weekly changelog digest

Prisma changelog digest

Jul 14 - Jul 20, 2025. Useful releases, risky migrations, and noisy updates from the Prisma channel.

Most useful

Most risky

Noise filtered

No matching updates in this bucket.

all updates

Prisma updates in 2025-w29

4 updates

Node.js11 months agoJul 15, 2025, 10:17 PMUsefulAI-assisted summary

score 0

~Fixed CVE‑2025‑27210: prevented Windows reserved device names (CON, PRN, AUX) from bypassing path.normalize() protection.
~Updated lib to correctly handle all Windows reserved driver names.

Security-relevantsecuritybugfixsource failing

Node.js11 months agoJul 15, 2025, 10:17 PMUsefulAI-assisted summary

score 0

~- Fixed CVE‑2025‑27210 by handling Windows reserved device names (CON, PRN, AUX) and tightening path.normalize() traversal protection.
~- Updated lib to block reserved driver names on Windows.
~- Patched MSVS v17.14 compilation issue on Windows builds.

Security-relevantsecuritybugfixsource failing

Node.js11 months agoJul 15, 2025, 10:17 PMUsefulAI-assisted summary

score 0

~Patched CVE-2025-27209: mitigated HashDoS in V8 by reverting recent rapidhash changes.
~Patched CVE-2025-27210: fixed Windows reserved device names (CON, PRN, AUX) bypass in path.normalize().
~Updated V8 dependency and added handling for all Windows reserved driver names.

Security-relevantsecuritybugfixsource failing

Prisma11 months agoJul 15, 2025, 03:58 PMUsefulAI-assisted summary

score 0

+Introduced preview of an ESM‑compatible Prisma client generator, set to become the default in v7
~Added early‑access `migrations` and `views` fields to prisma.config.ts for custom file locations
~Released a Management API for programmatic Prisma Postgres provisioning and updated the Prisma Console navigation UI

featuredocsminorsource failingLast checked 2 days ago