🔒 security: Upgrade deps

[matissePe]

Upgrade dependances to remove high severity vulnerabilities

From Prisma 5.0.0 to 5.22.0

Also handling new types of DMMF attributes accordingly

Resolve Issue #58

Tests passed ✅

[matissePe]

The problem comes from prisma dependencies which themselves have dependencies marked as dev, while they are used as production dependencies. They are therefore not referenced in the package-lock, which causes the build to fail.

WIP

[marcjulian]

Thanks for taking a look at this. Would it help to add thus dependencies? maybe as devDeps? We could take a look, how other generator libraries handle this situation

[matissePe]

I checked other extensions, it turns out that most of them use a version of prisma lower than 5.7.0 (version from which the concerned dependencies became dev dependencies), but have those high vulns.

For the few extensions that I found that use a higher version, either the build does not work, or the missing dependencies are (by chance) installed indirectly by other dependencies

Putting the missing deps as dev deps could be a solution if the build is not done in production mode. I tried, it works localy.

I pushed this solution, you can run it in the CI if your are ok 👍

[matissePe]

Do you know when the next version will be released ? Thank you

[djshubs]

it would be awesome to get this version released, any time frame?

[Rossella-Mascia-Neosyn]

When will it be merged? is it will support version 6?

[antonymarion]

hellloooo ^^

Any plan to merge this PR (since the critical vulnerability is a real issue for most of dev/companies)?

Cheers, Antony

[maiconsanson]

@marcjulian could you prioritize this issue and merge it, if applicable? It's been 4 months already.