search

ivangabriele / postgrester

Isomorphic PostgREST API Client for Javascript and Typescript.
Apache License 2.0
50 stars 7 forks source link

build(dev-deps): update dependency knex to v2.4.0 [security] #248

Open renovate[bot] opened 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
knex (source) 2.0.0 -> 2.4.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2016-20018

Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. This vulnerability has been fixed in version 2.4.0.

Release Notes

knex/knex ### [`v2.4.0`](https://togithub.com/knex/knex/blob/HEAD/CHANGELOG.md#​240---06-January-2022) [Compare Source](https://togithub.com/knex/knex/compare/2.3.0...2.4.0) ##### New features: - Support partial unique indexes [#​5316](https://togithub.com/knex/knex/issues/5316) - Make compiling SQL in error message optional [#​5282](https://togithub.com/knex/knex/issues/5282) ##### Bug fixes - Insert array into json column [#​5321](https://togithub.com/knex/knex/issues/5321) - Fix unexpected max acquire-timeout [#​5377](https://togithub.com/knex/knex/issues/5377) - Fix: orWhereJson [#​5361](https://togithub.com/knex/knex/issues/5361) - MySQL: Add assertion for basic where clause not to be object or array [#​1227](https://togithub.com/knex/knex/issues/1227) - SQLite: Fix changing the default value of a boolean column in SQLite [#​5319](https://togithub.com/knex/knex/issues/5319) ##### Typings: - add missing type for 'expirationChecker' on PgConnectionConfig [#​5334](https://togithub.com/knex/knex/issues/5334) ### [`v2.3.0`](https://togithub.com/knex/knex/blob/HEAD/CHANGELOG.md#​230---31-August-2022) [Compare Source](https://togithub.com/knex/knex/compare/2.2.0...2.3.0) ##### New features: - PostgreSQL: Explicit jsonb support for custom pg clients [#​5201](https://togithub.com/knex/knex/issues/5201) - SQLite: Support returning with sqlite3 and better-sqlite3 [#​5285](https://togithub.com/knex/knex/issues/5285) - MSSQL: Implement mapBinding mssql dialect option [#​5292](https://togithub.com/knex/knex/issues/5292) ##### Typings: - Update types for TS 4.8 [#​5279](https://togithub.com/knex/knex/issues/5279) - Fix typo [#​5267](https://togithub.com/knex/knex/issues/5267) - Fix WhereJsonObject withCompositeTableType [#​5306](https://togithub.com/knex/knex/issues/5306) - Fix AnalyticFunction type [#​5304](https://togithub.com/knex/knex/issues/5304) - Infer specific column value type in aggregations [#​5297](https://togithub.com/knex/knex/issues/5297) ### [`v2.2.0`](https://togithub.com/knex/knex/blob/HEAD/CHANGELOG.md#​220---19-July-2022) [Compare Source](https://togithub.com/knex/knex/compare/2.1.0...2.2.0) ##### New features: - Inline primary key creation for postgres flavours [#​5233](https://togithub.com/knex/knex/issues/5233) - SQLite: Add warning for undefined connection file [#​5223](https://togithub.com/knex/knex/issues/5223) - MSSQL: Add JSON parameter support for connection [#​5200](https://togithub.com/knex/knex/issues/5200) ##### Bug fixes: - PostgreSQL: add primaryKey option for uuid [#​5212](https://togithub.com/knex/knex/issues/5212) ##### Typings: - Add promisable and better types [#​5222](https://togithub.com/knex/knex/issues/5222) - Update raw query bind parameter type [#​5208](https://togithub.com/knex/knex/issues/5208) ### [`v2.1.0`](https://togithub.com/knex/knex/blob/HEAD/CHANGELOG.md#​210---26-May-2022) [Compare Source](https://togithub.com/knex/knex/compare/2.0.0...2.1.0) ##### New features: - Improve bundling experience to safely import dialects while using static paths [#​5142](https://togithub.com/knex/knex/issues/5142) - Implement extendable builders [#​5041](https://togithub.com/knex/knex/issues/5041) - PostgreSQL: Refresh materialized view concurrently [#​5166](https://togithub.com/knex/knex/issues/5166) ##### Bug fixes: - Use correct paths in package.json browser field [#​5174](https://togithub.com/knex/knex/issues/5174) - MariaDB: Fix 'NULL' returned instead of NULL on MariaDB 10.2.6+ [#​5181](https://togithub.com/knex/knex/issues/5181) - MySQL: fix hasColumn Error (hasColumn ('a_id') is true, but hasColumn('a_Id') is false) [#​5148](https://togithub.com/knex/knex/issues/5148) - MSSQL: Fix .hasTable result when using .withSchema [#​5176](https://togithub.com/knex/knex/issues/5176) - Oracle: correctly INSERTS Buffer [#​4869](https://togithub.com/knex/knex/issues/4869) ##### Typings: - Update type definitions for pg connection [#​5139](https://togithub.com/knex/knex/issues/5139)

Configuration

📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.

codecov[bot] commented 1 year ago

Codecov Report

Merging #248 (2e27dfa) into main (0a9525c) will not change coverage. The diff coverage is n/a.

@@           Coverage Diff           @@
##             main     #248   +/-   ##
=======================================
  Coverage   99.56%   99.56%           
=======================================
  Files           2        2           
  Lines         232      232           
  Branches       70       80   +10     
=======================================
  Hits          231      231           
  Misses          1        1

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.