Skip to content

deps: bump lodash and prisma#39

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/multi-bafb5d3000
Open

deps: bump lodash and prisma#39
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/npm_and_yarn/multi-bafb5d3000

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 9, 2026

Removes lodash. It's no longer used after updating ancestor dependency prisma. These dependencies need to be updated together.

Removes lodash

Updates prisma from 7.2.0 to 7.7.0

Release notes

Sourced from prisma's releases.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

prisma bootstrap command

A new prisma bootstrap command (#29374, #29424) sequences the full Prisma Postgres setup into a single interactive flow. It detects the current project state and runs only the steps that are needed:

  1. Init or scaffold — In an empty directory, offers a choice of 10 starter templates (Next.js, Express, Hono, Fastify, Nuxt, SvelteKit, Remix, React Router 7, Astro, NestJS) from prisma-examples. In an existing project without a schema, runs prisma init.
  2. Link — Authenticates via the browser and connects to a Prisma Postgres database. Skips if already linked.
  3. Install dependencies — Detects the package manager and offers to install missing @prisma/client, prisma, and dotenv.
  4. Migrate — Runs prisma migrate dev if the schema contains models.
  5. Generate — Runs prisma generate.
  6. Seed — Runs prisma db seed if a seed script is configured.

Each side-effecting step prompts for confirmation. Re-running the command skips already-completed steps.

Basic usage

npx prisma@latest bootstrap

With a starter template

npx prisma@latest bootstrap --template nextjs

Non-interactive (CI)

npx prisma@latest bootstrap --api-key "$PRISMA_API_KEY" --database "db_abc123"

Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

... (truncated)

Commits
  • 8e71aa7 fix(cli): install missing @prisma/client in prisma bootstrap (#29444)
  • ada077b fix(cli): bootstrap UX — auto-install deps, resumable flow, timeout handling ...
  • 9b0b7f5 feat(cli): add prisma bootstrap command (#29374)
  • 5fece0a chore: bump @​prisma/dev to 0.24.3 (#29396)
  • 45d7e0f feat(cli): add prisma postgres link command (#29352)
  • adbdf15 Pre-bundle Studio frontend assets and replace Hono (#29389)
  • f8258ad chore: bump effect to fix vulnerability (#29384)
  • 74839a9 feat(cli): update bundled @​prisma/studio-core to 0.27.3 (#29376)
  • 309b4bc refactor: extract 'prisma-client-js' into PRISMA_CLIENT_JS_PROVIDER constant ...
  • 2cd422d Bump studio-core dependency to 0.21.1 (#29322)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
deps: bump lodash and prisma
5cbfda8 
Removes [lodash](https://github.com/lodash/lodash). It's no longer used after updating ancestor dependency [prisma](https://github.com/prisma/prisma/tree/HEAD/packages/cli). These dependencies need to be updated together.


Removes `lodash`

Updates `prisma` from 7.2.0 to 7.7.0
- [Release notes](https://github.com/prisma/prisma/releases)
- [Commits](https://github.com/prisma/prisma/commits/7.7.0/packages/cli)

---
updated-dependencies:
- dependency-name: lodash
  dependency-version: 
  dependency-type: indirect
- dependency-name: prisma
  dependency-version: 7.7.0
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Apr 9, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants