Update dependency typeorm to v0.3.0 [SECURITY] - autoclosed

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
typeorm (source)	0.2.32 -> 0.3.0

GitHub Vulnerability Alerts

CVE-2022-33171

The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation.

---

Release Notes

typeorm/typeorm (typeorm)

v0.3.0

Compare Source

Bug Fixes

• broken CLI in ESM projects since version 0.3.0 (#​8773) (97699e8)

Features

• add typeorm CLI variations that include ts-node (#​8776) (05fc744)
• allows user to specify which mysql package should be used (#​8771) (35106df)

Reverts

• json/jsonb change introduced in 0.3.1 (#​8777) (edf27d9)

v0.2.45

Compare Source

Bug Fixes

• allow clearing database inside a transaction (#​8712) (f3cfdd2), closes #​8527
• discard duplicated columns on update (#​8724) (0fc093d), closes #​8723
• fix entityManager.getId for custom join table (#​8676) (33b2bd7), closes #​7736
• force web bundlers to ignore index.mjs and use the browser ESM version directly (#​8710) (411fa54), closes #​8709

Features

• add nested transaction (#​8541) (6523526), closes #​1505
• add transformer to ViewColumnOptions (#​8717) (96ac8f7)

v0.2.44

Compare Source

Bug Fixes

• alter relation loader to use transforms when present (#​8691) (2c2fb29), closes #​8690
• cannot read properties of undefined (reading 'joinEagerRelations') (136015b)
• expo driver doesn't work properly because of new beforeMigration() afterMigration() callbacks (#​8683) (5a71803)
• ng webpack default import (#​8688) (2d3374b), closes #​8674
• support imports of absolute paths of ESM files on Windows (#​8669) (12cbfcd), closes #​8651

Features

• add option to upsert to skip update if the row already exists and no values would be changed (#​8679) (8744395)
• allow {delete,insert}().returning() on MariaDB (#​8673) (7facbab), closes #​7235 #​7235
• Implement deferrable foreign keys for SAP HANA (#​6104) (1f54c70)

v0.2.43

Compare Source

Bug Fixes

• support require to internal files without explicitly writing .js in the path (#​8660) (96aed8a), closes #​8656

Features

• embedded entities with entity schema (#​8626) (7dbe956), closes #​3632

Reverts

• Revert "feat: soft delete recursive cascade (#​8436)" (#​8654) (6b0b15b), closes #​8436 #​8654

v0.2.42

Compare Source

Bug Fixes

• proper column comment mapping from database to metadata in aurora-data-api (baa5880)
• add referencedSchema to PostgresQueryRunner (#​8566) (c490319)
• adding/removing @​Generated() will now generate a migration to add/remove the DEFAULT value (#​8274) (4208393), closes #​5898
• adds entity-schema support for createForeignKeyConstraints (#​8606) (f224f24), closes #​8489
• allow special keyword as column name for simple-enum type on sqlite (#​8645) (93bf96e)
• correctly handle multiple-row insert for SAP HANA driver (#​7957) (8f2ae71)
• disable SQLite FK checks in synchronize / migrations (#​7922) (f24822e)
• find descendants of a non-existing tree parent (#​8557) (cbb61eb), closes #​8556
• For MS SQL Server use lowercase "sys"."columns" reference. (#​8400) (#​8401) (e8a0f92)
• improve DeepPartial type (#​8187) (b93416d)
• Lock peer dependencies versions (#​8597) (600bd4e)
• make EntityMetadataValidator comply with entitySkipConstructor, cover with test (#​8445) (3d6c5da), closes #​8444
• materialized path being computed as "undefined1." (#​8526) (09f54e0)
• MongoConnectionOptions sslCA type mismatch (#​8628) (02400da)
• mongodb repository.find filters soft deleted rows (#​8581) (f7c1f7d), closes #​7113
• mongodb@​4 compatibility support (#​8412) (531013b)
• must invoke key pragma before any other interaction if SEE setted (#​8478) (546b3ed), closes #​8475
• nested eager relations in a lazy-loaded entity are not loaded (#​8564) (1cfd7b9)
• QueryFailedError when tree entity with JoinColumn (#​8443) (#​8447) (a11c50d)
• relation id and afterAll hook performance fixes (#​8169) (31f0b55)
• replaced custom uuid generator with uuid library (#​8642) (8898a71)
• single table inheritance returns the same discriminator value error for unrelated tables where their parents extend from the same entity (#​8525) (6523fcc), closes #​8522
• updating with only update: false columns shouldn't trigger @​UpdateDateColumn column updation (2834729), closes #​8394 #​8394 #​8394
• upsert should find unique index created by one-to-one relation (#​8618) (c8c00ba)

Features

• add comment param to FindOptions (#​8545) (ece0da0)
• add custom timestamp option in migration creation (#​8501) (4a7f242), closes #​8500 #​8500
• add support for node-redis v4.0.0 and newer (#​8425) (0626ed1)
• add support for Postgres 10+ GENERATED ALWAYS AS IDENTITY (#​8371) (a0f09de), closes #​8370
• add WITH (lock) clause for MSSQL select with join queries (#​8507) (3284808), closes #​4764
• adds entity-schema support for withoutRowid (#​8432) (bd22dc3), closes #​8429
• allow soft-deletion of orphaned relation rows using orphanedRow… (#​8414) (cefddd9)
• custom name for typeorm_metadata table (#​8528) (f8154eb), closes #​7266
• deferrable option for Unique constraints (Postgres) (#​8356) (e52b26c)
• ESM support (#​8536) (3a694dd), closes #​6974 #​6941 #​7516 #​7159
• query builder negating with "NotBrackets" for complex expressions (#​8476) (fe7f328)
• separate update events into update, soft-remove, and recover (#​8403) (93383bd), closes #​8398
• soft delete recursive cascade (#​8436) (d0f32b3)
• sqlite attach (#​8396) (9e844d9)

Reverts

• migration:show command must exist with zero status code (Fixes #​7349) (#​8185) (e0adeee)

BREAKING CHANGES

• update listeners and subscriber no longer triggered by soft-remove and recover

v0.2.41

Compare Source

Bug Fixes

• add retryWrites to MongoConnectionOptions (#​8354) (c895680), closes #​7869
• create typeorm_metadata table when running migrations (#​4956) (b2c8168)
• db caching won't work with replication enabled (#​7694) (2d0abe7), closes #​5919
• incorrect composite UNIQUE constraints detection (#​8364) (29cb891), closes #​8158
• Postgres enum generates unnecessary queries on schema sync (#​8268) (98d5f39)
• resolve issue delete column null on after update event subscriber (#​8318) (8a5e671), closes #​6327

Features

• export interfaces from schema-builder/options (#​8383) (7b8a1e3)
• implement generated columns for postgres 12 driver (#​6469) (91080be)
• lock modes in cockroachdb (#​8250) (d494fcc), closes #​8249

v0.2.40

Compare Source

Bug Fixes

• BaseEntity finder methods to properly type-check lazy relations conditions (#​5710) (0665ff5)

Features

• add depth limiter optional parameter when loading nested trees using TreeRepository's findTrees() and findDescendantsTree() (#​7926) (0c44629), closes #​3909
• add upsert methods for the drivers that support onUpdate (#​8104) (3f98197), closes #​2363
• Postgres IDENTITY Column support (#​7741) (969af95)

Reverts

• "feat: use char(36) for uuid representation in mysql (#​7853)" (#​8343) (1588c58)
• regression in ordering by the relation property (#​8346) (#​8352) (0334d10), closes #​3736 #​8118

v0.2.39

Compare Source

Bug Fixes

• attach FOR NO KEY UPDATE lock to query if required (#​8008) (9692930), closes #​7717
• cli should accept absolute paths for --config (4ad3a61)
• create a different cacheId if present for count query in getManyAndCount (#​8283) (9f14e48), closes #​4277
• defaults type cast filtering in Cockroachdb (#​8144) (28c183e), closes #​7110 #​7110
• do not generate migration for unchanged enum column (#​8161) (#​8164) (4638dea)
• NativescriptQueryRunner's query method fails when targeting es2017 (#​8182) (8615733)
• OneToManySubjectBuilder bug with multiple primary keys (#​8221) (6558295)
• ordering by joined columns for PostgreSQL (#​3736) (#​8118) (1649882)
• support DeleteResult in SQLiteDriver (#​8237) (b678807)

Features

• add typeorm command wrapper to package.json in project template (#​8081) (19d4a91)
• add dependency configuraiton for views #​8240 (#​8261) (2c861af)
• add relation options to all tree queries (#​8080) (e4d4636), closes #​8076
• add the ability to pass the driver into all database types (#​8259) (2133ffe)
• more informative logging in case of migration failure (#​8307) (dc6f1c9)
• support using custom index with SelectQueryBuilder in MySQL (#​7755) (f79ae58)

Reverts

• Revert "fix: STI types on children in joins (#​3160)" (#​8309) (0adad88), closes #​3160 #​8309

v0.2.38

Compare Source

Bug Fixes

• prevent using absolute table path in migrations unless required (#​8038) (e9366b3)
• snakecase conversion for strings with numbers (#​8111) (749511d)
• use full path for table lookups (#​8097) (22676a0)

Features

• support QueryRunner.stream with Oracle (#​8086) (b858f84)

v0.2.37

Compare Source

Bug Fixes

• allow periods in parameter identifiers (#​8022) (4201938)
• ConnectionManager connections property should include list of Connections (#​8004) (2344db6)
• entity value for date columns that are related (#​8027) (5a3767f)
• handle brackets when only one condition is passed (#​8048) (ab39066)
• handle enums with multiple apostrophes in MySQL (#​8013) (37c40a6), closes #​8011
• include all drivers in driverfactory error message (#​8061) (fbd1ef7)
• resolve not returning soft deleted relations with withDeleted find option (#​8017) (65cbcc7)
• SAP HANA inserts used incorrect value for returning query (#​8072) (36398db)
• some drivers set the wrong database name when defined from url (#​8058) (a3a3284)
• throw error when not connected in drivers (#​7995) (cd71f62)

Features

• add relations option to tree queries (#​7981) (ca26297), closes #​7974 #​4564
• add serviceName option for oracle connections (#​8021) (37bd012)
• add support to string array on dropColumns (#​7654) (91d5b2f)
• support Oracle Implicit Results (#​8050) (fe78bee)

v0.2.36

Compare Source

Bug Fixes

• add deprecated WhereExpression alias for WhereExpressionBuilder (#​7980) (76e7ed9)
• always generate migrations with template string literals (#​7971) (e9c2af6)
• use js rather than ts in all browser package manifests (#​7982) (0d90bcd)
• use nvarchar/ntext during transit for SQLServer queries (#​7933) (62d7976)

Features

• add postgres connection option applicationName (#​7989) (d365acc)

v0.2.35

Compare Source

Bug Fixes

• entity to be Partial<Entity> | undefined in UpdateEvent (#​7783) (f033045)
• actually return a working ReadStream from SQL Server query runner (#​7893) (e80985f)
• added version check before dropping materialized views to keep backward compatibility (#​7716) (29f1f86)
• allow for string id in mongo.findByIds call (#​7838) (4b45ae1)
• better support of relation-based properties in where clauses (#​7805) (3221c50)
• Buffer in primary columns causes bugs with relations (#​7952) (37e08a7), closes #​4060
• capacitor does not correctly set journal mode (#​7873) (5f20eb7)
• Capacitor driver PRAGMA requests failing on Android (#​7728) (9620a26)
• condition is optional in SelectQueryBuilder joins (#​7888) (2deaa0e)
• correctly handle mongo replica set driver option (#​7908) (9212df4)
• correctly load yml in ConnectionOptionsYmlReader (#​7743) (57f9254)
• craft oracle connectString as a descriptor with SID (#​7878) (b05d093)
• delete operation in MongoDB impact all matched documents (#​7811) (0fbae53), closes #​7809
• Do not add NULL/NOT NULL for stored columns (#​7708) (3c33e9f), closes #​7698
• do OBJECT_ID lookup for column constraint instead of name in mssql (#​7916) (fa8c1b0)
• drop pool.autostart from mssql options because it's unused (#​7877) (0d21a4d)
• drop SAP statement after prepare per Hana client docs (#​7748) (8ca05b1)
• eager relation respects children relations (#​5685) (e7e887a)
• enable returning additional columns with MSSQL (#​7864) (e1db48d)
• entity object undefined in afterUpdate subscriber (#​7724) (d25304d)
• find operation in MongoDB do not include nullable values from documents (#​7820) (98c13cf), closes #​7760
• fix table loading when schemas are used (3a106a3)
• foreign keys in SAP were loading from the wrong table (#​7914) (4777a79)
• handle postgres default when tableColumn.default is not string (#​7816) (0463855)
• handle snake case of ABcD which should become a_bc_d (#​7883) (eb680f9)
• improve query for MSSQL to fetch foreign keys and tables (#​7935) (f6af01a)
• make OracleQueryRunner createDatabase if-not-exists not fail (f5a80ef)
• only pass data from SaveOptions during that query (#​7886) (1de2e13)
• oracle cannot support DB in table identifiers (#​7954) (8c60d91)
• pass table to namingstrategy when we can instead of table name (#​7925) (140002d)
• prevent modification of the FindOptions.relations (#​7887) (a2fcad6)
• prevent reuse of broken connections in postgres pool (#​7792) (5cf368a)
• prevent transactions in the Cordova driver (#​7771) (fc4133c)
• properly escape oracle table paths (#​7917) (7e8687c)
• regression when making join conditions undefined-able (#​7892) (b0c1cc6)
• restored buildColumnAlias for backward compatibility (#​7706) (36ceefa)
• return correct DeleteResult and UpdateResult for mongo (#​7884) (7a646a2)
• support fully qualified schema in createSchema (#​7934) (94edd12)
• support table names between schemas in oracle (#​7951) (aa45b93)
• typing so SelectQueryBuilder.getRawOne may return undefined (#​7863) (36e5a0c), closes #​7449
• typo prevented us from pulling the schema correctly in some cases (c7f2db8)
• update operation in MongoDB impact all matched documents (#​7803) (052014c), closes #​7788
• use correct query for cross-database mssql identity check (#​7911) (7869fb1)
• use fully qualified and escaped table names for oracle (#​7857) (2b90725), closes #​7779
• use ObjectLiteral in UpdateEvent rather than Entity (#​7910) (78fbc14)
• use only table name in constraint naming strategy (5dc777f)

Features

• add retryWrites to allowed mongo extra options (#​7869) (dcdaaca)
• add capacitor driver options for encryption & version (#​7868) (a2bd94b)
• add connection option entitySkipConstructor (f43d561)
• add ObjectLiteral typing to andWhere / orWhere (#​7786) (525381d)
• add parseTableName to Driver interface (#​7956) (cffbf43)
• add path, database, and schema to Table (#​7913) (444e38b)
• add property for database and schema in views (#​7953) (4c5bbd9)
• add referenced database & schema to TableForeignKey (fff6b11)
• add writeConcern option as a possible extras for mongodb (#​7801) (90894c7)
• consistent parsing and escaping of table names in QueryRunners (bd9e767)
• implement OracleQueryRunner.hasDatabase (128b982)
• make parameter to getTables optional (#​7901) (ba86602)
• make postgres extensions install optional (#​7725) (92b96a5), closes #​7662
• publicly export Transaction*Event types (#​7949) (2436a66), closes /github.com/typeorm/typeorm/blob/master/src/subscriber/EntitySubscriberInterface.ts#L12
• set enableArithAbort for SQLServerDriver (#​7894) (1f64da2)
• support absolute path in migration:generate (#​7720) (b690c27)
• use char(36) for uuid representation in mysql (#​7853) (063aafa)
• use column length from driver when creating columns (#​7858) (b107ad9)

v0.2.34

Compare Source

Bug Fixes

• restored buildColumnAlias for backward compatibility (#​7706) (36ceefa)

v0.2.33

Compare Source

Bug Fixes

• @​Unique constraint is not created with specified name (beea2e1)
• MATERIALIZED VIEW is treated as a regular VIEW which causes issues on sync (#​7592) (f85f436)
• added error handler for slave connections in MySQL and AuroraDataApi drivers (#​7641) (882a740)
• call listeners for array embeddeds in MongoDB (#​4260) (2dc355b)
• closing pool incorrectly works on Postgres (#​7596) (1310c97), closes #​6958 #​6958 #​6958
• column name with empty spaces causes bug in Index/Unique decorators #​7534 (a3a6e06)
• correctly strip type conversion in postgres for default values (#​7681) (069b8b6), closes #​1532 #​7647 #​5132
• datetime functions in column "default" leads to unnecessary queries during synchronization (#​7517) (03f3285), closes #​3991 #​3991 #​2737 #​2737 #​6412 #​4281 #​4658 #​3991 #​2333 #​7381 #​4658 #​3991 #​3991 #​3991 #​3991
• default schema defined in entity/connection leads to unnecessary queries during schema sync (#​7575) (7eb0327), closes #​7276 #​7276
• do a deep comparison to see if the default value has changed for json types in Postgres (#​7650) (a471c1b)
• Incorrect migration generated when multiple views are updated in a single migration (#​7587) (0b103dd), closes #​7586
• issues with custom enum name in Postgres (#​7661) (ad0262a), closes #​7614 #​7541 #​7647 #​6540
• mongodb connectionURL parse options (#​7560) (b2ac41a)
• mongodb typings for Cursor (#​7526) (daf3991)
• only first \0 is removed in comments, only first \ is escaped etc. (#​7532) (36b14cb)
• pass ManyToMany onUpdate option to foreign key metadata (#​5714) (198d2c5), closes [#​4980](https://red

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.