[Snyk] Upgrade typeorm from 0.2.24 to 0.3.27

[akanchhaS]

Snyk has created this PR to upgrade typeorm from 0.2.24 to 0.3.27.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 708 versions ahead of your current version.

• The recommended version was released 2 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	72	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	72	No Known Exploit
	Function Call With Incorrect Argument Type SNYK-JS-SHAJS-12089400	72	Proof of Concept
	Prototype Pollution SNYK-JS-TYPEORM-590152	72	Mature
	SQL Injection SNYK-JS-TYPEORM-13746469	72	Proof of Concept
	Prototype Pollution SNYK-JS-XML2JS-5414874	72	Proof of Concept

Release notes

Package name: typeorm

• 0.3.27 - 2025-09-19
  

  Note: This release reverts a fix from 0.3.26 (#11114) because it introduced a regression in certain cases.

  Once a fix can be provided which does not have this regression, it will be released in a future patch.

  What's Changed

  • perf: Cache package.json location between getNearestPackageJson invocations by @ rutkowskib in #11580
  • feat: allow VirtualColumns to be initially non-selectable by @ alumni in #11586
  • build(deps): bump sha.js from 2.4.11 to 2.4.12 in /sample/playground by @ dependabot[bot] in #11617
  • Add @ signalwire/docusaurus-plugin-llms-txt to TypeORM documentation by @ Copilot in #11622
  • fix: Add package.json exports for react-native by @ macksal in #11623
  • fix(query-builder): don't use lazy count when offset exceeds total in getManyAndCount by @ jeremyteyssedre in #11634
  • chore: bump sha.js from 2.4.11 to 2.4.12 (fix security issue: CVE-2025-9288) by @ prateek-hegde in #11639
  • docs: fix docs for UpdateDateColumn by @ madhugb in #11572
  • build(deps): bump axios from 1.11.0 to 1.12.1 in /docs by @ dependabot[bot] in #11649
  • feat(migration): improve JSDoc types in generated migration templates by @ gwythyr in #11490
  • fix: update tests to reflect migration template changes by @ sgarner in #11653
  • feat(mysql): add support for MySQL 9 / MariaDB 12 by @ alumni in #11575
  • ci: add close stale issues GH action by @ gioboa in #11651
  • feat: add new undefined and null behavior flags by @ naorpeled in #11332
  • feat(postgres): support vector/halfvec data types by @ naorpeled in #11437
  • fix: JSON parsing for mysql2 client library (#8319) by @ dlhck in #11659
  • Revert #11114 do not create junction table metadata when it already exists by @ michaelbromley in #11660
  • chore: Release v0.3.27 by @ michaelbromley in #11661

  New Contributors

  • @ Copilot made their first contribution in #11622
  • @ macksal made their first contribution in #11623
  • @ jeremyteyssedre made their first contribution in #11634
  • @ prateek-hegde made their first contribution in #11639
  • @ madhugb made their first contribution in #11572
  • @ gwythyr made their first contribution in #11490

  Full Changelog: 0.3.26...0.3.27

• 0.3.27-dev.fa3cd43 - 2025-09-16
• 0.3.27-dev.f3c8d2f - 2025-09-12
• 0.3.27-dev.a49f612 - 2025-09-18
• 0.3.27-dev.9cdfb20 - 2025-09-09
• 0.3.27-dev.974ead2 - 2025-09-19
• 0.3.27-dev.96ea431 - 2025-09-18
• 0.3.27-dev.93aa5c4 - 2025-09-17
• 0.3.27-dev.8b76e1a - 2025-09-17
• 0.3.27-dev.6e92aad - 2025-09-13
• 0.3.27-dev.6965fa2 - 2025-08-30
• 0.3.27-dev.6930dab - 2025-08-29
• 0.3.27-dev.4d204ad - 2025-08-18
• 0.3.27-dev.3fac86b - 2025-09-17
• 0.3.27-dev.34d8714 - 2025-09-19
• 0.3.27-dev.22b26d1 - 2025-08-18
• 0.3.27-dev.1f90467 - 2025-09-05
• 0.3.26 - 2025-08-18
  

  Notes:

  • When using MySQL, TypeORM now connects using stringifyObjects: true, in order to avoid a potential security vulnerability
    in the mysql/mysql2 client libraries. You can revert to the old behavior by setting connectionOptions.extra.stringifyObjects = false.
  • When using SAP HANA, TypeORM now uses the built-in pool from the @ sap/hana-client library. The deprecated hdb-pool
    is no longer necessary and can be removed. See https://typeorm.io/docs/drivers/sap/#data-source-options for the new pool options.

  What's Changed

  • chore: Remove manual trigger on publish workflow by @ michaelbromley in #11536
  • test(ci): force mocha to exit on stuck process by @ OSA413 in #11538
  • fix(oracle): pass duplicated parameters correctly to the client when executing a query by @ alumni in #11537
  • feat(sap): add support for REAL_VECTOR and HALF_VECTOR data types in SAP HANA Cloud by @ alumni in #11526
  • fix: add stricter type-checking and improve event loop handling by @ alumni in #11540
  • perf: avoid unnecessary count on getManyAndCount by @ EQuincerot in #11524
  • feat(sap): use the native driver for connection pooling by @ alumni in #11520
  • fix: support for better-sqlite3 v12 by @ mohd-akram in #11557
  • fix: preserve useIndex when cloning a QueryExpressionMap (or a QueryBuilder) by @ kettui in #10679
  • chore: change test badge from test.yml to commit-validation.yml by @ albasyir in #11560
  • fix: do not create junction table metadata when it already exists by @ ragrag in #11114
  • fix(mysql): support AnalyticDB returning version() column name in getVersion() by @ rhydian0x in #11555
  • fix: resolve array modification bug in QueryRunner drop methods #11563 by @ taina0407 in #11564
  • fix(mysql): set stringifyObjects implicitly by @ alumni in #11574
  • docs: separate driver-specific documentation by @ alumni in #11581
  • docs: fix redirect to mongodb page by @ alumni in #11584
  • feat(11528): add Redis 5.x support with backward compatibility wite peer dependency to allow by @ par333k in #11585
  • fix: regtype is not supported in aurora serverless v2 by @ ArsenyYankovsky in #11568
  • fix(platform[web worker]): improve globalThis variable retrieval for … by @ dasoncheng in #11495
  • docs: added @ piying/orm extension to readme by @ wszgrcy in #11596
  • docs: Fix reload option typo by @ radovanovic-stevan in #11601
  • feat: add entity mode virtual-property by @ wszgrcy in #11597
  • chore: Release v0.3.26 by @ michaelbromley in #11602

  New Contributors

  • @ EQuincerot made their first contribution in #11524
  • @ kettui made their first contribution in #10679
  • @ ragrag made their first contribution in #11114
  • @ rhydian0x made their first contribution in #11555
  • @ taina0407 made their first contribution in #11564
  • @ par333k made their first contribution in #11585
  • @ dasoncheng made their first contribution in #11495
  • @ wszgrcy made their first contribution in #11596
  • @ radovanovic-stevan made their first contribution in #11601

  Full Changelog: 0.3.25...0.3.26

• 0.3.26-dev.f351757 - 2025-07-09
• 0.3.26-dev.f2d2236 - 2025-06-21
• 0.3.26-dev.ec26eae - 2025-08-14
• 0.3.26-dev.d57fe3b - 2025-07-20
• 0.3.26-dev.d1e3950 - 2025-08-16
• 0.3.26-dev.bdb8326 - 2025-06-19
• 0.3.26-dev.aebc7eb - 2025-07-01
• 0.3.26-dev.abf8863 - 2025-06-21
• 0.3.26-dev.a4c9dd8 - 2025-07-06
• 0.3.26-dev.8097d1a - 2025-07-29
• 0.3.26-dev.70057de - 2025-06-21
• 0.3.26-dev.6e9f20d - 2025-08-05
• 0.3.26-dev.66ee307 - 2025-07-04
• 0.3.26-dev.5904ac3 - 2025-06-23
• 0.3.26-dev.3c26cf1 - 2025-07-08
• 0.3.26-dev.23fcde2 - 2025-07-28
• 0.3.26-dev.1ea3a5e - 2025-07-03
• 0.3.26-dev.1bcf055 - 2025-06-19
• 0.3.26-dev.17cf837 - 2025-08-01
• 0.3.26-dev.1737e97 - 2025-07-08
• 0.3.26-dev.0b767e8 - 2025-08-16
• 0.3.26-dev.01dddfe - 2025-06-22
• 0.3.26-dev.1698313 - 2025-08-16
• 0.3.25 - 2025-06-19
  

  What's Changed

  • docs: use correct SQL statements in softDelete/restore comments by @ sgarner in #11489
  • fix: resolve alias or table name in upsert and orUpdate for PostgreSQL driver conditionally by @ mmarifat in #11452
  • feat(spanner): use credentials from connection options by @ denes in #11492
  • feat: add upsert support for Oracle, SQLServer and SAP HANA by @ Yuuki-Sakura in #10974
  • fix: handle limit(0) and offset(0) correctly in SelectQueryBuilder by @ yeonghun104 in #11507
  • fix: add collation update detection in PostgresDriver by @ asn6878 in #11441
  • feat: add typesense/docsearch-scraper by @ gioboa in #11424
  • chore: improve linting by @ alumni in #11510
  • chore: improve linting (fixup) by @ alumni in #11511
  • docs: new website initial commit by @ naorpeled in #11408
  • fix: fix up doc search workflow by @ gioboa in #11513
  • chore: update workflows to ignore changes in docs directory by @ dlhck in #11518
  • feat(docs): add Plausible analytics script to Docusaurus config by @ dlhck in #11517
  • docs: add note about using YugabyteDB by @ mguida22 in #11521
  • chore(docs): improve website generation config by @ alumni in #11527
  • fix(tree-entity): closure junction table primary key definition should match parent table by @ gongAll in #11422
  • docs: add heading to Getting Started page by @ sgarner in #11531
  • fix: Multiple relations with same columns cause invalid SQL to be generated by @ yevhen-komarov in #11400
  • fix: fix null pointer exception on date array column comparison by @ mnbaccari in #11532
  • chore(ci): simplify workflows by @ alumni in #11530
  • fix: improve async calls on disconnect by @ alumni in #11523

  New Contributors

  • @ mmarifat made their first contribution in #11452
  • @ yeonghun104 made their first contribution in #11507
  • @ asn6878 made their first contribution in #11441
  • @ gongAll made their first contribution in #11422

  Full Changelog: 0.3.24...0.3.25

• 0.3.25-dev.eb3093d - 2025-06-05
• 0.3.25-dev.ead4f98 - 2025-06-18
• 0.3.25-dev.ce23d46 - 2025-06-16
• 0.3.25-dev.b1e93f7 - 2025-06-18
• 0.3.25-dev.af9ecc0 - 2025-06-17
• 0.3.25-dev.a9c16ee - 2025-06-05
• 0.3.25-dev.930eefd - 2025-06-06
• 0.3.25-dev.86f12c9 - 2025-06-10
• 0.3.25-dev.65d5a00 - 2025-06-05
• 0.3.25-dev.63a3b9a - 2025-06-17
• 0.3.25-dev.61753b1 - 2025-06-05
• 0.3.25-dev.5003aaa - 2025-05-21
• 0.3.25-dev.4b0ffee - 2025-06-06
• 0.3.25-dev.42e7cbe - 2025-06-17
• 0.3.25-dev.42913b9 - 2025-06-11
• 0.3.25-dev.413f0a6 - 2025-06-05
• 0.3.25-dev.2bfa300 - 2025-06-04
• 0.3.25-dev.24c3e38 - 2025-06-05
• 0.3.25-dev.12a71e4 - 2025-05-14
• 0.3.25-dev.07d7913 - 2025-06-04
• 0.3.25-dev.03faa78 - 2025-06-14
• 0.3.24 - 2025-05-14
  

  What's Changed

  • feat: add tagged template for executing raw SQL queries by @ Newbie012 in #11432
  • chore: Add husky and lint-staged by

[akanchhaS]

⛔ Snyk checks have failed. 1 issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (1)
✅	Open Source Security	0	0	0	0	0 issues
⛔	Licenses	0	0	1	0	1 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.