[P1] Upgrade knex to 0.95.0+

[willroberts]

Knex.js, our SQL query builder, has a few minor vulnerabilities in the current 0.19.5 version:

  ✗ Prototype Pollution [High Severity][https://security.snyk.io/vuln/SNYK-JS-UNSETVALUE-2400660] in unset-value@1.0.0
    introduced by:
    knex@0.19.5 > liftoff@3.1.0 > findup-sync@3.0.0 > micromatch@3.1.10 > snapdragon@0.8.2 > base@0.11.2 > cache-base@1.0.1 > unset-value@1.0.0
    knex@0.19.5 > liftoff@3.1.0 > findup-sync@3.0.0 > micromatch@3.1.10 > braces@2.3.2 > snapdragon@0.8.2 > base@0.11.2 > cache-base@1.0.1 > unset-value@1.0.0
    knex@0.19.5 > liftoff@3.1.0 > findup-sync@3.0.0 > micromatch@3.1.10 > extglob@2.0.4 > snapdragon@0.8.2 > base@0.11.2 > cache-base@1.0.1 > unset-value@1.0.0
    knex@0.19.5 > liftoff@3.1.0 > findup-sync@3.0.0 > micromatch@3.1.10 > nanomatch@1.2.13 > snapdragon@0.8.2 > base@0.11.2 > cache-base@1.0.1 > unset-value@1.0.0
    knex@0.19.5 > liftoff@3.1.0 > findup-sync@3.0.0 > micromatch@3.1.10 > extglob@2.0.4 > expand-brackets@2.1.4 > snapdragon@0.8.2 > base@0.11.2 > cache-base@1.0.1 > unset-value@1.0.0

We should upgrade to 0.95.0 by following this guide: https://github.com/knex/knex/blob/master/UPGRADING.md#upgrading-to-version-0950

This may require changes to code in the cli, scripts, server, test, and worker directories.

[yoganlava]

Is this as trivial as changing all counts of require('knex') to require('knex').knex? Apologies if I missed something as I am not at my desk atm

[willroberts]

I don't recall exactly what the work required was to get this working, but the guide linked above should be a good starting point.

[yoganlava]

Bit annoying to upgrade as knex@0.95.0 uses native promises while the current knex uses blue bird promises. Going to have to rewrite and replace the promises with native promises if someone decides to upgrade.