docs: fix link to email, when vulnerability found

[pkuczynski]

Not sure if this is a good long term strategy, but at least it fixes docs issue...

Summary by CodeRabbit

• Documentation

  • Updated security vulnerability reporting guidelines with new contact information.

• Chores

  • Updated package author metadata.

[coveralls]

coverage: 76.433%. remained the same
when pulling ba13a33 on pkuczynski:patch-1
into d7867eb on typeorm:master.

[gioboa]

Thanks for your help @pkuczynski
I think we should add the new management.
cc @michaelbromley @dlhck

[pkuczynski]

I thought so too, but at least short term this PR is helping to find the email. Long term I guess this should move more to the documentation and use some more generic email. I will leave this up to you to figure out :)

[gioboa]

Thanks 🙏

[dlhck]

Maybe we should add put in place a maintainers@typeorm.io ?

[gioboa]

It sounds great 👍

[pkg-pr-new]

typeorm-sql-js-example

npm i https://pkg.pr.new/typeorm/typeorm@11667

commit: ba13a33

[pkuczynski]

Sure! Good idea. Done...

[pkuczynski]

Failing build step is not relevant to my changes...

[alumni]

Failing build step is not relevant to my changes...

Yeah, the Coveralls APIs are not very reliable, their service has <99% availability, so often coverage reporting fails.

Thanks for the update :)

[coderabbitai]

Walkthrough

This PR updates the project's security contact information and maintainer metadata. The CONTRIBUTING.md file is updated to reference a dedicated maintainer email for security vulnerabilities, and package.json is updated to reflect TypeORM as the author with a shared maintainers email address.

Changes

Cohort / File(s)	Summary
Security Contact Update CONTRIBUTING.md	Updated security vulnerability guidance to replace personalized author reference with dedicated maintainer email (maintainers@typeorm.io) via explicit mailto link.
Package Metadata Update package.json	Updated author metadata from individual contributor (Umed Khudoiberdiev) to project organization (TypeORM) with shared maintainers email address.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested reviewers

• gioboa
• alumni

Poem

🐰 A rabbit hops with glee,

New maintainers for all to see!

TypeORM stands proud and tall,

One inbox to catch them all! 📧

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'docs: fix link to email, when vulnerability found' accurately describes the main change: updating documentation and package.json to fix the security vulnerability contact mechanism by changing from a personal email link to a dedicated maintainer email.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

📜 Recent review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between d7867eb and ba13a33.

📒 Files selected for processing (2)

• CONTRIBUTING.md (1 hunks)
• package.json (1 hunks)

🧰 Additional context used

🧠 Learnings (1)

📚 Learning: 2025-07-27T17:29:18.547Z

Learnt from: alumni
Repo: typeorm/typeorm PR: 11581
File: docs/docs/drivers/mongodb.md:9-13
Timestamp: 2025-07-27T17:29:18.547Z
Learning: TypeORM is compatible only with mongodb@^6, not v4 as previously suggested. The package.json file contains the authoritative peer dependency information for the MongoDB driver version compatibility.

Applied to files:

• package.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (20)

• GitHub Check: tests-linux (20) / oracle
• GitHub Check: tests-linux (20) / mysql_mariadb
• GitHub Check: tests-linux (20) / mysql_mariadb_latest
• GitHub Check: tests-linux (20) / sqljs
• GitHub Check: tests-linux (20) / better-sqlite3
• GitHub Check: tests-linux (18) / sap
• GitHub Check: tests-linux (18) / mysql_mariadb_latest
• GitHub Check: tests-linux (18) / postgres (17)
• GitHub Check: tests-linux (18) / better-sqlite3
• GitHub Check: tests-linux (18) / mongodb
• GitHub Check: tests-linux (18) / mysql_mariadb
• GitHub Check: tests-linux (18) / oracle
• GitHub Check: tests-linux (18) / postgres (14)
• GitHub Check: tests-linux (18) / sqljs
• GitHub Check: tests-linux (18) / mssql
• GitHub Check: tests-linux (18) / sqlite
• GitHub Check: tests-windows / sqlite
• GitHub Check: tests-windows / sqljs
• GitHub Check: tests-windows / better-sqlite3
• GitHub Check: Analyze (javascript-typescript)

🔇 Additional comments (3)

package.json (2)

16-17: Approve: Author metadata update is well-formed.

The JSON structure is valid, email format is correct, and the change aligns with the PR objective to establish a shared maintainer contact point. No syntax or structural issues.

---

15-18: Author field changes are codebase-clean, but operational email infrastructure requires manual verification.

The package.json author transition is complete: no references to the old email (pleerock.me@gmail.com) remain in the codebase, and the old author name appears only in test data (not documentation). The new email is already referenced in CONTRIBUTING.md for security reports.

However, you must manually verify that maintainers@typeorm.io has the necessary infrastructure in place (MX records configured, inbox monitored, security report forwarding rules established) before merging, as this cannot be verified programmatically from the repository.

CONTRIBUTING.md (1)

19-21: Approve: Security contact guidance is clear and properly formatted.

The mailto: link is correctly structured, and the wording shift from "discussed personally" to "discussed privately" is more appropriate for security vulnerability reporting. The contact information now aligns with the updated package.json author metadata.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gioboa]

Thanks for this ❤️