* chore: bump sha.js from 2.4.11 to 2.4.12 (fix security issue: CVE-2025-9288)
* test: add unit tests for hash() to ensure sha.js upgrade compatibility
- Verify SHA1 output for known inputs
- Test truncation with options.length
- Handle empty string input
- Confirm deterministic behavior for identical inputs
* removed .only from test/unit/util/string-utils.ts to run all the unit tests
* fix(hash): ensure negative or zero options.length returns full hash
- Updated hash() to only truncate when options.length > 0
- Prevents accidental truncation when options.length is negative
- Maintains expected behavior for full-length hash
* added strict +ve number input validation for hash()
* simplified the logic to check number len before applying slice() in StringUtils.ts->hash()
---------
Co-authored-by: Prateek Hegde <prateek.hegde@deliverysolutions.co>
Co-authored-by: Prateek Hegde <prateek@Prateeks-MacBook-Pro.local>
* perf: Cache package.json location between invocation
Cache package.json location to improve performance of migrations with a lot of files
Closes: #4136
* refactor: Use map. Move tests to appropriate files
Move tests and use Map instead of object as per review comments
* test: Check number of invocations in test
Change test to assert number of stat and readFile calls
* test: Change assert for CI
Added assertion to make both local and CI work
* Create package.json in test
* Create file only if not existed before
* test: Fix test assertion based on platform
* test: Change package.json type
* ci: Trigger tests
---------
Co-authored-by: Bartlomiej Rutkowski <brutkowski@tilt.app>
* feat: add Redis 5 support to cache implementation
- Add version detection for Redis client to handle API differences
- Support Redis 5 Promise-based API while maintaining backward compatibility
- Update methods to use appropriate API based on Redis version
- Add tests for Redis 5 compatibility
Redis 5 introduced Promise-based API as default, replacing the callback-based
API. This change detects the Redis version and uses the appropriate API calls
to ensure compatibility with Redis 3, 4, and 5.
Closes#11528
* feat: add Redis 5 support to cache implementation
Implement automatic version detection for Redis client libraries to support
Redis 3, 4, and 5 seamlessly. The implementation uses runtime API testing
to determine the appropriate Redis client behavior without breaking existing
functionality.
Changes include:
- Dynamic Redis version detection based on client API characteristics
- Promise-based API support for Redis 5.x
- Backward compatibility with Redis 3.x and 4.x callback-based APIs
- Safe fallback mechanism defaulting to Redis 3 behavior
- Updated peer dependency to include Redis 5.x versions
The cache implementation now automatically adapts to the installed Redis version, ensuring optimal performance and compatibility across all supported Redis client versions while maintaining full backward compatibility.
* fix: delete wrong migration guide
* feat: add package-lock.json
* refactor: optimize Redis client creation to reduce memory usage
Eliminate unnecessary Redis client recreation by using explicit tempClient
variable management, reducing potential client instances while maintaining
full Redis 3/4/5 compatibility and accurate version detection.
* refactor: improve Redis version detection to avoid cache pollution
Replace test key creation method with client method signature analysis
to prevent potential cache pollution and improve performance.
* style: apply Prettier formatting to RedisQueryResultCache.ts
* fix: resolve array modification bug in QueryRunner drop methods
Fix iteration bug in QueryRunner implementations where dropping multiple
database objects (columns, indices, foreign keys, unique constraints) would
skip elements due to in-place array modification during iteration.
The issue occurred when methods like dropColumns(), dropIndices(),
dropForeignKeys(), and dropUniqueConstraints() iterated over arrays while
simultaneously modifying them by removing elements. This caused a classic
"off-by-one" iteration bug where alternate elements would be skipped.
Changes:
- Update all affected QueryRunner drop methods to iterate over a shallow
copy of the input array using [...array] spread syntax
- Add comprehensive regression tests in test/github-issues/11563/
- Test coverage includes all affected drivers: Postgres, MySQL, SQL Server,
Oracle, CockroachDB, Spanner, SAP, and Aurora MySQL
Affected drivers:
- SpannerQueryRunner
- PostgresQueryRunner
- MysqlQueryRunner
- SqlServerQueryRunner
- OracleQueryRunner
- CockroachQueryRunner
- SapQueryRunner
- AuroraMysqlQueryRunner
Closes#11563
* fix: create multiple indices same column
* chore: functional tests instead of github issues
* perf: avoid unnecessary count on getManyAndCount
Skip count query when it can be deduced from the
number of returned rows. This will avoid one round
trip and could be very helpful on pagination when the
limit is not reached.
* chore: update workflows to ignore changes in docs directory
Added paths-ignore configuration to CodeQL, preview, and test workflows to prevent unnecessary runs when only documentation files are modified.
* chore: remove paths-ignore for docs in preview workflow
* fix(postgres): collation not updated in DB when changed in entity
Closes: #8647
* test: issue #8647
* test: add enableDrivers, combine seperated cases
* test: update test name
* test: remove unnecessary characters in test case
* style: fix formatting
* style: fix comments typo
* fix: handle limit(0) and offset(0) correctly in SelectQueryBuilder
- Fix JavaScript falsy value issue where limit(0) was treated as undefined
- Now limit(0) correctly generates 'LIMIT 0' SQL clause instead of being ignored
- Add helper functions hasLimit/hasOffset to distinguish between undefined and 0
- Add comprehensive test cases for zero value handling in limit/offset/take/skip
- Prevents potential security issue where limit(0) returned all records
Fixes potential data exposure when limit(0) was intended to return empty result
* fix: prettier formatting
* test: expand test coverage for LIMIT/OFFSET edge cases and regression prevention
