Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Fix for 36 vulnerabilities #224

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

Omrisnyk
Copy link
Owner

@Omrisnyk Omrisnyk commented Sep 5, 2024

snyk-top-banner

Snyk has created this PR to fix 36 vulnerabilities in the npm dependencies of this project.

Snyk changed the following file(s):

  • package.json
  • package-lock.json

Vulnerabilities that will be fixed with an upgrade:

Issue Score
high severity Code Injection
SNYK-JS-LODASH-1040724
  319  
high severity Prototype Pollution
SNYK-JS-LODASH-567746
  252  
high severity Prototype Pollution
SNYK-JS-LODASH-6139239
  227  
high severity Remote Code Execution (RCE)
SNYK-JS-HANDLEBARS-1056767
  219  
high severity Arbitrary Code Execution
SNYK-JS-HANDLEBARS-534478
  214  
high severity Prototype Pollution
SNYK-JS-LODASH-450202
  202  
high severity Prototype Pollution
SNYK-JS-LODASH-608086
  200  
high severity Remote Memory Exposure
SNYK-JS-BL-608877
  199  
high severity Prototype Pollution
SNYK-JS-LODASH-73638
  199  
critical severity Prototype Pollution
SNYK-JS-HANDLEBARS-534988
  188  
high severity Prototype Pollution
SNYK-JS-Y18N-1021887
  187  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-73639
  177  
high severity Prototype Pollution
SNYK-JS-AJV-584908
  165  
high severity Prototype Poisoning
SNYK-JS-QS-3153490
  162  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-ANSIREGEX-1583908
  159  
high severity Prototype Pollution
SNYK-JS-ASYNC-2441827
  159  
high severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-SEMVER-3247795
  159  
high severity Prototype Pollution
SNYK-JS-SETVALUE-1540541
  158  
high severity Prototype Pollution
SNYK-JS-JSONSCHEMA-1920922
  150  
high severity Prototype Pollution
SNYK-JS-MIXINDEEP-450212
  150  
high severity Prototype Pollution
SNYK-JS-SETVALUE-450213
  150  
medium severity Prototype Pollution
SNYK-JS-HANDLEBARS-1279029
  141  
medium severity Prototype Pollution
SNYK-JS-MINIMIST-559764
  137  
medium severity Prototype Pollution
SNYK-JS-HANDLEBARS-567742
  134  
high severity Denial of Service (DoS)
SNYK-JS-HANDLEBARS-480388
  114  
high severity Prototype Pollution
SNYK-JS-HANDLEBARS-173692
  108  
high severity Prototype Pollution
SNYK-JS-HANDLEBARS-174183
  108  
high severity Prototype Pollution
SNYK-JS-HANDLEBARS-469063
  108  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-LODASH-1018905
  84  
medium severity Prototype Pollution
SNYK-JS-HIGHLIGHTJS-1045326
  72  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HOSTEDGITINFO-1088355
  63  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-PATHPARSE-1077067
  63  
low severity Prototype Pollution
SNYK-JS-MINIMIST-2429795
  59  
low severity Validation Bypass
SNYK-JS-KINDOF-537849
  57  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HIGHLIGHTJS-1048676
  46  
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-UGLIFYJS-1727251
  46  
Release notes
Package name: hbs from hbs GitHub release notes
Package name: mongodb
  • 3.6.6 - 2021-04-06

    The MongoDB Node.js team is pleased to announce version 3.6.6 of the driver

    Release Highlights

    This patch addresses a number of bugs listed below.
    Most notably, for client side encryption users upgrading to this version of the driver along with the new version of mongodb-client-encryption@1.2.3 will alleviate the potential deadlock case if your connection pool was fully utilized. There will now be an internal MongoClient that will be used for metadata look ups (e.g, listCollections) when the pool size is under certain constraints. The events generated from this client are forwarded to the client instance you initialize so it is possible to monitor all events.

    Bug

    • [NODE-2995] - Sharing a MongoClient for metadata lookup can lead to deadlock in drivers using automatic encryption
    • [NODE-3050] - Infinite loop on Windows due to a bug in require_optional package
    • [NODE-3120] - TypeError: Cannot read property 'roundTripTime' of undefined
    • [NODE-3122] - Pipelining an upload stream of GridFSBucket never finishes on Node v14
    • [NODE-3129] - Collection () .. .setReadPreference() not routing query to secondaries
    • [NODE-3133] - autoEncryption produces serverHeartbeatFailed - with MongoError typemismatch

    Improvement

    • [NODE-3070] - Define error handling behavior of writeErrors and writeConcernError on Mongos

    Documentation

    We invite you to try the driver immediately, and report any issues to the NODE project.

