Update mssql package to latest version

[eranfl]

Feature Description

The Problem

The current version of mssql in the dependency of TypeORM is old and reached EOL.
Updating to the latest version would be helpful in order to keep using TypeORM.
Updating the mssql package to a newer version than 6.3.2 causes many errors in TypeORM calls (e.g. raw queries etc.).

The Solution

Update the mssql dependency to the latest version of mssql - 8.x.x

Considered Alternatives

Additional Context

Relevant Database Driver(s)

DB Type	Relevant
aurora-data-api	no
aurora-data-api-pg	no
better-sqlite3	no
cockroachdb	no
cordova	no
expo	no
mongodb	no
mysql	no
nativescript	no
oracle	no
postgres	no
react-native	no
sap	no
sqlite	no
sqlite-abstract	no
sqljs	no
sqlserver	yes

Are you willing to resolve this issue by submitting a Pull Request?

• ✖️ Yes, I have the time, and I know how to start.
• ✅ Yes, I have the time, but I don't know how to start. I would need guidance.
• ✖️ No, I don’t have the time, but I can support (using donations) development.
• ✖️ No, I don’t have the time and I’m okay to wait for the community / maintainers to resolve this issue.

[pleerock]

Feel free to contribute. You have to create PR against 0.3.0 branch since I guess it will be a breaking change.

[josendf-basetis]

While the mssql package version is upgraded, it would help to revert the change made in #8597 and keep the version of the mssql package peer dependency open ("mssql": "*"), in order to not break the existing typeorm + mssql installations.

Thanks,

[edrorr]

I tried different versions of mssql and typeorm but it didn't work.

TypeError: Cannot read properties of null (reading '0')
    at SqlServerQueryRunner.getCurrentSchema (C:\Projects\VoltaServer\node_modules\typeorm\src\driver\sqlserver\SqlServerQueryRunner.ts:427:34)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at async SqlServerDriver.connect (C:\Projects\VoltaServer\node_modules\typeorm\src\driver\sqlserver\SqlServerDriver.ts:299:37)
    at async DataSource.initialize (C:\Projects\VoltaServer\node_modules\src\data-source\DataSource.ts:232:9)

advanced-console shows this:

query: SELECT SCHEMA_NAME() AS "schema_name"

Anything I can do to fix this would be appreciated

[coder-pm]

Current version of the TypeORM is using mssql:7.3.0 which contains fixes not adopted by the TypeORM: tediousjs/node-mssql#1338. Because of that setting stream: true is causing above issue.

[ertl]

Any Update on this? Currently there exists a vulnarability within an implicit dependency of mssql 7.3.x

node_modules/@azure/msal-node/node_modules/jsonwebtoken
  @azure/msal-node  <=1.14.5
  Depends on vulnerable versions of jsonwebtoken
  node_modules/@azure/msal-node
    @azure/identity  1.2.1-alpha.20201113.2 - 2.0.0-beta.6
    Depends on vulnerable versions of @azure/msal-node
    node_modules/@azure/identity
      tedious  11.0.9 - 14.2.0
      Depends on vulnerable versions of @azure/identity
      node_modules/tedious
        mssql  7.2.1 - 7.3.5
        Depends on vulnerable versions of tedious
        node_modules/mssql
          typeorm  0.3.6-dev.0418ebc - 0.3.6-dev.ef025bd || >=0.3.7-dev.1b5aa62
          Depends on vulnerable versions of mssql
          node_modules/typeorm

[coder-pm]

It's in the previous comment. Set stream: false in the config.

[schaeferto]

Having the same issue with the vulnerability of jsonwebtoken, which is a transient dependency of that old version of mssql.
Any suggestions on how to "overwrite" the mssql version for typeorm?

Or will typeorm break if you use a version > 7.x.x ? Anyone tried this yet?

[ertl]

To override the version you can use.

 "dependencies": {
    "mssql": "^9.0.1",
    "typeorm": "0.3.11",
  },
  "overrides": {
    "mssql": "^9.0.1"
  },

I didn't set the stream flag to false ... still no problem on the first look.

@pleerock is there a specific reason, that the mssql version ist still at 7.3.x?

[schaeferto]

Nice, thank you @ertl. I will try it out. On the other hand I am a bit afraid of that workaround because if typeorm is not build against mssql 9.0.1 APIs it might break at some undefined point.

But for me it could help, because I am not relying on mssql in my production environment ... only using it for some import tasks :-)

[sbleon]

I could potentially work on this, but #9783 is a blocker for me.