Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Security upgrade typeorm from 0.3.11 to 0.3.18 #27

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

DerekRoberts
Copy link
Member

@DerekRoberts DerekRoberts commented Jan 4, 2024

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • backend/package.json
    • backend/package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 631/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 6.2
Missing Release of Resource after Effective Lifetime
SNYK-JS-INFLIGHT-6095116
No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: typeorm The new version differs by 208 commits.
  • b6ef306 updated glob version
  • b5d2599 build(deps-dev): bump the npm_and_yarn group group with 1 update (#10591)
  • 080528b fix: resolve circular dependency when using Vite (#10273)
  • 338df16 feat: add support for table comment in MySQL (#10017)
  • 15bc887 build: update CircleCI config & repair failing tests (#10590)
  • b5ec088 docs: update Chinese faq.md (#10593)
  • a00b1df feat: implement OR operator (#10086)
  • dd59524 fix: prevent using absolute table path in migrations unless required (#10123)
  • 4329996 docs: update Soft-Delete, Restore-Soft-Delete examples (#10585)
  • 7ecc8f3 docs: updated id to _id (#10584)
  • 8b4df5b fix: added fail callback while opening the database in Cordova (#10566)
  • 173910e fix: should automatically cache if alwaysEnable (#10137)
  • 73ee70b fix: correctly keep query.data from ormOption for commit / rollback subscribers (#10151)
  • e67d704 feat: nullable embedded entities (#10289)
  • 5c28154 feat: BeforeQuery and AfterQuery events (#10234)
  • 0f11739 docs: fix typos (#10243)
  • b188c1e chore: initial setup of ESLint (#10203)
  • 25e6ecd fix: nested transactions issues (#10210)
  • 3cda7ec feat: add isolated where statements (#10213)
  • 149226d fix: backport postgres connection error handling to crdb (#10177)
  • 122b683 fix: mssql datasource testonborrow not affecting anything (#10589)
  • dc1bfed fix: resolve issues on upsert (#10588)
  • a939654 fix: remove dynamic require calls (#10196)
  • f6b87e3 perf: improve SapQueryRunner performance (#10198)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.


Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic


Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.


Thanks for the PR!

Any successful deployments (not always required) will be available below.
Backend available
Frontend available

Once merged, code will be promoted and handed off to following workflow run.
Main Merge Workflow

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants