Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

snyk: security upgrade knex from 2.3.0 to 2.4.0 #931

Closed
wants to merge 1 commit into from
Closed

snyk: security upgrade knex from 2.3.0 to 2.4.0 #931

wants to merge 1 commit into from

Conversation

snyk-bot
Copy link
Contributor

@snyk-bot snyk-bot commented Jan 9, 2023

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json
    • package-lock.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 823/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 8.6		 SQL Injection
SNYK-JS-KNEX-3175610		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: knex The new version differs by 16 commits.
  • 3475d81 Prepare to release 2.4.0
  • e97f922 Bump tsd from 0.24.1 to 0.25.0 (#5396)
  • e145322 1227: add assertion for basic where clause values (#5417)
  • 962bb0a Bump sinon from 14.0.2 to 15.0.1 (#5413)
  • ab45314 Add JSDoc (TS Flavour) to mjs stub file (#5390)
  • 72bd1f7 Fix: orWhereJson (#5361)
  • 4fc939a Fixes unexpected max acquire-timeout (#5377)
  • 5c4837c Fix lib/.gitignore path separator on Windows. (#5325)
  • 7dbbd00 Bump actions/setup-node from 3.4.1 to 3.5.1 (#5356)
  • d39051f fix: add missing type for 'expirationChecker' on PgConnectionConfig (#5334)
  • f7ccde8 Make compiling SQL in error message optional (#5282)
  • 82610ca Bump tsd from 0.23.0 to 0.24.1 (#5329)
  • cb5be88 Bump typescript from 4.8.2 to 4.8.3 (#5324)
  • dc6dbbf fix: insert array into json column (#5321)
  • 864530c feat: support partial unique indexes (#5316)
  • 6bed5e9 Fix changing the default value of a boolean column in SQLite (#5319)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
馃 View latest project report

馃洜 Adjust project settings

馃摎 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

馃 SQL Injection

@elnyry-sam-k elnyry-sam-k changed the title [Snyk] Security upgrade knex from 2.3.0 to 2.4.0 [snyk] security upgrade knex from 2.3.0 to 2.4.0 Jan 9, 2023
@elnyry-sam-k elnyry-sam-k changed the title [snyk] security upgrade knex from 2.3.0 to 2.4.0 snyk: security upgrade knex from 2.3.0 to 2.4.0 Jan 9, 2023
@sonarcloud SonarCloud
Copy link

sonarcloud bot commented Feb 19, 2024

Quality Gate Passed Quality Gate passed

Issues
0 New issues

Measures
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

@elnyry-sam-k
Copy link
Member

knex upgraded, currently at 3.1.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elnyry-sam-k elnyry-sam-k elnyry-sam-k approved these changes

@mdebarros mdebarros Awaiting requested review from mdebarros mdebarros is a code owner

@vijayg10 vijayg10 Awaiting requested review from vijayg10 vijayg10 is a code owner

@kleyow kleyow Awaiting requested review from kleyow kleyow is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@snyk-bot @elnyry-sam-k