[Snyk] Upgrade typeorm from 0.2.24 to 0.3.24

[DefenderK]

Snyk has created this PR to upgrade typeorm from 0.2.24 to 0.3.24.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 645 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-TYPEORM-590152	504	Mature
	Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	504	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	504	No Known Exploit
	Prototype Pollution SNYK-JS-XML2JS-5414874	504	Proof of Concept

Release notes

Package name: typeorm

• 0.3.24 - 2025-05-14
  

  What's Changed

  • feat: add tagged template for executing raw SQL queries by @ Newbie012 in #11432
  • chore: Add husky and lint-staged by @ maxbronnikov10 in #11448
  • fix: resolve pkg.pr.new issue by @ naorpeled in #11463
  • perf: improve save performance during entities update by @ lotczyk in #11456
  • refactor: remove unused NamingStrategyNotFoundError by @ mguida22 in #11462
  • chore: add note about breaking change in 0.3.23 by @ mguida22 in #11469
  • build: include db version in coveralls flag-name by @ mguida22 in #11461
  • chore: include warning about update({}) in changelog by @ sgarner in #11471
  • feat: add updateAll and deleteAll methods to EntityManager and Repository APIs by @ sgarner in #11459
  • Fix/11466 mssql find operator by @ christian-forgacs in #11468
  • feat(spanner): support insert returning by @ denes in #11460
  • chore: clarify commit practices by @ mguida22 in #11472
  • fix(mssql): avoid mutating input parameter array values by @ sgarner in #11476
  • fix: capacitor driver PRAGMA bug by @ AlexAzartsev in #11467
  • chore: version 0.3.24 by @ mguida22 in #11478

  New Contributors

  • @ denes made their first contribution in #11460
  • @ AlexAzartsev made their first contribution in #11467

  Full Changelog: 0.3.23...0.3.24

• 0.3.24-dev.e9eaf79 - 2025-05-13
• 0.3.24-dev.d325d9e - 2025-05-14
• 0.3.24-dev.c464ff8 - 2025-05-09
• 0.3.24-dev.b8dbca5 - 2025-05-14
• 0.3.24-dev.a6b61f7 - 2025-05-13
• 0.3.24-dev.a213bbd - 2025-05-09
• 0.3.24-dev.9f889b3 - 2025-05-13
• 0.3.24-dev.80e9b30 - 2025-05-07
• 0.3.24-dev.6d1c4f0 - 2025-05-12
• 0.3.24-dev.39a6562 - 2025-05-12
• 0.3.24-dev.15de733 - 2025-05-11
• 0.3.24-dev.144634d - 2025-05-13
• 0.3.24-dev.1198dc2 - 2025-05-12
• 0.3.24-dev.2168441 - 2025-05-11
• 0.3.23 - 2025-05-07
  

  ⚠️ Note on a breaking change

  This release includes a technically breaking change (from this PR) in the behaviour of the delete and update methods of the EntityManager and Repository APIs, when an empty object is supplied as the criteria:

  await repository.delete({})
  await repository.update({}, { foo: 'bar' })

  • Old behaviour was to delete or update all rows in the table
  • New behaviour is to throw an error: Empty criteria(s) are not allowed for the delete/update method.

  Why?

  This behaviour was not documented and is considered dangerous as it can allow a badly-formed object (e.g. with an undefined id) to inadvertently delete or update the whole table.

  When the intention actually was to delete or update all rows, such queries can be rewritten using the QueryBuilder API:

  await repository.createQueryBuilder().delete().execute()
  // executes: DELETE FROM table_name
  await repository.createQueryBuilder().update().set({ foo: 'bar' }).execute()
  // executes: UPDATE table_name SET foo = 'bar'

  An alternative method for deleting all rows is to use:

  await repository.clear()
  // executes: TRUNCATE TABLE table_name

  What's Changed

  • chore: Fix publish command by @ michaelbromley in #11379
  • build(deps): bump tar-fs from 2.1.1 to 2.1.2 by @ dependabot in #11370
  • feat: add new foreign key decorator, and entity schemas options by @ yevhen-komarov in #11144
  • chore: fix changelog generation by @ alumni in #11381
  • feat: Build ESM migrations for JS by @ w3nl in #10802
  • docs(entity-subscribers): document primary key availability in UpdateEvent by @ jovanadjuric in #11308
  • test: remove unused type parameter from decorators by @ mguida22 in #11412
  • feat: Add query timeout support for MySql by @ iliagrvch in #10846
  • Chore: Added logging to the Entity Listener Metadata by @ JackNytely in #11234
  • Propagate aggregate method's generic parameter to its returned cursor by @ pringon in #10754
  • refactor: define Position type for GeoJSON objects by @ knoid in #11259
  • perf(query-runner): use Date.now() intead of +new Date() by @ Samuron in #10811
  • feat: add FormattedConsoleLogger by @ w3nl in #11401
  • docs: update repository additional chunk option usage example by @ knicefire in #11282
  • docs: Correct "its" -> "it's" by @ mdippery in #11428
  • fix: prevent error when replication is undefined by @ caiquecastro in #11423
  • fix: change how array columns are compared on column changed detection by @ mnbaccari in #11269
  • build: setup testing matrix for postgres 14 and 17 by @ mguida22 in #11433
  • fix: beforeQuery promises not awaited before query execution by @ TanguyPoly in #11086
  • fix(sap): cleanup after streaming by @ alumni in #11399
  • feat: release PR releases using pkg.pr.new by @ naorpeled in #11434
  • docs: clarify where to add new tests by @ mguida22 in #11438
  • fix: update/delete/softDelete by criteria of condition objects by @ maxbronnikov10 in #10910
  • chore: Version 0.3.23 by @ michaelbromley in #11439

  New Contributors

  • @ yevhen-komarov made their first contribution in #11144
  • @ w3nl made their first contribution in #10802
  • @ iliagrvch made their first contribution in #10846
  • @ JackNytely made their first contribution in #11234
  • @ pringon made their first contribution in #10754
  • @ knoid made their first contribution in #11259
  • @ Samuron made their first contribution in #10811
  • @ knicefire made their first contribution in #11282
  • @ caiquecastro made their first contribution in #11423
  • @ mnbaccari made their first contribution in #11269
  • @ TanguyPoly made their first contribution in #11086
  • @ maxbronnikov10 made their first contribution in #10910

  Full Changelog: 0.3.22...0.3.23

• 0.3.23-dev.fe71a0c - 2025-04-15
• 0.3.23-dev.fadad1a - 2025-05-01
• 0.3.23-dev.cebd63b - 2025-04-03
• 0.3.23-dev.c15cb07 - 2025-04-05
• 0.3.23-dev.b9ddd14 - 2025-04-25
• 0.3.23-dev.b9842e3 - 2025-04-30
• 0.3.23-dev.b94dfb3 - 2025-05-06
• 0.3.23-dev.a61654e - 2025-04-29
• 0.3.23-dev.9464e65 - 2025-04-30
• 0.3.23-dev.7c5ea99 - 2025-04-04
• 0.3.23-dev.6ebae3b - 2025-04-03
• 0.3.23-dev.6c5668b - 2025-04-03
• 0.3.23-dev.673f065 - 2025-04-15
• 0.3.23-dev.61a6f97 - 2025-04-25
• 0.3.23-dev.56f1898 - 2025-04-15
• 0.3.23-dev.4c8fc3a - 2025-04-16
• 0.3.23-dev.45577df - 2025-04-14
• 0.3.23-dev.3ffeea5 - 2025-05-05
• 0.3.23-dev.274bdf2 - 2025-05-02
• 0.3.23-dev.24a0369 - 2025-04-17
• 0.3.23-dev.184f463 - 2025-04-15
• 0.3.23-dev.055eafd - 2025-04-03
• 0.3.23-dev.04f3d3f - 2025-04-04
• 0.3.22 - 2025-04-03
  

  What's Changed

  • fix: transaction not ending correctly by @ alumni in #11264
  • docs: add "How to use Vite for the backend" entry to faq by @ robkorv in #11306
  • chore: don't use version in docker-compose files by @ assapir in #11320
  • fix(sap): pass the configured schema to the db client by @ alumni in #11321
  • fix(sap): incorrect handling of simple array/json data type by @ alumni in #11322
  • fix: add VirtualColumn to model shim by @ FrancoisDeBellescize in #11331
  • fix: remove unnecessary import from JS migration by @ TkachenkoDmitry in #11327
  • test: rename tests to better describe the case by @ OSA413 in #11280
  • chore(test): set timezone to UTC by @ douglascayers in #11247
  • ci: add CodeQL workflow by @ naorpeled in #11337
  • fix: empty objects being hydrated when eager loading relations that have a @ VirtualColumn by @ alumni in #10927
  • test: fix and run tests on Windows by @ OSA413 in #11257
  • feat(postgres): support macaddr8 column type by @ chkjohn in #11345
  • build: run format in ci by @ mguida22 in #11342
  • style: lint repository by @ alumni in #11346
  • fix: ensure correct MSSQL parameter conversion in where conditions by @ sudhirt4 in #11298
  • chore: update dependencies by @ alumni in #11339
  • fix: FindOptionsSelect to use correct type when property is an object by @ MGB247 in #11355
  • refactor: database server version fetching & comparison by @ alumni in #11357
  • build: improve test workflow by @ alumni in #11361
  • build: setup SAP HANA tests by @ alumni in #11347
  • fix: export QueryEvent before/after types by @ nover in #10688
  • fix: mongodb connection options by @ mohd-akram in #11310
  • feat: Incorporate wrapping metadata for MongoDB client instances by @ alexbevi in #11214
  • fix: bulk insert NULL values in Oracle (#11362) by @ ertl in #11363
  • fix: remove unnecessary spaces in message when running non-fake migrations by @ zyoshoka in #10809
  • fix: sql escape issues identified by CodeQL by @ alumni in #11338
  • fix(sap): normalize deprecated/removed data types in SAP HANA Cloud by @ alumni in #11356
  • fix: version detection for Postgres derived variants by @ alumni in #11375
  • feat: Support Expo SQLite Next by @ pmk1c in #11107
  • docs: add comment explaining select version() by

[DefenderK]

🎉 Snyk checks have passed. No issues have been found so far.

✅ security/snyk check is complete. No issues have been found. (View Details)

✅ license/snyk check is complete. No issues have been found. (View Details)

✅ code/snyk check is complete. No issues have been found. (View Details)