chore(deps): bump the minor group with 11 updates

[dependabot]

Bumps the minor group with 11 updates:

Package	From	To
@prisma/adapter-pg	7.3.0	7.7.0
@prisma/client	7.3.0	7.7.0
next-auth	4.24.13	4.24.14
react	19.2.4	19.2.5
@types/react	19.2.10	19.2.14
react-dom	19.2.4	19.2.5
sass	1.97.3	1.99.0
@stylistic/stylelint-plugin	5.0.1	5.1.0
eslint-config-next	16.1.6	16.2.4
stylelint	17.5.0	17.8.0
ts-jest	29.4.6	29.4.9

Updates @prisma/adapter-pg from 7.3.0 to 7.7.0

Release notes

Sourced from @​prisma/adapter-pg's releases.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

prisma bootstrap command

A new prisma bootstrap command (#29374, #29424) sequences the full Prisma Postgres setup into a single interactive flow. It detects the current project state and runs only the steps that are needed:

1. Init or scaffold — In an empty directory, offers a choice of 10 starter templates (Next.js, Express, Hono, Fastify, Nuxt, SvelteKit, Remix, React Router 7, Astro, NestJS) from prisma-examples. In an existing project without a schema, runs prisma init.
2. Link — Authenticates via the browser and connects to a Prisma Postgres database. Skips if already linked.
3. Install dependencies — Detects the package manager and offers to install missing @prisma/client, prisma, and dotenv.
4. Migrate — Runs prisma migrate dev if the schema contains models.
5. Generate — Runs prisma generate.
6. Seed — Runs prisma db seed if a seed script is configured.

Each side-effecting step prompts for confirmation. Re-running the command skips already-completed steps.

Basic usage

npx prisma@latest bootstrap

With a starter template

npx prisma@latest bootstrap --template nextjs

Non-interactive (CI)

npx prisma@latest bootstrap --api-key "$PRISMA_API_KEY" --database "db_abc123"

Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

... (truncated)

Commits

• f2ca67e feat: pg statement name generator (#29395)
• 4131568 fix: set @​types/pg to ^8.16.0 (#29390)
• 33667c3 fix(adapter-pg): handle both quoted/unquoted column names in ColumnNotFound e...
• e97b3e0 feat(adapter-pg): accept connection string URL in PrismaPg constructor (#29287)
• fc38fb7 Make @​types/pg a direct dependency of adapter-pg (#29277)
• 6091e02 feat: add support for nested transaction rollbacks via savepoints in sql (#21...
• See full diff in compare view

Updates @prisma/client from 7.3.0 to 7.7.0

Release notes

Sourced from @​prisma/client's releases.

7.7.0

Today, we are excited to share the 7.7.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

prisma bootstrap command

A new prisma bootstrap command (#29374, #29424) sequences the full Prisma Postgres setup into a single interactive flow. It detects the current project state and runs only the steps that are needed:

1. Init or scaffold — In an empty directory, offers a choice of 10 starter templates (Next.js, Express, Hono, Fastify, Nuxt, SvelteKit, Remix, React Router 7, Astro, NestJS) from prisma-examples. In an existing project without a schema, runs prisma init.
2. Link — Authenticates via the browser and connects to a Prisma Postgres database. Skips if already linked.
3. Install dependencies — Detects the package manager and offers to install missing @prisma/client, prisma, and dotenv.
4. Migrate — Runs prisma migrate dev if the schema contains models.
5. Generate — Runs prisma generate.
6. Seed — Runs prisma db seed if a seed script is configured.

Each side-effecting step prompts for confirmation. Re-running the command skips already-completed steps.

Basic usage

npx prisma@latest bootstrap

With a starter template

npx prisma@latest bootstrap --template nextjs

Non-interactive (CI)

npx prisma@latest bootstrap --api-key "$PRISMA_API_KEY" --database "db_abc123"

Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

... (truncated)

Commits

• 6a3c3cc chore: extract parameterization to client-engine-runtime (#29422)
• 5b420f8 fix(client): prevent caching of createMany queries to avoid cache bloat and p...
• 30f0af6 feat: dmmf streaming with an E2E test (#29377)
• 14c3c2e fix: pin E2E typescript to prevent 6 upgrade (#29383)
• ecae3b6 chore(deps): update engines to 7.6.0-1.75cbdc1eb7150937890ad5465d861175c66247...
• 309b4bc refactor: extract 'prisma-client-js' into PRISMA_CLIENT_JS_PROVIDER constant ...
• ccce148 chore(deps): update engines to 7.5.0-15.280c870be64f457428992c43c1f6d557fab6e...
• de1c376 chore(deps): update engines to 7.5.0-14.d684c195f0a8bfb0ba8ca628416376df0625b...
• ea93809 fix: fix DATE cursor comparison (#29327)
• f8e742a chore(deps): update engines to 7.5.0-13.0f1690a1b5dcd01b5341a4f411f07767f1f76...
• Additional commits viewable in compare view

Updates next-auth from 4.24.13 to 4.24.14

Release notes

Sourced from next-auth's releases.

next-auth@4.24.14

Bugfixes

• providers: add issuer to GitHub provider for RFC 9207 compliance (#13412)

GitHub now returns an iss parameter in OAuth callbacks. openid-client validates it unconditionally, which was breaking authentication for apps that didn't configure an issuer. This sets the default GitHub provider issuer to https://github.com/login/oauth.

Commits

• e9a892a chore(release): bump version [skip ci]
• 0497da4 fix(providers): add issuer to github (#13412)
• See full diff in compare view

Maintainer changes

This version was pushed to npm by better-gustavo, a new releaser for next-auth since your current version.

Updates react from 19.2.4 to 19.2.5

Release notes

Sourced from react's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates @types/react from 19.2.10 to 19.2.14

Commits

• See full diff in compare view

Updates react-dom from 19.2.4 to 19.2.5

Release notes

Sourced from react-dom's releases.

19.2.5 (April 8th, 2026)

React Server Components

• Add more cycle protections (#36236 by @​eps1lon and @​unstubbable)

Commits

• 23f4f9f 19.2.5
• See full diff in compare view

Updates sass from 1.97.3 to 1.99.0

Release notes

Sourced from sass's releases.

Dart Sass 1.99.0

To install Sass 1.99.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

• Add support for parent selectors (&) at the root of the document. These are emitted as-is in the CSS output, where they're interpreted as the scoping root.

• User-defined functions named calc or clamp are no longer forbidden. If such a function exists without a namespace in the current module, it will be used instead of the built-in calc() or clamp() function.

• User-defined functions whose names begin with - and end with -expression, -url, -and, -or, or -not are no longer forbidden. These were originally intended to match vendor prefixes, but in practice no vendor prefixes for these functions ever existed in real browsers.

• User-defined functions named EXPRESSION, URL, and ELEMENT, those that begin with - and end with -ELEMENT, as well as the same names with some lowercase letters are now deprecated, These are names conflict with plain CSS functions that have special syntax.

  See the Sass website for details.

• In a future release, calls to functions whose names begin with - and end with -expression and -url will no longer have special parsing. For now, these calls are deprecated if their behavior will change in the future.

  See the Sass website for details.

• Calls to functions whose names begin with - and end with -progid:... are deprecated.

  See the Sass website for details.

See the full changelog for changes in earlier releases.

Dart Sass 1.98.0

To install Sass 1.98.0, download one of the packages below and add it to your PATH, or see the Sass website for full installation instructions.

Changes

Command-Line Interface

• Gracefully handle dependency loops in --watch mode.

Dart API

• Add a const Logger.defaultLogger field. This provides a logger that emits to standard error or the browser console, but automatically chooses whether to use terminal colors.

JavaScript API

• Fix a crash when manually constructing a SassCalculation for 'calc' with an argument that can't be simplified.

... (truncated)

Changelog

Sourced from sass's changelog.

1.99.0

• Add support for parent selectors (&) at the root of the document. These are emitted as-is in the CSS output, where they're interpreted as the scoping root.

• User-defined functions named calc or clamp are no longer forbidden. If such a function exists without a namespace in the current module, it will be used instead of the built-in calc() or clamp() function.

• User-defined functions whose names begin with - and end with -expression, -url, -and, -or, or -not are no longer forbidden. These were originally intended to match vendor prefixes, but in practice no vendor prefixes for these functions ever existed in real browsers.

• User-defined functions named EXPRESSION, URL, and ELEMENT, those that begin with - and end with -ELEMENT, as well as the same names with some lowercase letters are now deprecated, These are names conflict with plain CSS functions that have special syntax.

  See the Sass website for details.

• In a future release, calls to functions whose names begin with - and end with -expression and -url will no longer have special parsing. For now, these calls are deprecated if their behavior will change in the future.

  See the Sass website for details.

• Calls to functions whose names begin with - and end with -progid:... are deprecated.

  See the Sass website for details.

1.98.0

Command-Line Interface

• Gracefully handle dependency loops in --watch mode.

Dart API

• Add a const Logger.defaultLogger field. This provides a logger that emits to standard error or the browser console, but automatically chooses whether to use terminal colors.

JavaScript API

• Fix a crash when manually constructing a SassCalculation for 'calc' with

... (truncated)

Commits

• 83c39fe Support the top-level parent selector (#2758)
• ec85871 Bump EndBug/add-and-commit from 9 to 10 (#2756)
• a604acd [Function Name] Implement changes (#2731)
• 5a81ae3 Bump version to 1.98.0 (#2754)
• e25e71d Update immutable to v5.1.5 (#2753)
• 43fac1a Bump actions/upload-artifact from 6 to 7 (#2747)
• 8b85c9a Bump actions/download-artifact from 7 to 8 (#2749)
• 00f83f0 Bump postcss from 8.5.6 to 8.5.8 in /pkg/sass-parser (#2752)
• 0a325a4 Bump actions/attest-build-provenance from 3 to 4 (#2748)
• 7fb3c0f Gracefully handle dependency loops in watch mode (#2746)
• Additional commits viewable in compare view

Updates @stylistic/stylelint-plugin from 5.0.1 to 5.1.0

Release notes

Sourced from @​stylistic/stylelint-plugin's releases.

Release v5.1.0

Added

• The no-multiple-whitespaces rule, which disallows multiple whitespaces between property values and function arguments.

Fixed

• The dependencies have now been updated to versions that include security fixes.

Changelog

Sourced from @​stylistic/stylelint-plugin's changelog.

[5.1.0] — 2026–03–28

Added

• The no-multiple-whitespaces rule, which disallows multiple whitespaces between property values and function arguments.

Fixed

• The dependencies have now been updated to versions that include security fixes.

Commits

• f9dc380 5.1.0
• 8623888 Add no-multiple-whitespaces rule
• a45a777 Update dependencies
• 61be92e Make .editorconfig non-root
• 8d9a904 Disallow array reduction
• 347c8f7 Disallow parameter reassignment
• e85bd43 Fix jsDoc comments
• f654e68 Replace eslint with oxlint
• 3b48d00 fixup! Change pre-commit hook
• See full diff in compare view

Updates @types/react from 19.2.10 to 19.2.14

Commits

• See full diff in compare view

Updates eslint-config-next from 16.1.6 to 16.2.4

Release notes

Sourced from eslint-config-next's releases.

v16.2.4

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• chore: Bump reqwest to 0.13.2 (Fixes Google Fonts with Turbopack for Windows on ARM64) (#92713)
• Turbopack: fix filesystem watcher config not applying follow_symlinks(false) (#92631)
• Scope Safari ?ts= cache-buster to CSS/font assets only (Pages Router) (#92580)
• Compiler: Support boolean and number primtives in next.config defines (#92731)
• turbo-tasks: Fix recomputation loop by allowing cell cleanup on error during recomputation (#92725)
• Turbopack: shorter error for ChunkGroupInfo::get_index_of (#92814)
• Turbopack: shorter error message for ModuleBatchesGraph::get_entry_index (#92828)
• Adding more system info to the 'initialize project' trace (#92427)

Credits

Huge thanks to @​Badbird5907, @​lukesandberg, @​andrewimm, @​sokra, and @​mischnic for helping!

v16.2.3

[!NOTE] This release is backporting security and bug fixes. For more information about the fixed security vulnerability, please see https://vercel.com/changelog/summary-of-cve-2026-23869. The release does not include all pending features/changes on canary.

Core Changes

• Ensure app-page reports stale ISR revalidation errors via onRequestError (#92282)
• Fix [Bug]: manifest.ts breaks HMR in Next.js 16.2 (#91981 through #92273)
• Deduplicate output assets and detect content conflicts on emit (#92292)
• Fix styled-jsx race condition: styles lost due to concurrent rendering (#92459)
• turbo-tasks-backend: stability fixes for task cancellation and error handling (#92254)

Credits

Huge thanks to @​icyJoseph, @​sokra, @​wbinnssmith, @​eps1lon and @​ztanner for helping!

v16.2.2

[!NOTE] This release is backporting bug fixes. It does not include all pending features/changes on canary.

Core Changes

• backport: Move expanded adapters docs to API reference (#92115) (#92129)
• Backport: TypeScript v6 deprecations for baseUrl and moduleResolution (#92130)
• [create-next-app] Skip interactive prompts when CLI flags are provided (#91840)
• next.config.js: Accept an option for serverFastRefresh (#91968)
• Turbopack: enable server HMR for app route handlers (#91466)
• Turbopack: exclude metadata routes from server HMR (#92034)
• Fix CI for glibc linux builds
• Backport: disable bmi2 in qfilter #92177
• [backport] Fix CSS HMR on Safari (#92174)

... (truncated)

Commits

• 2275bd8 v16.2.4
• d5f649b v16.2.3
• 52faae3 v16.2.2
• ed7d2ce v16.2.1
• c5c94df v16.2.0
• 3683192 v16.2.0-canary.104
• 6689814 v16.2.0-canary.103
• ad66dbc v16.2.0-canary.102
• b856498 v16.2.0-canary.101
• 136b77e v16.2.0-canary.100
• Additional commits viewable in compare view

Updates stylelint from 17.5.0 to 17.8.0

Release notes

Sourced from stylelint's releases.

17.8.0

It adds 3 new rules and 1 configuration property.

• Added: languageOptions.directionality configuration property (#8687) (@​sw1tch3roo).
• Added: property-layout-mappings rule (#8687) (@​sw1tch3roo).
• Added: relative-selector-nesting-notation rule (#8730) (@​sw1tch3roo).
• Added: selector-no-deprecated rule (#8694) (@​immitsu).

17.7.0

It fixes 4 bugs, including clearer problem messages by removing filler words and leading with the problem. We've also released 1.0.0 of create-stylelint to help with first-time Stylelint setup.

• Fixed: clarity of problem messages (#9199) (@​jeddy3).
• Fixed: --print-config CLI flag to hide internal properties (#9194) (@​ybiquitous).
• Fixed: function-url-quotes false positives when URLs have modifiers (#8702) (@​immitsu).
• Fixed: selector-no-qualifying-type false positives for :has() (#9182) (@​romainmenke).

17.6.0

It adds support for extending units in languageOptions, which then apply to rules like declaration-property-value-no-unknown, and fixes 2 bugs.

• Added: support for extending units to languageOptions (#9166) (@​jeddy3).
• Fixed: missing ruleMetadata when linting multiple files with overrides (#9154) (@​kovsu).
• Fixed: custom-property-no-missing-var-function false positives for timeline-scope and animation-timeline (#9164) (@​splincode).

Changelog

Sourced from stylelint's changelog.

17.8.0 - 2026-04-15

It adds 3 new rules and 1 configuration property.

• Added: languageOptions.directionality configuration property (#8687) (@​sw1tch3roo).
• Added: property-layout-mappings rule (#8687) (@​sw1tch3roo).
• Added: relative-selector-nesting-notation rule (#8730) (@​sw1tch3roo).
• Added: selector-no-deprecated rule (#8694) (@​immitsu).

17.7.0 - 2026-04-12

It fixes 4 bugs, including clearer problem messages by removing filler words and leading with the problem. We've also released 1.0.0 of create-stylelint to help with first-time Stylelint setup.

• Fixed: clarity of problem messages (#9199) (@​jeddy3).
• Fixed: --print-config CLI flag to hide internal properties (#9194) (@​ybiquitous).
• Fixed: function-url-quotes false positives when URLs have modifiers (#8702) (@​immitsu).
• Fixed: selector-no-qualifying-type false positives for :has() (#9182) (@​romainmenke).

17.6.0 - 2026-03-26

It adds support for extending units in languageOptions, which then apply to rules like declaration-property-value-no-unknown, and fixes 2 bugs.

• Added: support for extending units to languageOptions (#9166) (@​jeddy3).
• Fixed: missing ruleMetadata when linting multiple files with overrides (#9154) (@​kovsu).
• Fixed: custom-property-no-missing-var-function false positives for timeline-scope and animation-timeline (#9164) (@​splincode).

Commits

• b329c6f Release 17.8.0 (#9217)
• e9a4877 Bump postcss from 8.5.8 to 8.5.9 in the postcss group (#9216)
• 0dc0d02 Bump eslint from 10.1.0 to 10.2.0 in the eslint group (#9215)
• 4978eaf Document selector-no-deprecated not yet in config (#9211)
• 9ca941e Add relative-selector-nesting-notation rule (#8730)
• 06807ce Add selector-no-deprecated rule (#8694)
• 16a6090 Add property-layout-mappings rule (#8687)
• 0b9b48b Release 17.7.0 (#9210)
• d0c992e Fix function-url-quotes false positives when URLs have modifiers (#8702)
• 64d07a8 Fix clarity of problem messages (#9199)
• Additional commits viewable in compare view

Updates ts-jest from 29.4.6 to 29.4.9

Release notes

Sourced from ts-jest's releases.

v29.4.9

Please refer to CHANGELOG.md for details.

v29.4.8

No release notes provided.

v29.4.7

Please refer to CHANGELOG.md for details.

Changelog

Sourced from ts-jest's changelog.

29.4.7 (2026-04-01)

Features

• support TypeScript v6 (eda517d)

Commits

• bac2e77 chore(release): bump version to 29.4.9
• f8a9cc9 fix: use correct registry for npm OIDC trusted publishing
• e2eec26 fix: npm permissions
• 263f2ac chore: remove npm auth token
• 5df0e45 OIDC
• f82c144 Merge pull request #5250 from kulshekhar/copilot/bump-patch-version
• e6ec5ae Update CHANGELOG.md
• 62c3199 Update CHANGELOG.md
• 052e751 Bump patch version to 29.4.7
• f79e77b Merge pull request #5249 from ext/feature/ts6-peer
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by [GitHub Actions](https://www.npmjs.com/~GitHub Actions), a new releaser for ts-jest since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions