Bump the bun group across 1 directory with 9 updates

[dependabot]

Bumps the bun group with 9 updates in the / directory:

Package	From	To
@prisma/client	6.11.1	6.14.0
chalk	5.4.1	5.6.0
elysia	1.3.5	1.3.9
jose	6.0.11	6.0.12
prisma	6.11.1	6.14.0
radashi	12.6.0	12.6.1
@biomejs/biome	2.0.6	2.2.0
@types/bun	1.2.18	1.2.20
typescript	5.8.3	5.9.2

Updates @prisma/client from 6.11.1 to 6.14.0

Release notes

Sourced from @​prisma/client's releases.

6.14.0

Today, we are excited to share the 6.14.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

@unique attributes for SQL views (Preview)

Last release, we improved the robustness of SQL views defined in the Prisma schema. Views are virtual tables that don't allows for defining unique constraints, indexes or foreign keys in the underlying database.

However, as an application developer, it can be convenient to also define relationships involving views or paginate them using cursors. We've received this feedback from several people who had been using views in that way with Prisma ORM, so in this release we're re-introducing the @unique attribute for views. This attribute enables:

• relationships involving views
• findUnique queries, cursor-based pagination & implicit ordering for views

Here's an example schema using @unique and defining a relationship from a model to a view:

model User {
  id        Int            @id @default(autoincrement())
  email     String         @unique
  posts     Post[]
  stats     UserPostStats? @relation(fields: [email], references: [userEmail])
}
model Post {
id        Int      @​id @​default(autoincrement())
title     String
published Boolean  @​default(false)
createdAt DateTime @​default(now())
authorId  Int?
author    User?    @​relation(fields: [authorId], references: [id])
}
view UserPostStats {
userEmail        String    @​unique
totalPosts       BigInt?
publishedPosts   BigInt?
unpublishedPosts BigInt?
latestPostDate   DateTime? @​db.Timestamp(6)
user             User?
}

CREATE OR REPLACE VIEW "UserPostStats" AS
SELECT 
</tr></table> 

... (truncated)

Commits

• f1f2669 chore(deps): update engines to 6.14.0-25.717184b7b35ea05dfa71a3236b7af656013e...
• 71f115e chore: revert #27887 (#27889)
• 86b72d8 chore(deps): update engines to 6.14.0-24.944e9a8aab0cc8395d8eb5912777c1e5bebf...
• 9b0899d chore: don't build wasm-base64 cjs bundles (#27887)
• 21765b0 fix: ORM-850 improve client options type performance (#27777)
• f92c421 refactor(client): extract reusable parts of batch request handling (#27879)
• d9c590b chore(deps): update engines to 6.14.0-22.0b03dd192b3c1459e1142ba36decb4194ca1...
• 8420681 chore(deps): update engines to 6.14.0-20.21db42295e1eec1ae16580cd07cc0aefd0f2...
• 7dddc22 fix(qc): align tx manager errors (#27861)
• 07cc0bc chore(deps): update engines to 6.14.0-18.fbfd9bd6424bc01bfbd02a26ef00c2b14d01...
• Additional commits viewable in compare view

Updates chalk from 5.4.1 to 5.6.0

Release notes

Sourced from chalk's releases.

v5.6.0

• Make WezTerm terminal use true color a8f5bf7

---

chalk/chalk@v5.5.0...v5.6.0

v5.5.0

• Make Ghostty terminal use true color (#653) 79ee2d3

---

chalk/chalk@v5.4.1...v5.5.0

Commits

• 5c91505 5.6.0
• a8f5bf7 Make WezTerm terminal use true color
• 67db246 5.5.0
• 79ee2d3 Make Ghostty terminal use true color (#653)
• See full diff in compare view

Updates elysia from 1.3.5 to 1.3.9

Release notes

Sourced from elysia's releases.

1.3.9 - Flower of Dreamland

Named after 夢路の花 by Mitsukiyo

Elysia 1.3.9 is a significant milestone for Elysia Basically, it's a big release bug without new feature

We have reviewed and closed almost 300 issues updated and patched several bugs and edge cases and refactor some behavior to align with your expectations

We will now focus on the development of Elysia 1.4 You can submit a feature request / proposal at Elysia 1.3 feedback

Feature

• #932 add t.ArrayBuffer, t.Uint8Array

Bug fix

• #459 route prefix should give type error when prefix is not start with '/'
• #669 add nullable field to t.Nullable for OpenAPI 3.0 spec
• #711 set default headers for non-aot
• #713 NotFoundError doesn't call onAfterResponse hook
• #771 skip body parsing if Content-Type is present but body is not
• #747 mapResponse inside mapError override error value
• #812 check for minItems length before array validation
• #833 cookie signing doesn't work in dynamic mode
• #859 clean non-root additionalProperties
• #924 decode path param
• #985 Nullable accept options
• #1028 string | string[] query parameter, reference array
• #1120 cannot set multiple cookies when response is a file
• #1124 validate url encoded query
• #1158 prevent side-effect from guard merge
• #1162 handle encoded space in array query string
• #1267 parse without contentType headers throw Bad Request
• #1274 support .use(undefined | false) for conditional plugin
• #1276 mapResponse with set inference produce invalid instruction
• #1268 using number instead of stringifed value for reporting validation error
• #1288 handle array query string in dynamic mode
• #1294 return status from derive and resolve shouldn't call onError
• #1297, #1325 fix HTML imported pages in compiled apps
• #1319 fix array of plugin usage causes incorrect path aggregation
• #1323 don't duplicate error from plugin
• #1327 ensure that t.Date value is Date in Encode
• dynamic handle should handle named parser
• instanceof ElysiaCustomStatusResponse should return true when import from root Elysia module

Improvement

• remove finally from compose
• NotFoundError should parse query if inferred
• #853 Bun Static response now handle pre-compute onRequest, and onError

... (truncated)

Changelog

Sourced from elysia's changelog.

1.3.9 - 18 Aug 2025

Feature:

• #932 add t.ArrayBuffer, t.Uint8Array

Bug fix:

• #459 route prefix should give type error when prefix is not start with '/'
• #669 add nullable field to t.Nullable for OpenAPI 3.0 spec
• #711 set default headers for non-aot
• #713 NotFoundError doesn't call onAfterResponse hook
• #771 skip body parsing if Content-Type is present but body is not
• #747 mapResponse inside mapError override error value
• #812 check for minItems length before array validation
• #833 cookie signing doesn't work in dynamic mode
• #859 clean non-root additionalProperties
• #924 decode path param
• #985 Nullable accept options
• #1028 string | string[] query parameter, reference array
• #1120 cannot set multiple cookies when response is a file
• #1124 validate url encoded query
• #1158 prevent side-effect from guard merge
• #1162 handle encoded space in array query string
• #1267 parse without contentType headers throw Bad Request
• #1274 support .use(undefined | false) for conditional plugin
• #1276 mapResponse with set inference produce invalid instruction
• #1268 using number instead of stringifed value for reporting validation error
• #1288 handle array query string in dynamic mode
• #1294 return status from derive and resolve shouldn't call onError
• #1297, #1325 fix HTML imported pages in compiled apps
• #1319 fix array of plugin usage causes incorrect path aggregation
• #1323 don't duplicate error from plugin
• #1327 ensure that t.Date value is Date in Encode
• dynamic handle should handle named parser
• instanceof ElysiaCustomStatusResponse should return true when import from root Elysia module

Improvement:

• remove finally from compose
• NotFoundError should parse query if inferred
• #853 Bun Static response now handle pre-compute onRequest, and onError
• prettify ElysiaWS type
• export ElysiaCustomStatusResponse
• handle type-level status check in after response

Change:

• status no longer make value as readonly
• afterResponse now call after response by scheduling setImmediate
• update memoirist to 0.4.0
• update exact-mirror to 0.1.5

1.3.8 - 31 Jul 2025

Improvement:

... (truncated)

Commits

• dc44d08 📘 doc: document 1.3.9 release date
• 7b61f19 🎉 release: 1.3.9
• c84641e Merge pull request #1334 from DaxServer/main
• 9cd9dfa 🔧 fix: #1288 handle array query string in dynamic mode
• b2f5f0c 🔧 fix: #1267 parse without contentType headers throw Bad Request
• e15731a 🧹 chore: include environment and dynamic mode report for bug report
• 3b3700a 🔧 fix: #1158 prevent side-effect from guard merge
• bb1c093 🔧 fix: #1162 handle encoded space in array query string
• 6c4db4c chore: remove unused WSLocalHook import from types
• 6cacef5 🔧 fix: #1124 validate url encoded query
• Additional commits viewable in compare view

Updates jose from 6.0.11 to 6.0.12

Release notes

Sourced from jose's releases.

v6.0.12

Documentation

• add known caveats to customFetch (02e1f1e)
• mention the apu/apv parameter names in setKeyManagementParameters (6274d5a)
• update compact setKeyManagementParameters (2f44381)
• use GitHub Flavored Markdown for notes and warnings (f6b4ffc)

Refactor

• createPublicKey is not a constructor (61ded78)
• update asn1.ts helper functions (b2b611c)

Changelog

Sourced from jose's changelog.

6.0.12 (2025-07-15)

Documentation

• add known caveats to customFetch (02e1f1e)
• mention the apu/apv parameter names in setKeyManagementParameters (6274d5a)
• update compact setKeyManagementParameters (2f44381)
• use GitHub Flavored Markdown for notes and warnings (f6b4ffc)

Refactor

• createPublicKey is not a constructor (61ded78)
• update asn1.ts helper functions (b2b611c)

Commits

• 03f9940 chore(release): 6.0.12
• b2b611c refactor: update asn1.ts helper functions
• 61ded78 refactor: createPublicKey is not a constructor
• 6274d5a docs: mention the apu/apv parameter names in setKeyManagementParameters
• 2f44381 docs: update compact setKeyManagementParameters
• 746ca64 chore: bump packages
• e271ab6 chore: bump packages
• a67d67b chore: lock prettier until 3.6.0 issues with prettier-plugin-jsdoc get resolved
• 406797e ci: uninstall GitHubSecurityLab/actions-permissions
• 5e5e525 ci: uninstall GitHubSecurityLab/actions-permissions from build.yml
• Additional commits viewable in compare view

Updates prisma from 6.11.1 to 6.14.0

Release notes

Sourced from prisma's releases.

6.14.0

Today, we are excited to share the 6.14.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

@unique attributes for SQL views (Preview)

Last release, we improved the robustness of SQL views defined in the Prisma schema. Views are virtual tables that don't allows for defining unique constraints, indexes or foreign keys in the underlying database.

However, as an application developer, it can be convenient to also define relationships involving views or paginate them using cursors. We've received this feedback from several people who had been using views in that way with Prisma ORM, so in this release we're re-introducing the @unique attribute for views. This attribute enables:

• relationships involving views
• findUnique queries, cursor-based pagination & implicit ordering for views

Here's an example schema using @unique and defining a relationship from a model to a view:

model User {
  id        Int            @id @default(autoincrement())
  email     String         @unique
  posts     Post[]
  stats     UserPostStats? @relation(fields: [email], references: [userEmail])
}
model Post {
id        Int      @​id @​default(autoincrement())
title     String
published Boolean  @​default(false)
createdAt DateTime @​default(now())
authorId  Int?
author    User?    @​relation(fields: [authorId], references: [id])
}
view UserPostStats {
userEmail        String    @​unique
totalPosts       BigInt?
publishedPosts   BigInt?
unpublishedPosts BigInt?
latestPostDate   DateTime? @​db.Timestamp(6)
user             User?
}

CREATE OR REPLACE VIEW "UserPostStats" AS
SELECT 
</tr></table> 

... (truncated)

Commits

• 21765b0 fix: ORM-850 improve client options type performance (#27777)
• 114dd96 fix(client): prisma-client generator with moduleFormat = "cjs" (#27828)
• ddc1046 chore(cli): Moved MCP.ts to mcp directory, added mcp/README.md, and r… (#27631)
• cb67f68 fix: fix flacky cli test due to time formatting (#27762)
• c7f5a71 chore(deps): update engines to 6.13.0-33.4c9c25c84cf1a4c0744a0b15acab20e1c91c...
• 2dcebb3 feat(config): add migrations.seed support (#27724)
• 86b31c2 fix(config): e2e tests (#27725)
• 4ba02d2 feat(config): display warning when package.json#prisma is detected when loa...
• ecd6c1a feat(config): remove earlyAccess: true in favor of scoped experimental flags ...
• c23cfd5 chore(config): update log/warn/error messages to reflect recent prisma.config...
• Additional commits viewable in compare view

Updates radashi from 12.6.0 to 12.6.1

Release notes

Sourced from radashi's releases.

v12.6.1

Fixed

• (group) Use Object.create(null) for the returned object in 5db8c37

Changelog

Sourced from radashi's changelog.

[radashi@12.6.1] - 2025-08-09

Details

Fixed

• (group) Use Object.create(null) for the returned object in 5db8c37

Commits

• 2e880d5 chore(release): 12.6.1
• 5db8c37 fix(group): use Object.create(null) for the returned object (#427)
• 53f3e0e chore(docs): mention upperize and lowerize in the mapKeys docs
• 1e3adbd chore: fix build badge in README-pt_br.md
• 4787f81 chore(docs): fix broken link
• 7d40c7d chore: fix typo in mdx file
• 9d7964c chore: fix reference link
• See full diff in compare view

Updates @biomejs/biome from 2.0.6 to 2.2.0

Release notes

Sourced from @​biomejs/biome's releases.

Biome CLI v2.2.0

2.2.0

Minor Changes

• #5506 1f8755b Thanks @​sakai-ast! - The noRestrictedImports rule has been enhanced with a new patterns option. This option allows for more flexible and powerful import restrictions using gitignore-style patterns.

  You can now define patterns to restrict entire groups of modules. For example, you can disallow imports from any path under import-foo/ except for import-foo/baz.

  {
    "options": {
      "patterns": [
        {
          "group": ["import-foo/*", "!import-foo/baz"],
          "message": "import-foo is deprecated, except for modules in import-foo/baz."
        }
      ]
    }
  }

  Invalid examples

  import foo from "import-foo/foo";
  import bar from "import-foo/bar";

  Valid examples

  import baz from "import-foo/baz";

  Additionally, the patterns option introduces importNamePattern to restrict specific import names using regular expressions. The following example restricts the import names that match x , y or z letters from modules under import-foo/.

  {
    "options": {
      "patterns": [
        {
          "group": ["import-foo/*"],
          "importNamePattern": "[xyz]"
        }
      ]
    }
  }

... (truncated)

Changelog

Sourced from @​biomejs/biome's changelog.

2.2.0

Minor Changes

• #5506 1f8755b Thanks @​sakai-ast! - The noRestrictedImports rule has been enhanced with a new patterns option. This option allows for more flexible and powerful import restrictions using gitignore-style patterns.

  You can now define patterns to restrict entire groups of modules. For example, you can disallow imports from any path under import-foo/ except for import-foo/baz.

  {
    "options": {
      "patterns": [
        {
          "group": ["import-foo/*", "!import-foo/baz"],
          "message": "import-foo is deprecated, except for modules in import-foo/baz."
        }
      ]
    }
  }

  Invalid examples

  import foo from "import-foo/foo";
  import bar from "import-foo/bar";

  Valid examples

  import baz from "import-foo/baz";

  Additionally, the patterns option introduces importNamePattern to restrict specific import names using regular expressions. The following example restricts the import names that match x , y or z letters from modules under import-foo/.

  {
    "options": {
      "patterns": [
        {
          "group": ["import-foo/*"],
          "importNamePattern": "[xyz]"
        }
      ]
    }
  }

... (truncated)

Commits

• e1ba03c chore: restore version and use different runner
• 1b783c8 chore: revert version
• ee7ec19 chore: update version and lockfile
• 9b3ff65 chore: revert version
• 5b6c6ed ci: release (#7157)
• 0667478 chore: fix various typos across codebase (#7216)
• f66209b chore: fix typos in biome formatter and grit crates (#7207)
• a3840ac Merge pull request #7167 from biomejs/next
• 13bbbc1 chore: add Vercel to sponsors (#7200)
• 7d00fdd [autofix.ci] apply automated fixes
• Additional commits viewable in compare view

Updates @types/bun from 1.2.18 to 1.2.20

Commits

• See full diff in compare view

Updates typescript from 5.8.3 to 5.9.2

Release notes

Sourced from typescript's releases.

TypeScript 5.9

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).
• No specific changes for TypeScript 5.9.2 (Stable)

Downloads are available on:

• npm

TypeScript 5.9 RC

For release notes, check out the release announcement

• fixed issues query for Typescript 5.9.0 (Beta).
• fixed issues query for Typescript 5.9.1 (RC).

Downloads are available on:

• npm

TypeScript 5.9 Beta

For release notes, check out the release announcement.

• fixed issues query for Typescript 5.9.0 (Beta).

Downloads are available on:

• npm

Commits

• be86783 Give more specific errors for verbatimModuleSyntax (#62113)
• 22ef577 LEGO: Pull request from lego/hb_5378966c-b857-470a-8675-daebef4a6da1_20250714...
• d5a414c Don't use noErrorTruncation when printing types with maximumLength set (#...
• f14b5c8 Remove unused and confusing dom.iterable.d.ts file (#62037)
• 2778e84 Restore AbortSignal.abort (#62086)
• 65cb4bd LEGO: Pull request from lego/hb_5378966c-b857-470a-8675-daebef4a6da1_20250710...
• 9e20e03 Clear out checker-level stacks on pop (#62016)
• 87740bc Fix for Issue 61081 (#61221)
• 833a8d4 Fix Symbol completion priority and cursor positioning (#61945)
• 0018c9f LEGO: Pull request from lego/hb_5378966c-b857-470a-8675-daebef4a6da1_20250702...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Join our Discord community for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbitai help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.