration-engines-6-14-0-23-push-konntwtrzysp-9279378d80744cb329a71a7c98ff1cc7039b45c7.1 - 2025-08-12
• 6.14.0-integration-engines-6-14-0-21-push-konntwtrzysp-0e768eccd6709956ac7bcb59cdaf092a0f3d0dc4.1 - 2025-08-11
• 6.14.0-integration-engines-6-14-0-10-push-lxtyopotuyqp-22388fea2e3afc80047dd711818db40954b7128c.1 - 2025-08-07
• 6.14.0-dev.44 - 2025-08-12
• 6.14.0-dev.43 - 2025-08-12
• 6.14.0-dev.42 - 2025-08-12
• 6.14.0-dev.41 - 2025-08-12
• 6.14.0-dev.40 - 2025-08-12
• 6.14.0-dev.39 - 2025-08-12
• 6.14.0-dev.38 - 2025-08-12
• 6.14.0-dev.37 - 2025-08-11
• 6.14.0-dev.36 - 2025-08-11
• 6.14.0-dev.35 - 2025-08-11
• 6.14.0-dev.34 - 2025-08-11
• 6.14.0-dev.33 - 2025-08-11
• 6.14.0-dev.32 - 2025-08-11
• 6.14.0-dev.31 - 2025-08-11
• 6.14.0-dev.30 - 2025-08-11
• 6.14.0-dev.29 - 2025-08-08
• 6.14.0-dev.28 - 2025-08-08
• 6.14.0-dev.27 - 2025-08-08
• 6.14.0-dev.26 - 2025-08-08
• 6.14.0-dev.25 - 2025-08-07
• 6.14.0-dev.24 - 2025-08-07
• 6.14.0-dev.23 - 2025-08-07
• 6.14.0-dev.22 - 2025-08-07
• 6.14.0-dev.21 - 2025-08-07
• 6.14.0-dev.20 - 2025-08-07
• 6.14.0-dev.19 - 2025-08-07
• 6.14.0-dev.18 - 2025-08-07
• 6.14.0-dev.17 - 2025-08-07
• 6.14.0-dev.16 - 2025-08-06
• 6.14.0-dev.15 - 2025-08-06
• 6.14.0-dev.14 - 2025-08-06
• 6.14.0-dev.13 - 2025-08-05
• 6.14.0-dev.12 - 2025-08-04
• 6.14.0-dev.11 - 2025-08-04
• 6.14.0-dev.10 - 2025-08-04
• 6.14.0-dev.9 - 2025-08-04
• 6.14.0-dev.8 - 2025-08-04
• 6.14.0-dev.7 - 2025-08-04
• 6.14.0-dev.6 - 2025-08-04
• 6.14.0-dev.5 - 2025-08-04
• 6.14.0-dev.4 - 2025-08-01
• 6.14.0-dev.3 - 2025-08-01
• 6.14.0-dev.2 - 2025-08-01
• 6.14.0-dev.1 - 2025-07-30
• 6.13.0 - 2025-07-29
  

  Today, we are excited to share the 6.13.0 stable release 🎉

  🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

  Highlights

  In this ORM release, we’re moving the Prisma Config file and the multi-schema feature into General Availability. This means these features now are fully production-ready and we’re looking forward to seeing what you are going to build with them!

  Additionally, support for SQL views is getting an important update to further stabilize its API.

  Configuring Prisma via Prisma Config is now Generally Available

  The prisma.config.ts file is Prisma ORM’s native way to provide configuration options for your project. It currently lets you specify:

  • the locations for various Prisma-related assets, such as your:
    • Prisma schema file
    • migrations
    • SQL view definitions
    • TypedSQL queries
  • a seed command to populate your database based on some executable script
  • externally managed tables (see below)
  • the driver adapters to be used by the Prisma CLI when interacting with your database

  Here’s an example Prisma Config file that specified custom locations for various project assets in and a seed script inside a db directory:

  import path from "node:path";
  import { defineConfig } from "prisma/config";

  export default defineConfig({
  schema: path.join("db", "schema.prisma"),
  migrations: {
  path: path.join("db", "migrations"),
  seed: "tsx db/seed.ts"
  }
  });

  Note that you’ll also see warning now if you defined a prisma.seed command in package.json.

  We’re excited to move the prisma.config.ts file into General Availability. If you used it before in your projects, you can now drop earlyAccess from its options:

  - earlyAccess: true,
  });

  There still are and will be fields on the Prisma Config object that are Early Access or Preview features. To opt-into these, you’ll need to explicitly declare them via a new experimental field.

  For example, usage of adapters is currently still in Preview:

  import { defineConfig } from "prisma/config";

  export default defineConfig({
  experimental: {
  adapter: true,
  },
  // requires experimental.adapter
  adapter: async () => {
  // ...
  },
  });

  Finally, the Prisma Config file now also supports various file extensions so it fits neatly into your individual project setups: .js, .ts, .mjs, .cjs, .mts, .cts. It also can be defined as .config/prisma.${extension}, where extension is the same one as file extensions above.

  📚 Learn more in the docs.

  Using multiple schemas in now Generally Available

  Databases like PostgreSQL or SQL Server provide a way to logically organize your tables in dedicated namespaces called schemas. In Prisma ORM, you can assign tables to various schemas via the @@ schema attribute:

  datasource db {
  provider = "postgresql"
  url = env("DATABASE_URL")
  schemas = ["base", "shop"]
  }

  model User {
  id Int @id
  orders Order[]

  @@schema("base")
  }

  model Order {
  id Int @id
  user User @relation(fields: [userId], references: [id])
  userId Int

  @@schema("shop")
  }

  This feature has moved into General Availability, so if you were using it before, you can now drop the multiSchema feature flag from the generator block in your Prisma schema:

  generator client {
    // ...
  - previewFeatures = ["multiSchema"]
  }

  📚 Learn more in the docs.

  More robust support for SQL views (Preview)

  SQL views are virtual tables created by a query. Unlike regular tables, views do not store data themselves; instead, they represent the result of a stored SQL query that runs whenever the view is accessed.

  We continue to improve support for SQL views, making them more reliable and better aligned with Prisma’s features. In this release, we ensured that @ id, @ index and @ unique can’t be used on a view block in the Prisma schema. Without these attributes, several other features in Prisma Client or the Prisma schema don’t make sense any more either, so we made sure that they can’t be used with views:

  • disabled findUnique queries and cursor-based pagination in Prisma Client
  • disallowed writes and implicit ordering for views in Prisma Client
  • disallowed relationships involving views in Prisma Schema

  This will align the API surface of Prisma ORM with the actual capabilities of SQL views and adds guardrails so you can use views with more confidence!

  📚 Learn more in the docs.

  Externally managed tables

  In some situations, you may not want Prisma ORM to be “responsible” for specific tables in your database because they’re being managed by a different team in your organization or an external service.

  In these cases, you still may want to quert these tables using Prisma Client but never want Prisma Migrate to make any changes to them.

  In this release, we’re introducing externally managed tables that will be:

  • ignored by Prisma Migrate
  • queryable via Prisma Client

  You can specify which tables should be ignored by Prisma Migrate using the tables option in prisma.config.ts:

   // prisma.config.ts
   export default defineConfig({
    tables: {
      external: [
        "users",
      ]
    },
    ...
  })

  A typical use case for this is the users table from Supabase which you never want be changed by Prisma Migrate but still may want to query with Prisma Client.

  📚 Learn more in the docs.

  Other news

  pgvector extension support for Prisma Postgres (Early Access)

  In this release, we’ve implemented a highly popular feature request for Prisma Postgres: Early Access support for the pgvector PostgreSQL extension along with several other popular Postgres extensions!

  It enables efficient storage and querying of high-dimensional vector embeddings directly in a Postgres database and thus is perfect for building AI-driven applications. pgvector essentially allows developers to perform similarity search (e.g., for recommendation systems or semantic search) using standard SQL, eliminating the need for a separate vector database.

  Native support for pgvector in Prisma ORM is going to follow soon, until then you can use pgvector via custom migrations and TypedSQL.

  Note: For now, pgvector is only available on newly created Prisma Postgres instances. It will be rolled out for existing instances soon.

  In addition to pgvector, Prisma Postgres now includes Early Access support for pg_search, pg_stat_statements, citext, pg_trgm, fuzzystrmatch, and unaccent. If you don’t see the extension you need, you can request it here.

  📚 Learn more in the docs.

  Manage Prisma Postgres programmatically via an API

  Whether you need a way to quickly provision a Prisma Postgres instance in your CI/CD workflows, want to attach a fresh database to a preview branch of your app or even want to offer Prisma Postgres to your own users—our new Management API has you covered!

  It’s shaped as a familiar REST API so you can programmatically take care of your database workflows: Provision or delete Prisma Postgres instances, retrieve or create connection strings and manage entire projects in Prisma Console.

  📚 Learn more in the docs.

  CI/CD GitHub Actions for Prisma Postgres available on GitHub Marketplace

  Based on the Management API, we’ve also published two templates for GitHub Actions that you can use in your own CI/CD setups:

  • Create Prisma Postgres Database Action
  • Delete Prisma Postgres Database Action

  These Actions serve as the foundational building blocks for integrating Prisma Postgres into CI/CD pipelines.

  

  They enable workflows like provisioning databases on every pull request, running integration tests against real instances, and managing database lifecycles end-to-end. We’ve included several examples in the README to help users get started quickly. The setup is straightforward, and these Actions are designed to plug into user's workflows with minimal effort.

  Instant Postgres with npx create-db — no auth required

  We launched a new CLI command that allows you to spin up a new database within seconds:

  npx create-db # no auth required

  The command doesn’t require authentication, so you can play around with your database without any initial hurdles!

  

  Your instance will be automatically deleted after 24 hours but you can claim it and put it into your Prisma Console account if you want to keep using it after that period. Visit the docs to learn more.

  New navigation UI for Prisma Console

  The Prisma Console got a little makeover, including a new design for navigating and managing your projects and their databases. This makes common workflows like creating new projects, navigating between projects and databases, as well as accessing project settings a lot more smooth.

  

  We’re eager to hear your feedback, let us know on X what you think of the new UI.

  Enterprise support

  Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance. With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

from @prisma/client GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/sunwuyuan/project/7f95d725-ca6f-4cce-ab56-8b055b9f632f/settings/inte...

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
our-world	Ready	Preview	Comment	Sep 30, 2025 9:45pm