🏗 Update dependency typeorm to v0.2.25 [SECURITY] - abandoned

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
typeorm (source)	0.2.13 -> 0.2.25

GitHub Vulnerability Alerts

CVE-2020-8158

Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.

---

Release Notes

typeorm/typeorm

v0.2.25

Compare Source

Bug Fixes

• 'in' clause case for ORACLE (#​5345) (8977365)
• calling EntityManager.insert() with an empty array of entities (#​5745) (f8c52f3), closes #​5734 #​5734 #​5734
• columns with transformer should be normalized for update (#​5700) (4ef6b65), closes #​2703
• escape column comment in mysql driver (#​6056) (5fc802d)
• expo sqlite driver disconnect() (#​6027) (61d59ca)
• HANA - SSL options, column delta detection mechanism (#​5938) (2fd0a8a)
• handle URL objects as column field values (#​5771) (50a0641), closes #​5762 #​5762
• insert and update query builder to handle mssql geometry column correctly (#​5947) (87cc6f4)
• migrations being generated for FK even if there are no changes (#​5869) (416e419)
• multiple assignments to same column on UPDATE #​2651 (#​5598) (334e17e)
• prevent TypeError when calling bind function with sql.js 1.2.X (#​5789) (c6cbddc)
• prototype pollution issue (#​6096) (db9d0fa)
• provide a default empty array for parameters. (#​5677) (9e8a8cf)
• redundant undefined parameters are not generated in migration files anymore (#​5690) (d5cde49)
• replacing instanceof Array checks to Array.isArray because instanceof Array seems to be problematic on some platforms (#​5606) (b99b4ad)
• respect database from connection urls (#​5640) (ed75d59), closes #​2096
• sha.js import (#​5728) (8c3f48a)
• Unknown fields are stripped from WHERE clause (issue #​3416) (#​5603) (215f106)
• update dependency mkdirp to 1.x (#​5748) (edeb561)
• update Entity decorator return type to ClassDecorator (#​5776) (7d8a1ca)
• use an empty string enum as the type of a primary key column (#​6063) (8e0d817), closes #​3874
• use correct typings for the result of getUpsertedIds() (#​5878) (2ab88c2)
• wrong table name parameter when not using default schema (#​5801) (327144a)

Features

• add FOR NO KEY UPDATE lock mode for postgresql (#​5971) (360122f)
• add name option to view column (#​5962) (3cfcc50), closes #​5708
• Add soft remove and recover methods to entity (#​5854) (9d2b8e0)
• added support for NOWAIT & SKIP LOCKED in Postgres (#​5927) (2c90e1c)
• Aurora Data API - Postgres Support (#​5651) (e584297)
• aurora Data API - Support for AWS configuration options through aurora driver (#​5754) (1829f96)
• create-column, update-column, version-column column kinds now support user specified values (#​5867) (5a2eb30), closes #​3271
• names of extra columns for specific tree types moved to NamingStrategy (#​5737) (ec3be41)
• PG allow providing a function for password (#​5673) (265d1ae)
• update cli migration up and down from any to void (#​5630) (76e165d)
• UpdateResult returns affected rows in mysql (#​5628) (17f2fff), closes #​1308

Performance Improvements

• An optimized version of EntityMetadata#compareIds() for the common case (#​5419) (a9bdb37)

