chore(deps-dev): bump the dev-minor-patch group across 1 directory with 7 updates

[dependabot]

Bumps the dev-minor-patch group with 7 updates in the / directory:

Package	From	To
prettier-plugin-tailwindcss	0.7.2	0.8.0
@types/bun	1.3.12	1.3.13
marked	18.0.2	18.0.3
prisma	7.7.0	7.8.0
@types/node	25.6.0	25.6.2
eslint	10.2.1	10.3.0
eslint-config-next	16.2.4	16.2.6

Updates prettier-plugin-tailwindcss from 0.7.2 to 0.8.0

Release notes

Sourced from prettier-plugin-tailwindcss's releases.

v0.8.0

Changed

• Require at least Prettier 3.7.x (#420)

Added

• Export public sorting APIs to /sorter (#438)

Fixed

• Remove top-level await (#420)
• Improve load-time performance (#420)
• Improve config resolution caching with directory-based cache (#432)
• Load compatible plugins on demand and tighten plugin detection (#437)
• Load v3/v4 modules only when needed (#439)
• Remove recast/ast-types deps and optimize dynamic JS attribute handling (#440)
• Remove unused deps (#441)
• Use the plugin that has already been imported rather than dynamically importing it again (#442)
• Skip visiting non-node children (#443)
• Optimize whitespace-only class detection (#429)
• Fix v3 config loading with Jiti re-exports (#448)
• Collapse whitespace in template literals with adjacent quasis (#427)
• Improve canCollapseWhitespaceIn handling for "tailwindPreserveWhitespace": true (#428)

v0.7.4

Same as v0.7.2, since v0.7.3 contained breaking changes.

v0.7.3

Changed

• Remove top-level await (#420)
• Improve load-time performance (#420)

Fixed

• Collapse whitespace in template literals with adjacent quasis (#427)

Changelog

Sourced from prettier-plugin-tailwindcss's changelog.

[0.8.0] - 2026-04-27

Changed

• Require at least Prettier 3.7.x (#420)

Added

• Export public sorting APIs to /sorter (#438)

Fixed

• Remove top-level await (#420)
• Improve load-time performance (#420)
• Improve config resolution caching with directory-based cache (#432)
• Load compatible plugins on demand and tighten plugin detection (#437)
• Load v3/v4 modules only when needed (#439)
• Remove recast/ast-types deps and optimize dynamic JS attribute handling (#440)
• Remove unused deps (#441)
• Use the plugin that has already been imported rather than dynamically importing it again (#442)
• Skip visiting non-node children (#443)
• Optimize whitespace-only class detection (#429)
• Fix v3 config loading with Jiti re-exports (#448)
• Collapse whitespace in template literals with adjacent quasis (#427)
• Improve canCollapseWhitespaceIn handling for "tailwindPreserveWhitespace": true (#428)

Commits

• f77532e 0.8.0
• 4815377 Update the changelog for recent PRs (#449)
• 0a7ddcb Fix insiders tags sometimes published to latest channel (#453)
• 8066e85 release on published event
• 3b0ed57 move --silent flag before the script
• f7d2598 0.7.3
• 9a51191 merge release.yml and release-insiders.yml
• 3997fbd Use explicit import() expressions in plugin load arrays for bundler compatibi...
• 125a8bc Fix v3 config loading with Jiti re-exports (#448)
• 2ac6e70 Enable minify: "dce-only in tsdown (#447)
• Additional commits viewable in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for prettier-plugin-tailwindcss since your current version.

Updates @types/bun from 1.3.12 to 1.3.13

Commits

• See full diff in compare view

Updates marked from 18.0.2 to 18.0.3

Release notes

Sourced from marked's releases.

v18.0.3

18.0.3 (2026-05-01)

Bug Fixes

• avoid task checkbox for setext heading text (#3960) (2608e81)

Commits

• e8dc395 chore(release): 18.0.3 [skip ci]
• 2608e81 fix: avoid task checkbox for setext heading text (#3960)
• dba76f6 chore(deps-dev): bump eslint from 10.2.0 to 10.2.1 (#3953)
• 015f1eb chore(deps-dev): bump typescript from 6.0.2 to 6.0.3 (#3954)
• 17c06e9 chore: fix building license for docs (#3952)
• 55a54b5 chore: Rename LICENSE.md to LICENSE for better compatibility with Bazel tooli...
• See full diff in compare view

Updates prisma from 7.7.0 to 7.8.0

Release notes

Sourced from prisma's releases.

7.8.0

Today, we are excited to share the 7.8.0 stable release 🎉

🌟 Star this repo for notifications about new releases, bug fixes & features — or follow us on X!

Highlights

ORM

Features

Prisma Client

• Added a queryPlanCacheMaxSize option to the PrismaClient constructor for fine-grained control over the query plan cache. Pass 0 to disable the cache entirely, or omit it to use the default cache size. A larger value can improve performance in applications that execute many unique queries, while a smaller one can reduce memory usage. (#29503)

Bug Fixes

Prisma Client

• Fixed an equality filter panic and incorrect ::jsonb cast when filtering on PostgreSQL JSON list columns. Queries using where: { jsonListField: { equals: [...] } }prisma/prisma-engines#5804
• Fixed case-insensitive JSON field filtering (mode: insensitive), allowing where: { jsonField: { equals: "...", mode: "insensitive" } }prisma/prisma-engines#5806
• Fixed incorrect parameterization of enum values that have a custom database name set via @map. (#29422)
• Fixed a database parameter limit check (P2029), which could incorrectly reject or miss over-limit queries. (#29422)
• Fixed a regression that caused missing SQL Server VARCHARprisma/prisma-engines#5801

Schema Engine

• Fixed a misleading error message in prisma migrate diff that referenced the --shadow-database-url CLI flag, which was removed in Prisma 7. (#29455)
• Fixed prisma migrate dev (and shadow database migration replay in general) failing with CREATE INDEX CONCURRENTLY cannot run inside a transaction blockprisma/prisma-engines#5799
• Fixed PostgreSQL introspection silently dropping sequence defaults when the database returns the schema-qualified form pg_catalog.nextval('sequence_name'::regclass) instead of the bare nextval(...). Columns backed by sequences now correctly appear as @default(autoincrement())prisma/prisma-engines#5802

Driver Adapters

• @​prisma/adapter-d1: Savepoint operations (createSavepoint, rollbackToSavepoint, releaseSavepoint) now silently no-op with debug logging instead of executing SQL statements, consistent with how the D1 adapter already treats top-level transactions. (#29499)

Open roles at Prisma

Interested in joining Prisma? We're growing and have several exciting opportunities across the company for developers who are passionate about building with Prisma. Explore our open positions on our Careers page and find the role that's right for you.

Enterprise support

Thousands of teams use Prisma and many of them already tap into our Enterprise & Agency Support Program for hands-on help with everything from schema integrations and performance tuning to security and compliance.

With this program you also get priority issue triage and bug fixes, expert scalability advice, and custom training so that your Prisma-powered apps stay rock-solid at any scale. Learn more or join: https://prisma.io/enterprise.

Commits

• 5723406 fix(cli): route bootstrap telemetry to Prisma Web Properties project (#29473)
• See full diff in compare view

Updates @types/node from 25.6.0 to 25.6.2

Commits

• See full diff in compare view

Updates eslint from 10.2.1 to 10.3.0

Release notes

Sourced from eslint's releases.

v10.3.0

Features

• 379571a feat: add suggestions for no-unused-private-class-members (#20773) (sethamus)

Bug Fixes

• b6ae5cf fix: handle unavailable require cache (#20812) (Simon Podlipsky)
• 6fb3685 fix: rule suggestions cause continuation in class body (#20787) (Milos Djermanovic)

Documentation

• 32cc7ab docs: fix typos in docs and comments (#20809) (Tanuj Kanti)
• 7f47937 docs: Update README (GitHub Actions Bot)

Chores

• d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826) (Francesco Trotta)
• 3ffb14e chore: clean up typos in comments and JSDoc (#20821) (Pixel998)
• 22eb58a chore: add missing continue-on-error to ecosystem-tests.yml (#20818) (Josh Goldberg ✨)
• 88bf002 ci: bump pnpm/action-setup from 6.0.1 to 6.0.3 (#20815) (dependabot[bot])
• 97c8c33 chore: update ilshidur/action-discord action to v0.4.0 (#20811) (renovate[bot])
• 2f58136 chore: pin peter-evans/create-pull-request action to 5f6978f (#20810) (renovate[bot])
• 77add7f chore: add initial ecosystem plugin tests workflow (#19643) (Josh Goldberg ✨)
• 4023b55 test: Add unit tests for SuppressionsService.prune() (#20797) (kuldeep kumar)
• 54080da test: add unit tests for ForkContext (#20778) (kuldeep kumar)
• f0e2bcc test: add unit tests for SuppressionsService.suppress() method (#20765) (kuldeep kumar)
• a7f0b94 chore: update dependency prettier to v3.8.3 (#20782) (renovate[bot])
• 7bf93d9 chore: update TypeScript to v6 (#20677) (sethamus)
• b42dd72 ci: bump pnpm/action-setup from 6.0.0 to 6.0.1 (#20781) (dependabot[bot])
• 2b252be test: add unit tests for IdGenerator (#20775) (kuldeep kumar)

Commits

• 7889204 10.3.0
• 5b69b4f Build: changelog update for 10.3.0
• d32235e ci: use pnpm in eslint-flat-config-utils type integration test (#20826)
• b6ae5cf fix: handle unavailable require cache (#20812)
• 3ffb14e chore: clean up typos in comments and JSDoc (#20821)
• 6fb3685 fix: rule suggestions cause continuation in class body (#20787)
• 22eb58a chore: add missing continue-on-error to ecosystem-tests.yml (#20818)
• 88bf002 ci: bump pnpm/action-setup from 6.0.1 to 6.0.3 (#20815)
• 379571a feat: add suggestions for no-unused-private-class-members (#20773)
• 97c8c33 chore: update ilshidur/action-discord action to v0.4.0 (#20811)
• Additional commits viewable in compare view

Updates eslint-config-next from 16.2.4 to 16.2.6

Release notes

Sourced from eslint-config-next's releases.

v16.2.6

This release contains security fixes for the following advisories:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-26hh-7cqf-hhc6: Middleware / Proxy bypass in App Router applications via segment-prefetch routes - Incomplete Fix Follow-Up
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades
• GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

• GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces
• GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input
• GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API
• GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

• GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting
• GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

v16.2.5

This release contains security fixes for the following advisories:

High:

• GHSA-8h8q-6873-q5fj: Denial of Service with Server Components
• GHSA-267c-6grr-h53f: Middleware / Proxy bypass in App Router applications via segment-prefetch routes
• GHSA-mg66-mrh9-m8jx: Denial of Service via connection exhaustion in applications using Cache Components
• GHSA-492v-c6pp-mqqv: Middleware / Proxy bypass through dynamic route parameter injection
• GHSA-c4j6-fc7j-m34r: Server-side request forgery in applications using WebSocket upgrades
• GHSA-36qx-fr4f-26g5: Middleware / Proxy bypass in Pages Router applications using i18n

Moderate:

• GHSA-ffhc-5mcf-pf4q: Cross-site scripting in App Router applications using CSP nonces
• GHSA-gx5p-jg67-6x7h: Cross-site scripting in beforeInteractive scripts with untrusted input
• GHSA-h64f-5h5j-jqjh: Denial of Service in the Image Optimization API
• GHSA-wfc6-r584-vfw7: Cache poisoning in React Server Component responses

Low:

• GHSA-vfv6-92ff-j949: Cache poisoning via collisions in React Server Component cache-busting
• GHSA-3g8h-86w9-wvmq: Middleware / Proxy redirects can be cache-poisoned

Commits

• ee6e79b v16.2.6
• 766148f v16.2.5
• See full diff in compare view

Maintainer changes

This version was pushed to npm by GitHub Actions, a new releaser for eslint-config-next since your current version.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.