Skip to content

chore(deps): bump @mikro-orm/sqlite from 6.6.14 to 6.6.15#148

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/mikro-orm/sqlite-6.6.15
Open

chore(deps): bump @mikro-orm/sqlite from 6.6.14 to 6.6.15#148
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/npm_and_yarn/mikro-orm/sqlite-6.6.15

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 4, 2026

Copy link
Copy Markdown
Contributor

Bumps @mikro-orm/sqlite from 6.6.14 to 6.6.15.

Release notes

Sourced from @​mikro-orm/sqlite's releases.

v6.6.15

6.6.15 (2026-06-17)

Bug Fixes

  • core: avoid crash on STI subclass narrowing an inverse collection (#7868) (49d73a5), closes #7636 #7867
  • core: avoid stack overflow in IdentityMap.keys()/values() for large maps (#7849) (a3db208)
  • core: preserve sibling conditions next to $and/$or on relation filters (#7791) (5c5e4c9), closes #7790
  • core: reload suppressed entities from partially-suppressed upsertMany (#7780) (65e1967), closes #7779 #7775
  • knex: resolve target entity schema in nested collection operators (#7898) (6040aa1), closes #7895 #7894
Changelog

Sourced from @​mikro-orm/sqlite's changelog.

6.6.15 (2026-06-17)

Bug Fixes

  • core: avoid crash on STI subclass narrowing an inverse collection (#7868) (49d73a5), closes #7636 #7867
  • core: avoid stack overflow in IdentityMap.keys()/values() for large maps (#7849) (a3db208)
  • core: preserve sibling conditions next to $and/$or on relation filters (#7791) (5c5e4c9), closes #7790
  • core: reload suppressed entities from partially-suppressed upsertMany (#7780) (65e1967), closes #7779 #7775
  • knex: resolve target entity schema in nested collection operators (#7898) (6040aa1), closes #7895 #7894
Commits
  • 7b194c2 chore(release): v6.6.15 [skip ci]
  • 96e2f0f test: cover multi-element array operator nested under a relation (#7901)
  • 6040aa1 fix(knex): resolve target entity schema in nested collection operators (#7898)
  • 49d73a5 fix(core): avoid crash on STI subclass narrowing an inverse collection (#7868)
  • a3db208 fix(core): avoid stack overflow in IdentityMap.keys()/values() for large maps...
  • 5c5e4c9 fix(core): preserve sibling conditions next to $and/$or on relation filte...
  • 65e1967 fix(core): reload suppressed entities from partially-suppressed upsertMany (#...
  • 3e50f3a chore(ci): stop tagging v6 releases as latest (#7666)
  • 4ece4fa chore(release): update internal dependencies [skip ci]
  • See full diff in compare view

Most Recent Ignore Conditions Applied to This Pull Request
Dependency Name Ignore Conditions
@mikro-orm/sqlite [>= 7.a, < 8]

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code labels Jul 4, 2026

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 2c233a2398

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment thread package.json
"@google/genai": "^1.52.0",
"@mikro-orm/core": "^6.6.14",
"@mikro-orm/sqlite": "^6.6.14",
"@mikro-orm/sqlite": "^6.6.15",

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Keep MikroORM packages on the same version

When the ADK DatabaseSessionService initializes in server/agent/http.ts:createDefaultAgentHandler, it calls MikroORM.init(), whose package-version guard rejects official @mikro-orm/* packages that do not exactly match @mikro-orm/core. This line installs @mikro-orm/sqlite 6.6.15 while the previous line leaves @mikro-orm/core at 6.6.14, so the agent sidecar/session tests fail as soon as the SQLite session store initializes; bump core/reflection with the driver or keep sqlite at 6.6.14.

Useful? React with 👍 / 👎.

helebest commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Automated Dependabot review — ⛔ stopped (fail-fast)

Step 1 — Code review

  • Change: @mikro-orm/sqlite 6.6.14 → 6.6.15 (patch, direct production dependency). It backs ADK's DatabaseSessionService (sqlite-persisted agent sessions). The PR bumps only @mikro-orm/sqlite; @mikro-orm/core stays at 6.6.14.

Step 2/3 — Regression + CI: ❌ FAILED

  • CI run 28695932564 failed: 13 tests failed across server/agent/adkSessionStore.test.ts, contextCompaction.integration.test.ts, and http.test.ts.
  • Root cause is a hard runtime error at MikroORM.init:
    Error: Bad @mikro-orm/sqlite version 6.6.15.
    All official @mikro-orm/* packages need to have the exact same version as @mikro-orm/core (6.6.14).
    
    MikroORM enforces an exact-version lockstep across all @mikro-orm/* packages at runtime (stricter than the ^6.0.0 peer range). With sqlite at 6.6.15 and core still at 6.6.14, every DatabaseSessionService.init() throws, so session create/get and the agent HTTP surface break.

Step 4 — Decision: Not merged. Per fail-fast, stopping here.

To unblock: bump @mikro-orm/core (and any other installed @mikro-orm/* packages) to 6.6.15 in lockstep within this PR. Dependabot's grouping should ideally keep the MikroORM packages together; a standalone @mikro-orm/sqlite bump is inherently incompatible while core lags.


Generated by Claude Code

helebest commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Automated Dependabot review — ❌ blocked, not merged

Step 1 — Code review
Bumps @mikro-orm/sqlite 6.6.14 → 6.6.15 (package.json + package-lock.json only). Description matches the diff.

Step 2/3 — Regression / CI: FAILED
The required Verify job failed in the server unit tests (server/agent/http.test.ts) with a runtime MikroORM error:

All official @mikro-orm/* packages need to have the exact same version as @mikro-orm/core (6.6.14).
 ❯ ConfigurationLoader.checkPackageVersion node_modules/@mikro-orm/core/utils/ConfigurationLoader.js:359
 ❯ MikroORM.init ...
 ❯ DatabaseSessionService.init node_modules/@google/adk/.../database_session_service.js
 ...
AssertionError: expected 500 to be 200   (server/agent/http.test.ts:396)

Root cause: MikroORM enforces that every @mikro-orm/* package matches @mikro-orm/core exactly. This PR raises @mikro-orm/sqlite to 6.6.15 while @mikro-orm/core stays pinned at 6.6.14, so MikroORM.init (invoked by ADK's DatabaseSessionService, which backs the agent's sqlite session store) throws checkPackageVersion at runtime. The agent HTTP handlers then return 500 and the tests fail. Bumping @mikro-orm/sqlite in isolation is not a valid upgrade for this package family.

Step 4 — Decision: not merging (fail-fast).
The fix is to bump @mikro-orm/core and @mikro-orm/sqlite together to 6.6.15 (ideally via a Dependabot group so the two always move in lockstep, or a single paired bump). Holding this PR until core is bumped to match.


Generated by Claude Code

Bumps [@mikro-orm/sqlite](https://github.com/mikro-orm/mikro-orm) from 6.6.14 to 6.6.15.
- [Release notes](https://github.com/mikro-orm/mikro-orm/releases)
- [Changelog](https://github.com/mikro-orm/mikro-orm/blob/v6.6.15/CHANGELOG.md)
- [Commits](mikro-orm/mikro-orm@v6.6.14...v6.6.15)

---
updated-dependencies:
- dependency-name: "@mikro-orm/sqlite"
  dependency-version: 6.6.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/npm_and_yarn/mikro-orm/sqlite-6.6.15 branch from 2c233a2 to e25faa1 Compare July 4, 2026 05:23

helebest commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Automated Dependabot review — ⛔ Blocked, not merged

Step 1 — Code review

Scope is clean (only package.json + package-lock.json): @mikro-orm/sqlite 6.6.14 → 6.6.15, pulling its transitive @mikro-orm/knex to 6.6.15. The upstream 6.6.15 release is bug-fix-only (STI subclass crash, IdentityMap stack overflow, relation-filter $and/$or, upsertMany, knex nested collection operators) — no breaking API changes. On its own the bump is desirable.

