[Snyk] Upgrade @prisma/client from 6.13.0 to 6.19.1 #69

Sunwuyuan · 2026-01-14T04:00:29Z

Snyk has created this PR to upgrade @prisma/client from 6.13.0 to 6.19.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

The recommended version is 319 versions ahead of your current version.
The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

Issue	Score	Exploit Maturity
Allocation of Resources Without Limits or Throttling SNYK-JS-AXIOS-12613773	666	Proof of Concept
Allocation of Resources Without Limits or Throttling SNYK-JS-BODYPARSER-14105059	666	No Known Exploit
Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	666	Proof of Concept
Regular Expression Denial of Service (ReDoS) SNYK-JS-BRACEEXPANSION-9789073	666	Proof of Concept
Predictable Value Range from Previous Values SNYK-JS-FORMDATA-10841150	666	Proof of Concept
Improper Verification of Cryptographic Signature SNYK-JS-JWS-14188253	666	No Known Exploit
Improper Verification of Cryptographic Signature SNYK-JS-JWS-14188253	666	No Known Exploit
Uncaught Exception SNYK-JS-MULTER-10773732	666	No Known Exploit
Incomplete Filtering of One or More Instances of Special Elements SNYK-JS-VALIDATOR-13653476	666	Proof of Concept
Improper Handling of Unexpected Data Type SNYK-JS-ONHEADERS-10773729	666	No Known Exploit
Improper Validation of Specified Type of Input SNYK-JS-VALIDATOR-13395830	666	Proof of Concept

Release notes

Package name: @prisma/client

6.19.1 - 2025-12-10
6.19.1-dev.3 - 2026-01-12
6.19.1-dev.3
6.19.1-dev.2 - 2025-12-10
6.19.1-dev.1 - 2025-12-10
6.19.0 - 2025-11-05
6.19.0-integration-release-tags.4 - 2025-11-04
6.19.0-integration-release-tags.3 - 2025-11-04
6.19.0-integration-release-tags.2 - 2025-11-04
6.19.0-integration-release-tags.1 - 2025-11-04
6.19.0-integration-next.22 - 2025-11-05
6.19.0-integration-next.21 - 2025-11-05
6.19.0-integration-next.20 - 2025-11-04
6.19.0-integration-next.19 - 2025-11-04
6.19.0-integration-next.18 - 2025-11-04
6.19.0-integration-next.17 - 2025-11-04
6.19.0-integration-next.16 - 2025-11-03
6.19.0-integration-next.15 - 2025-11-03
6.19.0-integration-next.14 - 2025-10-31
6.19.0-integration-next.13 - 2025-10-31
6.19.0-integration-next.12 - 2025-10-31
6.19.0-integration-next.11 - 2025-10-29
6.19.0-integration-next.10 - 2025-10-29
6.19.0-integration-next.9 - 2025-10-28
6.19.0-integration-next.8 - 2025-10-28
6.19.0-integration-next.6 - 2025-10-27
6.19.0-integration-next.5 - 2025-10-24
6.19.0-integration-next.4 - 2025-10-24
6.19.0-integration-next.3 - 2025-10-24
6.19.0-integration-next.2 - 2025-10-22
6.19.0-integration-next.1 - 2025-10-22
6.19.0-integration-feat-remove-library-engine.9 - 2025-11-04
6.19.0-integration-feat-remove-library-engine.8 - 2025-11-04
6.19.0-integration-feat-remove-library-engine.7 - 2025-11-04
6.19.0-integration-feat-remove-library-engine.6 - 2025-11-04
6.19.0-integration-feat-remove-library-engine.5 - 2025-11-03
6.19.0-integration-feat-remove-library-engine.4 - 2025-11-03
6.19.0-integration-feat-remove-library-engine.3 - 2025-10-31
6.19.0-integration-feat-remove-library-engine.2 - 2025-10-31
6.19.0-integration-feat-remove-library-engine.1 - 2025-10-31
6.19.0-integration-feat-remove-binary-engine.1 - 2025-10-27
6.19.0-integration-engines-6-19-0-7-next-44e0881a477328a478a36acec141ddc4630ec61e.1 - 2025-10-27
6.19.0-integration-engines-6-19-0-32-next-568b222d0ab829bbbe5f2fd48ed587836813346c.1 - 2025-11-03
6.19.0-integration-engines-6-19-0-31-next-6f525e2b254a97a9c547ae5f2b29c54a171f6b23.1 - 2025-11-03
6.19.0-integration-engines-6-19-0-30-push-otuqumlrponx-17ff4a7bd0bffdf0b40b58a399869660f7f0e368.1 - 2025-10-31
6.19.0-integration-engines-6-19-0-3-next-b6daa0b16d0aedf495932cae9d00728357899ae0.1 - 2025-10-27
6.19.0-integration-engines-6-19-0-29-next-ac95b5893b3c05bf39a2431fc1a748dd46152ab4.1 - 2025-10-30
6.19.0-integration-engines-6-19-0-28-next-8f44482e378cd05ba43deae3c6b1d441b5248e08.1 - 2025-10-30
6.19.0-integration-engines-6-19-0-27-feat-bump-database-versions-2-4b6e368f6da3d45f65f44068ed2758da3adcf9e2.1 - 2025-10-30
6.19.0-integration-engines-6-19-0-22-integration-aijeyomah-feature-support-enum-ignore-directive-a33c542ee31e90995b9fcadac76fd478110e58ef.2 - 2025-10-28
