[Snyk] Upgrade: dotenv, pg, reflect-metadata, typeorm

[gunelism]

Snyk has created this PR to upgrade multiple dependencies.

👯 The following dependencies are linked and will therefore be updated together.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

Name	Versions	Released on

dotenv
from 16.3.1 to 16.4.5 | 7 versions ahead of your current version | 7 months ago
on 2024-02-20
pg
from 8.11.3 to 8.12.0 | 4 versions ahead of your current version | 3 months ago
on 2024-06-04
reflect-metadata
from 0.1.14 to 0.2.2 | 4 versions ahead of your current version | 6 months ago
on 2024-03-29
typeorm
from 0.3.17 to 0.3.20 | 58 versions ahead of your current version | 8 months ago
on 2024-01-26

Release notes

Package name: dotenv

• 16.4.5 - 2024-02-20
  

  16.4.5

• 16.4.4 - 2024-02-13
  

  16.4.4

• 16.4.3 - 2024-02-12
  

  16.4.3

• 16.4.2 - 2024-02-10
  

  16.4.2

• 16.4.1 - 2024-01-24
  

  16.4.1

• 16.4.0 - 2024-01-23
  

  16.4.0

• 16.3.2 - 2024-01-19
  

  16.3.2

• 16.3.1 - 2023-06-17
  

  16.3.1

from dotenv GitHub release notes

Package name: pg

• 8.12.0 - 2024-06-04
  

  [email protected]

• 8.11.6 - 2024-06-04
  

  [email protected]

• 8.11.5 - 2024-04-02
• 8.11.4 - 2024-03-30
• 8.11.3 - 2023-08-16

from pg GitHub release notes

Package name: reflect-metadata

• 0.2.2 - 2024-03-29
• 0.2.1 - 2023-12-14
  

  What's Changed

  • Fix stack overflow crash in isProviderFor by @ rbuckton in #155
  • Update main to v0.2.1 by @ rbuckton in #156

  Full Changelog: v0.2.0...v0.2.1

• 0.2.0 - 2023-12-13
  

  What's Changed

  • Add /lite and /no-conflict exports by @ rbuckton in #144
  • No dynamic evaluation in /lite mode by @ rbuckton in #149

  Full Changelog: v0.1.14...v0.2.0

• 0.2.0-pre.0 - 2023-12-13
  

  What's Changed

  • Add /lite and /no-conflict exports by @ rbuckton in #144

  Full Changelog: v0.1.14...v0.2.0-pre.0

• 0.1.14 - 2023-12-07
  

  What's Changed

  • Fix variable name by @ amatiasq in #109
  • Bypass webpack process.env inlining by @ rbuckton in c8c06cc

  New Contributors

  • @ amatiasq made their first contribution in #109

  Full Changelog: v0.1.13...v0.1.14

from reflect-metadata GitHub release notes

Package name: typeorm

• 0.3.20 - 2024-01-26
  

  Bug Fixes

  • added missing parentheses in where conditions (#10650) (4624930), closes #10534
  • don't escape indexPredicate (#10618) (dd49a25)
  • fallback runMigrations transaction to DataSourceOptions (#10601) (0cab0dd)
  • hangup when load relations with relationLoadStrategy: query (#10630) (54d8d9e), closes #10481
  • include asExpression columns in returning clause (#10632) (f232ba7), closes #8450 #8450
  • multiple insert in SAP Hana (#10597) (1b34c9a)
  • resolve issue CREATE/DROP Index concurrently (#10634) (8aa8690), closes #10626
  • type inferencing of EntityManager#create (#10569) (99d8249)

  Features

  • add json type support for Oracle (#10611) (7e85460)
  • add postgres multirange column types (#10627) (d0b7670), closes #10556
  • add table comment for postgres (#10613) (4493db4)

  Reverts

  • Revert "fix: prevent using absolute table path in migrations unless required (#10123)" (#10624) (8f371f2), closes #10123 #10624
  • revert "feat: nullable embedded entities (#10289)" (#10614) (15de46f), closes #10289 #10614
• 0.3.20-dev.fa86f6f - 2024-01-03
• 0.3.20-dev.f232ba7 - 2024-01-26
• 0.3.20-dev.dd8c0fd - 2024-01-26
• 0.3.20-dev.d0b7670 - 2024-01-26
• 0.3.20-dev.c22e30f - 2024-01-04
• 0.3.20-dev.8f371f2 - 2024-01-26
• 0.3.20-dev.8ebe769 - 2024-01-26
• 0.3.20-dev.73e3b49 - 2024-01-03
• 0.3.20-dev.62f574b - 2024-01-26
• 0.3.20-dev.54d8d9e - 2024-01-26
• 0.3.20-dev.1b34c9a - 2024-01-26
• 0.3.20-dev.15de46f - 2024-01-08
• 0.3.20-dev.0cab0dd - 2024-01-26
• 0.3.20-dev.4624930 - 2024-01-26
• 0.3.19 - 2024-01-03
  

  Bug Fixes

  • fixed Cannot read properties of undefined (reading 'sync') caused after glob package upgrade
• 0.3.19-dev.633c4e3 - 2024-01-03
• 0.3.18 - 2024-01-03
  

  Bug Fixes

  • add BaseEntity to model-shim (#10503) (3cf938e)
  • add error handling for missing join columns (#10525) (122c897), closes #7034
  • add missing export for View class (#10261) (7adbc9b)
  • added fail callback while opening the database in Cordova (#10566) (8b4df5b)
  • aggregate function throw error when column alias name is set (#10035) (022d2b5), closes #9927
  • backport postgres connection error handling to crdb (#10177) (149226d)
  • bump better-sqlite3 version range (#10452) (75ec8f2)
  • caching always enabled not caching queries (#10524) (8af533f)
  • circular dependency breaking node.js 20.6 (#10344) (ba7ad3c), closes #10338
  • correctly keep query.data from ormOption for commit / rollback subscribers (#10151) (73ee70b)
  • default value in child table/entity column decorator for multiple table inheritance is ignored for inherited columns (#10563) (#10564) (af77a5d)
  • deletedAt column leaking as side effect of object update while creating a row (#10435) (7de4890)
  • empty objects being hydrated when eager loading relations that have a @ VirtualColumn (#10432) (b53e410), closes #10431
  • extend GiST index with range types for Postgres driver (#10572) (a4900ae), closes #10567
  • ignore changes for columns with update: false in persistence (#10250) (f8fa1fd), closes #10249
  • improve helper for cli for commands missing positionals (#10133) (9f8899f)
  • loading datasource unable to process a regular default export (#10184) (201342d), closes #8810
  • logMigration has incorrect logging condition (#10323) (d41930f), closes #10322 #10322
  • ManyToMany ER_DUP_ENTRY error (#10343) (e296063), closes #5704
  • migrations on indexed TIMESTAMP WITH TIME ZONE Oracle columns (#10506) (cf37f13), closes #10493
  • mongodb - undefined is not constructor (#10559) (ad5bf11)
  • mongodb resolves leaked cursor (#10316) (2dc9624), closes #10315
  • mssql datasource testonborrow not affecting anything (#10589) (122b683)
  • nested transactions issues (#10210) (25e6ecd)
  • prevent using absolute table path in migrations unless required (#10123) (dd59524)
  • remove date-fns in favor of DayJs (#10306) (cf7147f)
  • remove dynamic require calls (#10196) (a939654)
  • resolve circular dependency when using Vite (#10273) (080528b)
  • resolve issue building eager relation alias for nested relations (#10004) (c6f608d), closes #9944
  • resolve issue of generating migration for numeric arrays repeatedly (#10471) (39fdcf6), closes #10043
  • resolve issue queryBuilder makes different parameter identifiers for same parameter (#10327) (6c918ea), closes #7308
  • resolve issues on upsert (#10588) (dc1bfed), closes #10587
  • scrub all comment end markers from comments (#10163) (d937f61)
  • serialize bigint when building a query id #10336 (#10337) (bfc1cc5)
  • should automatically cache if alwaysEnable (#10137) (173910e), closes #9910
  • SQLite simple-enum column parsing (#10550) (696e688)
  • update UpdateDateColumn on upsert (#10458) (fdb9866), closes #9015
  • upgrade ts-node version to latest(10.9.1) version (#10143) (fcb9904)
  • using async datasource to configure typeorm (#10170) (fbd45db)

  Features

  • ability to change default replication mode (#10419) (72b1d1b)
  • add concurrent indexes for postgres (#10442) (f4e6eaf)
  • add exists and exists by (#10291) (b6b46fb)
  • add isolated where statements (#10213) (3cda7ec)
  • add MSSQL disableAsciiToUnicodeParamConversion option and tests (#10161) (df7c069), closes #10131
  • add support for mssql server DefaultAzureCredential usage (#10246) (c8ee5b1)
  • add support for table comment in MySQL (#10017) (338df16)
  • allow to use custom type witch extends object type for find where argument (#10475) (48f5f85)
  • BeforeQuery and AfterQuery events (#10234) (5c28154), closes #3302
  • custom STI discriminator value for EntitySchema (#10508) (b240d87), closes #10494
  • enabled CTE for oracle driver (#10319) (65858f3)
  • entityId in InsertEvent (#10540) (ae006af)
  • expose countDocuments in mongodb (#10314) (ebd61d1)
  • exposed entity and criteria properties on EntityNotFoundError (#10202) (bafcd17)
  • implement column comments for SAP HANA (#10502) (45e31cc)
  • implement OR operator (#10086) (a00b1df), closes #10054 #10054 #10054 #10054 #10054 #10054 #10054
  • implement streaming for SAP HANA (#10512) (7e9cead)
  • implements QueryFailedError generic for driverError typing (#10253) (78b2f48)
  • modify repository.extend method for chaining repositories (#10256) (ca29c0f)
  • nullable embedded entities (#10289) (e67d704)
  • support for MongoDB 6.x (#10545) (3647b26)
  • support mssql@10 (#10356) (f6bb671), closes #10340
  • use node-oracledb 6 (#10285) (3af891a), closes #10277
  • user-defined index name for STI discriminator column (#10509) (89c5257), closes #10496

  Performance Improvements

  • improve SapQueryRunner performance (#10198) (f6b87e3)

  BREAKING CHANGES

  • With node-oracledb the thin client is used as default. Added a option to use the thick client. Also added the option to specify the instant client lib
  • MongoDB: from the previous behavior of returning a result with metadata describing when a document is not found.
    See: https://github.com/mongodb/node-mongodb-native/blob/HEAD/etc/notes/CHANGES_6.0.0.md
  • new nullable embeds feature introduced a breaking change which might enforce you to update types on your entities to | null,
    if all columns in your embed entity are nullable. Since database queries now return embedded property as null if all its column values are null.
• 0.3.18-dev.ff6e875 - 2023-07-22
• 0.3.18-dev.fdb9866 - 2023-12-29
• 0.3.18-dev.fbd45db - 2023-08-19
• 0.3.18-dev.f6bb671 - 2023-12-29
• 0.3.18-dev.f6b87e3 - 2023-12-29
• 0.3.18-dev.ebd61d1 - 2023-09-30
• 0.3.18-dev.e72a9da - 2023-08-19
• 0.3.18-dev.e67d704 - 2024-01-02
• 0.3.18-dev.dff2d53 - 2023-07-22
• 0.3.18-dev.dd59524 - 2024-01-02
• 0.3.18-dev.d184d85 - 2023-10-05
• 0.3.18-dev.c8ee5b1 - 2023-08-19
• 0.3.18-dev.c6f608d - 2023-08-19
• 0.3.18-dev.befe4f9 - 2023-09-02
• 0.3.18-dev.b8af97a - 2023-09-30
• 0.3.18-dev.b6b46fb - 2023-12-29
• 0.3.18-dev.b5ec088 - 2024-01-03
• 0.3.18-dev.b240d87 - 2023-12-29
• 0.3.18-dev.ad5bf11 - 2023-12-29
• 0.3.18-dev.aa8d24c - 2023-12-29
• 0.3.18-dev.a939654 - 2023-12-29
• 0.3.18-dev.a909d5b - 2023-07-12
• 0.3.18-dev.a4900ae - 2023-12-29
• 0.3.18-dev.a00b1df - 2024-01-02
• 0.3.18-dev.9471bfc - 2023-09-22
• 0.3.18-dev.8d0e7f9 - 2023-09-30
• 0.3.18-dev.7e9cead - 2023-12-29
• 0.3.18-dev.7adbc9b - 2023-08-19
• 0.3.18-dev.7a58bbf - 2023-12-29
• 0.3.18-dev.6d5b5d9 - 2023-12-29
• 0.3.18-dev.65858f3 - 2023-12-29
• 0.3.18-dev.48f5f85 - 2023-12-29
• 0.3.18-dev.3cf938e - 2023-12-29
• 0.3.18-dev.3cda7ec - 2024-01-02
• 0.3.18-dev.2dc9624 - 2023-12-29
• 0.3.18-dev.173910e - 2024-01-02
• 0.3.18-dev.15bc887 - 2024-01-03
• 0.3.18-dev.122c897 - 2023-12-29
• 0.3.18-dev.0f11739 - 2024-01-02
• 0.3.18-dev.022d2b5 - 2023-08-19
• 0.3.17 - 2023-06-20
  

  Bug Fixes

  • #10040 TypeORM synchronize database even if it is up to date (#10041) (b1a3a39)
  • add missing await (#10084) (f5d4397)

from typeorm GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs