[Snyk] Upgrade drizzle-orm from 0.31.2 to 0.33.0

[NiallJoeMaher]

Snyk has created this PR to upgrade drizzle-orm from 0.31.2 to 0.33.0.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 75 versions ahead of your current version.

• The recommended version was released on 2 months ago.

Release notes

Package name: drizzle-orm

• 0.33.0 - 2024-08-08
  

  Breaking changes (for some of postgres.js users)

  Bugs fixed for this breaking change

  • [BUG]: jsonb always inserted as a json string when using postgres-js
  • [BUG]: jsonb type on postgres implement incorrectly

  As we are doing with other drivers, we've changed the behavior of PostgreSQL-JS to pass raw JSON values, the same as you see them in the database. So if you are using the PostgreSQL-JS driver and passing data to Drizzle elsewhere, please check the new behavior of the client after it is passed to Drizzle.

  We will update it to ensure it does not override driver behaviors, but this will be done as a complex task for everything in Drizzle in other releases

  If you were using postgres-js with jsonb fields, you might have seen stringified objects in your database, while drizzle insert and select operations were working as expected.

  You need to convert those fields from strings to actual JSON objects. To do this, you can use the following query to update your database:

  if you are using jsonb:

  update table_name
  set jsonb_column = (jsonb_column #>> '{}')::jsonb;

  if you are using json:

  update table_name
  set json_column = (json_column #>> '{}')::json;

  We've tested it in several cases, and it worked well, but only if all stringified objects are arrays or objects. If you have primitives like strings, numbers, booleans, etc., you can use this query to update all the fields

  if you are using jsonb:

  UPDATE table_name
  SET jsonb_column = CASE
      -- Convert to JSONB if it is a valid JSON object or array
      WHEN jsonb_column #>> '{}' LIKE '{%' OR jsonb_column #>> '{}' LIKE '[%' THEN
          (jsonb_column #>> '{}')::jsonb
      ELSE
          jsonb_column
  END
  WHERE
      jsonb_column IS NOT NULL;

  if you are using json:

  UPDATE table_name
  SET json_column = CASE
      -- Convert to JSON if it is a valid JSON object or array
      WHEN json_column #>> '{}' LIKE '{%' OR json_column #>> '{}' LIKE '[%' THEN
          (json_column #>> '{}')::json
      ELSE
          json_column
  END
  WHERE json_column IS NOT NULL;

  If nothing works for you and you are blocked, please reach out to me @ AndriiSherman. I will try to help you!

  Bug Fixes

  • [BUG]: boolean mode not working with prepared statements (bettersqlite) - thanks @ veloii
  • [BUG]: isTable helper function is not working - thanks @ hajek-raven
  • [BUG]: Documentation is outdated on inArray and notInArray Methods - thanks @ RemiPeruto
• 0.33.0-ff1dcd9 - 2024-09-03
• 0.33.0-f7ddd08 - 2024-08-22
• 0.33.0-f71baf7 - 2024-08-15
• 0.33.0-efd821d - 2024-09-05
• 0.33.0-daeed1e - 2024-09-04
• 0.33.0-d496e6f - 2024-09-06
• 0.33.0-d11d7bb - 2024-09-11
• 0.33.0-cd1f68c - 2024-09-07
• 0.33.0-cd0b1a2 - 2024-09-11
• 0.33.0-c6528ed - 2024-09-09
• 0.33.0-c5d1196 - 2024-09-03
• 0.33.0-bddd952 - 2024-08-16
• 0.33.0-b921e79 - 2024-08-29
• 0.33.0-ad58316 - 2024-09-04
• 0.33.0-ab3b46d - 2024-09-02
• 0.33.0-8db0aa4 - 2024-08-27
• 0.33.0-8cf7a61 - 2024-09-05
• 0.33.0-8948f19 - 2024-08-28
• 0.33.0-8944ef1 - 2024-09-06
• 0.33.0-87d7704 - 2024-08-26
• 0.33.0-86140ad - 2024-09-09
• 0.33.0-807aa5b - 2024-09-02
• 0.33.0-7bea25c - 2024-09-06
• 0.33.0-766f76f - 2024-08-27
• 0.33.0-7469abe - 2024-09-06
• 0.33.0-6fbcf46 - 2024-09-14
• 0.33.0-6386ea9 - 2024-08-14
• 0.33.0-626cc95 - 2024-08-23
• 0.33.0-6205f01 - 2024-08-08
• 0.33.0-5be80aa - 2024-09-02
• 0.33.0-5b9600e - 2024-09-02
• 0.33.0-540bab9 - 2024-09-05
• 0.33.0-50ebd0a - 2024-08-30
• 0.33.0-4c4912d - 2024-08-23
• 0.33.0-417b0fa - 2024-08-27
• 0.33.0-4045fbc - 2024-08-23
• 0.33.0-3e27645 - 2024-09-03
• 0.33.0-3c3ccca - 2024-09-04
• 0.33.0-38d6dab - 2024-08-12
• 0.33.0-30e7661 - 2024-08-26
• 0.33.0-277e6de - 2024-09-06
• 0.33.0-25af8ee - 2024-08-27
• 0.33.0-1a5913a - 2024-08-26
• 0.33.0-1321cf9 - 2024-09-04
• 0.33.0-12ef143 - 2024-08-27
• 0.33.0-0ced1ab - 2024-08-23
• 0.32.2 - 2024-08-05
  
  • Fix AWS Data API type hints bugs in RQB
  • Fix set transactions in MySQL bug - thanks @ roguesherlock
  • Add forwaring dependencies within useLiveQuery, fixes #2651 - thanks @ anstapol
  • Export additional types from SQLite package, like AnySQLiteUpdate - thanks @ veloii
• 0.32.2-df9e596 - 2024-08-07
• 0.32.2-d486e9b - 2024-08-07
• 0.32.2-cd71182 - 2024-08-07
• 0.32.2-6234cbf - 2024-08-06
• 0.32.2-22df170 - 2024-08-07
• 0.32.1 - 2024-07-23
  
  • Fix typings for indexes and allow creating indexes on 3+ columns mixing columns and expressions - thanks @ lbguilherme!
  • Added support for "limit 0" in all dialects - closes #2011 - thanks @ sillvva!
  • Make inArray and notInArray accept empty list, closes #1295 - thanks @ RemiPeruto!
  • fix typo in lt typedoc - thanks @ dalechyn!
  • fix wrong example in README.md - thanks @ 7flash!
• 0.32.1-848e136 - 2024-07-25
• 0.32.1-3d4e79a - 2024-08-01
• 0.32.0 - 2024-07-10
  

  Release notes for drizzle-orm@0.32.0 and drizzle-kit@0.23.0

  It's not mandatory to upgrade both packages, but if you want to use the new features in both queries and migrations, you will need to upgrade both packages

  New Features

  🎉 MySQL $returningId() function

  MySQL itself doesn't have native support for RETURNING after using INSERT. There is only one way to do it for primary keys with autoincrement (or serial) types, where you can access insertId and affectedRows fields. We've prepared an automatic way for you to handle such cases with Drizzle and automatically receive all inserted IDs as separate objects

  import { boolean, int, text, mysqlTable } from 'drizzle-orm/mysql-core';

  const usersTable = mysqlTable('users', {
  id: int('id').primaryKey(),
  name: text('name').notNull(),
  verified: boolean('verified').notNull().default(false),
  });

  const result = await db.insert(usersTable).values([{ name: 'John' }, { name: 'John1' }]).$returningId();
  // ^? { id: number }[]

  Also with Drizzle, you can specify a primary key with $default function that will generate custom primary keys at runtime. We will also return those generated keys for you in the $returningId() call

  import { varchar, text, mysqlTable } from 'drizzle-orm/mysql-core';
  import { createId } from '@ paralleldrive/cuid2';

  const usersTableDefFn = mysqlTable('users_default_fn', {
  customId: varchar('id', { length: 256 }).primaryKey().$defaultFn(createId),
  name: text('name').notNull(),
  });

  const result = await db.insert(usersTableDefFn).values([{ name: 'John' }, { name: 'John1' }]).$returningId();
  // ^? { customId: string }[]

  If there is no primary keys -> type will be {}[] for such queries

  🎉 PostgreSQL Sequences

  You can now specify sequences in Postgres within any schema you need and define all the available properties

  Example

  import { pgSchema, pgSequence } from "drizzle-orm/pg-core";

  // No params specified
  export const customSequence = pgSequence("name");

  // Sequence with params
  export const customSequence = pgSequence("name", {
  startWith: 100,
  maxValue: 10000,
  minValue: 100,
  cycle: true,
  cache: 10,
  increment: 2
  });

  // Sequence in custom schema
  export const customSchema = pgSchema('custom_schema');

  export const customSequence = customSchema.sequence("name");

  🎉 PostgreSQL Identity Columns

  Source: As mentioned, the serial type in Postgres is outdated and should be deprecated. Ideally, you should not use it. Identity columns are the recommended way to specify sequences in your schema, which is why we are introducing the identity columns feature

  Example

  import { pgTable, integer, text } from 'drizzle-orm/pg-core'

  export const ingredients = pgTable("ingredients", {
  id: integer("id").primaryKey().generatedAlwaysAsIdentity({ startWith: 1000 }),
  name: text("name").notNull(),
  description: text("description"),
  });

  You can specify all properties available for sequences in the .generatedAlwaysAsIdentity() function. Additionally, you can specify custom names for these sequences

  PostgreSQL docs reference.

  🎉 PostgreSQL Generated Columns

  You can now specify generated columns on any column supported by PostgreSQL to use with generated columns

  Example with generated column for tsvector

  Note: we will add tsVector column type before latest release

  import { SQL, sql } from "drizzle-orm";
  import { customType, index, integer, pgTable, text } from "drizzle-orm/pg-core";

  const tsVector = customType<{ data: string }>({
  dataType() {
  return "tsvector";
  },
  });

  export const test = pgTable(
  "test",
  {
  id: integer("id").primaryKey().generatedAlwaysAsIdentity(),
  content: text("content"),
  contentSearch: tsVector("content_search", {
  dimensions: 3,
  }).generatedAlwaysAs(
  (): SQL => sqlto_tsvector('english', <span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">test</span><span class="pl-kos">.</span><span class="pl-c1">content</span><span class="pl-kos">}</span></span>)
  ),
  },
  (t) => ({
  idx: index("idx_content_search").using("gin", t.contentSearch),
  })
  );

  In case you don't need to reference any columns from your table, you can use just sql template or a string

  export const users = pgTable("users", {
    id: integer("id"),
    name: text("name"),
    generatedName: text("gen_name").generatedAlwaysAs(sql`hello world!`),
    generatedName1: text("gen_name1").generatedAlwaysAs("hello world!"),
  }),

  🎉 MySQL Generated Columns

  You can now specify generated columns on any column supported by MySQL to use with generated columns

  You can specify both stored and virtual options, for more info you can check MySQL docs

  Also MySQL has a few limitation for such columns usage, which is described here

  Drizzle Kit will also have limitations for push command:

  1. You can't change the generated constraint expression and type using push. Drizzle-kit will ignore this change. To make it work, you would need to drop the column, push, and then add a column with a new expression. This was done due to the complex mapping from the database side, where the schema expression will be modified on the database side and, on introspection, we will get a different string. We can't be sure if you changed this expression or if it was changed and formatted by the database. As long as these are generated columns and push is mostly used for prototyping on a local database, it should be fast to drop and create generated columns. Since these columns are generated, all the data will be restored

  2. generate should have no limitations

  Example

  export const users = mysqlTable("users", {
    id: int("id"),
    id2: int("id2"),
    name: text("name"),
    generatedName: text("gen_name").generatedAlwaysAs(
      (): SQL => sql`${schema2.users.name} || 'hello'`,
      { mode: "stored" }
    ),
    generatedName1: text("gen_name1").generatedAlwaysAs(
      (): SQL => sql`${schema2.users.name} || 'hello'`,
      { mode: "virtual" }
    ),
  }),

  In case you don't need to reference any columns from your table, you can use just sql template or a string in .generatedAlwaysAs()

  🎉 SQLite Generated Columns

  You can now specify generated columns on any column supported by SQLite to use with generated columns

  You can specify both stored and virtual options, for more info you can check SQLite docs

  Also SQLite has a few limitation for such columns usage, which is described here

  Drizzle Kit will also have limitations for push and generate command:

  1. You can't change the generated constraint expression with the stored type in an existing table. You would need to delete this table and create it again. This is due to SQLite limitations for such actions. We will handle this case in future releases (it will involve the creation of a new table with data migration).

  2. You can't add a stored generated expression to an existing column for the same reason as above. However, you can add a virtual expression to an existing column.

  3. You can't change a stored generated expression in an existing column for the same reason as above. However, you can change a virtual expression.

  4. You can't change the generated constraint type from virtual to stored for the same reason as above. However, you can change from stored to virtual.

  New Drizzle Kit features

  🎉 Migrations support for all the new orm features

  PostgreSQL sequences, identity columns and generated columns for all dialects

  🎉 New flag --force for drizzle-kit push

  You can auto-accept all data-loss statements using the push command. It's only available in CLI parameters. Make sure you always use it if you are fine with running data-loss statements on your database

  🎉 New migrations flag prefix

  You can now customize migration file prefixes to make the format suitable for your migration tools:

  • index is the default type and will result in 0001_name.sql file names;
  • supabase and timestamp are equal and will result in 20240627123900_name.sql file names;
  • unix will result in unix seconds prefixes 1719481298_name.sql file names;
  • none will omit the prefix completely;

  Example: Supabase migrations format

  import { defineConfig } from "drizzle-kit";

  export default defineConfig({
  dialect: "postgresql",
  migrations: {
  prefix: 'supabase'
  }
  });

  
  


• 
  0.32.0-e7cf338 - 2024-06-25
  


• 
  0.32.0-d0d6436 - 2024-06-27
  


• 
  0.32.0-af7ce99 - 2024-06-17
  


• 
  0.32.0-aaf764c - 2024-07-09
  


• 
  0.32.0-85c8008 - 2024-06-24
  


• 
  0.32.0-857ba54 - 2024-06-11
  


• 
  0.32.0-81cb794 - 2024-06-22
  


• 
  0.32.0-7721c7c - 2024-06-22
  


• 
  0.32.0-7612dda - 2024-07-09
  


• 
  0.32.0-5cc2ae0 - 2024-06-27
  


• 
  0.32.0-4ed01aa - 2024-06-12
  


• 
  0.32.0-0fdaa9e - 2024-06-25
  


• 
  0.32.0-0d48b64 - 2024-06-07
  


• 
  0.32.0-0a6885d - 2024-06-13
  


• 
  0.32.0-55471 - 2024-06-12
  


• 
  0.31.4 - 2024-07-08
  

  • Mark prisma clients package as optional - thanks @ Cherry
• 0.31.3 - 2024-07-08
  

  Bug fixed

  • 🛠️ Fixed RQB behavior for tables with same names in different schemas
  • 🛠️ Fixed [BUG]: Mismatched type hints when using RDS Data API - #2097

  New Prisma-Drizzle extension

  import { PrismaClient } from '@ prisma/client';
  import { drizzle } from 'drizzle-orm/prisma/pg';
  import { User } from './drizzle';

  const prisma = new PrismaClient().$extends(drizzle());
  const users = await prisma.$drizzle.select().from(User);

  For more info, check docs: https://orm.drizzle.team/docs/prisma

• 0.31.3-a90773c - 2024-07-08
• 0.31.2 - 2024-06-07

from drizzle-orm GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
codu	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Oct 3, 2024 6:13am

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

⛔ Ignored keywords (1)

• [Snyk]

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[github-actions]

Uh oh! @NiallJoeMaher, the image you shared is missing helpful alt text. Check your pull request body.

Alt text is an invisible description that helps screen readers describe images to blind or low-vision users. If you are using markdown to display images, add your alt text inside the brackets of the markdown image.

Learn more about alt text at Basic writing and formatting syntax: images on GitHub Docs.

[JohnAllenTech]

This is now done in #1054