v0.2.24

Compare Source

Bug Fixes

• .synchronize() drops json column on mariadb (#​5391) (e3c78c1), closes typeorm/typeorm#​3636
• (base-entity) set create return type to T[] (#​5400) (ceff897)
• add the enableArithAbort option to the sql server connection option typings (#​5526) (d19dbc6)
• bug when default value in mssql were not updated if previous default was already set (9fc8329)
• change OrmUtils.mergeDeep to not merge RegExp objects (#​5182) (0f51836), closes #​3534
• fk on update should not use attributes of on delete (2baa934)
• load typeorm-aurora-data-api-driver correctly when using webpack (#​4788) (#​5302) (9da0d34)
• not to make typeorm generate alter query on geometry column when that column was not changed (#​5525) (ee57557)
• Oracle sql expression for date column (#​5305) (40e9d3a), closes #​4452 #​4452
• refactoring instance of with Array.isArray() (#​5539) (1e1595e)
• Return NULL when normalize default null value (#​5517) (1826b75), closes #​5509
• SAP HANA driver fixes (#​5445) (87b161f)
• update foreign keys when table name changes (#​5482) (7157cb3)
• use OUTPUT INTO on SqlServer for returning columns (#​5361) (6bac3ca), closes #​5160 #​5160
• use sha.js instead of crypto for hash calculation (#​5270) (b380a7f)

Features

• Add basic support for custom cache providers (#​5309) (6c6bde7)
• add fulltext parser option (#​5380) (dd73395)

v0.2.23

Compare Source

Bug Fixes

• .synchronize() drops json column on mariadb (#​5391) (e3c78c1), closes typeorm/typeorm#​3636
• (base-entity) set create return type to T[] (#​5400) (ceff897)
• add the enableArithAbort option to the sql server connection option typings (#​5526) (d19dbc6)
• bug when default value in mssql were not updated if previous default was already set (9fc8329)
• change OrmUtils.mergeDeep to not merge RegExp objects (#​5182) (0f51836), closes #​3534
• fk on update should not use attributes of on delete (2baa934)
• load typeorm-aurora-data-api-driver correctly when using webpack (#​4788) (#​5302) (9da0d34)
• not to make typeorm generate alter query on geometry column when that column was not changed (#​5525) (ee57557)
• Oracle sql expression for date column (#​5305) (40e9d3a), closes #​4452 #​4452
• refactoring instance of with Array.isArray() (#​5539) (1e1595e)
• Return NULL when normalize default null value (#​5517) (1826b75), closes #​5509
• SAP HANA driver fixes (#​5445) (87b161f)
• update foreign keys when table name changes (#​5482) (7157cb3)
• use OUTPUT INTO on SqlServer for returning columns (#​5361) (6bac3ca), closes #​5160 #​5160
• use sha.js instead of crypto for hash calculation (#​5270) (b380a7f)

Features

• Add basic support for custom cache providers (#​5309) (6c6bde7)
• add fulltext parser option (#​5380) (dd73395)

v0.2.22

Compare Source

Bug Fixes

• use a prefix on SelectQueryBuilder internal parameters (#​5178) (cacb08b), closes #​5174 #​5174

Features

• hash aliases to avoid conflicts (#​5227) (edc8e6d)
• implement driver options for NativeScript (#​5217) (3e58426)
• SAP Hana support (#​5246) (ec90341)
• speed ​​up id search in buildChildrenEntityTree (#​5202) (2e628c3)

BREAKING CHANGES

• aliases for very long relation names may be replaced with hashed strings.
  Fix: avoid collisions by using longest possible hash.
  Retain more entropy by not using only 8 characters of hashed aliases.

v0.2.21

Compare Source

Bug Fixes

• allow expireAfterSeconds 0 in Index decorator (close #​5004) (#​5005) (d05467c)
• do not mutate connection options (#​5078) (1047989)
• mysql driver query streaming (#​5036) (aff2f56)
• remove consrc usage (postgres,cockroachdb) (#​4333) (ce7cb16), closes #​4332
• repo for app-root-path in lock file (#​5052) (f0fd192)
• resolve MySQL unique index check when bigNumberStrings is false (#​4822) (d205574), closes #​2737
• resolve sorting bug for several mongo vesions with typeorm migration (#​5121) (cb771a1), closes #​5115
• throwing error on duplicate migration names #​4701 (#​4704) (3e4dc9f)
• unescaped column name in order clause of "migrations" (#​5108) (c0c8566)
• upgrade app-root-path (#​5023) (7f87f0c)

Features

• add distinct on() support for postgres (#​4954) (1293065)
• add migrations transaction option to connection options (#​5147) (fb60688), closes #​4629 #​4629
• asynchronous ormconfig support (#​5048) (f9fdaee), closes #​4149
• export Migration Execution API from main package (fixes #​4880) (#​4892) (8f4f908)
• support spatial types of MySQL 8+ (#​4794) (231dadf), closes #​3702

v0.2.20

Compare Source

Bug Fixes

• ensure distinct property is respected cloning query builder (#​4843) (ea17094), closes #​4842
• aurora: apply mysql query fixes to aurora (#​4779) (ee61c51)
• allow EntitySchema to be passed to EntityRepository (#​4884) (652a20e)
• better timestamp comparison (#​4769) (0a13e6a)
• broken database option when using replication, changes introduced by #​4753 (#​4826) (df5479b)
• check for version of MariaDB before extracting COLUMN_DEFAULT (#​4783) (c30b485)
• connection Reuse is broken in a Lambda environment: (#​4804) (7962036)
• FindOptionUtils export (#​4746) (4a62b1c), closes #​4745
• loading of aurora-data-api driver (#​4765) (fbb8947)
• postgres: postgres query runner to create materialized view (#​4877) (d744966)
• migrations run in reverse order for mongodb (#​4702) (2f27581)
• mongodb Cursor.forEach types (#​4759) (fccbe3e)
• Slack invite URL (#​4836) (149af26)

Features

• add name to MigrationInterface (fixes #​3933 and fixes #​2549) (#​4873) (4a73fde)
• add new transaction mode to wrap each migration in transaction (#​4629) (848fb1f)
• add option to Column to specify the complete enumName (#​4824) (d967180)
• add support for cube array for PostgreSQL (#​4848) (154a441)
• implements Sqlite 'WITHOUT ROWID' table modifier (#​4688) (c1342ad), closes #​3330

v0.2.19

Compare Source

Bug Fixes

• "database" option error in driver when use "url" option for connection (690e6f5)
• "hstore injection" & properly handle NULL, empty string, backslashes & quotes in hstore key/value pairs (#​4720) (3abe5b9)
• add SaveOptions and RemoveOptions into ActiveRecord (#​4318) (a6d7ba2)
• apostrophe in Postgres enum strings breaks query (#​4631) (445c740)
• change PrimaryColumn decorator to clone passed options (#​4571) (3cf470d), closes #​4570
• createQueryBuilder relation remove works only if using ID (#​2632) (#​4734) (1d73a90)
• resolve issue with conversion string to simple-json (#​4476) (d1594f5), closes #​4440
• sqlite connections don't ignore the schema property (#​4599) (d8f1c81)
• the excessive stack depth comparing types FindConditions<?> and FindConditions<?> problem (#​4470) (7a0beed)
• views generating broken Migrations (#​4726) (c52b3d2), closes #​4123

Features

• add set datatype support for MySQL/MariaDB (#​4538) (19e2179), closes #​2779
• add materialized View support for Postgres (#​4478) (dacac83), closes #​4317 #​3996
• add mongodb useUnifiedTopology config parameter (#​4684) (92e4270)
• add multi-dimensional cube support for PostgreSQL (#​4378) (b6d6278)
• add options to input init config for sql.js (#​4560) (5c311ed)
• add postgres pool error handler (#​4474) (a925be9)
• add referenced table metadata to NamingStrategy to resolve foreign key name (#​4274) (0094f61), closes #​3847 #​1355
• add support for ON CONFLICT for cockroach (#​4518) (db8074a), closes #​4513
• Added support for DISTINCT queries (#​4109) (39a8e34)
• Aurora Data API (#​4375) (c321562)
• export additional schema builder classes (#​4325) (e589fda)
• log files loaded from glob patterns (#​4346) (e12479e), closes #​4162
• UpdateResult returns affected rows in postgresql (#​4432) (7808bba), closes #​1308

v0.2.18

Compare Source

Bug fixes

• fixed loadRelationCountAndMap when entities' primary keys are strings (#​3946)
• fixed QueryExpressionMap not cloning all values correctly (#​4156)
• fixed transform embeddeds with no columns but with nested embeddeds (mongodb) (#​4131)
• fixed the getMany() result being droped randomly bug when using the buffer as primary key. (#​4220)

Features

• adds typeorm migration:show command (#​4173)
• deprecate column readonly option in favor of update and insert options (#​4035)
• support sql.js v1.0 (#​4104)
• added support for orUpdate in SQLlite (#​4097)
• added support for dirty_read (NOLOCK) in SQLServer (#​4133)
• extend afterLoad() subscriber interface to take LoadEvent (issue #​4185)
• relation decorators (e.g. @OneToMany) now also accept string instead of typeFunction, which prevents circular dependency issues in the frontend/browser (issue #​4190)
• added support for metadata reflection in typeorm-class-transformer-shim.js (issue #​4219)
• added sqlJsConfig to input config when initializing sql.js (issue #​4559)

v0.2.17

Compare Source

Bug fixes

• fixed transform embeddeds with boolean values (mongodb) (#​3900)
• fixed issue with schema inheritance in STI pattern (#​3957)
• revert changes from #​3814 (#​3828)
• fix performance issue when inserting into raw tables with QueryBuilder
  (#​3931)
• sqlite date hydration is susceptible to corruption (#​3949)
• fixed mongodb uniques, support 3 ways to define uniques (#​3986)
• fixed mongodb TTL index (#​4044)

Features

• added deferrable options for foreign keys (postgres) (#​2191)
• added View entity implementation (#​1024). Read more at View entities
• added multiple value transformer support (#​4007)

v0.2.16

Compare Source

Bug fixes

• removed unused parameters from insert, update, delete methods (#​3888)
• fixed: migration generator produces duplicated changes (#​1960)
• fixed: unique constraint not created on embedded entity field (#​3142)
• fixed: FK columns have wrong length when PrimaryGeneratedColumn('uuid') is used (#​3604)
• fixed: column option unique sqlite error (#​3803)
• fixed: 'uuid' in PrimaryGeneratedColumn causes Many-to-Many Relationship to Fail (#​3151)
• fixed: sync enums on schema sync (#​3694)
• fixed: changes in enum type is not reflected when generating migration (in definition file) (#​3244)
• fixed: migration will keep create and drop indexes if index name is the same across tables (#​3379)

Features

• added lock option in FindOptions

v0.2.15

Compare Source

Bug fixes

• fixed bug in connection.dropDatabase method (#​1414)
• fixed "deep relations" not loaded/mapped due to the built-in max length of Postgres (#​3118)
• updated all dependencies
• fixed types issue from #​3725
• removed sql-function-support (() => syntax) in parameters to prevent security considerations
• fix sync schema issue with postgres enum in case capital letters in entity name (#​3536)

Features

• added uuidExtension option to Postgres connection options, which allows TypeORM to use the newer pgcrypto extension to generate UUIDs

v0.2.14

Compare Source

Bug fixes

• fixed migration issue with postgres numeric enum type - change queries are not generated if enum is not modified (#​3587)
• fixed mongodb entity listeners in optional embeddeds (#​3450)
• fixes returning invalid delete result
• reverted lazy loading properties not enumerable feature to fix related bugs

Features

• added CockroachDB support
• added browser entry point to package.json (3583)
• replaced backend-only drivers by dummy driver in browser builds
• added useLocalForage option to Sql.js connection options, which enables asynchronous load and save operations of the datatbase from the indexedDB (#​3554)
• added simple-enum column type (#​1414)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

[renovate]

Autoclosing Skipped

This PR has been flagged for autoclosing. However, it is being skipped due to the branch being already modified. Please close/delete it manually or report a bug if you think this is in error.