Skip to content

Conversation

akanchhaS
Copy link
Owner

snyk-top-banner

Snyk has created this PR to upgrade typeorm from 0.2.24 to 0.3.27.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 708 versions ahead of your current version.

  • The recommended version was released 22 days ago.

Issues fixed by the recommended upgrade:

Issue Score Exploit Maturity
medium severity Prototype Pollution
SNYK-JS-XML2JS-5414874
63 Proof of Concept
medium severity Prototype Pollution
SNYK-JS-HIGHLIGHTJS-1045326
63 No Known Exploit
medium severity Regular Expression Denial of Service (ReDoS)
SNYK-JS-HIGHLIGHTJS-1048676
63 No Known Exploit
critical severity Function Call With Incorrect Argument Type
SNYK-JS-SHAJS-12089400
63 Proof of Concept
high severity Prototype Pollution
SNYK-JS-TYPEORM-590152
63 Mature
Release notes
Package name: typeorm
  • 0.3.27 - 2025-09-19

    Note: This release reverts a fix from 0.3.26 (#11114) because it introduced a regression in certain cases.

    Once a fix can be provided which does not have this regression, it will be released in a future patch.

    What's Changed

    New Contributors

    Full Changelog: 0.3.26...0.3.27

  • 0.3.27-dev.fa3cd43 - 2025-09-16
  • 0.3.27-dev.f3c8d2f - 2025-09-12
  • 0.3.27-dev.a49f612 - 2025-09-18
  • 0.3.27-dev.9cdfb20 - 2025-09-09
  • 0.3.27-dev.974ead2 - 2025-09-19
  • 0.3.27-dev.96ea431 - 2025-09-18
  • 0.3.27-dev.93aa5c4 - 2025-09-17
  • 0.3.27-dev.8b76e1a - 2025-09-17
  • 0.3.27-dev.6e92aad - 2025-09-13
  • 0.3.27-dev.6965fa2 - 2025-08-30
  • 0.3.27-dev.6930dab - 2025-08-29
  • 0.3.27-dev.4d204ad - 2025-08-18
  • 0.3.27-dev.3fac86b - 2025-09-17
  • 0.3.27-dev.34d8714 - 2025-09-19
  • 0.3.27-dev.22b26d1 - 2025-08-18
  • 0.3.27-dev.1f90467 - 2025-09-05
  • 0.3.26 - 2025-08-18

    Notes:

    • When using MySQL, TypeORM now connects using stringifyObjects: true, in order to avoid a potential security vulnerability
      in the mysql/mysql2 client libraries. You can revert to the old behavior by setting connectionOptions.extra.stringifyObjects = false.
    • When using SAP HANA, TypeORM now uses the built-in pool from the @ sap/hana-client library. The deprecated hdb-pool
      is no longer necessary and can be removed. See https://typeorm.io/docs/drivers/sap/#data-source-options for the new pool options.

    What's Changed

    New Contributors

    Full Changelog: 0.3.25...0.3.26

  • 0.3.26-dev.f351757 - 2025-07-09
  • 0.3.26-dev.f2d2236 - 2025-06-21
  • 0.3.26-dev.ec26eae - 2025-08-14
  • 0.3.26-dev.d57fe3b - 2025-07-20
  • 0.3.26-dev.d1e3950 - 2025-08-16
  • 0.3.26-dev.bdb8326 - 2025-06-19
  • 0.3.26-dev.aebc7eb - 2025-07-01
  • 0.3.26-dev.abf8863 - 2025-06-21
  • 0.3.26-dev.a4c9dd8 - 2025-07-06
  • 0.3.26-dev.8097d1a - 2025-07-29
  • 0.3.26-dev.70057de - 2025-06-21
  • 0.3.26-dev.6e9f20d - 2025-08-05
  • 0.3.26-dev.66ee307 - 2025-07-04
  • 0.3.26-dev.5904ac3 - 2025-06-23
  • 0.3.26-dev.3c26cf1 - 2025-07-08
  • 0.3.26-dev.23fcde2 - 2025-07-28
  • 0.3.26-dev.1ea3a5e - 2025-07-03
  • 0.3.26-dev.1bcf055 - 2025-06-19
  • 0.3.26-dev.17cf837 - 2025-08-01
  • 0.3.26-dev.1737e97 - 2025-07-08
  • 0.3.26-dev.0b767e8 - 2025-08-16
  • 0.3.26-dev.01dddfe - 2025-06-22
  • 0.3.26-dev.1698313 - 2025-08-16
  • 0.3.25 - 2025-06-19

    What's Changed

    New Contributors

    Full Changelog: 0.3.24...0.3.25

  • 0.3.25-dev.eb3093d - 2025-06-05
  • 0.3.25-dev.ead4f98 - 2025-06-18
  • 0.3.25-dev.ce23d46 - 2025-06-16
  • 0.3.25-dev.b1e93f7 - 2025-06-18
  • 0.3.25-dev.af9ecc0 - 2025-06-17
  • 0.3.25-dev.a9c16ee - 2025-06-05
  • 0.3.25-dev.930eefd - 2025-06-06
  • 0.3.25-dev.86f12c9 - 2025-06-10
  • 0.3.25-dev.65d5a00 - 2025-06-05
  • 0.3.25-dev.63a3b9a - 2025-06-17
  • 0.3.25-dev.61753b1 - 2025-06-05
  • 0.3.25-dev.5003aaa - 2025-05-21
  • 0.3.25-dev.4b0ffee - 2025-06-06
  • 0.3.25-dev.42e7cbe - 2025-06-17
  • 0.3.25-dev.42913b9 - 2025-06-11
  • 0.3.25-dev.413f0a6 - 2025-06-05
  • 0.3.25-dev.2bfa300 - 2025-06-04
  • 0.3.25-dev.24c3e38 - 2025-06-05
  • 0.3.25-dev.12a71e4 - 2025-05-14
  • 0.3.25-dev.07d7913 - 2025-06-04
  • 0.3.25-dev.03faa78 - 2025-06-14
  • 0.3.24 - 2025-05-14

    What's Changed

Snyk has created this PR to upgrade typeorm from 0.2.24 to 0.3.27.

See this package in npm:
typeorm

See this project in Snyk:
https://app.snyk.io/org/panda-co/project/ebfb2282-581e-4b1b-afb0-8a0e07b1b540?utm_source=github&utm_medium=referral&page=upgrade-pr
@akanchhaS
Copy link
Owner Author

akanchhaS commented Oct 11, 2025

Snyk checks have failed. 1 issues have been found so far.

Status Scanner Critical High Medium Low Total (1)
Licenses 0 0 1 0 1 issues
Code Security 0 0 0 0 0 issues
Open Source Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants