[Security] Bump typeorm from 0.2.24 to 0.2.25

[dependabot-preview]

Bumps typeorm from 0.2.24 to 0.2.25. This update includes a security fix.

Vulnerabilities fixed

Sourced from The GitHub Security Advisory Database.

SQL Injection and MAID in TypeORM Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.

Affected versions: < 0.2.25

Changelog

Sourced from typeorm's changelog.

0.2.25 (2020-05-19)

Bug Fixes

• 'in' clause case for ORACLE (#5345) (8977365)
• calling EntityManager.insert() with an empty array of entities (#5745) (f8c52f3), closes #5734 #5734 #5734
• columns with transformer should be normalized for update (#5700) (4ef6b65), closes #2703
• escape column comment in mysql driver (#6056) (5fc802d)
• expo sqlite driver disconnect() (#6027) (61d59ca)
• HANA - SSL options, column delta detection mechanism (#5938) (2fd0a8a)
• handle URL objects as column field values (#5771) (50a0641), closes #5762 #5762
• insert and update query builder to handle mssql geometry column correctly (#5947) (87cc6f4)
• migrations being generated for FK even if there are no changes (#5869) (416e419)
• multiple assignments to same column on UPDATE #2651 (#5598) (334e17e)
• prevent TypeError when calling bind function with sql.js 1.2.X (#5789) (c6cbddc)
• prototype pollution issue (#6096) (db9d0fa)
• provide a default empty array for parameters. (#5677) (9e8a8cf)
• redundant undefined parameters are not generated in migration files anymore (#5690) (d5cde49)
• replacing instanceof Array checks to Array.isArray because instanceof Array seems to be problematic on some platforms (#5606) (b99b4ad)
• respect database from connection urls (#5640) (ed75d59), closes #2096
• sha.js import (#5728) (8c3f48a)
• Unknown fields are stripped from WHERE clause (issue #3416) (#5603) (215f106)
• update dependency mkdirp to 1.x (#5748) (edeb561)
• update Entity decorator return type to ClassDecorator (#5776) (7d8a1ca)
• use an empty string enum as the type of a primary key column (#6063) (8e0d817), closes #3874
• use correct typings for the result of getUpsertedIds() (#5878) (2ab88c2)
• wrong table name parameter when not using default schema (#5801) (327144a)

Features

• add FOR NO KEY UPDATE lock mode for postgresql (#5971) (360122f)
• add name option to view column (#5962) (3cfcc50), closes #5708
• Add soft remove and recover methods to entity (#5854) (9d2b8e0)
• added support for NOWAIT & SKIP LOCKED in Postgres (#5927) (2c90e1c)
• Aurora Data API - Postgres Support (#5651) (e584297)
• aurora Data API - Support for AWS configuration options through aurora driver (#5754) (1829f96)
• create-column, update-column, version-column column kinds now support user specified values (#5867) (5a2eb30), closes #3271
• names of extra columns for specific tree types moved to NamingStrategy (#5737) (ec3be41)
• PG allow providing a function for password (#5673) (265d1ae)
• update cli migration up and down from any to void (#5630) (76e165d)
• UpdateResult returns affected rows in mysql (#5628) (17f2fff), closes #1308

Performance Improvements

• An optimized version of EntityMetadata#compareIds() for the common case (#5419) (a9bdb37)

Commits

• eaadf20 version bump
• db9d0fa fix: prototype pollution issue (#6096)
• 9c4207e fixed sap issue with dates
• d7256c7 docs: updated link to TS node (#6090)
• 69d3e06 removed .only
• 7093801 docs: fix typo (#6083)
• 8977365 fix: 'in' clause case for ORACLE (#5345)
• a9bdb37 perf: Optimized version of EntityMetadata#compareIds() for the common case (#...
• 4ef6b65 fix: columns with transformer should be normalized for update (#5700)
• 215f106 fix: Unknown fields are stripped from WHERE clause (issue #3416) (#5603)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)