some-comments icon indicating copy to clipboard operation
some-comments copied to clipboard
verified publisher icon fiddur

[Snyk] Security upgrade knex from 0.8.6 to 0.95.0

Open fiddur opened this issue 4 years ago • 0 comments

Snyk has created this PR to fix one or more vulnerable packages in the `npm` dependencies of this project.

merge advice

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • package.json

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
medium severity 601/1000
Why? Proof of Concept exploit, Has a fix available, CVSS 5.6		 Prototype Pollution
SNYK-JS-MINIMIST-559764		 No Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Commit messages
Package name: knex The new version differs by 250 commits.
  • ed0e8a5 Fix SQLite not doing rollback when altering columns fails (#4336)
  • 3c70dca Prepare 0.95.0 for release
  • c1ab23c Await asynchronous expect assertions (#4334)
  • 3e6176a SQLite parser improvements (#4333)
  • a98614d Made the constraint detection case-insensitive (#4330)
  • 5d2db21 Fix ArrayIfAlready type (#4331)
  • 887a4f6 Improve join and conflict types v2 (#4318)
  • 29b8a36 Adjust generateDdlCommands return type (#4326)
  • d807832 mssql: schema builder - attempt to drop default constraints when changing default value on columns (#4321)
  • c0d8c5c mssql: schema builder - add predictable constraint names for default values (#4319)
  • 5ec76f5 Convert produced statements to objects before querying (#4323)
  • 9e28a72 Add support for altering columns to SQLite (#4322)
  • 7db2d18 fix mssql alter column must have its own query (#4317)
  • 371864d Bump typescript from 4.1.5 to 4.2.2 (#4312)
  • 6c3e7b5 mssql: don't raise query-error twice (#4314)
  • 168f2af Bump eslint-config-prettier from 7.2.0 to 8.1.0 (#4315)
  • 3718d64 Respect KNEX_TEST, support omitting sqlite3 from DB, and reduce outside mssql test db config (#4313)
  • c58794b Prepare to release 0.95.0-next3
  • 61e1046 Avoid importing entire lodash to ensure tree-shaking is working correctly (#4302)
  • 8c73417 events: introduce queryContext on query-error (#4301)
  • b6fd941 Include 'name' property in MigratorConfig (#4300)
  • 9581100 Prepare to release 0.95.0-next2
  • 5614c18 Timestamp UTC Standardization for Migrations (#4245)
  • 4899346 Fix for ES Module detection using npm@7 (#4295) (#4296)

See the full diff

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information: 🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

fiddur avatar Mar 04 '21 04:03 fiddur