    Thanks very much to all the community members who contributed to this release!

  • 3.6.5 - 2021-03-16

    The MongoDB Node.js team is pleased to announce version 3.6.5 of the driver!

    Notable Fixes

    In this patch there is a fix surrounding an issue some users were encountering in serverless environments when using the Unified Topology. If the nodejs process went unused for a great amount of time there was an intermittent issue that would cause startSession to fail, however, issuing a dummy read request would resolve the problem. The session support check is now done after server selection meaning the driver has the most up to date information about the MongoDB deployment before utilizing sessions. We encourage any user's that implemented workarounds to updated their driver and make use of this fix.

    In addition, the previous release of our driver added a warning about an upcoming change in the v4 version of the driver about how users can specify their write concern options. We've updated the driver to use nodejs's process.emitWarning API in nearly all cases where the driver prints something out, as well as limit most warning messages to only be printed once.

    Bug

    • session support detection spec compliance (#2732) (9baec71)
    • [NODE-3100] - startSession fails intermittently on servers that support sessions
    • [NODE-3066] - Accessing non-existent property 'MongoError' of module exports inside circular dependency
    • [NODE-3114] - Incorrect warning: Top-level use of w, wtimeout, j, and fsync is deprecated
    • [NODE-3119] - Node 14.5.4, mongo 3.6.4 Circular warnings
  • 3.6.4 - 2021-02-02

    MongoDB Driver v3.6.4

    The MongoDB Node.js team is pleased to announce version 3.6.4 of the driver

    Release Highlights

    Explain Support

    The full set of $explain verbosity settings are now supported:

    • queryPlanner
    • queryPlannerExtended
    • executionStats
    • allPlansExecution

    In the following commands:

    • aggregate() (MDB 3.0+)
    • find() (MDB 3.0+)
    • remove() (MDB 3.0+)
    • update() (MDB 3.0+)
    • distinct() (MDB 3.2+)
    • findAndModify() (MDB 3.2+)
    • mapReduce() (MDB 4.4+)

    You can get a lot of insight into the performance of a query or optimization using these fine grained reports.
    To learn more about how to use explain read here.

    Direct Connection Issue Revert

    We removed automatic direct connection for the unified topology in the 3.6.3 release of the driver. This change was preparatory for the 4.0 version of the driver, where we'll always perform automatic discovery. To avoid making this kind of change in a patch release, this version restores automatic direct connection when connecting to a single host using the unified topology without a specified replicaSet and without directConnection: false, in line with previous 3.6 releases.

    NOTE: In the next major version the unifiedTopology is the only Topology and it is required to either specify a replicaSet name or enable directConnection in order to connect to single nodes in a replica set.

    Support Azure and GCP keystores in FLE

    There are no functional changes to the driver to support using Azure and GCP keystores but a new mongodb-client-encryption release (v1.2.0) can be found here which prominently features support for these key stores.

    Documentation

    We invite you to try the driver immediately, and report any issues to the NODE project.

    Thanks very much to all the community members who contributed to this release!

    Release Notes

    Bug

    • [NODE-2355] - GridFSBucketWriteStream doesn't implement stream.Writable properly
    • [NODE-2828] - noCursorTimeout does not seem to for find()
    • [NODE-2874] - Setting connectionTimeoutMS to 0 will result in a disconnection every heartbeatFrequencyMS
    • [NODE-2876] - Race condition when resetting server monitor
    • [NODE-2916] - Legacy topology hangs with unlimited socket timeout
    • [NODE-2945] - ignoreUndefined not works on findOneAndUpdate when { upsert: true }
    • [NODE-2965] - MongoClient.readPreference returns "primary" ignoring readPref from connection string
    • [NODE-2966] - Unified topology: server selection fails when trying to connect to a remote replica set with a member whose 'host' attribute resolves to 'localhost'
    • [NODE-2977] - Query parameters with path in connection string not working on windows
    • [NODE-2986] - MongoError: pool destroyed

