Skip to content

fix: handle limit(0) and offset(0) correctly in SelectQueryBuilder #11507

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
alumni merged 3 commits into from
Jun 5, 2025
Merged

fix: handle limit(0) and offset(0) correctly in SelectQueryBuilder #11507

alumni merged 3 commits into from
Jun 5, 2025

Conversation

@yeonghun104
Copy link
Contributor

@yeonghun104 yeonghun104 commented Jun 4, 2025
edited by coderabbitai bot
Loading

🐛 Bug Fix

Description of change

Problem:
Currently, when limit(0) or offset(0) is used in SelectQueryBuilder, they are treated as falsy values in JavaScript and completely ignored, causing the query to return all records instead of the expected empty result. This is a potential security issue and goes against SQL standard behavior.

Root Cause:
JavaScript falsy value evaluation in conditional statements:

if (limit && offset) // limit=0 evaluates to false
if (limit)          // limit=0 evaluates to false

Solution:

  • Replace falsy checks (!limit) with explicit undefined/null checks (limit === undefined)
  • Add helper functions hasLimit and hasOffset to properly distinguish between unset values and zero values
  • Ensure consistent behavior across all database drivers (MySQL, PostgreSQL, SQLite, SQL Server, Oracle)
  • Add comprehensive test coverage for zero value scenarios

Current Behavior:

queryBuilder.limit(0).getMany()
// SQL: SELECT * FROM users (no LIMIT clause)
// Result: ALL records (security risk!)

New Behavior:

queryBuilder.limit(0).getMany()
// SQL: SELECT * FROM users LIMIT 0
// Result: [] (empty array, as expected)

Changes Made:

  1. SelectQueryBuilder.ts:

    • Modified createLimitOffsetExpression() to handle zero values correctly
    • Added helper functions to distinguish between undefined and 0
    • Updated all database-specific condition checks

  2. Test Coverage:

    • Added comprehensive test cases for limit(0), offset(0), take(0), skip(0)
    • Verified SQL generation correctness
    • Tested actual query execution behavior

Verification:

  • ✅ All existing tests pass
  • ✅ New test cases added and passing
  • ✅ Tested across SQLite (in test suite)
  • ✅ Manual verification of SQL generation for all database types

Pull-Request Checklist

  • Code is up-to-date with the master branch
  • This pull request links relevant issues as Fixes #00000 (N/A - no existing issue)
  • There are new or updated unit tests validating the change
  • Documentation has been updated to reflect this change (N/A - behavior fix, not new feature)

Breaking Changes

None. This is a bug fix that makes the behavior match developer expectations and SQL standards.

Database Compatibility

  • ✅ MySQL/MariaDB: LIMIT 0
  • ✅ PostgreSQL: LIMIT 0
  • ✅ SQLite: LIMIT 0
  • ✅ SQL Server: FETCH NEXT 0 ROWS ONLY
  • ✅ Oracle: FETCH NEXT 0 ROWS ONLY

Before vs After Examples

Before (Broken Behavior)

// Expected: Get 0 results
const users = await userRepository
  .createQueryBuilder("user")
  .limit(0)
  .getMany()

// Actual SQL: SELECT * FROM users (no LIMIT!)
// Actual Result: [user1, user2, user3, ...] (ALL users - security risk!)

After (Fixed Behavior)

// Expected: Get 0 results
const users = await userRepository
  .createQueryBuilder("user")
  .limit(0)
  .getMany()

// Generated SQL: SELECT * FROM users LIMIT 0
// Result: [] (empty array, as expected)

Use Cases This Fixes

  1. Dynamic Pagination: When page size is conditionally set to 0
  2. Conditional Queries: When limit is calculated and might be 0
  3. Security: Prevents accidental data exposure when 0 limit was intended
  4. API Consistency: Makes behavior match standard SQL and other ORMs

This fix ensures TypeORM behaves predictably and securely when developers explicitly set limit or offset to zero.

Summary by CodeRabbit

  • Bug Fixes
    • Improved handling of zero values for limit and offset in queries, ensuring correct SQL generation and processing.
  • Tests
    • Added tests to verify accurate SQL generation and query results when using zero values for limit and offset.

@yeonghun104
fix: handle limit(0) and offset(0) correctly in SelectQueryBuilder
1a074fb 
- Fix JavaScript falsy value issue where limit(0) was treated as undefined
- Now limit(0) correctly generates 'LIMIT 0' SQL clause instead of being ignored
- Add helper functions hasLimit/hasOffset to distinguish between undefined and 0
- Add comprehensive test cases for zero value handling in limit/offset/take/skip
- Prevents potential security issue where limit(0) returned all records

Fixes potential data exposure when limit(0) was intended to return empty result
@coderabbitai
Copy link
Contributor

coderabbitai bot commented Jun 4, 2025
edited
Loading

"""

Walkthrough

The changes update the internal logic of the SelectQueryBuilder to handle limit and offset values of zero correctly, ensuring they are not treated as unset. Tests are added to verify SQL generation and execution when limit or offset is zero, confirming proper behavior across various scenarios.

Changes

File(s) Change Summary
src/query-builder/SelectQueryBuilder.ts Refined logic in createLimitOffsetExpression to explicitly check for undefined and null on limit and offset, ensuring zero values are treated as set. Introduced hasLimit and hasOffset for clarity.
test/functional/query-builder/select/query-builder-select.ts Added tests verifying SQL generation and query execution with zero values for limit and offset, covering multiple combinations and confirming empty results when limit is zero.

Poem

In the garden of queries, a limit set to naught,
Offset at zero, the SQL’s well-wrought.
No rows to be found, the tests all agree,
Rabbits rejoice in correctness, with glee!
From zero to many, the builder’s now wise—
Every carrot counted, no more surprise! 🥕
"""

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 ESLint

If the error stems from missing dependencies, add them to the package.json file. For unrecoverable errors (e.g., due to private dependencies), disable the tool in the CodeRabbit configuration.

npm error Exit handler never called!
npm error This is an error with npm itself. Please report this error at:
npm error https://github.com/npm/cli/issues
npm error A complete log of this run can be found in: /.npm/_logs/2025-06-05T03_17_10_207Z-debug-0.log

📜 Recent review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 69ea2d7 and e1da140.

📒 Files selected for processing (1)
  • test/functional/query-builder/select/query-builder-select.ts (1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
  • test/functional/query-builder/select/query-builder-select.ts
✨ Finishing Touches
  • 📝 Generate Docstrings

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share
🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

  • Review comments: Directly reply to a review comment made by CodeRabbit. Example:
    • I pushed a fix in commit <commit_id>, please review it.
    • Explain this complex logic.
    • Open a follow-up GitHub issue for this discussion.
  • Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
    • @coderabbitai explain this code block.
    • @coderabbitai modularize this function.
  • PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
    • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
    • @coderabbitai read src/utils.ts and explain its main purpose.
    • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
    • @coderabbitai help me debug CodeRabbit configuration file.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

  • @coderabbitai pause to pause the reviews on a PR.
  • @coderabbitai resume to resume the paused reviews.
  • @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
  • @coderabbitai full review to do a full review from scratch and review all the files again.
  • @coderabbitai summary to regenerate the summary of the PR.
  • @coderabbitai generate docstrings to generate docstrings for this PR.
  • @coderabbitai generate sequence diagram to generate a sequence diagram of the changes in this PR.
  • @coderabbitai resolve resolve all the CodeRabbit review comments.
  • @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
  • @coderabbitai help to get help.

Other keywords and placeholders

  • Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
  • Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
  • Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

  • You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
  • Please see the configuration documentation for more information.
  • If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

  • Visit our Documentation for detailed information on how to use CodeRabbit.
  • Join our Discord Community to get help, request features, and share feedback.
  • Follow us on X/Twitter for updates and announcements.

coderabbitai[bot]
coderabbitai bot reviewed Jun 4, 2025
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 0

🧹 Nitpick comments (2)
src/query-builder/SelectQueryBuilder.ts (1)

2556-2558: Simplify hasLimit and hasOffset null checks

You can tighten these definitions using a single nullish comparison:

- const hasLimit = limit !== undefined && limit !== null
- const hasOffset = offset !== undefined && offset !== null
+ const hasLimit = limit != null
+ const hasOffset = offset != null
test/functional/query-builder/select/query-builder-select.ts (1)

623-794: Consider expanding test coverage for robustness.

The test suite is well-structured but could benefit from additional coverage:

  1. Multi-driver testing: Current tests only run on SQLite. Consider testing across multiple database drivers as mentioned in the PR objectives.
  2. Negative test cases: Add tests ensuring non-zero limits/offsets still work correctly to prevent regressions.
  3. Edge case combinations: Test scenarios like limit(1).offset(0) or limit(0).offset(0).

Consider adding these additional test cases:

it("should work correctly with non-zero limits and offsets", () =>
    Promise.all(
        connections.map(async (connection) => {
            const sql = connection
                .createQueryBuilder(Post, "post")
                .limit(5)
                .offset(10)
                .disableEscaping()
                .getSql()
            
            expect(sql).to.contain("LIMIT 5 OFFSET 10")
        })
    ))

it("should handle limit(0) with offset(0)", () =>
    Promise.all(
        connections.map(async (connection) => {
            const sql = connection
                .createQueryBuilder(Post, "post")
                .limit(0)
                .offset(0)
                .disableEscaping()
                .getSql()
            
            expect(sql).to.contain("LIMIT 0 OFFSET 0")
        })
    ))
📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5003aaa and 1a074fb.

📒 Files selected for processing (2)
  • src/query-builder/SelectQueryBuilder.ts (3 hunks)
  • test/functional/query-builder/select/query-builder-select.ts (1 hunks)
🧰 Additional context used
🧬 Code Graph Analysis (1)
src/query-builder/SelectQueryBuilder.ts (4)
src/query-builder/UpdateQueryBuilder.ts (1)
  • limit (425-428)
src/query-builder/SoftDeleteQueryBuilder.ts (1)
  • limit (394-397)
src/driver/DriverUtils.ts (1)
  • DriverUtils (8-297)
src/error/OffsetWithoutLimitNotSupportedError.ts (1)
  • OffsetWithoutLimitNotSupportedError (6-14)
🔇 Additional comments (14)
src/query-builder/SelectQueryBuilder.ts (7)

2548-2554: Improve fallback logic for skip/take when no explicit offset/limit is set

The new condition ensures that skip and take are only used if both offset and limit remain unset and no joins exist. This prevents unintended overrides when limit(0) or offset(0) is explicitly called.

2568-2572: Correctly inject dummy ORDER BY for MSSQL when using paging

Using (hasLimit || hasOffset) avoids skipping zero values. The prefix only appears when no ORDER BY is defined.

2574-2587: Handle zero limit/offset explicitly in MSSQL branches

The explicit hasLimit/hasOffset checks ensure LIMIT 0 or OFFSET 0 generate valid SQL (OFFSET 0 ROWS / FETCH NEXT 0 ROWS).

2594-2596: Enforce MySQL behavior: throw on OFFSET without LIMIT

The code correctly throws OffsetWithoutLimitNotSupportedError for MySQL when only offset is set. Zero offsets now pass the defined check.

2598-2600: Implement SQLite’s LIMIT -1 syntax for offset-only queries

Using "LIMIT -1 OFFSET x" matches SQLite’s convention for offset without limit; zero offsets are handled correctly.

2601-2610: Apply proper Oracle syntax for zero limit/offset

The branches for Oracle now respect hasLimit and hasOffset, generating OFFSET 0 ROWS, FETCH NEXT 0 ROWS ONLY, or both.

2613-2615: Correct default SQL generation for other dialects

The generic branch now uses explicit checks to emit "LIMIT 0", "OFFSET 0", or both when zero values are provided.

test/functional/query-builder/select/query-builder-select.ts (7)

623-644: LGTM: Comprehensive test for LIMIT 0 SQL generation.

The test correctly verifies that limit(0) generates SQL with "LIMIT 0" clause, ensuring zero limits are no longer treated as falsy values.

646-667: LGTM: Proper test for combined LIMIT 0 and OFFSET.

The test validates the important edge case where both limit and offset are specified, with limit being zero. The expected SQL "LIMIT 0 OFFSET 5" is correct.

669-690: LGTM: Correct test for OFFSET 0 handling.

The test ensures that offset(0) is properly included in SQL generation when combined with a non-zero limit, validating the fix for zero offset values.

692-712: LGTM: Good coverage for take() alias method.

The test verifies that the take(0) method (alias for limit(0)) works correctly, ensuring consistency across different method names.

714-735: LGTM: Appropriate test for skip() alias method.

The test validates that skip(0) (alias for offset(0)) generates proper SQL, maintaining consistency with the offset method.

737-764: LGTM: Essential test for actual query execution behavior.

This test is crucial as it validates the actual runtime behavior, ensuring that limit(0) returns an empty array rather than all records, which was the core issue being fixed.

766-793: LGTM: Complete coverage for take() execution behavior.

The test ensures that take(0) also returns an empty array during actual execution, providing comprehensive coverage for both method aliases.

@pkg-pr-new
Copy link

pkg-pr-new bot commented Jun 4, 2025
edited
Loading

typeorm-sql-js-example

npm i https://pkg.pr.new/typeorm/typeorm@11507

commit: e1da140

@coveralls
Copy link

coveralls commented Jun 4, 2025
edited
Loading

Coverage Status

coverage: 76.321% (+0.006%) from 76.315%
when pulling e1da140 on yeonghun104:fix/handle-limit-0-and-offset-0-value
into 07d7913 on typeorm:master.

sgarner
sgarner requested changes Jun 4, 2025
View reviewed changes
Copy link
Collaborator

@sgarner sgarner left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your contribution @yeonghun104 💜

This looks good. Can you fix the formatting error detected in CI please?

Also I agree with the nitpick comment from CodeRabbit that we are lacking tests for non-zero limit/offset. Let's add the suggested tests.

@sgarner sgarner requested review from alumni and naorpeled June 4, 2025 22:05
@sgarner
Copy link
Collaborator

sgarner commented Jun 4, 2025

Beware that some database engines will throw an error when given limit(0).

In SQL Server, SELECT ... OFFSET 0 ROWS FETCH NEXT 0 ROWS ONLY is not valid:

[S0001][10744] Line 1: The number of rows provided for a FETCH clause must be greater then zero.

However this outcome seems safer than ignoring the limit entirely, so I don't think it's a reason not to do this.

@yeonghun104 yeonghun104 force-pushed the fix/handle-limit-0-and-offset-0-value branch from 69ea2d7 to e1da140 Compare June 5, 2025 03:15
@yeonghun104
Copy link
Contributor Author

yeonghun104 commented Jun 5, 2025

Thanks for your contribution @yeonghun104 💜

This looks good. Can you fix the formatting error detected in CI please?

Also I agree with the nitpick comment from CodeRabbit that we are lacking tests for non-zero limit/offset. Let's add the suggested tests.

I completely agree. While some databases like SQL Server may throw errors with LIMIT 0,
this explicit failure is better than silently ignoring the limit. When developers
call .limit(0), they expect zero results, not all results. An explicit error is safer
and more predictable than silent failure.

@yeonghun104 yeonghun104 requested a review from sgarner June 5, 2025 04:49
sgarner
sgarner approved these changes Jun 5, 2025
View reviewed changes
Copy link
Collaborator

@sgarner sgarner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

No need to do anything in this PR, but I'm slightly alarmed to notice that TypeORM interpolates the limit and offset values directly into the SQL with no other validation. There could be an SQL injection risk here; for further investigation.

@alumni
Copy link
Collaborator

alumni commented Jun 5, 2025
edited
Loading

Beware that some database engines will throw an error when given limit(0).

I mean, it usually does not make sense to select 0 rows (not in what you can do with TypeORM, it might in procedures, but that's something else).

We also had this issue in our project and we realized that if limit = 0, we don't need to issue the query at all and if offset = 0 it doesn't need to be passed since it's the default value.

I don't remember if we opened an issue, but we dismissed the idea after some time when we realized it's unnecessary :)

Basically, for offset it's irrelevant, but we can maybe accept the PR to fix the situation when you accidentally call limit(0) and get all results.

@alumni alumni merged commit 413f0a6 into typeorm:master Jun 5, 2025
89 checks passed
renatosugimoto added a commit to renatosugimoto/ts-nestjs-trainning that referenced this pull request Jul 22, 2025
@renatosugimoto @snyk-bot
[Snyk] Upgrade typeorm from 0.3.24 to 0.3.25 (#89)
ba3b444 
![snyk-top-banner](https://res.cloudinary.com/snyk/image/upload/r-d/scm-platform/snyk-pull-requests/pr-banner-default.svg)


<h3>Snyk has created this PR to upgrade typeorm from 0.3.24 to
0.3.25.</h3>

:information_source: Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.

<hr/>


- The recommended version is **22 versions** ahead of your current
version.

- The recommended version was released **22 days ago**.



<details>
<summary><b>Release notes</b></summary>
<br/>
  <details>
    <summary>Package name: <b>typeorm</b></summary>
    <ul>
      <li>
<b>0.3.25</b> - <a
href="https://redirect.github.com/typeorm/typeorm/releases/tag/0.3.25">2025-06-19</a></br><h2>What's
Changed</h2>
<ul>
<li>docs: use correct SQL statements in softDelete/restore comments by
<a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/sgarner/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/sgarner">@ sgarner</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3081453606" data-permission-text="Title is private"
data-url="typeorm/typeorm#11489"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11489/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11489">#11489</a></li>
<li>fix: resolve alias or table name in upsert and orUpdate for
PostgreSQL driver conditionally by <a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/mmarifat/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/mmarifat">@ mmarifat</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3047096667" data-permission-text="Title is private"
data-url="typeorm/typeorm#11452"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11452/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11452">#11452</a></li>
<li>feat(spanner): use credentials from connection options by <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/denes/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/denes">@ denes</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3086575395" data-permission-text="Title is private"
data-url="typeorm/typeorm#11492"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11492/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11492">#11492</a></li>
<li>feat: add upsert support for Oracle, SQLServer and SAP HANA by <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/Yuuki-Sakura/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/Yuuki-Sakura">@ Yuuki-Sakura</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="2404532307" data-permission-text="Title is private"
data-url="typeorm/typeorm#10974"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/10974/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/10974">#10974</a></li>
<li>fix: handle limit(0) and offset(0) correctly in SelectQueryBuilder
by <a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/yeonghun104/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/yeonghun104">@ yeonghun104</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3116497992" data-permission-text="Title is private"
data-url="typeorm/typeorm#11507"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11507/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11507">#11507</a></li>
<li>fix: add collation update detection in PostgresDriver by <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/asn6878/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/asn6878">@ asn6878</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3040527205" data-permission-text="Title is private"
data-url="typeorm/typeorm#11441"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11441/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11441">#11441</a></li>
<li>feat: add typesense/docsearch-scraper by <a class="user-mention
notranslate" data-hovercard-type="user"
data-hovercard-url="/users/gioboa/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/gioboa">@ gioboa</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3003003060" data-permission-text="Title is private"
data-url="typeorm/typeorm#11424"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11424/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11424">#11424</a></li>
<li>chore: improve linting by <a class="user-mention notranslate"
data-hovercard-type="user" data-hovercard-url="/users/alumni/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/alumni">@ alumni</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3122060339" data-permission-text="Title is private"
data-url="typeorm/typeorm#11510"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11510/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11510">#11510</a></li>
<li>chore: improve linting (fixup) by <a class="user-mention
notranslate" data-hovercard-type="user"
data-hovercard-url="/users/alumni/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/alumni">@ alumni</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3122508176" data-permission-text="Title is private"
data-url="typeorm/typeorm#11511"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11511/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11511">#11511</a></li>
<li>docs: new website initial commit by <a class="user-mention
notranslate" data-hovercard-type="user"
data-hovercard-url="/users/naorpeled/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/naorpeled">@ naorpeled</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="2991307150" data-permission-text="Title is private"
data-url="typeorm/typeorm#11408"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11408/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11408">#11408</a></li>
<li>fix: fix up doc search workflow by <a class="user-mention
notranslate" data-hovercard-type="user"
data-hovercard-url="/users/gioboa/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/gioboa">@ gioboa</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3125253351" data-permission-text="Title is private"
data-url="typeorm/typeorm#11513"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11513/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11513">#11513</a></li>
<li>chore: update workflows to ignore changes in docs directory by <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/dlhck/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/dlhck">@ dlhck</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3132733241" data-permission-text="Title is private"
data-url="typeorm/typeorm#11518"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11518/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11518">#11518</a></li>
<li>feat(docs): add Plausible analytics script to Docusaurus config by
<a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/dlhck/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/dlhck">@ dlhck</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3132688431" data-permission-text="Title is private"
data-url="typeorm/typeorm#11517"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11517/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11517">#11517</a></li>
<li>docs: add note about using YugabyteDB by <a class="user-mention
notranslate" data-hovercard-type="user"
data-hovercard-url="/users/mguida22/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/mguida22">@ mguida22</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3137325649" data-permission-text="Title is private"
data-url="typeorm/typeorm#11521"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11521/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11521">#11521</a></li>
<li>chore(docs): improve website generation config by <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/alumni/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/alumni">@ alumni</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3143665449" data-permission-text="Title is private"
data-url="typeorm/typeorm#11527"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11527/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11527">#11527</a></li>
<li>fix(tree-entity): closure junction table primary key definition
should match parent table by <a class="user-mention notranslate"
data-hovercard-type="user" data-hovercard-url="/users/gongAll/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/gongAll">@ gongAll</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3002433767" data-permission-text="Title is private"
data-url="typeorm/typeorm#11422"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11422/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11422">#11422</a></li>
<li>docs: add heading to Getting Started page by <a class="user-mention
notranslate" data-hovercard-type="user"
data-hovercard-url="/users/sgarner/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/sgarner">@ sgarner</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3151614715" data-permission-text="Title is private"
data-url="typeorm/typeorm#11531"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11531/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11531">#11531</a></li>
<li>fix: Multiple relations with same columns cause invalid SQL to be
generated by <a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/yevhen-komarov/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/yevhen-komarov">@ yevhen-komarov</a>
in <a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="2984486062" data-permission-text="Title is private"
data-url="typeorm/typeorm#11400"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11400/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11400">#11400</a></li>
<li>fix: fix null pointer exception on date array column comparison by
<a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/mnbaccari/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/mnbaccari">@ mnbaccari</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3153601577" data-permission-text="Title is private"
data-url="typeorm/typeorm#11532"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11532/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11532">#11532</a></li>
<li>chore(ci): simplify workflows by <a class="user-mention notranslate"
data-hovercard-type="user" data-hovercard-url="/users/alumni/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/alumni">@ alumni</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3147752910" data-permission-text="Title is private"
data-url="typeorm/typeorm#11530"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11530/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11530">#11530</a></li>
<li>fix: improve async calls on disconnect by <a class="user-mention
notranslate" data-hovercard-type="user"
data-hovercard-url="/users/alumni/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/alumni">@ alumni</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3139265175" data-permission-text="Title is private"
data-url="typeorm/typeorm#11523"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11523/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11523">#11523</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/mmarifat/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/mmarifat">@ mmarifat</a> made their
first contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="3047096667"
data-permission-text="Title is private"
data-url="typeorm/typeorm#11452"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11452/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11452">#11452</a></li>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/yeonghun104/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/yeonghun104">@ yeonghun104</a> made
their first contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="3116497992"
data-permission-text="Title is private"
data-url="typeorm/typeorm#11507"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11507/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11507">#11507</a></li>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/asn6878/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/asn6878">@ asn6878</a> made their
first contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="3040527205"
data-permission-text="Title is private"
data-url="typeorm/typeorm#11441"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11441/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11441">#11441</a></li>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/gongAll/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/gongAll">@ gongAll</a> made their
first contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="3002433767"
data-permission-text="Title is private"
data-url="typeorm/typeorm#11422"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11422/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11422">#11422</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a class="commit-link"
href="https://redirect.github.com/typeorm/typeorm/compare/0.3.24...0.3.25"><tt>0.3.24...0.3.25</tt></a></p>
      </li>
      <li>
        <b>0.3.25-dev.eb3093d</b> - 2025-06-05
      </li>
      <li>
        <b>0.3.25-dev.ead4f98</b> - 2025-06-18
      </li>
      <li>
        <b>0.3.25-dev.ce23d46</b> - 2025-06-16
      </li>
      <li>
        <b>0.3.25-dev.b1e93f7</b> - 2025-06-18
      </li>
      <li>
        <b>0.3.25-dev.af9ecc0</b> - 2025-06-17
      </li>
      <li>
        <b>0.3.25-dev.a9c16ee</b> - 2025-06-05
      </li>
      <li>
        <b>0.3.25-dev.930eefd</b> - 2025-06-06
      </li>
      <li>
        <b>0.3.25-dev.86f12c9</b> - 2025-06-10
      </li>
      <li>
        <b>0.3.25-dev.65d5a00</b> - 2025-06-05
      </li>
      <li>
        <b>0.3.25-dev.63a3b9a</b> - 2025-06-17
      </li>
      <li>
        <b>0.3.25-dev.61753b1</b> - 2025-06-05
      </li>
      <li>
        <b>0.3.25-dev.5003aaa</b> - 2025-05-21
      </li>
      <li>
        <b>0.3.25-dev.4b0ffee</b> - 2025-06-06
      </li>
      <li>
        <b>0.3.25-dev.42e7cbe</b> - 2025-06-17
      </li>
      <li>
        <b>0.3.25-dev.42913b9</b> - 2025-06-11
      </li>
      <li>
        <b>0.3.25-dev.413f0a6</b> - 2025-06-05
      </li>
      <li>
        <b>0.3.25-dev.2bfa300</b> - 2025-06-04
      </li>
      <li>
        <b>0.3.25-dev.24c3e38</b> - 2025-06-05
      </li>
      <li>
        <b>0.3.25-dev.12a71e4</b> - 2025-05-14
      </li>
      <li>
        <b>0.3.25-dev.07d7913</b> - 2025-06-04
      </li>
      <li>
        <b>0.3.25-dev.03faa78</b> - 2025-06-14
      </li>
      <li>
<b>0.3.24</b> - <a
href="https://redirect.github.com/typeorm/typeorm/releases/tag/0.3.24">2025-05-14</a></br><h2>What's
Changed</h2>
<ul>
<li>feat: add tagged template for executing raw SQL queries by <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/Newbie012/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/Newbie012">@ Newbie012</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3028712893" data-permission-text="Title is private"
data-url="typeorm/typeorm#11432"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11432/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11432">#11432</a></li>
<li>chore: Add husky and lint-staged by <a class="user-mention
notranslate" data-hovercard-type="user"
data-hovercard-url="/users/maxbronnikov10/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/maxbronnikov10">@ maxbronnikov10</a>
in <a class="issue-link js-issue-link" data-error-text="Failed to load
title" data-id="3044164801" data-permission-text="Title is private"
data-url="typeorm/typeorm#11448"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11448/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11448">#11448</a></li>
<li>fix: resolve pkg.pr.new issue by <a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/naorpeled/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/naorpeled">@ naorpeled</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3054189764" data-permission-text="Title is private"
data-url="typeorm/typeorm#11463"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11463/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11463">#11463</a></li>
<li>perf: improve save performance during entities update by <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/lotczyk/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/lotczyk">@ lotczyk</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3049144737" data-permission-text="Title is private"
data-url="typeorm/typeorm#11456"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11456/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11456">#11456</a></li>
<li>refactor: remove unused NamingStrategyNotFoundError by <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/mguida22/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/mguida22">@ mguida22</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3053756244" data-permission-text="Title is private"
data-url="typeorm/typeorm#11462"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11462/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11462">#11462</a></li>
<li>chore: add note about breaking change in 0.3.23 by <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/mguida22/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/mguida22">@ mguida22</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3057590521" data-permission-text="Title is private"
data-url="typeorm/typeorm#11469"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11469/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11469">#11469</a></li>
<li>build: include db version in coveralls flag-name by <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/mguida22/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/mguida22">@ mguida22</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3053694931" data-permission-text="Title is private"
data-url="typeorm/typeorm#11461"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11461/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11461">#11461</a></li>
<li>chore: include warning about update({}) in changelog by <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/sgarner/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/sgarner">@ sgarner</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3058303343" data-permission-text="Title is private"
data-url="typeorm/typeorm#11471"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11471/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11471">#11471</a></li>
<li>feat: add updateAll and deleteAll methods to EntityManager and
Repository APIs by <a class="user-mention notranslate"
data-hovercard-type="user" data-hovercard-url="/users/sgarner/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/sgarner">@ sgarner</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3051787023" data-permission-text="Title is private"
data-url="typeorm/typeorm#11459"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11459/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11459">#11459</a></li>
<li>Fix/11466 mssql find operator by <a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/christian-forgacs/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/christian-forgacs">@
christian-forgacs</a> in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="3056841300"
data-permission-text="Title is private"
data-url="typeorm/typeorm#11468"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11468/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11468">#11468</a></li>
<li>feat(spanner): support insert returning by <a class="user-mention
notranslate" data-hovercard-type="user"
data-hovercard-url="/users/denes/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/denes">@ denes</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3052844885" data-permission-text="Title is private"
data-url="typeorm/typeorm#11460"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11460/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11460">#11460</a></li>
<li>chore: clarify commit practices by <a class="user-mention
notranslate" data-hovercard-type="user"
data-hovercard-url="/users/mguida22/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/mguida22">@ mguida22</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3058510988" data-permission-text="Title is private"
data-url="typeorm/typeorm#11472"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11472/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11472">#11472</a></li>
<li>fix(mssql): avoid mutating input parameter array values by <a
class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/sgarner/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/sgarner">@ sgarner</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3061331662" data-permission-text="Title is private"
data-url="typeorm/typeorm#11476"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11476/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11476">#11476</a></li>
<li>fix: capacitor driver PRAGMA bug by <a class="user-mention
notranslate" data-hovercard-type="user"
data-hovercard-url="/users/AlexAzartsev/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/AlexAzartsev">@ AlexAzartsev</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3056524220" data-permission-text="Title is private"
data-url="typeorm/typeorm#11467"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11467/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11467">#11467</a></li>
<li>chore: version 0.3.24 by <a class="user-mention notranslate"
data-hovercard-type="user"
data-hovercard-url="/users/mguida22/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/mguida22">@ mguida22</a> in <a
class="issue-link js-issue-link" data-error-text="Failed to load title"
data-id="3063696327" data-permission-text="Title is private"
data-url="typeorm/typeorm#11478"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11478/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11478">#11478</a></li>
</ul>
<h2>New Contributors</h2>
<ul>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/denes/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/denes">@ denes</a> made their first
contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="3052844885"
data-permission-text="Title is private"
data-url="typeorm/typeorm#11460"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11460/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11460">#11460</a></li>
<li><a class="user-mention notranslate" data-hovercard-type="user"
data-hovercard-url="/users/AlexAzartsev/hovercard"
data-octo-click="hovercard-link-click"
data-octo-dimensions="link_type:self"
href="https://redirect.github.com/AlexAzartsev">@ AlexAzartsev</a> made
their first contribution in <a class="issue-link js-issue-link"
data-error-text="Failed to load title" data-id="3056524220"
data-permission-text="Title is private"
data-url="typeorm/typeorm#11467"
data-hovercard-type="pull_request"
data-hovercard-url="/typeorm/typeorm/pull/11467/hovercard"
href="https://redirect.github.com/typeorm/typeorm/pull/11467">#11467</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a class="commit-link"
href="https://redirect.github.com/typeorm/typeorm/compare/0.3.23...0.3.24"><tt>0.3.23...0.3.24</tt></a></p>
      </li>
    </ul>
from <a
href="https://redirect.github.com/typeorm/typeorm/releases">typeorm
GitHub release notes</a>
  </details>
</details>

---

> [!IMPORTANT]
>
> - Check the changes in this PR to ensure they won't cause issues with
your project.
> - This PR was automatically created by Snyk using the credentials of a
real user.
> - Snyk has automatically assigned this pull request, [set who gets
assigned](/settings/integration).

---

**Note:** _You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs._

**For more information:** <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIwYjZmODgzMy0xZWFiLTRmYjItOGY5My1mNDAxMmRhYmFkZWQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjBiNmY4ODMzLTFlYWItNGZiMi04ZjkzLWY0MDEyZGFiYWRlZCJ9fQ=="
width="0" height="0"/>

> - 🧐 [View latest project
report](https://app.snyk.io/org/renatosugimoto/project/31d5132a-e6b1-4b8a-a6a3-43b157a71ac5?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)
> - 👩‍💻 [Set who automatically gets
assigned](https://app.snyk.io/org/renatosugimoto/project/31d5132a-e6b1-4b8a-a6a3-43b157a71ac5/settings/integration?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr/)
> - 📜 [Customise PR
templates](https://docs.snyk.io/scan-using-snyk/pull-requests/snyk-fix-pull-or-merge-requests/customize-pr-templates?utm_source=&utm_content=fix-pr-template)
> - 🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/renatosugimoto/project/31d5132a-e6b1-4b8a-a6a3-43b157a71ac5/settings/integration?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr)
> - 🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/renatosugimoto/project/31d5132a-e6b1-4b8a-a6a3-43b157a71ac5/settings/integration?pkg&#x3D;typeorm&amp;utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;upgrade-pr#auto-dep-upgrades)

[//]: #
'snyk:metadata:{"customTemplate":{"variablesUsed":[],"fieldsUsed":[]},"dependencies":[{"name":"typeorm","from":"0.3.24","to":"0.3.25"}],"env":"prod","hasFixes":false,"isBreakingChange":false,"isMajorUpgrade":false,"issuesToFix":[],"prId":"0b6f8833-1eab-4fb2-8f93-f4012dabaded","prPublicId":"0b6f8833-1eab-4fb2-8f93-f4012dabaded","packageManager":"npm","priorityScoreList":[],"projectPublicId":"31d5132a-e6b1-4b8a-a6a3-43b157a71ac5","projectUrl":"https://app.snyk.io/org/renatosugimoto/project/31d5132a-e6b1-4b8a-a6a3-43b157a71ac5?utm_source=github&utm_medium=referral&page=upgrade-pr","prType":"upgrade","templateFieldSources":{"branchName":"default","commitMessage":"default","description":"default","title":"default"},"templateVariants":[],"type":"auto","upgrade":[],"upgradeInfo":{"versionsDiff":22,"publishedDate":"2025-06-19T18:32:25.818Z"},"vulns":[]}'

Co-authored-by: snyk-bot <[email protected]>
@effective-giggle
Copy link

effective-giggle commented Jul 23, 2025
edited
Loading

I think this should be marked as "Breaking Change" or at least "Potentially breaking Change" in case somebody used to give a limit of 0 to fetch all values.
(This change also implicitly affects the Repository API)

@sgarner
Copy link
Collaborator

sgarner commented Jul 23, 2025

Generally speaking a change is not breaking if it changes some behavior that was not documented or which contradicted the documented behavior. I think that applies in this case; if a user was relying on limit(0) fetching all values, they were relying on an undocumented quirk of the previous implementation.

I guess the most likely impact of this is where the limit value comes from user input. It's a good reminder to always and strictly validate all user input.

@ranjan-purbey ranjan-purbey mentioned this pull request Sep 18, 2025
Closed
21 tasks
ThbltLmr pushed a commit to ThbltLmr/typeorm that referenced this pull request Dec 2, 2025
@yeonghun104 @ThbltLmr
fix: handle limit(0) and offset(0) correctly in SelectQueryBuilder (t…
742130d 
…ypeorm#11507)

* fix: handle limit(0) and offset(0) correctly in SelectQueryBuilder

- Fix JavaScript falsy value issue where limit(0) was treated as undefined
- Now limit(0) correctly generates 'LIMIT 0' SQL clause instead of being ignored
- Add helper functions hasLimit/hasOffset to distinguish between undefined and 0
- Add comprehensive test cases for zero value handling in limit/offset/take/skip
- Prevents potential security issue where limit(0) returned all records

Fixes potential data exposure when limit(0) was intended to return empty result

* fix: prettier formatting

* test: expand test coverage for LIMIT/OFFSET edge cases and regression prevention
@briceruzand briceruzand mentioned this pull request Jan 6, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alumni alumni alumni approved these changes

@sgarner sgarner sgarner approved these changes

@gioboa gioboa gioboa approved these changes

@naorpeled naorpeled Awaiting requested review from naorpeled

+2 more reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@jovanadjuric jovanadjuric jovanadjuric approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@yeonghun104 @coveralls @sgarner @alumni @effective-giggle @gioboa @jovanadjuric