Update dependency typeorm to v0.3.0 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
typeorm (source)	0.2.41 → 0.3.0

GitHub Vulnerability Alerts

CVE-2022-33171

The findOne function in TypeORM before 0.3.0 can either be supplied with a string or a FindOneOptions object. When input to the function is a user-controlled parsed JSON object, supplying a crafted FindOneOptions instead of an id string leads to SQL injection. NOTE: the vendor's position is that the user's application is responsible for input validation.

---

Release Notes

typeorm/typeorm (typeorm)

v0.3.0

Compare Source

Bug Fixes

• broken CLI in ESM projects since version 0.3.0 (#​8773) (97699e8)

Features

• add typeorm CLI variations that include ts-node (#​8776) (05fc744)
• allows user to specify which mysql package should be used (#​8771) (35106df)

Reverts

• json/jsonb change introduced in 0.3.1 (#​8777) (edf27d9)

v0.2.45

Compare Source

Bug Fixes

• allow clearing database inside a transaction (#​8712) (f3cfdd2), closes #​8527
• discard duplicated columns on update (#​8724) (0fc093d), closes #​8723
• fix entityManager.getId for custom join table (#​8676) (33b2bd7), closes #​7736
• force web bundlers to ignore index.mjs and use the browser ESM version directly (#​8710) (411fa54), closes #​8709

Features

• add nested transaction (#​8541) (6523526), closes #​1505
• add transformer to ViewColumnOptions (#​8717) (96ac8f7)

v0.2.44

Compare Source

Bug Fixes

• alter relation loader to use transforms when present (#​8691) (2c2fb29), closes #​8690
• cannot read properties of undefined (reading 'joinEagerRelations') (136015b)
• expo driver doesn't work properly because of new beforeMigration() afterMigration() callbacks (#​8683) (5a71803)
• ng webpack default import (#​8688) (2d3374b), closes #​8674
• support imports of absolute paths of ESM files on Windows (#​8669) (12cbfcd), closes #​8651

Features

• add option to upsert to skip update if the row already exists and no values would be changed (#​8679) (8744395)
• allow {delete,insert}().returning() on MariaDB (#​8673) (7facbab), closes #​7235 #​7235
• Implement deferrable foreign keys for SAP HANA (#​6104) (1f54c70)

v0.2.43

Compare Source

Bug Fixes

• support require to internal files without explicitly writing .js in the path (#​8660) (96aed8a), closes #​8656

Features

• embedded entities with entity schema (#​8626) (7dbe956), closes #​3632

Reverts

• Revert "feat: soft delete recursive cascade (#​8436)" (#​8654) (6b0b15b), closes #​8436 #​8654

v0.2.42

Compare Source

Bug Fixes

• proper column comment mapping from database to metadata in aurora-data-api (baa5880)
• add referencedSchema to PostgresQueryRunner (#​8566) (c490319)
• adding/removing @​Generated() will now generate a migration to add/remove the DEFAULT value (#​8274) (4208393), closes #​5898
• adds entity-schema support for createForeignKeyConstraints (#​8606) (f224f24), closes #​8489
• allow special keyword as column name for simple-enum type on sqlite (#​8645) (93bf96e)
• correctly handle multiple-row insert for SAP HANA driver (#​7957) (8f2ae71)
• disable SQLite FK checks in synchronize / migrations (#​7922) (f24822e)
• find descendants of a non-existing tree parent (#​8557) (cbb61eb), closes #​8556
• For MS SQL Server use lowercase "sys"."columns" reference. (#​8400) (#​8401) (e8a0f92)
• improve DeepPartial type (#​8187) (b93416d)
• Lock peer dependencies versions (#​8597) (600bd4e)
• make EntityMetadataValidator comply with entitySkipConstructor, cover with test (#​8445) (3d6c5da), closes #​8444
• materialized path being computed as "undefined1." (#​8526) (09f54e0)
• MongoConnectionOptions sslCA type mismatch (#​8628) (02400da)
• mongodb repository.find filters soft deleted rows (#​8581) (f7c1f7d), closes #​7113
• mongodb@​4 compatibility support (#​8412) (531013b)
• must invoke key pragma before any other interaction if SEE setted (#​8478) (546b3ed), closes #​8475
• nested eager relations in a lazy-loaded entity are not loaded (#​8564) (1cfd7b9)
• QueryFailedError when tree entity with JoinColumn (#​8443) (#​8447) (a11c50d)
• relation id and afterAll hook performance fixes (#​8169) (31f0b55)
• replaced custom uuid generator with uuid library (#​8642) (8898a71)
• single table inheritance returns the same discriminator value error for unrelated tables where their parents extend from the same entity (#​8525) (6523fcc), closes #​8522
• updating with only update: false columns shouldn't trigger @​UpdateDateColumn column updation (2834729), closes #​8394 #​8394 #​8394
• upsert should find unique index created by one-to-one relation (#​8618) (c8c00ba)

Features

• add comment param to FindOptions (#​8545) (ece0da0)
• add custom timestamp option in migration creation (#​8501) (4a7f242), closes #​8500 #​8500
• add support for node-redis v4.0.0 and newer (#​8425) (0626ed1)
• add support for Postgres 10+ GENERATED ALWAYS AS IDENTITY (#​8371) (a0f09de), closes #​8370
• add WITH (lock) clause for MSSQL select with join queries (#​8507) (3284808), closes #​4764
• adds entity-schema support for withoutRowid (#​8432) (bd22dc3), closes #​8429
• allow soft-deletion of orphaned relation rows using orphanedRow… (#​8414) (cefddd9)
• custom name for typeorm_metadata table (#​8528) (f8154eb), closes #​7266
• deferrable option for Unique constraints (Postgres) (#​8356) (e52b26c)
• ESM support (#​8536) (3a694dd), closes #​6974 #​6941 #​7516 #​7159
• query builder negating with "NotBrackets" for complex expressions (#​8476) (fe7f328)
• separate update events into update, soft-remove, and recover (#​8403) (93383bd), closes #​8398
• soft delete recursive cascade (#​8436) (d0f32b3)
• sqlite attach (#​8396) (9e844d9)

Reverts

• migration:show command must exist with zero status code (Fixes #​7349) (#​8185) (e0adeee)

BREAKING CHANGES

• update listeners and subscriber no longer triggered by soft-remove and recover

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • ""
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.