Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(deps): update dependency knex to v2 [security] #1569

Open
wants to merge 1 commit into
base: develop
Choose a base branch
from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 11, 2023

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
knex (source) ^0.95 -> ^2.0.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2016-20018

Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. This vulnerability has been fixed in version 2.4.0.


Release Notes

knex/knex (knex)

v2.4.0

Compare Source

New features:
  • Support partial unique indexes #​5316
  • Make compiling SQL in error message optional #​5282
Bug fixes
  • Insert array into json column #​5321
  • Fix unexpected max acquire-timeout #​5377
  • Fix: orWhereJson #​5361
  • MySQL: Add assertion for basic where clause not to be object or array #​1227
  • SQLite: Fix changing the default value of a boolean column in SQLite #​5319
Typings:
  • add missing type for 'expirationChecker' on PgConnectionConfig #​5334

v2.3.0

Compare Source

New features:
  • PostgreSQL: Explicit jsonb support for custom pg clients #​5201
  • SQLite: Support returning with sqlite3 and better-sqlite3 #​5285
  • MSSQL: Implement mapBinding mssql dialect option #​5292
Typings:

v2.2.0

Compare Source

New features:
  • Inline primary key creation for postgres flavours #​5233
  • SQLite: Add warning for undefined connection file #​5223
  • MSSQL: Add JSON parameter support for connection #​5200
Bug fixes:
  • PostgreSQL: add primaryKey option for uuid #​5212
Typings:
  • Add promisable and better types #​5222
  • Update raw query bind parameter type #​5208

v2.1.0

Compare Source

New features:
  • Improve bundling experience to safely import dialects while using static paths #​5142
  • Implement extendable builders #​5041
  • PostgreSQL: Refresh materialized view concurrently #​5166
Bug fixes:
  • Use correct paths in package.json browser field #​5174
  • MariaDB: Fix 'NULL' returned instead of NULL on MariaDB 10.2.6+ #​5181
  • MySQL: fix hasColumn Error (hasColumn ('a_id') is true, but hasColumn('a_Id') is false) #​5148
  • MSSQL: Fix .hasTable result when using .withSchema #​5176
  • Oracle: correctly INSERTS Buffer #​4869
Typings:
  • Update type definitions for pg connection #​5139

v2.0.0

Compare Source

Breaking changes
Test / internal changes:

v1.0.7

Compare Source

Bug fixes:
  • CLI: Fix cli migrate:make SQLite dependency #​5106

v1.0.6

Compare Source

Bug fixes:
  • PostgreSQL: Wait for search path to be set before returning connection #​5107
  • CLI: No client override during migrate:make #​5109

v1.0.5

Compare Source

New features:
  • Override knexfile options with CLI options #​4047
Bug fixes:
Typings:
  • Make default generic parameters of Knex match the generic parameter types of knex #​5021
  • Update knex types for TS 4.7 #​5095

v1.0.4

Compare Source

New features:
Bug fixes:
Typings:
  • Fix types for "returning" methods #​5031
  • createTableLike callback should be optional #​5055
Documentation:

v1.0.3

Compare Source

Bug fixes:
  • Fix error message for missing migration files #​4937
  • Add withMaterialized and withNotMaterialized to method-constants #​5009
  • PostgreSQL: Fix whereJsonPath queries #​5011
  • PostgreSQL: Fix delete joins #​5016
  • CockroachDB: Fix whereJsonPath queries #​5011
  • MySQL: Create primary keys in same statement #​5017
Typings:
  • Fix type definition for getMigration in MigrationSource #​4998
  • Fix argument type of alter method #​4996
Improvements:
  • Use async / await syntax in seeds as default #​5005
Documentation:
  • Add Firebird dialect to ECOSYSTEM.md #​5003

v1.0.2

Compare Source

New features:
  • Support of MATERIALIZED and NOT MATERIALIZED with WITH/CTE #​4940
  • Add raw support in onConflict clause #​4960
  • Alter nullable constraint when alterNullable is set to true #​4730
  • Add alterType parameter for alter function #​4967
  • Support string json in json values #​4988
  • MySQL: add with clause #​4508
Bug fixes:
  • Fix error message for missing migration files #​4937
  • Move deferrable to after on update/on delete #​4976
  • Do not use sys.tables to find if a table exists #​2328
  • PostgreSQL: Fix Order nulls #​4989
  • MySQL: Fix collation when renaming column #​2666
  • SQLite: Same boolean handling in better-sqlite3 as in sqlite3 #​4982
Typings:

v1.0.1

Compare Source

Bug fixes:
  • Fix package.json metadata

v1.0.0

Compare Source

Breaking changes
  • Dropped support for Node 10;
  • Replaced unsupported sqlite3 driver with @vscode/sqlite3;
  • Changed data structure from RETURNING operation to be consistent with SELECT;
  • Changed Migrator to return list of migrations as objects consistently.
New features:
  • Support fromRaw #​4781
  • Support zero precision in timestamp/datetime #​4784
  • Support whereLike and whereILike #​4779
  • Add JSDoc (TS flavor) to stub files #​4809
  • Allow skip binding in limit and offset #​4811
  • Support creating a new table in the database based on another table #​4821
  • Accept Raw on onIn joins #​4830
  • Implement support for custom seed sources #​4842
  • Add binary uuid option #​4836
  • ForUpdate array parameter #​4882
  • Add camel case to timestamps method #​4803
  • Advanced JSON support #​4859
  • Add type to TypeScript knexfile #​4909
  • Checks Constraints Support #​4874
  • Support creating multiple PKs with increments #​4903
  • Enable wrapIdentifier for SQLite .hasTable #​4915
  • MSSQL: Add support for unique constraint #​4887
  • SQLite: New dialect, using better-sqlite3 driver #​4871
  • SQLite: Switch to @​vscode/sqlite3 #​4866
  • SQLite: Support createViewOrReplace #​4856
  • SQLite: Support RETURNING statements for better-sqlite3 driver #​4934
  • PostgreSQL: Support JOIN and USING syntax for Delete Statement #​4800
Bug fixes:
  • Fix overzealous warning on use of whereNot with "in" or "between" #​4780
  • Fix Union all + first syntax error #​4799
  • Make view columns optional in create view like #​4829
  • Insert lock row fix during migration #​4865
  • Fix for createViewOrReplace #​4856
  • SQLite: Fix foreign key constraints when altering a table #​4189
  • MySQL: Validate connection fix #​4794
  • MySQL: Set comment size warning limit to 1024 #​4867
Typings:

v0.95.15

Compare Source

Bug fixes:
  • Oracle:
  • MariaDB: lock row fix during migration in MariaDB and Oracle #​4865

v0.95.14

Compare Source

Bug fixes:
  • MySQL: mysql2 dialect validate connection fix #​4794

v0.95.13

Compare Source

Bug fixes:
  • PostgreSQL: Support zero precision in timestamp/datetime #​4784
Typings:
  • Allow string indexType in index creation #​4791

v0.95.12

Compare Source

New features:
  • New dialect: CockroachDB #​4742
  • New dialect: pg-native #​4327
  • CockroachDB: add support for upsert #​4767
  • PostgreSQL: Support SELECT .. FOR NO KEY UPDATE / KEY SHARE row level locking clauses #​4755
  • PostgreSQL: Add support for 'CASCADE' in PostgreSQL 'DROP SCHEMA' queries #​4713
  • MySQL: Add storage engine index Type support to index() and unique() schema #​4756
  • MSSQL: Support table.primary, table.unique variant with options object #​4710
  • SQLite: Add setNullable support to SQLite #​4684
  • Add geometry column building #​4776
  • Add support for creating table copies #​1373
  • Implement support for views and materialized views #​1626
  • Implement partial index support #​4768
  • Support for 'is null' in 'order by' #​3667
Bug fixes:
  • Fix support for Oracle connections passed via knex.connection() #​4757
  • Avoid inserting multiple locks if a migration lock already exists #​4694
Typings:
  • Some TableBuilder methods return wrong types #​4764
  • Update JoinRaw bindings type to accept arrays #​4752
  • fix onDelete/onUpdate for ColumnBuilder #​4656

v0.95.11

Compare Source

New features:
  • Add support for nullability modification via schema builder (table.setNullable() and table.dropNullable()) #​4657
  • MySQL: Add support for mysql/mariadb-client JSON parameters in connectionURIs #​4629
  • MSSQL: Support comments as MS_Description properties #​4632
Bug fixes:
  • Fix Analytic orderBy and partitionBy to follow the SQL documentation #​4602
  • CLI: fix migrate:up for migrations disabling transactions #​4550
  • SQLite: Fix adding a column with a foreign key constraint in SQLite #​4649
  • MSSQL: columnInfo() support case-sensitive database collations #​4633
  • MSSQL: Generate valid SQL for withRecursive() #​4514
  • Oracle: withRecursive: omit invalid RECURSIVE keyword, include column list #​4514
Improvements:
  • Add .mjs migration and seed stubs #​4631
  • SQLite: Clean up DDL handling and move all operations to the parser-based approach #​4648

v0.95.10

Compare Source

Improvements:
  • Use sys info function instead of connection db name #​4623
Typings:
  • Deferrable and withkeyName should not be in ColumnBuilder #​4600

v0.95.9

Compare Source

New features:
  • Oracle: support specifying schema for dropTable and dropSequence #​4596
  • Oracle: support specifying schema for autoincrement #​4594
Typings:
  • Add TypeScript support for deferrable, new Primary/Unique syntax #​4589

v0.95.8

Compare Source

New features:
  • Add deferrable support for constraint #​4584
  • Implement delete with join #​4568
  • Add DPI error codes for Oracle #​4536
Bug fixes:
  • Fixing PostgreSQL datetime and timestamp column created with wrong format #​4578
Typings:
  • Improve analytic types #​4576
  • MSSQL: Add trustServerCertificate option #​4500

v0.95.7

Compare Source

New features:
  • Add ability to omit columns on an onConflict().ignore() #​4557
  • CLI: Log error message #​4534
Typings:
  • Export Knex.TransactionConfig #​4498
  • Include options object in count(Distinct) typings #​4491
  • Add types for analytic functions #​4544

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from 0fcb28c to 56e4861 Compare January 18, 2023 12:44
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch 2 times, most recently from 714d4f3 to 307537e Compare January 24, 2023 15:18
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from 307537e to 62256b3 Compare January 26, 2023 11:33
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from 62256b3 to 1af9d89 Compare January 27, 2023 12:26
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from 1af9d89 to 54ed88e Compare January 27, 2023 19:54
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from 54ed88e to 1d49b4d Compare January 31, 2023 20:04
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from 1d49b4d to 33a6849 Compare February 1, 2023 14:19
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from 33a6849 to 7d436f9 Compare February 1, 2023 17:58
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from 7d436f9 to 61a5623 Compare February 2, 2023 09:08
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from 61a5623 to a247369 Compare February 2, 2023 18:23
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from a247369 to 4050d9e Compare February 3, 2023 18:12
@renovate renovate bot changed the title fix(deps): update dependency knex to v2 [security] fix(deps): update dependency knex to v2 [security] - autoclosed Feb 6, 2023
@renovate renovate bot closed this Feb 6, 2023
@renovate renovate bot deleted the renovate/npm-knex-vulnerability branch February 6, 2023 02:24
@renovate renovate bot changed the title fix(deps): update dependency knex to v2 [security] - autoclosed fix(deps): update dependency knex to v2 [security] Feb 6, 2023
@renovate renovate bot reopened this Feb 6, 2023
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from a17d709 to d59f2d7 Compare July 22, 2024 11:51
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from d59f2d7 to 97a344c Compare July 22, 2024 15:47
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from 97a344c to a4be3cf Compare July 22, 2024 15:53
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from a4be3cf to 5739485 Compare July 29, 2024 09:54
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from 5739485 to eeafb53 Compare July 29, 2024 13:50
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from eeafb53 to 0c53ff1 Compare July 29, 2024 14:05
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from 0c53ff1 to 76c2a1e Compare August 12, 2024 09:13
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from 76c2a1e to e796d5e Compare August 12, 2024 13:31
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from e796d5e to a9a32ae Compare August 12, 2024 17:52
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from a9a32ae to 756d0a9 Compare August 26, 2024 09:21
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from 756d0a9 to f1ab3aa Compare August 26, 2024 09:33
@renovate renovate bot force-pushed the renovate/npm-knex-vulnerability branch from f1ab3aa to 093fea9 Compare August 26, 2024 09:46
Copy link

sonarcloud bot commented Aug 26, 2024

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants