[Snyk] Upgrade drizzle-orm from 0.30.1 to 0.32.0 #1
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Snyk has created this PR to upgrade drizzle-orm from 0.30.1 to 0.32.0. See this package in npm: drizzle-orm See this project in Snyk: https://app.snyk.io/org/zntb/project/d308268f-afda-4966-85d9-095070fc0bd9?utm_source=github&utm_medium=referral&page=upgrade-pr
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade drizzle-orm from 0.30.1 to 0.32.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 95 versions ahead of your current version.
The recommended version was released on 23 days ago.
Release notes
Package name: drizzle-orm
Release notes for
drizzle-orm@0.32.0anddrizzle-kit@0.23.0New Features
🎉 MySQL
$returningId()functionMySQL itself doesn't have native support for
RETURNINGafter usingINSERT. There is only one way to do it forprimary keyswithautoincrement(orserial) types, where you can accessinsertIdandaffectedRowsfields. We've prepared an automatic way for you to handle such cases with Drizzle and automatically receive all inserted IDs as separate objectsconst usersTable = mysqlTable('users', {
id: int('id').primaryKey(),
name: text('name').notNull(),
verified: boolean('verified').notNull().default(false),
});
const result = await db.insert(usersTable).values([{ name: 'John' }, { name: 'John1' }]).$returningId();
// ^? { id: number }[]
Also with Drizzle, you can specify a
primary keywith$defaultfunction that will generate custom primary keys at runtime. We will also return those generated keys for you in the$returningId()callimport { createId } from '@ paralleldrive/cuid2';
const usersTableDefFn = mysqlTable('users_default_fn', {
customId: varchar('id', { length: 256 }).primaryKey().$defaultFn(createId),
name: text('name').notNull(),
});
const result = await db.insert(usersTableDefFn).values([{ name: 'John' }, { name: 'John1' }]).$returningId();
// ^? { customId: string }[]
🎉 PostgreSQL Sequences
You can now specify sequences in Postgres within any schema you need and define all the available properties
Example
// No params specified
export const customSequence = pgSequence("name");
// Sequence with params
export const customSequence = pgSequence("name", {
startWith: 100,
maxValue: 10000,
minValue: 100,
cycle: true,
cache: 10,
increment: 2
});
// Sequence in custom schema
export const customSchema = pgSchema('custom_schema');
export const customSequence = customSchema.sequence("name");
🎉 PostgreSQL Identity Columns
Source: As mentioned, the
serialtype in Postgres is outdated and should be deprecated. Ideally, you should not use it.Identity columnsare the recommended way to specify sequences in your schema, which is why we are introducing theidentity columnsfeatureExample
export const ingredients = pgTable("ingredients", {
id: integer("id").primaryKey().generatedAlwaysAsIdentity({ startWith: 1000 }),
name: text("name").notNull(),
description: text("description"),
});
You can specify all properties available for sequences in the
.generatedAlwaysAsIdentity()function. Additionally, you can specify custom names for these sequencesPostgreSQL docs reference.
🎉 PostgreSQL Generated Columns
You can now specify generated columns on any column supported by PostgreSQL to use with generated columns
Example with generated column for
tsvectorimport { customType, index, integer, pgTable, text } from "drizzle-orm/pg-core";
const tsVector = customType<{ data: string }>({
dataType() {
return "tsvector";
},
});
export const test = pgTable(
"test",
{
id: integer("id").primaryKey().generatedAlwaysAsIdentity(),
content: text("content"),
contentSearch: tsVector("content_search", {
dimensions: 3,
}).generatedAlwaysAs(
(): SQL => sql
to_tsvector('english', <span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">test</span><span class="pl-kos">.</span><span class="pl-c1">content</span><span class="pl-kos">}</span></span>)),
},
(t) => ({
idx: index("idx_content_search").using("gin", t.contentSearch),
})
);
In case you don't need to reference any columns from your table, you can use just
sqltemplate or astring🎉 MySQL Generated Columns
You can now specify generated columns on any column supported by MySQL to use with generated columns
You can specify both
storedandvirtualoptions, for more info you can check MySQL docsAlso MySQL has a few limitation for such columns usage, which is described here
Drizzle Kit will also have limitations for
pushcommand:You can't change the generated constraint expression and type using
push. Drizzle-kit will ignore this change. To make it work, you would need todrop the column,push, and thenadd a column with a new expression. This was done due to the complex mapping from the database side, where the schema expression will be modified on the database side and, on introspection, we will get a different string. We can't be sure if you changed this expression or if it was changed and formatted by the database. As long as these are generated columns andpushis mostly used for prototyping on a local database, it should be fast todropandcreategenerated columns. Since these columns aregenerated, all the data will be restoredgenerateshould have no limitationsExample
In case you don't need to reference any columns from your table, you can use just
sqltemplate or astringin.generatedAlwaysAs()🎉 SQLite Generated Columns
You can now specify generated columns on any column supported by SQLite to use with generated columns
You can specify both
storedandvirtualoptions, for more info you can check SQLite docsAlso SQLite has a few limitation for such columns usage, which is described here
Drizzle Kit will also have limitations for
pushandgeneratecommand:You can't change the generated constraint expression with the stored type in an existing table. You would need to delete this table and create it again. This is due to SQLite limitations for such actions. We will handle this case in future releases (it will involve the creation of a new table with data migration).
You can't add a
storedgenerated expression to an existing column for the same reason as above. However, you can add avirtualexpression to an existing column.You can't change a
storedgenerated expression in an existing column for the same reason as above. However, you can change avirtualexpression.You can't change the generated constraint type from
virtualtostoredfor the same reason as above. However, you can change fromstoredtovirtual.New Drizzle Kit features
🎉 Migrations support for all the new orm features
PostgreSQL sequences, identity columns and generated columns for all dialects
🎉 New flag
--forcefordrizzle-kit pushYou can auto-accept all data-loss statements using the push command. It's only available in CLI parameters. Make sure you always use it if you are fine with running data-loss statements on your database
🎉 New
migrationsflagprefixYou can now customize migration file prefixes to make the format suitable for your migration tools:
indexis the default type and will result in0001_name.sqlfile names;supabaseandtimestampare equal and will result in20240627123900_name.sqlfile names;unixwill result in unix seconds prefixes1719481298_name.sqlfile names;nonewill omit the prefix completely;Example: Supabase migrations format
export default defineConfig({
dialect: "postgresql",
migrations: {
prefix: 'supabase'
}
});
0.32.0-e7cf338 - 2024-06-25
0.32.0-d0d6436 - 2024-06-27
0.32.0-af7ce99 - 2024-06-17
0.32.0-aaf764c - 2024-07-09
0.32.0-85c8008 - 2024-06-24
0.32.0-857ba54 - 2024-06-11
0.32.0-81cb794 - 2024-06-22
0.32.0-7721c7c - 2024-06-22
0.32.0-7612dda - 2024-07-09
0.32.0-5cc2ae0 - 2024-06-27
0.32.0-4ed01aa - 2024-06-12
0.32.0-0fdaa9e - 2024-06-25
0.32.0-0d48b64 - 2024-06-07
0.32.0-0a6885d - 2024-06-13
0.32.0-55471 - 2024-06-12
0.31.4 - 2024-07-08
Bug fixed
New Prisma-Drizzle extension
import { drizzle } from 'drizzle-orm/prisma/pg';
import { User } from './drizzle';
const prisma = new PrismaClient().$extends(drizzle());
const users = await prisma.$drizzle.select().from(User);
For more info, check docs: https://orm.drizzle.team/docs/prisma
🎉 Added support for TiDB Cloud Serverless driver:
import { drizzle } from 'drizzle-orm/tidb-serverless';
const client = connect({ url: '...' });
const db = drizzle(client);
await db.select().from(...);
New Features
Live Queries 🎉
As of
v0.31.1Drizzle ORM now has native support for Expo SQLite Live Queries!We've implemented a native
useLiveQueryReact Hook which observes necessary database changes and automatically re-runs database queries. It works with both SQL-like and Drizzle Queries:import { openDatabaseSync } from 'expo-sqlite/next';
import { users } from './schema';
import { Text } from 'react-native';
const expo = openDatabaseSync('db.db', { enableChangeListener: true }); // <-- enable change listeners
const db = drizzle(expo);
const App = () => {
// Re-renders automatically when data changes
const { data } = useLiveQuery(db.select().from(users));
// const { data, error, updatedAt } = useLiveQuery(db.query.users.findFirst());
// const { data, error, updatedAt } = useLiveQuery(db.query.users.findMany());
return <Text>{JSON.stringify(data)}</Text>;
};
export default App;
We've intentionally not changed the API of ORM itself to stay with conventional React Hook API, so we have
useLiveQuery(databaseQuery)as opposed todb.select().from(users).useLive()ordb.query.users.useFindMany()We've also decided to provide
data,errorandupdatedAtfields as a result of hook for concise explicit error handling following practices ofReact QueryandElectric SQLBreaking changes
PostgreSQL indexes API was changed
The previous Drizzle+PostgreSQL indexes API was incorrect and was not aligned with the PostgreSQL documentation. The good thing is that it was not used in queries, and drizzle-kit didn't support all properties for indexes. This means we can now change the API to the correct one and provide full support for it in drizzle-kit
Previous API
.on..usingand.onin our case are the same thing, so the API is incorrect here..asc(),.desc(),.nullsFirst(), and.nullsLast()should be specified for each column or expression on indexes, but not on an index itself.Current API
.with({ fillfactor: '70' })
// Second Example, with
.using()index('name')
.using('btree', table.column1.asc(), sql
lower(<span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">table</span><span class="pl-kos">.</span><span class="pl-c1">column2</span><span class="pl-kos">}</span></span>), table.column1.op('text_ops')).where(sql``) // sql expression
.with({ fillfactor: '70' })
New Features
🎉 "pg_vector" extension support
You can now specify indexes for
pg_vectorand utilizepg_vectorfunctions for querying, ordering, etc.Let's take a few examples of
pg_vectorindexes from thepg_vectordocs and translate them to DrizzleL2 distance, Inner product and Cosine distance
// CREATE INDEX ON items USING hnsw (embedding vector_ip_ops);
// CREATE INDEX ON items USING hnsw (embedding vector_cosine_ops);
const table = pgTable('items', {
embedding: vector('embedding', { dimensions: 3 })
}, (table) => ({
l2: index('l2_index').using('hnsw', table.embedding.op('vector_l2_ops'))
ip: index('ip_index').using('hnsw', table.embedding.op('vector_ip_ops'))
cosine: index('cosine_index').using('hnsw', table.embedding.op('vector_cosine_ops'))
}))
L1 distance, Hamming distance and Jaccard distance - added in pg_vector 0.7.0 version
// CREATE INDEX ON items USING hnsw (embedding bit_hamming_ops);
// CREATE INDEX ON items USING hnsw (embedding bit_jaccard_ops);
const table = pgTable('table', {
embedding: vector('embedding', { dimensions: 3 })
}, (table) => ({
l1: index('l1_index').using('hnsw', table.embedding.op('vector_l1_ops'))
hamming: index('hamming_index').using('hnsw', table.embedding.op('bit_hamming_ops'))
bit: index('bit_jaccard_index').using('hnsw', table.embedding.op('bit_jaccard_ops'))
}))
For queries, you can use predefined functions for vectors or create custom ones using the SQL template operator.
You can also use the following helpers:
cosineDistance, hammingDistance, jaccardDistance } from 'drizzle-orm'
l2Distance(table.column, [3, 1, 2]) // table.column <-> '[3, 1, 2]'
l1Distance(table.column, [3, 1, 2]) // table.column <+> '[3, 1, 2]'
innerProduct(table.column, [3, 1, 2]) // table.column <#> '[3, 1, 2]'
cosineDistance(table.column, [3, 1, 2]) // table.column <=> '[3, 1, 2]'
hammingDistance(table.column, '101') // table.column <~> '101'
jaccardDistance(table.column, '101') // table.column <%> '101'
If
pg_vectorhas some other functions to use, you can replicate implimentation from existing one we have. Here is how it can be done