CVE-2022-32210

Advisory

Prisma 0.7.1 (Python client) includes by default Prisma 3.13.0 binaries. They include a NPM dependency (undici), which has known vulnerabilities.
https://github.com/RobertCraigie/prisma-client-py/blob/main/src/prisma/_config.py#L22
https://github.com/prisma/prisma/commit/6146d3df111e6c33353bae2d8005387f197017fd

Affected package

Affected versions

Fixed versions

Vulnerability changelog

We're excited to share the `4.0.0` stable release today. 🎉

Prisma `4.0.0` features a variety of improvements across Prisma Migrate, Prisma schema, and Prisma Client. These changes will impact most Prisma users, particularly those who used some of our most popular Preview features around advanced index management, raw SQL queries, and filtering rows by properties of JSON.

As this is a major release, we included many breaking bug fixes and other enhancements, but we believe upgrading is worthwhile. You can learn about upgrading in our [Prisma 4 Upgrade guide](https://www.prisma.io/docs/guides/upgrade-guides/upgrading-versions/upgrading-to-prisma-4) and the [Prisma 4 Upgrade video](https://www.youtube.com/watch?v=FSjkBrfaoEY).

🌟 **Help us spread the word about Prisma by starring the repo or [tweeting](https://twitter.com/intent/tweet?text=Check%20out%20the%20latest%20prisma%20release%20v4.0.0%20%F0%9F%9A%80%0D%0A%0D%0Ahttps://github.com/prisma/prisma/releases/tag/4.0.0) about the release.** 🌟

Major improvements

Here's a TL;DR:
- **Preview features moved to [General Availability](https://www.prisma.io/docs/about/prisma/releases#generally-available-ga)**
- `extendedIndexes`
- `filterJson`
- `improvedQueryRaw`
- **Improvements to the Prisma Schema**
- Defaults values for scalar lists (arrays)
- Improved default support for embedded documents in MongoDB
- Explicit unique constraints for 1:1 relations
- Removed support for usage of `references` on implicit m:n relations
- Enforcing uniqueness of referenced fields in the `references` argument in 1:1 and 1:m relations for MySQL
- Removal of undocumented support for the `type` alias
- Removal of the `sqlite` protocol for SQLite URLs
- Better grammar for string literals
- **New Prisma Client APIs**
- `findUniqueOrThrow`
- `findFirstOrThrow`
- **General improvements**
- Deprecating `rejectOnNotFound`
- Fix rounding errors on big numbers in SQLite
- `DbNull`, `JsonNull`, and `AnyNull` are now objects
- Prisma Studio updates
- Dropped support for Node 12
- New default sizes for statement cache
- Renaming of `prisma/sdk` npm package to `prisma/internals`
- Removal of the internal `schema` property from the generated Prisma Client

`extendedIndexes` is now Generally Available

Starting with this release, we're excited to announce that `extendedIndexes` is now Generally Available! 🚀

diff
generator client {
provider = "prisma-client-js"
- previewFeatures = ["extendedIndexes"]
}


We introduced `extendedIndexes` in `3.5.0` and have constantly been shipping improvements in the subsequent releases to the configuration of indexes.

You can now configure indexes in your Prisma schema with the `index` attribute to define the kind of index that should be created in your database. You can configure the following indexes in your Prisma Schema:

<details>
<summary> Sort, sort order, and length</summary>

The `length` argument is available on MySQL on the `id`, `id`, `unique`, `unique`, and` index` fields. It allows Prisma to support indexes and constraints on `String` with a `TEXT` native type and `Bytes` types.

The `sort` argument is available for all databases on the `unique`, `unique`, and `index` fields. SQL Server also allows it on `id` and `id`.

prisma
datasource db {
provider = "mysql"
url = env("DATABASE_URL")
}

model Post {
title String db.VarChar(300)
abstract String db.VarChar(3000)
slug String unique(sort: Desc, length: 42) db.VarChar(3000)
author String
created_at DateTime

id([title(length: 100), abstract(length: 10)])
index([author, created_at(sort: Desc)])
}


</details>

<details>
<summary>
Hash indexes for PostgreSQL </summary>

prisma
datasource db {
provider = "postgresql"
url = env("DATABASE_URL")
}

model A {
id Int id
value Int

index([value], type: Hash)
}

</details>

<details>
<summary>
<code>GIN</code>, <code>GiST</code>, <code>SP-GiST</code> and <code>BRIN</code> indexes for PostgreSQL
</summary>

prisma
datasource db {
provider = "postgresql"
url = env("DATABASE_URL")
}

model Post {
id Int id
title String
content String?
tags Json?

index([tags], type: Gin)
}

</details>

<details>
<summary> SQL Server index clustering </summary>

prisma
datasource db {
provider = "sqlserver"
url = env("DATABASE_URL")
}

model Post {
id Int default(autoincrement()) id(clustered: false)
title String
content String?
}

</details>

Refer to our docs to learn how you can [configure indexes](https://www.prisma.io/docs/concepts/components/prisma-schema/indexes) in your Prisma schema and the [supported indexes for the different databases](https://www.prisma.io/docs/reference/database-reference/database-features).

**⚠️ Breaking change:** If you previously configured the index properties at the database level, refer to the [upgrade guide](https://www.prisma.io/docs/guides/upgrade-guides/upgrading-versions/upgrading-to-prisma-4#index-configuration) for a detailed explanation and steps to follow.


`filterJson` is now Generally Available

This release moves the `filterJson` Preview feature into General Availability! 🪄

diff
generator client {
provider = "prisma-client-js"
- previewFeatures = ["filterJson"]
}


JSON filtering allows you to filter rows by the data inside a `Json` type. For example:

ts
const getUsers = await prisma.user.findMany({
where: {
petMeta: {
path: ['cats', 'fostering'],
array_contains: ['Fido'],
},
},
})


The `filterJson` Preview feature has been around since May 2021, and we're excited to mark it ready for production use! Learn more in [our documentation](https://www.prisma.io/docs/concepts/components/prisma-client/working-with-fields/working-with-json-fields#filter-on-a-json-field).

`improvedQueryRaw` is now Generally Available

Prisma 4 now marks the `improvedQueryRaw` Preview feature as Generally Available! 🤩

diff
generator client {
provider = "prisma-client-js"
- previewFeatures = ["improvedQueryRaw"]
}


This change introduces two major improvements (both breaking, refer to the [upgrade guide](https://www.prisma.io/docs/guides/upgrade-guides/upgrading-versions/upgrading-to-prisma-4) for a smooth upgrade) when working with raw queries with Prisma:

<details>
<summary>
1. Scalar values are de-serialized as their correct JavaScript types
</summary>

Raw queries now deserialize scalar values to their corresponding JavaScript types.

> **Note**: Types are inferred from the values and not from the Prisma Schema types.

Here's an example query and response:

ts
const res = await prisma.$queryRaw`SELECT bigint, bytes, decimal, date FROM "Table";`
console.log(res)
// [{ bigint: BigInt("123"), bytes: Buffer.from([1, 2]), decimal: new Prisma.Decimal("12.34"), date: Date("<some_date>") }]


Below is a table that recaps the serialization type-mapping for raw results:

| Database Type | JavaScript Type |
| --- | --- |
| Text | String |
| Int32 | Number |
| Int64 | BigInt |
| Float | Number |
| Double | Number |
| Numeric | Decimal |
| Bytes | Buffer |
| Json | Object |
| DateTime | Date |
| Date | Date |
| Time | Date |
| Uuid | String |
| Xml | String |

</details>

<details>
<summary>
2. PostgreSQL type-casts
</summary>

Previously, PostgreSQL type-casts were broken. Here's an example query that used to fail:

ts
await prisma.$queryRaw`SELECT ${1.5}::int as int`;
// Before: db error: ERROR: incorrect binary data format in bind parameter 1
// After: [{ int: 2 }]


You can now perform some type-casts in your queries as follows:

ts
await prisma.$queryRaw`SELECT ${2020}::float4, (NOW() - ${"1 day"}::interval), ${"2022-01-01 00:00:00"}::timestamptz;`


A consequence of this fix is that some subtle implicit casts are now handled more strictly and would fail. Here's an example that used to work but won't work anymore:

ts
await prisma.$queryRaw`SELECT LENGTH(${42});`
// ERROR: function length(integer) does not exist
// HINT: No function matches the given name and argument types. You might need to add explicit type casts.


The `LENGTH` PostgreSQL function only accept `text` as input. Prisma used to silently coerce `42` to `text` but won’t anymore. As suggested by the hint, cast `42` to `text` as follows:

ts
await prisma.$queryRaw`SELECT LENGTH(${42}::text);`

</details>

Refer to our docs to learn more on [raw query type mappings](https://www.prisma.io/docs/concepts/components/prisma-client/raw-database-access#raw-query-type-mapping) in Prisma.

**⚠️ Breaking change:** To learn how you can smoothly upgrade to version `4.0.0`, refer to our upgrade guide: [Raw query type mapping: scalar values are now deserialized as their correct JavaScript types](https://www.prisma.io/docs/guides/upgrade-guides/upgrading-versions/upgrading-to-prisma-4#raw-query-type-mapping-scalar-values-are-now-deserialized-as-their-correct-javascript-types) and [Raw query mapping: PostgreSQL type-casts](https://www.prisma.io/docs/guides/upgrade-guides/upgrading-versions/upgrading-to-prisma-4#raw-query-mapping-postgresql-type-casts).

Defaults values for scalar lists (arrays)

Prisma 4 now introduces support for defining default values for scalar lists (arrays) in the Prisma schema.

You can define default scalar lists as follows:

prisma
model User {
id Int id default(autoincrement())
posts Post[]
favoriteColors String[] default(["red", "blue", "green"])
}


To learn more about default values for scalar lists, refer to [our docs](https://www.prisma.io/docs/reference/api-reference/prisma-schema-reference#define-a-scalar-list-with-a-default-value).

**⚠️ Breaking change:** Refer to the [upgrade guide](https://www.prisma.io/docs/guides/upgrade-guides/upgrading-versions/upgrading-to-prisma-4#scalar-list-defaults) for a detailed explanation and steps to follow.


Improved default support for embedded documents in MongoDB

From version `4.0.0`, you can now set default values on embedded documents using the `default` attribute. Prisma will provide the specified default value on reads if a field is not defined in the database.

You can define default values for embedded documents in your Prisma schema as follows:
prisma
model Product {
id String id default(auto()) map("_id") db.ObjectId
name String unique
photos Photo[]
}

type Photo {
height Int default(200)
width Int default(100)
url String
}


Refer to our docs to learn more on [default values for required fields on composite types](https://www.prisma.io/docs/concepts/components/prisma-client/composite-types#default-values-for-required-fields-on-composite-types).

**⚠️ Breaking change:** Refer to our [upgrade guide](https://www.prisma.io/docs/concepts/components/prisma-client/composite-types#default-values-for-required-fields-on-composite-types) for detailed explanation and steps when working with default fields on composite types in MongoDB from version `4.0.0`.

Explicit unique constraints for 1:1 relations

From version `4.0.0`, 1:1 relations are now required to be marked with the `unique` attribute on the side of the relationship that contains the foreign key.

Previously, the relation fields were implicitly treated as unique under the hood. The field was also added explicitly when `npx prisma format` was run.

prisma
model User {
id Int id default(autoincrement())
profile Profile? relation(fields: [profileId], references: [id])
profileId Int? unique // <-- include this explicitly
}

model Profile {
id Int id default(autoincrement())
user User?
}


**⚠️ Breaking change:** Refer to our [upgrade path](https://www.prisma.io/docs/guides/upgrade-guides/upgrading-versions/upgrading-to-prisma-4#explicit-unique-constraints-on-one-to-one-relations) for a detailed explanation and steps to follow.

Removed support for usage of `references` on implicit m:n relations

This release removes the usage of the `references` argument, which was previously optional when using m:n relations.

diff
model Post {
id Int id default(autoincrement())
- categories Category[] relation("my-relation", references: [id])
+ categories Category[] relation("my-relation")
}

model Category {
id Int id default(autoincrement())
- posts Post[] relation("my-relation", references: [id])
+ posts Post[] relation("my-relation")
}


This is because the only valid value for `references` was `id`, so removing this argument clarifies what can and cannot be changed.

Refer to our docs to learn more about [implicit m:n relations](https://www.prisma.io/docs/concepts/components/prisma-schema/relations/many-to-many-relations#implicit-many-to-many-relations).

**⚠️ Breaking change:** Refer to the [upgrade guide](https://www.prisma.io/docs/guides/upgrade-guides/upgrading-versions/upgrading-to-prisma-4#remove-references-syntax-for-implicit-many-to-many-relations) for a detailed explanation and steps to follow.

Enforcing uniqueness of referenced fields in the `references` argument in 1:1 and 1:m relations for MySQL

From version `4.0.0`, Prisma will now enforce that the field on the `references` side of a `relation` is unique when working with MySQL.

To fix this, add the `unique` or `id` attributes to foreign key fields in your Prisma schema.

**⚠️ Breaking change:** To learn how to upgrade to version `4.0.0`, refer to our [upgrade guide](https://www.prisma.io/docs/guides/upgrade-guides/upgrading-versions/upgrading-to-prisma-4#enforced-use-of-unique-or-id-attribute-for-one-to-one-and-one-to-many-relations-mysql-and-mongodb).

Removal of undocumented support for the `type` alias

With `4.0.0`, we're deprecating the `type` keyword for string aliasing. The `type` keyword will now be exclusively used for defining embedded documents in MongoDB.

We encourage you to remove any usage of the `type` keyword from your Prisma schema for type aliasing.

Removal of the `sqlite` protocol for SQLite URLs

Starting from `4.0.0`, we are dropping support of the `sqlite://` URL prefix for SQLite. We encourage you to use the `file://` prefix when working with SQLite.

Better grammar for string literals

String literals in the Prisma schema now need to follow the same rules as strings in JSON. That changes mostly the escaping of some special characters.

You can find more details on the specification here:
- https://www.json.org/json-en.html
- https://datatracker.ietf.org/doc/html/rfc8259

To fix this, resolve the validation errors in your Prisma schema or run `npx prisma db pull` to get the current values from the database.

**⚠️ Breaking change:** To learn how to update your existing schema, refer to the [upgrade guide](https://www.prisma.io/docs/guides/upgrade-guides/upgrading-versions/upgrading-to-prisma-4#better-grammar-for-string-literals).

New Prisma Client APIs: `findUniqueOrThrow` and `findFirstOrThrow`

In this release, we're introducing two new APIs to Prisma Client:
- `findUniqueOrThrow` – retrieves a single record as `findUnique` but throws a `RecordNotFound` exception when no record is not found
- `findFirstOrThrow` – retrieves the first record in a list as `findFirst` but throws a `RecordNotFound` exception when no record is found

Here's an example of usage of the APIs:

ts
const user = await prisma.user.findUniqueOrThrow({
where: {
email: "aliceprisma.io",
},
})

user.email // You don't need to check if the user is null


The APIs will be convenient for scripts API routes where you're already handling exceptions and want to fail fast.

> **Note:** Please use the APIs with care. If you use these APIs, add the proper guardrails to your application.

Refer to the API reference in our docs to learn how [`findUniqueOrThrow`](https://www.prisma.io/docs/reference/api-reference/prisma-client-reference#finduniqueorthrow) and [`findFirstOrThrow`](https://www.prisma.io/docs/reference/api-reference/prisma-client-reference#findfirstorthrow) differ from `findUnique` and `findFirst` respectively.


Deprecating `rejectOnNotFound`

We're deprecating the `rejectOnNotFound` parameter in favor of the new `findUniqueOrThrow` and `findFirstOrThrow` Prisma Client APIs.

We expect the new APIs to be easier to understand and more type-safe.

Refer to the [`findUniqueOrThrow`](https://www.prisma.io/docs/reference/api-reference/prisma-client-reference#finduniqueorthrow) and [`findFirstOrThrow`](https://www.prisma.io/docs/reference/api-reference/prisma-client-reference#findfirstorthrow) docs to learn how you can upgrade.

Fix rounding errors on big numbers in SQLite

SQLite is a loosely-typed database. While Prisma will prevent you from inserting values larger than integers, nothing prevents SQLite from accepting big numbers. These manually inserted big numbers cause rounding errors when queried.

Prisma will now check numbers in the query's response to verify they fit within the boundaries of an integer. If a number does not fit, Prisma will throw a [`P2023`](https://www.prisma.io/docs/reference/api-reference/error-reference#p2023) error:


Inconsistent column data: Conversion failed:
Value 9223372036854775807 does not fit in an INT column,
try migrating the 'int' column type to BIGINT


To learn more on rounding errors with big numbers on SQLite, refer to our [docs](https://www.prisma.io/docs/concepts/database-connectors/sqlite#rounding-errors-on-big-numbers).

`DbNull`, `JsonNull`, and `AnyNull` are now objects

Previously, `Prisma.DbNull`, `Prisma.JsonNull`, and `Prisma.AnyNull` used to be implemented using string constants. This meant their types overlapped with regular string data that could be stored in JSON fields.

We've now made them _special_ objects instead that don't overlap with string types.

Before `4.0.0` `DbNull` was checked as a string so you could accidentally check for a null as follows:

ts
import { PrismaClient, Prisma } from 'prisma/client'
const prisma = new PrismaClient()

const dbNull = "DbNull" // this string could come from anywhere!

await prisma.log.findMany({
data: {
meta: dbNull,
},
})


<details>
<summary>Expand to view the underlying Prisma schema</summary>

prisma

model Log {
id Int id
meta Json
}


</details>

Prisma 4 resolves this using constants guaranteed to be unique to prevent this kind of inconsistent queries.

You can now read, write, and filter JSON fields as follows:

ts
import { PrismaClient, Prisma } from 'prisma/client'
const prisma = new PrismaClient()


await prisma.log.create({
data: {
meta: Prisma.DbNull,
},
})


We recommend you double-check queries that use `Json` after upgrading to Prisma 4. Ensure that you use the `Prisma.DbNull`, `Prisma.JsonNull`, and `Prisma.AnyNull` constants from Prisma Client, not string literals.

Refer to the [Prisma 4 upgrade guide](https://www.prisma.io/docs/guides/upgrade-guides/upgrading-versions/upgrading-to-prisma-4#dbnull-jsonnull-and-anynull-are-now-objects) in case you run into any type errors.

Prisma Studio updates

We've refined the experience when working with Prisma Studio with the following changes:
- Including a confirmation dialog before deleting records
- Adding a shortcut copy action on a cell – <kbd>CMD</kbd> + <kbd>C</kbd> on MacOS or <kbd>Ctrl</kbd> + <kbd>C</kbd> on Windows/ Linux

Dropped support for Node 12

The minimum version of Node.js Prisma will support is `14.17.x`. If you're using an earlier version of Node.js, you will need to update your Node.js version.

Refer to our [system requirements](https://www.prisma.io/docs/reference/system-requirements) for the minimum versions Prisma requires

New default sizes for statement cache

We had inconsistent and large default values (500 for PostgreSQL and 1000 for MySQL) for the `statement_cache_size`. The new shared default value is 100.

If the new default doesn't work for you, please [create an issue](https://github.com/prisma/prisma/issues/new) and use the `statement_cache_size=x` parameter in your connection string to override the default value.

Renaming of `prisma/sdk` npm package to `prisma/internals`

The internal package `prisma/sdk` is now available under the new, more explicit name `prisma/internals`.

We do not provide any API guarantees for `prisma/internals` as it might need to introduce breaking changes from time to time, and it does not follow semantic versioning.

This is technically not a breaking change as usage of the `prisma/sdk` package is neither documented nor supported.

If you're using `prisma/sdk` (now `prisma/internals`), it would be helpful if you could help us understand where, how, and why you are using it by giving us feedback in this [GitHub discussion](https://github.com/prisma/prisma/discussions/13877). Your feedback will be valuable to us in defining a better API.

Removal of the internal `schema` property from the generated Prisma Client

We've removed the internal `Prisma.dmmf.schema` to reduce the size of Prisma Client generated and improve boot times.

To access the `schema` property, you can use the `getDmmf()` method from `prisma/internals`.


Fixes and improvements

<details>
<summary> Prisma </summary>

- [PSL: define the grammar of string literals](https://github.com/prisma/prisma/issues/4167)
- [MySQL: Update default `statement_cache_size`](https://github.com/prisma/prisma/issues/7727)
- [You cannot define an index on fields with Native type Text of MySQL.](https://github.com/prisma/prisma/issues/8661)
- [Removal of undocumented support for `type` alias with Prisma 4.0.0](https://github.com/prisma/prisma/issues/9939)
- [`unique` is added during Re-Introspection](https://github.com/prisma/prisma/issues/11026)
- [[PSL] Do not allow `references` arg on Many2Many relations on SQL](https://github.com/prisma/prisma/issues/11241)
- [prisma migrate dev will not allow for db level default on scalar list](https://github.com/prisma/prisma/issues/11379)
- [Postgres Single Quote Escaping Breaking Migrations](https://github.com/prisma/prisma/issues/12095)
- [[Epic] `extendedIndexes` GA](https://github.com/prisma/prisma/issues/12376)
- [Remove preview feature `extendedIndexes`](https://github.com/prisma/prisma/issues/12777)
- [Epic: Scalar List Defaults](https://github.com/prisma/prisma/issues/13318)
- [Implement scalar lists defaults proposal in PSL](https://github.com/prisma/prisma/issues/13319)
- [Implement scalar list defaults proposal in introspection](https://github.com/prisma/prisma/issues/13320)
- [Implement scalar list defaults proposal in migrations](https://github.com/prisma/prisma/issues/13322)
- [PANIC: called `Option::unwrap()` on a `None` value in query-engine/core/src/interpreter/query_interpreters/nested_read.rs:232:50](https://github.com/prisma/prisma/issues/13340)
- [Invalid `db pull` / `db push` flow](https://github.com/prisma/prisma/issues/13381)
- [Improve CLI output when using `db push` with MongoDB](https://github.com/prisma/prisma/issues/13464)
- [DB Pull Error](https://github.com/prisma/prisma/issues/13563)
- [MongoDB composite index crashes](https://github.com/prisma/prisma/issues/13618)
- [Error: Error in migration engine. Reason: [migration-engine/core/src/commands/diff.rs:127:22] internal error: entered unreachable code: no provider, no shadow database url for migrations target ](https://github.com/prisma/prisma/issues/13633)
- [Regression: Prisma 3.15.0 with macOS / Azure SQL Server errors at database connection](https://github.com/prisma/prisma/issues/13673)
- [Migrate internal duration/performance logging](https://github.com/prisma/prisma/issues/13693)
- [Fix CI support in prisma forks](https://github.com/prisma/prisma/issues/13775)
- [Allow setting the `length` prefix on `Unsupported` fields on MySQL](https://github.com/prisma/prisma/issues/13786)
- [CRDB: Handle unicode escaping in enum and string defaults in migrate/introspection](https://github.com/prisma/prisma/issues/13842)
- [Poor grammar and confusing language in Prisma CLI](https://github.com/prisma/prisma/issues/13925)
- [Datetime defaults: make sure we consume the whole expression](https://github.com/prisma/prisma/issues/13945)
- [prisma/engine-core uses vulnerable `undici 5.1.1` package](https://github.com/prisma/prisma/issues/14000)
- [getConfig/getDmmf: Clarify error messages on Rust panics](https://github.com/prisma/prisma/issues/14006)

</details>

<details>
<summary> Prisma Client </summary>

- [PANIC in libs/prisma-models/src/record.rs:161:30Invalid coercion encountered: ConversionFailure("Float(BigDecimal(\"519.05\"))", "Decimal")](https://github.com/prisma/prisma/issues/7061)
- [Set array default](https://github.com/prisma/prisma/issues/8179)
- [Allow setting scalar list default values](https://github.com/prisma/prisma/issues/8330)
- [test(client): happy blog-env test has no assertion](https://github.com/prisma/prisma/issues/8613)
- [Avoid using magic string values for JsonNull/DbNull](https://github.com/prisma/prisma/issues/9243)
- [`PrismaClientInitializationError` is missing expected error code](https://github.com/prisma/prisma/issues/10229)
- [Make the implicit unique constraints on 1:1 relations explicit](https://github.com/prisma/prisma/issues/10503)
- [PANIC: called `Result::unwrap()` on an `Err` value: FieldNotFound { name: "upsert", model: "CcStructureUnit" } in query-engine/core/src/query_graph_builder/write/write_args_parser.rs:24:62](https://github.com/prisma/prisma/issues/10636)
- [Consider renaming the `prisma/sdk` package to reduce confusion](https://github.com/prisma/prisma/issues/10725)
- [PANIC: JSON target types only accept strings or numbers, found: {"bytes":"05010000000473436170"} in query-engine/connectors/sql-query-connector/src/filter_conversion.rs:542:22](https://github.com/prisma/prisma/issues/10836)
- [Cannot pass Prisma.empty to $executeRaw function](https://github.com/prisma/prisma/issues/11233)
- [Numerics in Postgres bigger than 2<<128 crash Prisma/Quaint](https://github.com/prisma/prisma/issues/11312)
- [Remove `sqlite:` for defining a sqlite url](https://github.com/prisma/prisma/issues/11468)
- [PANIC: called `Option::unwrap()` on a `None` value in query-engine/core/src/interpreter/query_interpreters/nested_read.rs:232:50](https://github.com/prisma/prisma/issues/12155)
- [findMany broken with many relations to same entity](https://github.com/prisma/prisma/issues/12206)
- [PANIC: called `Option::unwrap()` on a `None` value in query-engine\core\src\interpreter\query_interpreters\nested_read.rs:232:50](https://github.com/prisma/prisma/issues/12756)
- [Large decimals cause panick](https://github.com/prisma/prisma/issues/12761)
- [Misleading Error for non-unique relation names](https://github.com/prisma/prisma/issues/12986)
- [`thread 'tokio-runtime-worker' panicked at 'called `Option::unwrap()` on a `None` value', /Users/runner/.cargo/git/checkouts/quaint-9f01e008b9a89c14/479e08a/src/connector/postgres/conversion/decimal.rs:81:39`](https://github.com/prisma/prisma/issues/13219)
- [Implement scalar list defaults proposal in query engine and client](https://github.com/prisma/prisma/issues/13321)
- [`default(now())` on the same table sometimes yield different times](https://github.com/prisma/prisma/issues/13795)

</details>

<details>
<summary> Language tools (e.g. VS Code) </summary>


- [Completion for SQL Server Index Clustering](https://github.com/prisma/language-tools/issues/1138)
- [Completions for PostgreSQL GIN/GiST/SP-GiST/BRIN Indices](https://github.com/prisma/language-tools/issues/1139)
- [Implement scalar list defaults proposal in language tools](https://github.com/prisma/language-tools/issues/1159)
</details>

<details>
<summary> Prisma Engines</summary>

- [[improvedQueryRaw] Sqlite returns Decimal for Float columns](https://github.com/prisma/prisma-engines/issues/2991)
</details>

Credits

Huge thanks to shian15810, zifeo, ever0de, givensuman, peter-gy, rushabhhere, flatplate, njmaeff, tnzk, DePasqualeOrg, roboncode, jacobhq for helping!


📺 Join us for another "What's new in Prisma" livestream

Learn about the latest release and other news from the Prisma community by joining us for another ["What's new in Prisma"](https://youtu.be/acvjE2EpMbs) livestream.

The stream takes place [on YouTube](https://youtu.be/acvjE2EpMbs) on **Thursday, June 30** at **5 pm Berlin | 8 am San Francisco**.

📺 Learn how to upgrade in our webinar on July 12th

We're going to host a dedicated webinar with Prisma engineers to talk about the upgrade process. If you're unsure whether the breaking changes of this release affect you, be sure to not miss this livestream.

The stream takes place [on YouTube](https://www.youtube.com/watch?v=FSjkBrfaoEY&ab_channel=Prisma) on **Tuesday, July 12** at **5 pm Berlin | 8 am San Francisco**.

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32210