Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency knex to v2 [security] #1896

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Mar 16, 2023

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
knex (source) 0.95.14 -> 2.4.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2016-20018

Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. This vulnerability has been fixed in version 2.4.0.


Release Notes

knex/knex (knex)

v2.4.0

Compare Source

New features:
  • Support partial unique indexes #​5316
  • Make compiling SQL in error message optional #​5282
Bug fixes
  • Insert array into json column #​5321
  • Fix unexpected max acquire-timeout #​5377
  • Fix: orWhereJson #​5361
  • MySQL: Add assertion for basic where clause not to be object or array #​1227
  • SQLite: Fix changing the default value of a boolean column in SQLite #​5319
Typings:
  • add missing type for 'expirationChecker' on PgConnectionConfig #​5334

v2.3.0

Compare Source

New features:
  • PostgreSQL: Explicit jsonb support for custom pg clients #​5201
  • SQLite: Support returning with sqlite3 and better-sqlite3 #​5285
  • MSSQL: Implement mapBinding mssql dialect option #​5292
Typings:

v2.2.0

Compare Source

New features:
  • Inline primary key creation for postgres flavours #​5233
  • SQLite: Add warning for undefined connection file #​5223
  • MSSQL: Add JSON parameter support for connection #​5200
Bug fixes:
  • PostgreSQL: add primaryKey option for uuid #​5212
Typings:
  • Add promisable and better types #​5222
  • Update raw query bind parameter type #​5208

v2.1.0

Compare Source

New features:
  • Improve bundling experience to safely import dialects while using static paths #​5142
  • Implement extendable builders #​5041
  • PostgreSQL: Refresh materialized view concurrently #​5166
Bug fixes:
  • Use correct paths in package.json browser field #​5174
  • MariaDB: Fix 'NULL' returned instead of NULL on MariaDB 10.2.6+ #​5181
  • MySQL: fix hasColumn Error (hasColumn ('a_id') is true, but hasColumn('a_Id') is false) #​5148
  • MSSQL: Fix .hasTable result when using .withSchema #​5176
  • Oracle: correctly INSERTS Buffer #​4869
Typings:
  • Update type definitions for pg connection #​5139

v2.0.0

Compare Source

Breaking changes
Test / internal changes:

v1.0.7

Compare Source

Bug fixes:
  • CLI: Fix cli migrate:make SQLite dependency #​5106

v1.0.6

Compare Source

Bug fixes:
  • PostgreSQL: Wait for search path to be set before returning connection #​5107
  • CLI: No client override during migrate:make #​5109

v1.0.5

Compare Source

New features:
  • Override knexfile options with CLI options #​4047
Bug fixes:
Typings:
  • Make default generic parameters of Knex match the generic parameter types of knex #​5021
  • Update knex types for TS 4.7 #​5095

v1.0.4

Compare Source

New features:
Bug fixes:
Typings:
  • Fix types for "returning" methods #​5031
  • createTableLike callback should be optional #​5055
Documentation:

v1.0.3

Compare Source

Bug fixes:
  • Fix error message for missing migration files #​4937
  • Add withMaterialized and withNotMaterialized to method-constants #​5009
  • PostgreSQL: Fix whereJsonPath queries #​5011
  • PostgreSQL: Fix delete joins #​5016
  • CockroachDB: Fix whereJsonPath queries #​5011
  • MySQL: Create primary keys in same statement #​5017
Typings:
  • Fix type definition for getMigration in MigrationSource #​4998
  • Fix argument type of alter method #​4996
Improvements:
  • Use async / await syntax in seeds as default #​5005
Documentation:
  • Add Firebird dialect to ECOSYSTEM.md #​5003

v1.0.2

Compare Source

New features:
  • Support of MATERIALIZED and NOT MATERIALIZED with WITH/CTE #​4940
  • Add raw support in onConflict clause #​4960
  • Alter nullable constraint when alterNullable is set to true #​4730
  • Add alterType parameter for alter function #​4967
  • Support string json in json values #​4988
  • MySQL: add with clause #​4508
Bug fixes:
  • Fix error message for missing migration files #​4937
  • Move deferrable to after on update/on delete #​4976
  • Do not use sys.tables to find if a table exists #​2328
  • PostgreSQL: Fix Order nulls #​4989
  • MySQL: Fix collation when renaming column #​2666
  • SQLite: Same boolean handling in better-sqlite3 as in sqlite3 #​4982
Typings:

v1.0.1

Compare Source

Bug fixes:
  • Fix package.json metadata

v1.0.0

Compare Source

Breaking changes
  • Dropped support for Node 10;
  • Replaced unsupported sqlite3 driver with @vscode/sqlite3;
  • Changed data structure from RETURNING operation to be consistent with SELECT;
  • Changed Migrator to return list of migrations as objects consistently.
New features:
  • Support fromRaw #​4781
  • Support zero precision in timestamp/datetime #​4784
  • Support whereLike and whereILike #​4779
  • Add JSDoc (TS flavor) to stub files #​4809
  • Allow skip binding in limit and offset #​4811
  • Support creating a new table in the database based on another table #​4821
  • Accept Raw on onIn joins #​4830
  • Implement support for custom seed sources #​4842
  • Add binary uuid option #​4836
  • ForUpdate array parameter #​4882
  • Add camel case to timestamps method #​4803
  • Advanced JSON support #​4859
  • Add type to TypeScript knexfile #​4909
  • Checks Constraints Support #​4874
  • Support creating multiple PKs with increments #​4903
  • Enable wrapIdentifier for SQLite .hasTable #​4915
  • MSSQL: Add support for unique constraint #​4887
  • SQLite: New dialect, using better-sqlite3 driver #​4871
  • SQLite: Switch to @​vscode/sqlite3 #​4866
  • SQLite: Support createViewOrReplace #​4856
  • SQLite: Support RETURNING statements for better-sqlite3 driver #​4934
  • PostgreSQL: Support JOIN and USING syntax for Delete Statement #​4800
Bug fixes:
  • Fix overzealous warning on use of whereNot with "in" or "between" #​4780
  • Fix Union all + first syntax error #​4799
  • Make view columns optional in create view like #​4829
  • Insert lock row fix during migration #​4865
  • Fix for createViewOrReplace #​4856
  • SQLite: Fix foreign key constraints when altering a table #​4189
  • MySQL: Validate connection fix #​4794
  • MySQL: Set comment size warning limit to 1024 #​4867
Typings:

v0.95.15

Compare Source

Bug fixes:
  • Oracle:
  • MariaDB: lock row fix during migration in MariaDB and Oracle #​4865

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot changed the title fix(deps): update dependency knex to v2 [security] fix(deps): update dependency knex to v2 [security] - autoclosed Dec 8, 2024
@renovate renovate bot closed this Dec 8, 2024
@renovate renovate bot deleted the renovate/npm-knex-vulnerability branch December 8, 2024 18:51
@renovate renovate bot changed the title fix(deps): update dependency knex to v2 [security] - autoclosed fix(deps): update dependency knex to v2 [security] Dec 8, 2024
@renovate renovate bot reopened this Dec 8, 2024
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from 105615c to 558b5f9 Compare December 8, 2024 21:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants