some-comments icon indicating copy to clipboard operation
some-comments copied to clipboard
verified publisher icon fiddur

[Snyk] Security upgrade knex from 0.8.6 to 0.11.0

Open snyk-bot opened this issue 5 years ago • 1 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 589/1000
Why? Has a fix available, CVSS 7.5		 Regular Expression Denial of Service (ReDoS)
SNYK-JS-MINIMATCH-1019388		 No No Known Exploit

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: knex The new version differs by 250 commits.
  • 40c80b3 release 0.11.0
  • 415d008 Prepare for 0.11.0
  • 8a303f1 Merge pull request #1342 from h0vhannes/mssql-conn-urls
  • 9903e7d Merge pull request #1372 from mdrmuhaimin/patch-1
  • 4d88e1d Update package.json to use latest node-postures
  • d990708 Merge pull request #1362 from wolfgang42/mssql-fixes
  • a7f609a mssql dialect: Fix integration tests that check for quoted wrappers.
  • aa3c1c2 mssql dialect: make createTableIfNotExists actually work.
  • 85403e8 Merge pull request #1343 from wubzz/bugfix/pool.ping_for_mssql
  • 14eca7a Fix MSSQL ping function, calling resource.request().query instead of resource.query.
  • 8e41a33 Add parse URL connection string tests for MSSQL
  • e49b0d4 Correct connection URL parsing for MSSQL
  • 1f09df8 Merge pull request #1296 from wubzz/default_pool_ping_fn_and_rollback_handler
  • a223858 Increase rollback timeout to 5secs
  • abfff60 Update documentation regarding default `ping` function.
  • fa12571 A default `ping` fn in default pool settings, and silently ignore errors when querying 'ROLLBACK' on a dead connection by using Promise.Timeout.
  • a104cc0 Merge pull request #1315 from wubzz/bugfix/missing_error_event_for_mysql2
  • bb9663f Merge pull request #1326 from wubzz/bugfix/renameCol_drops_default_value
  • d3b1fcc Fixed test, forgot ES6 is not supported in the test suite.
  • 0b45356 .renameColumn should not drop defaultValue or nullable state. Currently this happens for mysql. Fixes #933
  • 2fad6d1 Mysql2 should also listen to 'error' events.
  • b8c8572 Merge pull request #1313 from jurko-gospodnetic/code-cleanup
  • 34d9a76 Merge pull request #1269 from wubzz/bugfix/fix_valuesForUndefined_actual_query
  • e9ebf6f touch up wording in warning message about manually removing migration locks

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

snyk-bot avatar Oct 20 '20 04:10 snyk-bot

Coverage Status

Coverage remained the same at 79.618% when pulling e037832d979f8ba511d6230d6393e9e40edbf767 on snyk-fix-667591e6e1aea73a351ce6e767e31f75 into c5f2c662682e4a19e9697cdb9f22bf4190441ef7 on master.

coveralls avatar Oct 20 '20 04:10 coveralls