[Snyk] Upgrade typeorm from 0.2.24 to 0.3.28

[Katanis]

Snyk has created this PR to upgrade typeorm from 0.2.24 to 0.3.28.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 760 versions ahead of your current version.

• The recommended version was released a month ago.

Issues fixed by the recommended upgrade:

	Issue	Score	Exploit Maturity
	Prototype Pollution SNYK-JS-HIGHLIGHTJS-1045326	290	No Known Exploit
	Regular Expression Denial of Service (ReDoS) SNYK-JS-HIGHLIGHTJS-1048676	290	No Known Exploit
	Function Call With Incorrect Argument Type SNYK-JS-SHAJS-12089400	290	Proof of Concept
	Prototype Pollution SNYK-JS-TYPEORM-590152	290	Mature
	SQL Injection SNYK-JS-TYPEORM-13746469	290	Proof of Concept
	Prototype Pollution SNYK-JS-XML2JS-5414874	290	Proof of Concept

Release notes

Package name: typeorm

• 0.3.28 - 2025-12-03
  

  What's Changed

  • build(deps): bump brace-expansion from 2.0.1 to 2.0.2 in /sample/playground by @ dependabot[bot] in #11522
  • chore: update dependencies by @ alumni in #11666
  • chore: fix package preview by @ alumni in #11542
  • fix: add multiSubnetFailover to mssql driver option types by @ isaru66 in #10804
  • ci: introduce jsdoc eslint plugin (warnings only) by @ pkuczynski in #11681
  • feat: add support for jsonpath column type in PostgreSQL by @ pkuczynski in #11684
  • feat: entity schema support trees by @ wszgrcy in #11606
  • ci: remove close stale issues GH action by @ gioboa in #11696
  • docs: remove unused docs example file by @ pkuczynski in #11675
  • docs: updated jsdoc link to PostgreSQL documentation for data types by @ pkuczynski in #11680
  • ci: bump actions/setup-node to v5 and benefit from automatic caching by @ pkuczynski in #11709
  • feat(cli/init): pick dependencies versions from our own package.json by @ pkuczynski in #11705
  • chore(lint/jsdoc): enable jsdoc/valid-types rule and fix offenses by @ pkuczynski in #11706
  • chore(docs): ehnance llms.txt by @ naorpeled in #11711
  • ci: bump actions/checkout version by @ gioboa in #11712
  • ci: harmonize MongoDB version used in CI, local development environment and init command and bump to v8 by @ pkuczynski in #11704
  • docs: remove contradictory statement in Active Record/Data Mapper guide by @ ericmorand in #11722
  • Fix typos in documentation / hacktoberfest by @ survivant in #11713
  • MongoDB connector now includes SOCKS5 proxy settings by @ Kumar-Kishan in #11731
  • docs: fix link to email, when vulnerability found by @ pkuczynski in #11667
  • style: remove commented out code in FindOptionsUtils by @ DeeprajPandey in #11721
  • docs: collect all migrations documentation in one place by @ pkuczynski in #11674
  • lint: fix offenses for @ typescript-eslint/no-unused-vars rule in samples folder by @ pkuczynski in #11757
  • lint: fix offenses for @ typescript-eslint/no-unused-vars rule in tests folder by @ pkuczynski in #11755
  • docs: fix typos in the js documentation by @ pkuczynski in #11754
  • fix: circular import in SapDriver.ts by @ abendi in #11750
  • chore(dev-deps): bump eslint and update config by @ pkuczynski in #11756
  • docs: fix broken migration links by @ mguida22 in #11760
  • ci: test if docs build and run task depending on the changes from PR by @ pkuczynski in #11761
  • ci: control development and CI version of Node.js via .nvmrc by @ pkuczynski in #11708
  • ci: add single step to validate if all tests passed by @ pkuczynski in #11763
  • ci: prevent running docs index on forks by @ pkuczynski in #11762
  • feat(mssql): support 'vector' type for MS SQL Server by @ artiz in #11732
  • docs: expand sponsors section and remove outdated translations by @ dlhck in #11771
  • docs(cockroach): fix typo in CockroachDriver jsdoc for mappedDataTypes by @ Edge-Seven in #11775
  • ci: migrate from nyc to c8 by @ pkuczynski in #11759
  • fix(deps): upgrade glob to fix CVE-2025-64756 by @ PabloThiele in #11784
  • build(deps): bump js-yaml in /docs by @ dependabot[bot] in #11779
  • ci: run tests on commits to master and next by @ mguida22 in #11783
  • docs: fix build status badge url by @ pkuczynski in #11790
  • chore: add GitHub Copilot instructions by @ Copilot in #11781
  • feat: export QueryPartialEntity and QueryDeepPartialEntity types by @ danielsharvey in #11748
  • ci(oracle): add extra sleep after container starts by @ OSA413 in #11795
  • chore: add Qodo config by @ naorpeled in #11791
  • feat: init version in postgres driver only if not set by @ hfhchan-plb in #11373
  • fix(cli): init command reading package.json from two folders up by @ pkuczynski in #11789
  • feat(mysql): add support for vector columns on MariaDB and MySQL by @ alumni in #11670
  • fix: typesense doc sync by @ G0maa in #11807
  • Update dependencies by @ alumni in #11811
  • test: use built-in wait function and fix wait times to avoid flaky tests by @ alumni in #11812
  • feat(mysql): add pool size options for each connection by @ gioboa in #11810
  • feat:add utc flag to date column by @ CHOIJEWON in #11740
  • docs(mysql): add missing mysql credential options by @ gioboa in #11813
  • refactor(tests): ensure test files have the .test.ts extension by @ alumni in #11801
  • refactor: use pragma method in better-sqlite3 by @ mohd-akram in #10684
  • fix: add missing findBy method to MongoEntityManager by @ CHOIJEWON in #11814
  • fix(redis): version detection logic by @ ibrahimmenem in #11815
  • chore: release v0.3.28 by @ mguida22 in #11816

  New Contributors

  • @ isaru66 made their first contribution in #10804
  • @ ericmorand made their first contribution in #11722
  • @ survivant made their first contribution in #11713
  • @ Kumar-Kishan made their first contribution in #11731
  • @ DeeprajPandey made their first contribution in #11721
  • @ abendi made their first contribution in #11750
  • @ artiz made their first contribution in #11732
  • @ Edge-Seven made their first contribution in #11775
  • @ PabloThiele made their first contribution in #11784
  • @ danielsharvey made their first contribution in #11748
  • @ hfhchan-plb made their first contribution in #11373
  • @ G0maa made their first contribution in #11807
  • @ CHOIJEWON made their first contribution in #11740
  • @ ibrahimmenem made their first contribution in #11815

  Full Changelog: 0.3.27...0.3.28

• 0.3.28-dev.ec3ea10 - 2025-12-01
• 0.3.28-dev.ea0f155 - 2025-11-24
• 0.3.28-dev.e0e7de1 - 2025-09-26
• 0.3.28-dev.e04ffd3 - 2025-11-12
• 0.3.28-dev.dd55218 - 2025-11-25
• 0.3.28-dev.dc74f53 - 2025-11-20
• 0.3.28-dev.d7867eb - 2025-10-20
• 0.3.28-dev.d4f7b44 - 2025-09-20
• 0.3.28-dev.d0b5454 - 2025-11-28
• 0.3.28-dev.cfb3d6c - 2025-11-27
• 0.3.28-dev.cb1284c - 2025-11-24
• 0.3.28-dev.cad0921 - 2025-11-20
• 0.3.28-dev.c4f5d12 - 2025-11-30
• 0.3.28-dev.c16ef63 - 2025-09-19
• 0.3.28-dev.bed7913 - 2025-11-10
• 0.3.28-dev.bec548a - 2025-11-20
• 0.3.28-dev.ba3319d - 2025-11-11
• 0.3.28-dev.b639d33 - 2025-11-09
• 0.3.28-dev.ade198c - 2025-11-23
• 0.3.28-dev.9ea8577 - 2025-09-19
• 0.3.28-dev.925dee0 - 2025-09-29
• 0.3.28-dev.8692da2 - 2025-10-20
• 0.3.28-dev.83e3a8a - 2025-09-25
• 0.3.28-dev.835647a - 2025-11-29
• 0.3.28-dev.7c55d32 - 2025-10-12
• 0.3.28-dev.797a8f5 - 2025-09-19
• 0.3.28-dev.74522ff - 2025-10-03
• 0.3.28-dev.6f486e5 - 2025-12-02
• 0.3.28-dev.6eda138 - 2025-11-21
• 0.3.28-dev.6ed24f8 - 2025-11-20
• 0.3.28-dev.6da0911 - 2025-11-14
• 0.3.28-dev.67f793f - 2025-11-30
• 0.3.28-dev.6381c8d - 2025-11-09
• 0.3.28-dev.61f9e0d - 2025-11-30
• 0.3.28-dev.5fa8a0b - 2025-11-21
• 0.3.28-dev.5d02f06 - 2025-11-11
• 0.3.28-dev.5b01c39 - 2025-11-07
• 0.3.28-dev.5a28729 - 2025-11-11
• 0.3.28-dev.55cd8e2 - 2025-11-30
• 0.3.28-dev.51fbcf4 - 2025-11-10
• 0.3.28-dev.4f05718 - 2025-09-26
• 0.3.28-dev.3ac6053 - 2025-11-09
• 0.3.28-dev.38715bb - 2025-12-02
• 0.3.28-dev.2446bd0 - 2025-10-01
• 0.3.28-dev.1f19abb - 2025-10-03
• 0.3.28-dev.181154a - 2025-10-05
• 0.3.28-dev.02e7b71 - 2025-11-18
• 0.3.28-dev.9383799 - 2025-11-24
• 0.3.28-dev.5461927 - 2025-11-29
• 0.3.28-dev.2681051 - 2025-11-12
• 0.3.28-dev.2671579 - 2025-10-03
• 0.3.27 - 2025-09-19
  

  Note: This release reverts a fix from 0.3.26 (#11114) because it introduced a regression in certain cases.

  Once a fix can be provided which does not have this regression, it will be released in a future patch.

  What's Changed

  • perf: Cache package.json location between getNearestPackageJson invocations by @ rutkowskib in #11580
  • feat: allow VirtualColumns to be initially non-selectable by @ alumni in #11586
  • build(deps): bump sha.js from 2.4.11 to 2.4.12 in /sample/playground by @ dependabot[bot] in #11617
  • Add @ signalwire/docusaurus-plugin-llms-txt to TypeORM documentation by @ Copilot in #11622
  • fix: Add package.json exports for react-native by @ macksal in #11623
  • fix(query-builder): don't use lazy count when offset exceeds total in getManyAndCount by @ jeremyteyssedre in #11634
  • chore: bump sha.js from 2.4.11 to 2.4.12 (fix security issue: CVE-2025-9288) by @ prateek-hegde in #11639
  • docs: fix docs for UpdateDateColumn by @ madhugb in #11572
  • build(deps): bump axios from 1.11.0 to 1.12.1 in /docs by @ dependabot[bot] in #11649
  • feat(migration): improve JSDoc types in generated migration templates by @ gwythyr in #11490
  • fix: update tests to reflect migration template changes by @ sgarner in #11653
  • feat(mysql): add support for MySQL 9 / MariaDB 12 by @ alumni in #11575
  • ci: add close stale issues GH action by @ gioboa in #11651
  • feat: add new undefined and null behavior flags by @ naorpeled in #11332
  • feat(postgres): support vector/halfvec data types by @ naorpeled in