[Snyk] Upgrade drizzle-orm from 0.36.0 to 0.39.1

[NiallJoeMaher]

Snyk has created this PR to upgrade drizzle-orm from 0.36.0 to 0.39.1.

ℹ️ Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

• The recommended version is 79 versions ahead of your current version.

• The recommended version was released a month ago.

Release notes

Package name: drizzle-orm

• 0.39.1 - 2025-01-29
  
  • Fixed SQLite onConflict clauses being overwritten instead of stacked - #2276
  • Added view support to aliasedTable()
  • Fixed sql builder prefixing aliased views and tables with their schema
• 0.39.0 - 2025-01-27
  

  New features

  Bun SQL driver support

  You can now use the new Bun SQL driver released in Bun v1.2.0 with Drizzle

  In version 1.2.0, Bun has issues with executing concurrent statements, which may lead to errors if you try to run several queries simultaneously.
  We've created a github issue that you can track. Once it's fixed, you should no longer encounter any such errors on Bun's SQL side

  import { drizzle } from 'drizzle-orm/bun-sql';

  const db = drizzle(process.env.PG_DB_URL!);

  const result = await db.select().from(...);

  or you can use Bun SQL instance

  import { drizzle } from 'drizzle-orm/bun-sql';
  import { SQL } from 'bun';

  const client = new SQL(process.env.PG_DB_URL!);
  const db = drizzle({ client });

  const result = await db.select().from(...);

  Current Limitations:

  • json and jsonb inserts and selects currently perform an additional JSON.stringify on the Bun SQL side. Once this is removed, they should work properly. You can always use custom types and redefine the mappers to and from the database.
  • datetime, date, and timestamp will not work properly when using mode: string in Drizzle. This is due to Bun's API limitations, which prevent custom parsers for queries. As a result, Drizzle cannot control the response sent from Bun SQL to Drizzle. Once this feature is added to Bun SQL, it should work as expected.
  • array types currently have issues in Bun SQL.

  You can check more in Bun docs

  You can check more getting started examples in Drizzle docs

  WITH now supports INSERT, UPDATE, DELETE and raw sql template

  with and insert

  const users = pgTable('users', {
  id: serial('id').primaryKey(),
  name: text('name').notNull(),
  });

  const sq = db.$with('sq').as(
  db.insert(users).values({ name: 'John' }).returning(),
  );

  const result = await db.with(sq).select().from(sq);

  with and update

  const users = pgTable('users', {
  id: serial('id').primaryKey(),
  name: text('name').notNull(),
  });

  const sq = db.$with('sq').as(
  db.update(users).set({ age: 25 }).where(eq(users.name, 'John')).returning(),
  );
  const result = await db.with(sq).select().from(sq);

  with and delete

  const users = pgTable('users', {
  id: serial('id').primaryKey(),
  name: text('name').notNull(),
  });

  const sq = db.$with('sq').as(
  db.delete(users).where(eq(users.name, 'John')).returning(),
  );

  const result = await db.with(sq).select().from(sq);

  with and sql

  const users = pgTable('users', {
  id: serial('id').primaryKey(),
  name: text('name').notNull(),
  });

  const sq = db.$with('sq', {
  userId: users.id,
  data: {
  name: users.name,
  },
  }).as(sqlselect * from <span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">users</span><span class="pl-kos">}</span></span> where <span class="pl-s1"><span class="pl-kos">${</span><span class="pl-s1">users</span><span class="pl-kos">.</span><span class="pl-c1">name</span><span class="pl-kos">}</span></span> = 'John');

  const result = await db.with(sq).select().from(sq);

  New tables in /neon import

  In this release you can use neon_identity schema and users_sync table inside this schema by just importing it from /neon

  // "drizzle-orm/neon"
  const neonIdentitySchema = pgSchema('neon_identity');

/**
* Table schema of the users_sync table used by Neon Identity.
* This table automatically synchronizes and stores user data from external authentication providers.
*
* @ schema neon_identity
* @ table users_sync
*/
export const usersSync = neonIdentitySchema.table('users_sync', {
rawJson: jsonb('raw_json').notNull(),
id: text().primaryKey().notNull(),
name: text(),
email: text(),
createdAt: timestamp('created_at', { withTimezone: true, mode: 'string' }),
deletedAt: timestamp('deleted_at', { withTimezone: true, mode: 'string' }),
});

Utils and small improvements

getViewName util function

import { getViewName } from 'drizzle-orm/sql'

export const user = pgTable("user", {
id: serial(),
name: text(),
email: text(),
});

export const userView = pgView("user_view").as((qb) => qb.select().from(user));

const viewName = getViewName(userView)

Bug fixed and GitHub issue closed

• [FEATURE]: allow INSERT in CTEs (WITH clauses)
• [FEATURE]: Support Raw SQL in CTE Query Builder
• [FEATURE]: include pre-defined database objects related to Neon Identity in drizzle-orm
• [BUG]: $count is undefined on withReplicas
• [FEATURE]: get[Materialized]ViewName, ie getTableName but for (materialized) views.
• [BUG]: $count API error with vercel-postgres
• [BUG]: Cannot use schema.coerce on refining drizzle-zod types
• [FEATURE]: Type Coercion in drizzle-zod
• [BUG]: The inferred type of X cannot be named without a reference to ../../../../../node_modules/drizzle-zod/schema.types.internal.mjs
• [BUG]: drizzle-zod excessively deep and possibly infinite types

0.39.0-f36e3ea - 2025-01-25

0.39.0-b06bbcd - 2025-01-20

0.39.0-a42bb03 - 2025-01-29

0.39.0-991e8b4 - 2025-01-29

0.39.0-6b6aca7 - 2025-01-28

0.39.0-563f370 - 2025-02-12

0.39.0-2c67783 - 2025-01-28

0.39.0-19ccabb - 2025-01-21

0.39.0-0cc153d - 2025-02-12

0.38.4 - 2025-01-16

• New SingleStore type vector - thanks @ mitchwadair
• Fix wrong DROP INDEX statement generation, #3866 - thanks @ WaciX
• Typo fixes - thanks @ stephan281094

0.38.4-e36471e - 2025-01-20

0.38.4-b776df4 - 2025-01-23

0.38.4-9927cf1 - 2025-01-16

0.38.3 - 2024-12-25

• Fix incorrect deprecation detection for table declarations

0.38.3-efed06b - 2025-01-20

0.38.3-e6823b4 - 2024-12-31

0.38.3-be0f833 - 2024-12-25

0.38.3-b4f992e - 2025-01-08

0.38.3-8e428d1 - 2025-01-08

0.38.3-86fcd29 - 2025-01-09

0.38.3-7db411e - 2024-12-31

0.38.3-791f459 - 2024-12-30

0.38.3-38fedf0 - 2025-01-07

0.38.3-348fb92 - 2025-01-08

0.38.3-2c70592 - 2025-01-18

0.38.3-2329e17 - 2025-01-06

0.38.2 - 2024-12-13

New features

USE INDEX, FORCE INDEX and IGNORE INDEX for MySQL

In MySQL, the statements USE INDEX, FORCE INDEX, and IGNORE INDEX are hints used in SQL queries to influence how the query optimizer selects indexes. These hints provide fine-grained control over index usage, helping optimize performance when the default behavior of the optimizer is not ideal.

Use Index

The USE INDEX hint suggests to the optimizer which indexes to consider when processing the query. The optimizer is not forced to use these indexes but will prioritize them if they are suitable.

export const users = mysqlTable('users', {
id: int('id').primaryKey(),
name: varchar('name', { length: 100 }).notNull(),
}, () => [usersTableNameIndex]);

const usersTableNameIndex = index('users_name_index').on(users.name);

await db.select()
.from(users, { useIndex: usersTableNameIndex })
.where(eq(users.name, 'David'));

Ignore Index

The IGNORE INDEX hint tells the optimizer to avoid using specific indexes for the query. MySQL will consider all other indexes (if any) or perform a full table scan if necessary.

export const users = mysqlTable('users', {
id: int('id').primaryKey(),
name: varchar('name', { length: 100 }).notNull(),
}, () => [usersTableNameIndex]);

const usersTableNameIndex = index('users_name_index').on(users.name);

await db.select()
.from(users, { ignoreIndex: usersTableNameIndex })
.where(eq(users.name, 'David'));

Force Index

The FORCE INDEX hint forces the optimizer to use the specified index(es) for the query. If the specified index cannot be used, MySQL will not fall back to other indexes; it might resort to a full table scan instead.

export const users = mysqlTable('users', {
id: int('id').primaryKey(),
name: varchar('name', { length: 100 }).notNull(),
}, () => [usersTableNameIndex]);

const usersTableNameIndex = index('users_name_index').on(users.name);

await db.select()
.from(users, { forceIndex: usersTableNameIndex })
.where(eq(users.name, 'David'));

You can also combine those hints and use multiple indexes in a query if you need

0.38.2-f6eaa62 - 2024-12-16

0.38.2-ec5d35e - 2024-12-20

0.38.2-db33c87 - 2024-12-19

0.38.2-455725c - 2024-12-18

0.38.2-1c8cbad - 2024-12-17

0.38.2-0db3d13 - 2024-12-23

0.38.2-06a9368 - 2024-12-18

0.38.2-05d907b - 2024-12-16

0.38.2-019d9b0 - 2024-12-19

0.38.2-2807200 - 2024-12-23

0.38.1 - 2024-12-11

0.38.1-d379dcf - 2024-12-11

0.38.1-7cd9d79 - 2024-12-12

0.38.1-21dab20 - 2024-12-12

0.38.0 - 2024-12-09

0.38.0-e14a5a2 - 2024-12-11

0.38.0-74a51ae - 2024-12-09

0.38.0-5dc5b05 - 2024-12-11

0.38.0-1abaaf8 - 2024-12-11

0.38.0-3256029 - 2024-12-09

0.37.0 - 2024-12-03

0.37.0-a44af76 - 2024-12-05

0.37.0-994b9b8 - 2024-12-05

0.37.0-7c72529 - 2024-12-05

0.37.0-7525e49 - 2024-12-06

0.37.0-3f3eb73 - 2024-12-04

0.37.0-0c27176 - 2024-12-06

0.36.4 - 2024-11-22

0.36.4-ddb97ec - 2024-11-26

0.36.4-dbf7383 - 2024-12-16

0.36.4-7fe6033 - 2024-11-21

0.36.4-7f37974 - 2024-12-12

0.36.4-7665ad9 - 2024-12-19

0.36.4-6f7d345 - 2024-11-22

0.36.4-661b6f2 - 2024-12-20

0.36.4-3efe329 - 2025-02-18

0.36.4-3c69a1f - 2024-12-18

0.36.4-166fb8d - 2024-11-21

0.36.4-14e59f4 - 2024-12-02

0.36.4-0ab568f - 2024-12-20

0.36.4-08d2486 - 2024-11-26

0.36.3 - 2024-11-15

0.36.3-442f74d - 2024-11-15

0.36.2 - 2024-11-14

0.36.2-44b6c8a - 2024-11-15

0.36.1 - 2024-11-06

0.36.1-cc4f208 - 2024-11-13

0.36.1-bc6e8f5 - 2024-11-12

0.36.1-a24b871 - 2024-11-14

0.36.1-8366cca - 2024-11-13

0.36.0 - 2024-10-30

from drizzle-orm GitHub release notes

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.

For more information:

• 🧐 View latest project report
• 📜 Customise PR templates
• 🛠 Adjust upgrade PR settings
• 🔕 Ignore this dependency or unsubscribe from future upgrade PRs

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
codu	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Feb 24, 2025 4:59am

[coderabbitai]

Important

Review skipped

Ignore keyword(s) in the title.

⛔ Ignored keywords (1)

• [Snyk]

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.