Step 2/3 — Regression & CI

The required Verify check is ❌ failing — this is a genuine incompatibility, not a flake, so per the fail-fast policy this PR is not being merged.

MikroORM enforces strict version lockstep: every official @mikro-orm/* package must be the exact same version as @mikro-orm/core. This PR bumps @mikro-orm/sqlite to 6.6.15 but leaves @mikro-orm/core pinned at 6.6.14, so MikroORM.init() — reached through ADK's DatabaseSessionService in the chat-agent session store — throws at runtime:

Error: Bad @mikro-orm/sqlite version 6.6.15.
All official @mikro-orm/* packages need to have the exact same version as @mikro-orm/core (6.6.14).
  ❯ ConfigurationLoader.checkPackageVersion node_modules/@mikro-orm/core/utils/ConfigurationLoader.js:359
  ❯ MikroORM.init node_modules/@mikro-orm/core/MikroORM.js:29
  ❯ DatabaseSessionService.init  (@google/adk)
  ❯ AdkSessionStore.createSession server/agent/adkSessionStore.ts:50

13 sidecar tests fail as a result (server/agent/adkSessionStore.test.ts, http.test.ts, contextCompaction.integration.test.ts) — every path that boots the sqlite-backed session store. This would break the chat agent at runtime, not just in tests. Rebasing onto the latest main will not resolve it: the core-vs-sqlite mismatch is independent of the base.

Recommended remediation — bump the two MikroORM packages together so @mikro-orm/core and @mikro-orm/sqlite both land on 6.6.15:

  • Group @mikro-orm/* in .github/dependabot.yml so future updates move them in lockstep; or
  • Update this PR to also bump @mikro-orm/core to ^6.6.15 (and regenerate the lockfile) — e.g. ·@·d·ependabot r·ecreate after adding the group, or a manual npm install @mikro-orm/core@6.6.15 @mikro-orm/sqlite@6.6.15.

Leaving open for a maintainer decision.


Generated by Claude Code

helebest commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Automated Dependabot review — ❌ blocked, not merged

Step 1 — Code review

The PR bumps @mikro-orm/sqlite 6.6.14 → 6.6.15 (and its transitive @mikro-orm/knex to 6.6.15), touching only package.json + package-lock.json. Description matches the diff; it's a patch release with no advisories (the prod dependency audit passed). However, the group is incomplete: @mikro-orm/core is left at ^6.6.14 while @mikro-orm/sqlite/@mikro-orm/knex move to 6.6.15.

Step 2 / Step 3 — Regression verification & CI

The required Verify (typecheck + coverage + build + e2e) job failed. Reproduced locally — 13 server tests in server/agent/adkSessionStore.test.ts and server/agent/http.test.ts fail at ORM init:

Error: Bad @mikro-orm/sqlite version 6.6.15.
All official @mikro-orm/* packages need to have the exact same version as @mikro-orm/core (6.6.14).
 ❯ Function.checkPackageVersion node_modules/@mikro-orm/core/utils/ConfigurationLoader.js:359
 ❯ Function.init node_modules/@mikro-orm/core/MikroORM.js:29
 ❯ DatabaseSessionService.init node_modules/@google/adk/dist/esm/sessions/database_session_service.js:61
 ❯ AdkSessionStore.createSession server/agent/adkSessionStore.ts:50

Root cause: MikroORM enforces at runtime (checkPackageVersion) that every @mikro-orm/* package matches @mikro-orm/core's exact version. This PR bumps sqlite/knex to 6.6.15 but not core, so MikroORM.init throws — which breaks the ADK DatabaseSessionService that backs the agent's sqlite session persistence. This is a real runtime regression, not a flaky/environment failure.

Confirmed the fix locally: bumping @mikro-orm/core to 6.6.15 in lockstep makes the session-store suite pass (8/8 green).

All other checks (CodeQL, Analyze, dependency audit, gitleaks, Trivy, gate-integrity) passed.

Step 4 — Merge

Not merged. Per fail-fast policy, the required Verify job is red and merging would break agent sessions on main.

Recommended path

@mikro-orm/* packages must move together. Options:

  1. Preferred: add @mikro-orm/core@6.6.15 to this PR (npm i @mikro-orm/core@6.6.15 @mikro-orm/sqlite@6.6.15, commit the regenerated lockfile), then re-run CI. Note that editing the branch takes it out of Dependabot's auto-rebase management.
  2. Configure a Dependabot group for @mikro-orm/* so core + sqlite (+ knex) are always bumped in one PR, then recreate this one.

I have not modified the branch.


Generated by Claude Code

helebest commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Automated Dependabot review — ⛔ blocked at regression verification

Step 1 — Code review

  • Change: @mikro-orm/sqlite 6.6.14 → 6.6.15 (+ nested @mikro-orm/knex 6.6.15). Diff is limited to package.json / package-lock.json and matches the PR description.
  • Changelog: patch release, bug-fixes only (STI subclass narrowing, IdentityMap stack-overflow, relation-filter sibling conditions, upsertMany, knex nested collection operators). No API/behavior breaking changes in the intended scope.
  • Note (pre-existing, not a regression): the lockfile also heals a package.json/package-lock.json version drift (0.6.1 → 0.8.9 in the lock, matching package.json). Benign side-effect of the lock regeneration.

Step 2 — Regression verification: FAILED

CI Verify (typecheck + coverage + build + e2e) fails on the unit suite (server/agent/http.test.ts, 4 tests) with expected 500 to be 200. Root cause, reproduced deterministically:

Error: Bad @mikro-orm/sqlite version 6.6.15.
All official @mikro-orm/* packages need to have the exact same version as @mikro-orm/core (6.6.14).
    at ConfigurationLoader.checkPackageVersion (@mikro-orm/core/utils/ConfigurationLoader.js)
    at MikroORM.init (@mikro-orm/core/MikroORM.js)
    at DatabaseSessionService.init (@google/adk/.../database_session_service.js)

MikroORM enforces that every @mikro-orm/* package resolves to the exact same version as @mikro-orm/core. This PR bumps @mikro-orm/sqlite (and its nested @mikro-orm/knex) to 6.6.15 while @mikro-orm/core stays pinned at 6.6.14. As a result MikroORM.init() throws, and the ADK-backed DatabaseSessionService (used by every /agent/sessions route) returns 500.

Isolation (same Node 22, only the dependency changed):

  • @mikro-orm/sqlite@6.6.14server/agent/http.test.ts 12/12 pass
  • @mikro-orm/sqlite@6.6.15 (core still 6.6.14) → 4 fail with the mismatch error above

Because main already carries the other merged bumps and is green, this mismatch is the sole delta.

Decision — fail-fast: not merging

Per the review policy, a failed regression step stops the pipeline before merge. This PR is not safe to merge as-is.

Recommended resolution

@mikro-orm/sqlite@6.6.15 requires @mikro-orm/core@6.6.15 in lockstep. Options:

  1. Bump @mikro-orm/core (and @mikro-orm/knex) to 6.6.15 alongside @mikro-orm/sqlite in this PR, or
  2. Configure a Dependabot group for @mikro-orm/* so these always update together, then ·@·d·ependabot r·ecreate.

Since option 1 adds a production-dependency change beyond this PR's stated scope, it's left to a maintainer's decision rather than amended automatically here.

Reviewed by an automated agent. CI run: Verify job on head e25faa1.


Generated by Claude Code

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file javascript Pull requests that update javascript code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant