fix(deps): upgrade typeorm to 0.3.28 to address security vulnerabilities (#2333)

Upgrade typeorm from 0.3.12 to 0.3.28 to resolve multiple security vulnerabilities. Fixes high severity SQL injection vulnerability in typeorm (CVE present in <0.3.26). Removes Windows-specific postinstall workaround that's no longer needed.The fix for #478 was a workaround and is now resolved upstream see (https://github.com/typeorm/typeorm/issues/9766). The issue was specifically with TypeORM 0.3.12's glob pattern handling on Windows. fix #478
2026-01-26 13:03:37 +05:00
parent 65844a2f23
commit f8f90cb903
3 changed files with 704 additions and 519 deletions
--- a/package.json
+++ b/package.json
@@ -5,7 +5,6 @@
  "packageManager": "pnpm@10.24.0",
  "scripts": {
    "preinstall": "npx only-allow pnpm",
-    "postinstall": "node postinstall-win.js",
    "dev": "nodemon -e ts --watch server --watch seerr-api.yml -e .json,.ts,.yml -x ts-node -r tsconfig-paths/register --files --project server/tsconfig.json server/index.ts",
    "build:server": "tsc --project server/tsconfig.json && copyfiles -u 2 server/templates/**/*.{html,pug} dist/templates && tsc-alias -p server/tsconfig.json",
    "build:next": "next build",
@@ -103,7 +102,7 @@
    "swagger-ui-express": "4.6.2",
    "swr": "2.3.7",
    "tailwind-merge": "^2.6.0",
-    "typeorm": "0.3.12",
+    "typeorm": "0.3.28",
    "ua-parser-js": "^1.0.35",
    "undici": "^7.16.0",
    "validator": "^13.15.23",