chore: upgrade to prisma 7#51
Conversation
… app - Updated `@prisma/client` and `pg` dependencies to latest versions in `pnpm-lock.yaml`. - Added `packages/db/prisma.config.ts` for database configuration referencing environment variables. - Introduced related dependencies for PostgreSQL and Prisma setup in workers app.
…sion in Dockerfile - Migrated from `dotenv` to `@dotenvx/dotenvx` for extended environment variable support. - Updated `prisma.config.ts` to simplify database configuration. - Upgraded Prisma CLI to `7.1.0` in Dockerfile. - Adjusted dependencies, next.js server configuration, and lockfile to align with these changes.
|
Caution Review failedThe pull request is closed. Note Other AI code review bot(s) detectedCodeRabbit has detected other AI code review bot(s) in this pull request and will avoid duplicating their findings in the review comments. This may lead to a less comprehensive review. WalkthroughUpgrades Prisma from v6 to v7, adds the PrismaPg adapter and pg driver, moves datasource URL out of the schema into a runtime Changes
Sequence Diagram(s)sequenceDiagram
autonumber
participant App as Server/App
participant Prisma as PrismaClient (with PrismaPg)
participant ConfigFS as Runtime Config (prisma.config.ts / Docker)
participant DB as Postgres
Note over ConfigFS,App: Docker copies prisma.config.ts into runtime image
App->>ConfigFS: read DATABASE_URL env / require prisma.config.ts
App->>Prisma: instantiate PrismaClient(adapter: PrismaPg(connectionString))
Prisma->>DB: open connection using connectionString
DB-->>Prisma: respond
Prisma-->>App: query results
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes
Possibly related PRs
Poem
Pre-merge checks and finishing touches✅ Passed checks (3 passed)
📜 Recent review detailsConfiguration used: CodeRabbit UI Review profile: CHILL Plan: Pro ⛔ Files ignored due to path filters (1)
📒 Files selected for processing (2)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
Pull request overview
This PR upgrades Prisma from version 6.19.0 to version 7.1.0, introducing the use of the PostgreSQL driver adapter (@prisma/adapter-pg) for improved database connectivity and performance. The upgrade includes necessary dependency updates across the monorepo and configuration changes to support the new adapter pattern.
Key Changes
- Upgraded Prisma packages from 6.19.0 to 7.1.0 including
@prisma/client,prismaCLI, and added@prisma/adapter-pg - Implemented PrismaPg adapter in the database client for connection pooling
- Removed the
urlfield from the Prisma schema datasource, migrating connection configuration to runtime via adapter - Added
prisma.config.tsfor centralized Prisma configuration with environment variable fallback
Reviewed changes
Copilot reviewed 7 out of 8 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| pnpm-lock.yaml | Updated all Prisma-related dependencies from 6.x to 7.x versions, added new driver adapter packages and type definitions |
| packages/db/src/client.ts | Added PrismaPg adapter initialization with connection string (requires critical fixes for Pool usage) |
| packages/db/prisma/schema.prisma | Removed datasource URL field, delegating connection to runtime adapter configuration |
| packages/db/prisma.config.ts | New configuration file providing datasource URL with environment variable fallback |
| packages/db/package.json | Updated Prisma dependencies to 7.1.0, added pg driver and adapter packages |
| apps/web/package.json | Updated Prisma client dependency and version bump from 0.11.0 to 0.11.1 |
| apps/web/next.config.mjs | Added @dotenvx/dotenvx to serverExternalPackages for environment variable handling |
| Dockerfile | Updated global Prisma CLI installation to 7.1.0, added prisma.config.ts copy step |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Moved adapter initialization directly into `PrismaClient` instantiation.
…cies in `db/package.json`, adjust lockfile
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (7)
Dockerfile(2 hunks)apps/web/next.config.mjs(1 hunks)apps/web/package.json(4 hunks)packages/db/package.json(1 hunks)packages/db/prisma.config.ts(1 hunks)packages/db/prisma/schema.prisma(0 hunks)packages/db/src/client.ts(2 hunks)
💤 Files with no reviewable changes (1)
- packages/db/prisma/schema.prisma
🧰 Additional context used
🧬 Code graph analysis (1)
packages/db/src/client.ts (2)
packages/db/src/index.ts (1)
prisma(2-2)packages/api/src/__tests__/utils/jest-db-shim.ts (1)
PrismaClient(5-7)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: Agent
🔇 Additional comments (5)
Dockerfile (1)
68-68: LGTM! Prisma CLI upgrade is consistent.The Prisma CLI upgrade to 7.1.0 aligns with the dependency updates in package.json files across the monorepo.
apps/web/next.config.mjs (1)
5-5: LGTM! External package configuration is appropriate.Adding
@dotenvx/dotenvxtoserverExternalPackagescorrectly ensures Next.js treats this environment configuration package as external, aligning with its usage inpackages/db/prisma.config.ts.apps/web/package.json (1)
17-17: LGTM! Dependency updates are consistent and complete.The Prisma client upgrade to 7.1.0 and the addition of
pgdriver with TypeScript types are necessary for the PrismaPg adapter integration. Versions are consistent withpackages/db/package.json.Also applies to: 42-42, 52-52
packages/db/package.json (1)
22-25: LGTM! Complete and consistent dependency updates for Prisma 7.All Prisma-related packages are consistently upgraded to 7.1.0, and necessary new dependencies (
@prisma/adapter-pg,pg,@types/pg,@dotenvx/dotenvx) are added to support the PrismaPg adapter and runtime configuration.Also applies to: 28-28, 31-32
packages/db/src/client.ts (1)
2-2: This concern is no longer applicable. The codebase has already been comprehensively migrated to Prisma 7.1.0 with all breaking changes addressed: the generator is updated to "prisma-client", the adapter (PrismaPg) is properly integrated, prisma.config.ts is configured with explicit environment variable loading via dotenvx, and the output path is explicitly set to "../src/generated" with moduleFormat set to "esm". No further action is required.
| COPY ./packages/db/prisma ./prisma | ||
| COPY ./packages/db/prisma.config.ts /app/apps/web/prisma.config.ts |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
# Find and read the Dockerfile
fd -name "Dockerfile" -type f | head -5Repository: SeaStackApp/sea-stack-app
Length of output: 299
🏁 Script executed:
# Get the content around lines 89-100 of Dockerfile
if [ -f "Dockerfile" ]; then
sed -n '85,105p' Dockerfile
else
fd -name "Dockerfile" -type f -exec sed -n '85,105p' {} +
fiRepository: SeaStackApp/sea-stack-app
Length of output: 901
🏁 Script executed:
# Find prisma.config.ts file
fd -name "prisma.config.ts" -type fRepository: SeaStackApp/sea-stack-app
Length of output: 299
🏁 Script executed:
# Search for prisma.config.ts
rg -l "prisma.config.ts"Repository: SeaStackApp/sea-stack-app
Length of output: 79
🏁 Script executed:
# Find prisma config file
fd prisma.config -type fRepository: SeaStackApp/sea-stack-app
Length of output: 239
🏁 Script executed:
# Search for schema references
rg "schema:" -A 2 -B 2 --type ts --type jsRepository: SeaStackApp/sea-stack-app
Length of output: 353
🏁 Script executed:
# Check the entrypoint script
cat docker/docker-entrypoint.shRepository: SeaStackApp/sea-stack-app
Length of output: 1593
🏁 Script executed:
# Search for prisma invocations in the codebase
rg "prisma" --type-list | head -5Repository: SeaStackApp/sea-stack-app
Length of output: 458
🏁 Script executed:
# Search for prisma command invocations
rg "prisma\s+(migrate|generate|format)" -iRepository: SeaStackApp/sea-stack-app
Length of output: 596
🏁 Script executed:
# Check package.json for prisma scripts
fd package.json -type f -exec rg -l "prisma" {} +Repository: SeaStackApp/sea-stack-app
Length of output: 239
🏁 Script executed:
# Read the prisma.config.ts file completely
cat packages/db/prisma.config.tsRepository: SeaStackApp/sea-stack-app
Length of output: 366
prisma.config.ts path configuration will fail if Prisma commands run without explicit schema flag.
The schema path in prisma.config.ts is set to 'prisma/schema.prisma' (a relative path), which resolves from the current working directory. Since the working directory is /app/apps/web and the actual schema is at /app/prisma/schema.prisma (one level up), the config file path is incorrect.
While the current entrypoint mitigates this by explicitly passing --schema /app/prisma/schema.prisma to prisma migrate deploy, any manual Prisma CLI invocations or other commands that rely on the config file will fail. The config file should be copied with corrected relative paths, or the relative paths in the config should use ../prisma/schema.prisma to properly resolve from /app/apps/web.
🤖 Prompt for AI Agents
In Dockerfile around lines 89 to 90, the COPY places prisma.config.ts into
/app/apps/web but the config refers to 'prisma/schema.prisma' which resolves to
/app/apps/web/prisma/schema.prisma and is incorrect; update the Dockerfile or
the copied config so the config's schema path points one level up
(../prisma/schema.prisma) or copy the config to a location where the relative
path is correct (or rewrite the config to use an absolute path
/app/prisma/schema.prisma) so Prisma CLI commands that rely on the config
without an explicit --schema flag will find the schema.
| "@prisma/adapter-pg": "^7.1.0", | ||
| "@prisma/client": "^7.1.0", | ||
| "@prisma/language-server": "^7.1.0", | ||
| "pg": "^8.16.3" |
There was a problem hiding this comment.
🧩 Analysis chain
🌐 Web query:
latest stable Prisma 7 version 2025 security advisories
💡 Result:
Do you mean Prisma (the ORM for Node/TypeScript) or Palo Alto Networks' Prisma (Prisma Access / Prisma Cloud)?
🌐 Web query:
Prisma ORM Node.js latest version 7.x npm package 2025
💡 Result:
Short answer — Prisma ORM v7 (npm): install @prisma/client@7 and prisma@7. The stable v7.0.0 release was published November 19, 2025; follow-up 7.x patch/dev releases are on the project channels. [1][2][3]
Commands:
- npm install @prisma/client@7
- npm install -D prisma@7
Sources:
[1] Prisma changelog (v7.0.0 release notes, Nov 19, 2025).
[2] Prisma upgrade guide / docs: instructions to upgrade/install @prisma/client@7 and prisma@7.
[3] Package metadata / latest @prisma/client info (registry/Snyk).
🌐 Web query:
Prisma 7.1.0 security advisories CVE vulnerabilities
💡 Result:
Short answer: There are no public CVE entries or vendor security advisories that identify CVE vulnerabilities specifically affecting Prisma ORM version 7.1.0. [1]
Note: there is a separate, unrelated CVE for the Prisma VS Code extension (CVE‑2021‑21415) — that affects the VS Code extension, not the Prisma ORM runtime/client. [2]
Sources:
- Snyk package page for @prisma/client — no known/security issues for version 7.1.0. [1]
- NVD entry for CVE-2021-21415 (Prisma VS Code extension RCE) — unrelated to the ORM runtime. [2]
If you want, I can: (a) scan your project’s installed Prisma packages/dependencies for known advisories, or (b) monitor NVD/GitHub advisory feeds and alert you if a CVE appears for 7.1.0.
🌐 Web query:
Prisma ORM version 7.1.0 7.2.0 latest patch release December 2025
💡 Result:
As of December 5, 2025:
- The latest stable Prisma ORM release series is 7.0.x (latest patch 7.0.1, published Nov 25, 2025). [1][2]
- There are development/pre-release builds for 7.1.0 (dev tags) but no official stable 7.1.0 or 7.2.0 patch releases published yet. See the 7.x changelog and the repo release activity (7.1.0-dev entries). [1][3]
Sources:
[1] Prisma changelog (Changelog / Prisma ORM).
[2] 7.0.1 release notes / mirror listing.
[3] prisma/prisma GitHub — 7.1.0-dev release activity.
Update Prisma dependencies to stable version 7.0.1.
Version 7.1.0 specified in these dependencies is not yet a stable release; it only exists as a development pre-release. The latest stable Prisma 7 release is 7.0.1 (published November 25, 2025). Update @prisma/adapter-pg, @prisma/client, and @prisma/language-server to ^7.0.1 or use explicit pre-release syntax if intentionally pinning to development builds.
🤖 Prompt for AI Agents
In packages/db/package.json around lines 22 to 25, the Prisma dependencies are
pinned to the pre-release 7.1.0; change "@prisma/adapter-pg", "@prisma/client",
and "@prisma/language-server" to the stable "^7.0.1" (or, if you intentionally
want a pre-release, use explicit semver pre-release syntax) and keep "pg"
unchanged; update the version strings accordingly and run npm/yarn install to
refresh lockfiles.
| import '@dotenvx/dotenvx/config'; | ||
| export default { | ||
| schema: 'prisma/schema.prisma', | ||
| migrations: { | ||
| path: 'prisma/migrations', | ||
| }, | ||
| datasource: { | ||
| url: | ||
| process.env.DATABASE_URL || | ||
| 'postgresql://postgres:postgres@localhost:5432/postgres', | ||
| }, | ||
| }; |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
find . -name "Dockerfile*" -type f | head -20Repository: SeaStackApp/sea-stack-app
Length of output: 81
🏁 Script executed:
find . -name "schema.prisma" -type fRepository: SeaStackApp/sea-stack-app
Length of output: 103
🏁 Script executed:
git ls-files | grep -E "(Dockerfile|packages/db|prisma)" | head -40Repository: SeaStackApp/sea-stack-app
Length of output: 2967
🏁 Script executed:
ls -la packages/db/ 2>/dev/null || echo "packages/db directory structure not found"Repository: SeaStackApp/sea-stack-app
Length of output: 608
🏁 Script executed:
ls -la prisma/ 2>/dev/null || echo "prisma directory not found at root"Repository: SeaStackApp/sea-stack-app
Length of output: 103
🏁 Script executed:
cat DockerfileRepository: SeaStackApp/sea-stack-app
Length of output: 4242
🏁 Script executed:
head -50 packages/db/prisma.config.tsRepository: SeaStackApp/sea-stack-app
Length of output: 366
🏁 Script executed:
head -30 packages/db/prisma/schema.prismaRepository: SeaStackApp/sea-stack-app
Length of output: 779
🏁 Script executed:
cat docker/docker-entrypoint.sh 2>/dev/null || echo "File not found"Repository: SeaStackApp/sea-stack-app
Length of output: 1593
🏁 Script executed:
grep -r "PRISMA_SCHEMA_PATH" . --include="*.sh" --include="*.ts" --include="*.js" 2>/dev/null | head -20Repository: SeaStackApp/sea-stack-app
Length of output: 501
🏁 Script executed:
grep -r "prisma.config" . --include="*.ts" --include="*.js" 2>/dev/null | head -20Repository: SeaStackApp/sea-stack-app
Length of output: 51
Critical: Relative paths in prisma.config.ts won't resolve correctly at runtime.
In the Dockerfile, prisma.config.ts is copied to /app/apps/web/ with WORKDIR /app/apps/web, but the schema and migrations are at /app/prisma/. The hardcoded relative paths 'prisma/schema.prisma' and 'prisma/migrations' will resolve to /app/apps/web/prisma/ instead of the actual location at /app/prisma/, causing Prisma to fail when the application runtime attempts to use the config file.
While the Dockerfile sets PRISMA_SCHEMA_PATH=/app/prisma/schema.prisma for migrations, the application runtime will use the incorrect relative paths from prisma.config.ts. Update the config to use the environment variable or absolute paths:
export default {
- schema: 'prisma/schema.prisma',
+ schema: process.env.PRISMA_SCHEMA_PATH || 'prisma/schema.prisma',
migrations: {
- path: 'prisma/migrations',
+ path: process.env.PRISMA_MIGRATIONS_PATH || 'prisma/migrations',
},
datasource: {
url:
process.env.DATABASE_URL ||
'postgresql://postgres:postgres@localhost:5432/postgres',
},
};Ensure the Dockerfile also sets PRISMA_MIGRATIONS_PATH=/app/prisma/migrations.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| import '@dotenvx/dotenvx/config'; | |
| export default { | |
| schema: 'prisma/schema.prisma', | |
| migrations: { | |
| path: 'prisma/migrations', | |
| }, | |
| datasource: { | |
| url: | |
| process.env.DATABASE_URL || | |
| 'postgresql://postgres:postgres@localhost:5432/postgres', | |
| }, | |
| }; | |
| import '@dotenvx/dotenvx/config'; | |
| export default { | |
| schema: process.env.PRISMA_SCHEMA_PATH || 'prisma/schema.prisma', | |
| migrations: { | |
| path: process.env.PRISMA_MIGRATIONS_PATH || 'prisma/migrations', | |
| }, | |
| datasource: { | |
| url: | |
| process.env.DATABASE_URL || | |
| 'postgresql://postgres:postgres@localhost:5432/postgres', | |
| }, | |
| }; |
🤖 Prompt for AI Agents
In packages/db/prisma.config.ts around lines 1 to 12, the schema and migrations
use relative paths which will resolve from the runtime WORKDIR (/app/apps/web)
and thus point to the wrong location; update the config to read schema and
migrations paths from environment variables (e.g.,
process.env.PRISMA_SCHEMA_PATH and process.env.PRISMA_MIGRATIONS_PATH) with
sensible absolute-path fallbacks like '/app/prisma/schema.prisma' and
'/app/prisma/migrations' so the app resolves the correct files at runtime, and
ensure the Dockerfile also sets PRISMA_MIGRATIONS_PATH=/app/prisma/migrations
(in addition to the existing PRISMA_SCHEMA_PATH).
| const connectionString = `${process.env.DATABASE_URL}`; | ||
|
|
||
| const adapter = new PrismaPg({ connectionString }); |
There was a problem hiding this comment.
Prevent invalid connection string when DATABASE_URL is undefined.
Line 12 uses a template literal that will stringify undefined to "undefined" if the DATABASE_URL environment variable is not set, resulting in an invalid connection string that would cause cryptic runtime errors.
Apply this diff to handle the missing environment variable gracefully:
-const connectionString = `${process.env.DATABASE_URL}`;
+const connectionString = process.env.DATABASE_URL;
+
+if (!connectionString) {
+ throw new Error('DATABASE_URL environment variable is required');
+}
const adapter = new PrismaPg({ connectionString });Alternatively, provide a fallback that matches prisma.config.ts:
-const connectionString = `${process.env.DATABASE_URL}`;
+const connectionString = process.env.DATABASE_URL || 'postgresql://postgres:postgres@localhost:5432/postgres';📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| const connectionString = `${process.env.DATABASE_URL}`; | |
| const adapter = new PrismaPg({ connectionString }); | |
| const connectionString = process.env.DATABASE_URL; | |
| if (!connectionString) { | |
| throw new Error('DATABASE_URL environment variable is required'); | |
| } | |
| const adapter = new PrismaPg({ connectionString }); |
🤖 Prompt for AI Agents
In packages/db/src/client.ts around lines 12 to 14, the connection string uses a
template literal which will produce the string "undefined" when
process.env.DATABASE_URL is not set; update the code to explicitly read
process.env.DATABASE_URL, validate it, and either throw a clear error (e.g.,
"DATABASE_URL is not set") or fall back to the same default used in
prisma.config.ts; ensure you do not use string interpolation that converts
undefined to "undefined" and include a short, descriptive error message if the
variable is missing.
Summary by CodeRabbit
✏️ Tip: You can customize this high-level summary in your review settings.