6.19.0-integration-engines-6-19-0-22-integration-aijeyomah-feature-support-enum-ignore-directive-a33c542ee31e90995b9fcadac76fd478110e58ef.1 - 2025-10-28
6.19.0-integration-engines-6-19-0-21-next-3ab778d6c5a8df0d39fd88ffd67461d3395af732.1 - 2025-10-28
6.19.0-integration-engines-6-19-0-2-push-qtpkxwkvolmz-33c9120129ea6df44eaf652b4de9bedd817e3190.1 - 2025-10-24
6.19.0-integration-engines-6-19-0-17-integration-aijeyomah-feature-support-enum-ignore-directive-faee99d5aebc84212fa2814294689bded167b500.1 - 2025-10-28
6.19.0-integration-engines-6-19-0-13-next-a06eb11979a320a0728d700b06c5afd921691d3a.1 - 2025-10-28
6.19.0-integration-engines-6-19-0-1-push-qtpkxwkvolmz-389b05cecb76e4e93db0ae07c19800226f238242.1 - 2025-10-24
6.19.0-dev.10 - 2025-10-31
6.19.0-dev.9 - 2025-10-31
6.19.0-dev.8 - 2025-10-29
6.19.0-dev.7 - 2025-10-28
6.19.0-dev.6 - 2025-10-28
6.19.0-dev.5 - 2025-10-28
6.19.0-dev.4 - 2025-10-28
6.19.0-dev.3 - 2025-10-28
6.19.0-dev.2 - 2025-10-27
6.19.0-dev.1 - 2025-10-23
6.18.0 - 2025-10-22
6.18.0-integration-next.11 - 2025-10-21
6.18.0-integration-next.10 - 2025-10-20
6.18.0-integration-next.9 - 2025-10-17
6.18.0-integration-next.8 - 2025-10-16
6.18.0-integration-next.7 - 2025-10-15
6.18.0-integration-next.6 - 2025-10-15
6.18.0-integration-next.5 - 2025-10-14
6.18.0-integration-next.4 - 2025-10-13
6.18.0-integration-next.3 - 2025-10-13
6.18.0-integration-next.2 - 2025-10-10
6.18.0-integration-next.1 - 2025-10-09
6.18.0-integration-feat-tml-1074-extract-utilities-entrypoint.1 - 2025-10-17
6.18.0-integration-engines-6-18-0-5-feat-add-support-for-engine-classic-in-prisma-config-c9fef7a6275e0af7d397fe6e65a84e15906646fd.1 - 2025-10-13
6.18.0-integration-engines-6-18-0-4-feat-add-support-for-engine-classic-in-prisma-config-da603da4185d9c3eb64b34263855d188e20cf10d.1 - 2025-10-13
6.18.0-dev.27 - 2025-10-21
6.18.0-dev.26 - 2025-10-21
6.18.0-dev.25 - 2025-10-20
6.18.0-dev.24 - 2025-10-20
6.18.0-dev.23 - 2025-10-17
6.18.0-dev.22 - 2025-10-16
6.18.0-dev.21 - 2025-10-14
6.18.0-dev.20 - 2025-10-14
6.18.0-dev.19 - 2025-10-14
6.18.0-dev.18 - 2025-10-13
6.18.0-dev.17 - 2025-10-10
6.18.0-dev.16 - 2025-10-10
6.18.0-dev.15 - 2025-10-10
6.18.0-dev.14 - 2025-10-10
6.18.0-dev.13 - 2025-10-10
6.18.0-dev.12 - 2025-10-09
6.18.0-dev.11 - 2025-10-09
6.18.0-dev.10 - 2025-10-09
6.18.0-dev.9 - 2025-10-09
6.18.0-dev.8 - 2025-10-09
6.18.0-dev.7 - 2025-10-09
6.18.0-dev.6 - 2025-10-09
6.18.0-dev.5 - 2025-10-09
6.18.0-dev.4 - 2025-10-08
6.18.0-dev.3 - 2025-10-08
6.18.0-dev.2 - 2025-10-08
6.18.0-dev.1 - 2025-10-08
6.17.1 - 2025-10-10
6.17.1-dev.1 - 2025-10-10
6.17.0 - 2025-10-07
6.17.0-integration-remove-driver-adapter-flag-check.1 - 2025-09-10
6.17.0-integration-feat-tml-1074-extract-utilities-entrypoint.11 - 2025-10-07
6.17.0-integration-feat-tml-1074-extract-utilities-entrypoint.10 - 2025-10-07
6.17.0-integration-feat-tml-1074-extract-utilities-entrypoint.9 - 2025-10-07
6.17.0-integration-feat-tml-1074-extract-utilities-entrypoint.8 - 2025-10-07
6.17.0-integration-feat-tml-1074-extract-utilities-entrypoint.7 - 2025-10-07
6.17.0-integration-feat-tml-1074-extract-utilities-entrypoint.6 - 2025-10-07
6.17.0-integration-feat-tml-1074-extract-utilities-entrypoint.5 - 2025-10-06
6.17.0-integration-feat-tml-1074-extract-utilities-entrypoint.4 - 2025-10-06
6.17.0-integration-feat-tml-1074-extract-utilities-entrypoint.3 - 2025-10-06
6.17.0-integration-feat-tml-1074-extract-utilities-entrypoint.2 - 2025-10-06
6.17.0-integration-feat-tml-1074-extract-utilities-entrypoint.1 - 2025-10-06
6.17.0-integration-feat-orm-1074-package-dev-export.1 - 2025-09-29
6.17.0-integration-feat-mapped-enums.3 - 2025-09-29
6.17.0-integration-feat-mapped-enums.2 - 2025-09-29
6.17.0-integration-feat-mapped-enums.1 - 2025-09-29
6.17.0-integration-engines-6-17-0-4-integration-do-not-render-default-namespace-8d4739edba6d81075da5f45998d062d2444a0ed9.2 - 2025-09-12
6.17.0-integration-engines-6-17-0-4-integration-do-not-render-default-namespace-8d4739edba6d81075da5f45998d062d2444a0ed9.1 - 2025-09-12
6.17.0-integration-engines-6-17-0-3-integration-do-not-render-default-namespace-bbd45f2127685e30ac8221725bbdfb69340ca14e.2 - 2025-09-12
6.17.0-integration-engines-6-17-0-3-integration-do-not-render-default-namespace-bbd45f2127685e30ac8221725bbdfb69340ca14e.1 - 2025-09-12
6.17.0-integration-engines-6-17-0-2-integration-do-not-render-default-namespace-4560224be04979a2b1f3cdf2676f427ed494b1b0.3 - 2025-09-12
6.17.0-integration-engines-6-17-0-2-integration-do-not-render-default-namespace-4560224be04979a2b1f3cdf2676f427ed494b1b0.2 - 2025-09-12
6.17.0-integration-engines-6-17-0-2-integration-do-not-render-default-namespace-4560224be04979a2b1f3cdf2676f427ed494b1b0.1 - 2025-09-11
6.17.0-integration-engines-6-17-0-1-integration-do-not-render-default-namespace-abe0fd6ee87609b2a2d77d043ddb893b2d2fb1ca.1 - 2025-09-11
6.17.0-dev.34 - 2025-10-07
6.17.0-dev.33 - 2025-10-07
6.17.0-dev.32 - 2025-10-07
6.17.0-dev.31 - 2025-10-07
6.17.0-dev.30 - 2025-10-06
6.17.0-dev.29 - 2025-10-06
6.17.0-dev.28 - 2025-10-02
6.17.0-dev.27 - 2025-10-02
6.17.0-dev.26 - 2025-10-02
6.17.0-dev.25 - 2025-10-02
6.17.0-dev.24 - 2025-10-01
6.17.0-dev.23 - 2025-10-01
6.17.0-dev.22 - 2025-09-30
6.17.0-dev.21 - 2025-09-30
6.17.0-dev.20 - 2025-09-30
6.17.0-dev.19 - 2025-09-30
6.17.0-dev.18 - 2025-09-30
6.17.0-dev.17 - 2025-09-30
6.17.0-dev.16 - 2025-09-30
6.17.0-dev.15 - 2025-09-30
6.17.0-dev.14 - 2025-09-29
6.17.0-dev.13 - 2025-09-19
6.17.0-dev.12 - 2025-09-19
6.17.0-dev.11 - 2025-09-19
6.17.0-dev.10 - 2025-09-18
6.17.0-dev.9 - 2025-09-18
6.17.0-dev.8 - 2025-09-18
6.17.0-dev.7 - 2025-09-15
6.17.0-dev.6 - 2025-09-15
6.17.0-dev.5 - 2025-09-15
6.17.0-dev.4 - 2025-09-12
6.17.0-dev.3 - 2025-09-12
6.17.0-dev.2 - 2025-09-12
6.17.0-dev.1 - 2025-09-10
6.16.3 - 2025-09-30
6.16.3-dev.1 - 2025-09-30
6.16.2 - 2025-09-16
6.16.2-dev.1 - 2025-09-16
6.16.1 - 2025-09-11
6.16.0 - 2025-09-10
6.16.0-integration-push-prynymnkvlrn.4 - 2025-09-04
6.16.0-integration-push-prynymnkvlrn.3 - 2025-09-02
6.16.0-integration-push-prynymnkvlrn.2 - 2025-09-02
6.16.0-integration-push-prynymnkvlrn.1 - 2025-08-28
6.16.0-integration-feat-prisma-client-default-runtime.2 - 2025-09-09
6.16.0-integration-feat-prisma-client-default-runtime.1 - 2025-08-27
6.16.0-integration-feat-orm-1375-web-client-ts.3 - 2025-09-01
6.16.0-integration-feat-orm-1375-web-client-ts.2 - 2025-09-01
6.16.0-integration-feat-orm-1375-web-client-ts.1 - 2025-08-30
6.16.0-integration-feat-orm-1074-package-dev-export.4 - 2025-09-02
6.16.0-integration-feat-orm-1074-package-dev-export.3 - 2025-09-02
6.16.0-integration-feat-orm-1074-package-dev-export.2 - 2025-09-02
6.16.0-integration-feat-orm-1074-package-dev-export.1 - 2025-09-02
6.16.0-integration-engines-6-16-0-1-fix-migrations-schema-engine-wasm-2a89d0928d9a8bdfc9582be9c7234e271b0f8e24.2 - 2025-08-28
6.16.0-integration-engines-6-16-0-1-fix-migrations-schema-engine-wasm-2a89d0928d9a8bdfc9582be9c7234e271b0f8e24.1 - 2025-08-27
6.16.0-dev.37 - 2025-09-09
6.16.0-dev.36 - 2025-09-09
6.16.0-dev.35 - 2025-09-09
6.16.0-dev.34 - 2025-09-09
6.16.0-dev.33 - 2025-09-09
6.16.0-dev.32 - 2025-09-09
6.16.0-dev.31 - 2025-09-09
6.16.0-dev.30 - 2025-09-08
6.16.0-dev.29 - 2025-09-05
6.16.0-dev.28 - 2025-09-05
6.16.0-dev.27 - 2025-09-05
6.16.0-dev.26 - 2025-09-05
6.16.0-dev.25 - 2025-09-05
6.16.0-dev.24 - 2025-09-04
6.16.0-dev.23 - 2025-09-04
6.16.0-dev.22 - 2025-09-04
6.16.0-dev.21 - 2025-09-04
6.16.0-dev.20 - 2025-09-04
6.16.0-dev.19 - 2025-09-03
6.16.0-dev.18 - 2025-09-02
6.16.0-dev.17 - 2025-09-02
6.16.0-dev.16 - 2025-09-02
6.16.0-dev.15 - 2025-09-02
6.16.0-dev.14 - 2025-09-02
6.16.0-dev.13 - 2025-09-02
6.16.0-dev.12 - 2025-09-02
6.16.0-dev.11 - 2025-09-01
6.16.0-dev.10 - 2025-09-01
6.16.0-dev.9 - 2025-09-01
6.16.0-dev.8 - 2025-09-01
6.16.0-dev.7 - 2025-09-01
6.16.0-dev.6 - 2025-08-28
6.16.0-dev.5 - 2025-08-28
6.16.0-dev.4 - 2025-08-28
6.16.0-dev.3 - 2025-08-28
6.16.0-dev.2 - 2025-08-28
6.16.0-dev.1 - 2025-08-27
6.15.0 - 2025-08-27
6.15.0-integration-query-plan-caching.1 - 2025-08-25
6.15.0-integration-push-pprzzpqvmyuv.1 - 2025-08-19
6.15.0-integration-fix-prisma-client-dirname-aws-lambda.3 - 2025-08-20
6.15.0-integration-fix-prisma-client-dirname-aws-lambda.2 - 2025-08-19
6.15.0-integration-fix-prisma-client-dirname-aws-lambda.1 - 2025-08-19
6.15.0-integration-feat-prisma-client-default-runtime.1 - 2025-08-22
6.15.0-dev.30 - 2025-08-27
6.15.0-dev.29 - 2025-08-27
6.15.0-dev.28 - 2025-08-26
6.15.0-dev.27 - 2025-08-26
6.15.0-dev.26 - 2025-08-22
6.15.0-dev.25 - 2025-08-22
6.15.0-dev.24 - 2025-08-22
6.15.0-dev.23 - 2025-08-21
6.15.0-dev.22 - 2025-08-21
6.15.0-dev.21 - 2025-08-21
6.15.0-dev.20 - 2025-08-21
6.15.0-dev.19 - 2025-08-21
6.15.0-dev.18 - 2025-08-21
6.15.0-dev.17 - 2025-08-21
6.15.0-dev.16 - 2025-08-21
6.15.0-dev.15 - 2025-08-20
6.15.0-dev.14 - 2025-08-20
6.15.0-dev.13 - 2025-08-20
6.15.0-dev.12 - 2025-08-19
6.15.0-dev.11 - 2025-08-19
6.15.0-dev.10 - 2025-08-19
6.15.0-dev.9 - 2025-08-19
6.15.0-dev.8 - 2025-08-19
6.15.0-dev.7 - 2025-08-18
6.15.0-dev.6 - 2025-08-18
6.15.0-dev.5 - 2025-08-18
6.15.0-dev.4 - 2025-08-15
6.15.0-dev.3 - 2025-08-15
6.15.0-dev.2 - 2025-08-15
6.15.0-dev.1 - 2025-08-13
6.14.0 - 2025-08-12
6.14.0-integration-feat-prisma-client-cjs-fixes.2 - 2025-08-06
6.14.0-integration-feat-prisma-client-cjs-fixes.1 - 2025-08-05
6.14.0-integration-feat-client-wasm-base64-on-nodejs.6 - 2025-08-02
6.14.0-integration-feat-client-wasm-base64-on-nodejs.5 - 2025-08-01
6.14.0-integration-feat-client-wasm-base64-on-nodejs.4 - 2025-08-01
6.14.0-integration-feat-client-wasm-base64-on-nodejs.3 - 2025-08-01
6.14.0-integration-feat-client-wasm-base64-on-nodejs.2 - 2025-08-01
6.14.0-integration-feat-client-wasm-base64-on-nodejs.1 - 2025-08-01
6.14.0-integration-engines-6-14-0-23-push-konntwtrzysp-9279378d80744cb329a71a7c98ff1cc7039b45c7.1 - 2025-08-12
6.14.0-integration-engines-6-14-0-21-push-konntwtrzysp-0e768eccd6709956ac7bcb59cdaf092a0f3d0dc4.1 - 2025-08-11
6.14.0-integration-engines-6-14-0-10-push-lxtyopotuyqp-22388fea2e3afc80047dd711818db40954b7128c.1 - 2025-08-07
6.14.0-dev.44 - 2025-08-12
6.14.0-dev.43 - 2025-08-12
6.14.0-dev.42 - 2025-08-12
6.14.0-dev.41 - 2025-08-12
6.14.0-dev.40 - 2025-08-12
6.14.0-dev.39 - 2025-08-12
6.14.0-dev.38 - 2025-08-12
6.14.0-dev.37 - 2025-08-11
6.14.0-dev.36 - 2025-08-11
6.14.0-dev.35 - 2025-08-11
6.14.0-dev.34 - 2025-08-11
6.14.0-dev.33 - 2025-08-11
6.14.0-dev.32 - 2025-08-11
6.14.0-dev.31 - 2025-08-11
6.14.0-dev.30 - 2025-08-11
6.14.0-dev.29 - 2025-08-08
6.14.0-dev.28 - 2025-08-08
6.14.0-dev.27 - 2025-08-08
6.14.0-dev.26 - 2025-08-08
6.14.0-dev.25 - 2025-08-07
6.14.0-dev.24 - 2025-08-07
6.14.0-dev.23 - 2025-08-07
6.14.0-dev.22 - 2025-08-07
6.14.0-dev.21 - 2025-08-07
6.14.0-dev.20 - 2025-08-07
6.14.0-dev.19 - 2025-08-07
6.14.0-dev.18 - 2025-08-07
6.14.0-dev.17 - 2025-08-07
6.14.0-dev.16 - 2025-08-06
6.14.0-dev.15 - 2025-08-06
6.14.0-dev.14 - 2025-08-06
6.14.0-dev.13 - 2025-08-05
6.14.0-dev.12 - 2025-08-04
6.14.0-dev.11 - 2025-08-04
6.14.0-dev.10 - 2025-08-04
6.14.0-dev.9 - 2025-08-04
6.14.0-dev.8 - 2025-08-04
6.14.0-dev.7 - 2025-08-04
6.14.0-dev.6 - 2025-08-04
6.14.0-dev.5 - 2025-08-04
6.14.0-dev.4 - 2025-08-01
6.14.0-dev.3 - 2025-08-01
6.14.0-dev.2 - 2025-08-01
6.14.0-dev.1 - 2025-07-30
6.13.0 - 2025-07-29

from @prisma/client GitHub release notes

Important

Check the changes in this PR to ensure they won't cause issues with your project.
This PR was automatically created by Snyk using the credentials of a real user.
Max score is 1000. Note that the real score may have changed since the PR was raised.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

📜 Customise PR templates

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs

Snyk has created this PR to upgrade @prisma/client from 6.13.0 to 6.19.1. See this package in npm: @prisma/client See this project in Snyk: https://app.snyk.io/org/sunwuyuan/project/7f95d725-ca6f-4cce-ab56-8b055b9f632f?utm_source=github&utm_medium=referral&page=upgrade-pr

vercel · 2026-01-14T04:00:31Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
our-world	Error		Jan 14, 2026 4:00am

Copilot

Pull request overview

This PR upgrades the @prisma/client package from version 6.13.0 to 6.19.1 to address multiple security vulnerabilities including critical, high, medium, and low severity issues across various dependencies.

Changes:

Upgrade @prisma/client from ^6.13.0 to ^6.19.1 in package.json

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot · 2026-01-14T04:02:34Z

package.json

    "@aws-sdk/client-s3": "^3.826.0",
    "@maxmind/geoip2-node": "^6.1.0",
-    "@prisma/client": "^6.13.0",
+    "@prisma/client": "^6.19.1",


The devDependency prisma is still at version ^6.13.0 while @prisma/client is being upgraded to ^6.19.1. These two packages must be kept in sync. The prisma package should also be upgraded to ^6.19.1 to match the @prisma/client version.

claude · 2026-01-14T04:04:21Z

Pull Request Review: Upgrade @prisma/client from 6.13.0 to 6.19.1

Overview

This PR upgrades @prisma/client from version 6.13.0 to 6.19.1, jumping 319 versions ahead. While this addresses several security vulnerabilities, there are important considerations before merging.

Code Quality and Best Practices

Positive Aspects

Security-focused: The upgrade addresses multiple critical and high-severity vulnerabilities in transitive dependencies
Single dependency change: Clean, focused upgrade that only touches @prisma/client
Automated tooling: Using Snyk for dependency management is a good practice

Concerns

1. Incomplete Upgrade
The package.json shows a mismatch:

@prisma/client: ^6.19.1 (updated) ✅
prisma (devDependency): ^6.13.0 (not updated) ❌

Issue: These two packages MUST be kept in sync. Prisma Client and the Prisma CLI should always be on the same version to avoid schema generation issues and runtime errors.

Recommendation: Update line 62 in package.json:

"devDependencies": {
  "prisma": "^6.19.1"
}

2. Large Version Jump
Jumping 319 versions is significant and could include breaking changes in query behavior, new features, performance changes, and migration generation differences.

Potential Bugs or Issues

Critical Issues to Test

Database Migrations - The project has 50+ migrations. Verify that prisma migrate commands work correctly with the new version.
Prisma Client Generation - Run npm run prisma to regenerate the client and verify all existing queries work.
Runtime Compatibility - The schema uses previewFeatures = ["views"]. Ensure this is still supported in 6.19.1.
Query Behavior - Test critical database operations, especially relations and the ow_projects_search_view.

Security Concerns

Security Improvements

The upgrade fixes 11 vulnerabilities including:

Critical:

form-data: Predictable Value Range

High:

jws: Improper Verification of Cryptographic Signature (2 instances)
multer: Uncaught Exception
validator: Incomplete Filtering

Medium:

axios, body-parser, on-headers, validator - Various DoS and validation issues

Low:

brace-expansion: ReDoS vulnerabilities

Security Considerations

These vulnerabilities are in transitive dependencies, not Prisma itself
Verify that updating @prisma/client actually resolves these
Consider running pnpm audit after the upgrade

Performance Considerations

Query Performance - Monitor query performance after deployment, especially for the ow_projects_search_view and complex relations.
Client Generation Time - Newer versions may have different generation times affecting CI/CD.
Bundle Size - Check if the new version increases deployment bundle size.

Test Coverage

Critical Gap: Insufficient Test Coverage

Current State:

Only 2 test files found (sudo-auth-test.js, unified-auth-test.js)
No database/Prisma-specific integration tests
package.json shows: "test": "echo \"Error: no test specified\" && exit 1"

Risk Assessment:

High risk of introducing regressions without automated tests
No way to verify database operations work correctly

Recommendations:

Before Merging - Manually test critical user flows:

User authentication and authorization
Project CRUD operations
Comment system functionality
OAuth flows
Analytics tracking
Extension system

Additional Recommendations

Before Merging

Update both Prisma packages:

pnpm add @prisma/[email protected]
pnpm add -D [email protected]

Regenerate Prisma Client: pnpm run prisma
Test in development environment:
- Start dev server: pnpm run dev
- Test all critical API endpoints
- Check logs for Prisma-related warnings
Review Prisma release notes for versions 6.14.0 through 6.19.1

After Merging

Monitor production - Watch error logs and database query performance
Run security audit: pnpm audit
Update lock file - Ensure pnpm-lock.yaml is updated

Verdict

Do Not Merge Yet

Blocking Issues:

❌ prisma devDependency not updated to match @prisma/client
❌ No automated tests to verify compatibility
❌ Large version jump requires manual verification

Safe to Merge After:

Updating prisma to ^6.19.1
Running prisma generate successfully
Manual testing of critical functionality
Reviewing Prisma release notes for breaking changes

Summary

Security Score: 🟢 Improves security posture
Stability Risk: 🟡 Medium (large version jump, no tests)
Effort: 🟢 Low code changes, medium testing effort

Overall Recommendation: Update the prisma package to match @prisma/client version, test thoroughly, then merge.

Copilot AI review requested due to automatic review settings January 14, 2026 04:00

vercel bot had a problem deploying to Preview January 14, 2026 04:00 Failure

Copilot started reviewing on behalf of Sunwuyuan January 14, 2026 04:00 View session

Copilot AI reviewed Jan 14, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[Snyk] Upgrade @prisma/client from 6.13.0 to 6.19.1 #69

[Snyk] Upgrade @prisma/client from 6.13.0 to 6.19.1 #69

Sunwuyuan commented Jan 14, 2026

Uh oh!

vercel bot commented Jan 14, 2026 •

edited

Loading

Uh oh!

Copilot AI left a comment

Uh oh!

Copilot AI Jan 14, 2026

Uh oh!

claude bot commented Jan 14, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

[Snyk] Upgrade @prisma/client from 6.13.0 to 6.19.1 #69

Are you sure you want to change the base?

[Snyk] Upgrade @prisma/client from 6.13.0 to 6.19.1 #69

Conversation

Sunwuyuan commented Jan 14, 2026

Snyk has created this PR to upgrade @prisma/client from 6.13.0 to 6.19.1.

Issues fixed by the recommended upgrade:

Uh oh!

vercel bot commented Jan 14, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Copilot AI left a comment

Choose a reason for hiding this comment

Pull request overview

Uh oh!

Copilot AI Jan 14, 2026

Choose a reason for hiding this comment

Uh oh!

claude bot commented Jan 14, 2026

Pull Request Review: Upgrade @prisma/client from 6.13.0 to 6.19.1

Overview

Code Quality and Best Practices

Positive Aspects

Concerns

Potential Bugs or Issues

Critical Issues to Test

Security Concerns

Security Improvements

Security Considerations

Performance Considerations

Test Coverage

Critical Gap: Insufficient Test Coverage

Additional Recommendations

Before Merging

After Merging

Verdict

Do Not Merge Yet

Safe to Merge After:

Summary

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

vercel bot commented Jan 14, 2026 •

edited

Loading