Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade typeorm from 0.2.24 to 0.3.18 #206

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

Omrisnyk
Copy link
Owner

@Omrisnyk Omrisnyk commented Jan 3, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 141/1000
Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01055, Social Trends: No, Days since published: 34, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.35, Score Version: V5
Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: typeorm
  • 0.3.18 - 2024-01-03

    Bug Fixes

    Features

    Performance Improvements

    BREAKING CHANGES

    • With node-oracledb the thin client is used as default. Added a option to use the thick client. Also added the option to specify the instant client lib
    • MongoDB: from the previous behavior of returning a result with metadata describing when a document is not found.
      See: https://github.com/mongodb/node-mongodb-native/blob/HEAD/etc/notes/CHANGES_6.0.0.md
    • new nullable embeds feature introduced a breaking change which might enforce you to update types on your entities to | null,
      if all columns in your embed entity are nullable. Since database queries now return embedded property as null if all its column values are null.
  • 0.3.18-dev.ff6e875 - 2023-07-22
  • 0.3.18-dev.fdb9866 - 2023-12-29
  • 0.3.18-dev.fbd45db - 2023-08-19
  • 0.3.18-dev.f6bb671 - 2023-12-29
  • 0.3.18-dev.f6b87e3 - 2023-12-29
  • 0.3.18-dev.ebd61d1 - 2023-09-30
  • 0.3.18-dev.e72a9da - 2023-08-19
  • 0.3.18-dev.e67d704 - 2024-01-02
  • 0.3.18-dev.dff2d53 - 2023-07-22
  • 0.3.18-dev.dd59524 - 2024-01-02
  • 0.3.18-dev.d184d85 - 2023-10-05
  • 0.3.18-dev.c8ee5b1 - 2023-08-19
  • 0.3.18-dev.c6f608d - 2023-08-19
  • 0.3.18-dev.befe4f9 - 2023-09-02
  • 0.3.18-dev.b8af97a - 2023-09-30
  • 0.3.18-dev.b6b46fb - 2023-12-29
  • 0.3.18-dev.b5ec088 - 2024-01-03
  • 0.3.18-dev.b240d87 - 2023-12-29
  • 0.3.18-dev.ad5bf11 - 2023-12-29
  • 0.3.18-dev.aa8d24c - 2023-12-29
  • 0.3.18-dev.a939654 - 2023-12-29
  • 0.3.18-dev.a909d5b - 2023-07-12
  • 0.3.18-dev.a4900ae - 2023-12-29
  • 0.3.18-dev.a00b1df - 2024-01-02
  • 0.3.18-dev.9471bfc - 2023-09-22
  • 0.3.18-dev.8d0e7f9 - 2023-09-30
  • 0.3.18-dev.7e9cead - 2023-12-29
  • 0.3.18-dev.7adbc9b - 2023-08-19
  • 0.3.18-dev.7a58bbf - 2023-12-29
  • 0.3.18-dev.6d5b5d9 - 2023-12-29
  • 0.3.18-dev.65858f3 - 2023-12-29
  • 0.3.18-dev.48f5f85 - 2023-12-29
  • 0.3.18-dev.3cf938e - 2023-12-29
  • 0.3.18-dev.3cda7ec - 2024-01-02
  • 0.3.18-dev.2dc9624 - 2023-12-29
  • 0.3.18-dev.173910e - 2024-01-02
  • 0.3.18-dev.15bc887 - 2024-01-03
  • 0.3.18-dev.122c897 - 2023-12-29
  • 0.3.18-dev.0f11739 - 2024-01-02
  • 0.3.18-dev.022d2b5 - 2023-08-19
  • 0.3.17 - 2023-06-20

    Bug Fixes

  • 0.3.17-dev.f5d4397 - 2023-06-19
  • 0.3.17-dev.d4607a8 - 2023-05-10
  • 0.3.17-dev.b1a3a39 - 2023-06-20
  • 0.3.17-dev.abb9079 - 2023-05-09
  • 0.3.17-dev.7108cc6 - 2023-06-20
  • 0.3.16 - 2023-05-09

    0.3.16 (2023-05-09)

    Bug Fixes

    Features

    • mariadb uuid inet4 inet6 column data type support (#9845) (d8a2e37)

    Reverts

  • 0.3.16-dev.f5b93c1 - 2023-04-18
  • 0.3.16-dev.e0165e7 - 2023-04-17
  • 0.3.16-dev.d8a2e37 - 2023-04-25
  • 0.3.16-dev.b064049 - 2023-04-18
  • 0.3.16-dev.a188b1d - 2023-05-09
  • 0.3.16-dev.96b7ee4 - 2023-05-09
  • 0.3.16-dev.8795c86 - 2023-05-09
  • 0.3.16-dev.68aa573 - 2023-04-15
  • 0.3.16-dev.54f4f89 - 2023-05-09
  • 0.3.16-dev.3d67901 - 2023-04-18
  • 0.3.16-dev.2a2bb4b - 2023-05-09
  • 0.3.16-dev.21a9d67 - 2023-05-09
  • 0.3.16-dev.06c1e98 - 2023-05-09
  • 0.3.16-dev.9460296 - 2023-05-09
  • 0.3.15 - 2023-04-15

    Bug Fixes

    • make cache optional fields optional (#9942) (159c60a)
    • prevent unique index identical to primary key (all sql dialects) (#9940) (51eecc2)
    • SelectQueryBuilder builds incorrectly escaped alias in Oracle when used on entity with composite key (#9668) (83c6c0e)

    Features

  • 0.3.15-dev.f6a3ce7 - 2023-04-15
  • 0.3.15-dev.f1c5662 - 2023-04-15
  • 0.3.15-dev.3a72e35 - 2023-04-13
  • 0.3.15-dev.115059d - 2023-04-10
  • 0.3.14 - 2023-04-09

    Bug Fixes

    • drop xml & yml connection option support. Addresses security issues in underlying dependency (#9930) (7dac12c)

    Features

  • 0.3.14-dev.daf1b47 - 2023-04-06
  • 0.3.14-dev.0194f17 - 2023-04-06
  • 0.3.13 - 2023-04-06

    Bug Fixes

    • firstCapital=true not working in camelCase() function (f1330ad)
    • handles "query" relation loading strategy for TreeRepositories (#9680) (a11809e), closes #9673
    • improve EntityNotFound error message in QueryBuilder.findOneOrFail (#9872) (f7f6817)
    • loading tables with fk in sqlite query runner (#9875) (4997da0), closes #9266
    • prevent foreign key support during migration batch under sqlite (#9775) (197cc05), closes #9770
    • proper default value on generating migration when default value is a function calling [Postgres] (#9830) (bebba05)
    • react-native doesn't properly work in ESM projects because of circular dependency (#9765) (099fcd9)
    • resolve issues for mssql migration when simple-enum was changed (cb154d4), closes #7785 #9457 #7785 #9457
    • resolves issue with mssql column recreation (#9773) (07221a3), closes #9399
    • transform values for FindOperators #9381 (#9777) (de1228d), closes #9816
    • use forward slashes when normalizing path (#9768) (58fc088), closes #9766
    • use object create if entity skip constructor is set (#9831) (a868979)

    Features

    • add support for json datatype for sqlite (#9744) (4ac8c00)
    • add support for STI on EntitySchema (#9834) (bc306fb), closes #9833
    • allow type FindOptionsOrderValue for order by object property (#9895) (#9896) (0814970)
    • Broadcast identifier for removed related entities (#9913) (f530811)
    • leftJoinAndMapOne and innerJoinAndMapOne map result to entity (#9354) (947ffc3)
  • 0.3.13-dev.f7f6817 - 2023-04-06
  • 0.3.13-dev.f7b210b - 2023-04-05
  • 0.3.13-dev.f1330ad - 2023-04-06
  • 0.3.13-dev.de1228d - 2023-04-06
  • 0.3.13-dev.af4f15c - 2023-04-06
  • 0.3.13-dev.a868979 - 2023-04-06
  • 0.3.13-dev.a11809e - 2023-04-06
  • 0.3.13-dev.98f2205 - 2023-04-05
  • 0.3.13-dev.97280fc - 2023-04-06
  • 0.3.13-dev.58fc088 - 2023-02-09
  • 0.3.13-dev.4fa14e3 - 2023-04-05
  • 0.3.13-dev.4ac8c00 - 2023-04-06
  • 0.3.13-dev.1fcd9f3 - 2023-04-05
  • 0.3.13-dev.099fcd9 - 2023-02-08
  • 0.3.13-dev.07221a3 - 2023-04-05
  • 0.3.13-dev.0619aca - 2023-04-06
  • 0.3.12 - 2023-02-07

    Bug Fixes

    • allow to pass ObjectLiteral in mongo find where condition (#9632) (4eda5df), closes #9518
    • DataSource.setOptions doesn't properly update the database in the drivers (#9635) (a95bed7)
    • Fix grammar error in no migrations found log (#9754) (6fb2121)
    • improved FindOptionsWhere behavior with union types (#9607) (7726f5a)
    • Incorrect enum default value when table name contains dash character (#9685) (b3b0c11)
    • incorrect sorting of entities with multi-inheritances (#9406) (54ca9dd)
    • make sure "require" is defined in the environment (1a9b9fb)
    • materialized hints support for cte (#9605) (67973b4)
    • multiple select queries during db sync in sqlite (#9639) (6c928a4)
    • overriding caching settings when alwaysEnabled is true (#9731) (4df969e)
    • redundant Unique constraint on primary join column in Postgres (#9677) (b8704f8)
    • remove unnecessary .js extension in imports (#9713) (6b37e38)
    • resolve issue with "simple-enum" synchronization in SQLite (#9716) (c77c43e), closes #9715
    • sql expression when where parameter is empty array (#9691) (7df2ccf), closes #9690
    • synchronizing View with schema broken for oracle (#9602) (18b659d)

    Features

  • 0.3.12-dev.ef64bfc - 2023-01-28
  • 0.3.12-dev.defb409 - 2023-01-03
  • 0.3.12-dev.ca315f0 - 2023-02-05
  • 0.3.12-dev.c77c43e - 2023-02-06
  • 0.3.12-dev.c669f50 - 2023-01-28
  • 0.3.12-dev.b97633b - 2022-12-28
  • 0.3.12-dev.b8704f8 - 2023-02-06
  • 0.3.12-dev.ae91c05 - 2022-12-27
  • 0.3.12-dev.adce698 - 2023-02-07
  • 0.3.12-dev.a95bed7 - 2022-12-18
  • 0.3.12-dev.9bd3a64 - 2023-02-07
  • 0.3.12-dev.8668c29 - 2022-12-29
  • 0.3.12-dev.7df2ccf - 2023-02-06
  • 0.3.12-dev.7726f5a - 2023-02-06
  • 0.3.12-dev.74f7f79 - 2023-01-11
  • 0.3.12-dev.6fb2121 - 2023-02-05
  • 0.3.12-dev.6c928a4 - 2022-12-19
  • 0.3.12-dev.67973b4 - 2022-12-29
  • 0.3.12-dev.63ab05f - 2023-02-05
  • 0.3.12-dev.54ca9dd - 2023-02-07
  • 0.3.12-dev.4df969e - 2023-01-28
  • 0.3.12-dev.3e1caf0 - 2023-01-03
  • 0.3.12-dev.1a9b9fb - 2023-02-06
  • 0.3.12-dev.18b659d - 2022-12-29
  • 0.3.12-dev.15a4eb9 - 2022-12-29
  • 0.3.12-dev.12fdd73 - 2023-0...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment