Avatar for the prisma user
prisma
prisma
BlogDocsChangelog

Performance History

Latest Results

feat: Added server.address and server.port otel attributes
jsumners-nr:add-otel-attribs
1 day ago
fix(cli): guard formatGlobalLocalVersionMismatchWarning against empty input The exported formatter dereferenced mismatches[0] without a length check, so passing an empty array would throw instead of returning a warning. Return an empty string up front when there is nothing to warn about.
barobaonguyen:fix/issue-1911-version-mismatch-warning
5 days ago
feat(adapter-pg): set schema from PoolConfig.connectionString
aartoni:fix/adapter-pg-honor-schema
6 days ago
Harden ~/.config/prisma-platform/auth.json file permissions to 0o600 CredentialsStore.writeCredentialsToDisk writes the Prisma Platform OAuth tokens (token + refreshToken per workspaceId) to the auth file via writeFile(this.authFilePath, JSON.stringify(data, null, 2)) with no mode option. Node's default 0o666 masked by umask 022 gives 0o644 on macOS Terminal and most Linux defaults, so the file ends up world-readable. The surrounding directory was likewise being created at 0o755 via mkdir(... { recursive: true }) with no mode. Any local account or process that can traverse the home directory can recover the token + refreshToken and call the Prisma Platform management API as the user. This commit: - Adds `chmod` to the fs/promises imports. - Passes `{ mode: 0o600 }` to writeFile and `{ mode: 0o700 }` to mkdir. - Adds a follow-up chmod for both file and directory so pre-existing installs converge to 0o600/0o700 on the next save. Per Node docs, fs.chmod on Windows silently no-ops bits it cannot set, so no try/catch wrapper is needed (and wrapping in catch would mask real POSIX EPERM errors). Mirrors industry-baseline credential-file handling (GitHub CLI, AWS CLI, Google Cloud SDK, Stripe CLI, PlanetScale CLI's keyring fallback, Pulumi StoreCredentials lockedfile.Write at 0o600). Related disclosure: GHSA-cgq2-43wx-qgpq.
JAE0Y2N:harden-credentials-store-perms
7 days ago
Harden ~/.config/prisma-platform/auth.json file permissions to 0o600 CredentialsStore.writeCredentialsToDisk writes the Prisma Platform OAuth tokens (token + refreshToken per workspaceId) to the auth file via writeFile(this.authFilePath, JSON.stringify(data, null, 2)) with no mode option. Node's default 0o666 masked by umask 022 gives 0o644 on macOS Terminal and most Linux defaults, so the file ends up world-readable. The surrounding directory was likewise being created at 0o755 via mkdir(... { recursive: true }) with no mode. Any local account or process that can traverse the home directory can recover the token + refreshToken and call the Prisma Platform management API as the user. This commit: - Adds `chmod` to the fs/promises imports. - Passes `{ mode: 0o600 }` to writeFile and `{ mode: 0o700 }` to mkdir. - Adds a follow-up chmod for both file and directory (wrapped in try/catch for Windows) so pre-existing installs converge to 0o600/0o700 on the next save. Mirrors industry-baseline credential-file handling (GitHub CLI, AWS CLI, Google Cloud SDK, Stripe CLI, PlanetScale CLI's keyring fallback, Pulumi StoreCredentials lockedfile.Write at 0o600). Related disclosure: GHSA-cgq2-43wx-qgpq. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
JAE0Y2N:harden-credentials-store-perms
7 days ago
chore(deps): bump postgres-bytea to 1.0.1 to drop Buffer() deprecation (#29538) ## Problem Reading a `Bytes` column through `@prisma/adapter-neon`, `@prisma/adapter-pg`, or `@prisma/adapter-ppg` emits Node.js `DEP0005` because `pg-types`' `BYTEA` parser is [`postgres-bytea@1.0.0`](https://www.npmjs.com/package/postgres-bytea/v/1.0.0), which still uses the deprecated `new Buffer(...)` constructor. ## Fix [`postgres-bytea@1.0.1`](https://www.npmjs.com/package/postgres-bytea/v/1.0.1) (released 2025-12-17) swaps `new Buffer(...)` for `Buffer.from || Buffer` and stays inside the `~1.0.0` range that `pg-types` declares, so a lockfile refresh is enough — no `package.json` or source changes are required. This commit updates the three `pnpm-lock.yaml` references (resolution block, snapshot block, and the single consumer entry under `pg-types@2.x`) from `1.0.0` to `1.0.1`. `pnpm install --lockfile-only --frozen-lockfile` round-trips cleanly. The previous version of this PR inlined a hand-written replacement parser across the three adapters. Thanks to @aqrln for [pointing out](https://github.com/prisma/prisma/pull/29538#issuecomment-4485884504) that the upstream fix had already landed and the change reduces to a transitive bump. Refs [`brianc/node-postgres#2426`](https://github.com/brianc/node-postgres/issues/2426).
main
8 days ago
chore(deps): bump postgres-bytea to 1.0.1 to drop Buffer() deprecation postgres-bytea 1.0.1 switches from `new Buffer(...)` to `Buffer.from || Buffer`, eliminating the Node.js DEP0005 deprecation warning that fired on every BYTEA column decoded through pg-types. 1.0.1 is within the existing `~1.0.0` range that pg-types declares, so this is a pure lockfile refresh — no package.json or source code changes are required.
kolia-zamnius:fix/bytea-buffer-deprecation
8 days ago
refactor(driver-adapter-utils): apply review nits in parseBytea - Replace `/^\\x/.test(input)` with `input.startsWith('\\x')`. - Drop the intermediate `output` string; push decoded bytes into a `number[]` and pass it to `Buffer.from` directly. Per review feedback on the open PR. Behaviour is unchanged — the hex, octal, paired-backslash + octal, ASCII passthrough and trailing-lone-\ cases all round-trip to the same bytes as before.
kolia-zamnius:fix/bytea-buffer-deprecation
8 days ago

Latest Branches

CodSpeed Performance Gauge
0%
feat: Added server.address and server.port otel attributes#29575
6 days ago
d6e73a1
jsumners-nr:add-otel-attribs
CodSpeed Performance Gauge
+1%
feat(cli): warn on global Prisma CLI vs local installed version mismatch#29578
5 days ago
bacea69
barobaonguyen:fix/issue-1911-version-mismatch-warning
CodSpeed Performance Gauge
0%
fix(adapter-pg): honor `?schema=` URL parameter for PostgreSQL schema routing#29521
28 days ago
97a0a71
aartoni:fix/adapter-pg-honor-schema
© 2026 CodSpeed Technology
Home Terms Privacy Docs