- added configurable handling for null/undefined in where clauses (ignore, SQL NULL, or throw) across queries, query builders, and repository/entity-manager methods
* chore: bump sha.js from 2.4.11 to 2.4.12 (fix security issue: CVE-2025-9288)
* test: add unit tests for hash() to ensure sha.js upgrade compatibility
- Verify SHA1 output for known inputs
- Test truncation with options.length
- Handle empty string input
- Confirm deterministic behavior for identical inputs
* removed .only from test/unit/util/string-utils.ts to run all the unit tests
* fix(hash): ensure negative or zero options.length returns full hash
- Updated hash() to only truncate when options.length > 0
- Prevents accidental truncation when options.length is negative
- Maintains expected behavior for full-length hash
* added strict +ve number input validation for hash()
* simplified the logic to check number len before applying slice() in StringUtils.ts->hash()
---------
Co-authored-by: Prateek Hegde <prateek.hegde@deliverysolutions.co>
Co-authored-by: Prateek Hegde <prateek@Prateeks-MacBook-Pro.local>
* perf: Cache package.json location between invocation
Cache package.json location to improve performance of migrations with a lot of files
Closes: #4136
* refactor: Use map. Move tests to appropriate files
Move tests and use Map instead of object as per review comments
* test: Check number of invocations in test
Change test to assert number of stat and readFile calls
* test: Change assert for CI
Added assertion to make both local and CI work
* Create package.json in test
* Create file only if not existed before
* test: Fix test assertion based on platform
* test: Change package.json type
* ci: Trigger tests
---------
Co-authored-by: Bartlomiej Rutkowski <brutkowski@tilt.app>
* fix: resolve array modification bug in QueryRunner drop methods
Fix iteration bug in QueryRunner implementations where dropping multiple
database objects (columns, indices, foreign keys, unique constraints) would
skip elements due to in-place array modification during iteration.
The issue occurred when methods like dropColumns(), dropIndices(),
dropForeignKeys(), and dropUniqueConstraints() iterated over arrays while
simultaneously modifying them by removing elements. This caused a classic
"off-by-one" iteration bug where alternate elements would be skipped.
Changes:
- Update all affected QueryRunner drop methods to iterate over a shallow
copy of the input array using [...array] spread syntax
- Add comprehensive regression tests in test/github-issues/11563/
- Test coverage includes all affected drivers: Postgres, MySQL, SQL Server,
Oracle, CockroachDB, Spanner, SAP, and Aurora MySQL
Affected drivers:
- SpannerQueryRunner
- PostgresQueryRunner
- MysqlQueryRunner
- SqlServerQueryRunner
- OracleQueryRunner
- CockroachQueryRunner
- SapQueryRunner
- AuroraMysqlQueryRunner
Closes#11563
* fix: create multiple indices same column
* chore: functional tests instead of github issues
* perf: avoid unnecessary count on getManyAndCount
Skip count query when it can be deduced from the
number of returned rows. This will avoid one round
trip and could be very helpful on pagination when the
limit is not reached.
* fix(postgres): collation not updated in DB when changed in entity
Closes: #8647
* test: issue #8647
* test: add enableDrivers, combine seperated cases
* test: update test name
* test: remove unnecessary characters in test case
* style: fix formatting
* style: fix comments typo
* fix: handle limit(0) and offset(0) correctly in SelectQueryBuilder
- Fix JavaScript falsy value issue where limit(0) was treated as undefined
- Now limit(0) correctly generates 'LIMIT 0' SQL clause instead of being ignored
- Add helper functions hasLimit/hasOffset to distinguish between undefined and 0
- Add comprehensive test cases for zero value handling in limit/offset/take/skip
- Prevents potential security issue where limit(0) returned all records
Fixes potential data exposure when limit(0) was intended to return empty result
* fix: prettier formatting
* test: expand test coverage for LIMIT/OFFSET edge cases and regression prevention
* fix: resolve regression in upsert and orUpdate for PostgreSQL driver
This fix addresses a regression introduced in
pull request #11082 by ensuring correct handling of alias names and table names when they are equal or distinct when entities use schema
Closes: #11440
* style: code formatted
* chore: run tests by running through all the drivers
* chore: set enabledDrivers as postgres
* chore: added postgres family members as enabled drivers
* chore: accepted suggestion to remove extra comments
Co-authored-by: Mike Guida <mike@mguida.com>
---------
Co-authored-by: Mike Guida <mike@mguida.com>
* chore: enable driver `mssql` for test of issue #3113
* chore: add test case for #11298 to issue #11285 to prevent functionality of #11285
* fix: unhandled find operator with array value for mssql (#11466)
* fixup! fix: unhandled find operator with array value for mssql (#11466)
* Revert "chore: enable driver `mssql` for test of issue #3113"
This reverts commit a302d63eeac5892e920d97705b4230414ef81e6d.
* fixup! chore: add test case for #11298 to issue #11285 to prevent functionality of #11285
---------
Co-authored-by: Christian Forgács <christian@wunderbit.de>
* Add updateAll() methods
* Add deleteAll() methods
* Fix softDelete/restore error messages
* Add test for Repository.delete() with criteria
* Add test for Repository.deleteAll() method
* Move/rename “Repository > delete” test files
* Tweak comments
* Add tests for Repository update methods
* Add updateAll and deleteAll to EntityManager API docs
* Add updateAll and deleteAll to Repository API docs
* Fix tests
* Added a new SQL tagged template feature for executing raw SQL queries with automatic parameter handling.
---------
Co-authored-by: Simon Garner <simon@equalogic.com>
* fix: change how array columns are compared on column changed detection
Closes: #5967
* add tests with date array colum
* Normalize date arrays before comparing
