mirror of
https://github.com/Unleash/unleash.git
synced 2024-12-22 19:07:54 +01:00
fix(deps): update dependency knex to v2.4.0 [security] (#2871)
[![Mend Renovate](https://app.renovatebot.com/images/banner.svg)](https://renovatebot.com) This PR contains the following updates: | Package | Change | Age | Adoption | Passing | Confidence | |---|---|---|---|---|---| | [knex](https://knex.github.io/documentation/) ([source](https://togithub.com/knex/knex)) | [`2.3.0` -> `2.4.0`](https://renovatebot.com/diffs/npm/knex/2.3.0/2.4.0) | [![age](https://badges.renovateapi.com/packages/npm/knex/2.4.0/age-slim)](https://docs.renovatebot.com/merge-confidence/) | [![adoption](https://badges.renovateapi.com/packages/npm/knex/2.4.0/adoption-slim)](https://docs.renovatebot.com/merge-confidence/) | [![passing](https://badges.renovateapi.com/packages/npm/knex/2.4.0/compatibility-slim/2.3.0)](https://docs.renovatebot.com/merge-confidence/) | [![confidence](https://badges.renovateapi.com/packages/npm/knex/2.4.0/confidence-slim/2.3.0)](https://docs.renovatebot.com/merge-confidence/) | ### GitHub Vulnerability Alerts #### [CVE-2016-20018](https://nvd.nist.gov/vuln/detail/CVE-2016-20018) Knex Knex.js through 2.3.0 has a limited SQL injection vulnerability that can be exploited to ignore the WHERE clause of a SQL query. This vulnerability has been fixed in version 2.4.0. --- ### Release Notes <details> <summary>knex/knex</summary> ### [`v2.4.0`](https://togithub.com/knex/knex/blob/HEAD/CHANGELOG.md#​240---06-January-2022) [Compare Source](https://togithub.com/knex/knex/compare/2.3.0...2.4.0) ##### New features: - Support partial unique indexes [#​5316](https://togithub.com/knex/knex/issues/5316) - Make compiling SQL in error message optional [#​5282](https://togithub.com/knex/knex/issues/5282) ##### Bug fixes - Insert array into json column [#​5321](https://togithub.com/knex/knex/issues/5321) - Fix unexpected max acquire-timeout [#​5377](https://togithub.com/knex/knex/issues/5377) - Fix: orWhereJson [#​5361](https://togithub.com/knex/knex/issues/5361) - MySQL: Add assertion for basic where clause not to be object or array [#​1227](https://togithub.com/knex/knex/issues/1227) - SQLite: Fix changing the default value of a boolean column in SQLite [#​5319](https://togithub.com/knex/knex/issues/5319) ##### Typings: - add missing type for 'expirationChecker' on PgConnectionConfig [#​5334](https://togithub.com/knex/knex/issues/5334) </details> --- ### Configuration 📅 **Schedule**: Branch creation - "" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://app.renovatebot.com/dashboard#github/Unleash/unleash). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNC45Ny4wIiwidXBkYXRlZEluVmVyIjoiMzQuOTcuMCJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This commit is contained in:
parent
1a894eb3a0
commit
0d238cdef6
13
yarn.lock
13
yarn.lock
@ -1987,7 +1987,12 @@ commander@^6.1.0:
|
||||
resolved "https://registry.yarnpkg.com/commander/-/commander-6.2.1.tgz#0792eb682dfbc325999bb2b84fddddba110ac73c"
|
||||
integrity sha512-U7VdrJFnJgo4xjrHpTzu0yrHPGImdsmD95ZlgYSEajAn2JKzDhDTPG9kBTefmObL2w/ngeZnilk+OV9CG3d7UA==
|
||||
|
||||
commander@^9.1.0, commander@^9.4.1:
|
||||
commander@^9.1.0:
|
||||
version "9.5.0"
|
||||
resolved "https://registry.yarnpkg.com/commander/-/commander-9.5.0.tgz#bc08d1eb5cedf7ccb797a96199d41c7bc3e60d30"
|
||||
integrity sha512-KRs7WVDKg86PWiuAqhDrAQnTXZKraVcCc6vFdL14qrZ/DcWwuRo7VoiYXalXO7S5GKpqYiVEwCbgFDfxNHKJBQ==
|
||||
|
||||
commander@^9.4.1:
|
||||
version "9.4.1"
|
||||
resolved "https://registry.yarnpkg.com/commander/-/commander-9.4.1.tgz#d1dd8f2ce6faf93147295c0df13c7c21141cfbdd"
|
||||
integrity sha512-5EEkTNyHNGFPD2H+c/dXXfQZYa/scCKasxWcXJaWnNJ99pnQN9Vnmqow+p+PlFPE63Q6mThaZws1T+HxfpgtPw==
|
||||
@ -4450,9 +4455,9 @@ kleur@^3.0.3:
|
||||
integrity sha512-eTIzlVOSUR+JxdDFepEYcBMtZ9Qqdef+rnzWdRZuMbOywu5tO2w2N7rqjoANZ5k9vywhL6Br1VRjUIgTQx4E8w==
|
||||
|
||||
knex@^2.0.0:
|
||||
version "2.3.0"
|
||||
resolved "https://registry.yarnpkg.com/knex/-/knex-2.3.0.tgz#87fa2a9553d7cafb125d7a0645256fbe29ef5967"
|
||||
integrity sha512-WMizPaq9wRMkfnwKXKXgBZeZFOSHGdtoSz5SaLAVNs3WRDfawt9O89T4XyH52PETxjV8/kRk0Yf+8WBEP/zbYw==
|
||||
version "2.4.0"
|
||||
resolved "https://registry.yarnpkg.com/knex/-/knex-2.4.0.tgz#7d33cc36f320cdac98741010544b4c6a98b8b19e"
|
||||
integrity sha512-i0GWwqYp1Hs2yvc2rlDO6nzzkLhwdyOZKRdsMTB8ZxOs2IXQyL5rBjSbS1krowCh6V65T4X9CJaKtuIfkaPGSA==
|
||||
dependencies:
|
||||
colorette "2.0.19"
|
||||
commander "^9.1.0"
|
||||
|
Loading…
Reference in New Issue
Block a user