Bump the production-dependencies group across 1 directory with 10 updates

[dependabot]

Bumps the production-dependencies group with 10 updates in the /backend directory:

Package	From	To
@prisma/client	5.16.0	6.1.0
axios	1.7.2	1.7.9
body-parser	1.20.2	1.20.3
bull	4.15.1	4.16.5
@types/bull	4.10.0	4.10.4
debug	4.3.5	4.4.0
express	4.19.2	4.21.2
prisma	5.16.0	6.1.0
simple-git	3.25.0	3.27.0
typescript	5.5.2	5.7.2

Updates @prisma/client from 5.16.0 to 6.1.0

Release notes

Sourced from @​prisma/client's releases.

6.1.0

Today we're releasing Prisma ORM version 6.1.0

In this version our tracing Preview feature is being graduated to GA!

Highlights

Tracing goes GA

The tracing Preview feature is now stable. You now no longer have to include tracing in your set of enabled preview features.

generator client {
   provider        = "prisma-client-js"
-  previewFeatures = ["tracing"]
}

We have also changed some of the spans generated by Prisma Client. Previously, a trace would report the following spans:

prisma:client:operation
prisma:client:serialize
prisma:engine
prisma:engine:connection
prisma:engine:db_query
prisma:engine:serialize

Now, the following are reported:

prisma:client:operation
prisma:client:serialize
prisma:engine:query
prisma:engine:connection
prisma:engine:db_query
prisma:engine:serialize
prisma:engine:response_json_serialization

Additionally, we have made a few changes to our dependencies:

• @opentelemetry/api is now a peer dependency instead of a regular dependency
• registerInstrumentations in @opentelemetry/instrumentation is now re-exported by @prisma/instrumentation

After upgrading to Prisma ORM 6.1.0 you will need to add @opentelemetry/api to your dependencies if you haven't already:

npm install @opentelemetry/api

You will also no longer need to have @opentelemetry/instrumentation if you only use registerInstrumentations. In this case you can import registerInstrumentations from @prisma/instrumentation

</tr></table> 

... (truncated)

Commits

• 18e60c4 chore(deps): update engines to 6.1.0-21.11f085a2012c0f4778414c8db2651556ee0ef...
• fa379db chore(deps): update engines to 6.1.0-20.caaf9396f641afbdd5dda9654fc00192e1126...
• 11d125f test(client): enable tracing tests with wasm engine (#25863)
• fa3e9b4 test(client): fix broken test (#25872)
• 7fd1264 chore(deps): update engines to 6.1.0-16.40232c93c80a22f3a8bae784b0386319a57a5...
• fd9c970 chore(deps): update opentelemetry packages (#25832)
• a10a2de test(client): unskip two tests (#25864)
• aa35416 chore(client): remove tracing preview feature usage (#25865)
• 6609187 chore(deps): update dependency memfs to v4.15.0 (#25766)
• fd6499b chore(deps): update dependency @​swc/core to v1.10.1 (#25708)
• Additional commits viewable in compare view

Updates axios from 1.7.2 to 1.7.9

Release notes

Sourced from axios's releases.

Release v1.7.9

Release notes:

Reverts

• Revert "fix(types): export CJS types from ESM (#6218)" (#6729) (c44d2f2), closes #6218 #6729

Contributors to this release

• Jay

Release v1.7.8

Release notes:

Bug Fixes

• allow passing a callback as paramsSerializer to buildURL (#6680) (eac4619)
• core: fixed config merging bug (#6668) (5d99fe4)
• fixed width form to not shrink after 'Send Request' button is clicked (#6644) (7ccd5fd)
• http: add support for File objects as payload in http adapter (#6588) (#6605) (6841d8d)
• http: fixed proxy-from-env module import (#5222) (12b3295)
• http: use globalThis.TextEncoder when available (#6634) (df956d1)
• ios11 breaks when build (#6608) (7638952)
• types: add missing types for mergeConfig function (#6590) (00de614)
• types: export CJS types from ESM (#6218) (c71811b)
• updated stream aborted error message to be more clear (#6615) (cc3217a)
• use URL API instead of DOM to fix a potential vulnerability warning; (#6714) (0a8d6e1)

Contributors to this release

• Remco Haszing
• Jay
• Aayush Yadav
• Dmitriy Mozgovoy
• Ell Bradshaw
• Amit Saini
• Tommaso Paulon
• Akki
• Sampo Silvennoinen
• Kasper Isager Dalsgarð
• Christian Clauss
• Pavan Welihinda
• Taylor Flatt
• Kenzo Wada
• Ngole Lawson
• Haven
• Shrivali Dutt
• Henco Appel

Release v1.7.7

Release notes:

Bug Fixes

... (truncated)

Changelog

Sourced from axios's changelog.

1.7.9 (2024-12-04)

Reverts

• Revert "fix(types): export CJS types from ESM (#6218)" (#6729) (c44d2f2), closes #6218 #6729

Contributors to this release

• Jay

1.7.8 (2024-11-25)

Bug Fixes

• allow passing a callback as paramsSerializer to buildURL (#6680) (eac4619)
• core: fixed config merging bug (#6668) (5d99fe4)
• fixed width form to not shrink after 'Send Request' button is clicked (#6644) (7ccd5fd)
• http: add support for File objects as payload in http adapter (#6588) (#6605) (6841d8d)
• http: fixed proxy-from-env module import (#5222) (12b3295)
• http: use globalThis.TextEncoder when available (#6634) (df956d1)
• ios11 breaks when build (#6608) (7638952)
• types: add missing types for mergeConfig function (#6590) (00de614)
• types: export CJS types from ESM (#6218) (c71811b)
• updated stream aborted error message to be more clear (#6615) (cc3217a)
• use URL API instead of DOM to fix a potential vulnerability warning; (#6714) (0a8d6e1)

Contributors to this release

• Remco Haszing
• Jay
• Aayush Yadav
• Dmitriy Mozgovoy
• Ell Bradshaw
• Amit Saini
• Tommaso Paulon
• Akki
• Sampo Silvennoinen
• Kasper Isager Dalsgarð
• Christian Clauss
• Pavan Welihinda
• Taylor Flatt
• Kenzo Wada
• Ngole Lawson
• Haven
• Shrivali Dutt
• Henco Appel

1.7.7 (2024-08-31)

... (truncated)

Commits

• b2cb45d chore(release): v1.7.9 (#6730)
• c44d2f2 Revert "fix(types): export CJS types from ESM (#6218)" (#6729)
• 415ca94 chore(release): v1.7.8 (#6715)
• 0a8d6e1 fix: use URL API instead of DOM to fix a potential vulnerability warning; (#6...
• c71811b fix(types): export CJS types from ESM (#6218)
• 4355a6d chore(sponsor): update sponsor block (#6709)
• 5d54d22 chore(sponsor): update sponsor block (#6707)
• eac4619 fix: allow passing a callback as paramsSerializer to buildURL (#6680)
• df956d1 fix(http): use globalThis.TextEncoder when available (#6634)
• 7139ce9 chore(deps): bump cookie and socket.io (#6704)
• Additional commits viewable in compare view

Updates body-parser from 1.20.2 to 1.20.3

Release notes

Sourced from body-parser's releases.

1.20.3

What's Changed

Important

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity). Documentation

Other changes

• chore: add support for OSSF scorecard reporting by @​inigomarquinez in expressjs/body-parser#522
• ci: fix errors in ci github action for node 8 and 9 by @​inigomarquinez in expressjs/body-parser#523
• fix: pin to node@22.4.1 by @​wesleytodd in expressjs/body-parser#527
• deps: qs@6.12.3 by @​melikhov-dev in expressjs/body-parser#521
• Add OSSF Scorecard badge by @​bjohansebas in expressjs/body-parser#531
• Linter by @​UlisesGascon in expressjs/body-parser#534
• Release: 1.20.3 by @​UlisesGascon in expressjs/body-parser#535

New Contributors

• @​inigomarquinez made their first contribution in expressjs/body-parser#522
• @​melikhov-dev made their first contribution in expressjs/body-parser#521
• @​bjohansebas made their first contribution in expressjs/body-parser#531
• @​UlisesGascon made their first contribution in expressjs/body-parser#534

Full Changelog: expressjs/body-parser@1.20.2...1.20.3

Changelog

Sourced from body-parser's changelog.

1.20.3 / 2024-09-10

• deps: qs@6.13.0
• add depth option to customize the depth level in the parser
• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)

Commits

• 1752951 1.20.3
• 39744cf chore: linter (#534)
• b2695c4 Merge commit from fork
• ade0f3f add scorecard to readme (#531)
• 99a1bd6 deps: qs@6.12.3 (#521)
• 9478591 fix: pin to node@22.4.1
• 83db46a ci: fix errors in ci github action for node 8 and 9 (#523)
• 9d4e212 chore: add support for OSSF scorecard reporting (#522)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by ulisesgascon, a new releaser for body-parser since your current version.

Updates bull from 4.15.1 to 4.16.5

Release notes

Sourced from bull's releases.

v4.16.5

4.16.5 (2024-12-18)

Bug Fixes

• upgrade cron-parser dependency for Luxon CVE-2023-22467 (e45698e)

v4.16.4

4.16.4 (2024-11-01)

Bug Fixes

• deps: bump msgpackr to 1.1.2 to resolve ERR_BUFFER_OUT_OF_BOUNDS error (#2783) fixes #2782 (bc0ae0a)

v4.16.3

4.16.3 (2024-09-10)

Bug Fixes

• metrics: differentiate points in different minutes to be more accurate (#2770) (fbf2fa3)

v4.16.2

4.16.2 (2024-09-05)

Performance Improvements

• metrics: save zeros as much as max data points (#2767) (3a09840)

v4.16.1

4.16.1 (2024-08-28)

Bug Fixes

• metrics: use batches include when collecting metrics (#2765) fixes #2764 #2763 (8276f72)

v4.16.0

4.16.0 (2024-07-30)

Features

• job: support debouncing (#2760) (603befe)

Changelog

Sourced from bull's changelog.

4.16.5 (2024-12-18)

Bug Fixes

• upgrade cron-parser dependency for Luxon CVE-2023-22467 (e45698e)

4.16.4 (2024-11-01)

Bug Fixes

• deps: bump msgpackr to 1.1.2 to resolve ERR_BUFFER_OUT_OF_BOUNDS error (#2783) fixes #2782 (bc0ae0a)

4.16.3 (2024-09-10)

Bug Fixes

• metrics: differentiate points in different minutes to be more accurate (#2770) (fbf2fa3)

4.16.2 (2024-09-05)

Performance Improvements

• metrics: save zeros as much as max data points (#2767) (3a09840)

4.16.1 (2024-08-28)

Bug Fixes

• metrics: use batches include when collecting metrics (#2765) fixes #2764 #2763 (8276f72)

4.16.0 (2024-07-30)

Features

• job: support debouncing (#2760) (603befe)

Commits

• 489c6ab chore(release): 4.16.5 [skip ci]
• e45698e fix: upgrade cron-parser dependency for Luxon CVE-2023-22467
• e6be774 docs: update README.md
• 65355b8 chore(release): 4.16.4 [skip ci]
• bc0ae0a fix(deps): bump msgpackr to 1.1.2 to resolve ERR_BUFFER_OUT_OF_BOUNDS error (...
• c2f37ee docs(readme): replace gitter with slack (#2775)
• 461afc7 build(deps): bump path-to-regexp from 1.8.0 to 1.9.0 (#2771)
• 66f8241 chore(release): 4.16.3 [skip ci]
• fbf2fa3 fix(metrics): differentiate points in different minutes to be more accurate (...
• f59473b chore(release): 4.16.2 [skip ci]
• Additional commits viewable in compare view

Updates @types/bull from 4.10.0 to 4.10.4

Commits

• See full diff in compare view

Updates debug from 4.3.5 to 4.4.0

Release notes

Sourced from debug's releases.

4.4.0

Fixes (hopefully) the inefficient regex warnings in .enable().

Minor version as this is invariably going to break certain users who misuse the .enable() API and expected it to work with regexes, which was never supported nor documented. That's on you, sorry - that functionality won't be added back.

Full Changelog: debug-js/debug@4.3.7...4.4.0

4.3.7

What's Changed

• Upgrade ms to version 2.1.3 by @​realityking in debug-js/debug#819

Full Changelog: debug-js/debug@4.3.6...4.3.7

4.3.6

What's Changed

• Avoid using deprecated RegExp.$1 by @​bluwy in debug-js/debug#969

New Contributors

• @​bluwy made their first contribution in debug-js/debug#969

Full Changelog: debug-js/debug@4.3.5...4.3.6

Commits

• 7e3814c 4.4.0
• d2d6bf0 fix inefficient .enable() regex and .enabled() test
• bc60914 4.3.7
• c63e96e Upgrade ms to version 2.1.3 (#819)
• 382864a remove archaic badges from readme
• c33b464 4.3.6
• 7956a45 Avoid using deprecated RegExp.$1
• See full diff in compare view

Updates express from 4.19.2 to 4.21.2

Release notes

Sourced from express's releases.

4.21.2

What's Changed

• Add funding field (v4) by @​bjohansebas in expressjs/express#6065
• deps: path-to-regexp@0.1.11 by @​blakeembrey in expressjs/express#5956
• deps: bump path-to-regexp@0.1.12 by @​jonchurch in expressjs/express#6209
• Release: 4.21.2 by @​UlisesGascon in expressjs/express#6094

Full Changelog: expressjs/express@4.21.1...4.21.2

4.21.1

What's Changed

• Backport a fix for CVE-2024-47764 to the 4.x branch by @​joshbuker in expressjs/express#6029
• Release: 4.21.1 by @​UlisesGascon in expressjs/express#6031

Full Changelog: expressjs/express@4.21.0...4.21.1

4.21.0

What's Changed

• Deprecate "back" magic string in redirects by @​blakeembrey in expressjs/express#5935
• finalhandler@1.3.1 by @​wesleytodd in expressjs/express#5954
• fix(deps): serve-static@1.16.2 by @​wesleytodd in expressjs/express#5951
• Upgraded dependency qs to 6.13.0 to match qs in body-parser by @​agadzinski93 in expressjs/express#5946

New Contributors

• @​agadzinski93 made their first contribution in expressjs/express#5946

Full Changelog: expressjs/express@4.20.0...4.21.0

4.20.0

What's Changed

Important

• IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect

Other Changes

• 4.19.2 Staging by @​wesleytodd in expressjs/express#5561
• remove duplicate location test for data uri by @​wesleytodd in expressjs/express#5562
• feat: document beta releases expectations by @​marco-ippolito in expressjs/express#5565
• Cut down on duplicated CI runs by @​jonchurch in expressjs/express#5564
• Add a Threat Model by @​UlisesGascon in expressjs/express#5526
• Assign captain of encodeurl by @​blakeembrey in expressjs/express#5579
• Nominate jonchurch as repo captain for http-errors, expressjs.com, morgan, cors, body-parser by @​jonchurch in expressjs/express#5587
• docs: update Security.md by @​inigomarquinez in expressjs/express#5590
• docs: update triage nomination policy by @​UlisesGascon in expressjs/express#5600
• Add CodeQL (SAST) by @​UlisesGascon in expressjs/express#5433
• docs: add UlisesGascon as triage initiative captain by @​UlisesGascon in expressjs/express#5605

... (truncated)

Changelog

Sourced from express's changelog.

4.21.2 / 2024-11-06

• deps: path-to-regexp@0.1.12
  • Fix backtracking protection
• deps: path-to-regexp@0.1.11
  • Throws an error on invalid path values

4.21.1 / 2024-10-08

• Backported a fix for CVE-2024-47764

4.21.0 / 2024-09-11

• Deprecate res.location("back") and res.redirect("back") magic string
• deps: serve-static@1.16.2
  • includes send@0.19.0
• deps: finalhandler@1.3.1
• deps: qs@6.13.0

4.20.0 / 2024-09-10

• deps: serve-static@0.16.0
  • Remove link renderization in html while redirecting
• deps: send@0.19.0
  • Remove link renderization in html while redirecting
• deps: body-parser@0.6.0
  • add depth option to customize the depth level in the parser
  • IMPORTANT: The default depth level for parsing URL-encoded data is now 32 (previously was Infinity)
• Remove link renderization in html while using res.redirect
• deps: path-to-regexp@0.1.10
  • Adds support for named matching groups in the routes using a regex
  • Adds backtracking protection to parameters without regexes defined
• deps: encodeurl@~2.0.0
  • Removes encoding of \, |, and ^ to align better with URL spec
• Deprecate passing options.maxAge and options.expires to res.clearCookie
  • Will be ignored in v5, clearCookie will set a cookie with an expires in the past to instruct clients to delete the cookie

Commits

• 1faf228 4.21.2
• 2e0fb64 deps: bump path-to-regexp@0.1.12 (#6209)
• 59fc270 deps: path-to-regexp@0.1.11 (#5956)
• 51fc39c docs: add funding (#6065)
• 8e229f9 4.21.1
• a024c8a fix(deps): cookie@0.7.1
• 7e562c6 4.21.0
• 1bcde96 fix(deps): qs@6.13.0 (#5946)
• 7d36477 fix(deps): serve-static@1.16.2 (#5951)
• 40d2d8f fix(deps): finalhandler@1.3.1
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by jonchurch, a new releaser for express since your current version.

Updates prisma from 5.16.0 to 6.1.0

Release notes

Sourced from prisma's releases.

6.1.0

Today we're releasing Prisma ORM version 6.1.0

In this version our tracing Preview feature is being graduated to GA!

Highlights

Tracing goes GA

The tracing Preview feature is now stable. You now no longer have to include tracing in your set of enabled preview features.

generator client {
   provider        = "prisma-client-js"
-  previewFeatures = ["tracing"]
}

We have also changed some of the spans generated by Prisma Client. Previously, a trace would report the following spans:

prisma:client:operation
prisma:client:serialize
prisma:engine
prisma:engine:connection
prisma:engine:db_query
prisma:engine:serialize

Now, the following are reported:

prisma:client:operation
prisma:client:serialize
prisma:engine:query
prisma:engine:connection
prisma:engine:db_query
prisma:engine:serialize
prisma:engine:response_json_serialization

Additionally, we have made a few changes to our dependencies:

• @opentelemetry/api is now a peer dependency instead of a regular dependency
• registerInstrumentations in @opentelemetry/instrumentation is now re-exported by @prisma/instrumentation

After upgrading to Prisma ORM 6.1.0 you will need to add @opentelemetry/api to your dependencies if you haven't already:

npm install @opentelemetry/api

You will also no longer need to have @opentelemetry/instrumentation if you only use registerInstrumentations. In this case you can import registerInstrumentations from @prisma/instrumentation

</tr></table> 

... (truncated)

Commits

• fdb69a2 chore(deps): update dependency dotenv to v16.4.7 (#25779)
• fd6499b chore(deps): update dependency @​swc/core to v1.10.1 (#25708)
• f812bf0 chore(deps): update dependency ts-pattern to v5.6.0 (#25856)
• 9826bc0 chore: switch to pnpm 9 (#25610)
• 4a827d4 chore(deps): update jest (#25682)
• a206aee chore(deps): update esbuild packages (#25684)
• 221264f feat(cli): [BREAKING] remove custom yarn logic (#25457) (#25642)
• db69914 chore!: drop Node.js 16.x support and remove obsolete code (#25609)
• 52cadd3 chore(deps): update devdependencies patch (non-major) (#25209)
• 85e9f0b feat(cli): add new promo survey for Prisma 5.22 (#25590)
• Additional commits viewable in compare view

Updates simple-git from 3.25.0 to 3.27.0

Release notes

Sourced from simple-git's releases.

simple-git@3.27.0

Minor Changes

• 52f767b: Add similarity to the DiffResultNameStatusFile interface used when fetching log/diff with the --name-status option.
• 739b0d9: Diff summary includes original name of renamed files when run wiht the --name-status option.
• bc90e7e: Fixes an issue with reporting name changes in the files array returned by git.status. Thank you @​mark-codesphere for the contribution.

Patch Changes

• 03e1c64: Resolve error in log parsing when fields have empty values.

simple-git@3.26.0

Minor Changes

• 28d545b: Upgrade build tools and typescript

Changelog

Sourced from simple-git's changelog.

3.27.0

Minor Changes

• 52f767b: Add similarity to the DiffResultNameStatusFile interface used when fetching log/diff with the --name-status option.
• 739b0d9: Diff summary includes original name of renamed files when run wiht the --name-status option.
• bc90e7e: Fixes an issue with reporting name changes in the files array returned by git.status. Thank you @​mark-codesphere for the contribution.

Patch Changes

• 03e1c64: Resolve error in log parsing when fields have empty values.

3.26.0

Minor Changes

• 28d545b: Upgrade build tools and typescript

Commits

• 4a6126b Version Packages
• 52f767b Feat/name status similarity (#1025)
• 03e1c64 Resolve an issue when parsing the response to git.log that could leave part...
• 739b0d9 Renamed files in git diff --name-status (#1023)
• bc90e7e Pr/1019 (#1021)
• 83a8b77 Version Packages
• 28d545b Typescript & Jest Upgrade
• See full diff in compare view

Updates typescript from 5.5.2 to 5.7.2

Release notes

Sourced from typescript's releases.

TypeScript 5.7

For release notes, check out the release announcement.

• fixed issues query for Typescript 5.7.0 (Beta).
• fixed issues query for Typescript 5.7.1 (RC).
• fixed issues query for Typescript 5.7.2 (Stable).

Downloads are available on:

• npm

TypeScript 5.7 RC

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript 5.7.0 (Beta).
• fixed issues query for Typescript 5.7.1 (RC).

Downloads are available on:

• npm

TypeScript 5.7 Beta

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript 5.7.0 (Beta).

Downloads are available on:

• npm

TypeScript 5.6.3

For release notes, check out the release announcement.

For the complete list of fixed issues, check out the

• fixed issues query for Typescript 5.6.0 (Beta).
• fixed issues query for Typescript 5.6.1 (RC).
• fixed issues query for Typescript 5.6.2 (Stable).
• fixed issues query for Typescript 5.6.3 (Stable).

Downloads are available on:

• npm
• NuGet package

... (truncated)

Commits

• d701d90 Bump version to 5.7.2 and LKG
• 0503a63 🤖 Pick PR #60450 (Move to file: fix detection of refe...) into release-5.7 (#...
• 3140dbb 🤖 Pick PR #60488 (Stub out copilotRelated command) into release-5.7 (#60495)
• c1216de Update LKG
• 3ee2b95 🤖 Pick PR #60415 (Fix false positive rewriteRelativeI...) into release-5.7 (#...
• 44bd3f2 Bump version to 5.7.1-rc and LKG
• 5925c81 Update LKG
• 84d58cf Merge remote-tracking branch 'origin/main' into release-5.7
• 0ec4d30 Fixing exception on unsaved file (#60362)
• 11b2930 Add compatible overloads that accept ArrayBuffer to BigInt64Array/BigUint64Ar...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squas...

Description has been truncated