[Security] Bump typeorm from 0.2.16 to 0.2.32 #819

dependabot-preview · 2021-03-31T05:49:48Z

Bumps typeorm from 0.2.16 to 0.2.32.

Changelog

0.2.32 (2021-03-30)

Bug Fixes

aurora-data-api get correct increment primary key for multiple entities inserted (#7434) (fc8af5f), closes #7385

aurora-data-api return number of affected rows in UpdatedResult and DeleteResult (#7433) (46aba1d), closes #7386

RelationLoader load with existing queryRunner (#7471) (2dcb493), closes #5338

Array type default value should not generate SQL commands without change (#7409) (7f06e44)

correctly get referenceColumn value in getEntityValueMap (#7005) (7fe723b), closes #7002

don't transform json(b) column value when computing update changes (#6929) (6be54d4)

empty entity when query with nested relations (#7450) (9abf727), closes #7041 #7041 #7041

fixed all known enum issues (#7419) (724d80b), closes #5371 #6471 #7217 #6047 #7283 #5871 #5729 #5478 #5882 #5275 #2233 #5648 #4897 #6376 #6115

improve EntityManager.save() return type (#7391) (66fbfda)

Only first single quote in comments is escaped (#7514) (e1e9423)

performance issues of RelationId. (#7318) (01a215a), closes #5691

rename a sequence related to generated primary key when a table is renamed (#5406) (25b457f)

resolve issue building tree entities with embeded primary column (#7416) (dc81814), closes #7415

wrong migration generation when column default value is set to null #6950 (#7356) (5a3f9ff)

Features

add check and dry-run to migration generate (#7275) (d6df200), closes #3037 #6978

add option for installing package using CLI (#6889) (3d876c6)

Add support for Access Token Authentication for SQL Server Driver (mssql) (#7477) (e639772)

added socketPath support for replicas in MySQL driver (#7459) (8d7afaf)

allow to pass the given table name as string in RelationDecorators (#7448) (4dbb10e)

implement "FOR UPDATE OF" for postgres driver (#7040) (fde9f07)

introduced a new configuration option "formatOptions.castParameters" to delegate the prepare/hydrate parameters to the driver which will result in casting the parameters to their respective column type (#7483) (7793b3f)

output Javascript Migrations instead of TypeScript (#7294) (b97cc4f)

0.2.31 (2021-02-08)

Bug Fixes

append condition to STI child entity join (#7339) (68bb82e)

avoid regex lookbehind for compatibility (#7270) (063d27f), closes #7026

cache from ENV - add ioredis support (#7332) (5e2117c)

datetime2 rounding in mssql (#7264) (4711a71), closes #3202

escape columns in InsertQueryBuilder.orUpdate (#6316) (ab56e07)

incorrect postgres uuid type in PrimaryGeneratedColumnType (#7298) (2758502)

MariaDB VIRTUAL + [NOT NULL|NULL] error (#7022) (82f2b75), closes #2691

reject nullable primary key columns (#7001) (cdace6e)

resolve issue with find with relations returns soft-deleted entities (#7296) (d7cb338), closes #6265

save does not return id, save does not return generated (#7336) (01a6aee)

Features

enable explicitly inserting IDENTITY values into mssql (#6199) (4abbd46), closes #2199

export all errors (#7006) (56300d8)

option to disable foreign keys creation (#7277) (cb17b95), closes #3120 #3120

... (truncated)

Commits

8c7c655 version bump
e1e9423 fix: Only first single quote in comments is escaped (#7514)
eff43c1 fixed failing test
25b457f fix: rename a sequence related to generated primary key when a table is renam...
9abf727 fix: empty entity when query with nested relations (#7450)
e639772 feat: Add support for Access Token Authentication for SQL Server Driver (mssq...
8d7afaf feat: added socketPath support for replicas in MySQL driver (#7459)
2dcb493 fix: [RelationLoader] load with existing queryRunner (#7471)
46aba1d fix: [aurora-data-api] Return number of affected rows in UpdatedResult and De...
fc8af5f fix: (aurora-data-api) get correct increment primary key for multiple entitie...
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
@dependabot use these labels will set the current labels as the default for future PRs for this repo and language
@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
@dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

Update frequency (including time of day and day of week)
Pull request limits (per update run and/or open at any time)
Automerge options (never/patch/minor, and dev/runtime dependencies)
Out-of-range updates (receive only lockfile updates, if desired)
Security updates (receive only security updates, if desired)

Bumps [typeorm](https://github.com/typeorm/typeorm) from 0.2.16 to 0.2.32. - [Release notes](https://github.com/typeorm/typeorm/releases) - [Changelog](https://github.com/typeorm/typeorm/blob/master/CHANGELOG.md) - [Commits](typeorm/typeorm@0.2.16...0.2.32) Signed-off-by: dependabot-preview[bot] <[email protected]>

dependabot-preview · 2021-05-07T16:50:37Z

We've just been alerted that this update fixes a security vulnerability:

Sourced from The GitHub Security Advisory Database.

SQL Injection and MAID in TypeORM

Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.

Affected versions: ["< 0.2.25"]

dependabot-preview bot added the dependencies Pull requests that update a dependency file label Mar 31, 2021

dependabot-preview bot mentioned this pull request Mar 31, 2021

Bump typeorm from 0.2.16 to 0.2.31 #763

Closed

dependabot-preview bot changed the title ~~Bump typeorm from 0.2.16 to 0.2.32~~ [Security] Bump typeorm from 0.2.16 to 0.2.32 May 7, 2021

dependabot-preview bot added the security Pull requests that address a security vulnerability label May 7, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Security] Bump typeorm from 0.2.16 to 0.2.32 #819

[Security] Bump typeorm from 0.2.16 to 0.2.32 #819

dependabot-preview bot commented Mar 31, 2021

dependabot-preview bot commented May 7, 2021

[Security] Bump typeorm from 0.2.16 to 0.2.32 #819

Are you sure you want to change the base?

[Security] Bump typeorm from 0.2.16 to 0.2.32 #819

Conversation

dependabot-preview bot commented Mar 31, 2021

0.2.32 (2021-03-30)

Bug Fixes

Features

0.2.31 (2021-02-08)

Bug Fixes

Features

dependabot-preview bot commented May 7, 2021