Update dependency knex to v2 [SECURITY] #586
Open
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
0.15.2
->2.4.0
GitHub Vulnerability Alerts
CVE-2019-10757
knex.js versions before 0.19.5 are vulnerable to SQL Injection attack. Identifiers are escaped incorrectly as part of the MSSQL dialect, allowing attackers to craft a malicious query to the host DB.
CVE-2016-20018
Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. This vulnerability has been fixed in version 2.4.0.
Release Notes
knex/knex (knex)
v2.4.0
Compare Source
New features:
Bug fixes
Typings:
v2.3.0
Compare Source
New features:
Typings:
v2.2.0
Compare Source
New features:
Bug fixes:
Typings:
v2.1.0
Compare Source
New features:
Bug fixes:
Typings:
v2.0.0
Compare Source
Breaking changes
Test / internal changes:
v1.0.7
Compare Source
Bug fixes:
v1.0.6
Compare Source
Bug fixes:
v1.0.5
Compare Source
New features:
Bug fixes:
Typings:
Knex
match the generic parameter types ofknex
#5021v1.0.4
Compare Source
New features:
Bug fixes:
Typings:
Documentation:
v1.0.3
Compare Source
Bug fixes:
Typings:
Improvements:
Documentation:
v1.0.2
Compare Source
New features:
Bug fixes:
Typings:
v1.0.1
Compare Source
Bug fixes:
v1.0.0
Compare Source
Breaking changes
sqlite3
driver with@vscode/sqlite3
;RETURNING
operation to be consistent withSELECT
;New features:
Bug fixes:
Typings:
v0.95.15
Compare Source
Bug fixes:
v0.95.14
Compare Source
Bug fixes:
v0.95.13
Compare Source
Bug fixes:
Typings:
v0.95.12
Compare Source
New features:
Bug fixes:
Typings:
v0.95.11
Compare Source
New features:
Bug fixes:
Improvements:
v0.95.10
Compare Source
Improvements:
Typings:
v0.95.9
Compare Source
New features:
Typings:
v0.95.8
Compare Source
New features:
Bug fixes:
Typings:
v0.95.7
Compare Source
New features:
Typings:
v0.95.6
Compare Source
Typings:
v0.95.5
Compare Source
New features:
Bug fixes:
Typings:
v0.95.4
Compare Source
Typings:
v0.95.3
Compare Source
New features:
Bug fixes:
Typings:
v0.95.2
Compare Source
New features:
Bug fixes:
Typings:
Test / internal changes:
v0.95.1
Compare Source
Bug fixes:
v0.95.0
Compare Source
Note: there are many breaking changes in this version, particularly in TypeScript support. Please see
UPGRADING.md
for details.New features:
Bug fixes:
type
was set to'module'
inpackage.json
#4295Typings:
Test / internal changes:
v0.21.21
Compare Source
v0.21.20
Compare Source
v0.21.19
Compare Source
v0.21.18
Compare Source
v0.21.17
Compare Source
Bug fixes:
New features:
v0.21.16
Compare Source
Bug fixes:
v0.21.15
Compare Source
New features:
Typings:
Test / internal changes:
v0.21.14
Compare Source
New features:
Bug fixes:
Test / internal changes:
v0.21.13
Compare Source
New features:
dropForeign
#4092Bug fixes:
Typings:
Test / internal changes:
v0.21.12
Compare Source
Typings:
v0.21.11
Compare Source
Typings:
v0.21.10
Compare Source
New features:
Bug fixes:
Typings:
v0.21.9
Compare Source
New features:
Bug fixes:
v0.21.8
Compare Source
Bug fixes:
v0.21.7
Compare Source
New features:
Bug fixes:
Typings:
Test / internal changes:
v0.21.6
Compare Source
New features:
Bug fixes:
Typings:
v0.21.5
Compare Source
New features:
Test / internal changes:
v0.21.4
Compare Source
New features:
Bug fixes:
v0.21.3
Compare Source
New features:
Bug fixes:
Typings:
null
as valid binding type #3946Test / internal changes:
v0.21.2
Compare Source
New features:
void
as return type on migration generator ts stub #3865Typings:
Test / internal changes:
v0.21.1
Compare Source
v0.21.0
Compare Source
Improvements
Breaking changes
pg-query-stream
:Changed stream.close to stream.destroy which is the official way to terminate a readable stream. This is a breaking change if you rely on the stream.close method on pg-query-stream...though should be just a find/replace type operation to upgrade as the semantics remain very similar (not exactly the same, since internals are rewritten, but more in line with how streams are "supposed" to behave).
Test / internal changes:
v0.20.15
Compare Source
Bug fixes:
.finally(..)
on knex's Promise-alikes #3800Typings:
.distinctOn
#3784v0.20.14
Compare Source
New features:
Typings:
interface Knex
andfunction Knex
should have the same types #3787Test / internal changes:
v0.20.13
Compare Source
Bug fixes:
Typings:
v0.20.12
Compare Source
Bug fixes:
Typings:
Test / internal changes:
v0.20.11
Compare Source
Breaking changes:
map
,spread
andreduce
on QueryBuilder instance.New features:
Bug fixes:
Typings:
Test / internal changes:
v0.20.10
Compare Source
Bug fixes:
Typings:
fn.now
takes optionally a precision argument. #3662Test / internal changes:
v0.20.9
Compare Source
Bug fixes:
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.