chore: update mikro-orm to 6.6.12#15018
Merged
shahednasser merged 6 commits intodevelopfrom Apr 8, 2026
Merged
Conversation
🦋 Changeset detectedLatest commit: 687b3d5 The changes in this PR will be included in the next version bump. This PR includes changesets to release 77 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
|
The latest updates on your projects. Learn more about Vercel for GitHub. 9 Skipped Deployments
|
shahednasser
commented
Apr 6, 2026
Comment on lines
-58
to
61
| // There is no public API to unregister subscribers or check if a subscriber is already | ||
| // registered. This means that we need to manually check if the subscriber is already | ||
| // registered, otherwise we will register the same subscriber twice. | ||
| const hasListeners = (manager.getEventManager() as any).subscribers.some( | ||
| (s) => s.constructor.name === subscriberInstance.constructor.name | ||
| ) | ||
| const hasListeners = Array.from( | ||
| manager.getEventManager().getSubscribers() | ||
| ).some((s) => s.constructor.name === subscriberInstance.constructor.name) | ||
| if (!hasListeners) { |
Member
Author
There was a problem hiding this comment.
Reason: subscribers changed from a TypeScript private array to a JS #private Set, which is inacessible by any. However, we can use the getSubscribers public method that returns the set.
B4nan
reviewed
Apr 7, 2026
Comment on lines
+116
to
+122
| // Introduced in MikroORM 6.5.0: when enabled, MikroORM auto-joins referenced entities | ||
| // (e.g. INNER JOINs PaymentSession when querying Payment) to apply their global filters | ||
| // (e.g. softDeletable). For non-nullable FKs this uses INNER JOIN, silently excluding | ||
| // owning entities (e.g. Payment) when the referenced entity (e.g. PaymentSession) is | ||
| // soft-deleted. Medusa was designed around MikroORM 6.4.x where this didn't exist, so | ||
| // we disable it to preserve the expected behavior. | ||
| autoJoinRefsForFilters: false, |
There was a problem hiding this comment.
this flag was added in v6.0.0, not v6.5
maybe you want to diable just the filters on relations via filtersOnRelations: false instead
https://mikro-orm.io/blog/mikro-orm-6-6-released#more-control-over-filters-on-relations
Member
Author
There was a problem hiding this comment.
Thanks for reviewing @B4nan !
Setting filtersOnRelations: false doesn't fix the affected issue. Only autoJoinRefsForFilters: false does. filtersOnRelations: false seems to affect other areas as well where relations aren't being retrieved as expected.
shahednasser
changed the title
olivermrbl
approved these changes
Apr 8, 2026
This was referenced Apr 8, 2026
Closed
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Update MikroORM dependencies as a mitigation to the following vulnerabilities:
Issues fixed following the update:
subscriberson the entity manager that wasn't publicly accessible, and following the update this caused an error. Latest version has agetSubscribersAPI to access it.autoJoinRefsForFiltersoption, which reverts the behavior to the v6.4.16 behavior that our code is built onrawcallback inpopulateWhereconditions, where the alias parameter is resolved to the correct entity alias at query-build time instead of being hardcoded. Additionally,findAndCountwas updated to run find and count as separate queries, since the count query uses JOINED strategy internally (with a different alias context) but the version subqueries were built forSELECT_INaliases.