    Features

    • [NODE-2762] - Comprehensive Support for Explain
    • [NODE-2852] - Add explain support to non-cursor commands
    • [NODE-2853] - Add explain support to cursor-based commands

    Improvement

    • [NODE-1726] - Deprecate Topology events in Db
    • [NODE-2825] - Support Azure and GCP keystores in FLE
    • [NODE-2880] - Improve stack traces in the session leak checker
    • [NODE-2895] - Update AggregateCursor "unwind" method to match the native driver
    • [NODE-2995] - Sharing a MongoClient for metadata lookup can lead to deadlock in drivers using automatic encryption
  • 3.6.3 - 2020-11-06

    The MongoDB Node.js team is pleased to announce version 3.6.3 of the driver

    Release Highlights

    MongoError: not master when running createIndex

    A regression introduced in v3.6.2 meant that createIndex operations would not be executed with a fixed
    primary read preference. This resulted in the driver selecting any server for the operation, which would
    fail if a non-primary was selected.

    Performance issues on AWS Lambda

    The driver periodically monitors members of the replicaset for changes in the topology, but ensures that
    the "monitoring thread" is never woken sooner than 500ms. Measuring this elapsed time depends on a
    stable clock, which is not available to us in some virtualized environments like AWS Lambda. The result
    was that periodically operations would think there were no available servers, and the driver would force
    a wait of heartbeatFrequencyMS (10s by default) before reaching out to servers again for a new
    monitoring check. The internal async interval timer has been improved to account for these environments

    GSSAPI AuthProvider reuses single kerberos client

    A regression introduced in v3.6.0 forced the driver to reuse a single kerberos client for all
    authentication attempts. This would result in incomplete authentication flows, and occaisionally even
    a crash in the kerberos module. The driver has been reverted to creating a kerberos client per
    authentication attempt.

    Performance regression due to use of setImmediate

    A change introduced in v3.6.1 switched all our usage of process.nextTick in the connection pool with
    setImmediate per Node.js core recommendation. This was observed to introduce noticeable latency when the event loop
    was experiencing pressure, so the change was reverted for this release pending further investigation.

    Community Contributions

    • @ jswangjunsheng submitted a fix for a rare scenario when wait queue members time out before connection establishment
    • @ through-a-haze submitted a fix for incorrect construction of an X509 authentication message
    • @ andreialecu helped us indicate peer optional dependencies in our package.json for stricter package managers (pnpm, yarn2)

    Documentation

    Reference: http://mongodb.github.io/node-mongodb-native/3.6/
    API: http://mongodb.github.io/node-mongodb-native/3.6/api/
    Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md

    We invite you to try the driver immediately, and report any issues to the NODE project.

    Thanks very much to all the community members who contributed to this release!

    Release Notes

    Bug

    • [NODE-2172] - Change stream breaks on disconnection when there's something piped into it.
    • [NODE-2784] - MongoError: Not Master when running createIndex in 3.6.0
    • [NODE-2807] - MongoClient.readPreference always returns primary
    • [NODE-2827] - Connecting to single mongos makes driver think it is connected to a standalone
    • [NODE-2829] - MongoDB Driver 3.6+ Performance issues on AWS Lambda
    • [NODE-2835] - Remove default timeout for read operations
    • [NODE-2859] - GSSAPI AuthProvider causing crashes in Compass
    • [NODE-2861] - Performance Regression for usage of mongodb connections (queries, inserts, ...)
    • [NODE-2865] - Connections can be leaked if wait queue members are cancelled
    • [NODE-2869] - Invalid assignment of X509 username makes authentication impossible

    Improvement

    • [NODE-2834] - Remove deprecation of AggregationCursor#geoNear
    • [NODE-2867] - Use peerDependenciesMeta field to mark peer optional dependencies
  • 3.6.2 - 2020-09-10

    The MongoDB Node.js team is pleased to announce version 3.6.2 of the driver

    Release Highlights

    Updated bl dependency due to CVE-2020-8244

    See this link for more details: GHSA-pp7h-53gx-mx7r

    Connection pool wait queue processing is too greedy

    The logic for processing the wait queue in our connection pool ran the risk of
    starving the event loop. Calls to process the wait queue are now wrapped in a
    setImmediate to prevent starvation

    Documentation

    Reference: http://mongodb.github.io/node-mongodb-native/3.6/
    API: http://mongodb.github.io/node-mongodb-native/3.6/api/
    Changelog: https://github.com/mongodb/node-mongodb-native/blob/3.6/HISTORY.md

    We invite you to try the driver immediately, and report any issues to the NODE project.

    Thanks very much to all the community members who contributed to this release!

    Release Notes

    Bug

    • [NODE-2798] - Update version of dependency "bl" due to vulnerability
    • [NODE-2803] - Connection pool wait queue processing is too greedy
  • 3.6.1 - 2020-09-02
  • 3.6.0 - 2020-07-30
  • 3.6.0-beta.0 - 2020-04-14
  • 3.5.11 - 2020-09-10
  • 3.5.10 - 2020-07-30
  • 3.5.9 - 2020-06-12
from mongodb GitHub release notes
Package name: tap
  • 18.0.0 - 2023-09-15
  • 18.0.0-26 - 2023-09-13
  • 18.0.0-25 - 2023-09-10
  • 18.0.0-24 - 2023-09-05
  • 18.0.0-23 - 2023-09-03
  • 18.0.0-22 - 2023-09-01
  • 18.0.0-21 - 2023-08-29
  • 18.0.0-20 - 2023-08-27
  • 18.0.0-19 - 2023-08-21
  • 18.0.0-18 - 2023-08-20
  • 18.0.0-17 - 2023-08-18
  • 18.0.0-16 - 2023-08-17
  • 18.0.0-15 - 2023-08-15
  • 18.0.0-14 - 2023-08-12
  • 18.0.0-13 - 2023-08-09
  • 18.0.0-12 - 2023-08-07
  • 18.0.0-11 - 2023-08-07
  • 18.0.0-10 - 2023-08-07
  • 18.0.0-9 - 2023-08-07
  • 18.0.0-8 - 2023-08-07
  • 18.0.0-7 - 2023-08-07
  • 18.0.0-6 - 2023-08-06
  • 18.0.0-5 - 2023-08-06
  • 18.0.0-4 - 2023-08-04
  • 18.0.0-3 - 2023-08-04
  • 18.0.0-2 - 2023-08-04
  • 18.0.0-1 - 2023-08-04
  • 16.3.10 - 2023-12-15
  • 16.3.9 - 2023-09-27
  • 16.3.8 - 2023-07-30
  • 16.3.7 - 2023-06-22
  • 16.3.6 - 2023-06-04
  • 16.3.5 - 2023-06-04
  • 16.3.4 - 2023-01-16
  • 16.3.3 - 2023-01-09
  • 16.3.2 - 2022-11-16
  • 16.3.1 - 2022-11-13
  • 16.3.0 - 2022-06-17
  • 16.2.0 - 2022-05-04
  • 16.1.0 - 2022-04-25
  • 16.0.1 - 2022-03-22
  • 16.0.0 - 2022-03-05
  • 15.2.3 - 2022-03-05
  • 15.2.2 - 2022-03-05
  • 15.2.1 - 2022-03-05
  • 15.2.0 - 2022-03-05
  • 15.1.6 - 2022-01-04
  • 15.1.5 - 2021-11-26
  • 15.1.4 - 2021-11-26
  • 15.1.3 - 2021-11-26
  • 15.1.2 - 2021-11-18
  • 15.1.1 - 2021-11-17
  • 15.1.0 - 2021-11-16
  • 15.0.10 - 2021-09-21
  • 15.0.9 - 2021-05-07
  • 15.0.8 - 2021-05-07
  • 15.0.7 - 2021-05-06
  • 15.0.6 - 2021-04-29
  • 15.0.5 - 2021-04-24
  • 15.0.4 - 2021-04-20
  • 15.0.3 - 2021-04-20
  • 15.0.2 - 2021-04-05
  • 15.0.1 - 2021-04-01
  • 15.0.0 - 2021-03-31
  • 15.0.0-3 - 2021-03-26
  • 15.0.0-2 - 2021-02-23
  • 15.0.0-1 - 2021-02-18
  • 15.0.0-0 - 2021-02-17
  • 14.11.0 - 2020-11-16
  • 14.10.8 - 2020-07-21
  • 14.10.7 - 2020-03-20
  • 14.10.6 - 2020-01-14
  • 14.10.5 - 2019-12-18
  • 14.10.4 - 2019-12-16
  • 14.10.3 - 2019-12-16
  • 14.10.2 - 2019-11-25
  • 14.10.2-unbundled - 2019-11-26
  • 14.10.2-totally-bundled.1 - 2019-11-27
  • 14.10.2-totally-bundled - 2019-11-27
  • 14.10.1 - 2019-11-21
  • 14.10.0 - 2019-11-21
  • 14.9.2 - 2019-11-06
  • 14.9.1 - 2019-10-30
  • 14.9.0 - 2019-10-30
  • 14.8.3 - 2019-10-30
  • 14.8.2 - 2019-10-22
  • 14.8.1 - 2019-10-22
  • 14.8.0 - 2019-10-21
  • 14.7.3 - 2019-10-20
  • 14.7.2 - 2019-10-18
  • 14.7.1 - 2019-10-16
  • 14.7.0 - 2019-10-14
  • 14.6.9 - 2019-09-30
  • 14.6.8 - 2019-09-30
  • 14.6.7 - 2019-09-29
  • 14.6.6 - 2019-09-29
  • 14.6.5 - 2019-09-23
  • 14.6.4 - 2019-09-15
  • 14.6.3 - 2019-09-15
  • 14.6.2 - 2019-09-10
  • 14.6.1 - 2019-08-04
  • 14.6.0 - 2019-08-04
  • 14.5.0 - 2019-07-28
  • 14.4.3 - 2019-07-22
  • 14.4.2 - 2019-07-17
  • 14.4.1 - 2019-07-03
  • 14.4.0 - 2019-07-02
  • 14.3.1 - 2019-06-25
  • 14.3.0 - 2019-06-25
  • 14.2.5 - 2019-06-22
  • 14.2.4 - 2019-06-19
  • 14.2.3 - 2019-06-14
  • 14.2.2 - 2019-06-05
  • 14.2.1 - 2019-06-04
  • 14.2.0 - 2019-05-28
  • 14.1.11 - 2019-05-24
  • 14.1.10 - 2019-05-23
  • 14.1.9 - 2019-05-23
  • 14.1.8 - 2019-05-23
  • 14.1.7 - 2019-05-22
  • 14.1.6 - 2019-05-22
  • 14.1.5 - 2019-05-22
  • 14.1.4 - 2019-05-22
  • 14.1.3 - 2019-05-21
  • 14.1.2 - 2019-05-21
  • 14.1.1 - 2019-05-20
  • 14.1.0 - 2019-05-20
  • 14.0.0 - 2019-05-18
  • 13.1.11 - 2019-05-17
  • 13.1.10 - 2019-05-17
  • 13.1.9 - 2019-05-14
  • 13.1.8 - 2019-05-11
  • 13.1.7 - 2019-05-10
  • 13.1.6 - 2019-05-09
  • 13.1.5 - 2019-05-08
  • 13.1.4 - 2019-05-08
  • 13.1.3 - 2019-05-08
  • 13.1.2 - 2019-05-01
  • 13.1.1 - 2019-04-29
  • 13.1.0 - 2019-04-28
  • 13.0.4 - 2019-04-27
  • 13.0.3 - 2019-04-26
  • 13.0.1 - 2019-04-26
  • 13.0.0 - 2019-04-26
  • 13.0.0-rc.30 - 2019-04-24
  • 13.0.0-rc.29 - 2019-04-24
  • 13.0.0-rc.28 - 2019-04-24
  • 13.0.0-rc.27 - 2019-04-24
  • 13.0.0-rc.26 - 2019-04-24
  • 13.0.0-rc.25 - 2019-04-20
  • 13.0.0-rc.24 - 2019-04-17
  • 13.0.0-rc.23 - 2019-04-06
  • 13.0.0-rc.22 - 2019-04-06
  • 13.0.0-rc.21 - 2019-04-06
  • 13.0.0-rc.20 - 2019-03-31
  • 13.0.0-rc.19 - 2019-03-29
  • 13.0.0-rc.18 - 2019-03-26
  • 13.0.0-rc.17 - 2019-03-26
  • 13.0.0-rc.16 - 2019-03-25
  • 13.0.0-rc.15 - 2019-03-25
  • 13.0.0-rc.14 - 2019-03-22
  • 13.0.0-rc.13 - 2019-03-22
  • 13.0.0-rc.12 - 2019-03-21
  • 13.0.0-rc.11 - 2019-03-20
  • 13.0.0-rc.10 - 2019-03-18
  • 13.0.0-rc.9 - 2019-03-18
  • 13.0.0-rc.8 - 2019-03-18
  • 13.0.0-rc.7 - 2019-03-17
  • 13.0.0-rc.6 - 2019-03-17
  • 13.0.0-rc.5 - 2019-03-16
  • 13.0.0-rc.4 - 2019-03-16
  • 13.0.0-rc.3 - 2019-03-13
  • 13.0.0-rc.2 - 2019-03-13
  • 13.0.0-rc.1 - 2019-03-11
  • 13.0.0-rc.0 - 2019-03-11
  • 12.7.0 - 2019-04-28
  • 12.6.6 - 2019-04-26
  • 12.6.5 - 2019-04-24
  • 12.6.4 - 2019-04-24
  • 12.6.3 - 2019-04-22
  • 12.6.2 - 2019-04-17
  • 12.6.1 - 2019-03-22
  • 12.6.0 - 2019-03-07
  • 12.5.3 - 2019-02-15
  • 12.5.2 - 2019-02-08
  • 12.5.1 - 2019-02-01
  • 12.5.0 - 2019-01-30
  • 12.4.1 - 2019-01-30
  • 12.4.0 - 2019-01-23
  • 12.3.0 - 2019-01-23
  • 12.2.1 - 2019-01-23
  • 12.2.0 - 2019-01-23
  • 12.1.4 - 2019-01-22
  • 12.1.3 - 2019-01-22
  • 12.1.2 - 2019-01-21
  • 12.1.1 - 2018-12-12
  • 12.1.0 - 2018-11-13
  • 12.0.2 - 2018-11-12
  • 12.0.1 - 2018-05-17
  • 12.0.0 - 2018-05-17
  • 11.1.5 - 2018-05-09
from tap GitHub release notes
Package name: typeorm
  • 0.3.12 - 2023-02-07

    Bug Fixes

    • allow to pass ObjectLiteral in mongo find where condition (#9632) (4eda5df), closes #9518
    • DataSource.setOptions doesn't properly update the database in the drivers (#9635) (a95bed7)
    • Fix grammar error in no migrations found log (#9754) (6fb2121)
    • improved FindOptionsWhere behavior with union types (#9607) (7726f5a)
    • Incorrect enum default value when table name contains dash character (#9685) (b3b0c11)
    • incorrect sorting of entities with multi-inheritances (#9406) (54ca9dd)
    • make sure "require" is defined in the environment (1a9b9fb)
    • materialized hints support for cte (#9605) (67973b4)
    • multiple select queries during db sync in sqlite (#9639) (6c928a4)
    • overriding caching settings when alwaysEnabled is true (#9731) (4df969e)
    • redundant Unique constraint on primary join column in Postgres (#9677) (b8704f8)
    • remove unnecessary .js extension in imports (#9713) (6b37e38)
    • resolve issue with "simple-enum" synchronization in SQLite (#9716) (c77c43e), closes #9715
    • sql expression when where parameter is empty array (#9691) (7df2ccf), closes #9690
    • synchronizing View with schema broken for oracle (#9602) (18b659d)

    Features

  • 0.3.12-dev.ef64bfc - 2023-01-28
  • 0.3.12-dev.defb409 - 2023-01-03
  • 0.3.12-dev.ca315f0 - 2023-02-05
  • 0.3.12-dev.c77c43e - 2023-02-06
  • 0.3.12-dev.c669f50 - 2023-01-28
  • 0.3.12-dev.b97633b - 2022-12-28
  • 0.3.12-dev.b8704f8 - 2023-02-06
  • 0.3.12-dev.ae91c05 - 2022-12-27
  • 0.3.12-dev.adce698 - 2023-02-07
  • 0.3.12-dev.a95bed7 - 2022-12-18
  • 0.3.12-dev.9bd3a64 - 2023-02-07
  • 0.3.12-dev.8668c29 - 2022-12-29
  • 0.3.12-dev.7df2ccf - 2023-02-06
  • 0.3.12-dev.7726f5a - 2023-02-06
  • 0.3.12-dev.74f7f79 - 2023-01-11
  • 0.3.12-dev.6fb2121 - 2023-02-05
  • 0.3.12-dev.6c928a4 - 2022-12-19
  • 0.3.12-dev.67973b4 - 2022-12-29
  • 0.3.12-dev.63ab05f - 2023-02-05
  • 0.3.12-dev.54ca9dd - 2023-02-07
  • 0.3.12-dev.4df969e - 2023-01-28
  • 0.3.12-dev.3e1caf0 - 2023-01-03
  • 0.3.12-dev.1a9b9fb - 2023-02-06
  • 0.3.12-dev.18b659d - 2022-12-29
  • 0.3.12-dev.15a4eb9 - 2022-12-29
  • 0.3.12-dev.12fdd73 - 2023-02-07
  • 0.3.12-dev.0eb7441 - 2023-02-07
  • 0.3.12-dev.0d72317 - 2022-12-03
  • 0.3.12-dev.8731858 - 2023-02-07
  • 0.3.12-dev.8251812 - 2022-12-16
  • 0.3.11 - 2022-12-03

    Fixes

    • boolean parameter escape in SQLiteDriver (#9400) (4a36d0e), closes #1981
    • cacheId not used when loading relations with take (#9469) (93e6b3d)
    • correctly return insertId for react-native (#9554) (97fae63)
    • disable transactionSupport option for CordovaDriver (#9391) (53fad8f)
    • explicitly define property for entity relation as enumerable (#9437) (85fa9c6), closes #6631
    • fix ormUtils prototype check crashing on null prototype (#9517) (19536ed)
    • fixed outdated init command (#9422) (0984307)
    • left instead of inner join for where or + optional relations (#9516) (d490793)
    • Mark array arguments to find operators as read-only (#9474) (6eb674b)
    • pass fake flag to undoLastMigration (#9562) (2458ac7), closes #9561
    • resolve issue with migrations and unsigned int columns in aurora-data-api (#9478) (38e0eff), closes #9477
    • resolve nameless TableForeign on drop foreign key (#9460) (efb4168), closes #9432
    • synchronize with typeorm_metadata table only if needed (#9175) (cdabaa3), closes #9173 #9173 #9173
    • the mpath is incorrect when the parent of the tree entity is null (#9535) (658604d)
    • typings for Repository.extend function (#9396) (f07fb2c)

    Features

The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-LODASH-1040724
- https://snyk.io/vuln/SNYK-JS-LODASH-567746
- https://snyk.io/vuln/SNYK-JS-LODASH-6139239
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1056767
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534478
- https://snyk.io/vuln/SNYK-JS-LODASH-450202
- https://snyk.io/vuln/SNYK-JS-LODASH-608086
- https://snyk.io/vuln/SNYK-JS-BL-608877
- https://snyk.io/vuln/SNYK-JS-LODASH-73638
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-534988
- https://snyk.io/vuln/SNYK-JS-Y18N-1021887
- https://snyk.io/vuln/SNYK-JS-LODASH-73639
- https://snyk.io/vuln/SNYK-JS-AJV-584908
- https://snyk.io/vuln/SNYK-JS-QS-3153490
- https://snyk.io/vuln/SNYK-JS-ANSIREGEX-1583908
- https://snyk.io/vuln/SNYK-JS-ASYNC-2441827
- https://snyk.io/vuln/SNYK-JS-SEMVER-3247795
- https://snyk.io/vuln/SNYK-JS-SETVALUE-1540541
- https://snyk.io/vuln/SNYK-JS-JSONSCHEMA-1920922
- https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212
- https://snyk.io/vuln/SNYK-JS-SETVALUE-450213
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-1279029
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-567742
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-480388
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-174183
- https://snyk.io/vuln/SNYK-JS-HANDLEBARS-469063
- https://snyk.io/vuln/SNYK-JS-LODASH-1018905
- https://snyk.io/vuln/SNYK-JS-HIGHLIGHTJS-1045326
- https://snyk.io/vuln/SNYK-JS-HOSTEDGITINFO-1088355
- https://snyk.io/vuln/SNYK-JS-PATHPARSE-1077067
- https://snyk.io/vuln/SNYK-JS-MINIMIST-2429795
- https://snyk.io/vuln/SNYK-JS-KINDOF-537849
- https://snyk.io/vuln/SNYK-JS-HIGHLIGHTJS-1048676
- https://snyk.io/vuln/SNYK-JS-UGLIFYJS-1727251
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment