Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Snyk] Upgrade drizzle-orm from 0.31.2 to 0.33.0 #1057

Closed

Conversation

NiallJoeMaher
Copy link
Contributor

snyk-top-banner

Snyk has created this PR to upgrade drizzle-orm from 0.31.2 to 0.33.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.


  • The recommended version is 75 versions ahead of your current version.

  • The recommended version was released on 2 months ago.

Release notes
Package name: drizzle-orm
  • 0.33.0 - 2024-08-08

    Breaking changes (for some of postgres.js users)

    Bugs fixed for this breaking change

    As we are doing with other drivers, we've changed the behavior of PostgreSQL-JS to pass raw JSON values, the same as you see them in the database. So if you are using the PostgreSQL-JS driver and passing data to Drizzle elsewhere, please check the new behavior of the client after it is passed to Drizzle.

    We will update it to ensure it does not override driver behaviors, but this will be done as a complex task for everything in Drizzle in other releases

    If you were using postgres-js with jsonb fields, you might have seen stringified objects in your database, while drizzle insert and select operations were working as expected.

    You need to convert those fields from strings to actual JSON objects. To do this, you can use the following query to update your database:

    if you are using jsonb:

    update table_name
    set jsonb_column = (jsonb_column #>> '{}')::jsonb;

    if you are using json:

    update table_name
    set json_column = (json_column #>> '{}')::json;

    We've tested it in several cases, and it worked well, but only if all stringified objects are arrays or objects. If you have primitives like strings, numbers, booleans, etc., you can use this query to update all the fields

    if you are using jsonb:

    UPDATE table_name
    SET jsonb_column = CASE
        -- Convert to JSONB if it is a valid JSON object or array
        WHEN jsonb_column #>> '{}' LIKE '{%' OR jsonb_column #>> '{}' LIKE '[%' THEN
            (jsonb_column #>> '{}')::jsonb
        ELSE
            jsonb_column
    END
    WHERE
        jsonb_column IS NOT NULL;

    if you are using json:

    UPDATE table_name
    SET json_column = CASE
        -- Convert to JSON if it is a valid JSON object or array
        WHEN json_column #>> '{}' LIKE '{%' OR json_column #>> '{}' LIKE '[%' THEN
            (json_column #>> '{}')::json
        ELSE
            json_column
    END
    WHERE json_column IS NOT NULL;

    If nothing works for you and you are blocked, please reach out to me @ AndriiSherman. I will try to help you!

    Bug Fixes

  • 0.33.0-ff1dcd9 - 2024-09-03
  • 0.33.0-f7ddd08 - 2024-08-22
  • 0.33.0-f71baf7 - 2024-08-15
  • 0.33.0-efd821d - 2024-09-05
  • 0.33.0-daeed1e - 2024-09-04
  • 0.33.0-d496e6f - 2024-09-06
  • 0.33.0-d11d7bb - 2024-09-11
  • 0.33.0-cd1f68c - 2024-09-07
  • 0.33.0-cd0b1a2 - 2024-09-11
  • 0.33.0-c6528ed - 2024-09-09
  • 0.33.0-c5d1196 - 2024-09-03
  • 0.33.0-bddd952 - 2024-08-16
  • 0.33.0-b921e79 - 2024-08-29
  • 0.33.0-ad58316 - 2024-09-04
  • 0.33.0-ab3b46d - 2024-09-02
  • 0.33.0-8db0aa4 - 2024-08-27
  • 0.33.0-8cf7a61 - 2024-09-05
  • 0.33.0-8948f19 - 2024-08-28
  • 0.33.0-8944ef1 - 2024-09-06
  • 0.33.0-87d7704 - 2024-08-26
  • 0.33.0-86140ad - 2024-09-09
  • 0.33.0-807aa5b - 2024-09-02
  • 0.33.0-7bea25c - 2024-09-06
  • 0.33.0-766f76f - 2024-08-27
  • 0.33.0-7469abe - 2024-09-06
  • 0.33.0-6fbcf46 - 2024-09-14
  • 0.33.0-6386ea9 - 2024-08-14
  • 0.33.0-626cc95 - 2024-08-23
  • 0.33.0-6205f01 - 2024-08-08
  • 0.33.0-5be80aa - 2024-09-02
  • 0.33.0-5b9600e - 2024-09-02
  • 0.33.0-540bab9 - 2024-09-05
  • 0.33.0-50ebd0a - 2024-08-30
  • 0.33.0-4c4912d - 2024-08-23
  • 0.33.0-417b0fa - 2024-08-27
  • 0.33.0-4045fbc - 2024-08-23
  • 0.33.0-3e27645 - 2024-09-03
  • 0.33.0-3c3ccca - 2024-09-04
  • 0.33.0-38d6dab - 2024-08-12
  • 0.33.0-30e7661 - 2024-08-26
  • 0.33.0-277e6de - 2024-09-06
  • 0.33.0-25af8ee - 2024-08-27
  • 0.33.0-1a5913a - 2024-08-26
  • 0.33.0-1321cf9 - 2024-09-04
  • 0.33.0-12ef143 - 2024-08-27
  • 0.33.0-0ced1ab - 2024-08-23
  • 0.32.2 - 2024-08-05
    • Fix AWS Data API type hints bugs in RQB
    • Fix set transactions in MySQL bug - thanks @ roguesherlock
    • Add forwaring dependencies within useLiveQuery, fixes #2651 - thanks @ anstapol
    • Export additional types from SQLite package, like AnySQLiteUpdate - thanks @ veloii
  • 0.32.2-df9e596 - 2024-08-07
  • 0.32.2-d486e9b - 2024-08-07
  • 0.32.2-cd71182 - 2024-08-07
  • 0.32.2-6234cbf - 2024-08-06
  • 0.32.2-22df170 - 2024-08-07
  • 0.32.1 - 2024-07-23
    • Fix typings for indexes and allow creating indexes on 3+ columns mixing columns and expressions - thanks @ lbguilherme!
    • Added support for "limit 0" in all dialects - closes #2011 - thanks @ sillvva!
    • Make inArray and notInArray accept empty list, closes #1295 - thanks @ RemiPeruto!
    • fix typo in lt typedoc - thanks @ dalechyn!
    • fix wrong example in README.md - thanks @ 7flash!
  • 0.32.1-848e136 - 2024-07-25
  • 0.32.1-3d4e79a - 2024-08-01
  • 0.32.0 - 2024-07-10

    Release notes for drizzle-orm@0.32.0 and drizzle-kit@0.23.0

    It's not mandatory to upgrade both packages, but if you want to use the new features in both queries and migrations, you will need to upgrade both packages

    New Features

    🎉 MySQL $returningId() function

    MySQL itself doesn't have native support for RETURNING after using INSERT. There is only one way to do it for primary keys with autoincrement (or serial) types, where you can access insertId and affectedRows fields. We've prepared an automatic way for you to handle such cases with Drizzle and automatically receive all inserted IDs as separate objects

    import { boolean, int, text, mysqlTable } from 'drizzle-orm/mysql-core';

    const usersTable = mysqlTable('users', {
    id: int('id').primaryKey(),
    name: text('name').notNull(),
    verified: boolean('verified').notNull().default(false),
    });

    const result = await db.insert(usersTable).values([{ name: 'John' }, { name: 'John1' }]).$returningId();
    // ^? { id: number }[]

    Also with Drizzle, you can specify a primary key with $default function that will generate custom primary keys at runtime. We will also return those generated keys for you in the $returningId() call

    import { varchar, text, mysqlTable } from 'drizzle-orm/mysql-core';
    import { createId } from '@ paralleldrive/cuid2';

    const usersTableDefFn = mysqlTable('users_default_fn', {
    customId: varchar('id', { length: 256 }).primaryKey().$defaultFn(createId),
    name: text('name').notNull(),
    });

    const result = await db.insert(usersTableDefFn).values([{ name: 'John' }, { name: 'John1' }]).$returningId();
    // ^? { customId: string }[]

    If there is no primary keys -> type will be {}[] for such queries

    🎉 PostgreSQL Sequences

    You can now specify sequences in Postgres within any schema you need and define all the available properties

    Example
    import { pgSchema, pgSequence } from "drizzle-orm/pg-core";

    // No params specified
    export const customSequence = pgSequence("name");

    // Sequence with params
    export const customSequence = pgSequence("name", {
    startWith: 100,
    maxValue: 10000,
    minValue: 100,
    cycle: true,
    cache: 10,
    increment: 2
    });

    // Sequence in custom schema
    export const customSchema = pgSchema('custom_schema');

    export const customSequence = customSchema.sequence("name");

    🎉 PostgreSQL Identity Columns

    Source: As mentioned, the serial type in Postgres is outdated and should be deprecated. Ideally, you should not use it. Identity columns are the recommended way to specify sequences in your schema, which is why we are introducing the identity columns feature

    Example
    import { pgTable, integer, text } from 'drizzle-orm/pg-core'

    export const ingredients = pgTable("ingredients", {
    id: integer("id").primaryKey().generatedAlwaysAsIdentity({ startWith: 1000 }),
    name: text("name").notNull(),
    description: text("description"),
    });

    You can specify all properties available for sequences in the .generatedAlwaysAsIdentity() function. Additionally, you can specify custom names for these sequences

    PostgreSQL docs reference.

    🎉 PostgreSQL Generated Columns

    You can now specify generated columns on any column supported by PostgreSQL to use with generated columns

    Example with generated column for tsvector

    Note: we will add tsVector column type before latest release

    import { SQL, sql } from "drizzle-orm";
    import { customType, index, integer, pgTable, text } from "drizzle-orm/pg-core";

    const tsVector = customType<{ data: string }>({
    dataType() {
    return "tsvector";
    },
    });

    export const test = pgTable(
    "test",
    {
    id: integer("id").primaryKey().generatedAlwaysAsIdentity(),
    content: text("content"),
    contentSearch: tsVector("content_search", {
    dimensions: 3,
    }).generatedAlwaysAs(
    (): SQL => sqlto_tsvector('english', <span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">test</span><span class="pl-kos">.</span><span class="pl-c1">content</span><span class="pl-kos">}</span></span>)
    ),
    },
    (t) => ({
    idx: index("idx_content_search").using("gin", t.contentSearch),
    })
    );

    In case you don't need to reference any columns from your table, you can use just sql template or a string

    export const users = pgTable("users", {
      id: integer("id"),
      name: text("name"),
      generatedName: text("gen_name").generatedAlwaysAs(sql`hello world!`),
      generatedName1: text("gen_name1").generatedAlwaysAs("hello world!"),
    }),

    🎉 MySQL Generated Columns

    You can now specify generated columns on any column supported by MySQL to use with generated columns

    You can specify both stored and virtual options, for more info you can check MySQL docs

    Also MySQL has a few limitation for such columns usage, which is described here

    Drizzle Kit will also have limitations for push command:

    1. You can't change the generated constraint expression and type using push. Drizzle-kit will ignore this change. To make it work, you would need to drop the column, push, and then add a column with a new expression. This was done due to the complex mapping from the database side, where the schema expression will be modified on the database side and, on introspection, we will get a different string. We can't be sure if you changed this expression or if it was changed and formatted by the database. As long as these are generated columns and push is mostly used for prototyping on a local database, it should be fast to drop and create generated columns. Since these columns are generated, all the data will be restored

    2. generate should have no limitations

    Example
    export const users = mysqlTable("users", {
      id: int("id"),
      id2: int("id2"),
      name: text("name"),
      generatedName: text("gen_name").generatedAlwaysAs(
        (): SQL => sql`${schema2.users.name} || 'hello'`,
        { mode: "stored" }
      ),
      generatedName1: text("gen_name1").generatedAlwaysAs(
        (): SQL => sql`${schema2.users.name} || 'hello'`,
        { mode: "virtual" }
      ),
    }),

    In case you don't need to reference any columns from your table, you can use just sql template or a string in .generatedAlwaysAs()

    🎉 SQLite Generated Columns

    You can now specify generated columns on any column supported by SQLite to use with generated columns

    You can specify both stored and virtual options, for more info you can check SQLite docs

    Also SQLite has a few limitation for such columns usage, which is described here

    Drizzle Kit will also have limitations for push and generate command:

    1. You can't change the generated constraint expression with the stored type in an existing table. You would need to delete this table and create it again. This is due to SQLite limitations for such actions. We will handle this case in future releases (it will involve the creation of a new table with data migration).

    2. You can't add a stored generated expression to an existing column for the same reason as above. However, you can add a virtual expression to an existing column.

    3. You can't change a stored generated expression in an existing column for the same reason as above. However, you can change a virtual expression.

    4. You can't change the generated constraint type from virtual to stored for the same reason as above. However, you can change from stored to virtual.

    New Drizzle Kit features

    🎉 Migrations support for all the new orm features

    PostgreSQL sequences, identity columns and generated columns for all dialects

    🎉 New flag --force for drizzle-kit push

    You can auto-accept all data-loss statements using the push command. It's only available in CLI parameters. Make sure you always use it if you are fine with running data-loss statements on your database

    🎉 New migrations flag prefix

    You can now customize migration file prefixes to make the format suitable for your migration tools:

    • index is the default type and will result in 0001_name.sql file names;
    • supabase and timestamp are equal and will result in 20240627123900_name.sql file names;
    • unix will result in unix seconds prefixes 1719481298_name.sql file names;
    • none will omit the prefix completely;
    Example: Supabase migrations format
    import { defineConfig } from "drizzle-kit";

    export default defineConfig({
    dialect: "postgresql",
    migrations: {
    prefix: 'supabase'
    }
    });




  • 0.32.0-e7cf338 - 2024-06-25


  • 0.32.0-d0d6436 - 2024-06-27


  • 0.32.0-af7ce99 - 2024-06-17


  • 0.32.0-aaf764c - 2024-07-09


  • 0.32.0-85c8008 - 2024-06-24


  • 0.32.0-857ba54 - 2024-06-11


  • 0.32.0-81cb794 - 2024-06-22


  • 0.32.0-7721c7c - 2024-06-22


  • 0.32.0-7612dda - 2024-07-09


  • 0.32.0-5cc2ae0 - 2024-06-27


  • 0.32.0-4ed01aa - 2024-06-12


  • 0.32.0-0fdaa9e - 2024-06-25


  • 0.32.0-0d48b64 - 2024-06-07


  • 0.32.0-0a6885d - 2024-06-13


  • 0.32.0-55471 - 2024-06-12


  • 0.31.4 - 2024-07-08

    • Mark prisma clients package as optional - thanks @ Cherry
  • 0.31.3 - 2024-07-08

    Bug fixed

    • 🛠️ Fixed RQB behavior for tables with same names in different schemas
    • 🛠️ Fixed [BUG]: Mismatched type hints when using RDS Data API - #2097

    New Prisma-Drizzle extension

    import { PrismaClient } from '@ prisma/client';
    import { drizzle } from 'drizzle-orm/prisma/pg';
    import { User } from './drizzle';

    const prisma = new PrismaClient().$extends(drizzle());
    const users = await prisma.$drizzle.select().from(User);

    For more info, check docs: https://orm.drizzle.team/docs/prisma

  • 0.31.3-a90773c - 2024-07-08
  • 0.31.2 - 2024-06-07
from drizzle-orm GitHub release notes

Important

  • Check the changes in this PR to ensure they won't cause issues with your project.
  • This PR was automatically created by Snyk using the credentials of a real user.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

Snyk has created this PR to upgrade drizzle-orm from 0.31.2 to 0.33.0.

See this package in npm:
drizzle-orm

See this project in Snyk:
https://app.snyk.io/org/nialljoemaher/project/8ac19f6c-c7f2-4720-acd1-09701979877c?utm_source=github&utm_medium=referral&page=upgrade-pr
@NiallJoeMaher NiallJoeMaher requested a review from a team as a code owner October 3, 2024 06:10
Copy link

vercel bot commented Oct 3, 2024

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
codu ✅ Ready (Inspect) Visit Preview 💬 Add feedback Oct 3, 2024 6:13am

Copy link
Contributor

coderabbitai bot commented Oct 3, 2024

Important

Review skipped

Ignore keyword(s) in the title.

⛔ Ignored keywords (1)
  • [Snyk]

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.


Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Generate unit testing code for this file.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai generate unit testing code for this file.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and generate unit testing code.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

Copy link

github-actions bot commented Oct 3, 2024

Uh oh! @NiallJoeMaher, the image you shared is missing helpful alt text. Check your pull request body.

Alt text is an invisible description that helps screen readers describe images to blind or low-vision users. If you are using markdown to display images, add your alt text inside the brackets of the markdown image.

Learn more about alt text at Basic writing and formatting syntax: images on GitHub Docs.

@JohnAllenTech
Copy link
Contributor

JohnAllenTech commented Oct 3, 2024

This is now done in #1054

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
3 participants