Skip to content

ci(deps): bump the major-updates group with 2 updates#102

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/major-updates-aa167f8d2b
Open

ci(deps): bump the major-updates group with 2 updates#102
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/major-updates-aa167f8d2b

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Bumps the major-updates group with 2 updates: typeorm and jscpd.

Updates typeorm from 0.3.30 to 1.0.0

Release notes

Sourced from typeorm's releases.

1.0.0

TypeORM v1.0 is here! 🥳

👉 For a structured walk-through of the changes in v1.0 — breaking changes, new features, security fixes, and the upgrade path from 0.3.x — see the v1.0 Release Notes.

This release includes breaking changes. See the v1.0 Upgrade Guide

What's Changed

... (truncated)

Changelog

Sourced from typeorm's changelog.

1.0.0 (2026-05-19)

👉 For a structured walk-through of the changes in v1.0 — breaking changes, new features, security fixes, and the upgrade path from 0.3.x — see the v1.0 Release Notes.

The list below is the set of commits between 0.3.30 and 1.0.0 — fixes already shipped on the 0.3.x line are listed under their respective 0.3.x entries below.

Bug Fixes

  • cascade: propagate withDeleted to relation-id loader for many-to-many recover (#12287) (cfba9e7)
  • cascade: support cascade remove for OneToMany relations with composite PKs (#12286) (09183c8)
  • cli: preserve devDependencies needed by init command in published package (#12281) (c3b771c)
  • cockroachdb: preserve structured query results during txn retry replay (#11861) (09db48c)
  • codemod: apply find-options select/relations rewrites to .exists() too (#12399) (4461063)
  • codemod: correct relation-count guidance and flag loadRelationCountAndMap (#12374) (5de5490)
  • codemod: cover ColumnMetadata args.options in column option rewrites (#12400) (7a68cf2)
  • codemod: exclude type declarations from build (#12292) (4c645f0)
  • codemod: handle aliases, quoted keys, and ObjectProperty variants (#12377) (2d15644)
  • codemod: handle lock option objects correctly and increase test coverage (#12353) (b871719)
  • codemod: handle typeof type queries and use getStringValue consistently (#12379) (dedea37)
  • codemod: harden destructure and DI accessor rewrites for connection to dataSource rename (#12398) (057ddbc)
  • codemod: harden scope and type-name detection across more AST shapes (#12394) (9d1fd8d)
  • codemod: harden scope, idempotency, and import-strip semantics (#12391) (ed5a19b)
  • codemod: recognize typeorm deep-path imports (#12382) (a96b097)
  • codemod: rename .connection on EntityMetadata, ColumnMetadata, IndexMetadata (#12383) (8a51e30), closes #12249
  • codemod: rewrite typeorm re-exports in barrel files (#12373) (25f0b5f)
  • codemod: scope v1 transforms to typeorm imports and skip .d.ts files (#12372) (a34fdb2)
  • codemod: track DataSource accessor chains for typed-variable renames (#12385) (14a3132)
  • copy cordova query rows affected into query result (#10873) (ad22c10)
  • disable global order for aggregate functions (#11925) (2efb2a1)
  • do not run npm install during CLI init (#12386) (66aa930)
  • docs: add lunr as explicit dependency for pnpm strict hoisting (f4d435e)
  • docs: align code style (#12081) (5f6eb4c)
  • docs: complete Typesense removal missed during cherry-pick (eb7a5b6)
  • docs: update docs pnpm lockfile for new dependencies (4123db9)
  • eager load relation strategy (#11326) (5797d97)
  • enhance upsert functionality for proper sql generation with table alias (#11915) (42ce630)
  • expo: auto-load expo-sqlite driver via loadDependencies() (#12363) (212c8ef)
  • fix up change detection with date transformer (#11963) (e3e3c97)
  • fix up generated query with .update() (#11993) (fe6c072)
  • fix up join attributes inside bracket (#11218) (d233daa)
  • fix up map objects comparison (#10990) (f66eee7)
  • fix up save with eagerly loaded relation (#11975) (f5cea95)
  • fix working with tables with quotes in the names for postgres and cockroachdb (#10993) (e5a8afb)
  • handle re-save of postgres geometric types (#11857) (65dea3c)
  • handle relation ids in nested embedded entities (#11942) (5237bee)
  • include joined entity primary keys in pagination subquery (#11669) (4ffe666)
  • make shorten method to properly work with camelCase_aliases (#11283) (8a9a376)
  • merging into an entity now respects null values (#11154) (1676484)

... (truncated)

Commits
  • cf3f13f docs: restyle version dropdown for v1 release (#12514)
  • 6997b23 chore: release v1.0.0 (#12510)
  • df09802 fix(cockroachdb): adjust join in loadTables to load correct table columns (#1...
  • f5cc456 fix(find-options): allow array values in JsonContains (#12420)
  • 9440998 fix(mysql)!: use index identifiers instead of raw SQL in QB.useIndex() (#12...
  • a4f26af chore(deps): bump the github-actions-official group with 3 updates (#12483)
  • ac2ffc6 chore(deps): bump the github-actions-third-party group with 3 updates (#12484)
  • 62948a3 revert: fix up limit with joins (#12478)
  • c2b788f ci: pin all GitHub Actions to commit SHAs (#12481)
  • 9284c16 fix(security): validate limit() in Update/SoftDelete query builders (#12436)
  • Additional commits viewable in compare view

Updates jscpd from 4.2.4 to 5.0.9

Release notes

Sourced from jscpd's releases.

v5.0.9

New Features

  • GitHub Action for jscpd (Rust v5) — jscpd-copy-paste-detector action for GitHub Actions Marketplace. Scan your repo for copy/paste in CI with uses: kucherenko/jscpd/.github/workflows/action.yml@v5

Bug Fixes

  • Resolve platform binary resolution when cpd is installed as a nested dependency (e.g. in a project's node_modules via a parent package). The runner now correctly locates the platform-specific binary relative to the installed package rather than assuming a top-level install. Fixes #816

Release v5.0.8

Bug Fixes

  • Prevent mmap exhaustion crashes when scanning repositories with more files than (default 131 072 on Linux). The walker previously held a live per discovered file; each rayon worker now opens and drops its mapping within the processing closure, capping concurrent mappings to the thread-pool size (typically 8–32). Fixes #813
  • Fix not matching relative paths when the scan root is absolute (e.g. CWD). Patterns like now match correctly by comparing against both the relative path and the full absolute path, and bare patterns like gain a prefix to match at any depth. Fixes #811

Release v5.0.7

Bug Fixes

  • Prevent stack overflow when scanning directories containing deeply-nested JS/TS files (e.g. Bun's with 320K+ nested for-loops). OXC's recursive-descent parser allocates one stack frame per AST nesting level; pathological inputs now exceed the default 8 MiB thread stack. Fixed by building a local rayon with 64 MiB stacks instead of using the global pool (which silently fails on re-init)
  • Default to — files exceeding the limit are skipped at walk time, consistent with jscpd v4's behavior. This prevents OXC from ever seeing megabyte-scale generated files that would overflow the stack
  • now correctly takes effect on every call (previously silently no-op'd after the first invocation)

Release v5.0.6

New Features

  • v4 config backward compatibility — fields , , , and are now read and applied, matching jscpd v4 behavior
  • and are now distinct: matches file-level globs, matches code-level regex patterns (previously conflated)
  • path config support — reads scan directories from the field, resolving relative paths against the config file's directory
  • npm wrapper package — publishes the same Rust binary under the name on npm with v5.x versioning
  • now matches v4 behavior: accepts optional integer value ( exits 1, exits 2); and are now independent
  • Performance improvements: memory-mapped file I/O (via ) eliminates heap copies of file contents; SIMD-accelerated line counting (via ); parallel detection pipeline uses to avoid intermediate allocations; JS tokenizer no longer clones source strings before parsing (thanks to @​auterium, #808)

Bug Fixes

  • Fixed to match jscpd v4's behavior (was boolean, now optional integer)
  • Fixed unique temp dir generation in reporter tests (added PID to prevent race conditions under parallel test runners)

Release v5.0.4

New Features

  • CLI alignment with jscpd v4: new --absolute, --ignore-case, --formats-exts, --formats-names flags; fixed --threshold, improved --max-size
  • Detection and statistics aligned with jscpd for consistent output across Rust and TypeScript versions
  • Side-by-side blame comparison in console-full reporter
  • Clone list display in console reporter

Bug Fixes

  • HTML reporter now outputs jscpd-report.html at the output_dir root

... (truncated)

Changelog

Sourced from jscpd's changelog.

5.0.9

New Features

  • GitHub Action for jscpd (Rust v5) — jscpd-copy-paste-detector action for GitHub Actions Marketplace. Scan your repo for copy/paste in CI with uses: kucherenko/jscpd/.github/workflows/action.yml@v5

Bug Fixes

  • Resolve platform binary resolution when cpd is installed as a nested dependency (e.g. in a project's node_modules via a parent package). The runner now correctly locates the platform-specific binary relative to the installed package rather than assuming a top-level install. Fixes #816

5.0.8

Bug Fixes

  • Prevent mmap exhaustion crashes when scanning repositories with more files than vm.max_map_count (default 131 072 on Linux). The walker previously held a live Mmap per discovered file; each rayon worker now opens and drops its mapping within the processing closure, capping concurrent mappings to the thread-pool size (typically 8–32). Fixes #813
  • Fix --pattern not matching relative paths when the scan root is absolute (e.g. CWD). Patterns like src/**/*.ts now match correctly by comparing against both the relative path and the full absolute path, and bare patterns like *.ts gain a **/ prefix to match at any depth. Fixes #811
  • Fix trailing-newline off-by-one in line-count filter: files not ending with \n now count the final line correctly

5.0.7

Bug Fixes

  • Prevent stack overflow when scanning directories containing deeply-nested JS/TS files (e.g. Bun's test/bundler with 320K+ nested for-loops). OXC's recursive-descent parser allocates one stack frame per AST nesting level; pathological inputs now exceed the default 8 MiB thread stack. Fixed by building a local rayon ThreadPool with 64 MiB stacks instead of using the global pool (which silently fails on re-init)
  • Default --max-size to 1mb — files exceeding the limit are skipped at walk time, consistent with jscpd v4's maxSize behavior. This prevents OXC from ever seeing megabyte-scale generated files that would overflow the stack
  • --workers N now correctly takes effect on every run() call (previously build_global() silently no-op'd after the first invocation)

5.0.6

New Features

  • v4 config backward compatibility — .jscpd.json fields path, pattern, ignore, and ignorePattern are now read and applied, matching jscpd v4 behavior
  • ignore and ignorePattern are now distinct: ignore matches file-level globs, ignorePattern matches code-level regex patterns (previously conflated)
  • .jscpd.json path config support — reads scan directories from the path field, resolving relative paths against the config file's directory
  • jscpd npm wrapper package — publishes the same Rust binary under the jscpd name on npm with v5.x versioning
  • --exit-code now matches v4 behavior: accepts optional integer value (--exit-code exits 1, --exit-code 2 exits 2); --threshold and --exit-code are now independent
  • Performance improvements: memory-mapped file I/O (via memmap2) eliminates heap copies of file contents; SIMD-accelerated line counting (via memchr); parallel detection pipeline uses flat_map to avoid intermediate allocations; JS tokenizer no longer clones source strings before parsing (thanks to @​auterium, #808)

Bug Fixes

  • Fixed --exit-code to match jscpd v4's --exitCode behavior (was boolean, now optional integer)
  • Fixed unique temp dir generation in reporter tests (added PID to prevent race conditions under parallel test runners)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
ci(deps): bump the major-updates group with 2 updates
16adadc 
Bumps the major-updates group with 2 updates: [typeorm](https://github.com/typeorm/typeorm) and [jscpd](https://github.com/kucherenko/jscpd/tree/HEAD/rust/jscpd).


Updates `typeorm` from 0.3.30 to 1.0.0
- [Release notes](https://github.com/typeorm/typeorm/releases)
- [Changelog](https://github.com/typeorm/typeorm/blob/master/CHANGELOG.md)
- [Commits](typeorm/typeorm@0.3.30...1.0.0)

Updates `jscpd` from 4.2.4 to 5.0.9
- [Release notes](https://github.com/kucherenko/jscpd/releases)
- [Changelog](https://github.com/kucherenko/jscpd/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kucherenko/jscpd/commits/v5.0.9/rust/jscpd)

---
updated-dependencies:
- dependency-name: typeorm
  dependency-version: 1.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: major-updates
- dependency-name: jscpd
  dependency-version: 5.0.9
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: major-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from vineethkrishnan as a code owner June 15, 2026 14:23
@clearpr

clearpr Bot commented Jun 15, 2026
edited
Loading

Copy link
Copy Markdown

ClearPR Review

Diff stats: 1,436 raw lines → 292 semantic lines (79.67% noise filtered)

Findings

  • 1 warning
  • 1 info

Inline comments could not be anchored to the diff (e.g. an unsupported language), so the findings are listed here:

  • [warning] package.json:1 typeorm was bumped to ^1.0.0, a major-version jump from the long-standing 0.3.x line. @nestjs/typeorm is pinned at ^11.0.1, whose declared TypeORM peer range has historically targeted 0.3.x. Confirm @nestjs/typeorm@11 actually supports typeorm@1, otherwise you'll hit a peer-dependency conflict (or silent runtime breakage from removed/renamed APIs such as decorator or DataSource changes). Verify a clean npm ci and that the app boots before merging.
  • [info] package.json:1 TypeORM 1.0.0 is a major release and typically carries breaking changes (entity/migration/DataSource behavior). The migration scripts (migration:generate, migration:run, migration:revert) and the data-source.ts config should be exercised against this version — generated migration SQL and CLI flags can differ across a major bump.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@vineethkrishnan vineethkrishnan Awaiting requested review from vineethkrishnan vineethkrishnan is a code owner

Assignees

No one assigned

Labels

dependencies

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants