[Snyk] Upgrade @clickhouse/client from 0.0.16 to 0.1.0

[xgdyp]

This PR was automatically created by Snyk using the credentials of a real user.

Snyk has created this PR to upgrade @clickhouse/client from 0.0.16 to 0.1.0.

:information_source: Keep your dependencies up-to-date. This makes it easier to fix existing vulnerabilities and to more quickly identify and fix newly disclosed vulnerabilities when they affect your project.

---

- The recommended version is **1 version** ahead of your current version. - The recommended version was released **24 days ago**, on 2023-06-22.

Release notes

Package name: @clickhouse/client

• 0.1.0 - 2023-06-22
  

  Breaking changes

  • connect_timeout client setting is removed, as it was unused in the code.

  New features

  • command method is introduced as an alternative to exec.
    command does not expect user to consume the response stream, and it is destroyed immediately.
    Essentially, this is a shortcut to exec that destroys the stream under the hood.
    Consider using command instead of exec for DDLs and other custom commands which do not provide any valuable output.

  Example:

  // incorrect: stream is not consumed and not destroyed, request will be timed out eventually
  await client.exec('CREATE TABLE foo (id String) ENGINE Memory')
  
  // correct: stream does not contain any information and just destroyed
  const { stream } = await client.exec('CREATE TABLE foo (id String) ENGINE Memory')
  stream.destroy()
  
  // correct: same as exec + stream.destroy()
  await client.command('CREATE TABLE foo (id String) ENGINE Memory')

  Bug fixes

  • Fixed delays on subsequent requests after calling insert that happened due to unclosed stream instance when using low number of max_open_connections. See #161 for more details.
  • Request timeouts internal logic rework (see #168)
• 0.0.16 - 2023-05-17
  

  Breaking changes

  • Node.js 14 EOL as its maintenance phase has ended in April 2023. Node.js 16+ is now required to use the client.

  Bug fixes

  • Fix NULL parameter binding. As the HTTP interface expects \N instead of a 'NULL' string, it is now correctly handled for both null and explicitly undefined parameters. See the test scenarios for more details.

from @clickhouse/client GitHub release notes

Commit messages

Package name: @clickhouse/client

• 897dbf4 [skip ci] Update coverage report
• d9d2057 Update CHANGELOG, fix tests, remove flaky one
• 37caf1a Timeouts rework (part 2) (#168)
• d8cc6ce [skip ci] Update coverage report
• f78cb0a Update GHA permissions
• 999f210 0.1.0 - Timeouts rework, command method (#167)

Compare

---

**Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open upgrade PRs.* For more information: 🧐 [View latest project report](https://app.snyk.io/org/xgdyp/project/d0fc1b42-4fc7-4a46-a07e-383abc829419?utm_source=github&utm_medium=referral&page=upgrade-pr) 🛠 [Adjust upgrade PR settings](https://app.snyk.io/org/xgdyp/project/d0fc1b42-4fc7-4a46-a07e-383abc829419/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr) 🔕 [Ignore this dependency or unsubscribe from future upgrade PRs](https://app.snyk.io/org/xgdyp/project/d0fc1b42-4fc7-4a46-a07e-383abc829419/settings/integration?pkg=@clickhouse/client&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)

[bifenglin]

I think we needn't submit the package-lock.json file, cause it generates automatically when environment dependency install.

[tyn1998]

@bifenglin package-lock.json matters. However, I think these automatic PRs created by snyk could be canceled.

[bifenglin]

There are several questions:

1. package-lock.json shouldn't be shown in the repo.
2. Snyk's behavior is automatic. Why shouldn't it use bot account?
3. If these auto PRs should be canceled. Why not ban these behaviors of Snyk?

[xgdyp]

I have canceled Snyk but it still works. Maybe somewhere wrong or I forgot some setting?