[Snyk] Upgrade drizzle-orm from 0.30.10 to 0.33.0 #36
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Snyk has created this PR to upgrade drizzle-orm from 0.30.10 to 0.33.0.
ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.
The recommended version is 94 versions ahead of your current version.
The recommended version was released on a month ago.
Release notes
Package name: drizzle-orm
Breaking changes (for some of postgres.js users)
Bugs fixed for this breaking change
If you were using
postgres-js
withjsonb
fields, you might have seen stringified objects in your database, while drizzle insert and select operations were working as expected.You need to convert those fields from strings to actual JSON objects. To do this, you can use the following query to update your database:
if you are using jsonb:
if you are using json:
We've tested it in several cases, and it worked well, but only if all stringified objects are arrays or objects. If you have primitives like strings, numbers, booleans, etc., you can use this query to update all the fields
if you are using jsonb:
if you are using json:
If nothing works for you and you are blocked, please reach out to me @ AndriiSherman. I will try to help you!
Bug Fixes
AnySQLiteUpdate
- thanks @ veloiiRelease notes for
[email protected]
and[email protected]
New Features
🎉 MySQL
$returningId()
functionMySQL itself doesn't have native support for
RETURNING
after usingINSERT
. There is only one way to do it forprimary keys
withautoincrement
(orserial
) types, where you can accessinsertId
andaffectedRows
fields. We've prepared an automatic way for you to handle such cases with Drizzle and automatically receive all inserted IDs as separate objectsconst usersTable = mysqlTable('users', {
id: int('id').primaryKey(),
name: text('name').notNull(),
verified: boolean('verified').notNull().default(false),
});
const result = await db.insert(usersTable).values([{ name: 'John' }, { name: 'John1' }]).$returningId();
// ^? { id: number }[]
Also with Drizzle, you can specify a
primary key
with$default
function that will generate custom primary keys at runtime. We will also return those generated keys for you in the$returningId()
callimport { createId } from '@ paralleldrive/cuid2';
const usersTableDefFn = mysqlTable('users_default_fn', {
customId: varchar('id', { length: 256 }).primaryKey().$defaultFn(createId),
name: text('name').notNull(),
});
const result = await db.insert(usersTableDefFn).values([{ name: 'John' }, { name: 'John1' }]).$returningId();
// ^? { customId: string }[]
🎉 PostgreSQL Sequences
You can now specify sequences in Postgres within any schema you need and define all the available properties
Example
// No params specified
export const customSequence = pgSequence("name");
// Sequence with params
export const customSequence = pgSequence("name", {
startWith: 100,
maxValue: 10000,
minValue: 100,
cycle: true,
cache: 10,
increment: 2
});
// Sequence in custom schema
export const customSchema = pgSchema('custom_schema');
export const customSequence = customSchema.sequence("name");
🎉 PostgreSQL Identity Columns
Source: As mentioned, the
serial
type in Postgres is outdated and should be deprecated. Ideally, you should not use it.Identity columns
are the recommended way to specify sequences in your schema, which is why we are introducing theidentity columns
featureExample
export const ingredients = pgTable("ingredients", {
id: integer("id").primaryKey().generatedAlwaysAsIdentity({ startWith: 1000 }),
name: text("name").notNull(),
description: text("description"),
});
You can specify all properties available for sequences in the
.generatedAlwaysAsIdentity()
function. Additionally, you can specify custom names for these sequencesPostgreSQL docs reference.
🎉 PostgreSQL Generated Columns
You can now specify generated columns on any column supported by PostgreSQL to use with generated columns
Example with generated column for
tsvector
import { customType, index, integer, pgTable, text } from "drizzle-orm/pg-core";
const tsVector = customType<{ data: string }>({
dataType() {
return "tsvector";
},
});
export const test = pgTable(
"test",
{
id: integer("id").primaryKey().generatedAlwaysAsIdentity(),
content: text("content"),
contentSearch: tsVector("content_search", {
dimensions: 3,
}).generatedAlwaysAs(
(): SQL => sql
to_tsvector('english', <span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">test</span><span class="pl-kos">.</span><span class="pl-c1">content</span><span class="pl-kos">}</span></span>)
),
},
(t) => ({
idx: index("idx_content_search").using("gin", t.contentSearch),
})
);
In case you don't need to reference any columns from your table, you can use just
sql
template or astring
🎉 MySQL Generated Columns
You can now specify generated columns on any column supported by MySQL to use with generated columns
You can specify both
stored
andvirtual
options, for more info you can check MySQL docsAlso MySQL has a few limitation for such columns usage, which is described here
Drizzle Kit will also have limitations for
push
command:You can't change the generated constraint expression and type using
push
. Drizzle-kit will ignore this change. To make it work, you would need todrop the column
,push
, and thenadd a column with a new expression
. This was done due to the complex mapping from the database side, where the schema expression will be modified on the database side and, on introspection, we will get a different string. We can't be sure if you changed this expression or if it was changed and formatted by the database. As long as these are generated columns andpush
is mostly used for prototyping on a local database, it should be fast todrop
andcreate
generated columns. Since these columns aregenerated
, all the data will be restoredgenerate
should have no limitationsExample
In case you don't need to reference any columns from your table, you can use just
sql
template or astring
in.generatedAlwaysAs()
🎉 SQLite Generated Columns
You can now specify generated columns on any column supported by SQLite to use with generated columns
You can specify both
stored
andvirtual
options, for more info you can check SQLite docsAlso SQLite has a few limitation for such columns usage, which is described here
Drizzle Kit will also have limitations for
push
andgenerate
command:You can't change the generated constraint expression with the stored type in an existing table. You would need to delete this table and create it again. This is due to SQLite limitations for such actions. We will handle this case in future releases (it will involve the creation of a new table with data migration).
You can't add a
stored
generated expression to an existing column for the same reason as above. However, you can add avirtual
expression to an existing column.You can't change a
stored
generated expression in an existing column for the same reason as above. However, you can change avirtual
expression.You can't change the generated constraint type from
virtual
tostored
for the same reason as above. However, you can change fromstored
tovirtual
.New Drizzle Kit features
🎉 Migrations support for all the new orm features
PostgreSQL sequences, identity columns and generated columns for all dialects
🎉 New flag
--force
fordrizzle-kit push
You can auto-accept all data-loss statements using the push command. It's only available in CLI parameters. Make sure you always use it if you are fine with running data-loss statements on your database
🎉 New
migrations
flagprefix
You can now customize migration file prefixes to make the format suitable for your migration tools:
index
is the default type and will result in0001_name.sql
file names;supabase
andtimestamp
are equal and will result in20240627123900_name.sql
file names;unix
will result in unix seconds prefixes1719481298_name.sql
file names;none
will omit the prefix completely;Example: Supabase migrations format
export default defineConfig({
dialect: "postgresql",
migrations: {
prefix: 'supabase'
}
});
0.32.0-e7cf338 - 2024-06-25
0.32.0-d0d6436 - 2024-06-27
0.32.0-af7ce99 - 2024-06-17
0.32.0-aaf764c - 2024-07-09
0.32.0-85c8008 - 2024-06-24
0.32.0-857ba54 - 2024-06-11
0.32.0-81cb794 - 2024-06-22
0.32.0-7721c7c - 2024-06-22
0.32.0-7612dda - 2024-07-09
0.32.0-5cc2ae0 - 2024-06-27
0.32.0-4ed01aa - 2024-06-12
0.32.0-0fdaa9e - 2024-06-25
0.32.0-0d48b64 - 2024-06-07
0.32.0-0a6885d - 2024-06-13
0.32.0-55471 - 2024-06-12
0.31.4 - 2024-07-08
Bug fixed
New Prisma-Drizzle extension
import { drizzle } from 'drizzle-orm/prisma/pg';
import { User } from './drizzle';
const prisma = new PrismaClient().$extends(drizzle());
const users = await prisma.$drizzle.select().from(User);
For more info, check docs: https://orm.drizzle.team/docs/prisma
Important
Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.
For more information: