typeorm@0.3.20 not compatible with mssql@11.0.1

[SkeletonGamer]

Issue description

typeorm@0.3.20 not compatible with mssql@11.0.1

Expected Behavior

I need to update mssql package for resolving 4 moderate severity vulnerabilities but typeorm@0.3.20 accept only mssql@"^9.1.1 || ^10.0.1"

Can you update the dependency to mssql@11.0.1 ? Thank you so much.

Actual Behavior

npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: bcp-invoice-backend@0.0.1
npm WARN Found: mssql@11.0.1
npm WARN node_modules/mssql
npm WARN mssql@"11.0.1" from the root project
npm WARN
npm WARN Could not resolve dependency:
npm WARN peerOptional mssql@"^9.1.1 || ^10.0.1" from typeorm@0.3.20
npm WARN node_modules/typeorm
npm WARN peer typeorm@"^0.3.0" from @nestjs/typeorm@10.0.2
npm WARN node_modules/@nestjs/typeorm
npm WARN 1 more (the root project)
npm WARN ERESOLVE overriding peer dependency
npm WARN While resolving: bcp-invoice-backend@0.0.1
npm WARN Found: mssql@11.0.1
npm WARN node_modules/mssql
npm WARN mssql@"11.0.1" from the root project
npm WARN
npm WARN Could not resolve dependency:
npm WARN peerOptional mssql@"^9.1.1 || ^10.0.1" from typeorm@0.3.20
npm WARN node_modules/typeorm
npm WARN peer typeorm@"^0.3.0" from @nestjs/typeorm@10.0.2
npm WARN node_modules/@nestjs/typeorm
npm WARN 1 more (the root project)

npm audit report

@azure/identity <4.2.1
Severity: moderate
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability - GHSA-m5vv-6r4h-3vj9
fix available via npm audit fix --force
Will install mssql@11.0.1, which is a breaking change
node_modules/@azure/identity
tedious 11.0.9 - 18.2.0
Depends on vulnerable versions of @azure/identity
node_modules/tedious
mssql 7.2.1 - 10.0.4
Depends on vulnerable versions of tedious
node_modules/mssql
typeorm 0.3.6-dev.0418ebc - 0.3.6-dev.ef025bd || >=0.3.7-dev.1b5aa62
Depends on vulnerable versions of mssql
node_modules/typeorm

4 moderate severity vulnerabilities

Steps to reproduce

npm install --save mssql@11.0.1

My Environment

Dependency	Version
Operating System	macOS 14.5
Node.js version	20.15.1
Typescript version	5.5.4
TypeORM version	0.3.20

Additional Context

No response

Relevant Database Driver(s)

• aurora-mysql
• aurora-postgres
• better-sqlite3
• cockroachdb
• cordova
• expo
• mongodb
• mysql
• nativescript
• oracle
• postgres
• react-native
• sap
• spanner
• sqlite
• sqlite-abstract
• sqljs
• sqlserver

Are you willing to resolve this issue by submitting a Pull Request?

No, I don’t have the time and I’m okay to wait for the community / maintainers to resolve this issue.

[bbevers2]

FYI there is an open PR for this. https://github.com/typeorm/typeorm/pull/10933/files
In my limited (and simple) testing this is working as expected.

[invaderb]

The issue is the maintainers have yet to merge it in and it's been sitting for a couple months now :(

[claytonrothschild]

+1 please merge

[amish-bh]

+1 please merge

[InnoXnguo]

please merge +1

[stevendarby]

@pleerock merge please

[next-tonocp]

+1, please merge!

[blueleader07]

+1 @pleerock ... thanks in advance

[tabkram]

+1

[maheshgohil1989]

+1 Please merge

[michaelbromley]

#10933 is merged