Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade typeorm from 0.2.24 to 0.3.20 #111

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

shirlupo
Copy link
Collaborator

This PR was automatically created by Snyk using the credentials of a real user.


![snyk-top-banner](https://github.com/andygongea/OWASP-Benchmark/assets/818805/c518c423-16fe-447e-b67f-ad5a49b5d123)

Snyk has created this PR to upgrade typeorm from 0.2.24 to 0.3.20.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 526 versions ahead of your current version.

  • The recommended version was released 4 months ago, on 2024-01-26.

The recommended version fixes:

Severity Issue PriorityScore (*) Exploit Maturity
Prototype Pollution
SNYK-JS-TYPEORM-590152
290/1000
Why? CVSS 5.8
Mature
Prototype Pollution
SNYK-JS-HIGHLIGHTJS-1045326
290/1000
Why? CVSS 5.8
No Known Exploit
Regular Expression Denial of Service (ReDoS)
SNYK-JS-HIGHLIGHTJS-1048676
290/1000
Why? CVSS 5.8
No Known Exploit
Prototype Pollution
SNYK-JS-XML2JS-5414874
290/1000
Why? CVSS 5.8
Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes
Package name: typeorm
  • 0.3.20 - 2024-01-26

    Bug Fixes

    Features

    Reverts

  • 0.3.20-dev.fa86f6f - 2024-01-03
  • 0.3.20-dev.f232ba7 - 2024-01-26
  • 0.3.20-dev.dd8c0fd - 2024-01-26
  • 0.3.20-dev.d0b7670 - 2024-01-26
  • 0.3.20-dev.c22e30f - 2024-01-04
  • 0.3.20-dev.8f371f2 - 2024-01-26
  • 0.3.20-dev.8ebe769 - 2024-01-26
  • 0.3.20-dev.73e3b49 - 2024-01-03
  • 0.3.20-dev.62f574b - 2024-01-26
  • 0.3.20-dev.54d8d9e - 2024-01-26
  • 0.3.20-dev.1b34c9a - 2024-01-26
  • 0.3.20-dev.15de46f - 2024-01-08
  • 0.3.20-dev.0cab0dd - 2024-01-26
  • 0.3.20-dev.4624930 - 2024-01-26
  • 0.3.19 - 2024-01-03

    Bug Fixes

    • fixed Cannot read properties of undefined (reading 'sync') caused after glob package upgrade
  • 0.3.19-dev.633c4e3 - 2024-01-03
  • 0.3.18 - 2024-01-03

    Bug Fixes

    Features

    Performance Improvements

    BREAKING CHANGES

    • With node-oracledb the thin client is used as default. Added a option to use the thick client. Also added the option to specify the instant client lib
    • MongoDB: from the previous behavior of returning a result with metadata describing when a document is not found.
      See: https://github.com/mongodb/node-mongodb-native/blob/HEAD/etc/notes/CHANGES_6.0.0.md
    • new nullable embeds feature introduced a breaking change which might enforce you to update types on your entities to | null,
      if all columns in your embed entity are nullable. Since database queries now return embedded property as null if all its column values are null.
  • 0.3.18-dev.ff6e875 - 2023-07-22
  • 0.3.18-dev.fdb9866 - 2023-12-29
  • 0.3.18-dev.fbd45db - 2023-08-19
  • 0.3.18-dev.f6bb671 - 2023-12-29
  • 0.3.18-dev.f6b87e3 - 2023-12-29
  • 0.3.18-dev.ebd61d1 - 2023-09-30
  • 0.3.18-dev.e72a9da - 2023-08-19
  • 0.3.18-dev.e67d704 - 2024-01-02
  • 0.3.18-dev.dff2d53 - 2023-07-22
  • 0.3.18-dev.dd59524 - 2024-01-02
  • 0.3.18-dev.d184d85 - 2023-10-05
  • 0.3.18-dev.c8ee5b1 - 2023-08-19
  • 0.3.18-dev.c6f608d - 2023-08-19
  • 0.3.18-dev.befe4f9 - 2023-09-02
  • 0.3.18-dev.b8af97a - 2023-09-30
  • 0.3.18-dev.b6b46fb - 2023-12-29
  • 0.3.18-dev.b5ec088 - 2024-01-03
  • 0.3.18-dev.b240d87 - 2023-12-29
  • 0.3.18-dev.ad5bf11 - 2023-12-29
  • 0.3.18-dev.aa8d24c - 2023-12-29
  • 0.3.18-dev.a939654 - 2023-12-29
  • 0.3.18-dev.a909d5b - 2023-07-12
  • 0.3.18-dev.a4900ae - 2023-12-29
  • 0.3.18-dev.a00b1df - 2024-01-02
  • 0.3.18-dev.9471bfc - 2023-09-22
  • 0.3.18-dev.8d0e7f9 - 2023-09-30
  • 0.3.18-dev.7e9cead - 2023-12-29
  • 0.3.18-dev.7adbc9b - 2023-08-19
  • 0.3.18-dev.7a58bbf - 2023-12-29
  • 0.3.18-dev.6d5b5d9 - 2023-12-29
  • 0.3.18-dev.65858f3 - 2023-12-29
  • 0.3.18-dev.48f5f85 - 2023-12-29
  • 0.3.18-dev.3cf938e - 2023-12-29
  • 0.3.18-dev.3cda7ec - 2024-01-02
  • 0.3.18-dev.2dc9624 - 2023-12-29
  • 0.3.18-dev.173910e - 2024-01-02
  • 0.3.18-dev.15bc887 - 2024-01-03
  • 0.3.18-dev.122c897 - 2023-12-29
  • 0.3.18-dev.0f11739 - 2024-01-02
  • 0.3.18-dev.022d2b5 - 2023-08-19
  • 0.3.17 - 2023-06-20

    Bug Fixes

  • 0.3.17-dev.f5d4397 - 2023-06-19
  • 0.3.17-dev.d4607a8 - 2023-05-10
  • 0.3.17-dev.b1a3a39 - 2023-06-20
  • 0.3.17-dev.abb9079 - 2023-05-09
  • 0.3.17-dev.7108cc6 - 2023-06-20
  • 0.3.16 - 2023-05-09

    0.3.16 (2023-05-09)

    Bug Fixes

    Features

    • mariadb uuid inet4 inet6 column data type support (#9845) (d8a2e37)

    Reverts

  • 0.3.16-dev.f5b93c1 - 2023-04-18
  • 0.3.16-dev.e0165e7 - 2023-04-17
  • 0.3.16-dev.d8a2e37 - 2023-04-25
  • 0.3.16-dev.b064049 - 2023-04-18
  • 0.3.16-dev.a188b1d - 2023-05-09
  • 0.3.16-dev.96b7ee4 - 2023-05-09
  • 0.3.16-dev.8795c86 - 2023-05-09
  • 0.3.16-dev.68aa573 - 2023-04-15
  • 0.3.16-dev.54f4f89 - 2023-05-09
  • 0.3.16-dev.3d67901 - 2023-04-18
  • 0.3.16-dev.2a2bb4b - 2023-05-09
  • 0.3.16-dev.21a9d67 - 2023-05-09
  • 0.3.16-dev.06c1e98 - 2023-05-09
  • 0.3.16-dev.9460296 - 2023-05-09
  • 0.3.15 - 2023-04-15

    Bug Fixes

    • make cache optional fields optional (#9942) (159c60a)
    • prevent unique index identical to primary key (all sql dialects) (#9940) (51eecc2)
    • SelectQueryBuilder builds incorrectly escaped alias in Oracle when used on entity with composite key (#9668) (83c6c0e)

    Features

  • 0.3.15-dev.f6a3ce7 - 2023-04-15
  • 0.3.15-dev.f1c5662 - 2023-04-15
  • 0.3.15-dev.3a72e35 - 2023-04-13
  • 0.3.15-dev.115059d - 2023-04-10
  • 0.3.14 - 2023-04-09

    Bug Fixes

    • drop xml & yml connection option support. Addresses security issues in underlying dependency (#9930) (7dac12c)

    Features

  • 0.3.14-dev.daf1b47 - 2023-04-06
  • 0.3.14-dev.0194f17 - 2023-04-06
  • 0.3.13 - 2023-04-06

    Bug Fixes

    • firstCapital=true not working in camelCase() function (f1330ad)
    • handles "query" relation loading strategy for TreeRepositories (#9680) (a11809e), closes #9673
    • improve EntityNotFound error message in QueryBuilder.findOneOrFail (#9872) (f7f6817)
    • loading tables with fk in sqlite query runner (#9875) (4997da0), closes #9266
    • prevent foreign key support during migration batch under sqlite (#9775) (197cc05), closes #9770
    • proper default value on generating migration when default value is a function calling [Postgres] (#9830) (bebba05)
    • react-native doesn't properly work in ESM projects because of circular dependency (#9765) (099fcd9)
    • resolve issues for mssql migration when simple-enum was changed (cb154d4), closes #7785 #9457 #7785 #9457
    • resolves issue with mssql column recreation (#9773) (07221a3), closes #9399
    • transform values for FindOperators #9381 (#9777) (de1228d), closes #9816
    • use forward slashes when normalizing path (#9768) (58fc088), closes #9766
    • use object create if entity skip constructor is set (#9831) (a868979)

    Features

    • add support for json datatype for sqlite (#9744) (4ac8c00)
    • add support for STI on EntitySchema (#9834) (bc306fb), closes #9833
    • allow type FindOptionsOrderValue for order by object property (#9895) (#9896) (0814970)
    • Broadcast identifier for removed related entities (#9913) (f530811)
    • leftJoinAndMapOne and innerJoinAndMapOne map result to entity (#9354) (947ffc3)
  • 0.3.13-dev.f7f6817 - 2023-04-06
  • 0.3.13-dev.f7b210b - 2023-04-05
  • 0.3.13-dev.f1330ad - 2023-04-06
  • 0.3.13-dev.de1228d - 2023-04-06
  • 0.3.13-dev.af4f15c - 2023-04-06
  • 0.3.13-dev.a868979 - 2023-04-06
  • 0.3.13-dev.a11809e - 2023-04-06
  • 0.3.13-dev.98f2205 - 2023-04-05
  • 0.3.13-dev.97280fc - 2023-04-06
  • 0.3.13-dev.58fc088 - 2023-02-09
  • 0.3.13-dev.4fa14e3 - 2023-04-05
  • 0.3.13-dev.4ac8c00 - 2023-04-06
  • 0.3.13-dev.1fcd9f3 - 2023-04-05
  • 0.3.13-dev.099fcd9 - 2023-02-08
  • 0.3.13-dev.07221a3 - 2023-04-05
  • 0.3.13-dev.0619aca - 2023-04-06
  • 0.3.12 - 2023-02-07

    Bug Fixes

    • allow to pass ObjectLiteral in mongo find where condition (#9632) (4eda5df), closes #9518
    • DataSource.setOptions doesn't properly update the database in the drivers (#9635) (a95bed7)
    • Fix grammar error in no migrations found log (#9754) (6fb2121)
    • improved FindOptionsWhere behavior with union types (#9607) (7726f5a)
    • Incorrect enum default value when table name contains dash character (

Snyk has created this PR to upgrade typeorm from 0.2.24 to 0.3.20.

See this package in npm:
typeorm

See this project in Snyk:
https://app.morganstanley.my.snyk.io/org/snyk-code/project/01166fdf-abdc-4509-bad0-0bdcfc5ab49b?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment