chore(deps-dev): bump prisma from 5.20.0 to 5.22.0

[dependabot]

Bumps prisma from 5.20.0 to 5.22.0.

Release notes

Sourced from prisma's releases.

5.22.0

Today, we are excited to share the 5.22.0 stable release 🎉

🌟 Help us spread the word about Prisma by starring the repo ☝️ or posting on X about the release.

Highlights

Further Tracing Improvements

In our ongoing effort to stabilize the tracing Preview feature, we’ve made our spans compliant with OpenTelemetry Semantic Conventions for Database Client Calls. This should lead to better compatibility with tools such as DataDog and Sentry.

We’ve also included numerous bug fixes that should make this Preview feature easier to work with.

Metrics bug fix

Occasionally, connection pool metrics would become negative or grow unbounded. In this release, connection pool metrics should stay consistent.

Connection Pool Timeout fix

In a specific case, there could be issues where fetching a new connection from the connection pool would time out, regardless of the state of the application and connection pool. If you have experience connection pool issues accessing a PostgreSQL database with TLS encryption in a resource-constrained environment (such as Function-as-a-Service offerings or very small VPS) this should resolve those issues.

Special thanks to @​youxq for their pull request and help resolving this issue!

Join us

Looking to make an impact on Prisma in a big way? We're hiring!

Learn more on our careers page: https://www.prisma.io/careers

Fixes and improvements

Prisma Migrate

• removing @unique in schema.prisma does not generate SQL to do so

Prisma

• Prisma generate randomly fails on Ubuntu due to missing internal .so libquery_engine-debian-openssl-1.1.x.so.node
• Timed out fetching a new connection from the connection pool.
• Some prisma:engine:connection spans have no parent
• Query-related spans outside of prisma:engine:itx_runner are disconnected from the tree
• Tracing with dataproxy/mini-proxy: itx_runner span and it's children are missing sometimes
• Incorrect OpenTelemetry span reported by Prisma
• OTEL spans are not recognised as spans from a database
• SQL Injection bug - D1 adaptor throws "Conversion failed: expected a datetime string in column" when string column contains any ISO date
• Prisma generate randomly fails on Ubuntu due to missing internal .so libquery_engine-debian-openssl-1.1.x.so.node

Credits

Huge thanks to @​tmm1, @​Takur0, @​hinaloe, @​andyjy, and @​youxq for helping!

... (truncated)

Commits

• 85e9f0b feat(cli): add new promo survey for Prisma 5.22 (#25590)
• c64991b feat: integrate iTX and tracing refactor (#25285)
• 738d5b7 fix(cli): prisma version --json suppress dotenv message (#25535)
• 3c61d1a fix(cli): replace http with https in prisma generate message (#25459)
• 252920b chore(cli): Bump prisma studio (#25431)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[stackblitz]

Run & review this pull request in StackBlitz Codeflow.

[secure-code-warrior-for-github]

Micro-Learning Topic: SQL injection (Detected by phrase)

Matched on "SQL Injection"

What is this? (2min video)

This is probably one of the two most exploited vulnerabilities in web applications and has led to a number of high profile company breaches. It occurs when an application fails to sanitize or validate input before using it to dynamically construct a statement. An attacker that exploits this vulnerability will be able to gain access to the underlying database and view or modify data without permission.

Try a challenge in Secure Code Warrior

Helpful references

• PHP SQL Injection Page - A detailed page on SQL injection in the online PHP manual.
• OWASP SQL Injection Prevention Cheat Sheet - This article is focused on providing clear, simple, actionable guidance for preventing SQL Injection flaws in your applications.
• OWASP SQL Injection - OWASP community page with comprehensive information about SQL injection, and links to various OWASP resources to help detect or prevent it.
• OWASP Query Parameterization Cheat Sheet - A derivative work of the OWASP SQL Injection Prevention Cheat Sheet focused on SQL query parameterization.
• Preventing SQL Injection Attacks With Python - A tutorial on crafting parameterized queries, SQL composition and safe query execution in Python.

[netlify]

✅ Deploy Preview for realworld-docs ready!

Name	Link
🔨 Latest commit	c188766
🔍 Latest deploy log	https://app.netlify.com/sites/realworld-docs/deploys/67322b42c3d234000880d49a
😎 Deploy Preview	https://deploy-preview-1620--realworld-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[netlify]

❌ Deploy Preview for frabjous-strudel-0577e0 failed.

Name	Link
🔨 Latest commit	c188766
🔍 Latest deploy log	https://app.netlify.com/sites/frabjous-strudel-0577e0/deploys/67322b4276806300084936c9

[dependabot]

Superseded by #1633.