[Snyk] Upgrade typeorm from 0.2.24 to 0.3.25

[DefenderK]

Snyk has created this PR to upgrade typeorm from 0.2.24 to 0.3.25.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 667 versions ahead of your current version.

• The recommended version was released 2 months ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-TYPEORM-590152	290	Mature
	Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	290	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	290	No Known Exploit
	Prototype Pollution SNYK-JS-XML2JS-5414874	290	Proof of Concept

Release notes

Package name: typeorm

• 0.3.25 - 2025-06-19
  

  What's Changed

  • docs: use correct SQL statements in softDelete/restore comments by @ sgarner in #11489
  • fix: resolve alias or table name in upsert and orUpdate for PostgreSQL driver conditionally by @ mmarifat in #11452
  • feat(spanner): use credentials from connection options by @ denes in #11492
  • feat: add upsert support for Oracle, SQLServer and SAP HANA by @ Yuuki-Sakura in #10974
  • fix: handle limit(0) and offset(0) correctly in SelectQueryBuilder by @ yeonghun104 in #11507
  • fix: add collation update detection in PostgresDriver by @ asn6878 in #11441
  • feat: add typesense/docsearch-scraper by @ gioboa in #11424
  • chore: improve linting by @ alumni in #11510
  • chore: improve linting (fixup) by @ alumni in #11511
  • docs: new website initial commit by @ naorpeled in #11408
  • fix: fix up doc search workflow by @ gioboa in #11513
  • chore: update workflows to ignore changes in docs directory by @ dlhck in #11518
  • feat(docs): add Plausible analytics script to Docusaurus config by @ dlhck in #11517
  • docs: add note about using YugabyteDB by @ mguida22 in #11521
  • chore(docs): improve website generation config by @ alumni in #11527
  • fix(tree-entity): closure junction table primary key definition should match parent table by @ gongAll in #11422
  • docs: add heading to Getting Started page by @ sgarner in #11531
  • fix: Multiple relations with same columns cause invalid SQL to be generated by @ yevhen-komarov in #11400
  • fix: fix null pointer exception on date array column comparison by @ mnbaccari in #11532
  • chore(ci): simplify workflows by @ alumni in #11530
  • fix: improve async calls on disconnect by @ alumni in #11523

  New Contributors

  • @ mmarifat made their first contribution in #11452
  • @ yeonghun104 made their first contribution in #11507
  • @ asn6878 made their first contribution in #11441
  • @ gongAll made their first contribution in #11422

  Full Changelog: 0.3.24...0.3.25

• 0.3.25-dev.eb3093d - 2025-06-05
• 0.3.25-dev.ead4f98 - 2025-06-18
• 0.3.25-dev.ce23d46 - 2025-06-16
• 0.3.25-dev.b1e93f7 - 2025-06-18
• 0.3.25-dev.af9ecc0 - 2025-06-17
• 0.3.25-dev.a9c16ee - 2025-06-05
• 0.3.25-dev.930eefd - 2025-06-06
• 0.3.25-dev.86f12c9 - 2025-06-10
• 0.3.25-dev.65d5a00 - 2025-06-05
• 0.3.25-dev.63a3b9a - 2025-06-17
• 0.3.25-dev.61753b1 - 2025-06-05
• 0.3.25-dev.5003aaa - 2025-05-21
• 0.3.25-dev.4b0ffee - 2025-06-06
• 0.3.25-dev.42e7cbe - 2025-06-17
• 0.3.25-dev.42913b9 - 2025-06-11
• 0.3.25-dev.413f0a6 - 2025-06-05
• 0.3.25-dev.2bfa300 - 2025-06-04
• 0.3.25-dev.24c3e38 - 2025-06-05
• 0.3.25-dev.12a71e4 - 2025-05-14
• 0.3.25-dev.07d7913 - 2025-06-04
• 0.3.25-dev.03faa78 - 2025-06-14
• 0.3.24 - 2025-05-14
  

  What's Changed

  • feat: add tagged template for executing raw SQL queries by @ Newbie012 in #11432
  • chore: Add husky and lint-staged by @ maxbronnikov10 in #11448
  • fix: resolve pkg.pr.new issue by @ naorpeled in #11463
  • perf: improve save performance during entities update by @ lotczyk in #11456
  • refactor: remove unused NamingStrategyNotFoundError by @ mguida22 in #11462
  • chore: add note about breaking change in 0.3.23 by @ mguida22 in #11469
  • build: include db version in coveralls flag-name by @ mguida22 in #11461
  • chore: include warning about update({}) in changelog by @ sgarner in #11471
  • feat: add updateAll and deleteAll methods to EntityManager and Repository APIs by @ sgarner in #11459
  • Fix/11466 mssql find operator by @ christian-forgacs in #11468
  • feat(spanner): support insert returning by @ denes in #11460
  • chore: clarify commit practices by @ mguida22 in #11472
  • fix(mssql): avoid mutating input parameter array values by @ sgarner in #11476
  • fix: capacitor driver PRAGMA bug by @ AlexAzartsev in #11467
  • chore: version 0.3.24 by @ mguida22 in #11478

  New Contributors

  • @ denes made their first contribution in #11460
  • @ AlexAzartsev made their first contribution in #11467

  Full Changelog: 0.3.23...0.3.24

• 0.3.24-dev.e9eaf79 - 2025-05-13
• 0.3.24-dev.d325d9e - 2025-05-14
• 0.3.24-dev.c464ff8 - 2025-05-09
• 0.3.24-dev.b8dbca5 - 2025-05-14
• 0.3.24-dev.a6b61f7 - 2025-05-13
• 0.3.24-dev.a213bbd - 2025-05-09
• 0.3.24-dev.9f889b3 - 2025-05-13
• 0.3.24-dev.80e9b30 - 2025-05-07
• 0.3.24-dev.6d1c4f0 - 2025-05-12
• 0.3.24-dev.39a6562 - 2025-05-12
• 0.3.24-dev.15de733 - 2025-05-11
• 0.3.24-dev.144634d - 2025-05-13
• 0.3.24-dev.1198dc2 - 2025-05-12
• 0.3.24-dev.2168441 - 2025-05-11
• 0.3.23 - 2025-05-07
  

  ⚠️ Note on a breaking change

  This release includes a technically breaking change (from this PR) in the behaviour of the delete and update methods of the EntityManager and Repository APIs, when an empty object is supplied as the criteria:

  await repository.delete({})
  await repository.update({}, { foo: 'bar' })

  • Old behaviour was to delete or update all rows in the table
  • New behaviour is to throw an error: Empty criteria(s) are not allowed for the delete/update method.

  Why?

  This behaviour was not documented and is considered dangerous as it can allow a badly-formed object (e.g. with an undefined id) to inadvertently delete or update the whole table.

  When the intention actually was to delete or update all rows, such queries can be rewritten using the QueryBuilder API:

  await repository.createQueryBuilder().delete().execute()
  // executes: DELETE FROM table_name
  await repository.createQueryBuilder().update().set({ foo: 'bar' }).execute()
  // executes: UPDATE table_name SET foo = 'bar'

  An alternative method for deleting all rows is to use:

  await repository.clear()
  // executes: TRUNCATE TABLE table_name

  What's Changed

  • chore: Fix publish command by @ michaelbromley in #11379
  • build(deps): bump tar-fs from 2.1.1 to 2.1.2 by @ dependabot in #11370
  • feat: add new foreign key decorator, and entity schemas options by @ yevhen-komarov in #11144
  • chore: fix changelog generation by @ alumni in #11381
  • feat: Build ESM migrations for JS by @ w3nl in #10802
  • docs(entity-subscribers): document primary key availability in UpdateEvent by @ jovanadjuric in #11308
  • test: remove unused type parameter from decorators by @ mguida22 in #11412
  • feat: Add query timeout support for MySql by @ iliagrvch in #10846
  • Chore: Added logging to the Entity Listener Metadata by @ JackNytely in #11234
  • Propagate aggregate method's generic parameter to its returned cursor by @ pringon in #10754
  • refactor: define Position type for GeoJSON objects by @ knoid in #11259
  • perf(query-runner): use Date.now() intead of +new Date() by @ Samuron in #10811
  • feat: add FormattedConsoleLogger by @ w3nl in #11401
  • docs: update repository additional chunk option usage example by @ knicefire in #11282
  • docs: Correct "its" -> "it's" by @ mdippery in #11428
  • fix: prevent error when replication is undefined by @ caiquecastro in #11423
  • fix: change how array columns are compared on column changed detection by @ mnbaccari in #11269
  • build: setup testing matrix for postgres 14 and 17 by @ mguida22 in #11433
  • fix: beforeQuery promises not awaited before query execution by @ TanguyPoly in #11086
  • fix(sap): cleanup after streaming by @ alumni in #11399
  • feat: release PR releases using pkg.pr.new by @ naorpeled in #11434
  • docs: clarify where to add new tests by @ mguida22 in #11438
  • fix: update/delete/softDelete by criteria of condition objects by @ maxbronnikov10 in #10910
  • chore: Version 0.3.23 by @ michaelbromley in #11439

  New Contributors

  • @ yevhen-komarov made their first contribution in #11144
  • @ w3nl made their first contribution in #10802
  • @ iliagrvch made their first contribution in #10846
  • @ JackNytely made their first contribution in #11234
  • @ pringon made their first contribution in #10754
  • @ knoid made their first contribution in #11259
  • @ Samuron made their first contribution in #10811
  • @ knicefire made their first contribution in #11282
  • @ caiquecastro made their first contribution in #11423
  • @ mnbaccari made their first contribution in #11269
  • @ TanguyPoly made their first contribution in #11086
  • @ maxbronnikov10 made their first contribution in #10910

  Full Changelog: 0.3.22...0.3.23

• 0.3.23-dev.fe71a0c - 2025-04-15
• 0.3.23-dev.fadad1a - 2025-05-01
• 0.3.23-dev.cebd63b - 2025-04-03
• 0.3.23-dev.c15cb07 - 2025-04-05
• 0.3.23-dev.b9ddd14 - 2025-04-25
• 0.3.23-dev.b9842e3 - 2025-04-30
• 0.3.23-dev.b94dfb3 - 2025-05-06
• 0.3.23-dev.a61654e - 2025-04-29
• 0.3.23-dev.9464e65 - 2025-04-30
• 0.3.23-dev.7c5ea99 - 2025-04-04
• 0.3.23-dev.6ebae3b - 2025-04-03
• 0.3.23-dev.6c5668b - 2025-04-03
• 0.3.23-dev.673f065 - 2025-04-15
• 0.3.23-dev.61a6f97 - 2025-04-25
• 0.3.23-dev.56f1898 - 2025-04-15
• 0.3.23-dev.4c8fc3a - 2025-04-16
• 0.3.23-dev.45577df - 2025-04-14
• 0.3.23-dev.3ffeea5 - 2025-05-05
• 0.3.23-dev.274bdf2 - 2025-05-02
• 0.3.23-dev.24a0369 - 2025-04-17
• 0.3.23-dev.184f463 - 2025-04-15
• 0.3.23-dev.055eafd - 2025-04-03
• 0.3.23-dev.04f3d3f - 2025-04-04
• 0.3.22 - 2025-04-03
  

  What's Changed

  • fix: transaction not ending correctly by @ alumni in #11264
  • docs: add "How to use Vite for the backend" entry to faq by @ robkorv in #11306
  • chore: don't use version in docker-compose files by @ assapir in #1...