Update dependency typeorm to v0.2.25 [SECURITY]

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
typeorm (source)	0.2.11 -> 0.2.25

GitHub Vulnerability Alerts

CVE-2020-8158

Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.

---

Release Notes

typeorm/typeorm (typeorm)

v0.2.25

Compare Source

Bug Fixes

• 'in' clause case for ORACLE (#​5345) (8977365)
• calling EntityManager.insert() with an empty array of entities (#​5745) (f8c52f3), closes #​5734 #​5734 #​5734
• columns with transformer should be normalized for update (#​5700) (4ef6b65), closes #​2703
• escape column comment in mysql driver (#​6056) (5fc802d)
• expo sqlite driver disconnect() (#​6027) (61d59ca)
• HANA - SSL options, column delta detection mechanism (#​5938) (2fd0a8a)
• handle URL objects as column field values (#​5771) (50a0641), closes #​5762 #​5762
• insert and update query builder to handle mssql geometry column correctly (#​5947) (87cc6f4)
• migrations being generated for FK even if there are no changes (#​5869) (416e419)
• multiple assignments to same column on UPDATE #​2651 (#​5598) (334e17e)
• prevent TypeError when calling bind function with sql.js 1.2.X (#​5789) (c6cbddc)
• prototype pollution issue (#​6096) (db9d0fa)
• provide a default empty array for parameters. (#​5677) (9e8a8cf)
• redundant undefined parameters are not generated in migration files anymore (#​5690) (d5cde49)
• replacing instanceof Array checks to Array.isArray because instanceof Array seems to be problematic on some platforms (#​5606) (b99b4ad)
• respect database from connection urls (#​5640) (ed75d59), closes #​2096
• sha.js import (#​5728) (8c3f48a)
• Unknown fields are stripped from WHERE clause (issue #​3416) (#​5603) (215f106)
• update dependency mkdirp to 1.x (#​5748) (edeb561)
• update Entity decorator return type to ClassDecorator (#​5776) (7d8a1ca)
• use an empty string enum as the type of a primary key column (#​6063) (8e0d817), closes #​3874
• use correct typings for the result of getUpsertedIds() (#​5878) (2ab88c2)
• wrong table name parameter when not using default schema (#​5801) (327144a)

Features

• add FOR NO KEY UPDATE lock mode for postgresql (#​5971) (360122f)
• add name option to view column (#​5962) (3cfcc50), closes #​5708
• Add soft remove and recover methods to entity (#​5854) (9d2b8e0)
• added support for NOWAIT & SKIP LOCKED in Postgres (#​5927) (2c90e1c)
• Aurora Data API - Postgres Support (#​5651) (e584297)
• aurora Data API - Support for AWS configuration options through aurora driver (#​5754) (1829f96)
• create-column, update-column, version-column column kinds now support user specified values (#​5867) (5a2eb30), closes #​3271
• names of extra columns for specific tree types moved to NamingStrategy (#​5737) (ec3be41)
• PG allow providing a function for password (#​5673) (265d1ae)
• update cli migration up and down from any to void (#​5630) (76e165d)
• UpdateResult returns affected rows in mysql (#​5628) (17f2fff), closes #​1308

Performance Improvements

• An optimized version of EntityMetadata#compareIds() for the common case (#​5419) (a9bdb37)

v0.2.24

Compare Source

Bug Fixes

• .synchronize() drops json column on mariadb (#​5391) (e3c78c1), closes typeorm/typeorm#3636
• (base-entity) set create return type to T[] (#​5400) (ceff897)
• add the enableArithAbort option to the sql server connection option typings (#​5526) (d19dbc6)
• bug when default value in mssql were not updated if previous default was already set (9fc8329)
• change OrmUtils.mergeDeep to not merge RegExp objects (#​5182) (0f51836), closes #​3534
• fk on update should not use attributes of on delete (2baa934)
• load typeorm-aurora-data-api-driver correctly when using webpack (#​4788) (#​5302) (9da0d34)
• not to make typeorm generate alter query on geometry column when that column was not changed (#​5525) (ee57557)
• Oracle sql expression for date column (#​5305) (40e9d3a), closes #​4452 #​4452
• refactoring instance of with Array.isArray() (#​5539) (1e1595e)
• Return NULL when normalize default null value (#​5517) (1826b75), closes #​5509
• SAP HANA driver fixes (#​5445) (87b161f)
• update foreign keys when table name changes (#​5482) (7157cb3)
• use OUTPUT INTO on SqlServer for returning columns (#​5361) (6bac3ca), closes #​5160 #​5160
• use sha.js instead of crypto for hash calculation (#​5270) (b380a7f)

Features

• Add basic support for custom cache providers (#​5309) (6c6bde7)
• add fulltext parser option (#​5380) (dd73395)

v0.2.23

Compare Source

Bug Fixes

• .synchronize() drops json column on mariadb (#​5391) (e3c78c1), closes typeorm/typeorm#3636
• (base-entity) set create return type to T[] (#​5400) (ceff897)
• add the enableArithAbort option to the sql server connection option typings (#​5526) (d19dbc6)
• bug when default value in mssql were not updated if previous default was already set (9fc8329)
• change OrmUtils.mergeDeep to not merge RegExp objects (#​5182) (0f51836), closes #​3534
• fk on update should not use attributes of on delete (2baa934)
• load typeorm-aurora-data-api-driver correctly when using webpack (#​4788) (#​5302) (9da0d34)
• not to make typeorm generate alter query on geometry column when that column was not changed (#​5525) (ee57557)
• Oracle sql expression for date column (#​5305) (40e9d3a), closes #​4452 #​4452
• refactoring instance of with Array.isArray() (#​5539) (1e1595e)
• Return NULL when normalize default null value (#​5517) (1826b75), closes #​5509
• SAP HANA driver fixes (#​5445) (87b161f)
• update foreign keys when table name changes (#​5482) (7157cb3)
• use OUTPUT INTO on SqlServer for returning columns (#​5361) (6bac3ca), closes #​5160 #​5160
• use sha.js instead of crypto for hash calculation (#​5270) (b380a7f)

Features

• Add basic support for custom cache providers (#​5309) (6c6bde7)
• add fulltext parser option (#​5380) (dd73395)

v0.2.22

Compare Source

Bug Fixes

• use a prefix on SelectQueryBuilder internal parameters (#​5178) (cacb08b), closes #​5174 #​5174

Features

• hash aliases to avoid conflicts (#​5227) (edc8e6d)
• implement driver options for NativeScript (#​5217) (3e58426)
• SAP Hana support (#​5246) (ec90341)
• speed ​​up id search in buildChildrenEntityTree (#​5202) (2e628c3)

BREAKING CHANGES

• aliases for very long relation names may be replaced with hashed strings.
  Fix: avoid collisions by using longest possible hash.
  Retain more entropy by not using only 8 characters of hashed aliases.

v0.2.21

Compare Source

Bug Fixes

• allow expireAfterSeconds 0 in Index decorator (close #​5004) (#​5005) (d05467c)
• do not mutate connection options (#​5078) (1047989)
• mysql driver query streaming (#​5036) (aff2f56)
• remove consrc usage (postgres,cockroachdb) (#​4333) (ce7cb16), closes #​4332
• repo for app-root-path in lock file (#​5052) (f0fd192)
• resolve MySQL unique index check when bigNumberStrings is false (#​4822) (d205574), closes #​2737
• resolve sorting bug for several mongo vesions with typeorm migration (#​5121) (cb771a1), closes #​5115
• throwing error on duplicate migration names #​4701 (#​4704) (3e4dc9f)
• unescaped column name in order clause of "migrations" (#​5108) (c0c8566)
• upgrade app-root-path (#​5023) (7f87f0c)

Features

• add distinct on() support for postgres (#​4954) (1293065)
• add migrations transaction option to connection options (#​5147) (fb60688), closes #​4629 #​4629
• asynchronous ormconfig support (#​5048) (f9fdaee), closes #​4149
• export Migration Execution API from main package (fixes #​4880) (#​4892) (8f4f908)
• support spatial types of MySQL 8+ (#​4794) (231dadf), closes #​3702

v0.2.20

Compare Source

Bug Fixes

• ensure distinct property is respected cloning query builder (#​4843) (ea17094), closes #​4842
• aurora: apply mysql query fixes to aurora (#​4779) (ee61c51)
• allow EntitySchema to be passed to EntityRepository (#​4884) (652a20e)
• better timestamp comparison (#​4769) (0a13e6a)
• broken database option when using replication, changes introduced by #​4753 (#​4826) (df5479b)
• check for version of MariaDB before extracting COLUMN_DEFAULT (#​4783) (c30b485)
• connection Reuse is broken in a Lambda environment: (#​4804) (7962036)
• FindOptionUtils export (#​4746) (4a62b1c), closes #​4745
• loading of aurora-data-api driver (#​4765) (fbb8947)
• postgres: postgres query runner to create materialized view (#​4877) (d744966)
• migrations run in reverse order for mongodb (#​4702) (2f27581)
• mongodb Cursor.forEach types (#​4759) (fccbe3e)
• Slack invite URL (#​4836) (149af26)

Features

• add name to MigrationInterface (fixes #​3933 and fixes #​2549) (#​4873) (4a73fde)
• add new transaction mode to wrap each migration in transaction (#​4629) (848fb1f)
• add option to Column to specify the complete enumName (#​4824) (d967180)
• add support for cube array for PostgreSQL (#​4848) (154a441)
• implements Sqlite 'WITHOUT ROWID' table modifier (#​4688) (c1342ad), closes #​3330

v0.2.19

Compare Source

Bug Fixes

• "database" option error in driver when use "url" option for connection (690e6f5)
• "hstore injection" & properly handle NULL, empty string, backslashes & quotes in hstore key/value pairs (#​4720) (3abe5b9)
• add SaveOptions and RemoveOptions into ActiveRecord (#​4318) (a6d7ba2)
• apostrophe in Postgres enum strings breaks query (#​4631) (445c740)
• change PrimaryColumn decorator to clone passed options (#​4571) (3cf470d), closes #​4570
• createQueryBuilder relation remove works only if using ID (#​2632) (#​4734) (1d73a90)
• resolve issue with conversion string to simple-json (#​4476) (d1594f5), closes #​4440
• sqlite connections don't ignore the schema property (#​4599) (d8f1c81)
• the excessive stack depth comparing types FindConditions<?> and FindConditions<?> problem (#​4470) (7a0beed)
• views generating broken Migrations (#​4726) (c52b3d2), closes #​4123

Features

• add set datatype support for MySQL/MariaDB (#​4538) (19e2179), closes #​2779
• add materialized View support for Postgres (#​4478) (dacac83), closes #​4317 #​3996
• add mongodb useUnifiedTopology config parameter (#​4684) (92e4270)
• add multi-dimensional cube support for PostgreSQL (#​4378) (b6d6278)
• add options to input init config for sql.js (#​4560) (5c311ed)
• add postgres pool error handler (#​4474) (a925be9)
• add referenced table metadata to NamingStrategy to resolve foreign key name (#​4274) (0094f61), closes #​3847 #​1355
• add support for ON CONFLICT for cockroach (#​4518) (db8074a), closes #​4513
• Added support for DISTINCT queries (#​4109) (39a8e34)
• Aurora Data API (#​4375) (c321562)
• export additional schema builder classes (#​4325) (e589fda)
• log files loaded from glob patterns (#​4346) (e12479e), closes #​4162
• UpdateResult returns affected rows in postgresql (#​4432) (7808bba), closes #​1308

v0.2.18

Compare Source

Bug fixes

• fixed loadRelationCountAndMap when entities' primary keys are strings (#​3946)
• fixed QueryExpressionMap not cloning all values correctly (#​4156)
• fixed transform embeddeds with no columns but with nested embeddeds (mongodb) (#​4131)
• fixed the getMany() result being droped randomly bug when using the buffer as primary key. (#​4220)

Features

• adds typeorm migration:show command (#​4173)
• deprecate column readonly option in favor of update and insert options (#​4035)
• support sql.js v1.0 (#​4104)
• added support for orUpdate in SQLlite (#​4097)
• added support for dirty_read (NOLOCK) in SQLServer (#​4133)
• extend afterLoad() subscriber interface to take LoadEvent (issue #​4185)
• relation decorators (e.g. @OneToMany) now also accept string instead of typeFunction, which prevents circular dependency issues in the frontend/browser (issue #​4190)
• added support for metadata reflection in typeorm-class-transformer-shim.js (issue #​4219)
• added sqlJsConfig to input config when initializing sql.js (issue #​4559)

v0.2.17

Compare Source

Bug fixes

• fixed transform embeddeds with boolean values (mongodb) (#​3900)
• fixed issue with schema inheritance in STI pattern (#​3957)
• revert changes from #​3814 (#​3828)
• fix performance issue when inserting into raw tables with QueryBuilder
  (#​3931)
• sqlite date hydration is susceptible to corruption (#​3949)
• fixed mongodb uniques, support 3 ways to define uniques (#​3986)
• fixed mongodb TTL index (#​4044)

Features

• added deferrable options for foreign keys (postgres) (#​2191)
• added View entity implementation (#​1024). Read more at View entities
• added multiple value transformer support (#​4007)

v0.2.16

Compare Source

Bug fixes

• removed unused parameters from insert, update, delete methods (#​3888)
• fixed: migration generator produces duplicated changes (#​1960)
• fixed: unique constraint not created on embedded entity field (#​3142)
• fixed: FK columns have wrong length when PrimaryGeneratedColumn('uuid') is used (#​3604)
• fixed: column option unique sqlite error (#​3803)
• fixed: 'uuid' in PrimaryGeneratedColumn causes Many-to-Many Relationship to Fail (#​3151)
• fixed: sync enums on schema sync (#​3694)
• fixed: changes in enum type is not reflected when generating migration (in definition file) (#​3244)
• fixed: migration will keep create and drop indexes if index name is the same across tables (#​3379)

Features

• added lock option in FindOptions

v0.2.15

Compare Source

Bug fixes

• fixed bug in connection.dropDatabase method (#​1414)
• fixed "deep relations" not loaded/mapped due to the built-in max length of Postgres (#​3118)
• updated all dependencies
• fixed types issue from #​3725
• removed sql-function-support (() => syntax) in parameters to prevent security considerations
• fix sync schema issue with postgres enum in case capital letters in entity name (#​3536)

Features

• added uuidExtension option to Postgres connection options, which allows TypeORM to use the newer pgcrypto extension to generate UUIDs

v0.2.14

Compare Source

Bug fixes

• fixed migration issue with postgres numeric enum type - change queries are not generated if enum is not modified (#​3587)
• fixed mongodb entity listeners in optional embeddeds (#​3450)
• fixes returning invalid delete result
• reverted lazy loading properties not enumerable feature to fix related bugs

Features

• added CockroachDB support
• added browser entry point to package.json (3583)
• replaced backend-only drivers by dummy driver in browser builds
• added useLocalForage option to Sql.js connection options, which enables asynchronous load and save operations of the datatbase from the indexedDB (#​3554)
• added simple-enum column type (#​1414)

v0.2.13

Compare Source

Bug Fixes

• fixed undefined object id field in case property name is _id (3517)
• allow to use mongodb index options in Index decorator (#​3592)
• fixed entity embeddeds indices in mongodb (#​3585)
• fixed json/jsonb column data types comparison (#​3496)
• fixed increment/decrement value of embedded entity (#​3182)
• fixed missing call transformer.from() in case column is NULL (#​3395)
• fixed signatures of update/insert methods, some find* methods in repositories, entity managers, BaseEntity and QueryBuilders
• handle embedded documents through multiple levels in mongodb (#​3551)
• fixed hanging connections in mssql driver (#​3327)

Features

• Injection 2nd parameter(options) of constructor to ioredis/cluster is now possible(#​3538)

v0.2.12

Compare Source

Bug Fixes

• fixed mongodb entity listeners and subscribers (#​1527)
• fixed connection options builder - paramters parsed from url are assigned on top of options (#​3442)
• fixed issue with logical operator precedence in QueryBuilder whereInIds (#​2103)
• fixed missing isolationLevel in Connection.transaction() method (#​3363)
• fixed broken findOne method with custom join column name
• fixed issue with uuid in mysql (#​3374)
• fixed missing export of Exclusion decorator
• fixed ignored extra options in mongodb driver (#​3403, #​1741)
• fixed signature of root getRepository function to accept EntitySchema<Entity> (#​3402)
• fixed false undefined connection options passed into mongodb client (#​3366)
• fixed ER_DUP_FIELDNAME with simple find (#​3350)

Features

• added tslib to reduce package size (#​3457, #​3458)
• queries are simplified in findByIds and whereInIds for simple entities with single primary key (#​3431)
• added ioredis and ioredis-cluster cache support (#​3289,#​3364)
• added LessThanOrEqual and MoreThanOrEqual find options (#​3373)
• improve support of string, numeric and heterogeneous enums in postgres and mysql (#​3414)
• default value of enum array in postgres is now possible define as typescript array (#​3414)

@​Column({
    type: "enum",
    enum: StringEnum,
    array: true,
    default: [StringEnum.ADMIN]
})
stringEnums: StringEnum[];

Breaking changes

• UpdateQueryBuilder now throw error if update values are not provided or unknown property is passed into .set() method (#​2849,#​3324)

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.