chore(deps): bump @mikro-orm/knex from 6.6.7 to 6.6.14

[dependabot]

Bumps @mikro-orm/knex from 6.6.7 to 6.6.14.

Release notes

Sourced from @​mikro-orm/knex's releases.

v6.6.14

6.6.14 (2026-05-04)

Bug Fixes

• core: avoid crash on STI subclass @​ManyToOne override targeting same hierarchy (#7646) (1df1632), closes #7599 #7598
• core: drop entity from persist/remove stacks in uow.unsetIdentity() (#7661) (8bc4c77), closes #7639
• core: escape embedded quote characters in quoteIdentifier (#7654) (a1f005b)
• core: escape JSON path keys in getSearchJsonPropertyKey (#7657) (1d0710c)
• core: merge nested fields paths into explicit populate (#7664) (f73568a), closes #7605
• core: recognize TypeScript's __esDecorate helper in decorator path lookup (#7665) (3b53296), closes #7584 #7583
• core: respect hidden flag with populate: ['*'] in serialize() (#7660) (752c108), closes #7637
• core: skip getter-only properties in assignDefaultValues (#7659) (ff65622), closes #7575
• postgres: schema-qualify generated drop index statements (#7662) (d588a02), closes #7603
• postgres: treat timetz / time with time zone as aliases in schema diff (#7663) (686d2f8), closes #7618

v6.6.13

6.6.13 (2026-04-10)

Bug Fixes

• core: guard prototype-installed methods and accessors against this === prototype (#7512) (62928f1), closes #7508 #7151 #7151
• core: resolve EntityIdentifier in composite FK with shared join columns (#7478) (dcf89d7), closes #7477
• core: skip composite PK inlining when operator value is an array (#7525) (030d82b), closes #7524
• core: skip inverse collections when deduplicating ownColumns (#7505) (132a8d2), closes #7504 #7492
• core: skip overwriting loaded entities with uninitialized references during transaction merge (#7532) (7ab9769), closes #7531 #7528
• core: skip shared join columns with null value in mapDataToFieldNames (#7492) (eaa2712), closes #7490

v6.6.12

6.6.12 (2026-04-01)

Bug Fixes

• core: recursively nullify nested inline embeddable columns when parent is null (#7465) (a711523), closes #6966 #7463
• core: skip FK nullification on orphan removal when FK is part of PK (#7461) (7cc10c0), closes #7439 #7436
• knex: use pivot entity schema for wildcard check in M:N joins (#7467) (795d62b), closes #7466
• migrations: save transaction ref before prefix() deletes it from options (#7443) (586f5b9), closes #7424

v6.6.11

6.6.11 (2026-03-31)

Bug Fixes

• core: fire orphan removal for OneToOne replacement when inverse already set (#7439) (674efd0), closes #7436
• core: prevent incorrect nullification of 1:1 inverse relations during joined loading (#7434) (1d46f0f)
• knex: allow contextual type inference for raw() with string inputs (1683a54)

... (truncated)

Changelog

Sourced from @​mikro-orm/knex's changelog.

6.6.14 (2026-05-04)

Bug Fixes

• core: avoid crash on STI subclass @​ManyToOne override targeting same hierarchy (#7646) (1df1632), closes #7599 #7598
• core: drop entity from persist/remove stacks in uow.unsetIdentity() (#7661) (8bc4c77), closes #7639
• core: escape embedded quote characters in quoteIdentifier (#7654) (a1f005b)
• core: escape JSON path keys in getSearchJsonPropertyKey (#7657) (1d0710c)
• core: merge nested fields paths into explicit populate (#7664) (f73568a), closes #7605
• core: recognize TypeScript's __esDecorate helper in decorator path lookup (#7665) (3b53296), closes #7584 #7583
• core: respect hidden flag with populate: ['*'] in serialize() (#7660) (752c108), closes #7637
• core: skip getter-only properties in assignDefaultValues (#7659) (ff65622), closes #7575
• postgres: schema-qualify generated drop index statements (#7662) (d588a02), closes #7603
• postgres: treat timetz / time with time zone as aliases in schema diff (#7663) (686d2f8), closes #7618

6.6.13 (2026-04-10)

Bug Fixes

• core: guard prototype-installed methods and accessors against this === prototype (#7512) (62928f1), closes #7508 #7151 #7151
• core: resolve EntityIdentifier in composite FK with shared join columns (#7478) (dcf89d7), closes #7477
• core: skip composite PK inlining when operator value is an array (#7525) (030d82b), closes #7524
• core: skip inverse collections when deduplicating ownColumns (#7505) (132a8d2), closes #7504 #7492
• core: skip overwriting loaded entities with uninitialized references during transaction merge (#7532) (7ab9769), closes #7531 #7528
• core: skip shared join columns with null value in mapDataToFieldNames (#7492) (eaa2712), closes #7490

6.6.12 (2026-04-01)

Bug Fixes

• core: recursively nullify nested inline embeddable columns when parent is null (#7465) (a711523), closes #6966 #7463
• core: skip FK nullification on orphan removal when FK is part of PK (#7461) (7cc10c0), closes #7439 #7436
• knex: use pivot entity schema for wildcard check in M:N joins (#7467) (795d62b), closes #7466
• migrations: save transaction ref before prefix() deletes it from options (#7443) (586f5b9), closes #7424

... (truncated)

Commits

• e9b32a2 chore(release): v6.6.14 [skip ci]
• f73568a fix(core): merge nested fields paths into explicit populate (#7664)
• 686d2f8 fix(postgres): treat timetz / time with time zone as aliases in schema diff (...
• 3b53296 fix(core): recognize TypeScript's __esDecorate helper in decorator path looku...
• d588a02 fix(postgres): schema-qualify generated drop index statements (#7662)
• 8bc4c77 fix(core): drop entity from persist/remove stacks in uow.unsetIdentity() (#7661)
• ff65622 fix(core): skip getter-only properties in assignDefaultValues (#7659)
• 752c108 fix(core): respect hidden flag with populate: ['*'] in serialize() (#7660)
• 6693d34 chore(deps): update knex to v3.2.10 (6.x) (#7658)
• 1d0710c fix(core): escape JSON path keys in getSearchJsonPropertyKey (#7657)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

Summary by cubic

Upgrade @mikro-orm/knex from 6.6.7 to 6.6.14 to pull in bug fixes and safer SQL generation, especially for Postgres.

• Bug Fixes

  • Schema-qualify generated DROP INDEX and handle timetz/time with time zone aliases (Postgres).
  • Escape quotes in identifiers and JSON path keys to prevent query errors.
  • Better M:N join wildcard checks using the pivot entity schema.

• Dependencies

  • @mikro-orm/knex: 6.6.7 -> 6.6.14.
  • Transitive: knex -> 3.2.10, adds fs-extra 11.3.3.

^{Written for commit 0cbd71a. Summary will update on new commits.}

[cla-assistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[cla-assistant]

Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.
_{You have signed the CLA already but the status is still pending? Let us recheck it.}

[cubic-dev-ai]

No issues found across 1 file

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	terser@​5.46.0

View full report

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud