[Snyk] Upgrade typeorm from 0.3.6 to 0.3.16

[benjamin658]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade typeorm from 0.3.6 to 0.3.16.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 142 versions ahead of your current version.
• The recommended version was released 2 months ago, on 2023-05-09.

The recommended version fixes:

Severity	Issue	PriorityScore (*)	Exploit Maturity
	Prototype Pollution SNYK-JS-XML2JS-5414874	586/1000 Why? Proof of Concept exploit, Has a fix available, CVSS 5.3	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: typeorm

• 0.3.16 - 2023-05-09
  

  0.3.16 (2023-05-09)

  Bug Fixes

  • add trustServerCertificate option to SqlServerConnectionOptions (#9985) (0305805), closes #8093
  • add directConnection options to MongoDB connection (#9955) (e0165e7)
  • add onDelete option validation for oracle (#9786) (938f94b), closes #9189
  • added instanceName to options (#9968) (7c5627f)
  • added transaction retry logic in cockroachdb (#10032) (607d6f9)
  • allow json as alias for longtext mariadb (#10018) (2a2bb4b)
  • convert the join table ID to the referenceColumn ID type (#9887) (9460296)
  • correct encode mongodb auth credentials (#10024) (96b7ee4), closes #9885
  • create correct children during cascade saving entities with STI (#9034) (06c1e98), closes #7758 #7758 #9033 #9033 #7758 #7758
  • express option bug in init command (#10022) (5be20e2)
  • for running cli-ts-node-esm use exit code from child process (#10030) (a188b1d), closes #10029
  • mongodb typings breaks the browser version (#9962) (99bef49), closes #9959
  • RelationIdLoader has access to queryPlanner when wrapped in transaction (#9990) (21a9d67), closes #9988
  • resolve duplicate subscriber updated columns (#9958) (3d67901), closes #9948
  • select + addOrderBy broke in 0.3.14 (#9961) (0e56f0f), closes #9960
  • support More/LessThanOrEqual in relations (#9978) (8795c86)

  Features

  • mariadb uuid inet4 inet6 column data type support (#9845) (d8a2e37)

  Reverts

  • "refactor: remove date-fns package (#9634)" (54f4f89)
• 0.3.16-dev.f5b93c1 - 2023-04-18
• 0.3.16-dev.e0165e7 - 2023-04-17
• 0.3.16-dev.d8a2e37 - 2023-04-25
• 0.3.16-dev.b064049 - 2023-04-18
• 0.3.16-dev.a188b1d - 2023-05-09
• 0.3.16-dev.96b7ee4 - 2023-05-09
• 0.3.16-dev.8795c86 - 2023-05-09
• 0.3.16-dev.68aa573 - 2023-04-15
• 0.3.16-dev.54f4f89 - 2023-05-09
• 0.3.16-dev.3d67901 - 2023-04-18
• 0.3.16-dev.2a2bb4b - 2023-05-09
• 0.3.16-dev.21a9d67 - 2023-05-09
• 0.3.16-dev.06c1e98 - 2023-05-09
• 0.3.16-dev.9460296 - 2023-05-09
• 0.3.15 - 2023-04-15
  

  Bug Fixes

  • make cache optional fields optional (#9942) (159c60a)
  • prevent unique index identical to primary key (all sql dialects) (#9940) (51eecc2)
  • SelectQueryBuilder builds incorrectly escaped alias in Oracle when used on entity with composite key (#9668) (83c6c0e)

  Features

  • support for the latest mongodb v5 (#9925) (f6a3ce7), closes #7907 #7907
• 0.3.15-dev.f6a3ce7 - 2023-04-15
• 0.3.15-dev.f1c5662 - 2023-04-15
• 0.3.15-dev.3a72e35 - 2023-04-13
• 0.3.15-dev.115059d - 2023-04-10
• 0.3.14 - 2023-04-09
  

  Bug Fixes

  • drop xml & yml connection option support. Addresses security issues in underlying dependency (#9930) (7dac12c)

  Features

  • QueryBuilder performance optimizations (#9914) (12e9db0)
• 0.3.14-dev.daf1b47 - 2023-04-06
• 0.3.14-dev.0194f17 - 2023-04-06
• 0.3.13 - 2023-04-06
  

  Bug Fixes

  • firstCapital=true not working in camelCase() function (f1330ad)
  • handles "query" relation loading strategy for TreeRepositories (#9680) (a11809e), closes #9673
  • improve EntityNotFound error message in QueryBuilder.findOneOrFail (#9872) (f7f6817)
  • loading tables with fk in sqlite query runner (#9875) (4997da0), closes #9266
  • prevent foreign key support during migration batch under sqlite (#9775) (197cc05), closes #9770
  • proper default value on generating migration when default value is a function calling [Postgres] (#9830) (bebba05)
  • react-native doesn't properly work in ESM projects because of circular dependency (#9765) (099fcd9)
  • resolve issues for mssql migration when simple-enum was changed (cb154d4), closes #7785 #9457 #7785 #9457
  • resolves issue with mssql column recreation (#9773) (07221a3), closes #9399
  • transform values for FindOperators #9381 (#9777) (de1228d), closes #9816
  • use forward slashes when normalizing path (#9768) (58fc088), closes #9766
  • use object create if entity skip constructor is set (#9831) (a868979)

  Features

  • add support for json datatype for sqlite (#9744) (4ac8c00)
  • add support for STI on EntitySchema (#9834) (bc306fb), closes #9833
  • allow type FindOptionsOrderValue for order by object property (#9895) (#9896) (0814970)
  • Broadcast identifier for removed related entities (#9913) (f530811)
  • leftJoinAndMapOne and innerJoinAndMapOne map result to entity (#9354) (947ffc3)
• 0.3.13-dev.f7f6817 - 2023-04-06
• 0.3.13-dev.f7b210b - 2023-04-05
• 0.3.13-dev.f1330ad - 2023-04-06
• 0.3.13-dev.de1228d - 2023-04-06
• 0.3.13-dev.af4f15c - 2023-04-06
• 0.3.13-dev.a868979 - 2023-04-06
• 0.3.13-dev.a11809e - 2023-04-06
• 0.3.13-dev.98f2205 - 2023-04-05
• 0.3.13-dev.97280fc - 2023-04-06
• 0.3.13-dev.58fc088 - 2023-02-09
• 0.3.13-dev.4fa14e3 - 2023-04-05
• 0.3.13-dev.4ac8c00 - 2023-04-06
• 0.3.13-dev.1fcd9f3 - 2023-04-05
• 0.3.13-dev.099fcd9 - 2023-02-08
• 0.3.13-dev.07221a3 - 2023-04-05
• 0.3.13-dev.0619aca - 2023-04-06
• 0.3.12 - 2023-02-07
  Read more
• 0.3.12-dev.ef64bfc - 2023-01-28
• 0.3.12-dev.defb409 - 2023-01-03
• 0.3.12-dev.ca315f0 - 2023-02-05
• 0.3.12-dev.c77c43e - 2023-02-06
• 0.3.12-dev.c669f50 - 2023-01-28
• 0.3.12-dev.b97633b - 2022-12-28
• 0.3.12-dev.b8704f8 - 2023-02-06
• 0.3.12-dev.ae91c05 - 2022-12-27
• 0.3.12-dev.adce698 - 2023-02-07
• 0.3.12-dev.a95bed7 - 2022-12-18
• 0.3.12-dev.9bd3a64 - 2023-02-07
• 0.3.12-dev.8668c29 - 2022-12-29
• 0.3.12-dev.7df2ccf - 2023-02-06
• 0.3.12-dev.7726f5a - 2023-02-06
• 0.3.12-dev.74f7f79 - 2023-01-11
• 0.3.12-dev.6fb2121 - 2023-02-05
• 0.3.12-dev.6c928a4 - 2022-12-19
• 0.3.12-dev.67973b4 - 2022-12-29
• 0.3.12-dev.63ab05f - 2023-02-05
• 0.3.12-dev.54ca9dd - 2023-02-07
• 0.3.12-dev.4df969e - 2023-01-28
• 0.3.12-dev.3e1caf0 - 2023-01-03
• 0.3.12-dev.1a9b9fb - 2023-02-06
• 0.3.12-dev.18b659d - 2022-12-29
• 0.3.12-dev.15a4eb9 - 2022-12-29
• 0.3.12-dev.12fdd73 - 2023-02-07
• 0.3.12-dev.0eb7441 - 2023-02-07
• 0.3.12-dev.0d72317 - 2022-12-03
• 0.3.12-dev.8731858 - 2023-02-07
• 0.3.12-dev.8251812 - 2022-12-16
• 0.3.11 - 2022-12-03
  Read more
• 0.3.11-dev.fc3b4f8 - 2022-12-03
• 0.3.11-dev.f07fb2c - 2022-12-03
• 0.3.11-dev.efb4168 - 2022-11-04
• 0.3.11-dev.d71e9c4 - 2022-12-03
• 0.3.11-dev.cdabaa3 - 2022-09-20
• 0.3.11-dev.b5ff79f - 2022-11-04
• 0.3.11-dev.97fae63 - 2022-12-03
• 0.3.11-dev.8a837f9 - 2022-09-20
• 0.3.11-dev.85fa9c6 - 2022-11-05
• 0.3.11-dev.81fc9a9 - 2022-12-03
• 0.3.11-dev.7fbc3ad - 2022-12-03
• 0.3.11-dev.71efa8e - 2022-12-03
• 0.3.11-dev.6eb674b - 2022-11-05
• 0.3.11-dev.6ba48bd - 2022-12-03
• 0.3.11-dev.66acec8 - 2022-11-04
• 0.3.11-dev.658604d - 2022-12-03
• 0.3.11-dev.5253c8f - 2022-11-04
• 0.3.11-dev.4ec04fa - 2022-11-21
• 0.3.11-dev.4a36d0e - 2022-11-05
• 0.3.11-dev.38e0eff - 2022-11-04
• 0.3.11-dev.2e1c9fd - 2022-11-04
• 0.3.11-dev.2473ff0 - 2022-12-03
• 0.3.11-dev.1cb738a - 2022-12-03
• 0.3.11-dev.19536ed - 2022-11-05
• 0.3.11-dev.7386318 - 2022-12-03
• 0.3.10 - 2022-09-19
  

  Bug Fixes

  • "Cannot commit, no transaction is active" error in sql.js (#9234) (749809a), closes #9100
  • add missing support for primaryKeyConstraintName property in EntitySchema (cc63961)
  • malformed query when selecting deeply nested embedded entities (#9273) (83f7b88)
  • prototype pollution issue (e3aac27)
  • typescript 4.8 type issues #9331 (#9357) (a1960e1)
  • Update RelationIdLoader to use DriverUtils.getAlias (#9380) (a917d65), closes #9379

  Features

  • orphanedRowAction=disabled (rebase of PR 8285) (#8678) (de15df1)
  • sqlite - deferrable options for foreign keys (#9360) (773a4fe)
  • unify Pool max connection size in supported Drivers (#9305) (48976c2), closes #3388
  • update db image versions in docker compose (#9367) (f24b262), closes #9326
• 0.3.10-dev.f24b262 - 2022-09-19
• 0.3.10-dev.e3aac27 - 2022-08-29
• 0.3.10-dev.de15df1 - 2022-09-19
• 0.3.10-dev.cc63961 - 2022-08-30
• 0.3.10-dev.a1960e1 - 2022-09-15
• 0.3.10-dev.773a4fe - 2022-09-14
• 0.3.10-dev.749809a - 2022-09-19
• 0.3.10-dev.52e5f7c - 2022-09-14
• 0.3.9 - 2022-08-28
  

  Bug Fixes

  • fixed regression introduced in 0.3.8 - broken CLI because of #8917 (#9332), closes #9330
• 0.3.8 - 2022-08-26
  Read more
• 0.3.8-dev.fd7ae97 - 2022-08-24
• 0.3.8-dev.eb8f0c6 - 2022-08-24
• 0.3.8-dev.e49d0c8 - 2022-08-24
• 0.3.8-dev.de8aaac - 2022-08-24
• 0.3.8-dev.dadb658 - 2022-08-24
• 0.3.8-dev.d285fd0 - 2022-07-06
• 0.3.8-dev.c4f4650 - 2022-08-25
• 0.3.8-dev.bd96e27 - 2022-08-24
• 0.3.8-dev.bb33cd0 - 2022-07-11
• 0.3.8-dev.b8d04dc - 2022-08-25
• 0.3.8-dev.9f7fc14 - 2022-08-24
• 0.3.8-dev.8dcd61e - 2022-08-24
• 0.3.8-dev.72728f1 - 2022-08-25
• 0.3.8-dev.7198a7a - 2022-08-24
• 0.3.8-dev.68e8f22 - 2022-08-25
• 0.3.8-dev.64674e6 - 2022-08-24
• 0.3.8-dev.5ebc626 - 2022-08-24
• 0.3.8-dev.5e5abbd - 2022-08-25
• 0.3.8-dev.46d0021 - 2022-08-24
• 0.3.8-dev.3a533a4 - 2022-08-24
• 0.3.8-dev.340ab67 - 2022-08-25
• 0.3.8-dev.2e67138 - 2022-06-30
• 0.3.8-dev.15f90e0 - 2022-08-22
• 0.3.8-dev.109c1fa - 2022-06-29
• 0.3.8-dev.0b54222 - 2022-07-05
• 0.3.8-dev.03317a3 - 2022-08-28
• 0.3.7 - 2022-06-29
• 0.3.7-dev.ec23922 - 2022-06-22
• 0.3.7-dev.ec05f1d - 2022-06-29
• 0.3.7-dev.bcdddc3 - 2022-06-29
• 0.3.7-dev.a748f3c - 2022-06-29
• 0.3.7-dev.97e1dc1 - 2022-06-28
• 0.3.7-dev.60a7960 - 2022-06-28
• 0.3.7-dev.1b5aa62 - 2022-06-28
• 0.3.6 - 2022-04-12

from typeorm GitHub release notes

Commit messages

Package name: typeorm

• 607d6f9 fix: added transaction retry logic in cockroachdb (#10032)
• 8795c86 fix: support More/LessThanOrEqual in relations (#9978)
• 06c1e98 fix: create correct children during cascade saving entities with STI (#9034)
• 96b7ee4 fix: correct encode mongodb auth credentials (#10024)
• 9460296 fix: convert the join table ID to the referenceColumn ID type (#9887)
• 938f94b fix: add onDelete option validation for oracle (#9786)
• a188b1d fix: for running cli-ts-node-esm use exit code from child process (#10030)
• 7c5627f fix: added instanceName to options (#9968)
• 0305805 fix: add `trustServerCertificate` option to `SqlServerConnectionOptions` (#9985)
• 21a9d67 fix: RelationIdLoader has access to queryPlanner when wrapped in transaction (#9990)
• 5be20e2 fix: express option bug in init command (#10022)
• 2a2bb4b fix: allow json as alias for longtext mariadb (#10018)
• 54f4f89 revert: "refactor: remove date-fns package (#9634)"
• 99bef49 fix: mongodb typings breaks the browser version (#9962)
• d8a2e37 feat: mariadb uuid inet4 inet6 column data type support (#9845)
• f5b93c1 refactor: query methods should accept generic for return type (#9957)
• 0e56f0f fix: select + addOrderBy broke in 0.3.14 (#9961)
• 3d67901 fix: resolve duplicate subscriber updated columns (#9958)
• b064049 docs: update entity-manager-api.md (#9956)
• e0165e7 fix: add directConnection options to MongoDB connection (#9955)
• 68aa573 docs: issue #8860 (#9951)
• 5890561 version bump
• f1c5662 fixed compiler error
• 51eecc2 fix: prevent unique index identical to primary key (all sql dialects) (#9940)

Compare

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

🧐 View latest project report

🛠 Adjust upgrade PR settings

🔕 Ignore this dependency or unsubscribe from future upgrade PRs