Bump xml2js, @medusajs/medusa and typeorm

[dependabot]

Removes xml2js. It's no longer used after updating ancestor dependencies xml2js, @medusajs/medusa and typeorm. These dependencies need to be updated together.

Removes xml2js

Updates @medusajs/medusa from 1.5.0 to 1.12.0

Release notes

Sourced from @​medusajs/medusa's releases.

v1.12.0

Highlights

Breaking changes In our quest to improve performance, a public method in the PriceSelectionStrategy has been updated to support bulk calculations of variant prices. Specifically, the following signatures have changed:

// Before
calculateVariantPrice(variantId: string, context: PriceSelectionContext): Promise<PriceSelectionResult>

// Now
calculateVariantPrice(data: { variantId: string; quantity?: number; }[], context: PriceSelectionContext): Promise<Map<string, PriceSelectionResult>>

Additionally (non-breaking), the following DB indexes have been added:

idx_money_amount_variant_id ON money_amount (variant_id);
idx_money_amount_region_id ON money_amount (region_id);
idx_product_option_value_variant_id ON product_option_value (variant_id);
idx_product_option_value_option_id ON product_option_value (option_id);
idx_gin_product_title ON product USING gin (title gin_trgm_ops);
idx_gin_product_description ON product USING gin (description gin_trgm_ops);
idx_gin_product_variant_title ON product_variant USING gin (title gin_trgm_ops);
idx_gin_product_variant_sku ON product_variant USING gin (sku gin_trgm_ops);
idx_gin_product_collection ON product_collection USING gin (title gin_trgm_ops);

The packages class-validator and class-transformer have been removed from @medusajs/utils.

The TransactionBaseService has been removed from @medusajs/utils. This class should be imported from @medusajs/medusa.

The utilities build-query, db-aware-column, base-entity, and soft-deletable-entity have been removed from @medusajs/medusa. These should be imported from @medusajs/medusa.

Support for SQLite dropped SQLite support was initially added to reduce friction for developers trying Medusa for the first time. It runs on most operating systems without installation, allowing you to start a Medusa starter without preparing a Postgres database.

Though, as we've added features that use more advanced database concepts, we've seen that SQLite has started to cause more harm than good. And frankly, we've not prioritized maintaining the support, as removing it was always part of our plans. SQLite still allows developers to get started very quickly. However, as soon as you start using our admin system or set up the storefront starter, issues caused by the limitations of SQLite arise. These issues are primarily centered around transaction management. A concept used extensively in our core and poorly supported by SQLite.

Therefore, as of this release, SQLite is no longer supported. The pros simply do not outweigh the cons at this point.

What does this mean for your setup?

In the highly unlikely case that you are using SQLite, this will be a breaking change. So, you'll need to set up Postgres for your Medusa server as part of bumping to this version. You can find a guide in our documentation on how to do this.

If you are not using SQLite, these changes will not affect your setup.

Reservation management With the introduction of our Inventory Module, we added the notion of reservations. Right now, reservations are, from a store administrator perspective, limited to order items and cannot really be used outside the context of an order - unless you consume the API directly.

... (truncated)

Changelog

Sourced from @​medusajs/medusa's changelog.

1.12.0

Minor Changes

• 81eeaa329 Thanks @​olivermrbl! - chore(medusa): Minor bump

Patch Changes

• #4154 0a35f21af Thanks @​pKorsholm! - Feat(medusa,inventory): search inventory items based on title and description

• #4066 4fb443c0e Thanks @​pKorsholm! - feat(medusa,client-types): add location_id filtering to list-location levels

• #4071 0476f5251 Thanks @​pKorsholm! - feaet(medusa): add description to reservation default fields

• #4184 0f87d3d64 Thanks @​olivermrbl! - chore(medusa,admin-ui): Add reservations FF

• #3703 ed382f2ee Thanks @​adrien2p! - feat(medusa): Improve prices flow

• #4174 92f01cefb Thanks @​fPolic! - fix(medusa): fix CSV parsing issues by downgrading the version of the parsing library

• #3956 e3cfbcd4a Thanks @​dwene! - fix(medusa): migrations cli should look for migrations in plugin dist folder

• #4189 6998666c6 Thanks @​olivermrbl! - fix(medusa): Upserting tax rates

• #4094 e2d29d35c Thanks @​juanzgc! - feat(plugins): Pass Config Modules to plugin

• #3979 3a38c84f8 Thanks @​pKorsholm! - feat(client-types, inventory, medusa, types): add additional filtering capabilities to list-reservations

• #4081 4f3c8f5d7 Thanks @​pKorsholm! - feat(medusa,client-types,medusa-js,admin-ui,medusa-react): add reservation table and creation

• #4026 a91987fab Thanks @​olivermrbl! - feat(medusa): Remove sqlite support

• #4130 bf18bd0c8 Thanks @​adrien2p! - feat(medusa): Revert pricing service setVariantPrices API

• #4146 db4199530 Thanks @​fPolic! - chore(medusa, utils, inventory, stock-location): clear deps in the utils package

• Updated dependencies [3a38c84f8, a91987fab, e73c3e51c, db4199530, c0e527d6e]:

  • @​medusajs/types@​1.8.7
  • @​medusajs/medusa-cli@​1.3.15
  • @​medusajs/utils@​1.9.0
  • @​medusajs/modules-sdk@​1.8.7

1.11.0

Minor Changes

• 26963acc0 Thanks @​olivermrbl! - chore: Minor bump @​medusajs/medusa

Patch Changes

... (truncated)

Commits

• 8f8f633 chore: Version Packages (#4114)
• 0f87d3d chore(medusa,admin-ui): Add reservations FF (#4184)
• 6998666 fix(medusa): Upserting tax rates (#4189)
• e3cfbcd fix(medusa): migrations cli should also pull from ${plugin}/dist (#3956)
• db41995 chore(utils): clean util package deps (#4146)
• 92f01ce fix(medusa): downgrade papaparse version (#4174)
• 0a35f21 feat(medusa, inventory): Search inventory items by title and description (#4154)
• 3a38c84 feat(medusa,inventory,types): Expand list-reservation capabilities (#3979)
• 4f3c8f5 feat(admin-ui,medusa): Reservations management (#4081)
• 0476f52 Feat(medusa, admin-ui): Update edit allocation modal (#4071)
• Additional commits viewable in compare view

Updates typeorm from 0.2.45 to 0.3.16

Release notes

Sourced from typeorm's releases.

0.3.16

0.3.16 (2023-05-09)

Bug Fixes

• add trustServerCertificate option to SqlServerConnectionOptions (#9985) (0305805), closes #8093
• add directConnection options to MongoDB connection (#9955) (e0165e7)
• add onDelete option validation for oracle (#9786) (938f94b), closes #9189
• added instanceName to options (#9968) (7c5627f)
• added transaction retry logic in cockroachdb (#10032) (607d6f9)
• allow json as alias for longtext mariadb (#10018) (2a2bb4b)
• convert the join table ID to the referenceColumn ID type (#9887) (9460296)
• correct encode mongodb auth credentials (#10024) (96b7ee4), closes #9885
• create correct children during cascade saving entities with STI (#9034) (06c1e98), closes #7758 #7758 #9033 #9033 #7758 #7758
• express option bug in init command (#10022) (5be20e2)
• for running cli-ts-node-esm use exit code from child process (#10030) (a188b1d), closes #10029
• mongodb typings breaks the browser version (#9962) (99bef49), closes #9959
• RelationIdLoader has access to queryPlanner when wrapped in transaction (#9990) (21a9d67), closes #9988
• resolve duplicate subscriber updated columns (#9958) (3d67901), closes #9948
• select + addOrderBy broke in 0.3.14 (#9961) (0e56f0f), closes #9960
• support More/LessThanOrEqual in relations (#9978) (8795c86)

Features

• mariadb uuid inet4 inet6 column data type support (#9845) (d8a2e37)

Reverts

• "refactor: remove date-fns package (#9634)" (54f4f89)

0.3.15

Bug Fixes

• make cache optional fields optional (#9942) (159c60a)
• prevent unique index identical to primary key (all sql dialects) (#9940) (51eecc2)
• SelectQueryBuilder builds incorrectly escaped alias in Oracle when used on entity with composite key (#9668) (83c6c0e)

Features

• support for the latest mongodb v5 (#9925) (f6a3ce7), closes #7907 #7907

0.3.14

Bug Fixes

• drop xml & yml connection option support. Addresses security issues in underlying dependency (#9930) (7dac12c)

Features

• QueryBuilder performance optimizations (#9914) (12e9db0)

... (truncated)

Changelog

Sourced from typeorm's changelog.

0.3.16 (2023-05-09)

Bug Fixes

• add trustServerCertificate option to SqlServerConnectionOptions (#9985) (0305805), closes #8093
• add directConnection options to MongoDB connection (#9955) (e0165e7)
• add onDelete option validation for oracle (#9786) (938f94b), closes #9189
• added instanceName to options (#9968) (7c5627f)
• added transaction retry logic in cockroachdb (#10032) (607d6f9)
• allow json as alias for longtext mariadb (#10018) (2a2bb4b)
• convert the join table ID to the referenceColumn ID type (#9887) (9460296)
• correct encode mongodb auth credentials (#10024) (96b7ee4), closes #9885
• create correct children during cascade saving entities with STI (#9034) (06c1e98), closes #7758 #7758 #9033 #9033 #7758 #7758
• express option bug in init command (#10022) (5be20e2)
• for running cli-ts-node-esm use exit code from child process (#10030) (a188b1d), closes #10029
• mongodb typings breaks the browser version (#9962) (99bef49), closes #9959
• RelationIdLoader has access to queryPlanner when wrapped in transaction (#9990) (21a9d67), closes #9988
• resolve duplicate subscriber updated columns (#9958) (3d67901), closes #9948
• select + addOrderBy broke in 0.3.14 (#9961) (0e56f0f), closes #9960
• support More/LessThanOrEqual in relations (#9978) (8795c86)

Features

• mariadb uuid inet4 inet6 column data type support (#9845) (d8a2e37)

Reverts

• "refactor: remove date-fns package (#9634)" (54f4f89)

0.3.15 (2023-04-15)

Bug Fixes

• make cache optional fields optional (#9942) (159c60a)
• prevent unique index identical to primary key (all sql dialects) (#9940) (51eecc2)
• SelectQueryBuilder builds incorrectly escaped alias in Oracle when used on entity with composite key (#9668) (83c6c0e)

Features

• support for the latest mongodb v5 (#9925) (f6a3ce7), closes #7907 #7907

0.3.14 (2023-04-09)

Bug Fixes

• drop xml & yml connection option support. Addresses security issues in underlying dependency (#9930) (7dac12c)

Features

... (truncated)

Commits

• abb9079 version bump
• 607d6f9 fix: added transaction retry logic in cockroachdb (#10032)
• 8795c86 fix: support More/LessThanOrEqual in relations (#9978)
• 06c1e98 fix: create correct children during cascade saving entities with STI (#9034)
• 96b7ee4 fix: correct encode mongodb auth credentials (#10024)
• 9460296 fix: convert the join table ID to the referenceColumn ID type (#9887)
• 938f94b fix: add onDelete option validation for oracle (#9786)
• a188b1d fix: for running cli-ts-node-esm use exit code from child process (#10030)
• 7c5627f fix: added instanceName to options (#9968)
• 0305805 fix: add trustServerCertificate option to SqlServerConnectionOptions (#9985)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.