[Snyk] Security upgrade typeorm from 0.2.24 to 0.3.18

[Omrisnyk]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

• Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
  • package.json
  • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:

Severity	Priority Score (*)	Issue	Breaking Change	Exploit Maturity
	141/1000 Why? Confidentiality impact: None, Integrity impact: None, Availability impact: High, Scope: Unchanged, Exploit Maturity: Proof of Concept, User Interaction (UI): None, Privileges Required (PR): None, Attack Complexity: Low, Attack Vector: Local, EPSS: 0.01055, Social Trends: No, Days since published: 34, Reachable: No, Transitive dependency: Yes, Is Malicious: No, Business Criticality: High, Provider Urgency: Medium, Package Popularity Score: 99, Impact: 5.99, Likelihood: 2.35, Score Version: V5	Missing Release of Resource after Effective Lifetime SNYK-JS-INFLIGHT-6095116	No	Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Release notes

Package name: typeorm

• 0.3.18 - 2024-01-03
  

  Bug Fixes

  • add BaseEntity to model-shim (#10503) (3cf938e)
  • add error handling for missing join columns (#10525) (122c897), closes #7034
  • add missing export for View class (#10261) (7adbc9b)
  • added fail callback while opening the database in Cordova (#10566) (8b4df5b)
  • aggregate function throw error when column alias name is set (#10035) (022d2b5), closes #9927
  • backport postgres connection error handling to crdb (#10177) (149226d)
  • bump better-sqlite3 version range (#10452) (75ec8f2)
  • caching always enabled not caching queries (#10524) (8af533f)
  • circular dependency breaking node.js 20.6 (#10344) (ba7ad3c), closes #10338
  • correctly keep query.data from ormOption for commit / rollback subscribers (#10151) (73ee70b)
  • default value in child table/entity column decorator for multiple table inheritance is ignored for inherited columns (#10563) (#10564) (af77a5d)
  • deletedAt column leaking as side effect of object update while creating a row (#10435) (7de4890)
  • empty objects being hydrated when eager loading relations that have a @ VirtualColumn (#10432) (b53e410), closes #10431
  • extend GiST index with range types for Postgres driver (#10572) (a4900ae), closes #10567
  • ignore changes for columns with update: false in persistence (#10250) (f8fa1fd), closes #10249
  • improve helper for cli for commands missing positionals (#10133) (9f8899f)
  • loading datasource unable to process a regular default export (#10184) (201342d), closes #8810
  • logMigration has incorrect logging condition (#10323) (d41930f), closes #10322 #10322
  • ManyToMany ER_DUP_ENTRY error (#10343) (e296063), closes #5704
  • migrations on indexed TIMESTAMP WITH TIME ZONE Oracle columns (#10506) (cf37f13), closes #10493
  • mongodb - undefined is not constructor (#10559) (ad5bf11)
  • mongodb resolves leaked cursor (#10316) (2dc9624), closes #10315
  • mssql datasource testonborrow not affecting anything (#10589) (122b683)
  • nested transactions issues (#10210) (25e6ecd)
  • prevent using absolute table path in migrations unless required (#10123) (dd59524)
  • remove date-fns in favor of DayJs (#10306) (cf7147f)
  • remove dynamic require calls (#10196) (a939654)
  • resolve circular dependency when using Vite (#10273) (080528b)
  • resolve issue building eager relation alias for nested relations (#10004) (c6f608d), closes #9944
  • resolve issue of generating migration for numeric arrays repeatedly (#10471) (39fdcf6), closes #10043
  • resolve issue queryBuilder makes different parameter identifiers for same parameter (#10327) (6c918ea), closes #7308
  • resolve issues on upsert (#10588) (dc1bfed), closes #10587
  • scrub all comment end markers from comments (#10163) (d937f61)
  • serialize bigint when building a query id #10336 (#10337) (bfc1cc5)
  • should automatically cache if alwaysEnable (#10137) (173910e), closes #9910
  • SQLite simple-enum column parsing (#10550) (696e688)
  • update UpdateDateColumn on upsert (#10458) (fdb9866), closes #9015
  • upgrade ts-node version to latest(10.9.1) version (#10143) (fcb9904)
  • using async datasource to configure typeorm (#10170) (fbd45db)

  Features

  • ability to change default replication mode (#10419) (72b1d1b)
  • add concurrent indexes for postgres (#10442) (f4e6eaf)
  • add exists and exists by (#10291) (b6b46fb)
  • add isolated where statements (#10213) (3cda7ec)
  • add MSSQL disableAsciiToUnicodeParamConversion option and tests (#10161) (df7c069), closes #10131
  • add support for mssql server DefaultAzureCredential usage (#10246) (c8ee5b1)
  • add support for table comment in MySQL (#10017) (338df16)
  • allow to use custom type witch extends object type for find where argument (#10475) (48f5f85)
  • BeforeQuery and AfterQuery events (#10234) (5c28154), closes #3302
  • custom STI discriminator value for EntitySchema (#10508) (b240d87), closes #10494
  • enabled CTE for oracle driver (#10319) (65858f3)
  • entityId in InsertEvent (#10540) (ae006af)
  • expose countDocuments in mongodb (#10314) (ebd61d1)
  • exposed entity and criteria properties on EntityNotFoundError (#10202) (bafcd17)
  • implement column comments for SAP HANA (#10502) (45e31cc)
  • implement OR operator (#10086) (a00b1df), closes #10054 #10054 #10054 #10054 #10054 #10054 #10054
  • implement streaming for SAP HANA (#10512) (7e9cead)
  • implements QueryFailedError generic for driverError typing (#10253) (78b2f48)
  • modify repository.extend method for chaining repositories (#10256) (ca29c0f)
  • nullable embedded entities (#10289) (e67d704)
  • support for MongoDB 6.x (#10545) (3647b26)
  • support mssql@10 (#10356) (f6bb671), closes #10340
  • use node-oracledb 6 (#10285) (3af891a), closes #10277
  • user-defined index name for STI discriminator column (#10509) (89c5257), closes #10496

  Performance Improvements

  • improve SapQueryRunner performance (#10198) (f6b87e3)

  BREAKING CHANGES

  • With node-oracledb the thin client is used as default. Added a option to use the thick client. Also added the option to specify the instant client lib
  • MongoDB: from the previous behavior of returning a result with metadata describing when a document is not found.
    See: https://github.com/mongodb/node-mongodb-native/blob/HEAD/etc/notes/CHANGES_6.0.0.md
  • new nullable embeds feature introduced a breaking change which might enforce you to update types on your entities to | null,
    if all columns in your embed entity are nullable. Since database queries now return embedded property as null if all its column values are null.
• 0.3.18-dev.ff6e875 - 2023-07-22
• 0.3.18-dev.fdb9866 - 2023-12-29
• 0.3.18-dev.fbd45db - 2023-08-19
• 0.3.18-dev.f6bb671 - 2023-12-29
• 0.3.18-dev.f6b87e3 - 2023-12-29
• 0.3.18-dev.ebd61d1 - 2023-09-30
• 0.3.18-dev.e72a9da - 2023-08-19
• 0.3.18-dev.e67d704 - 2024-01-02
• 0.3.18-dev.dff2d53 - 2023-07-22
• 0.3.18-dev.dd59524 - 2024-01-02
• 0.3.18-dev.d184d85 - 2023-10-05
• 0.3.18-dev.c8ee5b1 - 2023-08-19
• 0.3.18-dev.c6f608d - 2023-08-19
• 0.3.18-dev.befe4f9 - 2023-09-02
• 0.3.18-dev.b8af97a - 2023-09-30
• 0.3.18-dev.b6b46fb - 2023-12-29
• 0.3.18-dev.b5ec088 - 2024-01-03
• 0.3.18-dev.b240d87 - 2023-12-29
• 0.3.18-dev.ad5bf11 - 2023-12-29
• 0.3.18-dev.aa8d24c - 2023-12-29
• 0.3.18-dev.a939654 - 2023-12-29
• 0.3.18-dev.a909d5b - 2023-07-12
• 0.3.18-dev.a4900ae - 2023-12-29
• 0.3.18-dev.a00b1df - 2024-01-02
• 0.3.18-dev.9471bfc - 2023-09-22
• 0.3.18-dev.8d0e7f9 - 2023-09-30
• 0.3.18-dev.7e9cead - 2023-12-29
• 0.3.18-dev.7adbc9b - 2023-08-19
• 0.3.18-dev.7a58bbf - 2023-12-29
• 0.3.18-dev.6d5b5d9 - 2023-12-29
• 0.3.18-dev.65858f3 - 2023-12-29
• 0.3.18-dev.48f5f85 - 2023-12-29
• 0.3.18-dev.3cf938e - 2023-12-29
• 0.3.18-dev.3cda7ec - 2024-01-02
• 0.3.18-dev.2dc9624 - 2023-12-29
• 0.3.18-dev.173910e - 2024-01-02
• 0.3.18-dev.15bc887 - 2024-01-03
• 0.3.18-dev.122c897 - 2023-12-29
• 0.3.18-dev.0f11739 - 2024-01-02
• 0.3.18-dev.022d2b5 - 2023-08-19
• 0.3.17 - 2023-06-20
  

  Bug Fixes

  • #10040 TypeORM synchronize database even if it is up to date (#10041) (b1a3a39)
  • add missing await (#10084) (f5d4397)
• 0.3.17-dev.f5d4397 - 2023-06-19
• 0.3.17-dev.d4607a8 - 2023-05-10
• 0.3.17-dev.b1a3a39 - 2023-06-20
• 0.3.17-dev.abb9079 - 2023-05-09
• 0.3.17-dev.7108cc6 - 2023-06-20
• 0.3.16 - 2023-05-09
  

  0.3.16 (2023-05-09)

  Bug Fixes

  • add trustServerCertificate option to SqlServerConnectionOptions (#9985) (0305805), closes #8093
  • add directConnection options to MongoDB connection (#9955) (e0165e7)
  • add onDelete option validation for oracle (#9786) (938f94b), closes #9189
  • added instanceName to options (#9968) (7c5627f)
  • added transaction retry logic in cockroachdb (#10032) (607d6f9)
  • allow json as alias for longtext mariadb (#10018) (2a2bb4b)
  • convert the join table ID to the referenceColumn ID type (#9887) (9460296)
  • correct encode mongodb auth credentials (#10024) (96b7ee4), closes #9885
  • create correct children during cascade saving entities with STI (#9034) (06c1e98), closes #7758 #7758 #9033 #9033 #7758 #7758
  • express option bug in init command (#10022) (5be20e2)
  • for running cli-ts-node-esm use exit code from child process (#10030) (a188b1d), closes #10029
  • mongodb typings breaks the browser version (#9962) (99bef49), closes #9959
  • RelationIdLoader has access to queryPlanner when wrapped in transaction (#9990) (21a9d67), closes #9988
  • resolve duplicate subscriber updated columns (#9958) (3d67901), closes #9948
  • select + addOrderBy broke in 0.3.14 (#9961) (0e56f0f), closes #9960
  • support More/LessThanOrEqual in relations (#9978) (8795c86)

  Features

  • mariadb uuid inet4 inet6 column data type support (#9845) (d8a2e37)

  Reverts

  • "refactor: remove date-fns package (#9634)" (54f4f89)
• 0.3.16-dev.f5b93c1 - 2023-04-18
• 0.3.16-dev.e0165e7 - 2023-04-17
• 0.3.16-dev.d8a2e37 - 2023-04-25
• 0.3.16-dev.b064049 - 2023-04-18
• 0.3.16-dev.a188b1d - 2023-05-09
• 0.3.16-dev.96b7ee4 - 2023-05-09
• 0.3.16-dev.8795c86 - 2023-05-09
• 0.3.16-dev.68aa573 - 2023-04-15
• 0.3.16-dev.54f4f89 - 2023-05-09
• 0.3.16-dev.3d67901 - 2023-04-18
• 0.3.16-dev.2a2bb4b - 2023-05-09
• 0.3.16-dev.21a9d67 - 2023-05-09
• 0.3.16-dev.06c1e98 - 2023-05-09
• 0.3.16-dev.9460296 - 2023-05-09
• 0.3.15 - 2023-04-15
  

  Bug Fixes

  • make cache optional fields optional (#9942) (159c60a)
  • prevent unique index identical to primary key (all sql dialects) (#9940) (51eecc2)
  • SelectQueryBuilder builds incorrectly escaped alias in Oracle when used on entity with composite key (#9668) (83c6c0e)

  Features

  • support for the latest mongodb v5 (#9925) (f6a3ce7), closes #7907 #7907
• 0.3.15-dev.f6a3ce7 - 2023-04-15
• 0.3.15-dev.f1c5662 - 2023-04-15
• 0.3.15-dev.3a72e35 - 2023-04-13
• 0.3.15-dev.115059d - 2023-04-10
• 0.3.14 - 2023-04-09
  

  Bug Fixes

  • drop xml & yml connection option support. Addresses security issues in underlying dependency (#9930) (7dac12c)

  Features

  • QueryBuilder performance optimizations (#9914) (12e9db0)
• 0.3.14-dev.daf1b47 - 2023-04-06
• 0.3.14-dev.0194f17 - 2023-04-06
• 0.3.13 - 2023-04-06
  

  Bug Fixes

  • firstCapital=true not working in camelCase() function (f1330ad)
  • handles "query" relation loading strategy for TreeRepositories (#9680) (a11809e), closes #9673
  • improve EntityNotFound error message in QueryBuilder.findOneOrFail (#9872) (f7f6817)
  • loading tables with fk in sqlite query runner (#9875) (4997da0), closes #9266
  • prevent foreign key support during migration batch under sqlite (#9775) (197cc05), closes #9770
  • proper default value on generating migration when default value is a function calling [Postgres] (#9830) (bebba05)
  • react-native doesn't properly work in ESM projects because of circular dependency (#9765) (099fcd9)
  • resolve issues for mssql migration when simple-enum was changed (cb154d4), closes #7785 #9457 #7785 #9457
  • resolves issue with mssql column recreation (#9773) (07221a3), closes #9399
  • transform values for FindOperators #9381 (#9777) (de1228d), closes #9816
  • use forward slashes when normalizing path (#9768) (58fc088), closes #9766
  • use object create if entity skip constructor is set (#9831) (a868979)

  Features

  • add support for json datatype for sqlite (#9744) (4ac8c00)
  • add support for STI on EntitySchema (#9834) (bc306fb), closes #9833
  • allow type FindOptionsOrderValue for order by object property (#9895) (#9896) (0814970)
  • Broadcast identifier for removed related entities (#9913) (f530811)
  • leftJoinAndMapOne and innerJoinAndMapOne map result to entity (#9354) (947ffc3)
• 0.3.13-dev.f7f6817 - 2023-04-06
• 0.3.13-dev.f7b210b - 2023-04-05
• 0.3.13-dev.f1330ad - 2023-04-06
• 0.3.13-dev.de1228d - 2023-04-06
• 0.3.13-dev.af4f15c - 2023-04-06
• 0.3.13-dev.a868979 - 2023-04-06
• 0.3.13-dev.a11809e - 2023-04-06
• 0.3.13-dev.98f2205 - 2023-04-05
• 0.3.13-dev.97280fc - 2023-04-06
• 0.3.13-dev.58fc088 - 2023-02-09
• 0.3.13-dev.4fa14e3 - 2023-04-05
• 0.3.13-dev.4ac8c00 - 2023-04-06
• 0.3.13-dev.1fcd9f3 - 2023-04-05
• 0.3.13-dev.099fcd9 - 2023-02-08
• 0.3.13-dev.07221a3 - 2023-04-05
• 0.3.13-dev.0619aca - 2023-04-06
• 0.3.12 - 2023-02-07
  

  Bug Fixes

  • allow to pass ObjectLiteral in mongo find where condition (#9632) (4eda5df), closes #9518
  • DataSource.setOptions doesn't properly update the database in the drivers (#9635) (a95bed7)
  • Fix grammar error in no migrations found log (#9754) (6fb2121)
  • improved FindOptionsWhere behavior with union types (#9607) (7726f5a)
  • Incorrect enum default value when table name contains dash character (#9685) (b3b0c11)
  • incorrect sorting of entities with multi-inheritances (#9406) (54ca9dd)
  • make sure "require" is defined in the environment (1a9b9fb)
  • materialized hints support for cte (#9605) (67973b4)
  • multiple select queries during db sync in sqlite (#9639) (6c928a4)
  • overriding caching settings when alwaysEnabled is true (#9731) (4df969e)
  • redundant Unique constraint on primary join column in Postgres (#9677) (b8704f8)
  • remove unnecessary .js extension in imports (#9713) (6b37e38)
  • resolve issue with "simple-enum" synchronization in SQLite (#9716) (c77c43e), closes #9715
  • sql expression when where parameter is empty array (#9691) (7df2ccf), closes #9690
  • synchronizing View with schema broken for oracle (#9602) (18b659d)

  Features

  • add find operator json contains (#9665) (d2f37f6)
  • allow mysql2 v3 as peerDependency (#9747) (6c9010e), closes #9714
  • naming strategy for legacy Oracle (#9703) (0eb7441)
  • support busy_timeout param parameter for sqlite (#9623) (8668c29)
  • support enableWal for the better-sqlite3 driver (#9619) (8731858)
  • support for SQL aggregate functions SUM, AVG, MIN, and MAX to the Repository API (#9737) (7d1f1d6)
  • support time travel queries, upsert, enums, spatial types in cockroachdb (#9128) (defb409), closes #9068 #8532 #8532 #9199
  • update mssql dependency and other dependencies as well (#9763) (4555211)
• 0.3.12-dev.ef64bfc - 2023-01-28
• 0.3.12-dev.defb409 - 2023-01-03
• 0.3.12-dev.ca315f0 - 2023-02-05
• 0.3.12-dev.c77c43e - 2023-02-06
• 0.3.12-dev.c669f50 - 2023-01-28
• 0.3.12-dev.b97633b - 2022-12-28
• 0.3.12-dev.b8704f8 - 2023-02-06
• 0.3.12-dev.ae91c05 - 2022-12-27
• 0.3.12-dev.adce698 - 2023-02-07
• 0.3.12-dev.a95bed7 - 2022-12-18
• 0.3.12-dev.9bd3a64 - 2023-02-07
• 0.3.12-dev.8668c29 - 2022-12-29
• 0.3.12-dev.7df2ccf - 2023-02-06
• 0.3.12-dev.7726f5a - 2023-02-06
• 0.3.12-dev.74f7f79 - 2023-01-11
• 0.3.12-dev.6fb2121 - 2023-02-05
• 0.3.12-dev.6c928a4 - 2022-12-19
• 0.3.12-dev.67973b4 - 2022-12-29
• 0.3.12-dev.63ab05f - 2023-02-05
• 0.3.12-dev.54ca9dd - 2023-02-07
• 0.3.12-dev.4df969e - 2023-01-28
• 0.3.12-dev.3e1caf0 - 2023-01-03
• 0.3.12-dev.1a9b9fb - 2023-02-06
• 0.3.12-dev.18b659d - 2022-12-29
• 0.3.12-dev.15a4eb9 - 2022-12-29
• 0.3.12-dev.12fdd73 - 2023-0...